From e142683b14616c7e0a0bd5cab0c7485a54e04b45 Mon Sep 17 00:00:00 2001 From: x2000habouzit Date: Mon, 30 Aug 2004 10:11:23 +0000 Subject: [PATCH] bugfix + reindent --- include/xorg.page.inc.php | 8 +- include/xorg.session.inc.php | 334 +++++++++++++++++++++---------------------- 2 files changed, 172 insertions(+), 170 deletions(-) diff --git a/include/xorg.page.inc.php b/include/xorg.page.inc.php index 847c15f..27fdbbf 100644 --- a/include/xorg.page.inc.php +++ b/include/xorg.page.inc.php @@ -45,12 +45,14 @@ class XorgPage extends DiogenesCorePage { $this->config_dir = $globals->spoolroot."/configs/"; $this->cache_dir = $globals->spoolroot."/cache/"; $this->use_sub_dirs = false; - - $this->register_modifier('escape_html', 'escape_html'); - $this->default_modifiers = Array('escape_html'); + $this->config_overwrite = false; $this->compile_check = isset($site_dev); $this->caching = ($type == SKINNED); + if($type == SKINNED) { + $this->register_modifier('escape_html', 'escape_html'); + $this->default_modifiers = Array('escape_html'); + } $this->_page_type = $type; $this->_tpl = $tpl; diff --git a/include/xorg.session.inc.php b/include/xorg.session.inc.php index e5a84ad..28fe97a 100644 --- a/include/xorg.session.inc.php +++ b/include/xorg.session.inc.php @@ -3,97 +3,97 @@ require("diogenes.core.session.inc.php"); require("diogenes.misc.inc.php"); class XorgSession extends DiogenesCoreSession { - function XorgSession() - { - $this->DiogenesCoreSession(); - if(empty($_SESSION['username'])) - try_cookie(); - set_skin(); - } + function XorgSession() + { + $this->DiogenesCoreSession(); + if(empty($_SESSION['username'])) + try_cookie(); + set_skin(); + } - /** Try to do an authentication. - * - * @param page the calling page (by reference) - */ - function doAuth(&$page,$new_name=false) { - global $globals; - if(identified()) { // ok, c'est bon, on n'a rien à faire - return; + /** Try to do an authentication. + * + * @param page the calling page (by reference) + */ + function doAuth(&$page,$new_name=false) { + global $globals; + if(identified()) { // ok, c'est bon, on n'a rien à faire + return; + } + + if (isset($_REQUEST['username']) and isset($_REQUEST['response']) + and isset($_SESSION['session']->challenge)) + { + // si on vient de recevoir une identification par passwordpromptscreen.tpl + // ou passwordpromptscreenlogged.tpl + $res = @$globals->db->query( "SELECT username,user_id,password FROM auth_user_md5 WHERE username='{$_REQUEST['username']}'"); + if(@mysql_num_rows($res) != 0) { + list($username,$uid,$password)=mysql_fetch_row($res); + mysql_free_result($res); + $expected_response=md5("{$_REQUEST['username']}:$password:{$_SESSION['session']->challenge}"); + if($_REQUEST['response'] == $expected_response) { + unset($_SESSION['session']->challenge); + // on logge la réussite pour les gens avec cookie + if(isset($_SESSION['log'])) + $_SESSION['log']->log("auth_ok"); + start_connexion($username, $uid, true); + return true; + } else { + // mot de passe incorrect pour le login existant + // on logge l'échec pour les gens avec cookie + if(isset($_SESSION['log'])) + $_SESSION['log']->log("auth_fail","bad password"); + $this->doLogin($page,$new_name); + } + } else { + // login inexistant dans la base de donnees + // on logge l'échec pour les gens avec cookie + if(isset($_SESSION['log'])) + $_SESSION['log']->log("auth_fail","bad login"); + $this->doLogin($page,$new_name); + } + } else { + // ni loggué ni tentative de login + $this->doLogin($page,$new_name); + } } - if (isset($_REQUEST['username']) and isset($_REQUEST['response']) - and isset($_SESSION['session']->challenge)) - { - // si on vient de recevoir une identification par passwordpromptscreen.tpl - // ou passwordpromptscreenlogged.tpl - $res = @$globals->db->query( "SELECT username,user_id,password FROM auth_user_md5 WHERE username='{$_REQUEST['username']}'"); - if(@mysql_num_rows($res) != 0) { - list($username,$uid,$password)=mysql_fetch_row($res); - mysql_free_result($res); - $expected_response=md5("{$_REQUEST['username']}:$password:{$_SESSION['session']->challenge}"); - if($_REQUEST['response'] == $expected_response) { - unset($_SESSION['session']->challenge); - // on logge la réussite pour les gens avec cookie - if(isset($_SESSION['log'])) - $_SESSION['log']->log("auth_ok"); - start_connexion($username, $uid, true); - return true; - } else { - // mot de passe incorrect pour le login existant - // on logge l'échec pour les gens avec cookie - if(isset($_SESSION['log'])) - $_SESSION['log']->log("auth_fail","bad password"); - $this->doLogin($page,$new_name); - } - } else { - // login inexistant dans la base de donnees - // on logge l'échec pour les gens avec cookie - if(isset($_SESSION['log'])) - $_SESSION['log']->log("auth_fail","bad login"); - $this->doLogin($page,$new_name); - } - } else { - // ni loggué ni tentative de login - $this->doLogin($page,$new_name); + + /** Try to do a cookie-based authentication. + * + * @param page the calling page (by reference) + */ + function doAuthCookie(&$page) { + global $failed_ORGaccess; + // si on est deja connecté, c'est bon, rien à faire + if(logged()) + return; + + // on vient de recevoir une demande d'auth, on passe la main a doAuth + if (isset($_REQUEST['username']) and isset($_REQUEST['response'])) + return $this->doAuth($page); + + // sinon, on vérifie que les bons cookies existent + if($r = try_cookie()) + return $this->doAuth($page,($r>0)); } - } - - - /** Try to do a cookie-based authentication. - * - * @param page the calling page (by reference) - */ - function doAuthCookie(&$page) { - global $failed_ORGaccess; - // si on est deja connecté, c'est bon, rien à faire - if(logged()) - return; - - // on vient de recevoir une demande d'auth, on passe la main a doAuth - if (isset($_REQUEST['username']) and isset($_REQUEST['response'])) - return $this->doAuth($page); - - // sinon, on vérifie que les bons cookies existent - if($r = try_cookie()) - return $this->doAuth($page,($r>0)); - } - - /** Display login screen. - */ - function doLogin(&$page, $new_name=false) { - if(isset($_COOKIE['ORGaccess']) and isset($_COOKIE['ORGlogin']) and !$new_name) { - $page->_tpl = 'password_prompt_logged.tpl'; - $page->assign("xorg_head", "password_prompt_logged.head.tpl"); - $page->assign("xorg_tpl", "password_prompt_logged.tpl"); - $page->run(); - } else { - $page->_tpl = 'password_prompt.tpl'; - $page->assign("xorg_head", "password_prompt.head.tpl"); - $page->assign("xorg_tpl", "password_prompt.tpl"); - $page->run(); + + /** Display login screen. + */ + function doLogin(&$page, $new_name=false) { + if(isset($_COOKIE['ORGaccess']) and isset($_COOKIE['ORGlogin']) and !$new_name) { + $page->_tpl = 'password_prompt_logged.tpl'; + $page->assign("xorg_head", "password_prompt_logged.head.tpl"); + $page->assign("xorg_tpl", "password_prompt_logged.tpl"); + $page->run(); + } else { + $page->_tpl = 'password_prompt.tpl'; + $page->assign("xorg_head", "password_prompt.head.tpl"); + $page->assign("xorg_tpl", "password_prompt.tpl"); + $page->run(); + } + exit; } - exit; - } } /** verifie si un utilisateur a les droits pour voir une page @@ -101,25 +101,25 @@ class XorgSession extends DiogenesCoreSession { * @return void */ function check_perms() { - global $page; - if (!has_perms()) { - require_once("diogenes.core.logger.inc.php"); - $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']); - $page->failure(); - } + global $page; + if (!has_perms()) { + require_once("diogenes.core.logger.inc.php"); + $_SESSION['log']->log("noperms",$_SERVER['PHP_SELF']); + $page->failure(); + } } - /** verifie si un utilisateur a les droits pour voir une page ** soit parce qu'il est admin, soit il est dans une liste ** supplementaire de personnes utilisées * @return BOOL */ - function has_perms($auth_array=array()) { + +function has_perms($auth_array=array()) { return logged() - && ( (!empty($auth_array) && in_array($_SESSION['username'], $auth_array)) - || ($_SESSION['perms']==PERMS_ADMIN) ); - } + && ( (!empty($auth_array) && in_array($_SESSION['username'], $auth_array)) + || ($_SESSION['perms']==PERMS_ADMIN) ); +} /** renvoie true si la session existe et qu'on est loggué correctement @@ -128,7 +128,7 @@ function check_perms() { * @see header2.inc.php */ function logged () { - return(isset($_SESSION['auth']) and ($_SESSION['auth']>=AUTH_COOKIE)); + return(isset($_SESSION['auth']) and ($_SESSION['auth']>=AUTH_COOKIE)); } @@ -140,7 +140,7 @@ function logged () { * @see header2.inc.php */ function identified () { - return(isset($_SESSION['auth']) and $_SESSION['auth']>=AUTH_MDP); + return(isset($_SESSION['auth']) and $_SESSION['auth']>=AUTH_MDP); } /** réalise la récupération de $_SESSION pour qqn avec cookie @@ -150,17 +150,17 @@ function identified () { function try_cookie() { global $globals; if(!isset($_COOKIE['ORGaccess']) or $_COOKIE['ORGaccess'] == '' or !isset($_COOKIE['ORGlogin'])) - return -1; + return -1; $res = @$globals->db->query( "SELECT user_id,password FROM auth_user_md5 WHERE username='{$_COOKIE['ORGlogin']}'"); if(@mysql_num_rows($res) != 0) { - list($uid,$password)=mysql_fetch_row($res); - mysql_free_result($res); - $expected_value=md5($password); - if($expected_value == $_COOKIE['ORGaccess']) { - start_connexion($_COOKIE['ORGlogin'], $uid, false); - return 0; - } else return 1; + list($uid,$password)=mysql_fetch_row($res); + mysql_free_result($res); + $expected_value=md5($password); + if($expected_value == $_COOKIE['ORGaccess']) { + start_connexion($_COOKIE['ORGlogin'], $uid, false); + return 0; + } else return 1; } return -2; } @@ -171,70 +171,70 @@ function try_cookie() { * @see controlpermanent.inc.php controlauthentication.inc.php */ function start_connexion ($username, $uid, $identified) { - global $globals; - $result=$globals->db->query("SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host - FROM auth_user_md5 AS u - LEFT JOIN logger.sessions AS s ON(s.uid=u.user_id AND s.suid=0) - WHERE user_id=$uid - ORDER BY s.start DESC - LIMIT 1"); - list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host) = mysql_fetch_row($result); - mysql_free_result($result); - // on garde le logger si il existe (pour ne pas casser les sessions lors d'une - // authentification avec le cookie - // on vérifie que c'est bien un logger de l'utilisateur en question - if(isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) - $logger = $_SESSION['log']; - // on vide la session pour effacer les valeurs précédentes (notamment de skin) - // qui peuvent être celles de quelqu'un d'autre ou celle par defaut - $_SESSION = array(); - $_SESSION['lastlogin'] = $lastlogin; - $_SESSION['host'] = $host; - $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE); - $_SESSION['uid'] = $uid; - $_SESSION['username'] = $username; - $_SESSION['prenom'] = $prenom; - $_SESSION['nom'] = $nom; - $_SESSION['perms'] = $perms; - $_SESSION['promo'] = $promo; - $res = $globals->db->query("SELECT flags FROM identification WHERE matricule = '$matricule' AND FIND_IN_SET(flags, 'femme')"); - $_SESSION['femme'] = mysql_num_rows($res) > 0; - mysql_free_result($res); - // on récupère le logger si il existe, sinon, on logge la connexion - $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid)); - if(empty($logger)) - $_SESSION['log']->log("connexion",$_SERVER['PHP_SELF']); - // le login est stocké pour un an - setcookie('ORGlogin',$username,(time()+25920000),'/','',0); - set_skin(); + global $globals; + $result=$globals->db->query("SELECT prenom, nom, perms, promo, matricule, UNIX_TIMESTAMP(s.start) AS lastlogin, s.host + FROM auth_user_md5 AS u + LEFT JOIN logger.sessions AS s ON(s.uid=u.user_id AND s.suid=0) + WHERE user_id=$uid + ORDER BY s.start DESC + LIMIT 1"); + list($prenom, $nom, $perms, $promo, $matricule, $lastlogin, $host) = mysql_fetch_row($result); + mysql_free_result($result); + // on garde le logger si il existe (pour ne pas casser les sessions lors d'une + // authentification avec le cookie + // on vérifie que c'est bien un logger de l'utilisateur en question + if(isset($_SESSION['log']) && $_SESSION['log']->uid==$uid) + $logger = $_SESSION['log']; + // on vide la session pour effacer les valeurs précédentes (notamment de skin) + // qui peuvent être celles de quelqu'un d'autre ou celle par defaut + $_SESSION = array(); + $_SESSION['lastlogin'] = $lastlogin; + $_SESSION['host'] = $host; + $_SESSION['auth'] = ($identified ? AUTH_MDP : AUTH_COOKIE); + $_SESSION['uid'] = $uid; + $_SESSION['username'] = $username; + $_SESSION['prenom'] = $prenom; + $_SESSION['nom'] = $nom; + $_SESSION['perms'] = $perms; + $_SESSION['promo'] = $promo; + $res = $globals->db->query("SELECT flags FROM identification WHERE matricule = '$matricule' AND FIND_IN_SET(flags, 'femme')"); + $_SESSION['femme'] = mysql_num_rows($res) > 0; + mysql_free_result($res); + // on récupère le logger si il existe, sinon, on logge la connexion + $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid)); + if(empty($logger)) + $_SESSION['log']->log("connexion",$_SERVER['PHP_SELF']); + // le login est stocké pour un an + setcookie('ORGlogin',$username,(time()+25920000),'/','',0); + set_skin(); } function set_skin() { - global $globals; - if(logged()) { - $result = $globals->db->query("SELECT skin,skin_tpl - FROM auth_user_md5 AS a INNER JOIN skins AS s - ON a.skin=s.id WHERE user_id='{$_SESSION['uid']}' AND skin_tpl != ''"); - if(list($_SESSION['skin_id'], $_SESSION['skin']) = mysql_fetch_row($result)) { - if ($_SESSION['skin_id'] == SKIN_STOCHASKIN_ID) { - $res = $globals->db->query("SELECT id,skin FROM skins - WHERE !FIND_IN_SET('cachee',type) order by rand() limit 1"); - list($_SESSION['skin_id'], $_SESSION['skin']) = mysql_fetch_row($res); - mysql_free_result($res); - } - } else { - $_SESSION['skin'] = SKIN_COMPATIBLE; - $_SESSION['skin_id'] = SKIN_COMPATIBLE_ID; + global $globals; + if(logged()) { + $result = $globals->db->query("SELECT skin,skin_tpl + FROM auth_user_md5 AS a INNER JOIN skins AS s + ON a.skin=s.id WHERE user_id='{$_SESSION['uid']}' AND skin_tpl != ''"); + if(list($_SESSION['skin_id'], $_SESSION['skin']) = mysql_fetch_row($result)) { + if ($_SESSION['skin_id'] == SKIN_STOCHASKIN_ID) { + $res = $globals->db->query("SELECT id,skin FROM skins + WHERE !FIND_IN_SET('cachee',type) order by rand() limit 1"); + list($_SESSION['skin_id'], $_SESSION['skin']) = mysql_fetch_row($res); + mysql_free_result($res); + } + } else { + $_SESSION['skin'] = SKIN_COMPATIBLE; + $_SESSION['skin_id'] = SKIN_COMPATIBLE_ID; + } + mysql_free_result($result); + } + + if( !logged() || !isset($_SERVER['HTTP_USER_AGENT']) + || ereg("Mozilla/4\.[0-9]{1,2} \[",$_SERVER['HTTP_USER_AGENT']) ) + { + $_SESSION['skin'] = SKIN_COMPATIBLE; + $_SESSION['skin_id'] = SKIN_COMPATIBLE_ID; } - mysql_free_result($result); - } - - if( !logged() || !isset($_SERVER['HTTP_USER_AGENT']) - || ereg("Mozilla/4\.[0-9]{1,2} \[",$_SERVER['HTTP_USER_AGENT']) ) - { - $_SESSION['skin'] = SKIN_COMPATIBLE; - $_SESSION['skin_id'] = SKIN_COMPATIBLE_ID; - } } ?> -- 2.1.4