projects / diogenes.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
simplify SQL for authorisation
[diogenes.git] / include / diogenes.session.inc.php
1 <?php
2 /*
3 * Copyright (C) 2003-2004 Polytechnique.org
4 * http://opensource.polytechnique.org/
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software
18 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
19 */
20
21
22 require_once 'diogenes/diogenes.core.session.inc.php';
23 require_once 'diogenes/diogenes.core.logger.inc.php';
24
25 /** This class describes a Diogenes session.
26 */
27 class DiogenesSession extends DiogenesCoreSession {
28 /** full name */
29 var $fullname;
30 /** is this a native Diogenes account? */
31 var $auth = "native";
32
33
34 /** The constructor.
35 */
36 function DiogenesSession() {
37 $this->DiogenesCoreSession();
38 $this->username = "anonymous";
39 $this->perms->addFlag('public');
40 }
41
42
43 /** Try to do a Diogenes authentication.
44 *
45 * @param page the calling page (by reference)
46 */
47 function doAuth(&$page) {
48 global $globals;
49
50 if ($this->perms->hasflag("auth"))
51 return;
52
53 /* do we have authentication tokens for auth ? */
54 if (isset($_REQUEST['login']) && isset($_REQUEST['response'])) {
55 // remember login for a year
56 setcookie('DiogenesLogin',$_REQUEST['login'],(time()+25920000));
57
58 // lookup user
59 $res = $globals->db->query("SELECT user_id,username,password,firstname,lastname,perms FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
60 if (!list($uid,$username,$password,$firstname,$lastname,$perms) = mysql_fetch_row($res)) {
61 $page->info(__("Authentication error!"));
62 $this->doLogin($page);
63 }
64 mysql_free_result($res);
65
66 // check response
67 if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
68 {
69 // log the login failure
70 $logger = new DiogenesCoreLogger($uid);
71 $logger->log("auth_fail",$_REQUEST['login']);
72 $page->info(__("Authentication error!"));
73 $this->doLogin($page);
74 }
75
76 // retrieve user info
77 $this->uid = $uid;
78 $this->username = $username;
79 $this->firstname = $firstname;
80 $this->lastname = $lastname;
81 $this->fullname = $firstname . ($lastname ? " $lastname" : "");
82
83 // create logger
84 $logstr = $this->username . (empty($page->alias) ? "" : "@{$page->alias}");
85 $_SESSION['log'] = new DiogenesCoreLogger($this->uid);
86 $_SESSION['log']->log("auth_ok",$logstr);
87
88 // set user permissions
89 $this->perms->addFlag('auth');
90 if ($perms == "admin") {
91 $this->perms->addflag('root');
92 }
93
94 } else {
95 $this->doLogin($page);
96 }
97 }
98
99
100 /** Try to login for WebDAV (plain-text password).
101 *
102 * Return true for success, false for failure.
103 */
104 function doAuthWebDAV($user,$pass)
105 {
106 global $globals;
107
108 if ($this->perms->hasflag("auth"))
109 return true;
110
111 // check credentials
112 $pass = md5($pass);
113 $res = $globals->db->query("select user_id,username,perms from {$globals->tauth['native']} where username='$user' and password='$pass'");
114 if (!list($uid,$user,$perms) = mysql_fetch_row($res))
115 return false;
116
117 // retrieve user info
118 $this->uid = $uid;
119 $this->username = $user;
120
121 // create logger
122 $_SESSION['log'] = new DiogenesWebDAVLogger($this->uid,$this->auth,$this->username);
123
124 // set user permissions
125 $this->perms->addFlag('auth');
126 if ($perms == "admin") {
127 $this->perms->addflag('root');
128 }
129
130 return true;
131 }
132
133
134 /** Display login screen.
135 */
136 function doLogin(&$page) {
137 $page->assign('greeting',__("Diogenes login"));
138 $page->assign('msg_connexion', __("Connexion"));
139 $page->assign('msg_password',__("password"));
140 $page->assign('msg_submit',__("Submit"));
141 $page->assign('msg_username', __("username"));
142
143 if (isset($_COOKIE['DiogenesLogin']))
144 $page->assign('username', $_COOKIE['DiogenesLogin']);
145 $page->assign('post',htmlentities($page->script_uri()));
146 $page->assign('challenge',$this->challenge);
147 $page->assign('md5',$page->url("md5.js"));
148 $page->display('login.tpl');
149 exit;
150 }
151
152
153 /** Read a user's permissions for a given barrel.
154 *
155 * @param alias the name of the barrel
156 */
157 function setBarrelPerms($alias) {
158 global $globals;
159
160 // if the user is logged in, refresh his/her permissions
161 if ($this->perms->hasflag('auth')) {
162 if ($this->perms->hasflag('root')) {
163 $this->perms->addflag('user');
164 $this->perms->addflag('admin');
165 } else {
166 $this->perms->rmflag('user');
167 $this->perms->rmflag('admin');
168 }
169
170 // read site specific permissions
171 $res = $globals->db->query("select perms from diogenes_perm where alias='{$alias}'".
172 " and auth='{$this->auth}' and uid='{$this->uid}'");
173 if (mysql_num_rows($res)>0) {
174 $this->perms->addflag('user');
175 list($tmp) = mysql_fetch_row($res);
176 $this->perms->addflag($tmp);
177 }
178 mysql_free_result($res);
179 }
180 }
181
182 }
183
184 ?>
Diogenes