[dotclear.git] / _public.php

<?php
$core->url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth'));

class xorgAuthWidget {
  static public function widget(&$w) {
    global $core;
    if ($core->auth->xorg_infos['forlife']) {
      return '<p>Tu es ' . $core->auth->xorg_infos['prenom'] . ' ' . $core->auth->xorg_infos['nom'] . '<br />'
           . '<a href="auth/exit">déconnexion</a></p>';
    } else {
      return '<p><a href="auth/Xorg?path=' . $_SERVER['REQUEST_URI'] . '">M\'authentifier via Polytechnique.org</a></p>';
    }
  }
}

class xorgAuthentifier extends dcUrlHandlers {
  static public function doAuth($args) {
    @session_start();
    switch ($args) {
     case 'exit':
      self::killSession();
      break;
     case 'Xorg':
      self::callXorg();
      break;
     case 'XorgReturn':
      self::returnXorg();
      break;
     default:
      self::p404();
    }
    return;
  }

  static protected function callXorg() {
    if (@$_SESSION['auth-xorg']) {
      header("Location: http://murphy.m4x.org/" . $_GET['path']);
      return;
    }
    $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1));
    $url = "https://www.polytechnique.org/auth-groupex/utf8";
    $url .= "?session=" . session_id();
    $url .= "&challenge=" . $_SESSION["auth-x-challenge"];
    $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY);
    $url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $_GET['path']);
    session_write_close();
    header("Location: $url");
    exit;
  }

  static protected function returnXorg() {
    if (!isset($_GET['auth'])) {
      return false;
    }
    global $core;
    $params = '';
    foreach($core->auth->xorg_infos as $key => $val) {
      if(!isset($_GET[$key])) {
        return false;
      }
      $_SESSION['auth-xorg-' . $key] = $_GET[$key];
      $core->auth->xorg_infos[$key] = $_GET[$key];
      $params .= $_GET[$key];
    }
    if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) {
      unset($_GET['auth']);
      $_SESSION['auth-xorg'] = $_GET['forlife'];
      header("Location: http://murphy.m4x.org/" . $_GET['path']);
      return true;
    }
    $_SESSION['auth-xorg'] = null;
    unset($_GET['auth']);
    return false;
  }

  static protected function killSession() {
    @session_destroy();
    header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/');
    exit;
  }
}
?>
Commit	Line	Data
1edd3efc FB	1	<?php
	2	$core->url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth'));
	3
	4	class xorgAuthWidget {
	5	static public function widget(&$w) {
	6	global $core;
	7	if ($core->auth->xorg_infos['forlife']) {
	8	return '<p>Tu es ' . $core->auth->xorg_infos['prenom'] . ' ' . $core->auth->xorg_infos['nom'] . '<br />'
	9	. '<a href="auth/exit">déconnexion</a></p>';
	10	} else {
	11	return '<p><a href="auth/Xorg?path=' . $_SERVER['REQUEST_URI'] . '">M\'authentifier via Polytechnique.org</a></p>';
	12	}
	13	}
	14	}
	15
	16	class xorgAuthentifier extends dcUrlHandlers {
	17	static public function doAuth($args) {
	18	@session_start();
	19	switch ($args) {
	20	case 'exit':
	21	self::killSession();
	22	break;
	23	case 'Xorg':
	24	self::callXorg();
	25	break;
	26	case 'XorgReturn':
	27	self::returnXorg();
	28	break;
	29	default:
	30	self::p404();
	31	}
	32	return;
	33	}
	34
	35	static protected function callXorg() {
	36	if (@$_SESSION['auth-xorg']) {
	37	header("Location: http://murphy.m4x.org/" . $_GET['path']);
	38	return;
	39	}
	40	$_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1));
	41	$url = "https://www.polytechnique.org/auth-groupex/utf8";
	42	$url .= "?session=" . session_id();
	43	$url .= "&challenge=" . $_SESSION["auth-x-challenge"];
	44	$url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY);
	45	$url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $_GET['path']);
	46	session_write_close();
	47	header("Location: $url");
	48	exit;
	49	}
	50
	51	static protected function returnXorg() {
	52	if (!isset($_GET['auth'])) {
	53	return false;
	54	}
	55	global $core;
	56	$params = '';
	57	foreach($core->auth->xorg_infos as $key => $val) {
	58	if(!isset($_GET[$key])) {
	59	return false;
	60	}
	61	$_SESSION['auth-xorg-' . $key] = $_GET[$key];
	62	$core->auth->xorg_infos[$key] = $_GET[$key];
	63	$params .= $_GET[$key];
	64	}
65	if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) {
66	unset($_GET['auth']);
67	$_SESSION['auth-xorg'] = $_GET['forlife'];
68	header("Location: http://murphy.m4x.org/" . $_GET['path']);
69	return true;
70	}
71	$_SESSION['auth-xorg'] = null;
72	unset($_GET['auth']);
73	return false;
74	}
75
76	static protected function killSession() {
77	@session_destroy();
78	header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/');
79	exit;
80	}
81	}
82	?>