Commit | Line | Data |
---|---|---|
3f6bc75f FB |
1 | <?php |
2 | ||
f4737a5a FB |
3 | if (!defined('DC_BLOG_ID')) { |
4 | define('DC_BLOG_ID', $_SERVER['DC_BLOG_ID']); | |
5 | } | |
6 | ||
3f6bc75f | 7 | class xorgAuth extends dcAuth { |
1759942c FB |
8 | public $xorg_infos = array('forlife' => null, |
9 | 'prenom' => null, | |
f525ba66 FB |
10 | 'nom' => null, |
11 | 'grpauth' => null, | |
12 | 'perms' => null); | |
13 | static public function behavior_coreBlogConstruct(&$blog) { | |
14 | global $core; | |
15 | $core->auth->sudo(array($core->auth, 'updateUserPerms'), $blog); | |
16 | } | |
17 | ||
e105d162 FB |
18 | public function __construct(&$core) { |
19 | parent::__construct($core); | |
f525ba66 | 20 | $core->addBehavior('coreBlogConstruct', array('xorgAuth', 'behavior_coreBlogConstruct')); |
e105d162 FB |
21 | } |
22 | ||
f33c2acf | 23 | public function buildFromSession() { |
e105d162 | 24 | global $core; |
001b27af | 25 | @header('Last-Modified:'); |
e105d162 FB |
26 | if (!isset($core) || !isset($core->session)) { |
27 | return; | |
28 | } | |
5a64dfac FB |
29 | if (!session_id()) { |
30 | $core->session->start(); | |
31 | } | |
43e25c76 | 32 | $_SESSION['sess_blog_id'] = $_SERVER['DC_BLOG_ID']; |
001b27af FB |
33 | $user = @$_SESSION['auth-xorg']; |
34 | if ($user && is_null($this->xorg_infos['forlife'])) { | |
1759942c FB |
35 | foreach ($this->xorg_infos as $key => $val) { |
36 | $this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key]; | |
37 | } | |
001b27af | 38 | $this->user_id = $user; |
e3770a7c | 39 | $this->user_admin = ($_SESSION['auth-xorg-perms'] == 'admin'); |
16237aee | 40 | parent::checkUser($this->user_id); |
9921376e | 41 | // $core->getUserBlogs(); |
da4bb95d FB |
42 | $this->setCommentCookie(); |
43 | } | |
44 | } | |
45 | ||
46 | private function setCommentCookie() { | |
47 | if (!isset($_COOKIE['comment_info_xorg']) || $_COOKIE['comment_info_xorg'] != $this->user_id) { | |
48 | $cookie = $this->getInfo('user_displayname') . "\n" . $this->getInfo('user_email') . "\n" . $this->getInfo('user_url'); | |
49 | setcookie('comment_info_xorg', $this->user_id, time() + 30 * 86400, '/'); | |
50 | setrawcookie('comment_info', rawurlencode($cookie), time() + 30 * 86400, '/'); | |
1759942c FB |
51 | } |
52 | } | |
53 | ||
f33c2acf FB |
54 | public function createUser() { |
55 | global $core; | |
56 | if (!$core->userExists($_SESSION['auth-xorg'])) { | |
57 | $cur = new cursor($this->con, 'dc_user'); | |
58 | $cur->user_id = $_SESSION['auth-xorg']; | |
59 | $cur->user_pwd = md5(rand()); | |
85cd8fee | 60 | $cur->user_super = ($_SESSION['auth-xorg-perms'] == 'admin') ? '1' : '0'; |
f33c2acf FB |
61 | $cur->user_lang = 'fr'; |
62 | $cur->user_name = $_SESSION['auth-xorg-nom']; | |
63 | $cur->user_firstname = $_SESSION['auth-xorg-prenom']; | |
64 | $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name; | |
65 | $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org'; | |
6183e23d | 66 | $cur->user_url = 'https://www.polytechnique.org/profile/' . $_SESSION['auth-xorg']; |
e8da64fd FB |
67 | $defaults = $core->userDefaults(); |
68 | $defaults['post_xorg_perms'] = 'public'; | |
69 | $cur->user_options = $defaults; | |
7845399c FB |
70 | $cur->user_lang = 'fr'; |
71 | $cur->user_tz = 'Europe/Paris'; | |
5322432c | 72 | $cur->user_default_blog = $_SERVER['DC_BLOG_ID']; |
f33c2acf FB |
73 | $core->addUser($cur); |
74 | } | |
75 | } | |
76 | ||
f525ba66 | 77 | public function updateUserPerms(&$blog) { |
f33c2acf | 78 | global $core; |
f525ba66 FB |
79 | $this->buildFromSession(); |
80 | if (!isset($_SESSION['auth-xorg'])) { | |
81 | return; | |
82 | } | |
9921376e RB |
83 | $type = $blog->settings->xorgauth->get('xorg_blog_type'); |
84 | $owner = $blog->settings->xorgauth->get('xorg_blog_owner'); | |
f525ba66 | 85 | $level = $this->xorg_infos['grpauth']; |
9b56dd4e | 86 | $rec = $core->getUser($this->user_id); |
e3770a7c FB |
87 | $wasAdmin = $rec->f('user_super'); |
88 | $isAdmin = $this->xorg_infos['perms'] == 'admin'; | |
89 | if (($wasAdmin && !$isAdmin) || (!$wasAdmin && $isAdmin)) { | |
90 | $cur = new cursor($this->con, 'dc_user'); | |
91 | $cur->user_super = $isAdmin ? '1' : '0'; | |
9b56dd4e | 92 | $core->updUser($this->user_id, $cur); |
e3770a7c | 93 | } |
ee29f18d FB |
94 | if ($_SESSION['xorg-group'] != $owner) { |
95 | $this->killSession(); | |
96 | return; | |
97 | } | |
f525ba66 | 98 | if (($type == 'group-admin' || $type == 'group-member') && $level == 'admin') { |
f525ba66 FB |
99 | $perms = array('usage' => true, |
100 | 'contentadmin' => true, | |
101 | 'admin' => true); | |
102 | } else if ($type == 'group-member' && $level == 'membre') { | |
f525ba66 FB |
103 | $perms = array('usage' => true); |
104 | } else if ($type == 'user' && $owner == $this->xorg_infos['forlife']) { | |
105 | $perms = array('usage' => true, | |
106 | 'contentadmin' => true, | |
107 | 'admin' => true); | |
070afbd1 | 108 | } else if ($type != 'user') { |
f525ba66 | 109 | $perms = array(); |
070afbd1 FB |
110 | } else { |
111 | return; | |
f525ba66 | 112 | } |
f33c2acf | 113 | $core->setUserBlogPermissions($_SESSION['auth-xorg'], |
f525ba66 FB |
114 | $blog->id, |
115 | $perms); | |
f33c2acf FB |
116 | } |
117 | ||
118 | ||
119 | /** Xorg SSO API */ | |
120 | ||
e105d162 | 121 | public function callXorg($path = null) { |
e105d162 | 122 | $this->buildFromSession(); |
be74d9bd | 123 | if (@$_SESSION['auth-xorg']) { |
e105d162 | 124 | return true; |
be74d9bd | 125 | } |
9d447124 | 126 | global $core; |
5a64dfac FB |
127 | if (!session_id()) { |
128 | $core->session->start(); | |
001b27af | 129 | } |
f4737a5a FB |
130 | if (is_null($path)) { |
131 | $path = @$_SERVER['PATH_INFO']; | |
132 | } | |
be74d9bd | 133 | $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); |
9921376e | 134 | $_SESSION['xorg-group'] = $core->blog->settings->xorgauth->get('xorg_blog_owner'); |
be74d9bd FB |
135 | $url = "https://www.polytechnique.org/auth-groupex/utf8"; |
136 | $url .= "?session=" . session_id(); | |
137 | $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; | |
138 | $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); | |
9921376e | 139 | $type = $core->blog->settings->xorgauth->get('xorg_blog_type'); |
f525ba66 | 140 | if ($type == 'group-member' || $type == 'group-admin') { |
9921376e | 141 | $url .= '&group=' . $core->blog->settings->xorgauth->get('xorg_blog_owner'); |
f525ba66 | 142 | } |
9d447124 | 143 | $url .= "&url=" . urlencode($core->blog->url . "auth/XorgReturn?path=" . $path); |
be74d9bd FB |
144 | session_write_close(); |
145 | header("Location: $url"); | |
146 | exit; | |
147 | } | |
148 | ||
149 | public function returnXorg() { | |
150 | if (!isset($_GET['auth'])) { | |
151 | return false; | |
152 | } | |
153 | $params = ''; | |
e105d162 | 154 | global $core; |
001b27af FB |
155 | $_COOKIE[DC_SESSION_NAME] = $_GET['PHPSESSID']; |
156 | unset($_GET['PHPSESSID']); | |
fc802c03 | 157 | if (!session_id()) { |
5a64dfac FB |
158 | $core->session->start(); |
159 | } | |
be74d9bd FB |
160 | foreach($this->xorg_infos as $key => $val) { |
161 | if(!isset($_GET[$key])) { | |
162 | return false; | |
163 | } | |
164 | $_SESSION['auth-xorg-' . $key] = $_GET[$key]; | |
be74d9bd FB |
165 | $params .= $_GET[$key]; |
166 | } | |
167 | if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { | |
168 | unset($_GET['auth']); | |
a1a69528 FB |
169 | $_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife']; |
170 | $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); | |
171 | $_SESSION['sess_blog_id'] = 'default'; | |
f33c2acf | 172 | $this->sudo(array($this, 'createUser')); |
001b27af | 173 | $path = $_GET['path']; |
f4737a5a | 174 | header('Location: ' . $core->blog->url . $_GET['path']); |
e105d162 | 175 | exit; |
be74d9bd | 176 | } |
a1a69528 FB |
177 | unset($_SESSION['auth-xorg']); |
178 | unset($_SESSION['sess_user_id']); | |
be74d9bd | 179 | unset($_GET['auth']); |
e105d162 | 180 | echo "Failed !!!"; |
be74d9bd FB |
181 | return false; |
182 | } | |
183 | ||
184 | public function killSession() { | |
e105d162 | 185 | global $core; |
5a64dfac FB |
186 | if (!session_id()) { |
187 | $core->session->start(); | |
188 | } | |
e105d162 | 189 | $core->session->destroy(); |
ee29f18d FB |
190 | if (!isset($core->blog)) { |
191 | $blog = $core->getBlog(DC_BLOG_ID); | |
192 | } else { | |
193 | $blog = $core->blog; | |
194 | } | |
195 | $url = @$blog->url; | |
196 | if (!$url) { | |
197 | $url = $blog->f('blog_url'); | |
198 | } | |
199 | ||
200 | header('Location: ' . $url); | |
be74d9bd FB |
201 | exit; |
202 | } | |
a1a69528 | 203 | |
f33c2acf FB |
204 | |
205 | /** Dotclear dcAuth API */ | |
206 | ||
ccfabbd3 | 207 | public function checkUser($user_id, $pwd = null, $user_key = null) { |
16237aee | 208 | return $this->callXorg(); |
ccfabbd3 FB |
209 | } |
210 | ||
211 | public function check($permissions, $blog_id) { | |
212 | $this->buildFromSession(); | |
e3770a7c | 213 | return parent::check($permissions, $blog_id); |
ccfabbd3 FB |
214 | } |
215 | ||
0ff09dcb FB |
216 | public function checkPassword($pwd) { |
217 | $this->buildFromSession(); | |
218 | return !empty($this->user_id); | |
219 | } | |
220 | ||
a1a69528 FB |
221 | public function allowPassChange() { |
222 | return false; | |
223 | } | |
224 | ||
225 | public function userID() { | |
226 | $this->buildFromSession(); | |
93241aef RB |
227 | $isadmin = preg_match('@/admin/[^/]+\.php$@i', $_SERVER['SCRIPT_FILENAME']); |
228 | if (!$isadmin) { | |
229 | return null; | |
230 | } | |
ccfabbd3 | 231 | return parent::userID(); |
a1a69528 FB |
232 | } |
233 | ||
9921376e | 234 | public function getPermissions($blog_id) { |
ccfabbd3 | 235 | $this->buildFromSession(); |
9921376e | 236 | return parent::getPermissions($blog_id); |
a1a69528 FB |
237 | } |
238 | ||
239 | public function getInfo($n) { | |
ccfabbd3 | 240 | $this->buildFromSession(); |
dc51645d FB |
241 | if ($n == 'xorg_group_member') { |
242 | global $core; | |
9921376e | 243 | if ($core->blog->settings->xorgauth->get('xorg_blog_owner') != $_SESSION['xorg-group']) { |
dc51645d FB |
244 | return false; |
245 | } | |
246 | $perm = $this->xorg_infos['grpauth']; | |
247 | return $this->isSuperAdmin() || $perm == 'admin' || $perm == 'membre'; | |
248 | } | |
ccfabbd3 | 249 | return parent::getInfo($n); |
abb4dd42 FB |
250 | } |
251 | ||
252 | public function getOption($n) { | |
ccfabbd3 FB |
253 | $this->buildFromSession(); |
254 | return parent::getOption($n); | |
a1a69528 | 255 | } |
7d26c37d | 256 | |
abb4dd42 | 257 | public function getOptions() { |
ccfabbd3 FB |
258 | $this->buildFromSession(); |
259 | return parent::getOptions(); | |
a1a69528 | 260 | } |
001b27af FB |
261 | |
262 | public function authForm() { | |
263 | global $core; | |
f4737a5a FB |
264 | if (!isset($core->blog)) { |
265 | $blog = @$core->getBlog(DC_BLOG_ID); | |
266 | } else { | |
267 | $blog = $core->blog; | |
268 | } | |
269 | $path = @$blog->url; | |
270 | if (!$path) { | |
271 | $path = $blog->f('blog_url'); | |
272 | } | |
273 | ||
001b27af | 274 | return '<fieldset>'. |
f4737a5a | 275 | '<p><a href="' . $path . 'auth/Xorg?path=/admin/index.php">Via Polytechnique.org</a></p>' . |
001b27af FB |
276 | '</fieldset>'. |
277 | '<p>'.__('You must accept cookies in order to use the private area.').'</p>'; | |
278 | } | |
3f6bc75f FB |
279 | } |
280 | ||
281 | ?> |