Commit | Line | Data |
---|---|---|
3f6bc75f FB |
1 | <?php |
2 | ||
3f6bc75f | 3 | class xorgAuth extends dcAuth { |
1759942c FB |
4 | public $xorg_infos = array('forlife' => null, |
5 | 'prenom' => null, | |
6 | 'nom' => null); | |
7 | ||
e105d162 FB |
8 | public function __construct(&$core) { |
9 | parent::__construct($core); | |
10 | } | |
11 | ||
f33c2acf | 12 | public function buildFromSession() { |
e105d162 | 13 | global $core; |
001b27af | 14 | @header('Last-Modified:'); |
e105d162 FB |
15 | if (!isset($core) || !isset($core->session)) { |
16 | return; | |
17 | } | |
18 | $core->session->start(); | |
001b27af FB |
19 | $user = @$_SESSION['auth-xorg']; |
20 | if ($user && is_null($this->xorg_infos['forlife'])) { | |
1759942c FB |
21 | foreach ($this->xorg_infos as $key => $val) { |
22 | $this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key]; | |
23 | } | |
001b27af | 24 | $this->user_id = $user; |
16237aee | 25 | parent::checkUser($this->user_id); |
f33c2acf FB |
26 | if (isset($core->blog)) { |
27 | $this->sudo(array($this, 'updateUserPerms')); | |
28 | } | |
1759942c FB |
29 | } |
30 | } | |
31 | ||
f33c2acf FB |
32 | public function createUser() { |
33 | global $core; | |
34 | if (!$core->userExists($_SESSION['auth-xorg'])) { | |
35 | $cur = new cursor($this->con, 'dc_user'); | |
36 | $cur->user_id = $_SESSION['auth-xorg']; | |
37 | $cur->user_pwd = md5(rand()); | |
38 | $cur->user_lang = 'fr'; | |
39 | $cur->user_name = $_SESSION['auth-xorg-nom']; | |
40 | $cur->user_firstname = $_SESSION['auth-xorg-prenom']; | |
41 | $cur->user_displayname = $cur->user_firstname . ' ' . $cur->user_name; | |
42 | $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org'; | |
43 | $cur->user_options = $core->userDefaults(); | |
44 | $cur->user_options['post_xorg_perms'] = 'public'; | |
45 | $cur->user_default_blog = 'default'; // FIXME | |
46 | $core->addUser($cur); | |
47 | } | |
48 | } | |
49 | ||
50 | private function updateUserPerms() { | |
51 | global $core; | |
52 | $core->setUserBlogPermissions($_SESSION['auth-xorg'], | |
53 | $core->blog->id, | |
54 | array('usage' => true, | |
55 | 'contentadmin' => true, | |
56 | 'admin' => true)); | |
57 | } | |
58 | ||
59 | ||
60 | /** Xorg SSO API */ | |
61 | ||
e105d162 FB |
62 | public function callXorg($path = null) { |
63 | if (is_null($path)) { | |
64 | $path = $_SERVER['REQUEST_URI']; | |
65 | } | |
66 | $this->buildFromSession(); | |
be74d9bd | 67 | if (@$_SESSION['auth-xorg']) { |
e105d162 | 68 | return true; |
be74d9bd | 69 | } |
9d447124 | 70 | global $core; |
001b27af FB |
71 | |
72 | if (!$this->sessionExists()) { | |
73 | session_write_close(); | |
74 | header("Location: " . $core->blog->url . 'auth/Xorg?path=' . $path); | |
75 | exit; | |
76 | } | |
77 | ||
be74d9bd FB |
78 | $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); |
79 | $url = "https://www.polytechnique.org/auth-groupex/utf8"; | |
80 | $url .= "?session=" . session_id(); | |
81 | $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; | |
82 | $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); | |
9d447124 | 83 | $url .= "&url=" . urlencode($core->blog->url . "auth/XorgReturn?path=" . $path); |
be74d9bd FB |
84 | session_write_close(); |
85 | header("Location: $url"); | |
86 | exit; | |
87 | } | |
88 | ||
89 | public function returnXorg() { | |
90 | if (!isset($_GET['auth'])) { | |
91 | return false; | |
92 | } | |
93 | $params = ''; | |
e105d162 | 94 | global $core; |
001b27af FB |
95 | $_COOKIE[DC_SESSION_NAME] = $_GET['PHPSESSID']; |
96 | unset($_GET['PHPSESSID']); | |
e105d162 | 97 | $core->session->start(); |
be74d9bd FB |
98 | foreach($this->xorg_infos as $key => $val) { |
99 | if(!isset($_GET[$key])) { | |
100 | return false; | |
101 | } | |
102 | $_SESSION['auth-xorg-' . $key] = $_GET[$key]; | |
be74d9bd FB |
103 | $params .= $_GET[$key]; |
104 | } | |
105 | if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { | |
106 | unset($_GET['auth']); | |
a1a69528 FB |
107 | $_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife']; |
108 | $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); | |
109 | $_SESSION['sess_blog_id'] = 'default'; | |
f33c2acf | 110 | $this->sudo(array($this, 'createUser')); |
001b27af | 111 | $path = $_GET['path']; |
c0556a51 | 112 | header("Location: http://murphy.m4x.org" . $_GET['path']); |
e105d162 | 113 | exit; |
be74d9bd | 114 | } |
a1a69528 FB |
115 | unset($_SESSION['auth-xorg']); |
116 | unset($_SESSION['sess_user_id']); | |
be74d9bd | 117 | unset($_GET['auth']); |
e105d162 | 118 | echo "Failed !!!"; |
be74d9bd FB |
119 | return false; |
120 | } | |
121 | ||
122 | public function killSession() { | |
e105d162 FB |
123 | global $core; |
124 | $core->session->start(); | |
125 | $core->session->destroy(); | |
9d447124 | 126 | header('Location: ' . $core->blog->url); |
be74d9bd FB |
127 | exit; |
128 | } | |
a1a69528 | 129 | |
f33c2acf FB |
130 | |
131 | /** Dotclear dcAuth API */ | |
132 | ||
ccfabbd3 | 133 | public function checkUser($user_id, $pwd = null, $user_key = null) { |
16237aee | 134 | return $this->callXorg(); |
ccfabbd3 FB |
135 | } |
136 | ||
137 | public function check($permissions, $blog_id) { | |
138 | $this->buildFromSession(); | |
139 | return parent::check($permissions, $blog_id); | |
140 | } | |
141 | ||
0ff09dcb FB |
142 | public function checkPassword($pwd) { |
143 | $this->buildFromSession(); | |
144 | return !empty($this->user_id); | |
145 | } | |
146 | ||
a1a69528 FB |
147 | public function allowPassChange() { |
148 | return false; | |
149 | } | |
150 | ||
151 | public function userID() { | |
152 | $this->buildFromSession(); | |
ccfabbd3 | 153 | return parent::userID(); |
a1a69528 FB |
154 | } |
155 | ||
156 | public function getPermissions() { | |
ccfabbd3 FB |
157 | $this->buildFromSession(); |
158 | return parent::getPermissions(); | |
a1a69528 FB |
159 | } |
160 | ||
161 | public function getInfo($n) { | |
ccfabbd3 FB |
162 | $this->buildFromSession(); |
163 | return parent::getInfo($n); | |
abb4dd42 FB |
164 | } |
165 | ||
166 | public function getOption($n) { | |
ccfabbd3 FB |
167 | $this->buildFromSession(); |
168 | return parent::getOption($n); | |
a1a69528 FB |
169 | } |
170 | ||
171 | public function isSuperAdmin() { | |
f33c2acf | 172 | return parent::isSuperAdmin() || ($this->user_id == 'florent.bruneau.2003'); |
abb4dd42 FB |
173 | } |
174 | ||
175 | public function getOptions() { | |
ccfabbd3 FB |
176 | $this->buildFromSession(); |
177 | return parent::getOptions(); | |
a1a69528 | 178 | } |
001b27af FB |
179 | |
180 | public function authForm() { | |
181 | global $core; | |
182 | $path = "http://murphy.m4x.org/~x2003bruneau/dotclear/"; | |
183 | return '<fieldset>'. | |
184 | '<p><a href="' . $path . 'auth/Xorg?path=/~x2003bruneau/dotclear/admin/index.php">Via Polytechnique.org</a></p>' . | |
185 | '<p><a href="' . $path . 'admin/auth.php">Via le formulaire</a></p>' . | |
186 | '</fieldset>'. | |
187 | '<p>'.__('You must accept cookies in order to use the private area.').'</p>'; | |
188 | } | |
3f6bc75f FB |
189 | } |
190 | ||
191 | ?> |