url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth')); class xorgAuthWidget { static public function widget(&$w) { global $core; if ($core->auth->xorg_infos['forlife']) { return '

Tu es ' . $core->auth->xorg_infos['prenom'] . ' ' . $core->auth->xorg_infos['nom'] . '
' . 'déconnexion

'; } else { return '

M\'authentifier via Polytechnique.org

'; } } } class xorgAuthentifier extends dcUrlHandlers { static public function doAuth($args) { @session_start(); switch ($args) { case 'exit': self::killSession(); break; case 'Xorg': self::callXorg(); break; case 'XorgReturn': self::returnXorg(); break; default: self::p404(); } return; } static protected function callXorg() { if (@$_SESSION['auth-xorg']) { header("Location: http://murphy.m4x.org/" . $_GET['path']); return; } $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); $url = "https://www.polytechnique.org/auth-groupex/utf8"; $url .= "?session=" . session_id(); $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); $url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $_GET['path']); session_write_close(); header("Location: $url"); exit; } static protected function returnXorg() { if (!isset($_GET['auth'])) { return false; } global $core; $params = ''; foreach($core->auth->xorg_infos as $key => $val) { if(!isset($_GET[$key])) { return false; } $_SESSION['auth-xorg-' . $key] = $_GET[$key]; $core->auth->xorg_infos[$key] = $_GET[$key]; $params .= $_GET[$key]; } if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { unset($_GET['auth']); $_SESSION['auth-xorg'] = $_GET['forlife']; header("Location: http://murphy.m4x.org/" . $_GET['path']); return true; } $_SESSION['auth-xorg'] = null; unset($_GET['auth']); return false; } static protected function killSession() { @session_destroy(); header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/'); exit; } } ?>