From a1a69528964163fff5a1193b3a6d8807b9272ce0 Mon Sep 17 00:00:00 2001
From: Florent Bruneau <florent.bruneau@polytechnique.org>
Date: Mon, 26 May 2008 23:47:49 +0200
Subject: [PATCH] Can log on the admin interface using x.org account.

Signed-off-by: Florent Bruneau <florent.bruneau@polytechnique.org>
---
 _public.php         | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 class.xorg.auth.php | 80 +++++++++++++++++++++++++++++++++++++++----
 2 files changed, 171 insertions(+), 6 deletions(-)

diff --git a/_public.php b/_public.php
index 84d05da..19de04c 100644
--- a/_public.php
+++ b/_public.php
@@ -1,5 +1,6 @@
 <?php
 $core->url->register('xorgAuth', 'Xorg', '^auth/(.*)$', array('xorgAuthentifier', 'doAuth'));
+$core->url->register('xorgLogin', 'XorgLogin', '^admin/(xorg\.php)$', array('xorgLoginPage', 'page')); 
 
 class xorgAuthWidget {
   static public function widget(&$w) {
@@ -13,6 +14,102 @@ class xorgAuthWidget {
   }
 }
 
+class xorgLoginPage extends dcUrlHandlers {
+  static public function page($args) {
+    switch ($args) {
+      case 'xorg.php':
+        self::dispatchForm();
+      default:
+        self::p404();
+    }
+  }
+
+  static protected function dispatchForm() {
+    # If we have a session cookie, go to index.php
+    if (isset($_SESSION['sess_user_id']))
+    {
+      header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/admin/index.php');
+    }
+
+    # Loading locales for detected language
+    $dlang = http::getAcceptLanguage();
+    if ($dlang) {
+      l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main');
+    }
+
+    global $core;
+    $msg = $err = null;
+    header('Content-Type: text/html; charset=UTF-8');
+    ?>
+    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+    <html xmlns="http://www.w3.org/1999/xhtml"
+    xml:lang="en" lang="en">
+    <head>
+      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+      <meta http-equiv="Content-Script-Type" content="text/javascript" />
+      <meta http-equiv="Content-Style-Type" content="text/css" />
+      <meta http-equiv="Content-Language" content="en" />
+      <meta name="MSSmartTagsPreventParsing" content="TRUE" />
+      <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />
+      <meta name="GOOGLEBOT" content="NOSNIPPET" />
+      <title><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></title>
+
+    <?php
+    echo dcPage::jsLoadIE7();
+    echo dcPage::jsCommon();
+    ?>
+
+      <style type="text/css">
+      @import url(style/default.css); 
+      </style>
+      <?php
+      # --BEHAVIOR-- loginPageHTMLHead
+      $core->callBehavior('loginPageHTMLHead');
+      ?>
+    </head>
+
+    <body id="dotclear-admin" class="auth">
+
+    <form action="xorg.php" method="post" id="login-screen">
+    <h1><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></h1>
+
+    <?php
+    if ($err) {
+      echo '<div class="error">'.$err.'</div>';
+    }
+    if ($msg) {
+      echo '<p class="message">'.$msg.'</p>';
+    }
+
+    {
+      echo
+      '<fieldset>'.
+      '<p><a href="http://murphy.m4x.org/~x2003bruneau/dotclear/auth/Xorg?path=/~x2003bruneau/dotclear/admin/index.php">Via Polytechnique.org</a></p>' .
+      '<p><a href="http://murphy.m4x.org/~x2003bruneau/dotclear/admin/auth.php">Via le formulaire</a></p>' .
+      '</fieldset>'.
+      
+      '<p>'.__('You must accept cookies in order to use the private area.').'</p>';
+      
+      if ($core->auth->allowPassChange()) {
+        echo '<p><a href="auth.php?recover=1">'.__('I forgot my password').'</a></p>';
+      }
+    }
+    ?>
+    </form>
+
+    <script type="text/javascript">
+    //<![CDATA[
+    $('input[@name="user_id"]').get(0).focus();
+    //]]>
+    </script>
+
+    </body>
+    </html>
+<?php
+    exit;
+  }
+}
+
 class xorgAuthentifier extends dcUrlHandlers {
   static public function doAuth($args) {
     global $core;
diff --git a/class.xorg.auth.php b/class.xorg.auth.php
index 6fea694..a1db5ec 100644
--- a/class.xorg.auth.php
+++ b/class.xorg.auth.php
@@ -3,6 +3,8 @@
 require_once dirname(__FILE__) . '/../../inc/core/class.dc.auth.php';
 
 class xorgAuth extends dcAuth {
+  private $forceSU = false;
+
   public $xorg_infos = array('forlife' => null,
                              'prenom' => null,
                              'nom' => null);
@@ -21,19 +23,21 @@ class xorgAuth extends dcAuth {
       foreach ($this->xorg_infos as $key => $val) {
         $this->xorg_infos[$key] = $_SESSION['auth-xorg-' . $key];
       }
+      $this->user_id = $_SESSION['auth-xorg'];
     }
   }
 
   public function checkUser($user_id, $pwd = null, $user_key = null) {
-    return $this->callXorg();
+    return $this->callXorg() && $user_id == $this->user_id;
 //    echo "checking auth for " . $user_id;
-    return parent::checkUser($user_id, $pwd, $user_key);
+//    return parent::checkUser($user_id, $pwd, $user_key);
   }
 
   public function check($permissions, $blog_id) {
-     $this->buildFromSession();
+    $this->buildFromSession();
+    return true;
 //    echo "Checking right to view $permissions on $blog_id";
-    return parent::check($permissions, $blog_id);
+//    return parent::check($permissions, $blog_id);
   }
 
   public function callXorg($path = null) {
@@ -55,6 +59,30 @@ class xorgAuth extends dcAuth {
     exit;
   }
 
+  private function acquireAdminRights() {
+    $this->forceSU = true;
+  }
+
+  private function releaseAdminRights() {
+    $this->forceSU = false;
+  }
+
+  private function createUser() {
+    global $core;
+    $this->acquireAdminRights();
+    if (!$core->userExists($_SESSION['auth-xorg'])) {
+      $cur = new cursor($this->con, 'dc_user');
+      $cur->user_id = $_SESSION['auth-xorg'];
+      $cur->user_pwd = md5(rand());
+      $cur->user_lang = 'fr';
+      $cur->user_name = $_SESSION['auth-xorg-nom'];
+      $cur->user_firstname = $_SESSION['auth-xorg-prenom'];
+      $cur->user_email = $_SESSION['auth-xorg'] . '@polytechnique.org';
+      $core->addUser($cur);
+    }
+    $this->releaseAdminRights();
+  }
+
   public function returnXorg() {
     if (!isset($_GET['auth'])) {
       return false;
@@ -71,11 +99,15 @@ class xorgAuth extends dcAuth {
     }
     if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) {
       unset($_GET['auth']);
-      $_SESSION['auth-xorg'] = $_GET['forlife'];
+      $_SESSION['sess_user_id'] = $_SESSION['auth-xorg'] = $_GET['forlife'];
+		  $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
+      $_SESSION['sess_blog_id'] = 'default';
+      $this->createUser();
       header("Location: http://murphy.m4x.org" . $_GET['path']);
       exit;
     }
-    $_SESSION['auth-xorg'] = null;
+    unset($_SESSION['auth-xorg']);
+    unset($_SESSION['sess_user_id']);
     unset($_GET['auth']);
     echo "Failed !!!";
     return false;
@@ -88,6 +120,42 @@ class xorgAuth extends dcAuth {
     header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/');
     exit;
   }
+
+  public function allowPassChange() {
+    return false;
+  }
+
+  public function userID() {
+    $this->buildFromSession();
+    return $this->user_id;
+  }
+
+  public function getPermissions() {
+    return array('default' => array('name' => 'My first blog',
+                                    'url'  => 'http://murphy.m4x.org/~x2003bruneau/dotclear/',
+                                    'permissions' => array('usage' => true,
+                                                           'contentadmin' => true,
+                                                           'admin' => true)));
+  }
+
+  public function getInfo($n) {
+    switch ($n) {
+      case 'user_lang':
+        return "fr";
+      case 'user_default_blog':
+        return 'default';
+      case 'user_post_status':
+        return 1;
+      case 'user_tz':
+        return 'UTC';
+    }
+    echo "$n ";
+    return null;
+  }
+
+  public function isSuperAdmin() {
+    return $this->forceSU;
+  }
 }
 
 ?>
-- 
2.1.4