From be74d9bd8ec378a02aa2c7f3c66fceb3d22cda0d Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Sun, 25 May 2008 22:31:26 +0200 Subject: [PATCH] Move auth stuff in the xorgAuth class. Signed-off-by: Florent Bruneau --- _public.php | 53 ++++------------------------------------------------- class.xorg.auth.php | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 49 deletions(-) diff --git a/_public.php b/_public.php index bef7224..2b00670 100644 --- a/_public.php +++ b/_public.php @@ -16,15 +16,16 @@ class xorgAuthWidget { class xorgAuthentifier extends dcUrlHandlers { static public function doAuth($args) { @session_start(); + global $core; switch ($args) { case 'exit': - self::killSession(); + $core->auth->killSession(); break; case 'Xorg': - self::callXorg(); + $core->auth->callXorg(); break; case 'XorgReturn': - self::returnXorg(); + $core->auth->returnXorg(); break; default: self::p404(); @@ -32,51 +33,5 @@ class xorgAuthentifier extends dcUrlHandlers { return; } - static protected function callXorg() { - if (@$_SESSION['auth-xorg']) { - header("Location: http://murphy.m4x.org/" . $_GET['path']); - return; - } - $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); - $url = "https://www.polytechnique.org/auth-groupex/utf8"; - $url .= "?session=" . session_id(); - $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; - $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); - $url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $_GET['path']); - session_write_close(); - header("Location: $url"); - exit; - } - - static protected function returnXorg() { - if (!isset($_GET['auth'])) { - return false; - } - global $core; - $params = ''; - foreach($core->auth->xorg_infos as $key => $val) { - if(!isset($_GET[$key])) { - return false; - } - $_SESSION['auth-xorg-' . $key] = $_GET[$key]; - $core->auth->xorg_infos[$key] = $_GET[$key]; - $params .= $_GET[$key]; - } - if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { - unset($_GET['auth']); - $_SESSION['auth-xorg'] = $_GET['forlife']; - header("Location: http://murphy.m4x.org/" . $_GET['path']); - return true; - } - $_SESSION['auth-xorg'] = null; - unset($_GET['auth']); - return false; - } - - static protected function killSession() { - @session_destroy(); - header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/'); - exit; - } } ?> diff --git a/class.xorg.auth.php b/class.xorg.auth.php index 2bc1375..8e15156 100644 --- a/class.xorg.auth.php +++ b/class.xorg.auth.php @@ -25,6 +25,52 @@ class xorgAuth extends dcAuth { // echo "Checking right to view $permissions on $blog_id"; return parent::check($permissions, $blog_id); } + + public function callXorg() { + if (@$_SESSION['auth-xorg']) { + header("Location: http://murphy.m4x.org/" . $_GET['path']); + return; + } + $_SESSION["auth-x-challenge"] = md5(uniqid(rand(), 1)); + $url = "https://www.polytechnique.org/auth-groupex/utf8"; + $url .= "?session=" . session_id(); + $url .= "&challenge=" . $_SESSION["auth-x-challenge"]; + $url .= "&pass=" . md5($_SESSION["auth-x-challenge"] . XORG_AUTH_KEY); + $url .= "&url=http://murphy.m4x.org/~x2003bruneau/dotclear/auth/XorgReturn" . urlencode("?path=" . $_GET['path']); + session_write_close(); + header("Location: $url"); + exit; + } + + public function returnXorg() { + if (!isset($_GET['auth'])) { + return false; + } + $params = ''; + foreach($this->xorg_infos as $key => $val) { + if(!isset($_GET[$key])) { + return false; + } + $_SESSION['auth-xorg-' . $key] = $_GET[$key]; + $this->xorg_infos[$key] = $_GET[$key]; + $params .= $_GET[$key]; + } + if (md5('1' . $_SESSION['auth-x-challenge'] . XORG_AUTH_KEY . $params . '1') == $_GET['auth']) { + unset($_GET['auth']); + $_SESSION['auth-xorg'] = $_GET['forlife']; + header("Location: http://murphy.m4x.org/" . $_GET['path']); + return true; + } + $_SESSION['auth-xorg'] = null; + unset($_GET['auth']); + return false; + } + + public function killSession() { + @session_destroy(); + header('Location: http://murphy.m4x.org/~x2003bruneau/dotclear/'); + exit; + } } ?> -- 2.1.4