projects / wikifarm.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Link to the X.org production environement.
[wikifarm.git] / install / cookbook / xorgauth.php
1 <?php
2
3 $AuthFunction = 'XorgAuth';
4 $HandleActions['attr'] = 'XorgAuthHandleAttr';
5 $HandleActions['postattr'] = 'XorgAuthHandlePostAttr';
6 $HandleActions['connect'] = 'XorgAuthConnectPlatal';
7
8 if (isset($_POST['action']) && isset($_GET['action'])) {
9 $action = $_REQUEST['action'] = $_GET['action'] = $_POST['action'];
10 }
11
12 Markup('grpattributes','inline','/\\(:groupattributes:\\)/e',"Keep(XorgAuthGroupAttributes())");
13
14 require_once("$FarmD/cookbook/autocreate.php");
15 AutoCreatePage('$Group.GroupAttributes', '(:groupattributes:)');
16
17 $HTMLHeaderFmt['xorg'] = '<script type="text/javascript" src="http://www.polytechnique.org/javascript/xorg.js"></script>';
18 $HTMLHeaderFmt['xorgcustomauth'] = '<script type="text/javascript">
19 function AddCustomAuth(f){
20 if (f.value == \'...\')
21 {
22 var newval =prompt(\'Sépare les différents autorisations par des espaces\\n\\tx,membre ou admin\\n\\tprenom.nom.promo d\\\'une personne\\n\\tle numéro d\\\'une promo\\nPar exemple pour autoriser les membres et Pascal Corpet :\\n\\tmembre pascal.corpet.2001\');
23 f.value = newval;
24 if (f.value != newval && newval)
25 {
26 var op = document.createElement(\'option\');
27 op.appendChild(document.createTextNode(newval));
28 f.insertBefore(op,f.childNodes[f.childNodes.length-1]);
29 f.value = newval;
30 }
31 }
32 }
33 </script>';
34
35 Markup('[[~|','<[[~','/\\[\\[~(.*?)\|(.*?)\\]\\]/e',"Keep('<a href=\"http://www.polytechnique.org/profile/$1\" class=\"popup2\">$2</a>')");
36
37 Markup('xorgpage','inline','/\\(:xorgpage\\s*(.*?):\\)/e', "Keep('<iframe style=\"width:100%;height:400px;border:none\" src=\"http://www.polytechnique.org/$1\"></iframe>')");
38 Markup('xnetpage','inline','/\\(:xnetpage\\s*(.*?):\\)/e', "XnetPage('$1')");
39 function XnetPage($page) {
40 global $XnetWikiGroup;
41 if (!$XnetWikiGroup) return;
42 return Keep('<iframe style="width:100%;height:400px;border:none" src="http://www.polytechnique.net/'.($_SESSION['xorgauth']?'login/':'').$XnetWikiGroup.'/'.$page.'"></iframe>');
43 }
44
45 // Récupère les droits au niveau du dossier (Group PmWiki)
46 function XorgAuthGetGroupAuth($pagename,$since) {
47 global $GroupPasswords;
48 if (!isset($GroupPasswords)) {
49 $GroupPasswords = array();
50 }
51 $group = substr($pagename, 0, strpos($pagename, '.'));
52 if (!isset($GroupPasswords[$group])) {
53 $GroupPasswords[$group] = ReadPage($group.'.GroupAttributes', $since);
54 }
55 return $GroupPasswords[$group];
56 }
57
58 // essaie de se connecter via xorg
59 function XorgAuthConnectPlatal() {
60 $privkey = '6e9c9fa9bac23541fe67697c4eff5be6';
61 global $XnetWikiGroup;
62 $returl = 'http://'.$_SERVER['SERVER_NAME'].str_replace('action=connect', '', $_SERVER['REQUEST_URI']);
63 if (isset($_REQUEST['oldaction'])) {
64 $returl .= '&action='.$_REQUEST['oldaction'];
65 }
66 @session_destroy();
67 session_start();
68 $challenge = md5(rand());
69 $_SESSION['challenge'] = $challenge;
70 $_SESSION['authsite'] = $XnetWikiGroup;
71 $url = "https://www.polytechnique.org/auth-groupex.php";
72 $url .= "?session=".session_id();
73 $url .= "&challenge=".$challenge;
74 $url .= "&pass=".md5($challenge.$privkey);
75 $returl .= "&challenge=".$challenge;
76 $url .= "&url=".urlencode($returl);
77 if ($XnetWikiGroup) {
78 $url .= "&group=".$XnetWikiGroup;
79 }
80 header('Location: '.$url);
81 exit();
82 }
83
84
85 // comes back from auth
86 @session_start();
87 if (isset($_GET['auth']) && !$_SESSION['xorgauth'] && $_SESSION['challenge']) {
88 $tohash = '1'.$_SESSION['challenge'].'6e9c9fa9bac23541fe67697c4eff5be6';
89 $fields = explode(',','forlife,nom,prenom,promo,grpauth,perms');
90 foreach ($fields as $f) if (isset($_GET[$f])) {
91 $tohash .= $_GET[$f];
92 }
93 $tohash .= '1';
94 if ($_GET['auth'] == md5($tohash)) {
95 $_SESSION['xorgauth'] = 1;
96 foreach ($fields as $f) if (isset($_GET[$f])) {
97 $_SESSION[$f] = $_GET[$f];
98 }
99 } else {
100 $_SESSION['xorgauth'] = 0;
101 }
102 }
103 if (isset($_SESSION['forlife']) && $_SESSION['forlife']) {
104 $AuthId = $_SESSION['forlife'];
105 $Author = $_SESSION['forlife'].' | '.$_SESSION['prenom'].' '.$_SESSION['nom'];
106 }
107 $Conditions['connected'] = 'isset($_SESSION["xorgauth"])';
108
109 function XorgAuthTestPassword($password) {
110 if (!$password) {
111 return true;
112 }
113 if ($_SESSION['perms'] == 'admin') {
114 // administrateur du site d'authentification et donc super user ici aussi
115 return true;
116 }
117 $parts = explode(' ',$password);
118 foreach ($parts as $pass) {
119 if ($pass == 'all' || $pass == 'public') {
120 return true;
121 }
122 if ($pass == 'x' && $_SESSION['xorgauth']) {
123 return true;
124 }
125 if ($_SESSION['grpauth'] && $pass == $_SESSION['grpauth']) {
126 return true;
127 }
128 if ($_SESSION['forlife'] && $pass == $_SESSION['forlife']) {
129 return true;
130 }
131 if ($_SESSION['promo'] && $pass == $_SESSION['promo']) {
132 return true;
133 }
134 }
135 return false;
136 }
137
138 // test if user has admin rights on this wiki field
139 function XorgAuthIsSiteAdmin() {
140 global $DefaultPasswords;
141 return XorgAuthTestPassword($DefaultPasswords['admin']);
142 }
143
144 // fonction d'authentification : appellée avant tout accès à une page
145 function XorgAuth($pagename, $level, $authprompt, $since) {
146 global $XnetWikiGroup;
147 // user was authenticaed to another site, but the site has changed
148 if (isset($_SESSION['authsite']) && $XnetWikiGroup != $_SESSION['authsite']) {
149 XorgAuthConnectPlatal();
150 return false;
151 }
152 $group = substr($pagename, 0, strpos($pagename, '.'));
153 $page = ReadPage($pagename, $since);
154 if (!$page) { return false; }
155 if (XorgAuthIsSiteAdmin()) { return $page; }
156 global $AuthCascade, $DefaultPasswords, $GroupPasswords;
157 $password = "";
158 do
159 {
160 if (isset($page["passwd".$level])) {
161 $password = $page["passwd".$level];
162 }
163 if (!$password) {
164 $gpAuth = XorgAuthGetGroupAuth($pagename,$since);
165 if (isset($gpAuth["passwd".$level])) {
166 $password = $gpAuth["passwd".$level];
167 }
168 }
169 if (!$password) {
170 if (isset($DefaultPasswords[$level])) {
171 $password = $DefaultPasswords[$level];
172 }
173 }
174 } while (!$password && isset($AuthCascade[$level]) && $level = $AuthCascade[$level]);
175 if (XorgAuthTestPassword($password)) {
176 return $page;
177 }
178 if (!$authprompt) {
179 return false;
180 }
181 global $AuthPromptFmt, $PageStartFmt, $PageEndFmt;
182 $postvars = '';
183 foreach($_POST as $k=>$v) {
184 if ($k == 'authpw' || $k == 'authid') continue;
185 $v = str_replace('$', '&#036;',
186 htmlspecialchars(stripmagic($v), ENT_COMPAT));
187 $postvars .= "<input type='hidden' name='$k' value=\"$v\" />\n";
188 }
189 $FmtV['action'] = $_REQUEST['action'];
190 SDV($AuthPromptFmt, array(&$PageStartFmt, "page:Site.AuthForm", &$PageEndFmt));
191 PrintFmt($pagename,$AuthPromptFmt);
192 exit;
193 }
194 $XorgAuthLevels = array('read' => 'lecture','edit' => 'modification','attr' => 'administration');
195
196 function XorgAuthUsers() {
197 global $XnetWikiGroup;
198 if ($XnetWikiGroup) {
199 return array('public' => 'tout le monde','x' => 'les X', 'membre' => 'membres du groupe', 'admin' => 'admins du groupe');
200 } else {
201 return array('public' => 'tout le monde','x' => 'les X', 'admin' => 'admins X.org');
202 }
203 }
204
205 function XorgAuthPermissions($pagename) {
206 global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels;
207 $XorgAuthUsers = XorgAuthUsers();
208 $group = substr($pagename, 0, strpos($pagename, '.'));
209 if ($pagename != $group.'.GroupAttributes')
210 $groupAttr = XorgAuthGetGroupAuth($pagename, 0);
211 $page = ReadPage($pagename, 0);
212 $attrshtml = '';
213 foreach ($XorgAuthLevels as $level => $action) {
214 $html = $action.' : <select name="passwd'.$level.'" onchange="AddCustomAuth(this)">';
215 if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) {
216 $text = 'comme le dossier ('.$XorgAuthUsers[$groupAttr['passwd'.$level]].')';
217 } else {
218 $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')';
219 }
220 $htmloptions = '<option value="">'.$text.'</option>';
221 foreach ($XorgAuthUsers as $passwd => $user) {
222 $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>';
223 }
224 $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions);
225 $html .= $htmloptionsselected;
226 if ($htmloptionsselected == $htmloptions) {
227 $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>';
228 }
229 $html .= '<option value="...">...</option>';
230 $html .= '</select> ';
231 if ($attrshtml) {
232 $attrshtml .= ' - ';
233 }
234
235 $attrshtml .= $html;
236 }
237 return '<form action="?action=postattr" method="post">'.$attrshtml.'<input type="submit" value="ok"/></form>';
238 }
239
240 function XorgAuthHandleAttr($pagename, $auth = 'attr') {
241 $page = RetrieveAuthPage($pagename, $auth, true);
242 global $PageAttrFmt, $PageStartFmt, $PageEndFmt;
243 SDV($PageAttrFmt,"<div class='wikiattr'>
244 <h2 class='wikiaction'>$[{\$FullName} Attributes]</h2>
245 <p>".XorgAuthPermissions($pagename)."</p></div>");
246 SDV($HandleAttrFmt,array(&$PageStartFmt,&$PageAttrFmt,&$PageEndFmt));
247 PrintFmt($pagename,$HandleAttrFmt);
248 }
249
250 function XorgAuthHandlePostAttr($pagename, $auth = 'attr') {
251 global $XorgAuthLevels, $HandleActions;
252 Lock(2);
253 $page = RetrieveAuthPage($pagename, $auth, true);
254 if (!$page) { Abort("?unable to read $pagename"); }
255 foreach($XorgAuthLevels as $attr=>$p) {
256 $v = stripmagic(@$_REQUEST['passwd'.$attr]);
257 if ($v=='') unset($page['passwd'.$attr]);
258 else if ($v != '...') $page['passwd'.$attr] = $v;
259 }
260 WritePage($pagename,$page);
261 Lock(0);
262 Redirect($pagename);
263 }
264
265 function XorgAuthGroupAttributes() {
266 global $XnetWikiGroup,$DefaultPasswords,$XorgAuthLevels;
267 $XorgAuthUsers = XorgAuthUsers();
268 global $pagename, $WikiDir;
269 if (substr($pagename, strpos($pagename, '.') + 1) != 'GroupAttributes') {
270 return "";
271 }
272 if (!XorgAuth($pagename, 'attr', true,0)) {
273 return "";
274 }
275 if (isset($_REQUEST['page']) && isset($_REQUEST['user']) && isset($_REQUEST['attr'])) {
276 Lock(2);
277 $page = RetrieveAuthPage(stripmagic(@$_REQUEST['page']), 'attr', true);
278 if ($page && isset($XorgAuthLevels[stripmagic(@$_REQUEST['attr'])]) && (isset($XorgAuthUsers[stripmagic(@$_REQUEST['user'])]) || !$_REQUEST['user'])) {
279 $page['passwd'.stripmagic(@$_REQUEST['attr'])] = stripmagic(@$_REQUEST['user']);
280 if ($_REQUEST['user'] == "") {
281 unset($page['passwd'.stripmagic(@$_REQUEST['attr'])]);
282 }
283 WritePage(stripmagic(@$_REQUEST['page']),$page);
284 }
285 Lock(0);
286 }
287 $html = '<table>';
288 $html .= '<tr><td></td>';
289 foreach ($XorgAuthLevels as $level => $action) {
290 $html .= '<th>'.$action.'</th>';
291 }
292 $html .= '</tr>';
293 $group = substr($pagename, 0, strpos($pagename, '.'));
294 $pages = $WikiDir->ls($group.'.*');
295 $groupAttr = XorgAuthGetGroupAuth($pagename, 0);
296 foreach($pages as $p) if ($p != $pagename) {
297 $html .= '<tr>';
298 $page = ReadPage($p, 0);
299 $html .= '<th>'.substr($p,strpos($p,'.')+1).'</th>';
300 foreach ($XorgAuthLevels as $level => $action) {
301 $html .= '<td><select name="passwd'.$level.'" onchange="AddCustomAuth(this);document.location=\'?page='.$p.'&attr='.$level.'&user=\'+this.value">';
302 if (isset($groupAttr['passwd'.$level]) && $groupAttr['passwd'.$level]) {
303 $textedossier = $groupAttr['passwd'.$level];
304 if (isset($XorgAuthUsers[$textedossier])) {
305 $textedossier = $XorgAuthUsers[$textedossier];
306 }
307 $text = 'comme le dossier ('.$textedossier.')';
308 } else {
309 $text = 'comme le site ('.$XorgAuthUsers[$DefaultPasswords[$level]].')';
310 }
311 $htmloptions = '<option value="">'.$text.'</option>';
312 foreach ($XorgAuthUsers as $passwd => $user) {
313 $htmloptions .= '<option value="'.$passwd.'">'.$user.'</option>';
314 }
315 $htmloptionsselected = str_replace(' value="'.$page['passwd'.$level].'"', ' value="'.$page['passwd'.$level].'" selected="selected"', $htmloptions);
316 $html .= $htmloptionsselected;
317 if ($htmloptionsselected == $htmloptions) {
318 $html .= '<option value="'.$page['passwd'.$level].'" selected="selected">'.$page['passwd'.$level].'</option>';
319 }
320 $html .= '<option value="...">...</option></select></td>';
321 }
322 $html .= '</tr>';
323 }
324 $html .= '</table>';
325 return '<h2>Edition des droits du dossier</h2>'.XorgAuthPermissions($pagename).'<h2>Edition des droits des pages du dossier</h2>'.$html;
326 }
327 ?>
Wikifarm