diogenes.session.inc.php

00001 <?php
00002 /*
00003  * Copyright (C) 2003-2004 Polytechnique.org
00004  * http://opensource.polytechnique.org/
00005  *
00006  * This program is free software; you can redistribute it and/or modify
00007  * it under the terms of the GNU General Public License as published by
00008  * the Free Software Foundation; either version 2 of the License, or
00009  * (at your option) any later version.
00010  *
00011  * This program is distributed in the hope that it will be useful,
00012  * but WITHOUT ANY WARRANTY; without even the implied warranty of
00013  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00014  * GNU General Public License for more details.
00015  *
00016  * You should have received a copy of the GNU General Public License
00017  * along with this program; if not, write to the Free Software
00018  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
00019  */
00020 
00021 
00022 require_once 'diogenes/diogenes.core.session.inc.php';
00023 require_once 'diogenes/diogenes.core.logger.inc.php';
00024 
00027 class DiogenesSession extends DiogenesCoreSession {
00029   var $fullname;
00031   var $auth = "native";
00032 
00033 
00036   function DiogenesSession() {
00037     $this->DiogenesCoreSession();
00038     $this->username = "anonymous";
00039     $this->perms->addFlag('public');
00040   }
00041 
00042 
00047   function doAuth(&$page) {
00048     global $globals;
00049 
00050     if ($this->perms->hasflag("auth"))
00051       return;
00052 
00053     /* do we have authentication tokens for auth ? */
00054     if (isset($_REQUEST['login']) && isset($_REQUEST['response'])) {
00055       // remember login for a year
00056       setcookie('DiogenesLogin',$_REQUEST['login'],(time()+25920000));
00057 
00058       // lookup user
00059       $res = $globals->db->query("SELECT user_id,username,password,firstname,lastname,perms FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
00060       if (!list($uid,$username,$password,$firstname,$lastname,$perms) = mysql_fetch_row($res)) {
00061         $page->info(__("Authentication error!"));
00062         $this->doLogin($page);
00063       }
00064       mysql_free_result($res);
00065 
00066       // check response
00067       if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
00068       {
00069         // log the login failure
00070         $logger = new DiogenesCoreLogger($uid);
00071         $logger->log("auth_fail",$_REQUEST['login']);
00072         $page->info(__("Authentication error!"));
00073         $this->doLogin($page);
00074       }
00075 
00076       // retrieve user info
00077       $this->uid = $uid;
00078       $this->username = $username;
00079       $this->firstname = $firstname;
00080       $this->lastname = $lastname;
00081       $this->fullname = $firstname . ($lastname ? " $lastname" : "");
00082 
00083       // create logger
00084       $logstr = $this->username . (empty($page->alias) ? "" : "@{$page->alias}");
00085       $_SESSION['log'] = new DiogenesCoreLogger($this->uid);
00086       $_SESSION['log']->log("auth_ok",$logstr);
00087 
00088       // set user permissions
00089       $this->perms->addFlag('auth');
00090       if ($perms == "admin") {
00091         $this->perms->addflag('root');
00092       }
00093 
00094     } else {
00095       $this->doLogin($page);
00096     }
00097   }
00098 
00099 
00104   function doAuthWebDAV($user,$pass)
00105   {
00106     global $globals;
00107 
00108     if ($this->perms->hasflag("auth"))
00109       return true;
00110 
00111     // check credentials
00112     $pass = md5($pass);
00113     $res = $globals->db->query("SELECT user_id,username,perms FROM {$globals->tauth['native']} WHERE username='$user' AND password='$pass'");
00114     if (!list($uid,$user,$perms) = mysql_fetch_row($res))
00115       return false;      
00116 
00117     // retrieve user info
00118     $this->uid = $uid;
00119     $this->username = $user;
00120 
00121     // create logger
00122     $_SESSION['log'] = new DiogenesWebDAVLogger($this->uid,$this->auth,$this->username);
00123 
00124     // set user permissions
00125     $this->perms->addFlag('auth');
00126     if ($perms == "admin") {
00127       $this->perms->addflag('root');
00128     }
00129 
00130     return true;
00131   }
00132 
00133 
00136   function doLogin(&$page) {
00137     $page->assign('greeting',__("Diogenes login"));
00138     $page->assign('msg_connexion', __("Connexion"));
00139     $page->assign('msg_password',__("password"));
00140     $page->assign('msg_submit',__("Submit"));
00141     $page->assign('msg_username', __("username"));
00142 
00143     if (isset($_COOKIE['DiogenesLogin']))
00144       $page->assign('username', $_COOKIE['DiogenesLogin']);
00145     $page->assign('post',htmlentities($page->script_uri()));
00146     $page->assign('challenge',$this->challenge);
00147     $page->assign('md5',$page->url("md5.js"));
00148     $page->display('login.tpl');
00149     exit;
00150   }
00151 
00152 
00157   function setBarrelPerms($alias) {
00158     global $globals;
00159 
00160     // if the user is logged in, refresh his/her permissions
00161     if ($this->perms->hasflag('auth')) {
00162       if ($this->perms->hasflag('root')) {
00163         $this->perms->addflag('user');
00164         $this->perms->addflag('admin');
00165       } else {
00166         $this->perms->rmflag('user');
00167         $this->perms->rmflag('admin');
00168       }
00169 
00170       // read site specific permissions
00171       $res = $globals->db->query("SELECT perms FROM diogenes_perm WHERE alias='{$alias}' AND auth='{$this->auth}' AND uid='{$this->uid}'");
00172       if (list($tmp) = mysql_fetch_row($res)) {
00173         $this->perms->addflag('user');
00174         $this->perms->addflag($tmp);
00175       }
00176       mysql_free_result($res);
00177     }
00178   }
00179 
00180 }
00181 
00182 ?>
Generated on Fri Jan 11 01:20:08 2008 for Diogenes by  doxygen 1.5.1