static function hash_password($empr_login = '', $empr_password = '')
{
global $dbh;
global $opac_empr_password_salt;
if (!$opac_empr_password_salt) {
$salt_base = password::gen_salt_base();
if (!$salt_base) {
return false;
}
}
$id_empr = 0;
if ($empr_login) {
$query = "select id_empr from empr where empr_login='******'";
$result = pmb_mysql_query($query, $dbh);
if (pmb_mysql_num_rows($result) == 1) {
$id_empr = pmb_mysql_result($result, 0, "id_empr");
}
}
if ($id_empr) {
$rqt = "show tables like 'empr_passwords'";
if (pmb_mysql_num_rows(mysql_query($rqt, $dbh))) {
$q = "update empr_passwords set empr_password='******' where id_empr='" . $id_empr . "'";
pmb_mysql_query($q, $dbh);
}
$q = "update empr set empr_password='******', empr_password_is_encrypted = 1 where empr_login='******'";
pmb_mysql_query($q, $dbh);
}
}
function connexion_empr()
{
global $dbh, $msg, $opac_duration_session_auth;
global $time_expired, $erreur_session, $login, $password, $encrypted_password;
global $auth_ok, $lang, $code, $emprlogin;
global $password_key;
global $first_log;
global $erreur_connexion;
global $opac_opac_view_activate, $pmb_opac_view_class, $opac_view_class;
global $opac_default_style;
//a positionner si authentification exterieure
global $ext_auth, $empty_pwd;
global $base_path, $class_path;
global $cms_build_activate;
//a positionner si les vues OPAC sont activées
global $include_path;
$erreur_connexion = 0;
$log_ok = 0;
if (!$_SESSION["user_code"]) {
if (!get_magic_quotes_gpc()) {
$p_login = addslashes($_POST['login']);
} else {
$p_login = $_POST['login'];
}
if ($time_expired == 0) {
// début if ($time_expired==0) 1
//Si pas de session en cours, vérification du login
$verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location, allow_opac \n\t\t\t\t\tFROM empr\n\t\t\t\t\tJOIN empr_statut ON empr_statut=idstatut\n\t\t\t\t\tWHERE empr_login='******'";
$verif_result = pmb_mysql_query($verif_query);
// récupération des valeurs MySQL du lecteur et injection dans les variables
while ($verif_line = pmb_mysql_fetch_array($verif_result)) {
$verif_empr_cb = $verif_line['empr_cb'];
$verif_empr_login = $verif_line['empr_login'];
$verif_empr_ldap = $verif_line['empr_ldap'];
$verif_empr_password = $verif_line['empr_password'];
$verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR";
$verif_id_empr = $verif_line['id_empr'];
$verif_isexp = $verif_line['isexp'];
$verif_opac = $verif_line['allow_opac'];
$empr_location = $verif_line['empr_location'];
}
$auth_ok = 0;
if ($verif_opac) {
if (!$encrypted_password) {
$encrypted_password = password::gen_hash($password, $verif_id_empr);
}
if ($ext_auth) {
$auth_ok = $ext_auth;
} elseif ($code) {
$auth_ok = connexion_auto();
} elseif ($password_key) {
$auth_ok = connexion_unique();
} elseif ($verif_empr_ldap) {
$auth_ok = auth_ldap($p_login, $password);
} else {
$auth_ok = ($empty_pwd || !$empty_pwd && $verif_empr_password) && $verif_empr_password == stripslashes($encrypted_password) && $verif_empr_login != "";
}
//auth standard
}
if ($auth_ok) {
// début if ($auth_ok) 1
//Si mot de passe correct, enregistrement dans la session de l'utilisateur
startSession("PmbOpac", $verif_empr_login);
$log_ok = 1;
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
//Récupération de l'environnement précédent
$requete = "select session from opac_sessions where empr_id=" . $verif_id_empr;
$res_session = pmb_mysql_query($requete);
if (@pmb_mysql_num_rows($res_session)) {
$temp_session = unserialize(pmb_mysql_result($res_session, 0, 0));
$_SESSION = $temp_session;
} else {
$_SESSION = array();
}
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
$_SESSION["user_code"] = $verif_empr_login;
$_SESSION["id_empr_session"] = $verif_id_empr;
$_SESSION["connect_time"] = time();
$_SESSION["lang"] = $verif_lang;
$_SESSION["empr_location"] = $empr_location;
$req = "select location_libelle from docs_location where idlocation='" . $_SESSION["empr_location"] . "'";
$_SESSION["empr_location_libelle"] = pmb_mysql_result(pmb_mysql_query($req, $dbh), 0, 0);
// change language and charset after login
$lang = $_SESSION["lang"];
set_language($lang);
if (!$verif_isexp) {
recupere_pref_droits($_SESSION["user_code"]);
$_SESSION["user_expired"] = $verif_isexp;
} else {
recupere_pref_droits($_SESSION["user_code"], 1);
$_SESSION["user_expired"] = $verif_isexp;
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
}
if ($opac_opac_view_activate) {
$_SESSION["opac_view"] = 0;
$_SESSION['opac_view_query'] = 0;
if (!$pmb_opac_view_class) {
$pmb_opac_view_class = "opac_view";
}
require_once $base_path . "/classes/" . $pmb_opac_view_class . ".class.php";
$opac_view_class = new $pmb_opac_view_class($_SESSION["opac_view"], $_SESSION["id_empr_session"]);
if ($opac_view_class->id) {
$opac_view_class->set_parameters();
$opac_view_filter_class = $opac_view_class->opac_filters;
$_SESSION["opac_view"] = $opac_view_class->id;
if (!$opac_view_class->opac_view_wo_query) {
$_SESSION['opac_view_query'] = 1;
}
} else {
$_SESSION["opac_view"] = 0;
}
$css = $_SESSION["css"] = $opac_default_style;
}
$first_log = true;
} else {
//Sinon, on détruit la session créée
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
@session_destroy();
if ($cms_build_activate) {
session_start();
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
}
if (!$encrypted_password) {
$encrypted_password = password::gen_hash($password, $verif_id_empr);
}
if ($verif_empr_password != stripslashes($encrypted_password) || $verif_empr_login == "" || $verif_empr_ldap || $code) {
// la saisie du mot de passe ou du login est incorrect ou erreur de connexion avec le ldap
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
} elseif ($verif_isexp) {
//Si l'abonnement est expiré
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
} elseif (!$verif_opac) {
//Si la connexion à l'opac est interdite
echo "<script>alert(\"" . $msg["empr_connexion_interdite"] . "\");</script>";
$erreur_connexion = 2;
} else {
// Autre cas au cas où...
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
}
$log_ok = 0;
$time_expired = 0;
}
// fin if ($auth_ok) 1
} else {
// la session a expiré, on va le lui dire
echo "<script>alert(\"" . sprintf($msg["session_expired"], round($opac_duration_session_auth / 60)) . "\");</script>";
}
} else {
//Si session en cours, pas de problème...
$log_ok = 1;
$login = $_SESSION["user_code"];
if ($_SESSION["user_expired"]) {
recupere_pref_droits($login, 1);
} else {
recupere_pref_droits($login);
}
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
}
// pour visualiser une notice issue de DSI avec une connexion auto
if ($_SESSION["connexion_empr_auto"] && $log_ok) {
global $connexion_empr_auto, $tab, $lvl;
$connexion_empr_auto = 1;
if (!$code) {
if (!$tab) {
$tab = "dsi";
}
if (!$lvl) {
$lvl = "bannette";
}
}
}
return $log_ok;
}
function check_auth(&$empr_login, &$empr_password, &$empr_id)
{
//grassement copié de opac_css/includes/empr_func.inc.php
global $dbh, $verif_empr_ldap;
global $charset;
if ($this->proxy_parent->input_charset != 'utf-8' && $charset == 'utf-8') {
$empr_login = utf8_encode($empr_login);
$empr_password = utf8_encode($empr_password);
} else {
if ($this->proxy_parent->input_charset == 'utf-8' && $charset != 'utf-8') {
$empr_login = utf8_decode($empr_login);
$empr_password = utf8_decode($empr_password);
}
}
$verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location \n\t\t\t\t\t\tFROM empr \n\t\t\t\t\t\tWHERE empr_login='******'";
$verif_result = pmb_mysql_query($verif_query);
if (!$verif_result) {
return 0;
}
// récupération des valeurs MySQL du lecteur et injection dans les variables
$verif_line = pmb_mysql_fetch_array($verif_result);
$verif_empr_cb = $verif_line['empr_cb'];
$verif_empr_login = $verif_line['empr_login'];
$verif_empr_ldap = $verif_line['empr_ldap'];
$verif_empr_password = $verif_line['empr_password'];
$verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR";
$verif_id_empr = $verif_line['id_empr'];
$empr_id = $verif_id_empr;
$verif_isexp = $verif_line['isexp'];
$empr_location = $verif_line['empr_location'];
global $base_path, $class_path;
if (file_exists($base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php")) {
require_once $base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php";
$external_auth = new external_auth();
$check = $external_auth->check_auth($empr_login, $empr_password);
if ($check) {
return true;
} else {
if (!$external_auth->normal_auth) {
return false;
}
}
}
if ($verif_empr_ldap) {
//Authentification par LDAP
global $ldap_server, $ldap_basedn, $ldap_port, $ldap_proto, $ldap_binddn, $ldap_encoding_utf8;
define('LDAP_SERVER', $ldap_server);
//url server ldap
define('LDAP_BASEDN', $ldap_basedn);
//search base
define('LDAP_PORT', $ldap_port);
//port
define('LDAP_PROTO', $ldap_proto);
//protocollo
define('LDAP_BINDDN', $ldap_binddn);
global $ldap_accessible;
if (!$ldap_accessible) {
return 0;
}
$ret = 0;
if ($pwd) {
//Gestion encodage
if ($ldap_encoding_utf8 && $charset != "utf-8") {
$uid = utf8_encode($uid);
$pwd = utf8_encode($pwd);
} elseif (!$ldap_encoding_utf8 && $charset == "utf-8") {
$uid = utf8_decode($uid);
$pwd = utf8_decode($pwd);
}
$dn = str_replace('UID', $uid, LDAP_BINDDN);
$conn = @ldap_connect(LDAP_SERVER, LDAP_PORT);
// must be a valid LDAP server!
ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTO);
if ($conn) {
$ret = @ldap_bind($conn, $dn, $pwd);
ldap_close($conn);
}
}
return $ret;
} else {
//Autentification standard
$encrypted_password = password::gen_hash($empr_password, $verif_id_empr);
return $verif_empr_password == $encrypted_password && $verif_empr_login != "" && !$verif_isexp;
}
}
