function handler_remote($page)
{
global $globals, $platal;
if (!(Env::has('timestamp') && Env::has('site') && Env::has('hash') && Env::has('request'))) {
$page->trigError("Requête non valide");
return;
}
// Read request
$timestamp = Env::s('timestamp');
if (abs($timestamp - time()) > $globals->remote->lag) {
$page->trigError("Delai d'attente dépassé");
return;
}
$site = Env::s('site');
$request = Env::s('request');
// Load remote information
try {
$remote = Remote::from(Env::s('site'));
$remote->select(RemoteSelect::groups());
} catch (ItemNotFoundException $e) {
$page->trigError("Ton site n'est pas renseigné dans la base de données");
return;
}
// Check request
if (md5($timestamp . $site . $remote->privkey() . $request) != Env::s('hash')) {
$page->trigError("Erreur de validation de la requête d'authentification");
return;
}
$request = json_decode($request, true);
// Force login
$user = Platal::session()->doAuthWithoutStart(AUTH_COOKIE);
if (empty($user)) {
$page->assign('remote_site', $remote->label());
$platal->force_login($page);
return PL_FORBIDDEN;
}
// Build response
$response = array('uid' => $user->id());
if ($remote->hasRight('names') && in_array('names', $request)) {
$response['hruid'] = $user->login();
$response['firstname'] = $user->firstname();
$response['lastname'] = $user->lastname();
$response['nickname'] = $user->nickname();
}
if ($remote->hasRight('email') && in_array('email', $request)) {
$response['email'] = $user->email();
}
if ($remote->hasRight('rights') && in_array('rights', $request)) {
$r = array();
foreach ($remote->groups() as $g) {
$r[$g->name()] = array_map(function ($r) {
return (string) $r;
}, $user->rights($g));
}
if (!empty($r)) {
$response['rights'] = $r;
}
}
if ($remote->hasRight('sport') && in_array('sport', $request)) {
$groups = $user->castes()->groups();
$group = $groups->filter('ns', Group::NS_SPORT)->first();
if ($group) {
$response['sport'] = $group->label();
}
}
if ($remote->hasRight('promo') && in_array('promo', $request)) {
$groups = $user->castes()->groups()->filter('ns', Group::NS_PROMO);
$groups = $groups->remove(Group::from('on_platal'));
// Extract promos from group labels
// For backward compatibility, compute the minimal promo year
$promo = 0;
$promos = array();
foreach ($groups as $g) {
$matches = array();
if (preg_match('/^promo_([a-z_]+)([1-9][0-9]{3})$/', $g->name(), $matches)) {
$promos[] = $matches[1] . $matches[2];
$year = (int) $matches[2];
if (!$promo || $year < $promo) {
$promo = $year;
}
}
}
if ($promo) {
$response['promo'] = $promo;
$response['promos'] = $promos;
}
}
if ($remote->hasRight('photo') && in_array('photo', $request)) {
$img = $user->photo();
if ($img === false) {
$img = $user->original();
}
if ($img !== false) {
$response['photo'] = $globals->baseurl . '/' . $img->src('full');
}
}
if ($remote->hasRight('binets_admin') && in_array('binets_admin', $request)) {
$gf = new GroupFilter(new PFC_And(new GFC_User($user, Rights::admin()), new GFC_Namespace('binet')));
$gs = $gf->get();
if ($gs->count() > 0) {
$gs->select(GroupSelect::base());
$r = array();
foreach ($gs as $g) {
$r[$g->name()] = $g->label();
}
if (!empty($r)) {
$response['binets_admin'] = $r;
}
}
}
// Send response
$response = json_encode($response);
$location = Env::s('location');
header('Location: ' . $site . '?location=' . $location . '×tamp=' . $timestamp . '&response=' . $response . '&hash=' . md5($timestamp . $remote->privkey() . $response));
}
