static function hash_password($empr_login = '', $empr_password = '') { global $dbh; global $opac_empr_password_salt; if (!$opac_empr_password_salt) { $salt_base = password::gen_salt_base(); if (!$salt_base) { return false; } } $id_empr = 0; if ($empr_login) { $query = "select id_empr from empr where empr_login='******'"; $result = pmb_mysql_query($query, $dbh); if (pmb_mysql_num_rows($result) == 1) { $id_empr = pmb_mysql_result($result, 0, "id_empr"); } } if ($id_empr) { $rqt = "show tables like 'empr_passwords'"; if (pmb_mysql_num_rows(mysql_query($rqt, $dbh))) { $q = "update empr_passwords set empr_password='******' where id_empr='" . $id_empr . "'"; pmb_mysql_query($q, $dbh); } $q = "update empr set empr_password='******', empr_password_is_encrypted = 1 where empr_login='******'"; pmb_mysql_query($q, $dbh); } }
function connexion_empr() { global $dbh, $msg, $opac_duration_session_auth; global $time_expired, $erreur_session, $login, $password, $encrypted_password; global $auth_ok, $lang, $code, $emprlogin; global $password_key; global $first_log; global $erreur_connexion; global $opac_opac_view_activate, $pmb_opac_view_class, $opac_view_class; global $opac_default_style; //a positionner si authentification exterieure global $ext_auth, $empty_pwd; global $base_path, $class_path; global $cms_build_activate; //a positionner si les vues OPAC sont activées global $include_path; $erreur_connexion = 0; $log_ok = 0; if (!$_SESSION["user_code"]) { if (!get_magic_quotes_gpc()) { $p_login = addslashes($_POST['login']); } else { $p_login = $_POST['login']; } if ($time_expired == 0) { // début if ($time_expired==0) 1 //Si pas de session en cours, vérification du login $verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location, allow_opac \n\t\t\t\t\tFROM empr\n\t\t\t\t\tJOIN empr_statut ON empr_statut=idstatut\n\t\t\t\t\tWHERE empr_login='******'"; $verif_result = pmb_mysql_query($verif_query); // récupération des valeurs MySQL du lecteur et injection dans les variables while ($verif_line = pmb_mysql_fetch_array($verif_result)) { $verif_empr_cb = $verif_line['empr_cb']; $verif_empr_login = $verif_line['empr_login']; $verif_empr_ldap = $verif_line['empr_ldap']; $verif_empr_password = $verif_line['empr_password']; $verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR"; $verif_id_empr = $verif_line['id_empr']; $verif_isexp = $verif_line['isexp']; $verif_opac = $verif_line['allow_opac']; $empr_location = $verif_line['empr_location']; } $auth_ok = 0; if ($verif_opac) { if (!$encrypted_password) { $encrypted_password = password::gen_hash($password, $verif_id_empr); } if ($ext_auth) { $auth_ok = $ext_auth; } elseif ($code) { $auth_ok = connexion_auto(); } elseif ($password_key) { $auth_ok = connexion_unique(); } elseif ($verif_empr_ldap) { $auth_ok = auth_ldap($p_login, $password); } else { $auth_ok = ($empty_pwd || !$empty_pwd && $verif_empr_password) && $verif_empr_password == stripslashes($encrypted_password) && $verif_empr_login != ""; } //auth standard } if ($auth_ok) { // début if ($auth_ok) 1 //Si mot de passe correct, enregistrement dans la session de l'utilisateur startSession("PmbOpac", $verif_empr_login); $log_ok = 1; if ($_SESSION["cms_build_activate"]) { $cms_build_activate = 1; } if ($_SESSION["build_id_version"]) { $build_id_version = $_SESSION["build_id_version"]; } //Récupération de l'environnement précédent $requete = "select session from opac_sessions where empr_id=" . $verif_id_empr; $res_session = pmb_mysql_query($requete); if (@pmb_mysql_num_rows($res_session)) { $temp_session = unserialize(pmb_mysql_result($res_session, 0, 0)); $_SESSION = $temp_session; } else { $_SESSION = array(); } $_SESSION["cms_build_activate"] = $cms_build_activate; $_SESSION["build_id_version"] = $build_id_version; if (!$code) { $_SESSION["connexion_empr_auto"] = 0; } $_SESSION["user_code"] = $verif_empr_login; $_SESSION["id_empr_session"] = $verif_id_empr; $_SESSION["connect_time"] = time(); $_SESSION["lang"] = $verif_lang; $_SESSION["empr_location"] = $empr_location; $req = "select location_libelle from docs_location where idlocation='" . $_SESSION["empr_location"] . "'"; $_SESSION["empr_location_libelle"] = pmb_mysql_result(pmb_mysql_query($req, $dbh), 0, 0); // change language and charset after login $lang = $_SESSION["lang"]; set_language($lang); if (!$verif_isexp) { recupere_pref_droits($_SESSION["user_code"]); $_SESSION["user_expired"] = $verif_isexp; } else { recupere_pref_droits($_SESSION["user_code"], 1); $_SESSION["user_expired"] = $verif_isexp; echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>"; $erreur_connexion = 1; } if ($opac_opac_view_activate) { $_SESSION["opac_view"] = 0; $_SESSION['opac_view_query'] = 0; if (!$pmb_opac_view_class) { $pmb_opac_view_class = "opac_view"; } require_once $base_path . "/classes/" . $pmb_opac_view_class . ".class.php"; $opac_view_class = new $pmb_opac_view_class($_SESSION["opac_view"], $_SESSION["id_empr_session"]); if ($opac_view_class->id) { $opac_view_class->set_parameters(); $opac_view_filter_class = $opac_view_class->opac_filters; $_SESSION["opac_view"] = $opac_view_class->id; if (!$opac_view_class->opac_view_wo_query) { $_SESSION['opac_view_query'] = 1; } } else { $_SESSION["opac_view"] = 0; } $css = $_SESSION["css"] = $opac_default_style; } $first_log = true; } else { //Sinon, on détruit la session créée if ($_SESSION["cms_build_activate"]) { $cms_build_activate = 1; } if ($_SESSION["build_id_version"]) { $build_id_version = $_SESSION["build_id_version"]; } @session_destroy(); if ($cms_build_activate) { session_start(); $_SESSION["cms_build_activate"] = $cms_build_activate; $_SESSION["build_id_version"] = $build_id_version; } if (!$encrypted_password) { $encrypted_password = password::gen_hash($password, $verif_id_empr); } if ($verif_empr_password != stripslashes($encrypted_password) || $verif_empr_login == "" || $verif_empr_ldap || $code) { // la saisie du mot de passe ou du login est incorrect ou erreur de connexion avec le ldap $erreur_session = $empr_erreur_header; $erreur_session .= $msg["empr_type_card_number"] . "<br />"; $erreur_session .= $empr_erreur_footer; $erreur_connexion = 3; } elseif ($verif_isexp) { //Si l'abonnement est expiré echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>"; $erreur_connexion = 1; } elseif (!$verif_opac) { //Si la connexion à l'opac est interdite echo "<script>alert(\"" . $msg["empr_connexion_interdite"] . "\");</script>"; $erreur_connexion = 2; } else { // Autre cas au cas où... $erreur_session = $empr_erreur_header; $erreur_session .= $msg["empr_type_card_number"] . "<br />"; $erreur_session .= $empr_erreur_footer; $erreur_connexion = 3; } $log_ok = 0; $time_expired = 0; } // fin if ($auth_ok) 1 } else { // la session a expiré, on va le lui dire echo "<script>alert(\"" . sprintf($msg["session_expired"], round($opac_duration_session_auth / 60)) . "\");</script>"; } } else { //Si session en cours, pas de problème... $log_ok = 1; $login = $_SESSION["user_code"]; if ($_SESSION["user_expired"]) { recupere_pref_droits($login, 1); } else { recupere_pref_droits($login); } if (!$code) { $_SESSION["connexion_empr_auto"] = 0; } } // pour visualiser une notice issue de DSI avec une connexion auto if ($_SESSION["connexion_empr_auto"] && $log_ok) { global $connexion_empr_auto, $tab, $lvl; $connexion_empr_auto = 1; if (!$code) { if (!$tab) { $tab = "dsi"; } if (!$lvl) { $lvl = "bannette"; } } } return $log_ok; }
function check_auth(&$empr_login, &$empr_password, &$empr_id) { //grassement copié de opac_css/includes/empr_func.inc.php global $dbh, $verif_empr_ldap; global $charset; if ($this->proxy_parent->input_charset != 'utf-8' && $charset == 'utf-8') { $empr_login = utf8_encode($empr_login); $empr_password = utf8_encode($empr_password); } else { if ($this->proxy_parent->input_charset == 'utf-8' && $charset != 'utf-8') { $empr_login = utf8_decode($empr_login); $empr_password = utf8_decode($empr_password); } } $verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location \n\t\t\t\t\t\tFROM empr \n\t\t\t\t\t\tWHERE empr_login='******'"; $verif_result = pmb_mysql_query($verif_query); if (!$verif_result) { return 0; } // récupération des valeurs MySQL du lecteur et injection dans les variables $verif_line = pmb_mysql_fetch_array($verif_result); $verif_empr_cb = $verif_line['empr_cb']; $verif_empr_login = $verif_line['empr_login']; $verif_empr_ldap = $verif_line['empr_ldap']; $verif_empr_password = $verif_line['empr_password']; $verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR"; $verif_id_empr = $verif_line['id_empr']; $empr_id = $verif_id_empr; $verif_isexp = $verif_line['isexp']; $empr_location = $verif_line['empr_location']; global $base_path, $class_path; if (file_exists($base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php")) { require_once $base_path . "/external_services/pmbesOPACEmpr/external_auth.class.php"; $external_auth = new external_auth(); $check = $external_auth->check_auth($empr_login, $empr_password); if ($check) { return true; } else { if (!$external_auth->normal_auth) { return false; } } } if ($verif_empr_ldap) { //Authentification par LDAP global $ldap_server, $ldap_basedn, $ldap_port, $ldap_proto, $ldap_binddn, $ldap_encoding_utf8; define('LDAP_SERVER', $ldap_server); //url server ldap define('LDAP_BASEDN', $ldap_basedn); //search base define('LDAP_PORT', $ldap_port); //port define('LDAP_PROTO', $ldap_proto); //protocollo define('LDAP_BINDDN', $ldap_binddn); global $ldap_accessible; if (!$ldap_accessible) { return 0; } $ret = 0; if ($pwd) { //Gestion encodage if ($ldap_encoding_utf8 && $charset != "utf-8") { $uid = utf8_encode($uid); $pwd = utf8_encode($pwd); } elseif (!$ldap_encoding_utf8 && $charset == "utf-8") { $uid = utf8_decode($uid); $pwd = utf8_decode($pwd); } $dn = str_replace('UID', $uid, LDAP_BINDDN); $conn = @ldap_connect(LDAP_SERVER, LDAP_PORT); // must be a valid LDAP server! ldap_set_option($conn, LDAP_OPT_PROTOCOL_VERSION, LDAP_PROTO); if ($conn) { $ret = @ldap_bind($conn, $dn, $pwd); ldap_close($conn); } } return $ret; } else { //Autentification standard $encrypted_password = password::gen_hash($empr_password, $verif_id_empr); return $verif_empr_password == $encrypted_password && $verif_empr_login != "" && !$verif_isexp; } }