Exemplo n.º 1
0
 private function load_skin()
 {
     global $globals;
     //Force h4ck3s (reloaded)
     /*
     $gf = new GroupFilter((Group::isId('h4ck3s')) ? new GFC_Id('h4ck3s') : new GFC_Name('h4ck3s'));
     $group = $gf->get(true);
     if(!S::user()->hasRights($group, new Rights('member')) && !isSmartphone()){
         S::set('skin', 'default.h4ck3s');
     }
     */
     if (!S::has('skin') || S::v('skin') == "") {
         if (Cookie::has('skin')) {
             $skin = Cookie::v('skin');
         } else {
             $skin = isSmartphone() ? $globals->smartphone_skin : $globals->skin;
         }
         S::set('skin', $skin);
     } else {
         $skin = S::v('skin');
         if (S::v('auth') >= AUTH_COOKIE && Cookie::v('skin') != $skin) {
             Cookie::set('skin', $skin, 300);
         }
     }
     return $skin;
 }
Exemplo n.º 2
0
 function handler_exit($page, $level = null)
 {
     global $globals;
     if (S::has('suid')) {
         Platal::session()->stopSUID();
         pl_redirect('/');
     }
     Platal::session()->destroy();
     http_redirect($globals->baseurl_http);
     $page->changeTpl('exit.tpl');
 }
Exemplo n.º 3
0
 private static function init($type)
 {
     if (Platal::globals()->cacheEnabled() && S::has('__DE_' . $type)) {
         self::$enumerations[$type] = S::v('__DE_' . $type);
     } else {
         $cls = "DE_" . ucfirst($type);
         $obj = new $cls();
         self::$enumerations[$type] = $obj;
         if (Platal::globals()->cacheEnabled() && $obj->capabilities & DirEnumeration::SAVE_IN_SESSION) {
             S::set('__DE_' . $type, $obj);
         }
     }
 }
Exemplo n.º 4
0
 function handler_su($page, $uid = null)
 {
     if (S::has('suid')) {
         $page->kill("Déjà en SUID !!!");
     }
     if ($uid === null) {
         throw new Exception("You forgot to pass the uid you want to impersonate");
     }
     $user = new UserFilter(new UFC_Uid($uid));
     $user = $user->get(true);
     if ($user !== false) {
         $user->select(UserSelect::login());
         if (!Platal::session()->startSUID($user)) {
             $page->trigError('Impossible d\'effectuer un SUID sur ' . $uid);
         } else {
             S::logger()->log('admin/su', array('uid' => $user->id()));
             pl_redirect('home');
         }
     } else {
         throw new Exception("Impossible de faire un SUID sur " . $uid);
     }
 }
Exemplo n.º 5
0
 public function setSkin()
 {
     if (S::logged() && (!S::has('skin') || S::suid())) {
         $res = XDB::query('SELECT  skin_tpl
                              FROM  accounts AS a
                        INNER JOIN  skins    AS s on (a.skin = s.id)
                             WHERE  a.uid = {?} AND skin_tpl != \'\'', S::i('uid'));
         S::set('skin', $res->fetchOneCell());
     }
 }
Exemplo n.º 6
0
 function handler_edit($page, $action = 'show', $qid = 'root')
 {
     $this->load('survey.inc.php');
     $action = Post::v('survey_action', $action);
     $qid = Post::v('survey_qid', $qid);
     if (Post::has('survey_cancel')) {
         // after cancelling changes, shows the survey
         if (S::has('survey')) {
             $action = 'show';
         } else {
             // unless no editing has been done at all (shows to the surveys index page)
             return $this->handler_index($page);
         }
     }
     $page->assign('survey_editmode', true);
     if (S::has('survey_id')) {
         // if 'survey_id' is in session, it means we are modifying a survey in admin mode
         $page->assign('survey_updatemode', true);
     }
     if ($action == 'show' && !S::has('survey')) {
         $action = 'new';
     }
     if ($action == 'question') {
         // {{{ modifies an existing question
         if (Post::has('survey_submit')) {
             // if the form has been submitted, makes the modifications
             $survey = unserialize(S::v('survey'));
             $args = Post::v('survey_question');
             if (!$survey->editQuestion($qid, $args)) {
                 // update the survey object structure
                 return $this->show_error($page, '', 'survey/edit');
             }
             $this->show_survey($page, $survey);
             $this->store_session($survey);
         } else {
             // if a form has not been submitted, shows modification form
             $survey = unserialize(S::v('survey'));
             $current = $survey->toArray($qid);
             // gets the current parameters of the question
             if ($current == null) {
                 return $this->show_error($page, '', 'survey/edit');
             }
             $this->show_form($page, $action, $qid, $current['type'], $current);
         }
         // }}}
     } elseif ($action == 'new') {
         // {{{ create a new survey : actually store the root question
         if (Post::has('survey_submit')) {
             // if the form has been submitted, creates the survey
             $this->clear_session();
             $survey = new Survey(Post::v('survey_question'));
             // creates the object structure
             $this->show_survey($page, $survey);
             $this->store_session($survey);
         } else {
             $this->clear_session();
             $this->show_form($page, $action, 'root', 'newsurvey');
         }
         // }}}
     } elseif ($action == 'add') {
         // {{{ adds a new question
         if (Post::has('survey_submit')) {
             // if the form has been submitted, adds the question
             $survey = unserialize(S::v('survey'));
             if (!$survey->addQuestion($qid, $survey->factory(Post::v('survey_type'), Post::v('survey_question')))) {
                 return $this->show_error($page, '', 'survey/edit');
             }
             $this->show_survey($page, $survey);
             $this->store_session($survey);
         } else {
             $this->show_form($page, $action, $qid);
         }
         // }}}
     } elseif ($action == 'del') {
         // {{{ deletes a question
         if (Post::has('survey_submit')) {
             // if a confirmation has been sent, deletes the question
             $survey = unserialize(S::v('survey'));
             if (!$survey->delQuestion(Post::v('survey_qid'))) {
                 // deletes the node in the survey object structure
                 return $this->show_error($page, '', 'survey/edit');
             }
             $this->show_survey($page, $survey);
             $this->store_session($survey);
         } else {
             // if user has not confirmed, shows a confirmation form
             $survey = unserialize(S::v('survey'));
             $current = $survey->toArray($qid);
             // needed to get the title of the question to delete (more user-friendly than an id)
             if ($current == null) {
                 return $this->show_error($page, '', 'survey/edit');
             }
             $this->show_confirm($page, 'Êtes-vous certain de vouloir supprimer la question intitulé "' . $current['question'] . '" ? ' . 'Attention, cela supprimera en même temps toutes les questions qui dépendent de celle-ci.', 'edit', array('action' => 'del', 'qid' => $qid));
         }
         // }}}
     } elseif ($action == 'show') {
         // {{{ simply shows the survey in its current state
         $this->show_survey($page, unserialize(S::v('survey')));
         // }}}
     } elseif ($action == 'valid') {
         // {{{ validates the proposition, i.e stores the proposition in the database
         // but an admin will still need to validate the survey before it is activated
         if (Post::has('survey_submit')) {
             // needs a confirmation before storing the proposition
             $survey = unserialize(S::v('survey'));
             if (S::has('survey_id')) {
                 // if 'survey_id' is in session, we are modifying an existing survey (in admin mode) instead of proposing a new one
                 $link = S::has('survey_validate') ? 'admin/validate' : 'survey/admin';
                 if ($survey->updateSurvey()) {
                     // updates the database according the new survey object structure
                     $this->show_success($page, "Les modifications sur le sondage ont bien été enregistrées.", $link);
                 } else {
                     $this->show_error($page, '', $link);
                 }
             } else {
                 // if no 'survey_id' is in session, we are indeed proposing a new survey
                 if ($survey->proposeSurvey()) {
                     // stores the survey object structure in database
                     $this->show_success($page, "Votre proposition de sondage a bien été enregistrée,\n                                                    elle est en attente de validation par un administrateur du site.", 'survey');
                 } else {
                     $this->show_error($page, '', 'survey');
                 }
             }
             $this->clear_session();
         } else {
             // asks for a confirmation if it has not been sent
             $survey = unserialize(S::v('survey'));
             $errors = $survey->checkSyntax();
             if (!is_null($errors)) {
                 $this->show_error($page, "", 'survey/edit', $errors);
             } else {
                 if (S::has('survey_id')) {
                     $this->show_confirm($page, "Veuillez confirmer l'enregistrement des modifications apportées à ce sondage.", 'edit', array('action' => 'valid'));
                 } else {
                     $this->show_confirm($page, "Veuillez confirmer l'envoi de cette proposition de sondage.", 'edit', array('action' => 'valid'));
                 }
             }
         }
         // }}}
     } elseif ($action == 'cancel') {
         // {{{ cancels the creation/modification of a survey
         if (Post::has('survey_submit')) {
             // needs a confirmation
             if (S::has('survey_id')) {
                 // only possible when modifying a survey in admin mode
                 if (S::has('survey_validate')) {
                     // if a link has been supplied, uses it
                     $this->clear_session();
                     return $this->show_success($page, "Les modifications effectuées ont été annulées", 'admin/validate');
                 } else {
                     // else shows the admin index
                     $this->clear_session();
                     return $this->handler_admin($page);
                 }
             } else {
                 $this->clear_session();
                 return $this->handler_index($page);
                 // else shows the 'normal' index
             }
         } else {
             // asks for a confirmation if it has not been sent
             $this->show_confirm($page, "Êtes-vous certain de vouloir annuler totalement l'édition de ce sondage ? Attention, " . "toutes les données éditées jusque là seront définitivement perdues.", 'edit', array('action' => $action));
         }
     }
     // }}}
 }
Exemplo n.º 7
0
 public static function getSilentWithValues($login, $values)
 {
     global $globals;
     if ($login == 0) {
         // If the anonymous_user is already in session
         if (S::has('anonymous_user')) {
             return S::v('anonymous_user');
         }
         $uid = IPAddress::getInstance()->is_x_internal() ? $globals->anonymous->internal : $globals->anonymous->external;
         S::set('newuid', $uid);
         try {
             $u = new User($uid);
             $u->select(UserSelect::login());
         } catch (Exception $e) {
             S::kill('newuid');
             throw $e;
         }
         S::kill('newuid');
         S::set('anonymous_user', $u);
         return $u;
     }
     throw new Exception('DEPRECATED call to getSilentWithValues()');
 }
Exemplo n.º 8
0
function gpex_make($chlg, $privkey, $datafields, $charset)
{
    $tohash = "1{$chlg}{$privkey}";
    $params = "";
    $fieldarr = explode(',', $datafields);
    $user =& S::user();
    if ($user->hasProfile()) {
        /* Transition table for authentification. */
        $personnal_data = $user->profile()->data();
        $personnal_data['full_promo'] = $personnal_data['promo'];
        $personnal_data['promo'] = $personnal_data['entry_year'];
        $personnal_data['matricule'] = $personnal_data['xorg_id'];
        $personnal_data['matricule_ax'] = $personnal_data['ax_id'];
        $personnal_data['promo_sortie'] = $personnal_data['grad_year'];
        $personnal_data['nationalite'] = $personnal_data['nationality1'];
        $personnal_data['naissance'] = $personnal_data['birthdate'];
        $personnal_data['deces'] = $personnal_data['deathdate'];
        $personnal_data['nom'] = $personnal_data['lastname'];
        $personnal_data['prenom'] = $personnal_data['firstname'];
        $personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
    } else {
        // Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife
        $personnal_data = array('lastname' => $user->lastname, 'firstname' => $user->firstname, 'sex' => $user->gender);
    }
    foreach ($fieldarr as $val) {
        // Determine the requested value, and add it to the answer.
        if ($val == 'perms') {
            $params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
        } else {
            if ($val == 'forlife') {
                $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
            } else {
                if (S::has($val)) {
                    $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
                } else {
                    if (isset($personnal_data[$val])) {
                        $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
                    } else {
                        if ($val == 'username') {
                            $min_username = XDB::fetchOneCell('SELECT  email
                                                 FROM  email_source_account
                                                WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)', S::i('uid'));
                            $params .= gpex_prepare_param($val, is_null($min_username) ? '' : $min_username, $tohash, $charset);
                        } else {
                            if ($val == 'grpauth') {
                                if (isset($_GET['group'])) {
                                    $res = XDB::query("SELECT  perms\n                                     FROM  group_members\n                               INNER JOIN  groups ON(id = asso_id)\n                                    WHERE  uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']);
                                    $perms = $res->fetchOneCell();
                                } else {
                                    // if no group asked, return main rights
                                    $perms = S::admin() ? 'admin' : 'membre';
                                }
                                $params .= gpex_prepare_param($val, $perms, $tohash, $charset);
                            } else {
                                $params .= gpex_prepare_param($val, '', $tohash, $charset);
                            }
                        }
                    }
                }
            }
        }
    }
    $tohash .= "1";
    $auth = md5($tohash);
    return array($auth, "&auth=" . $auth . $params);
}
Exemplo n.º 9
0
 /** Start a session as user $user
  */
 protected function startSessionAs($user, $level)
 {
     /* Session data and required data mismatch */
     if (!is_null(S::v('user')) && S::v('user')->id() != $user->id() || S::has('uid') && S::i('uid') != $user->id()) {
         return false;
     } else {
         if (S::has('uid')) {
             return true;
         }
     }
     /* If we want to do a SUID */
     if ($level == AUTH_SUID) {
         S::set('auth', AUTH_MDP);
     }
     S::set('user', $user);
     S::set('uid', $user->id());
     if (!isSmartphone()) {
         S::set('skin', $user->skin());
     }
     if (!S::suid()) {
         if (Post::v('remember', 'false') == 'on') {
             $this->setAccessCookie(false);
         }
         S::logger()->saveLastSession();
     } else {
         S::logger()->log("suid_start", S::v('hruid') . ' by ' . S::suid('hruid'));
     }
     // Set session perms from User perms
     S::set('perms', $user->perms());
     /* Clean temp var 'cookie_uid' */
     S::kill('cookie_uid');
     return true;
 }