[Sommaire] [Imprimer]

   1  <?php
   2  /*****************************************************
   3  * This file is part of Agora, web based content management system.
   4  *
   5  * Agora is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License as published by
   7  * the Free Software Foundation; version 2 of the License.
   8  *
   9  * Agora is distributed in the hope that it will be useful,
  10  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  * GNU General Public License for more details (file "COPYING").
  13  *
  14  * Copyright © Arnaud Martin, Antoine Pitrou et Philippe Rivière.
  15  * List of authors detailed in "copyright_fr.html" file.
  16  * E-mail : agora@sig.premier-ministre.gouv.fr
  17  * Web site : http://www.agora.gouv.fr
  18  *****************************************************/
  19  /******* Fichier Ajout EXTRANET guillaume.grason@diplomatie.gouv.fr *******/
  20  if (defined("_INC_AUTH_EXTRANET")) return;
  21  define("_INC_AUTH_EXTRANET", "1");
  22  
  23  require_once dirname(__FILE__)."/inc-session.php";
  24  require_once dirname(__FILE__)."/ecrire/include/bd/inc_article_factory.php";
  25  require_once dirname(__FILE__)."/ecrire/include/bd/inc_rubrique_factory.php";
  26  require_once dirname(__FILE__)."/ecrire/include/bd/inc_extranaute_factory.php";
  27  
  28  function auth_ex($rubriqueId) {
  29      global $HTTP_COOKIE_VARS;
  30      global $connect_id_extranaute, $connect_nom_extranaute, $connect_email_extranaute;
  31      global $connect_login_extranaute, $connect_pass_extranaute;
  32      global $extranaute_session;
  33      
  34      if(!$GLOBALS['db_ok'])  {
  35          echo "<p><h4>"._T('titre_probleme_technique')."</h4></p>\n".
  36          "<tt>".$GLOBALS['db_ok']->getMessage()."</tt>";
  37          return false;
  38      }
  39      
  40      // Initialiser variables (eviter hacks par URL)
  41      $auth_login = "";
  42      $auth_pass = "";
  43      $auth_pass_ok = false;
  44      $auth_htaccess = false;
  45  
  46      // Recuperer les donnees d'identification
  47      // Authentification session
  48      if ($cookie_session = $HTTP_COOKIE_VARS['spip_session_ex']) {
  49          if (verifier_session_ex($cookie_session)) {
  50              $auth_login = $extranaute_session['login'];
  51              $auth_pass_ok = true;
  52          }
  53      }
  54  
  55      // Si pas authentifie, demander login / mdp
  56      if (!$auth_login) {
  57          $url = urlencode($_SERVER['REQUEST_URI']);
  58          @header("Location: login_extranet.php?var_url=$url");
  59          exit;
  60      }
  61  
  62      // Chercher le login dans la table extranautes
  63      $auth_login = addslashes($auth_login);
  64      
  65      $extranauteMetier = &recuperer_instance_extranaute();
  66      $allExtranautes = $extranauteMetier->getAllForLogin($auth_login);
  67      if(PEAR::isError($allExtranautes)) {
  68          die($allExtranautes->getMessage());
  69      }
  70      if (list(,$extranauteMetier) = each($allExtranautes)) {
  71          $connect_id_extranaute = $extranauteMetier->getExtranauteId();
  72          $GLOBALS['connect_id_extranaute'] = $connect_id_extranaute;
  73          $connect_nom_extranaute = $extranauteMetier->getNom();
  74          $connect_email_extranaute = $extranauteMetier->getEmail();
  75          $connect_login_extranaute = $extranauteMetier->getLogin();
  76          $connect_pass_extranaute = $extranauteMetier->getPass();
  77  
  78      }
  79      else {
  80          // ici on est dans un cas limite : l'extranaute a ete identifie OK
  81          // mais il n'existe pas dans la table extranaute. Cause possible,
  82          // notamment, une restauration de base de donnees dans laquelle
  83          // il n'existe pas.
  84          include_ecrire ('inc_presentation.php');
  85          include_ecrire ('inc_texte.php');
  86          install_debut_html(_T('avis_erreur_connexion'));
  87          echo "<br /><br /><p>"._T('texte_inc_auth_1', array('auth_login' => $auth_login))
  88                      ." <a href='spip_cookie.php?logout=$auth_login'>"
  89                      ._T('texte_inc_auth_2')."</a>"._T('texte_inc_auth_3').'</p>';
  90          install_fin_html();
  91          exit;
  92      }
  93      
  94      if (!$auth_pass_ok) {
  95          @header("Location: login_extranet.php?var_erreur=pass");
  96          exit;
  97      }
  98      return true;
  99  }
 100  
 101  if (isset($_GET['id_rubrique'])) {
 102      $rubriqueId = (is_numeric($_GET['id_rubrique']) ? $_GET['id_rubrique'] : 0);
 103  }
 104  else {
 105      $articleId = (isset($_GET['id_article']) ? $_GET['id_article'] : 0);
 106      $articleId = (is_numeric($articleId)? $articleId : 0);
 107      if ($articleId > 0) {
 108          $articleMetier = &recuperer_instance_article();
 109          $loadOk = $articleMetier->load($articleId);
 110          if (PEAR::isError($loadOK)) {
 111              die($loadOK->getMessage());
 112          } else {
 113              $rubriqueId = $articleMetier->getRubriqueId();
 114          }
 115      }
 116      else
 117          $rubriqueId = 0;
 118  }
 119  
 120  if ($rubriqueId > 0) {
 121      $rubriqueMetier = &recuperer_instance_rubrique();
 122      if ($rubriqueMetier->isRestricted($rubriqueId)) {
 123          if ($auth = auth_ex($rubriqueId)) {
 124              if (!$rubriqueMetier->isExtranaute($connect_id_extranaute, $rubriqueId)) {
 125                  $url = urlencode($_SERVER['REQUEST_URI']);
 126                  @header("Location: login_extranet.php?var_erreur=no_access&var_url=$url");
 127                  exit;
 128              }
 129          }
 130      }
 131  }
 132  ?>