can log in cosmogramme with bokeh super admin

f0f0c0bf · Patrick Barroca · db1dd3f4 · f0f0c0bf
Commit f0f0c0bf authored 8 years ago by Patrick Barroca
--- a/cosmogramme/php/_identification.php
+++ b/cosmogramme/php/_identification.php
-<?PHP
+<?php
 /**
 * Copyright (c) 2012, Agence Française Informatique (AFI). All rights reserved.
 *
@@ -19,75 +19,91 @@
 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301  USA
 */

-if(isset($_REQUEST["admin_login"]))
-{
-	$user = trim($_REQUEST["admin_login"]);
-	$passe = trim($_REQUEST["admin_pwd"]);
+if (isset($_REQUEST['admin_login'])) {
+  $user = trim($_REQUEST['admin_login']);
+  $passe = trim($_REQUEST['admin_pwd']);
 }

+function cosmo_auth($user, $passe, $cfg) {
+  xdebug_break();
+  $sgbd_user = getVariable('admin_login');
+  $sgbd_passe = getVariable('admin_pwd');
+
+  if ($user == $sgbd_user && $passe == $cfg['pwd_master'])
+    return 'admin_systeme';
+
+  if ($user == $sgbd_user && $passe == $sgbd_passe )
+    return 'admin_portail';
+
+  if ($user == getVariable('catalog_login') && $passe == getVariable('catalog_pwd'))
+    return 'catalogueur';
+
+  if (($bokeh_user = Class_Users::findFirstBy(['login' => $user, 'password' => $passe]))
+      && $bokeh_user->isSuperAdmin())
+    return 'admin_systeme';
+}
+
+
 // Controle de l'identification
-if( $user )
-{
-	$sgbd_user=getVariable("admin_login");
-	$sgbd_passe=getVariable("admin_pwd");
-	if($user == $sgbd_user and $passe==$cfg["pwd_master"]) $_SESSION["passe"]="admin_systeme";
-	elseif( $user == $sgbd_user And $passe == $sgbd_passe ) $_SESSION["passe"]="admin_portail";
-	elseif($user == getVariable("catalog_login") and $passe == getVariable("catalog_pwd")) $_SESSION["passe"]="catalogueur";
-	if($_SESSION["passe"])
-	{
-		if($mode_cron == true or $mode_web_service== true) return;
-		redirection( URL_BASE );
-	}
+if ($user
+    && ($_SESSION['passe'] = cosmo_auth($user, $passe, $cfg))) {
+  if ($mode_cron || $mode_web_service)
+    return;
+
+  redirection(URL_BASE);
 }

 // Add CG
-if($argc > 1) return true ;
+if ($argc > 1)
+  return true ;

 // Mode web_service on renvoie une erreur
-if($mode_web_service == true)
-{
-	require_once("classe_transaction_opac.php");
-	$transac=new transaction_opac();
-	$transac->erreur("Identification user ou mot de passe incorrect");
+if($mode_web_service) {
+  require_once 'classe_transaction_opac.php';
+  $transac = new transaction_opac();
+  $transac->erreur('Identification user ou mot de passe incorrect');
 }

 // On demande l'identification
-if( !defined("APPLI") ) exit;
+if (!defined('APPLI'))
+  exit;
 ?>
 <html>
 <head>
-	<meta http-equiv="Content-Type" content="text/html;charset="UTF-8">
-	<link rel="stylesheet" type="text/css" media="screen" href="<?PHP print(URL_BASE) ?>css/main.css"/>
-	<link rel="stylesheet" type="text/css" media="screen" href="<?PHP print(URL_BASE) ?>css/form.css"/>
+  <meta http-equiv="Content-Type" content="text/html;charset="UTF-8">
+  <link rel="stylesheet" type="text/css" media="screen" href="<?php print(URL_BASE) ?>css/main.css"/>
+  <link rel="stylesheet" type="text/css" media="screen" href="<?php print(URL_BASE) ?>css/form.css"/>
 </head>
 <body overflow="hidden">
 <div  style="background-color:#f0f2f0" width="100%">
-	<img src="<?PHP print(URL_IMG) ?>banniere.png">
+  <img src="<?php print(URL_IMG) ?>banniere.png">
 </div>
 <br><br><br><br><br><br>
 <center>
 <div class="form" style="width:350px;">
-<form method="post" action="<?PHP print(URL_BASE) ?>index.php">
-	<table class="form" width="100%" align="center">
-		<tr>
-			<th class="form" colspan="2">Identification administrateur du portail</td>
-		</tr>
-		<tr><td class="form">&nbsp;</td></tr>
-		<tr>
-			<td class="form" align="right">Utilisateur</td>
-			<td class="form"><input type="text" name="admin_login"></td>
-		</tr>
-		<tr>
-			<td class="form" align="right" style="height:50px">Mot de passe</td>
-			<td class="form" style="height:50px"><input type="password" name="admin_pwd"></td>
-		</tr>
-		<tr>
-			<th class="form" colspan="2"><input type="submit" class="bouton" value="Valider")</th>
-		</tr>
-	</table>
+<form method="post" action="<?php print(URL_BASE) ?>index.php">
+  <table class="form" width="100%" align="center">
+    <tr>
+      <th class="form" colspan="2">Identification administrateur du portail</td>
+    </tr>
+    <tr><td class="form">&nbsp;</td></tr>
+    <tr>
+      <td class="form" align="right">Utilisateur</td>
+      <td class="form"><input type="text" name="admin_login"></td>
+    </tr>
+    <tr>
+      <td class="form" align="right" style="height:50px">Mot de passe</td>
+      <td class="form" style="height:50px"><input type="password" name="admin_pwd"></td>
+    </tr>
+    <tr>
+      <th class="form" colspan="2"><input type="submit" class="bouton" value="Valider"></th>
+    </tr>
+  </table>
 </form>
 </div>
+</body>
+</html>

-<?PHP
+<?php
 exit;
 ?>