WebSVN – eFlore/Applications.cel – Diff – /trunk/jrest/lib/Cel.php

+	}
 	protected function verifierSecuriteParametreUrl($param) {
-		//$verifier = array('NULL', "\n", "\r", "\\", "'", '"', "\x00", "\x1a", ';');
-		if (!is_string($param)) return $param;
-		$param = strip_tags($param);
+		//$verifier = array('NULL', "\n", "\r", "\\", "'", '"', "\x00", "\x1a", ';');
-		return $param;
+		return is_string($param) ? strip_tags($param) : $param;
+	}
 			header("Content-Type: $mime");
+		}
 		print $contenu;
+	}
-	private function envoyerAuth($message_accueil, $message_echec) {
+	static function envoyerAuth($message_accueil, $message_echec) {
 		header('HTTP/1.0 401 Unauthorized');
 		header('WWW-Authenticate: Basic realm="'.mb_convert_encoding($message_accueil, 'ISO-8859-1', 'UTF-8').'"');
 		header('Content-type: text/plain; charset=UTF-8');
 		print $message_echec;
-		exit(0);
+		exit;
+	}
+	}
 	//+----------------------------------------------------------------------------------------------------------------+
 	// GESTION DE L'IDENTIFICATION
-	protected function getAuthIdentifiant() {
-		$id = (isset($_SERVER['PHP_AUTH_USER'])) ? $_SERVER['PHP_AUTH_USER'] : null;
+	static function getAuthIdentifiant() {
-		return $id;
+		return isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : null;
 	}
 	protected function getAuthMotDePasse() {
-		$mdp = (isset($_SERVER['PHP_AUTH_PW'])) ? $_SERVER['PHP_AUTH_PW'] : null;
+	static function getAuthMotDePasse() {
-		return $mdp;
+		return isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : null;
+	}
 			"Actualiser la page pour essayer à nouveau si vous êtes déjà inscrit ou contacter 'accueil@tela-botanica.org'.";
 		return $this->authentifier($message_accueil, $message_echec, 'Utilisateur');
+	}
 	public function isAdmin($id) {
-		$admins = $this->config['jrest_admin']['admin'];
-		$admin_tab = explode(',',$admins);
-		if (in_array($id,$admin_tab)) {
-			return true;
-		} else {
-			return false;
 		return in_array($id, explode(',', $this->config['jrest_admin']['admin']));
+	}
-	public function controleUtilisateur($id) {
 	public function controleUtilisateur($id) {
-		if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && $_SESSION['user']['name'] == '') {
+		if (@array_key_exists('name', $_SESSION['user']) && empty($_SESSION['user']['name'])) {
 			//cas de la session temporaire, on ne fait rien de particulier
 		} else {
 			if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && !$this->isAdmin($_SESSION['user']['name']) && $_SESSION['user']['name'] != $id) {
+			}
+		}
+	}
 	public function controleAppelIpAutorisee() {
-		$ips_autorisees = explode(',', $this->config['jrest_admin']['ip_autorisees']);
-		$ip_appelante = $_SERVER['REMOTE_ADDR'];
+		$ips_autorisees = explode(',', @$this->config['jrest_admin']['ip_autorisees']);
-		if(!in_array($ip_appelante, $ips_autorisees) && $ip_appelante != $_SERVER['SERVER_ADDR']) {
+		if(!in_array($_SERVER['REMOTE_ADDR'], $ips_autorisees) && $_SERVER['REMOTE_ADDR'] != $_SERVER['SERVER_ADDR']) {
 			header('HTTP/1.0 401 Unauthorized');
-			echo 'Accès interdit';
-			exit(0);
+			exit('Accès interdit');
+		}
 		return true;
+	}
 		Log::ajouterEntree($index,$chaine);
+	}
-	private function authentifier($message_accueil, $message_echec, $type) {
-		$id = $this->getAuthIdentifiant();
+	private function authentifier($message_accueil, $message_echec, $type) {
+		if (!isset($_SERVER['PHP_AUTH_USER'])) {
+			self::envoyerAuth($message_accueil, $message_echec); // exit
+		}
-		if (!isset($id)) {
+		if ($type == 'Utilisateur' && self::getAuthMotDePasse() == 'debug') {
-			$this->envoyerAuth($message_accueil, $message_echec);
-		} else {
-			if ($type == 'Utilisateur' && $this->getAuthMotDePasse() == 'debug') {
-				$autorisation = true;
+			$autorisation = true;
-			} else {
+		} else {
-				$methodeAutorisation = "etre{$type}Autorise";
-				$autorisation = $this->$methodeAutorisation();
-			}
-			if ($autorisation == false) {
-				$this->envoyerAuth($message_accueil, $message_echec);
+			$methodeAutorisation = "etre{$type}Autorise";
+			$autorisation = $this->$methodeAutorisation();
+		}
+		if ($autorisation == false) {
+			self::envoyerAuth($message_accueil, $message_echec);
+		}
 		return true;
 	}
 	public function etreUtilisateurAutorise() {
-		$identifiant = $this->getAuthIdentifiant();
+		$identifiant = self::getAuthIdentifiant();
-		$mdp = md5($this->getAuthMotDePasse());
+		$mdp = md5(self::getAuthMotDePasse());
 		$service = "TestLoginMdp/$identifiant/$mdp";
 		$url = sprintf($this->config['settings']['baseURLServicesAnnuaireTpl'], $service);
 		$json = $this->getRestClient()->consulter($url);
 		$existe = json_decode($json);
 		$autorisation = (isset($existe) && $existe) ? true :false;
 		return $autorisation;
+	}
 	public function etreAdminAutorise() {
-		$identifiant = $this->getAuthIdentifiant();
-		$autorisation = ($this->etreUtilisateurAutorise() && $this->etreAdminCel($identifiant)) ? true : false;
+		$identifiant = self::getAuthIdentifiant();
-		return $autorisation;
-	}
+		$autorisation = ($this->etreUtilisateurAutorise() && $this->etreAdminCel($identifiant)) ? true : false;
-	public function etreAdminCel($courriel) {
+		return $autorisation;
 		$admins = $this->config['jrest_admin']['admin'];
 		$courriels_autorises = explode(',', $admins);
+		}
 		return $noms;
+	}
 	protected function tronquerCourriel($courriel) {
-		$courriel = preg_replace('/[^@]+$/i', '...', $courriel);
-		return $courriel;
+		return preg_replace('/[^@]+$/i', '...', $courriel);
+	}
 	protected function nettoyerTableau(Array $tableau) {
 		// Ajout systématique d'un point virgule avant la fermeture php
 		$contenu = preg_replace("/;*\s*\?>/", "; ?>", $contenu);
 		return $contenu;
+	}
+}
-?>

Subversion Repositories eFlore/Applications.cel

(root)/trunk/jrest/lib/Cel.php – Rev 1814 → 1869