no récupère le token */ elseif( isset($_SESSION['TOKEN']) && is_string($_SESSION['TOKEN']) ) $AUTH = $_SESSION['TOKEN']; /* (3) Gestion de AUTH en fonction des tokens ---------------------------------------------------------*/ /* (1) Token Authentication: ADMIN */ if( preg_match('/^a([a-f0-9]{128})$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'admin' ]; /* (2) Token Authentication: USER */ elseif( preg_match('/^u([a-f0-9]{128})$/', $AUTH, $match) ) $_SESSION['AUTH'] = [ 'token' => $match[1], 'type' => 'user' ]; /* (2) Aucune authentification */ else{ $_SESSION['TOKEN'] = []; $_SESSION['AUTH'] = []; $_SESSION['USER'] = []; $_SESSION['ADMIN'] = []; } /* (4) On vérifie l'authentification par BDD ---------------------------------------------------------*/ if( !self::deepCheck() ){ $_SESSION['TOKEN'] = []; $_SESSION['AUTH'] = []; $_SESSION['USER'] = []; $_SESSION['ADMIN'] = []; } } /* VERIFICATION DE L'AUTHENTIFICATION * * */ private static function deepCheck(){ /* [1] Si aucune authentification =========================================================*/ if( self::auth_level() == 0 ) return false; /* [2] Si authentification token -> ADMIN =========================================================*/ if( self::auth_level() == 2 ){ /* (1) Fetch admin by token */ $fetched_admin = Repo::request('admin', 'getByToken', $_SESSION['AUTH']['token']); /* (2) If does not exist -> no auth */ if( !is_array($fetched_admin) ) return false; /* (3) Update global admin informations */ $_SESSION['ADMIN'] = [ 'id' => $fetched_admin['id_admin'], 'username' => $fetched_admin['username'], 'mail' => $fetched_admin['mail'] ]; } /* [3] Si authentification token -> USER =========================================================*/ if( self::auth_level() == 1 ){ /* (1) Fetch user by token */ $fetched_user = Repo::request('user', 'getByToken', $_SESSION['AUTH']['token']); /* (2) If does not exist -> no auth */ if( !is_array($fetched_user) ) return false; /* (3) Update global user informations */ $_SESSION['USER'] = [ 'id' => $fetched_user['id_user'], 'username' => $fetched_user['username'], 'mail' => $fetched_user['mail'] ]; } /* [5] Si pas d'erreur d'authentification, on retourne TRUE =========================================================*/ return true; } /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * * @expected Liste de listes de combinaisons de permissions attendues * * @return error Si FALSE, pas la permission, sinon si * */ public static function permission($expected){ $error_propag = []; /* [1] Check format -> if not array of array(s) -> ERROR =========================================================*/ /* (1) If not array -> ERROR */ if( !is_array($expected) ) return new Error(Err::FormatError); /* (2) If not array of array(s) -> ERROR */ foreach($expected as $permissions) if( !is_array($permissions) ) return new Error(Err::FormatError); /* [2] Foreach each set of permission =========================================================*/ foreach($expected as $permission_group){ /* If granted -> don't go further */ $error_propag[] = self::check_permission_group($permission_group); if( $error_propag[count($error_propag)-1]->get() == Err::Success ) return new Error(Err::Success); } /* [3] By default return `PermissionError` =========================================================*/ if( count($error_propag) > 0 ) return $error_propag[count($error_propag)-1]; return new Error(Err::PermissionError); } /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * * @expected Liste des permissions attendues * * @return error Err:: error constants * */ private static function check_permission_group($expected){ /* [1] Gestion de l'AUTH (authentification) =========================================================*/ /* (1) Si entrepot requis, mais manquant ---------------------------------------------------------*/ if( in_array('admin', $expected) && ( self::auth_level() < 2 || !isset($_SESSION['ADMIN']['id']) ) ) return new Error(Err::PermissionError); /* (2) Si admin requis, mais manquant ---------------------------------------------------------*/ if( in_array('user', $expected) && ( self::auth_level() < 1 || !isset($_SESSION['USER']['id']) ) ) return new Error(Err::PermissionError); /* (3) On retire 'admin', et 'user' de @expected ---------------------------------------------------------*/ $adminIndex = array_search('admin', $expected); $userIndex = array_search('user', $expected); if( is_int($adminIndex) ) unset($expected[$adminIndex]); if( is_int($userIndex) ) unset($expected[$userIndex]); /* [2] Gestion des permissions CUSTOM =========================================================*/ /* (1) Vérification de toutes les permissions requises */ foreach($expected as $permission) // Si il manque au minimum une permission, on retourne FALSE if( !in_array($permission, $_SESSION['PERM']) ) return new Error(Err::PermissionError, $permission); /* [4] Si on a toutes les permissions requises =========================================================*/ return new Error(Err::Success); } /* RENVOIE LE NIVEAU D'AUTHENTIFICATION * * @return auth Niveau d'authentification (0 à 2) * */ public static function auth_level(){ /* (1) Not set */ if( !is_array($_SESSION['AUTH']) || !isset($_SESSION['AUTH']['token']) || !isset($_SESSION['AUTH']['type']) ) return 0; /* (2) Admin / User */ return ($_SESSION['AUTH']['type'] == 'admin') ? 2 : 1; } } ?>