[platal.git] / htdocs / admin / utilisateurs.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

require_once("xorg.inc.php");
new_admin_page('admin/utilisateurs.tpl');
$page->assign('xorg_title','Polytechnique.org - Administration - Edit/Su/Log');
require_once("emails.inc.php");
require_once("user.func.inc.php");

if (S::has('suid')) {
    $page->kill("d�j� en SUID !!!");
}

if (Env::has('user_id')) {
    $login = get_user_login(Env::getInt('user_id'));
} elseif (Env::has('login')) {
    $login = get_user_login(Env::get('login'));
} else {
    $login = false;
}

if(Env::has('logs_button') && $login) {
    redirect("logger.php?loguser=$login&year=".date('Y')."&month=".date('m'));
}

if (Env::has('ax_button') && $login) {
    redirect("synchro_ax.php?user=$login");
}

if(Env::has('suid_button') && $login) {
    $_SESSION['log']->log("suid_start", "login by ".S::v('forlife'));
    $_SESSION['suid'] = $_SESSION;
    $r = XDB::query("SELECT id FROM aliases WHERE alias={?}", $login);
    if($uid = $r->fetchOneCell()) {
	start_connexion($uid,true);
	redirect("../");
    }
}

if ($login) {
    $r  = XDB::query("SELECT  *, a.alias AS forlife, u.flags AS sexe
                                  FROM  auth_user_md5 AS u
                            INNER JOIN  aliases       AS a ON ( a.id = u.user_id AND a.alias={?} AND type!='homonyme' )", $login);
    $mr = $r->fetchOneAssoc();

    $redirect = new Redirect($mr['user_id']);

    // Check if there was a submission
    foreach($_POST as $key => $val) {
	switch ($key) {
	    case "add_fwd":
		$email = trim(Env::get('email'));
		if (!isvalid_email_redirection($email)) {
                    $page->trig("invalid email $email");
		} else {
                    $redirect->add_email($email);
                    $page->trig("Ajout de $email effectu�");
                }
		break;

	    case "del_fwd":
		if (!empty($val)) {
                    $redirect->delete_email($val);
                }
		break;

	    case "del_alias":
		if (!empty($val)) {
                    XDB::execute("DELETE FROM aliases WHERE id={?} AND alias={?}
                            AND type!='a_vie' AND type!='homonyme'", $mr['user_id'], $val);
                    fix_bestalias($mr['user_id']);
                    $page->trig($val." a �t� supprim�");
                }
		break;
        case "activate_fwd":
        if (!empty($val)) {
            $redirect->modify_one_email($val, true);
        }
        break;
        case "deactivate_fwd":
        if (!empty($val)) {
            $redirect->modify_one_email($val, false);
        }
        break;
	    case "add_alias":
		XDB::execute("INSERT INTO  aliases (id,alias,type) VALUES  ({?}, {?}, 'alias')",
                        $mr['user_id'], Env::get('email'));
		break;

	    case "best":
                // 'bestalias' is the first bit of the set : 1
                // 255 is the max for flags (8 sets max)
		XDB::execute("UPDATE  aliases SET flags= flags & (255 - 1) WHERE id={?}", $mr['user_id']);
		XDB::execute("UPDATE  aliases
                                           SET  flags= flags | 1
                                        WHERE  id={?} AND alias={?}", $mr['user_id'], $val);
		break;


	    // Editer un profil
	    case "u_edit":
            require_once('secure_hash.inc.php');
            $pass_encrypted = Env::get('newpass_clair') != "********" ? hash_encrypt(Env::get('newpass_clair')) : Env::get('passw');
            $naiss = Env::get('naissanceN');
            $perms = Env::get('permsN');
            $prenm = Env::get('prenomN');
            $nom   = Env::get('nomN');
            $promo = Env::getInt('promoN');
            $sexe  = Env::get('sexeN');
            $comm  = Env::get('commentN');

            $query = "UPDATE auth_user_md5 SET
                    naissance = '$naiss',
                    password  = '$pass_encrypted',
                    perms     = '$perms',
                    prenom    = '".addslashes($prenm)."',
                    nom       = '".addslashes($nom)."',
                    flags     = '$sexe',
                    promo     = $promo,
                    comment   = '".addslashes($comm)."'
                WHERE user_id = '{$mr['user_id']}'";
            if (XDB::execute($query)) {
                    user_reindex($mr['user_id']);

                    require_once("diogenes/diogenes.hermes.inc.php");
                    $mailer = new HermesMailer();
                    $mailer->setFrom("webmaster@polytechnique.org");
                    $mailer->addTo("web@polytechnique.org");
                    $mailer->setSubject("INTERVENTION de ".S::v('forlife'));
                    $mailer->setTxtBody(preg_replace("/[ \t]+/", ' ', $query));
                    $mailer->send();

                    $page->trig("updat� correctement.");
                }
                if (Env::get('nomusageN') != $mr['nom_usage']) {
                    require_once('nomusage.inc.php');
                    set_new_usage($mr['user_id'], Env::get('nomusageN'), make_username(Env::get('prenomN'), Env::get('nomusageN')));
                }
                $r  = XDB::query("SELECT  *, a.alias AS forlife, u.flags AS sexe
                                              FROM  auth_user_md5 AS u
                                        INNER JOIN  aliases       AS a ON (u.user_id=a.id)
                                             WHERE  user_id = {?}", $mr['user_id']);
                $mr = $r->fetchOneAssoc();
                break;

            // DELETE FROM auth_user_md5
	    case "u_kill":
		user_clear_all_subs($mr['user_id']);
                $page->trig("'{$mr['user_id']}' a �t� d�sinscrit !");
		require_once("diogenes/diogenes.hermes.inc.php");
		$mailer = new HermesMailer();
		$mailer->setFrom("webmaster@polytechnique.org");
		$mailer->addTo("web@polytechnique.org");
		$mailer->setSubject("INTERVENTION de ".S::v('forlife'));
		$mailer->setTxtBody("\nUtilisateur $login effac�");
		$mailer->send();
		break;
	}
    }

    $res = XDB::query("SELECT  UNIX_TIMESTAMP(start), host
			           FROM  logger.sessions
				  WHERE  uid={?} AND suid=0
			       ORDER BY  start DESC
				  LIMIT  1", $mr['user_id']);
    list($lastlogin,$host) = $res->fetchOneRow();
    $page->assign('lastlogin', $lastlogin);
    $page->assign('host', $host);

    $page->assign('aliases', XDB::iterator(
                "SELECT  alias, type='a_vie' AS for_life,FIND_IN_SET('bestalias',flags) AS best,expire
                   FROM  aliases
                  WHERE  id = {?} AND type!='homonyme'
	       ORDER BY  type!= 'a_vie'", $mr["user_id"]));
    $page->assign('xorgmails', $xorgmails);
    $page->assign('email_panne', $email_panne);    
    $page->assign('emails',$redirect->emails);

    $page->assign('mr',$mr);
}

$page->run();

// vim:set et sws=4 sts=4 sw=4:
?>
Commit	Line	Data
0337d704	1	<?php
0337d704	2	/***************************************************************************
50a40a33	3	* Copyright (C) 2003-2006 Polytechnique.org *
0337d704	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	require_once("xorg.inc.php");
	23	new_admin_page('admin/utilisateurs.tpl');
d9a33f98	24	$page->assign('xorg_title','Polytechnique.org - Administration - Edit/Su/Log');
0337d704	25	require_once("emails.inc.php");
	26	require_once("user.func.inc.php");
	27
cab08090	28	if (S::has('suid')) {
0337d704	29	$page->kill("d�j� en SUID !!!");
	30	}
	31
	32	if (Env::has('user_id')) {
	33	$login = get_user_login(Env::getInt('user_id'));
	34	} elseif (Env::has('login')) {
	35	$login = get_user_login(Env::get('login'));
	36	} else {
	37	$login = false;
	38	}
	39
	40	if(Env::has('logs_button') && $login) {
fa36e526	41	redirect("logger.php?loguser=$login&year=".date('Y')."&month=".date('m'));
0337d704	42	}
	43
	44	if (Env::has('ax_button') && $login) {
fa36e526	45	redirect("synchro_ax.php?user=$login");
0337d704	46	}
	47
	48	if(Env::has('suid_button') && $login) {
cab08090	49	$_SESSION['log']->log("suid_start", "login by ".S::v('forlife'));
0337d704	50	$_SESSION['suid'] = $_SESSION;
08cce2ff	51	$r = XDB::query("SELECT id FROM aliases WHERE alias={?}", $login);
0337d704	52	if($uid = $r->fetchOneCell()) {
0337d704	53	start_connexion($uid,true);
fa36e526	54	redirect("../");
0337d704	55	}
	56	}
	57
	58	if ($login) {
08cce2ff	59	$r = XDB::query("SELECT *, a.alias AS forlife, u.flags AS sexe
0337d704	60	FROM auth_user_md5 AS u
	61	INNER JOIN aliases AS a ON ( a.id = u.user_id AND a.alias={?} AND type!='homonyme' )", $login);
	62	$mr = $r->fetchOneAssoc();
	63
	64	$redirect = new Redirect($mr['user_id']);
	65
	66	// Check if there was a submission
	67	foreach($_POST as $key => $val) {
	68	switch ($key) {
	69	case "add_fwd":
	70	$email = trim(Env::get('email'));
	71	if (!isvalid_email_redirection($email)) {
	72	$page->trig("invalid email $email");
	73	} else {
	74	$redirect->add_email($email);
	75	$page->trig("Ajout de $email effectu�");
	76	}
	77	break;
	78
	79	case "del_fwd":
	80	if (!empty($val)) {
	81	$redirect->delete_email($val);
	82	}
	83	break;
	84
	85	case "del_alias":
	86	if (!empty($val)) {
08cce2ff	87	XDB::execute("DELETE FROM aliases WHERE id={?} AND alias={?}
0337d704	88	AND type!='a_vie' AND type!='homonyme'", $mr['user_id'], $val);
6a5a275b	89	fix_bestalias($mr['user_id']);
0337d704	90	$page->trig($val." a �t� supprim�");
	91	}
	92	break;
8ffa657a	93	case "activate_fwd":
	94	if (!empty($val)) {
	95	$redirect->modify_one_email($val, true);
	96	}
	97	break;
	98	case "deactivate_fwd":
	99	if (!empty($val)) {
	100	$redirect->modify_one_email($val, false);
	101	}
	102	break;
0337d704	103	case "add_alias":
08cce2ff	104	XDB::execute("INSERT INTO aliases (id,alias,type) VALUES ({?}, {?}, 'alias')",
0337d704	105	$mr['user_id'], Env::get('email'));
	106	break;
	107
	108	case "best":
	109	// 'bestalias' is the first bit of the set : 1
	110	// 255 is the max for flags (8 sets max)
08cce2ff	111	XDB::execute("UPDATE aliases SET flags= flags & (255 - 1) WHERE id={?}", $mr['user_id']);
08cce2ff	112	XDB::execute("UPDATE aliases
0337d704	113	SET flags= flags \| 1
	114	WHERE id={?} AND alias={?}", $mr['user_id'], $val);
	115	break;
	116
	117
	118	// Editer un profil
	119	case "u_edit":
46bde4d1	120	require_once('secure_hash.inc.php');
	121	$pass_encrypted = Env::get('newpass_clair') != "********" ? hash_encrypt(Env::get('newpass_clair')) : Env::get('passw');
	122	$naiss = Env::get('naissanceN');
	123	$perms = Env::get('permsN');
	124	$prenm = Env::get('prenomN');
	125	$nom = Env::get('nomN');
	126	$promo = Env::getInt('promoN');
	127	$sexe = Env::get('sexeN');
	128	$comm = Env::get('commentN');
	129
	130	$query = "UPDATE auth_user_md5 SET
	131	naissance = '$naiss',
	132	password = '$pass_encrypted',
	133	perms = '$perms',
	134	prenom = '".addslashes($prenm)."',
	135	nom = '".addslashes($nom)."',
	136	flags = '$sexe',
	137	promo = $promo,
	138	comment = '".addslashes($comm)."'
	139	WHERE user_id = '{$mr['user_id']}'";
08cce2ff	140	if (XDB::execute($query)) {
0337d704	141	user_reindex($mr['user_id']);
	142
	143	require_once("diogenes/diogenes.hermes.inc.php");
	144	$mailer = new HermesMailer();
	145	$mailer->setFrom("webmaster@polytechnique.org");
	146	$mailer->addTo("web@polytechnique.org");
cab08090	147	$mailer->setSubject("INTERVENTION de ".S::v('forlife'));
0337d704	148	$mailer->setTxtBody(preg_replace("/[ \t]+/", ' ', $query));
	149	$mailer->send();
	150
	151	$page->trig("updat� correctement.");
	152	}
	153	if (Env::get('nomusageN') != $mr['nom_usage']) {
	154	require_once('nomusage.inc.php');
	155	set_new_usage($mr['user_id'], Env::get('nomusageN'), make_username(Env::get('prenomN'), Env::get('nomusageN')));
	156	}
08cce2ff	157	$r = XDB::query("SELECT *, a.alias AS forlife, u.flags AS sexe
0337d704	158	FROM auth_user_md5 AS u
	159	INNER JOIN aliases AS a ON (u.user_id=a.id)
	160	WHERE user_id = {?}", $mr['user_id']);
	161	$mr = $r->fetchOneAssoc();
46bde4d1	162	break;
0337d704	163
	164	// DELETE FROM auth_user_md5
	165	case "u_kill":
	166	user_clear_all_subs($mr['user_id']);
	167	$page->trig("'{$mr['user_id']}' a �t� d�sinscrit !");
	168	require_once("diogenes/diogenes.hermes.inc.php");
	169	$mailer = new HermesMailer();
	170	$mailer->setFrom("webmaster@polytechnique.org");
	171	$mailer->addTo("web@polytechnique.org");
cab08090	172	$mailer->setSubject("INTERVENTION de ".S::v('forlife'));
0337d704	173	$mailer->setTxtBody("\nUtilisateur $login effac�");
	174	$mailer->send();
	175	break;
	176	}
	177	}
	178
08cce2ff	179	$res = XDB::query("SELECT UNIX_TIMESTAMP(start), host
0337d704	180	FROM logger.sessions
	181	WHERE uid={?} AND suid=0
	182	ORDER BY start DESC
	183	LIMIT 1", $mr['user_id']);
	184	list($lastlogin,$host) = $res->fetchOneRow();
	185	$page->assign('lastlogin', $lastlogin);
	186	$page->assign('host', $host);
	187
08cce2ff	188	$page->assign('aliases', XDB::iterator(
0337d704	189	"SELECT alias, type='a_vie' AS for_life,FIND_IN_SET('bestalias',flags) AS best,expire
	190	FROM aliases
	191	WHERE id = {?} AND type!='homonyme'
	192	ORDER BY type!= 'a_vie'", $mr["user_id"]));
	193	$page->assign('xorgmails', $xorgmails);
	194	$page->assign('email_panne', $email_panne);
	195	$page->assign('emails',$redirect->emails);
	196
	197	$page->assign('mr',$mr);
	198	}
	199
	200	$page->run();
	201
	202	// vim:set et sws=4 sts=4 sw=4:
	203	?>