[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
    	    'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'       => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'   => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                          => $this->make_hook('webredir',  AUTH_MDP),
            'prefs/skin'  => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),
            'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (S::logged()) {
            pl_redirect('events');
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
        header("Pragma:");
        header("Set-Cookie:");
        header("Cache-Control:");
        header("Expires:");
        header("Content-Type: application/x-x509-ca-cert");
        header("Content-Length: ".strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('platal/changeLog.tpl');

        $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        // url catch only (not all wiki syntax)
        $clog = preg_replace(array(
            '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
            '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
            '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
          array(
            '<a href="\\0">\\0</a>',
            '\\1<a href="http://www.\\2">www.\\2</a>',
            '<a href="mailto:\\0">\\0</a>'),
          $clog);
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $clog = preg_replace('!vim:.*$!', '', $clog);
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   S::v('core_rss_hash'), S::v('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   S::v('uid'));
            S::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes préférences');

        if (Post::has('mail_fmt')) {
            $fmt = Post::v('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     S::v('uid'));
            $_SESSION['mail_fmt'] = $fmt;
        }

        if (Post::has('rss')) {
            $this->__set_rss_state(Post::b('rss'));
        }
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('platal/webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& S::v('log');
        $url = Env::v('url');

        if (Env::v('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, S::v('uid'));
            $log->log('carva_add', 'http://'.Env::v('url'));
            $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
        } elseif (Env::v('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   S::v('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprimée');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    S::v('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activé.");
        }
    }

    function handler_password(&$page)
    {
        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::v('response2');

            XDB::execute('UPDATE  auth_user_md5 
                             SET  password={?}
                           WHERE  user_id={?}', $password,
                           S::v('uid'));

            $log =& S::v('log');
            $log->log('passwd', '');

            if (Cookie::v('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('platal/motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/motdepasse.tpl');
        $page->addJsLink('motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
        
        require_once 'wiki.inc.php';
        wiki_require_page('Xorg.SMTPSécurisé');
        wiki_require_page('Xorg.NNTPSécurisé');

        $uid  = S::v('uid');
        $pass = Env::v('smtppass1');
        $log  = S::v('log');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6 
        &&  Env::v('smtppass1') == Env::v('smtppass2')) 
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistré');
            $log->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprimé');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '') 
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trig('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en espérant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type != 'homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $res = XDB::query("SELECT  COUNT(*)
                                 FROM  emails
                                WHERE  uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
            $count = intval($res->fetchOneCell());
            if ($count == 0) {
                $page->assign('no_addr', true);
                return;
            }

            $page->assign('ok', true);

            $url   = rand_url_id(); 
            XDB::execute('INSERT INTO  perte_pass (certificat,uid,created) 
                               VALUES  ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT  email
                                   FROM  emails
                                  WHERE  uid = {?} AND email = {?}',
                                $uid, Post::v('email'));
            if ($res->numRows()) {
                $mails = $res->fetchOneCell();
            } else {
                $res   = XDB::query('SELECT  email
                                       FROM  emails
                                      WHERE  uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
                $mails = implode(', ', $res->fetchColumn());
            }
            $mymail = new PlMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mails->domain . '>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

-- 
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"

Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new CoreLogger($uid);
            $logger->log('recovery', $mails);
        } else {
            $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::v('response2');
            $logger   = new CoreLogger($uid);
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/motdepasse.tpl');
            $page->addJsLink('motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE auth_user_quick
                             SET skin={?} WHERE user_id={?}',
                         Env::i('newskin'), S::v('uid'));
            S::kill('skin');
            set_skin();
        }

        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (S::has('suid')) {
            $a4l  = S::v('forlife');
            $suid = S::v('suid');
            $log  = S::v('log');
            $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
            $_SESSION = $suid;
            S::kill('suid');
            pl_redirect('admin/user/' . $a4l);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5ddeb07c	3	* Copyright (C) 2003-2007 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
c9178c75	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
dc41059a	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
5de0b7e1	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
bee33d93	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
bee33d93	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
bce2f8eb	48	'prefs/webredirect'
bee33d93	49	=> $this->make_hook('webredir', AUTH_MDP),
bee33d93	50	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	51
4da0b8d7	52	// password related thingies
1a5da857	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
5de0b7e1	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
58abb43b	58	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	59	);
	60	}
	61
c9178c75	62	function handler_index(&$page)
c9178c75	63	{
cab08090	64	if (S::logged()) {
8b00e0e0	65	pl_redirect('events');
c9178c75	66	}
c9178c75	67	}
c9178c75	68
5de0b7e1	69	function handler_cacert(&$page)
5de0b7e1	70	{
ca877168	71	$data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
ca877168	72	header("Pragma:");
dc41059a	73	header("Set-Cookie:");
	74	header("Cache-Control:");
	75	header("Expires:");
	76	header("Content-Type: application/x-x509-ca-cert");
ca877168	77	header("Content-Length: ".strlen($data));
5de0b7e1	78	echo $data;
	79	exit;
	80	}
	81
	82	function handler_changelog(&$page)
	83	{
8b1f8e12	84	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	85
493b6abe	86	$clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
4e95f720	87	// url catch only (not all wiki syntax)
	88	$clog = preg_replace(array(
	89	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	90	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	91	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	92	array(
	93	'<a href="\\0">\\0</a>',
	94	'\\1<a href="http://www.\\2">www.\\2</a>',
	95	'<a href="mailto:\\0">\\0</a>'),
	96	$clog);
5de0b7e1	97	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
9408f155	98	$clog = preg_replace('!vim:.*$!', '', $clog);
5de0b7e1	99	$page->assign('ChangeLog', $clog);
	100	}
	101
7927d719	102	function __set_rss_state($state)
7927d719	103	{
7927d719	104	if ($state) {
7927d719	105	$_SESSION['core_rss_hash'] = rand_url_id(16);
08cce2ff	106	XDB::execute('UPDATE auth_user_quick
7927d719	107	SET core_rss_hash={?} WHERE user_id={?}',
cab08090	108	S::v('core_rss_hash'), S::v('uid'));
7927d719	109	} else {
08cce2ff	110	XDB::execute('UPDATE auth_user_quick
7927d719	111	SET core_rss_hash="" WHERE user_id={?}',
cab08090	112	S::v('uid'));
cab08090	113	S::kill('core_rss_hash');
7927d719	114	}
	115	}
	116
e59506eb	117	function handler_prefs(&$page)
e59506eb	118	{
8b1f8e12	119	$page->changeTpl('platal/preferences.tpl');
a7de4ef7	120	$page->assign('xorg_title','Polytechnique.org - Mes préférences');
e59506eb	121
bee33d93	122	if (Post::has('mail_fmt')) {
5e2307dc	123	$fmt = Post::v('mail_fmt');
e59506eb	124	if ($fmt != 'texte') $fmt = 'html';
08cce2ff	125	XDB::execute("UPDATE auth_user_quick
e59506eb	126	SET core_mail_fmt = '$fmt'
e59506eb	127	WHERE user_id = {?}",
cab08090	128	S::v('uid'));
e59506eb	129	$_SESSION['mail_fmt'] = $fmt;
e59506eb	130	}
e59506eb	131
bee33d93	132	if (Post::has('rss')) {
5e2307dc	133	$this->__set_rss_state(Post::b('rss'));
e59506eb	134	}
e59506eb	135	}
9bae6004	136
bce2f8eb	137	function handler_webredir(&$page)
bce2f8eb	138	{
8b1f8e12	139	$page->changeTpl('platal/webredirect.tpl');
bce2f8eb	140
	141	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	142
cab08090	143	$log =& S::v('log');
5e2307dc	144	$url = Env::v('url');
bce2f8eb	145
5e2307dc	146	if (Env::v('submit') == 'Valider' and Env::has('url')) {
08cce2ff	147	XDB::execute('UPDATE auth_user_quick
bce2f8eb	148	SET redirecturl = {?} WHERE user_id = {?}',
cab08090	149	$url, S::v('uid'));
5e2307dc	150	$log->log('carva_add', 'http://'.Env::v('url'));
a7de4ef7	151	$page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
5e2307dc	152	} elseif (Env::v('submit') == "Supprimer") {
08cce2ff	153	XDB::execute("UPDATE auth_user_quick
bce2f8eb	154	SET redirecturl = ''
bce2f8eb	155	WHERE user_id = {?}",
cab08090	156	S::v('uid'));
bce2f8eb	157	$log->log("carva_del", $url);
bce2f8eb	158	Post::kill('url');
a7de4ef7	159	$page->trig('Redirection supprimée');
bce2f8eb	160	}
bce2f8eb	161
08cce2ff	162	$res = XDB::query('SELECT redirecturl
bce2f8eb	163	FROM auth_user_quick
bce2f8eb	164	WHERE user_id = {?}',
cab08090	165	S::v('uid'));
bce2f8eb	166	$page->assign('carva', $res->fetchOneCell());
bce2f8eb	167	}
bce2f8eb	168
4da0b8d7	169	function handler_prefs_rss(&$page)
7927d719	170	{
8b1f8e12	171	$page->changeTpl('platal/filrss.tpl');
7927d719	172
5e2307dc	173	$page->assign('goback', Env::v('referer', 'login'));
7927d719	174
5e2307dc	175	if (Env::v('act_rss') == 'Activer') {
7927d719	176	$this->__set_rss_state(true);
a7de4ef7	177	$page->trig("Ton Fil RSS est activé.");
7927d719	178	}
7927d719	179	}
7927d719	180
7c77c3ee	181	function handler_password(&$page)
7c77c3ee	182	{
7c77c3ee	183	if (Post::has('response2')) {
	184	require_once 'secure_hash.inc.php';
	185
5e2307dc	186	$_SESSION['password'] = $password = Post::v('response2');
7c77c3ee	187
08cce2ff	188	XDB::execute('UPDATE auth_user_md5
9ffe0e77	189	SET password={?}
	190	WHERE user_id={?}', $password,
	191	S::v('uid'));
7c77c3ee	192
cab08090	193	$log =& S::v('log');
7c77c3ee	194	$log->log('passwd', '');
7c77c3ee	195
5e2307dc	196	if (Cookie::v('ORGaccess')) {
7c77c3ee	197	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	198	}
	199
8b1f8e12	200	$page->changeTpl('platal/motdepasse.success.tpl');
7c77c3ee	201	$page->run();
	202	}
	203
8b1f8e12	204	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	205	$page->addJsLink('motdepasse.js');
7c77c3ee	206	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
7c77c3ee	207	}
7c77c3ee	208
1a5da857	209	function handler_smtppass(&$page)
1a5da857	210	{
8b1f8e12	211	$page->changeTpl('platal/acces_smtp.tpl');
1a5da857	212	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
41e3c724	213
41e3c724	214	require_once 'wiki.inc.php';
a7de4ef7	215	wiki_require_page('Xorg.SMTPSécurisé');
a7de4ef7	216	wiki_require_page('Xorg.NNTPSécurisé');
1a5da857	217
cab08090	218	$uid = S::v('uid');
5e2307dc	219	$pass = Env::v('smtppass1');
cab08090	220	$log = S::v('log');
1a5da857	221
5e2307dc	222	if (Env::v('op') == "Valider" && strlen($pass) >= 6
5e2307dc	223	&& Env::v('smtppass1') == Env::v('smtppass2'))
1a5da857	224	{
08cce2ff	225	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
1a5da857	226	WHERE user_id = {?}', $pass, $uid);
a7de4ef7	227	$page->trig('Mot de passe enregistré');
1a5da857	228	$log->log("passwd_ssl");
5e2307dc	229	} elseif (Env::v('op') == "Supprimer") {
08cce2ff	230	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
1a5da857	231	WHERE user_id = {?}', $uid);
a7de4ef7	232	$page->trig('Compte SMTP et NNTP supprimé');
1a5da857	233	$log->log("passwd_del");
	234	}
	235
08cce2ff	236	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
1a5da857	237	FROM auth_user_md5
	238	WHERE user_id = {?}", $uid);
	239	$page->assign('actif', $res->fetchOneCell());
1a5da857	240	}
1a5da857	241
8858cfc1	242	function handler_recovery(&$page)
	243	{
	244	global $globals;
	245
8b1f8e12	246	$page->changeTpl('platal/recovery.tpl');
8858cfc1	247
8858cfc1	248	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	249	return;
8858cfc1	250	}
8858cfc1	251
5e2307dc	252	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
a7de4ef7	253	$page->trig('Date de naissance incorrecte ou incohérente');
c9110c6c	254	return;
8858cfc1	255	}
c9110c6c	256
c9110c6c	257	$birth = sprintf('%s-%s-%s',
5e2307dc	258	substr(Env::v('birth'), 4, 4),
	259	substr(Env::v('birth'), 2, 2),
	260	substr(Env::v('birth'), 0, 2));
8858cfc1	261
5e2307dc	262	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	263
a7de4ef7	264	// paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
a7de4ef7	265	// avec celle fournie ici en espérant que c'est la bonne
8858cfc1	266
08cce2ff	267	$res = XDB::query(
8858cfc1	268	"SELECT user_id, naissance
8858cfc1	269	FROM auth_user_md5 AS u
3a5c1551	270	INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
8858cfc1	271	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	272	list($uid, $naissance) = $res->fetchOneRow();
	273
	274	if ($naissance == $birth) {
8c28edc9	275	$res = XDB::query("SELECT COUNT(*)
	276	FROM emails
	277	WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
	278	$count = intval($res->fetchOneCell());
	279	if ($count == 0) {
	280	$page->assign('no_addr', true);
	281	return;
	282	}
	283
8858cfc1	284	$page->assign('ok', true);
	285
	286	$url = rand_url_id();
a4d5829b	287	XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
	288	VALUES ({?},{?},NOW())', $url, $uid);
	289	$res = XDB::query('SELECT email
	290	FROM emails
	291	WHERE uid = {?} AND email = {?}',
	292	$uid, Post::v('email'));
	293	if ($res->numRows()) {
	294	$mails = $res->fetchOneCell();
	295	} else {
	296	$res = XDB::query('SELECT email
	297	FROM emails
	298	WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	299	$mails = implode(', ', $res->fetchColumn());
	300	}
1e33266a	301	$mymail = new PlMailer();
d7dd70be	302	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mails->domain . '>');
8858cfc1	303	$mymail->addTo($mails);
	304	$mymail->setSubject('Ton certificat d\'authentification');
	305	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	306	{$globals->baseurl}/tmpPWD/$url
	307
e887e90d	308	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	309
	310	--
	311	Polytechnique.org
a7de4ef7	312	\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
8858cfc1	313
a7de4ef7	314	Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
a4d5829b	315	Adresse de secours : " . Post::v('email') : ""));
8858cfc1	316	$mymail->send();
	317
	318	// on cree un objet logger et on log l'evenement
c4271d38	319	$logger = $_SESSION['log'] = new CoreLogger($uid);
a4d5829b	320	$logger->log('recovery', $mails);
8858cfc1	321	} else {
a7de4ef7	322	$page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
3a5c1551	323	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
8858cfc1	324	}
8858cfc1	325	}
8858cfc1	326
6c49d0af	327	function handler_tmpPWD(&$page, $certif = null)
6c49d0af	328	{
08cce2ff	329	XDB::execute('DELETE FROM perte_pass
6c49d0af	330	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	331
08cce2ff	332	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	333	$ligne = $res->fetchOneAssoc();
6c49d0af	334	if (!$ligne) {
8b1f8e12	335	$page->changeTpl('platal/index.tpl');
6c49d0af	336	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	337	}
	338
	339	$uid = $ligne["uid"];
	340	if (Post::has('response2')) {
5e2307dc	341	$password = Post::v('response2');
c4271d38	342	$logger = new CoreLogger($uid);
08cce2ff	343	XDB::query('UPDATE auth_user_md5 SET password={?}
6c49d0af	344	WHERE user_id={?} AND perms IN("admin","user")',
6c49d0af	345	$password, $uid);
08cce2ff	346	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	347	$logger->log("passwd","");
8b1f8e12	348	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	349	} else {
8b1f8e12	350	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	351	$page->addJsLink('motdepasse.js');
6c49d0af	352	}
6c49d0af	353	}
6c49d0af	354
9bae6004	355	function handler_skin(&$page)
	356	{
	357	global $globals;
	358
8b1f8e12	359	$page->changeTpl('platal/skins.tpl');
9bae6004	360	$page->assign('xorg_title','Polytechnique.org - Skins');
9bae6004	361
a7de4ef7	362	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
08cce2ff	363	XDB::execute('UPDATE auth_user_quick
63528107	364	SET skin={?} WHERE user_id={?}',
5e2307dc	365	Env::i('newskin'), S::v('uid'));
92e6a287	366	S::kill('skin');
9bae6004	367	set_skin();
	368	}
	369
92e6a287	370	$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
	371	$page->assign('skin_id', $res->fetchOneCell());
	372
9bae6004	373	$sql = "SELECT s.,auteur,count() AS nb
	374	FROM skins AS s
	375	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	376	WHERE skin_tpl != '' AND ext != ''
	377	GROUP BY id ORDER BY s.date DESC";
a3afa47c	378	$page->assign('skins', XDB::iterator($sql));
9bae6004	379	}
4da0b8d7	380
5de0b7e1	381	function handler_exit(&$page, $level = null)
5de0b7e1	382	{
cab08090	383	if (S::has('suid')) {
e74411f7	384	$a4l = S::v('forlife');
	385	$suid = S::v('suid');
	386	$log = S::v('log');
	387	$log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
	388	$_SESSION = $suid;
	389	S::kill('suid');
	390	pl_redirect('admin/user/' . $a4l);
5de0b7e1	391	}
	392
	393	if ($level == 'forget' \|\| $level == 'forgetall') {
	394	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	395	Cookie::kill('ORGaccess');
	396	if (isset($_SESSION['log']))
	397	$_SESSION['log']->log("cookie_off");
	398	}
	399
	400	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	401	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	402	Cookie::kill('ORGuid');
	403	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	404	Cookie::kill('ORGdomain');
	405	}
	406
	407	if (isset($_SESSION['log'])) {
	408	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	409	$_SESSION['log']->log('deconnexion',$ref);
	410	}
	411
	412	XorgSession::destroy();
	413
	414	if (Get::has('redirect')) {
5e2307dc	415	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	416	} else {
8b1f8e12	417	$page->changeTpl('platal/exit.tpl');
5de0b7e1	418	}
5de0b7e1	419	}
e59506eb	420	}
e59506eb	421
a7de4ef7	422	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	423	?>