projects / platal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge branch 'xorg/maint' into xorg/master
[platal.git] / modules / platal.php
CommitLineData
e59506eb 1<?php
2/***************************************************************************
5e1513f6 3 * Copyright (C) 2003-2011 Polytechnique.org *
e59506eb 4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
5de0b7e1 22function bugize($list)
23{
bd5dad64 24 $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1 25 $ans = array();
26
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
30 }
31
32 return join(',', $ans);
33}
34
35
e59506eb 36class PlatalModule extends PLModule
37{
38 function handlers()
39 {
40 return array(
bfe9f4c7
SJ		 41 'index' => $this->make_hook('index', AUTH_PUBLIC),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1 44
4da0b8d7 45 // Preferences thingies
bfe9f4c7
SJ		 46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
48 'prefs/webredirect' => $this->make_hook('webredir', AUTH_PASSWD, 'mail'),
49 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
40279e62 50 'prefs/email' => $this->make_hook('prefs_email', AUTH_COOKIE, 'mail'),
4da0b8d7 51
52 // password related thingies
bfe9f4c7
SJ		 53 'password' => $this->make_hook('password', AUTH_PASSWD, 'user,groups'),
54 'password/smtp' => $this->make_hook('smtppass', AUTH_PASSWD, 'mail'),
55 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
a88f005d
RB		 57 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
58 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
bfe9f4c7
SJ		 59 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
60 'review' => $this->make_hook('review', AUTH_PUBLIC),
61 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb 62 );
63 }
64
26ba053e 65 function handler_index($page)
c9178c75 66 {
ab66bf7f 67 // Include X-XRDS-Location response-header for Yadis discovery
78507d96 68 global $globals;
34d91db6 69 header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f
AA		 70
71 // Redirect to the suitable page
cab08090 72 if (S::logged()) {
8b00e0e0 73 pl_redirect('events');
ddb64990 74 } else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a 75 $this->handler_review($page);
c9178c75 76 }
c9178c75 77 }
78
26ba053e 79 function handler_cacert($page)
5de0b7e1 80 {
3cb500d5
VZ		 81 pl_cached_content_headers("application/x-x509-ca-cert");
82 readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1 83 exit;
84 }
85
26ba053e 86 function handler_changelog($page, $core = null)
5de0b7e1 87 {
8b1f8e12 88 $page->changeTpl('platal/changeLog.tpl');
5de0b7e1 89
78d4079a
FB		 90 function formatChangeLog($file) {
91 $clog = pl_entities(file_get_contents($file));
92 $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
93 // url catch only (not all wiki syntax)
94 $clog = preg_replace(array(
95 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
96 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
97 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
98 array(
99 '<a href="\\0">\\0</a>',
100 '\\1<a href="http://www.\\2">www.\\2</a>',
101 '<a href="mailto:\\0">\\0</a>'),
102 $clog);
2bb9e576 103 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
78d4079a
FB		 104 $clog = preg_replace('!vim:.*$!', '', $clog);
105 return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
106 }
107 if ($core != 'core') {
108 $page->assign('core', false);
109 $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
110 } else {
111 $page->assign('core', true);
112 $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
113 }
5de0b7e1 114 }
115
7927d719 116 function __set_rss_state($state)
117 {
7927d719 118 if ($state) {
19be891e
FB		 119 if (!S::user()->token) {
120 S::user()->token = rand_url_id(16);
121 S::set('token', S::user()->token);
122 XDB::execute('UPDATE accounts
123 SET token = {?}
124 WHERE uid = {?}', S::user()->token, S::i('uid'));
125 }
7927d719 126 } else {
31e01c97 127 S::kill('token');
19be891e 128 S::user()->token = null;
31e01c97
FB		 129 XDB::execute('UPDATE accounts
130 SET token = NULL
131 WHERE uid = {?}', S::i('uid'));
7927d719 132 }
133 }
134
26ba053e 135 function handler_prefs($page)
e59506eb 136 {
8b1f8e12 137 $page->changeTpl('platal/preferences.tpl');
46f272fe 138 $page->setTitle('Mes préférences');
e59506eb 139
31e01c97 140 if (Post::has('email_format')) {
19be891e 141 S::assert_xsrf_token();
31e01c97 142 $fmt = Post::s('email_format');
8d308ee4 143 S::user()->setEmailFormat($fmt);
e59506eb 144 }
145
bee33d93 146 if (Post::has('rss')) {
19be891e
FB		 147 S::assert_xsrf_token();
148 $this->__set_rss_state(Post::s('rss') == 'on');
e59506eb 149 }
e59506eb 150 }
9bae6004 151
26ba053e 152 function handler_webredir($page)
bce2f8eb 153 {
8b1f8e12 154 $page->changeTpl('platal/webredirect.tpl');
46f272fe 155 $page->setTitle('Redirection de page WEB');
bce2f8eb 156
c1e98576
FB		 157 if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
158 if (Env::blank('url')) {
159 $page->trigError('URL invalide');
160 } else {
161 $url = Env::t('url');
00ba8a74
SJ		 162 XDB::execute('INSERT INTO carvas (uid, url)
163 VALUES ({?}, {?})
164 ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576
FB		 165 S::i('uid'), $url);
166 S::logger()->log('carva_add', 'http://' . $url);
167 $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
168 }
169 } elseif (Env::v('submit') == 'Supprimer') {
170 XDB::execute('DELETE FROM carvas
171 WHERE uid = {?}', S::i('uid'));
bce2f8eb 172 Post::kill('url');
c1e98576 173 S::logger()->log('carva_del');
a7d35093 174 $page->trigSuccess('Redirection supprimée');
bce2f8eb 175 }
176
c1e98576
FB		 177 $url = XDB::fetchOneCell('SELECT url
178 FROM carvas
179 WHERE uid = {?}', S::i('uid'));
180 $page->assign('carva', $url);
e67b4436
VZ		 181
182 # FIXME: this code is not multi-domain compatible. We should decide how
183 # carva will extend to users not in the main domain.
c0436d0b
SJ		 184 $best = XDB::fetchOneCell('SELECT email
185 FROM email_source_account
186 WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
187 S::user()->id());
188 $page->assign('bestalias', $best);
bce2f8eb 189 }
190
26ba053e 191 function handler_prefs_rss($page)
7927d719 192 {
8b1f8e12 193 $page->changeTpl('platal/filrss.tpl');
7927d719 194
5e2307dc 195 $page->assign('goback', Env::v('referer', 'login'));
7927d719 196
5e2307dc 197 if (Env::v('act_rss') == 'Activer') {
7927d719 198 $this->__set_rss_state(true);
a7d35093 199 $page->trigSuccess("Ton Fil RSS est activé.");
7927d719 200 }
7927d719 201 }
202
40279e62
SJ		 203 function handler_prefs_email($page)
204 {
205 $page->changeTpl('platal/email_preferences.tpl');
206
207 if (Post::has('submit')) {
208 S::assert_xsrf_token();
209
210 $from_email = Post::t('from_email');
211 $from_format = Post::v('from_format');
212
213 // Checks email.
214 $email_regex = '/^[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+$/i';
215 if (!preg_match($email_regex, $from_email)) {
216 $full_regex = '/^[^<]*<[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+>$/i';
217 if (!preg_match($full_regex, $from_email)) {
218 $page->trigError("L'adresse email est erronée.");
219 $error = true;
220 $page->assign('from_email', $from_email);
221 $page->assign('from_format', $from_format);
222 $page->assign('error', true);
223 return;
224 }
225 }
226
227 // Saves data.
228 XDB::execute('UPDATE accounts
229 SET from_email = {?}, from_format = {?}
230 WHERE uid = {?}',
231 $from_email, ($from_format == 'html' ? 'html' : 'text'), S::user()->id());
232 $page->trigSuccess('Données enregistrées.');
233 }
234
235 $data = XDB::fetchOneAssoc('SELECT from_email, from_format
236 FROM accounts
237 WHERE uid = {?}',
238 S::user()->id());
239 $page->assign('from_email', $data['from_email']);
240 $page->assign('from_format', $data['from_format']);
241 $page->assign('error', false);
242 }
243
26ba053e 244 function handler_password($page)
7c77c3ee 245 {
84270653
VZ		 246 global $globals;
247
81b5a6c9 248 if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8 249 S::assert_xsrf_token();
7c77c3ee 250
81b5a6c9 251 S::set('password', $password = Post::t('pwhash'));
31e01c97
FB		 252 XDB::execute('UPDATE accounts
253 SET password = {?}
254 WHERE uid={?}', $password,
255 S::i('uid'));
7c77c3ee 256
84270653
VZ		 257 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
258 // updates the Google Apps password as well.
259 if ($globals->mailstorage->googleapps_domain) {
260 require_once 'googleapps.inc.php';
d56cb887 261 $account = new GoogleAppsAccount(S::user());
f5c4bf30 262 if ($account->active() && $account->sync_password) {
84270653
VZ		 263 $account->set_password($password);
264 }
265 }
266
604dfd58
FB		 267 S::logger()->log('passwd');
268 Platal::session()->setAccessCookie(true);
7c77c3ee 269
4baa7323 270 $page->changeTpl('platal/password.success.tpl');
7c77c3ee 271 $page->run();
272 }
273
4baa7323 274 $page->changeTpl('platal/password.tpl');
46f272fe 275 $page->setTitle('Mon mot de passe');
a9ec9298 276 $page->assign('do_auth', 0);
7c77c3ee 277 }
278
26ba053e 279 function handler_smtppass($page)
1a5da857 280 {
8b1f8e12 281 $page->changeTpl('platal/acces_smtp.tpl');
46f272fe 282 $page->setTitle('Acces SMTP/NNTP');
eaf30d86 283
8f201b69
FB		 284 $wp = new PlWikiPage('Xorg.SMTPSécurisé');
285 $wp->buildCache();
286 $wp = new PlWikiPage('Xorg.NNTPSécurisé');
287 $wp->buildCache();
1a5da857 288
31e01c97 289 $uid = S::i('uid');
5e2307dc 290 $pass = Env::v('smtppass1');
1a5da857 291
eaf30d86 292 if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97 293 && Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d
FB		 294 XDB::execute('UPDATE accounts
295 SET weak_password = {?}
296 WHERE uid = {?}', $pass, $uid);
a7d35093 297 $page->trigSuccess('Mot de passe enregistré');
732e5855 298 S::logger()->log("passwd_ssl");
5e2307dc 299 } elseif (Env::v('op') == "Supprimer") {
0511895d
FB		 300 XDB::execute('UPDATE accounts
301 SET weak_password = NULL
302 WHERE uid = {?}', $uid);
a7d35093 303 $page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855 304 S::logger()->log("passwd_del");
1a5da857 305 }
306
0511895d
FB		 307 $res = XDB::query("SELECT weak_password IS NOT NULL
308 FROM accounts
309 WHERE uid = {?}", $uid);
1a5da857 310 $page->assign('actif', $res->fetchOneCell());
1a5da857 311 }
312
26ba053e 313 function handler_recovery($page)
8858cfc1 314 {
315 global $globals;
316
8b1f8e12 317 $page->changeTpl('platal/recovery.tpl');
8858cfc1 318
319 if (!Env::has('login') || !Env::has('birth')) {
fd8f77de 320 return;
8858cfc1 321 }
322
cf5cf754 323 if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
a7d35093 324 $page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c 325 return;
8858cfc1 326 }
c9110c6c 327
328 $birth = sprintf('%s-%s-%s',
5e2307dc 329 substr(Env::v('birth'), 4, 4),
330 substr(Env::v('birth'), 2, 2),
331 substr(Env::v('birth'), 0, 2));
8858cfc1 332
5e2307dc 333 $mailorg = strtok(Env::v('login'), '@');
8858cfc1 334
6846791e
FB		 335 $profile = Profile::get(Env::t('login'));
336 if (is_null($profile) || $profile->birthdate != $birth) {
337 $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
338 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
339 return;
340 }
8c28edc9 341
6846791e
FB		 342 $user = $profile->owner();
343 if ($user->state != 'active') {
344 $page->trigError('Ton compte n\'est pas activé.');
345 return;
346 }
347
c0436d0b 348 if ($user->lost) {
6846791e
FB		 349 $page->assign('no_addr', true);
350 return;
351 }
8858cfc1 352
6846791e
FB		 353 $page->assign('ok', true);
354
c0436d0b 355 $url = rand_url_id();
06f4daf9 356 XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e 357 VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b
SJ		 358 $to = XDB::fetchOneCell('SELECT redirect
359 FROM email_redirect_account
360 WHERE uid = {?} AND redirect = {?}',
361 $user->id(), Post::t('email'));
362 if (is_null($to)) {
363 $emails = XDB::fetchColumn('SELECT redirect
364 FROM email_redirect_account
365 WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
366 $user->id());
367 $inactives_to = implode(', ', $emails);
6846791e
FB		 368 }
369 $mymail = new PlMailer();
370 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b
SJ		 371 if (is_null($to)) {
372 $mymail->addTo($user);
373 $mymail->addTo($inactives_to);
374 } else {
375 $mymail->addTo($to);
376 }
e46cf8c4 377 $mymail->setSubject("Ton certificat d'authentification");
6846791e 378 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1 379{$globals->baseurl}/tmpPWD/$url
380
e887e90d 381Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1 382
eaf30d86 383--
8858cfc1 384Polytechnique.org
3bf63218 385\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1 386
471882e8
SJ		 387Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
388Adresse de secours : ' . $to));
6846791e 389 $mymail->send();
8858cfc1 390
97a05304 391 S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
8858cfc1 392 }
393
a88f005d
RB		 394 function handler_recovery_ext($page)
395 {
396 $page->changeTpl('xnet/recovery.tpl');
397
398 if (!Post::has('login')) {
399 return;
400 }
401
402 $user = User::getSilent(Post::t('login'));
403 if (is_null($user)) {
404 $page->trigError('Le compte n\'existe pas.');
405 return;
406 }
407 if ($user->state != 'active') {
408 $page->trigError('Ton compte n\'est pas activé.');
409 return;
410 }
411
412 $page->assign('ok', true);
413
414 $hash = rand_url_id();
415 XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
416 VALUES ({?}, NOW(), {?})',
417 $user->id(), $hash);
418
23906784 419 $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
1bbba0f6 420 $mymail->setTo($user);
23906784
RB		 421 $mymail->assign('hash', $hash);
422 $mymail->assign('email', Post::t('login'));
a88f005d
RB		 423 $mymail->send();
424
425 S::logger($user->id())->log('recovery', $user->bestEmail());
426 }
427
26ba053e 428 function handler_tmpPWD($page, $certif = null)
6c49d0af 429 {
84270653 430 global $globals;
06f4daf9 431 XDB::execute('DELETE FROM account_lost_passwords
31e01c97 432 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af 433
81b5a6c9 434 if (Post::has('pwhash') && Post::t('pwhash')) {
aba13e87
SJ		 435 $uid = XDB::fetchOneCell('SELECT uid
436 FROM accounts
437 WHERE hruid = {?}',
438 Post::t('username'));
81b5a6c9 439 $password = Post::t('pwhash');
31e01c97 440 XDB::query('UPDATE accounts
aba13e87 441 SET password = {?}
31e01c97
FB		 442 WHERE uid = {?} AND state = \'active\'',
443 $password, $uid);
06f4daf9 444 XDB::query('DELETE FROM account_lost_passwords
aba13e87 445 WHERE certificat = {?}', $certif);
84270653
VZ		 446
447 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
448 // updates the Google Apps password as well.
449 if ($globals->mailstorage->googleapps_domain) {
450 require_once 'googleapps.inc.php';
d56cb887 451 $account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30 452 if ($account->active() && $account->sync_password) {
84270653
VZ		 453 $account->set_password($password);
454 }
455 }
456
cf40e1ae 457 S::logger($uid)->log("passwd", "");
30439e34
SJ		 458
459 // Try to start a session (so the user don't have to log in); we will use
460 // the password available in Post:: to authenticate the user.
bfe9f4c7 461 Platal::session()->start(AUTH_PASSWD);
30439e34 462
8b1f8e12 463 $page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af 464 } else {
aba13e87
SJ		 465 $res = XDB::query('SELECT uid
466 FROM account_lost_passwords
467 WHERE certificat = {?}', $certif);
468 $ligne = $res->fetchOneAssoc();
469 if (!$ligne) {
470 $page->changeTpl('platal/index.tpl');
471 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
472 }
473
30439e34
SJ		 474 $hruid = XDB::fetchOneCell('SELECT hruid
475 FROM accounts
476 WHERE uid = {?}',
aba13e87 477 $ligne['uid']);
4baa7323 478 $page->changeTpl('platal/password.tpl');
30439e34 479 $page->assign('hruid', $hruid);
a9ec9298 480 $page->assign('do_auth', 1);
6c49d0af 481 }
6c49d0af 482 }
483
a88f005d
RB		 484 function handler_register_ext($page, $hash = null)
485 {
486 XDB::execute('DELETE FROM register_pending_xnet
487 WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
23906784 488 $res = XDB::fetchOneAssoc('SELECT uid, hruid, email
a88f005d
RB		 489 FROM register_pending_xnet
490 WHERE hash = {?}',
491 $hash);
492
493 if (is_null($hash) || is_null($res)) {
494 $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
495 }
496
497 if (Post::has('pwhash') && Post::t('pwhash')) {
23906784 498 XDB::startTransaction();
a88f005d
RB		 499 XDB::query('UPDATE accounts
500 SET password = {?}, state = \'active\', registration_date = NOW()
501 WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
502 Post::t('pwhash'), $res['uid']);
503 XDB::query('DELETE FROM register_pending_xnet
504 WHERE uid = {?}',
23906784
RB		 505 $res['uid']);
506 XDB::commit();
a88f005d
RB		 507
508 S::logger($res['uid'])->log('passwd', '');
509
510 // Try to start a session (so the user don't have to log in); we will use
511 // the password available in Post:: to authenticate the user.
512 Post::kill('wait');
513 Platal::session()->startAvailableAuth();
514
515 $page->changeTpl('xnet/register.success.tpl');
516 $page->assign('email', $res['email']);
517 } else {
518 $page->changeTpl('platal/password.tpl');
519 $page->assign('xnet', true);
520 $page->assign('hruid', $res['hruid']);
521 $page->assign('do_auth', 1);
522 }
523 }
524
26ba053e 525 function handler_skin($page)
9bae6004 526 {
527 global $globals;
528
8b1f8e12 529 $page->changeTpl('platal/skins.tpl');
46f272fe 530 $page->setTitle('Skins');
9bae6004 531
a7de4ef7 532 if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97
FB		 533 XDB::execute('UPDATE accounts
534 SET skin = {?}
535 WHERE uid = {?}',
536 Env::i('newskin'), S::i('uid'));
92e6a287 537 S::kill('skin');
47fa97fe 538 Platal::session()->setSkin();
9bae6004 539 }
540
31e01c97
FB		 541 $res = XDB::query('SELECT id
542 FROM skins
543 WHERE skin_tpl = {?}', S::v('skin'));
92e6a287 544 $page->assign('skin_id', $res->fetchOneCell());
545
31e01c97
FB		 546 $sql = 'SELECT s.*, auteur, COUNT(*) AS nb
547 FROM skins AS s
548 LEFT JOIN accounts AS a ON (a.skin = s.id)
549 WHERE skin_tpl != \'\' AND ext != \'\'
550 GROUP BY id ORDER BY s.date DESC';
a3afa47c 551 $page->assign('skins', XDB::iterator($sql));
9bae6004 552 }
4da0b8d7 553
26ba053e 554 function handler_exit($page, $level = null)
5de0b7e1 555 {
0c02607e 556 if (S::suid()) {
20b087ff
FB		 557 $old = S::user()->login();
558 S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe 559 Platal::session()->stopSUID();
20b087ff
FB		 560 $target = S::s('suid_startpage');
561 S::kill('suid_startpage');
562 if (!empty($target)) {
563 http_redirect($target);
564 }
565 pl_redirect('admin/user/' . $old);
5de0b7e1 566 }
567
568 if ($level == 'forget' || $level == 'forgetall') {
604dfd58 569 Platal::session()->killAccessCookie();
5de0b7e1 570 }
571
572 if ($level == 'forgetuid' || $level == 'forgetall') {
604dfd58 573 Platal::session()->killLoginFormCookies();
5de0b7e1 574 }
575
130b8708 576 if (S::logged()) {
59bec5bc
FB		 577 S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
578 Platal::session()->destroy();
130b8708 579 }
5de0b7e1 580
581 if (Get::has('redirect')) {
5e2307dc 582 http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1 583 } else {
8b1f8e12 584 $page->changeTpl('platal/exit.tpl');
5de0b7e1 585 }
5de0b7e1 586 }
ddb64990 587
26ba053e 588 function handler_review($page, $action = null, $mode = null)
ddb64990 589 {
78507d96
AA		 590 // Include X-XRDS-Location response-header for Yadis discovery
591 global $globals;
34d91db6 592 header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96 593
460d8f55 594 $this->load('review.inc.php');
ddb64990
FB		 595 $dom = 'Review';
596 if (@$GLOBALS['IS_XNET_SITE']) {
597 $dom .= 'Xnet';
598 }
8f201b69
FB		 599 $wp = new PlWikiPage($dom . '.Admin');
600 $conf = explode('%0a', $wp->getField('text'));
6d20fb1d 601 $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990
FB		 602 foreach ($conf as $line) {
603 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
604 $wiz->addPage('ReviewPage', $list[0], $list[1]);
605 }
606 $wiz->apply($page, 'review', $action, $mode);
607 }
e59506eb 608}
609
a7de4ef7 610// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb 611?>
plat/al