[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'     => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                        => $this->make_hook('webredir',  AUTH_MDP),
            'skin'      => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),

            // happenings related thingies
            'rss'         => $this->make_hook('rss',       AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (logged()) {
            redirect("events");
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents('/etc/ssl/xorgCA/cacert.pem');
        header('Content-Type: application/x-x509-ca-cert');
        header('Content-Length: '.strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('changeLog.tpl');

        $clog = htmlentities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   Session::get('core_rss_hash'),
                                   Session::getInt('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   Session::getInt('uid'));
            Session::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        global $globals;

        $page->changeTpl('preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');

        if (Env::has('mail_fmt')) {
            $fmt = Env::get('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     Session::getInt('uid'));
            $_SESSION['mail_fmt'] = $fmt;
            redirect($globals->baseurl.'/preferences');
        }

        if (Env::has('rss')) {
            $this->__set_rss_state(Env::getBool('rss'));
        }

        $page->assign('prefs', $globals->hook->prefs());
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& Session::getMixed('log');
        $url = Env::get('url');

        if (Env::get('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, Session::getInt('uid'));
            $log->log('carva_add', 'http://'.Env::get('url'));
            $page->trig("Redirection activ�e vers <a href='http://$url'>$url</a>");
        } elseif (Env::get('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   Session::getInt('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprim�e');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    Session::getInt('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('filrss.tpl');

        $page->assign('goback', Env::get('referer', 'login'));

        if (Env::get('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activ�.");
        }
    }

    function handler_password(&$page)
    {
        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::get('response2');

            XDB::execute('UPDATE  auth_user_md5 
                                       SET  password={?}
                                     WHERE  user_id={?}', $password,
                                     Session::getInt('uid'));

            $log =& Session::getMixed('log');
            $log->log('passwd', '');

            if (Cookie::get('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('motdepasse.tpl');
        $page->addJsLink('javascript/motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');

        $uid  = Session::getInt('uid');
        $pass = Env::get('smtppass1');
        $log  = Session::getMixed('log');

        if (Env::get('op') == "Valider" && strlen($pass) >= 6 
        &&  Env::get('smtppass1') == Env::get('smtppass2')) 
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistr�');
            $log->log("passwd_ssl");
        } elseif (Env::get('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprim�');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '') 
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) {
            $page->trig_run('Date de naissance incorrecte ou incoh�rente');
        }
        $birth   = sprintf('%s-%s-%s', substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2));

        $mailorg = strtok(Env::get('login'), '@');

        // paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en esp�rant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type!='homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $page->assign('ok', true);

            $url   = rand_url_id(); 
            XDB::execute('INSERT INTO perte_pass (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT email FROM emails WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
            $mails = implode(', ', $res->fetchColumn());

            require_once "diogenes/diogenes.hermes.inc.php";
            $mymail = new HermesMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.

-- 
Polytechnique.org
\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"".(Post::get('email') ? "

Adresse de secours :
    ".Post::get('email') : "")."

Mail envoy� � ".Env::get('login'));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new DiogenesCoreLogger($uid);
            $logger->log('recovery', $emails);
        } else {
            $page->trig('Pas de r�sultat correspondant aux champs entr�s dans notre base de donn�es.');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::get('response2');
            $logger   = new DiogenesCoreLogger($uid);
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('tmpPWD.success.tpl');
        } else {
            $page->changeTpl('motdepasse.tpl');
            $page->addJsLink('javascript/motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        if (!$globals->skin->enable) {
            redirect('./');
        }

        $page->changeTpl('skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les donn�es envoy�es
            XDB::execute('UPDATE auth_user_quick
                                       SET skin={?} WHERE user_id={?}',
                                    Env::getInt('newskin'),
                                    Session::getInt('uid'));
            set_skin();
        }

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign_by_ref('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (Session::has('suid')) {
            if (Session::has('suid')) {
                $a4l  = Session::get('forlife');
                $suid = Session::getMixed('suid');
                $log  = Session::getMixed('log');
                $log->log("suid_stop", Session::get('forlife') . " by " . $suid['forlife']);
                $_SESSION = $suid;
                Session::kill('suid');
                redirect($globals->baseurl.'/admin/utilisateurs.php?login='.$a4l);
            } else {
                redirect("events");
            }
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            redirect(rawurldecode(Get::get('redirect')));
        } else {
            $page->changeTpl('exit.tpl');
        }
    }

    function handler_rss(&$page, $user = null, $hash = null)
    {
        require_once 'rss.inc.php';

        $uid = init_rss('rss.tpl', $user, $hash);

        $rss = XDB::iterator(
                'SELECT  e.id, e.titre, e.texte, e.creation_date
                   FROM  auth_user_md5   AS u
             INNER JOIN  evenements      AS e ON ( (e.promo_min = 0 || e.promo_min <= u.promo)
                                                   AND (e.promo_max = 0 || e.promo_max >= u.promo) )
                  WHERE  u.user_id = {?} AND FIND_IN_SET(e.flags, "valide")
                                         AND peremption >= NOW()', $uid);
        $page->assign('rss', $rss);
    }
}

?>
Commit	Line	Data
e59506eb	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2006 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
c9178c75	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
c9178c75	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
5de0b7e1	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
1a5da857	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
1a5da857	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
bce2f8eb	48	'prefs/webredirect'
bce2f8eb	49	=> $this->make_hook('webredir', AUTH_MDP),
1a5da857	50	'skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	51
4da0b8d7	52	// password related thingies
1a5da857	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
5de0b7e1	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
4da0b8d7	58
	59	// happenings related thingies
	60	'rss' => $this->make_hook('rss', AUTH_PUBLIC),
e59506eb	61	);
	62	}
	63
c9178c75	64	function handler_index(&$page)
	65	{
	66	if (logged()) {
	67	redirect("events");
	68	}
c9178c75	69	}
c9178c75	70
5de0b7e1	71	function handler_cacert(&$page)
	72	{
	73	$data = file_get_contents('/etc/ssl/xorgCA/cacert.pem');
	74	header('Content-Type: application/x-x509-ca-cert');
	75	header('Content-Length: '.strlen($data));
	76	echo $data;
	77	exit;
	78	}
	79
	80	function handler_changelog(&$page)
	81	{
	82	$page->changeTpl('changeLog.tpl');
	83
	84	$clog = htmlentities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
	85	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
	86	$page->assign('ChangeLog', $clog);
	87	}
	88
7927d719	89	function __set_rss_state($state)
7927d719	90	{
7927d719	91	if ($state) {
7927d719	92	$_SESSION['core_rss_hash'] = rand_url_id(16);
08cce2ff	93	XDB::execute('UPDATE auth_user_quick
7927d719	94	SET core_rss_hash={?} WHERE user_id={?}',
	95	Session::get('core_rss_hash'),
	96	Session::getInt('uid'));
	97	} else {
08cce2ff	98	XDB::execute('UPDATE auth_user_quick
7927d719	99	SET core_rss_hash="" WHERE user_id={?}',
	100	Session::getInt('uid'));
	101	Session::kill('core_rss_hash');
	102	}
	103	}
	104
e59506eb	105	function handler_prefs(&$page)
	106	{
	107	global $globals;
	108
	109	$page->changeTpl('preferences.tpl');
	110	$page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');
	111
	112	if (Env::has('mail_fmt')) {
	113	$fmt = Env::get('mail_fmt');
	114	if ($fmt != 'texte') $fmt = 'html';
08cce2ff	115	XDB::execute("UPDATE auth_user_quick
e59506eb	116	SET core_mail_fmt = '$fmt'
	117	WHERE user_id = {?}",
	118	Session::getInt('uid'));
	119	$_SESSION['mail_fmt'] = $fmt;
20d90835	120	redirect($globals->baseurl.'/preferences');
e59506eb	121	}
	122
	123	if (Env::has('rss')) {
7927d719	124	$this->__set_rss_state(Env::getBool('rss'));
e59506eb	125	}
	126
	127	$page->assign('prefs', $globals->hook->prefs());
	128	}
9bae6004	129
bce2f8eb	130	function handler_webredir(&$page)
bce2f8eb	131	{
bce2f8eb	132	$page->changeTpl('webredirect.tpl');
	133
	134	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	135
	136	$log =& Session::getMixed('log');
	137	$url = Env::get('url');
	138
	139	if (Env::get('submit') == 'Valider' and Env::has('url')) {
08cce2ff	140	XDB::execute('UPDATE auth_user_quick
bce2f8eb	141	SET redirecturl = {?} WHERE user_id = {?}',
bf2692e3	142	$url, Session::getInt('uid'));
bce2f8eb	143	$log->log('carva_add', 'http://'.Env::get('url'));
	144	$page->trig("Redirection activ�e vers <a href='http://$url'>$url</a>");
	145	} elseif (Env::get('submit') == "Supprimer") {
08cce2ff	146	XDB::execute("UPDATE auth_user_quick
bce2f8eb	147	SET redirecturl = ''
bce2f8eb	148	WHERE user_id = {?}",
bf2692e3	149	Session::getInt('uid'));
bce2f8eb	150	$log->log("carva_del", $url);
	151	Post::kill('url');
	152	$page->trig('Redirection supprim�e');
	153	}
	154
08cce2ff	155	$res = XDB::query('SELECT redirecturl
bce2f8eb	156	FROM auth_user_quick
	157	WHERE user_id = {?}',
	158	Session::getInt('uid'));
	159	$page->assign('carva', $res->fetchOneCell());
bce2f8eb	160	}
bce2f8eb	161
4da0b8d7	162	function handler_prefs_rss(&$page)
7927d719	163	{
7927d719	164	$page->changeTpl('filrss.tpl');
	165
	166	$page->assign('goback', Env::get('referer', 'login'));
	167
	168	if (Env::get('act_rss') == 'Activer') {
	169	$this->__set_rss_state(true);
	170	$page->trig("Ton Fil RSS est activ�.");
	171	}
7927d719	172	}
7927d719	173
7c77c3ee	174	function handler_password(&$page)
7c77c3ee	175	{
7c77c3ee	176	if (Post::has('response2')) {
	177	require_once 'secure_hash.inc.php';
	178
	179	$_SESSION['password'] = $password = Post::get('response2');
	180
08cce2ff	181	XDB::execute('UPDATE auth_user_md5
7c77c3ee	182	SET password={?}
	183	WHERE user_id={?}', $password,
	184	Session::getInt('uid'));
	185
	186	$log =& Session::getMixed('log');
	187	$log->log('passwd', '');
	188
	189	if (Cookie::get('ORGaccess')) {
	190	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	191	}
	192
	193	$page->changeTpl('motdepasse.success.tpl');
	194	$page->run();
	195	}
	196
	197	$page->changeTpl('motdepasse.tpl');
	198	$page->addJsLink('javascript/motdepasse.js');
	199	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
7c77c3ee	200	}
7c77c3ee	201
1a5da857	202	function handler_smtppass(&$page)
1a5da857	203	{
1a5da857	204	$page->changeTpl('acces_smtp.tpl');
	205	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
	206
	207	$uid = Session::getInt('uid');
	208	$pass = Env::get('smtppass1');
	209	$log = Session::getMixed('log');
	210
	211	if (Env::get('op') == "Valider" && strlen($pass) >= 6
	212	&& Env::get('smtppass1') == Env::get('smtppass2'))
	213	{
08cce2ff	214	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
1a5da857	215	WHERE user_id = {?}', $pass, $uid);
	216	$page->trig('Mot de passe enregistr�');
	217	$log->log("passwd_ssl");
	218	} elseif (Env::get('op') == "Supprimer") {
08cce2ff	219	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
1a5da857	220	WHERE user_id = {?}', $uid);
	221	$page->trig('Compte SMTP et NNTP supprim�');
	222	$log->log("passwd_del");
	223	}
	224
08cce2ff	225	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
1a5da857	226	FROM auth_user_md5
	227	WHERE user_id = {?}", $uid);
	228	$page->assign('actif', $res->fetchOneCell());
1a5da857	229	}
1a5da857	230
8858cfc1	231	function handler_recovery(&$page)
	232	{
	233	global $globals;
	234
	235	$page->changeTpl('recovery.tpl');
	236
	237	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	238	return;
8858cfc1	239	}
	240
	241	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) {
	242	$page->trig_run('Date de naissance incorrecte ou incoh�rente');
	243	}
	244	$birth = sprintf('%s-%s-%s', substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2));
	245
	246	$mailorg = strtok(Env::get('login'), '@');
	247
	248	// paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
	249	// avec celle fournie ici en esp�rant que c'est la bonne
	250
08cce2ff	251	$res = XDB::query(
8858cfc1	252	"SELECT user_id, naissance
	253	FROM auth_user_md5 AS u
	254	INNER JOIN aliases AS a ON (u.user_id=a.id AND type!='homonyme')
	255	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	256	list($uid, $naissance) = $res->fetchOneRow();
	257
	258	if ($naissance == $birth) {
	259	$page->assign('ok', true);
	260
	261	$url = rand_url_id();
08cce2ff	262	XDB::execute('INSERT INTO perte_pass (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $uid);
08cce2ff	263	$res = XDB::query('SELECT email FROM emails WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
8858cfc1	264	$mails = implode(', ', $res->fetchColumn());
	265
	266	require_once "diogenes/diogenes.hermes.inc.php";
	267	$mymail = new HermesMailer();
	268	$mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
	269	$mymail->addTo($mails);
	270	$mymail->setSubject('Ton certificat d\'authentification');
	271	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	272	{$globals->baseurl}/tmpPWD/$url
	273
	274	Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.
	275
	276	--
	277	Polytechnique.org
	278	\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"".(Post::get('email') ? "
	279
	280	Adresse de secours :
	281	".Post::get('email') : "")."
	282
	283	Mail envoy� � ".Env::get('login'));
	284	$mymail->send();
	285
	286	// on cree un objet logger et on log l'evenement
	287	$logger = $_SESSION['log'] = new DiogenesCoreLogger($uid);
	288	$logger->log('recovery', $emails);
	289	} else {
	290	$page->trig('Pas de r�sultat correspondant aux champs entr�s dans notre base de donn�es.');
	291	}
8858cfc1	292	}
8858cfc1	293
6c49d0af	294	function handler_tmpPWD(&$page, $certif = null)
6c49d0af	295	{
08cce2ff	296	XDB::execute('DELETE FROM perte_pass
6c49d0af	297	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	298
08cce2ff	299	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	300	$ligne = $res->fetchOneAssoc();
	301	if (!$ligne) {
	302	$page->changeTpl('index.tpl');
	303	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	304	}
	305
	306	$uid = $ligne["uid"];
	307	if (Post::has('response2')) {
	308	$password = Post::get('response2');
	309	$logger = new DiogenesCoreLogger($uid);
08cce2ff	310	XDB::query('UPDATE auth_user_md5 SET password={?}
6c49d0af	311	WHERE user_id={?} AND perms IN("admin","user")',
6c49d0af	312	$password, $uid);
08cce2ff	313	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	314	$logger->log("passwd","");
	315	$page->changeTpl('tmpPWD.success.tpl');
	316	} else {
	317	$page->changeTpl('motdepasse.tpl');
	318	$page->addJsLink('javascript/motdepasse.js');
	319	}
6c49d0af	320	}
6c49d0af	321
9bae6004	322	function handler_skin(&$page)
	323	{
	324	global $globals;
	325
	326	if (!$globals->skin->enable) {
f09cee18	327	redirect('./');
9bae6004	328	}
f09cee18	329
f09cee18	330	$page->changeTpl('skins.tpl');
9bae6004	331	$page->assign('xorg_title','Polytechnique.org - Skins');
	332
	333	if (Env::has('newskin')) { // formulaire soumis, traitons les donn�es envoy�es
08cce2ff	334	XDB::execute('UPDATE auth_user_quick
9bae6004	335	SET skin={?} WHERE user_id={?}',
	336	Env::getInt('newskin'),
	337	Session::getInt('uid'));
	338	set_skin();
	339	}
	340
	341	$sql = "SELECT s.,auteur,count() AS nb
	342	FROM skins AS s
	343	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	344	WHERE skin_tpl != '' AND ext != ''
	345	GROUP BY id ORDER BY s.date DESC";
08cce2ff	346	$page->assign_by_ref('skins', XDB::iterator($sql));
9bae6004	347	}
4da0b8d7	348
5de0b7e1	349	function handler_exit(&$page, $level = null)
	350	{
	351	if (Session::has('suid')) {
	352	if (Session::has('suid')) {
	353	$a4l = Session::get('forlife');
	354	$suid = Session::getMixed('suid');
	355	$log = Session::getMixed('log');
	356	$log->log("suid_stop", Session::get('forlife') . " by " . $suid['forlife']);
	357	$_SESSION = $suid;
	358	Session::kill('suid');
	359	redirect($globals->baseurl.'/admin/utilisateurs.php?login='.$a4l);
	360	} else {
	361	redirect("events");
	362	}
	363	}
	364
	365	if ($level == 'forget' \|\| $level == 'forgetall') {
	366	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	367	Cookie::kill('ORGaccess');
	368	if (isset($_SESSION['log']))
	369	$_SESSION['log']->log("cookie_off");
	370	}
	371
	372	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	373	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	374	Cookie::kill('ORGuid');
	375	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	376	Cookie::kill('ORGdomain');
	377	}
	378
	379	if (isset($_SESSION['log'])) {
	380	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	381	$_SESSION['log']->log('deconnexion',$ref);
	382	}
	383
	384	XorgSession::destroy();
	385
	386	if (Get::has('redirect')) {
	387	redirect(rawurldecode(Get::get('redirect')));
	388	} else {
	389	$page->changeTpl('exit.tpl');
	390	}
5de0b7e1	391	}
5de0b7e1	392
4da0b8d7	393	function handler_rss(&$page, $user = null, $hash = null)
4da0b8d7	394	{
4da0b8d7	395	require_once 'rss.inc.php';
	396
	397	$uid = init_rss('rss.tpl', $user, $hash);
	398
08cce2ff	399	$rss = XDB::iterator(
4da0b8d7	400	'SELECT e.id, e.titre, e.texte, e.creation_date
	401	FROM auth_user_md5 AS u
	402	INNER JOIN evenements AS e ON ( (e.promo_min = 0 \|\| e.promo_min <= u.promo)
	403	AND (e.promo_max = 0 \|\| e.promo_max >= u.promo) )
	404	WHERE u.user_id = {?} AND FIND_IN_SET(e.flags, "valide")
	405	AND peremption >= NOW()', $uid);
	406	$page->assign('rss', $rss);
4da0b8d7	407	}
e59506eb	408	}
	409
	410	?>