[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2008 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'       => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'   => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                          => $this->make_hook('webredir',  AUTH_MDP),
            'prefs/skin'  => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),
            'review'        => $this->make_hook('review', AUTH_PUBLIC),
            'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            pl_redirect('review');
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
        header("Pragma:");
        header("Set-Cookie:");
        header("Cache-Control:");
        header("Expires:");
        header("Content-Type: application/x-x509-ca-cert");
        header("Content-Length: ".strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('platal/changeLog.tpl');

        $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
        // url catch only (not all wiki syntax)
        $clog = preg_replace(array(
            '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
            '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
            '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
          array(
            '<a href="\\0">\\0</a>',
            '\\1<a href="http://www.\\2">www.\\2</a>',
            '<a href="mailto:\\0">\\0</a>'),
          $clog);
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $clog = preg_replace('!vim:.*$!', '', $clog);
        $clog = preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   S::v('core_rss_hash'), S::v('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   S::v('uid'));
            S::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes préférences');

        if (Post::has('mail_fmt')) {
            $fmt = Post::v('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     S::v('uid'));
            $_SESSION['mail_fmt'] = $fmt;
        }

        if (Post::has('rss')) {
            $this->__set_rss_state(Post::b('rss'));
        }
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('platal/webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& S::v('log');
        $url = Env::v('url');

        if (Env::v('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, S::v('uid'));
            $log->log('carva_add', 'http://'.Env::v('url'));
            $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
        } elseif (Env::v('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   S::v('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprimée');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    S::v('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activé.");
        }
    }

    function handler_password(&$page)
    {
        global $globals;

        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::v('response2');

            XDB::execute('UPDATE  auth_user_md5
                             SET  password={?}
                           WHERE  user_id={?}', $password,
                           S::v('uid'));

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife'));
                if ($account->g_status == 'active' && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            $log =& S::v('log');
            $log->log('passwd', '');

            if (Cookie::v('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('platal/motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/motdepasse.tpl');
        $page->addJsLink('motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');

        require_once 'wiki.inc.php';
        wiki_require_page('Xorg.SMTPSécurisé');
        wiki_require_page('Xorg.NNTPSécurisé');

        $uid  = S::v('uid');
        $pass = Env::v('smtppass1');
        $log  = S::v('log');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
        &&  Env::v('smtppass1') == Env::v('smtppass2'))
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistré');
            $log->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprimé');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trig('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en espérant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type != 'homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $res = XDB::query("SELECT  COUNT(*)
                                 FROM  emails
                                WHERE  uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
            $count = intval($res->fetchOneCell());
            if ($count == 0) {
                $page->assign('no_addr', true);
                return;
            }

            $page->assign('ok', true);

            $url   = rand_url_id();
            XDB::execute('INSERT INTO  perte_pass (certificat,uid,created)
                               VALUES  ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT  email
                                   FROM  emails
                                  WHERE  uid = {?} AND email = {?}',
                                $uid, Post::v('email'));
            if ($res->numRows()) {
                $mails = $res->fetchOneCell();
            } else {
                $res   = XDB::query('SELECT  email
                                       FROM  emails
                                      WHERE  uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
                $mails = implode(', ', $res->fetchColumn());
            }
            $mymail = new PlMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"

Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new CoreLogger($uid);
            $logger->log('recovery', $mails);
        } else {
            $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        global $globals;
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::v('response2');
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                require_once 'user.func.inc.php';
                $forlife = get_user_forlife($uid, '_silent_user_callback');
                $account = new GoogleAppsAccount($uid, $forlife);
                if ($account->g_status == 'active' && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            $logger = new CoreLogger($uid);
            $logger->log("passwd","");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/motdepasse.tpl');
            $page->addJsLink('motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE auth_user_quick
                             SET skin={?} WHERE user_id={?}',
                         Env::i('newskin'), S::v('uid'));
            S::kill('skin');
            set_skin();
        }

        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (S::has('suid')) {
            $a4l  = S::v('forlife');
            $suid = S::v('suid');
            $log  = S::v('log');
            $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
            $_SESSION = $suid;
            S::kill('suid');
            pl_redirect('admin/user/' . $a4l);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review(&$page, $action = null, $mode = null) 
    {
        require_once 'wiki.inc.php';
        require_once dirname(__FILE__) . '/platal/review.inc.php';
        $dir = wiki_work_dir();
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        if (!is_dir($dir)) {
            $page->kill("Impossible de trouver le wiki");
        }
        if (!file_exists($dir . '/' . $dom . '.Admin')) {
            $page->kill("Impossible de trouver la page d'administration");
        }
        $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
        $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
        $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
179afa7f	3	* Copyright (C) 2003-2008 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
c9178c75	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
ddb64990	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
5de0b7e1	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
bee33d93	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
bee33d93	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
bce2f8eb	48	'prefs/webredirect'
bee33d93	49	=> $this->make_hook('webredir', AUTH_MDP),
bee33d93	50	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	51
4da0b8d7	52	// password related thingies
1a5da857	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
5de0b7e1	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
ddb64990	58	'review' => $this->make_hook('review', AUTH_PUBLIC),
58abb43b	59	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	60	);
	61	}
	62
c9178c75	63	function handler_index(&$page)
c9178c75	64	{
cab08090	65	if (S::logged()) {
8b00e0e0	66	pl_redirect('events');
ddb64990 FB	67	} else if (!@$GLOBALS['IS_XNET_SITE']) {
ddb64990 FB	68	pl_redirect('review');
c9178c75	69	}
c9178c75	70	}
c9178c75	71
5de0b7e1	72	function handler_cacert(&$page)
5de0b7e1	73	{
ca877168	74	$data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
ca877168	75	header("Pragma:");
dc41059a	76	header("Set-Cookie:");
	77	header("Cache-Control:");
	78	header("Expires:");
	79	header("Content-Type: application/x-x509-ca-cert");
ca877168	80	header("Content-Length: ".strlen($data));
5de0b7e1	81	echo $data;
	82	exit;
	83	}
	84
	85	function handler_changelog(&$page)
	86	{
8b1f8e12	87	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	88
493b6abe	89	$clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
d39eceb9	90	$clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
4e95f720	91	// url catch only (not all wiki syntax)
	92	$clog = preg_replace(array(
	93	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	94	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	95	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	96	array(
	97	'<a href="\\0">\\0</a>',
	98	'\\1<a href="http://www.\\2">www.\\2</a>',
	99	'<a href="mailto:\\0">\\0</a>'),
	100	$clog);
5de0b7e1	101	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
9408f155	102	$clog = preg_replace('!vim:.*$!', '', $clog);
02722b9d	103	$clog = preg_replace("!(<hr />(\\s\|\n))?<pre>(\s\|\n)</pre>((\\s\|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
5de0b7e1	104	$page->assign('ChangeLog', $clog);
	105	}
	106
7927d719	107	function __set_rss_state($state)
7927d719	108	{
7927d719	109	if ($state) {
7927d719	110	$_SESSION['core_rss_hash'] = rand_url_id(16);
08cce2ff	111	XDB::execute('UPDATE auth_user_quick
7927d719	112	SET core_rss_hash={?} WHERE user_id={?}',
cab08090	113	S::v('core_rss_hash'), S::v('uid'));
7927d719	114	} else {
08cce2ff	115	XDB::execute('UPDATE auth_user_quick
7927d719	116	SET core_rss_hash="" WHERE user_id={?}',
cab08090	117	S::v('uid'));
cab08090	118	S::kill('core_rss_hash');
7927d719	119	}
	120	}
	121
e59506eb	122	function handler_prefs(&$page)
e59506eb	123	{
8b1f8e12	124	$page->changeTpl('platal/preferences.tpl');
a7de4ef7	125	$page->assign('xorg_title','Polytechnique.org - Mes préférences');
e59506eb	126
bee33d93	127	if (Post::has('mail_fmt')) {
5e2307dc	128	$fmt = Post::v('mail_fmt');
e59506eb	129	if ($fmt != 'texte') $fmt = 'html';
08cce2ff	130	XDB::execute("UPDATE auth_user_quick
e59506eb	131	SET core_mail_fmt = '$fmt'
e59506eb	132	WHERE user_id = {?}",
cab08090	133	S::v('uid'));
e59506eb	134	$_SESSION['mail_fmt'] = $fmt;
e59506eb	135	}
e59506eb	136
bee33d93	137	if (Post::has('rss')) {
5e2307dc	138	$this->__set_rss_state(Post::b('rss'));
e59506eb	139	}
e59506eb	140	}
9bae6004	141
bce2f8eb	142	function handler_webredir(&$page)
bce2f8eb	143	{
8b1f8e12	144	$page->changeTpl('platal/webredirect.tpl');
bce2f8eb	145
	146	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	147
cab08090	148	$log =& S::v('log');
5e2307dc	149	$url = Env::v('url');
bce2f8eb	150
5e2307dc	151	if (Env::v('submit') == 'Valider' and Env::has('url')) {
08cce2ff	152	XDB::execute('UPDATE auth_user_quick
bce2f8eb	153	SET redirecturl = {?} WHERE user_id = {?}',
cab08090	154	$url, S::v('uid'));
5e2307dc	155	$log->log('carva_add', 'http://'.Env::v('url'));
a7de4ef7	156	$page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
5e2307dc	157	} elseif (Env::v('submit') == "Supprimer") {
08cce2ff	158	XDB::execute("UPDATE auth_user_quick
bce2f8eb	159	SET redirecturl = ''
bce2f8eb	160	WHERE user_id = {?}",
cab08090	161	S::v('uid'));
bce2f8eb	162	$log->log("carva_del", $url);
bce2f8eb	163	Post::kill('url');
a7de4ef7	164	$page->trig('Redirection supprimée');
bce2f8eb	165	}
bce2f8eb	166
08cce2ff	167	$res = XDB::query('SELECT redirecturl
bce2f8eb	168	FROM auth_user_quick
bce2f8eb	169	WHERE user_id = {?}',
cab08090	170	S::v('uid'));
bce2f8eb	171	$page->assign('carva', $res->fetchOneCell());
bce2f8eb	172	}
bce2f8eb	173
4da0b8d7	174	function handler_prefs_rss(&$page)
7927d719	175	{
8b1f8e12	176	$page->changeTpl('platal/filrss.tpl');
7927d719	177
5e2307dc	178	$page->assign('goback', Env::v('referer', 'login'));
7927d719	179
5e2307dc	180	if (Env::v('act_rss') == 'Activer') {
7927d719	181	$this->__set_rss_state(true);
a7de4ef7	182	$page->trig("Ton Fil RSS est activé.");
7927d719	183	}
7927d719	184	}
7927d719	185
7c77c3ee	186	function handler_password(&$page)
7c77c3ee	187	{
84270653 VZ	188	global $globals;
84270653 VZ	189
7c77c3ee	190	if (Post::has('response2')) {
	191	require_once 'secure_hash.inc.php';
	192
5e2307dc	193	$_SESSION['password'] = $password = Post::v('response2');
7c77c3ee	194
eaf30d86	195	XDB::execute('UPDATE auth_user_md5
9ffe0e77	196	SET password={?}
	197	WHERE user_id={?}', $password,
	198	S::v('uid'));
7c77c3ee	199
84270653 VZ	200	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	201	// updates the Google Apps password as well.
	202	if ($globals->mailstorage->googleapps_domain) {
	203	require_once 'googleapps.inc.php';
	204	$account = new GoogleAppsAccount(S::v('uid'), S::v('forlife'));
	205	if ($account->g_status == 'active' && $account->sync_password) {
	206	$account->set_password($password);
	207	}
	208	}
	209
cab08090	210	$log =& S::v('log');
7c77c3ee	211	$log->log('passwd', '');
7c77c3ee	212
5e2307dc	213	if (Cookie::v('ORGaccess')) {
7c77c3ee	214	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	215	}
	216
8b1f8e12	217	$page->changeTpl('platal/motdepasse.success.tpl');
7c77c3ee	218	$page->run();
	219	}
	220
8b1f8e12	221	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	222	$page->addJsLink('motdepasse.js');
7c77c3ee	223	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
7c77c3ee	224	}
7c77c3ee	225
1a5da857	226	function handler_smtppass(&$page)
1a5da857	227	{
8b1f8e12	228	$page->changeTpl('platal/acces_smtp.tpl');
1a5da857	229	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
eaf30d86	230
41e3c724	231	require_once 'wiki.inc.php';
a7de4ef7	232	wiki_require_page('Xorg.SMTPSécurisé');
a7de4ef7	233	wiki_require_page('Xorg.NNTPSécurisé');
1a5da857	234
cab08090	235	$uid = S::v('uid');
5e2307dc	236	$pass = Env::v('smtppass1');
cab08090	237	$log = S::v('log');
1a5da857	238
eaf30d86 PH	239	if (Env::v('op') == "Valider" && strlen($pass) >= 6
eaf30d86 PH	240	&& Env::v('smtppass1') == Env::v('smtppass2'))
1a5da857	241	{
08cce2ff	242	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
1a5da857	243	WHERE user_id = {?}', $pass, $uid);
a7de4ef7	244	$page->trig('Mot de passe enregistré');
1a5da857	245	$log->log("passwd_ssl");
5e2307dc	246	} elseif (Env::v('op') == "Supprimer") {
08cce2ff	247	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
1a5da857	248	WHERE user_id = {?}', $uid);
a7de4ef7	249	$page->trig('Compte SMTP et NNTP supprimé');
1a5da857	250	$log->log("passwd_del");
	251	}
	252
eaf30d86	253	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
1a5da857	254	FROM auth_user_md5
	255	WHERE user_id = {?}", $uid);
	256	$page->assign('actif', $res->fetchOneCell());
1a5da857	257	}
1a5da857	258
8858cfc1	259	function handler_recovery(&$page)
	260	{
	261	global $globals;
	262
8b1f8e12	263	$page->changeTpl('platal/recovery.tpl');
8858cfc1	264
8858cfc1	265	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	266	return;
8858cfc1	267	}
8858cfc1	268
5e2307dc	269	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
a7de4ef7	270	$page->trig('Date de naissance incorrecte ou incohérente');
c9110c6c	271	return;
8858cfc1	272	}
c9110c6c	273
c9110c6c	274	$birth = sprintf('%s-%s-%s',
5e2307dc	275	substr(Env::v('birth'), 4, 4),
	276	substr(Env::v('birth'), 2, 2),
	277	substr(Env::v('birth'), 0, 2));
8858cfc1	278
5e2307dc	279	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	280
a7de4ef7	281	// paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
a7de4ef7	282	// avec celle fournie ici en espérant que c'est la bonne
8858cfc1	283
08cce2ff	284	$res = XDB::query(
8858cfc1	285	"SELECT user_id, naissance
8858cfc1	286	FROM auth_user_md5 AS u
3a5c1551	287	INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
8858cfc1	288	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	289	list($uid, $naissance) = $res->fetchOneRow();
	290
	291	if ($naissance == $birth) {
8c28edc9	292	$res = XDB::query("SELECT COUNT(*)
	293	FROM emails
	294	WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
	295	$count = intval($res->fetchOneCell());
	296	if ($count == 0) {
	297	$page->assign('no_addr', true);
	298	return;
	299	}
	300
8858cfc1	301	$page->assign('ok', true);
8858cfc1	302
eaf30d86 PH	303	$url = rand_url_id();
eaf30d86 PH	304	XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
a4d5829b	305	VALUES ({?},{?},NOW())', $url, $uid);
	306	$res = XDB::query('SELECT email
	307	FROM emails
	308	WHERE uid = {?} AND email = {?}',
	309	$uid, Post::v('email'));
	310	if ($res->numRows()) {
	311	$mails = $res->fetchOneCell();
	312	} else {
	313	$res = XDB::query('SELECT email
	314	FROM emails
	315	WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	316	$mails = implode(', ', $res->fetchColumn());
	317	}
1e33266a	318	$mymail = new PlMailer();
1d55fe45	319	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
8858cfc1	320	$mymail->addTo($mails);
	321	$mymail->setSubject('Ton certificat d\'authentification');
	322	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	323	{$globals->baseurl}/tmpPWD/$url
	324
e887e90d	325	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	326
eaf30d86	327	--
8858cfc1	328	Polytechnique.org
a7de4ef7	329	\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
8858cfc1	330
a7de4ef7	331	Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
a4d5829b	332	Adresse de secours : " . Post::v('email') : ""));
8858cfc1	333	$mymail->send();
	334
	335	// on cree un objet logger et on log l'evenement
c4271d38	336	$logger = $_SESSION['log'] = new CoreLogger($uid);
a4d5829b	337	$logger->log('recovery', $mails);
8858cfc1	338	} else {
a7de4ef7	339	$page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
3a5c1551	340	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
8858cfc1	341	}
8858cfc1	342	}
8858cfc1	343
6c49d0af	344	function handler_tmpPWD(&$page, $certif = null)
6c49d0af	345	{
84270653	346	global $globals;
08cce2ff	347	XDB::execute('DELETE FROM perte_pass
6c49d0af	348	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	349
08cce2ff	350	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	351	$ligne = $res->fetchOneAssoc();
6c49d0af	352	if (!$ligne) {
8b1f8e12	353	$page->changeTpl('platal/index.tpl');
6c49d0af	354	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	355	}
	356
	357	$uid = $ligne["uid"];
	358	if (Post::has('response2')) {
5e2307dc	359	$password = Post::v('response2');
08cce2ff	360	XDB::query('UPDATE auth_user_md5 SET password={?}
6c49d0af	361	WHERE user_id={?} AND perms IN("admin","user")',
6c49d0af	362	$password, $uid);
08cce2ff	363	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
84270653 VZ	364
	365	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	366	// updates the Google Apps password as well.
	367	if ($globals->mailstorage->googleapps_domain) {
	368	require_once 'googleapps.inc.php';
	369	require_once 'user.func.inc.php';
	370	$forlife = get_user_forlife($uid, '_silent_user_callback');
	371	$account = new GoogleAppsAccount($uid, $forlife);
	372	if ($account->g_status == 'active' && $account->sync_password) {
	373	$account->set_password($password);
	374	}
	375	}
	376
	377	$logger = new CoreLogger($uid);
6c49d0af	378	$logger->log("passwd","");
8b1f8e12	379	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	380	} else {
8b1f8e12	381	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	382	$page->addJsLink('motdepasse.js');
6c49d0af	383	}
6c49d0af	384	}
6c49d0af	385
9bae6004	386	function handler_skin(&$page)
	387	{
	388	global $globals;
	389
8b1f8e12	390	$page->changeTpl('platal/skins.tpl');
9bae6004	391	$page->assign('xorg_title','Polytechnique.org - Skins');
9bae6004	392
a7de4ef7	393	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
08cce2ff	394	XDB::execute('UPDATE auth_user_quick
63528107	395	SET skin={?} WHERE user_id={?}',
5e2307dc	396	Env::i('newskin'), S::v('uid'));
92e6a287	397	S::kill('skin');
9bae6004	398	set_skin();
	399	}
	400
92e6a287	401	$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
	402	$page->assign('skin_id', $res->fetchOneCell());
	403
9bae6004	404	$sql = "SELECT s.,auteur,count() AS nb
	405	FROM skins AS s
	406	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	407	WHERE skin_tpl != '' AND ext != ''
	408	GROUP BY id ORDER BY s.date DESC";
a3afa47c	409	$page->assign('skins', XDB::iterator($sql));
9bae6004	410	}
4da0b8d7	411
5de0b7e1	412	function handler_exit(&$page, $level = null)
5de0b7e1	413	{
cab08090	414	if (S::has('suid')) {
e74411f7	415	$a4l = S::v('forlife');
	416	$suid = S::v('suid');
	417	$log = S::v('log');
	418	$log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
	419	$_SESSION = $suid;
	420	S::kill('suid');
	421	pl_redirect('admin/user/' . $a4l);
5de0b7e1	422	}
	423
	424	if ($level == 'forget' \|\| $level == 'forgetall') {
	425	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	426	Cookie::kill('ORGaccess');
	427	if (isset($_SESSION['log']))
	428	$_SESSION['log']->log("cookie_off");
	429	}
	430
	431	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	432	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	433	Cookie::kill('ORGuid');
	434	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	435	Cookie::kill('ORGdomain');
	436	}
	437
	438	if (isset($_SESSION['log'])) {
	439	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	440	$_SESSION['log']->log('deconnexion',$ref);
	441	}
	442
	443	XorgSession::destroy();
	444
	445	if (Get::has('redirect')) {
5e2307dc	446	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	447	} else {
8b1f8e12	448	$page->changeTpl('platal/exit.tpl');
5de0b7e1	449	}
5de0b7e1	450	}
ddb64990 FB	451
	452	function handler_review(&$page, $action = null, $mode = null)
	453	{
	454	require_once 'wiki.inc.php';
	455	require_once dirname(__FILE__) . '/platal/review.inc.php';
	456	$dir = wiki_work_dir();
	457	$dom = 'Review';
	458	if (@$GLOBALS['IS_XNET_SITE']) {
	459	$dom .= 'Xnet';
	460	}
	461	if (!is_dir($dir)) {
	462	$page->kill("Impossible de trouver le wiki");
	463	}
	464	if (!file_exists($dir . '/' . $dom . '.Admin')) {
	465	$page->kill("Impossible de trouver la page d'administration");
	466	}
	467	$conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
	468	$conf = preg_split('/(text\=\|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
	469	$wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
	470	foreach ($conf as $line) {
	471	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	472	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	473	}
	474	$wiz->apply($page, 'review', $action, $mode);
	475	}
e59506eb	476	}
e59506eb	477
a7de4ef7	478	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	479	?>