[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2006 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            // Preferences thingies
            'prefs'     => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'skin'      => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),

            // happenings related thingies
            'rss'         => $this->make_hook('rss',       AUTH_PUBLIC),
        );
    }

    function __set_rss_state($state)
    {
        global $globals;

        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            $globals->xdb->execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   Session::get('core_rss_hash'),
                                   Session::getInt('uid'));
        } else {
            $globals->xdb->execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   Session::getInt('uid'));
            Session::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        global $globals;

        $page->changeTpl('preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');

        if (Env::has('mail_fmt')) {
            $fmt = Env::get('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            $globals->xdb->execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     Session::getInt('uid'));
            $_SESSION['mail_fmt'] = $fmt;
            redirect('preferences');
        }

        if (Env::has('rss')) {
            $this->__set_rss_state(Env::getBool('rss'));
        }

        $page->assign('prefs', $globals->hook->prefs());

        return PL_OK;
    }

    function handler_prefs_rss(&$page)
    {
        global $globals;

        $page->changeTpl('filrss.tpl');

        $page->assign('goback', Env::get('referer', 'login'));

        if (Env::get('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activ�.");
        }

        return PL_OK;
    }

    function handler_password(&$page)
    {
        global $globals;

        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::get('response2');

            $globals->xdb->execute('UPDATE  auth_user_md5 
                                       SET  password={?}
                                     WHERE  user_id={?}', $password,
                                     Session::getInt('uid'));

            $log =& Session::getMixed('log');
            $log->log('passwd', '');

            if (Cookie::get('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('motdepasse.tpl');
        $page->addJsLink('javascript/motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');

        return PL_OK;
    }

    function handler_smtppass(&$page)
    {
        global $globals;

        $page->changeTpl('acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');

        $uid  = Session::getInt('uid');
        $pass = Env::get('smtppass1');
        $log  = Session::getMixed('log');

        if (Env::get('op') == "Valider" && strlen($pass) >= 6 
        &&  Env::get('smtppass1') == Env::get('smtppass2')) 
        {
            $globals->xdb->execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistr�');
            $log->log("passwd_ssl");
        } elseif (Env::get('op') == "Supprimer") {
            $globals->xdb->execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprim�');
            $log->log("passwd_del");
        }

        $res = $globals->xdb->query("SELECT IF(smtppass != '', 'actif', '') 
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());

        return PL_OK;
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return PL_OK;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) {
            $page->trig_run('Date de naissance incorrecte ou incoh�rente');
        }
        $birth   = sprintf('%s-%s-%s', substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2));

        $mailorg = strtok(Env::get('login'), '@');

        // paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en esp�rant que c'est la bonne

        $res = $globals->xdb->query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type!='homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $page->assign('ok', true);

            $url   = rand_url_id(); 
            $globals->xdb->execute('INSERT INTO perte_pass (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $uid);
            $res   = $globals->xdb->query('SELECT email FROM emails WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
            $mails = implode(', ', $res->fetchColumn());

            require_once "diogenes/diogenes.hermes.inc.php";
            $mymail = new HermesMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.

-- 
Polytechnique.org
\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"".(Post::get('email') ? "

Adresse de secours :
    ".Post::get('email') : "")."

Mail envoy� � ".Env::get('login'));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new DiogenesCoreLogger($uid);
            $logger->log('recovery', $emails);
        } else {
            $page->trig('Pas de r�sultat correspondant aux champs entr�s dans notre base de donn�es.');
        }

        return PL_OK;
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        global $globals;

        $globals->xdb->execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = $globals->xdb->query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::get('response2');
            $logger   = new DiogenesCoreLogger($uid);
            $globals->xdb->query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            $globals->xdb->query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('tmpPWD.success.tpl');
        } else {
            $page->changeTpl('motdepasse.tpl');
            $page->addJsLink('javascript/motdepasse.js');
        }

        return PL_OK;
    }

    function handler_skin(&$page)
    {
        global $globals;

        if (!$globals->skin->enable) {
            redirect('./');
        }

        $page->changeTpl('skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les donn�es envoy�es
            $globals->xdb->execute('UPDATE auth_user_quick
                                       SET skin={?} WHERE user_id={?}',
                                    Env::getInt('newskin'),
                                    Session::getInt('uid'));
            set_skin();
        }

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign_by_ref('skins', $globals->xdb->iterator($sql));
        return PL_OK;
    }

    function handler_rss(&$page, $user = null, $hash = null)
    {
        global $globals;

        require_once 'rss.inc.php';

        $uid = init_rss('rss.tpl', $user, $hash);

        $rss = $globals->xdb->iterator(
                'SELECT  e.id, e.titre, e.texte, e.creation_date
                   FROM  auth_user_md5   AS u
             INNER JOIN  evenements      AS e ON ( (e.promo_min = 0 || e.promo_min <= u.promo)
                                                   AND (e.promo_max = 0 || e.promo_max >= u.promo) )
                  WHERE  u.user_id = {?} AND FIND_IN_SET(e.flags, "valide")
                                         AND peremption >= NOW()', $uid);
        $page->assign('rss', $rss);

        return PL_OK;
    }
}

?>
Commit	Line	Data
e59506eb	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2006 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class PlatalModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
4da0b8d7	27	// Preferences thingies
1a5da857	28	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
	29	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
	30	'skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	31
4da0b8d7	32	// password related thingies
1a5da857	33	'password' => $this->make_hook('password', AUTH_MDP),
	34	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	35	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	36	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
4da0b8d7	37
	38	// happenings related thingies
	39	'rss' => $this->make_hook('rss', AUTH_PUBLIC),
e59506eb	40	);
	41	}
	42
7927d719	43	function __set_rss_state($state)
	44	{
	45	global $globals;
	46
	47	if ($state) {
	48	$_SESSION['core_rss_hash'] = rand_url_id(16);
	49	$globals->xdb->execute('UPDATE auth_user_quick
	50	SET core_rss_hash={?} WHERE user_id={?}',
	51	Session::get('core_rss_hash'),
	52	Session::getInt('uid'));
	53	} else {
	54	$globals->xdb->execute('UPDATE auth_user_quick
	55	SET core_rss_hash="" WHERE user_id={?}',
	56	Session::getInt('uid'));
	57	Session::kill('core_rss_hash');
	58	}
	59	}
	60
e59506eb	61	function handler_prefs(&$page)
	62	{
	63	global $globals;
	64
	65	$page->changeTpl('preferences.tpl');
	66	$page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');
	67
	68	if (Env::has('mail_fmt')) {
	69	$fmt = Env::get('mail_fmt');
	70	if ($fmt != 'texte') $fmt = 'html';
	71	$globals->xdb->execute("UPDATE auth_user_quick
	72	SET core_mail_fmt = '$fmt'
	73	WHERE user_id = {?}",
	74	Session::getInt('uid'));
	75	$_SESSION['mail_fmt'] = $fmt;
	76	redirect('preferences');
	77	}
	78
	79	if (Env::has('rss')) {
7927d719	80	$this->__set_rss_state(Env::getBool('rss'));
e59506eb	81	}
	82
	83	$page->assign('prefs', $globals->hook->prefs());
a2558f2b	84
a2558f2b	85	return PL_OK;
e59506eb	86	}
9bae6004	87
4da0b8d7	88	function handler_prefs_rss(&$page)
7927d719	89	{
	90	global $globals;
	91
	92	$page->changeTpl('filrss.tpl');
	93
	94	$page->assign('goback', Env::get('referer', 'login'));
	95
	96	if (Env::get('act_rss') == 'Activer') {
	97	$this->__set_rss_state(true);
	98	$page->trig("Ton Fil RSS est activ�.");
	99	}
	100
	101	return PL_OK;
	102	}
	103
7c77c3ee	104	function handler_password(&$page)
	105	{
	106	global $globals;
	107
	108	if (Post::has('response2')) {
	109	require_once 'secure_hash.inc.php';
	110
	111	$_SESSION['password'] = $password = Post::get('response2');
	112
	113	$globals->xdb->execute('UPDATE auth_user_md5
	114	SET password={?}
	115	WHERE user_id={?}', $password,
	116	Session::getInt('uid'));
	117
	118	$log =& Session::getMixed('log');
	119	$log->log('passwd', '');
	120
	121	if (Cookie::get('ORGaccess')) {
	122	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	123	}
	124
	125	$page->changeTpl('motdepasse.success.tpl');
	126	$page->run();
	127	}
	128
	129	$page->changeTpl('motdepasse.tpl');
	130	$page->addJsLink('javascript/motdepasse.js');
	131	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
	132
	133	return PL_OK;
	134	}
	135
1a5da857	136	function handler_smtppass(&$page)
	137	{
	138	global $globals;
	139
	140	$page->changeTpl('acces_smtp.tpl');
	141	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
	142
	143	$uid = Session::getInt('uid');
	144	$pass = Env::get('smtppass1');
	145	$log = Session::getMixed('log');
	146
	147	if (Env::get('op') == "Valider" && strlen($pass) >= 6
	148	&& Env::get('smtppass1') == Env::get('smtppass2'))
	149	{
	150	$globals->xdb->execute('UPDATE auth_user_md5 SET smtppass = {?}
	151	WHERE user_id = {?}', $pass, $uid);
	152	$page->trig('Mot de passe enregistr�');
	153	$log->log("passwd_ssl");
	154	} elseif (Env::get('op') == "Supprimer") {
	155	$globals->xdb->execute('UPDATE auth_user_md5 SET smtppass = ""
	156	WHERE user_id = {?}', $uid);
	157	$page->trig('Compte SMTP et NNTP supprim�');
	158	$log->log("passwd_del");
	159	}
	160
	161	$res = $globals->xdb->query("SELECT IF(smtppass != '', 'actif', '')
	162	FROM auth_user_md5
	163	WHERE user_id = {?}", $uid);
	164	$page->assign('actif', $res->fetchOneCell());
	165
	166	return PL_OK;
	167	}
	168
8858cfc1	169	function handler_recovery(&$page)
	170	{
	171	global $globals;
	172
	173	$page->changeTpl('recovery.tpl');
	174
	175	if (!Env::has('login') \|\| !Env::has('birth')) {
	176	return PL_OK;
	177	}
	178
	179	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) {
	180	$page->trig_run('Date de naissance incorrecte ou incoh�rente');
	181	}
	182	$birth = sprintf('%s-%s-%s', substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2));
	183
	184	$mailorg = strtok(Env::get('login'), '@');
	185
	186	// paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
	187	// avec celle fournie ici en esp�rant que c'est la bonne
	188
	189	$res = $globals->xdb->query(
	190	"SELECT user_id, naissance
	191	FROM auth_user_md5 AS u
	192	INNER JOIN aliases AS a ON (u.user_id=a.id AND type!='homonyme')
	193	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	194	list($uid, $naissance) = $res->fetchOneRow();
	195
	196	if ($naissance == $birth) {
	197	$page->assign('ok', true);
	198
	199	$url = rand_url_id();
	200	$globals->xdb->execute('INSERT INTO perte_pass (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $uid);
	201	$res = $globals->xdb->query('SELECT email FROM emails WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	202	$mails = implode(', ', $res->fetchColumn());
	203
	204	require_once "diogenes/diogenes.hermes.inc.php";
	205	$mymail = new HermesMailer();
	206	$mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
	207	$mymail->addTo($mails);
	208	$mymail->setSubject('Ton certificat d\'authentification');
	209	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	210	{$globals->baseurl}/tmpPWD/$url
	211
	212	Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.
	213
	214	--
	215	Polytechnique.org
	216	\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"".(Post::get('email') ? "
	217
	218	Adresse de secours :
	219	".Post::get('email') : "")."
	220
	221	Mail envoy� � ".Env::get('login'));
	222	$mymail->send();
	223
	224	// on cree un objet logger et on log l'evenement
	225	$logger = $_SESSION['log'] = new DiogenesCoreLogger($uid);
	226	$logger->log('recovery', $emails);
	227	} else {
	228	$page->trig('Pas de r�sultat correspondant aux champs entr�s dans notre base de donn�es.');
	229	}
	230
	231	return PL_OK;
	232	}
233
6c49d0af	234	function handler_tmpPWD(&$page, $certif = null)
	235	{
	236	global $globals;
	237
	238	$globals->xdb->execute('DELETE FROM perte_pass
	239	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
	240
	241	$res = $globals->xdb->query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
	242	$ligne = $res->fetchOneAssoc();
	243	if (!$ligne) {
	244	$page->changeTpl('index.tpl');
	245	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	246	}
	247
	248	$uid = $ligne["uid"];
	249	if (Post::has('response2')) {
	250	$password = Post::get('response2');
	251	$logger = new DiogenesCoreLogger($uid);
	252	$globals->xdb->query('UPDATE auth_user_md5 SET password={?}
	253	WHERE user_id={?} AND perms IN("admin","user")',
	254	$password, $uid);
	255	$globals->xdb->query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
	256	$logger->log("passwd","");
	257	$page->changeTpl('tmpPWD.success.tpl');
	258	} else {
	259	$page->changeTpl('motdepasse.tpl');
	260	$page->addJsLink('javascript/motdepasse.js');
	261	}
	262
	263	return PL_OK;
	264	}
	265
9bae6004	266	function handler_skin(&$page)
	267	{
	268	global $globals;
	269
	270	if (!$globals->skin->enable) {
f09cee18	271	redirect('./');
9bae6004	272	}
f09cee18	273
f09cee18	274	$page->changeTpl('skins.tpl');
9bae6004	275	$page->assign('xorg_title','Polytechnique.org - Skins');
	276
	277	if (Env::has('newskin')) { // formulaire soumis, traitons les donn�es envoy�es
	278	$globals->xdb->execute('UPDATE auth_user_quick
	279	SET skin={?} WHERE user_id={?}',
	280	Env::getInt('newskin'),
	281	Session::getInt('uid'));
	282	set_skin();
	283	}
	284
	285	$sql = "SELECT s.,auteur,count() AS nb
	286	FROM skins AS s
	287	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	288	WHERE skin_tpl != '' AND ext != ''
	289	GROUP BY id ORDER BY s.date DESC";
	290	$page->assign_by_ref('skins', $globals->xdb->iterator($sql));
	291	return PL_OK;
	292	}
4da0b8d7	293
	294	function handler_rss(&$page, $user = null, $hash = null)
	295	{
	296	global $globals;
	297
	298	require_once 'rss.inc.php';
	299
	300	$uid = init_rss('rss.tpl', $user, $hash);
	301
	302	$rss = $globals->xdb->iterator(
	303	'SELECT e.id, e.titre, e.texte, e.creation_date
	304	FROM auth_user_md5 AS u
	305	INNER JOIN evenements AS e ON ( (e.promo_min = 0 \|\| e.promo_min <= u.promo)
	306	AND (e.promo_max = 0 \|\| e.promo_max >= u.promo) )
	307	WHERE u.user_id = {?} AND FIND_IN_SET(e.flags, "valide")
	308	AND peremption >= NOW()', $uid);
	309	$page->assign('rss', $rss);
	310
	311	return PL_OK;
	312	}
e59506eb	313	}
	314
	315	?>