[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'             => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'        => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'         => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'             => $this->make_hook('prefs',     AUTH_COOKIE, 'user,groups'),
            'prefs/rss'         => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
            'prefs/webredirect' => $this->make_hook('webredir',  AUTH_MDP,    'mail'),
            'prefs/skin'        => $this->make_hook('skin',      AUTH_COOKIE, 'user'),

            // password related thingies
            'password'          => $this->make_hook('password',  AUTH_MDP,    'user,groups'),
            'tmpPWD'            => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp'     => $this->make_hook('smtppass',  AUTH_MDP,    'mail'),
            'recovery'          => $this->make_hook('recovery',  AUTH_PUBLIC),
            'recovery/ext'      => $this->make_hook('recovery_ext', AUTH_PUBLIC),
            'register/ext'      => $this->make_hook('register_ext', AUTH_PUBLIC),
            'exit'              => $this->make_hook('exit',      AUTH_PUBLIC),
            'review'            => $this->make_hook('review',    AUTH_PUBLIC),
            'deconnexion.php'   => $this->make_hook('exit',      AUTH_PUBLIC),
        );
    }

    function handler_index($page)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        // Redirect to the suitable page
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            $this->handler_review($page);
        }
    }

    function handler_cacert($page)
    {
        pl_cached_content_headers("application/x-x509-ca-cert");
        readfile("/etc/ssl/xorgCA/cacert.pem");
        exit;
    }

    function handler_changelog($page, $core = null)
    {
        $page->changeTpl('platal/changeLog.tpl');

        function formatChangeLog($file) {
            $clog = pl_entities(file_get_contents($file));
            $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
            // url catch only (not all wiki syntax)
            $clog = preg_replace(array(
                '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
                '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
                '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
              array(
                '<a href="\\0">\\0</a>',
                '\\1<a href="http://www.\\2">www.\\2</a>',
                '<a href="mailto:\\0">\\0</a>'),
              $clog);
            $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
            $clog = preg_replace('!vim:.*$!', '', $clog);
            return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
        }
        if ($core != 'core') {
            $page->assign('core', false);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
        } else {
            $page->assign('core', true);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
        }
    }

    function __set_rss_state($state)
    {
        if ($state) {
            if (!S::user()->token) {
                S::user()->token = rand_url_id(16);
                S::set('token', S::user()->token);
                XDB::execute('UPDATE  accounts
                                 SET  token = {?}
                               WHERE  uid = {?}', S::user()->token, S::i('uid'));
            }
        } else {
            S::kill('token');
            S::user()->token = null;
            XDB::execute('UPDATE  accounts
                             SET  token = NULL
                           WHERE  uid = {?}', S::i('uid'));
        }
    }

    function handler_prefs($page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->setTitle('Mes préférences');

        if (Post::has('email_format')) {
            S::assert_xsrf_token();
            $fmt = Post::s('email_format');
            S::user()->setEmailFormat($fmt);
        }

        if (Post::has('rss')) {
            S::assert_xsrf_token();
            $this->__set_rss_state(Post::s('rss') == 'on');
        }
    }

    function handler_webredir($page)
    {
        $page->changeTpl('platal/webredirect.tpl');
        $page->setTitle('Redirection de page WEB');

        if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
            if (Env::blank('url')) {
                $page->trigError('URL invalide');
            } else {
                $url = Env::t('url');
                XDB::execute('INSERT INTO  carvas (uid, url)
                                   VALUES  ({?}, {?})
                  ON DUPLICATE KEY UPDATE  url = VALUES(url)',
                             S::i('uid'), $url);
                S::logger()->log('carva_add', 'http://' . $url);
                $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
            }
        } elseif (Env::v('submit') == 'Supprimer') {
            XDB::execute('DELETE FROM carvas
                                WHERE uid = {?}', S::i('uid'));
            Post::kill('url');
            S::logger()->log('carva_del');
            $page->trigSuccess('Redirection supprimée');
        }

        $url = XDB::fetchOneCell('SELECT  url
                                    FROM  carvas
                                   WHERE  uid = {?}', S::i('uid'));
        $page->assign('carva', $url);

        # FIXME: this code is not multi-domain compatible. We should decide how
        # carva will extend to users not in the main domain.
        $best = XDB::fetchOneCell('SELECT  email
                                     FROM  email_source_account
                                    WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
                                  S::user()->id());
        $page->assign('bestalias', $best);
    }

    function handler_prefs_rss($page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trigSuccess("Ton Fil RSS est activé.");
        }
    }

    function handler_password($page)
    {
        global $globals;

        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(S::user());
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);

            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->setTitle('Mon mot de passe');
        $page->assign('do_auth', 0);
    }

    function handler_smtppass($page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->setTitle('Acces SMTP/NNTP');

        $wp = new PlWikiPage('Xorg.SMTPSécurisé');
        $wp->buildCache();
        $wp = new PlWikiPage('Xorg.NNTPSécurisé');
        $wp->buildCache();

        $uid  = S::i('uid');
        $pass = Env::v('smtppass1');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
            &&  Env::v('smtppass1') == Env::v('smtppass2')) {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = {?}
                           WHERE  uid = {?}', $pass, $uid);
            $page->trigSuccess('Mot de passe enregistré');
            S::logger()->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = NULL
                           WHERE  uid = {?}', $uid);
            $page->trigSuccess('Compte SMTP et NNTP supprimé');
            S::logger()->log("passwd_del");
        }

        $res = XDB::query("SELECT  weak_password IS NOT NULL
                             FROM  accounts
                            WHERE  uid = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery($page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
            $page->trigError('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        $profile = Profile::get(Env::t('login'));
        if (is_null($profile) || $profile->birthdate != $birth) {
            $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
            return;
        }

        $user = $profile->owner();
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        if ($user->lost) {
            $page->assign('no_addr', true);
            return;
        }

        $page->assign('ok', true);

        $url = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (certificat,uid,created)
                           VALUES  ({?},{?},NOW())', $url, $user->id());
        $to = XDB::fetchOneCell('SELECT  redirect
                                   FROM  email_redirect_account
                                  WHERE  uid = {?} AND redirect = {?}',
                                $user->id(), Post::t('email'));
        if (is_null($to)) {
            $emails = XDB::fetchColumn('SELECT  redirect
                                          FROM  email_redirect_account
                                         WHERE  uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
                                       $user->id());
            $inactives_to = implode(', ', $emails);
        }
        $mymail = new PlMailer();
        $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
        if (is_null($to)) {
            $mymail->addTo($user);
            $mymail->addTo($inactives_to);
        } else {
            $mymail->addTo($to);
        }
        $mymail->setSubject("Ton certificat d'authentification");
        $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"

Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
Adresse de secours : ' . $to));
        $mymail->send();

        S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
    }

    function handler_recovery_ext($page)
    {
        $page->changeTpl('xnet/recovery.tpl');

        if (!Post::has('login')) {
            return;
        }

        $user = User::getSilent(Post::t('login'));
        if (is_null($user)) {
            $page->trigError('Le compte n\'existe pas.');
            return;
        }
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        $page->assign('ok', true);

        $hash = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (uid, created, certificat)
                           VALUES  ({?}, NOW(), {?})',
                     $user->id(), $hash);

        $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
        $mymail->addTo($user);
        $mymail->assign('hash', $hash);
        $mymail->assign('email', Post::t('login'));
        $mymail->send();

        S::logger($user->id())->log('recovery', $user->bestEmail());
    }

    function handler_tmpPWD($page, $certif = null)
    {
        global $globals;
        XDB::execute('DELETE FROM  account_lost_passwords
                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res = XDB::query('SELECT  uid
                             FROM  account_lost_passwords WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('pwhash') && Post::t('pwhash')) {
            $password = Post::t('pwhash');
            XDB::query('UPDATE  accounts
                           SET  password={?}
                         WHERE  uid = {?} AND state = \'active\'',
                       $password, $uid);
            XDB::query('DELETE FROM  account_lost_passwords
                              WHERE  certificat={?}', $certif);

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(User::getSilent($uid));
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger($uid)->log("passwd", "");

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Platal::session()->start(AUTH_MDP);

            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $hruid = XDB::fetchOneCell('SELECT  hruid
                                          FROM  accounts
                                         WHERE  uid = {?}',
                                       $uid);
            $page->changeTpl('platal/password.tpl');
            $page->assign('hruid', $hruid);
            $page->assign('do_auth', 1);
        }
    }

    function handler_register_ext($page, $hash = null)
    {
        XDB::execute('DELETE FROM  register_pending_xnet
                            WHERE  DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
        $res = XDB::fetchOneAssoc('SELECT  uid, hruid, email
                                     FROM  register_pending_xnet
                                    WHERE  hash = {?}',
                                  $hash);

        if (is_null($hash) || is_null($res)) {
            $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
        }

        if (Post::has('pwhash') && Post::t('pwhash')) {
            XDB::startTransaction();
            XDB::query('UPDATE  accounts
                           SET  password = {?}, state = \'active\', registration_date = NOW()
                         WHERE  uid = {?} AND state = \'pending\' AND type = \'xnet\'',
                       Post::t('pwhash'), $res['uid']);
            XDB::query('DELETE FROM  register_pending_xnet
                              WHERE  uid = {?}',
                              $res['uid']);
            XDB::commit();

            S::logger($res['uid'])->log('passwd', '');

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Post::kill('wait');
            Platal::session()->startAvailableAuth();

            $page->changeTpl('xnet/register.success.tpl');
            $page->assign('email', $res['email']);
        } else {
            $page->changeTpl('platal/password.tpl');
            $page->assign('xnet', true);
            $page->assign('hruid', $res['hruid']);
            $page->assign('do_auth', 1);
        }
    }

    function handler_skin($page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->setTitle('Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE  accounts
                             SET  skin = {?}
                           WHERE  uid = {?}',
                         Env::i('newskin'), S::i('uid'));
            S::kill('skin');
            Platal::session()->setSkin();
        }

        $res = XDB::query('SELECT  id
                             FROM  skins
                            WHERE  skin_tpl = {?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = 'SELECT  s.*, auteur, COUNT(*) AS nb
                  FROM  skins AS s
             LEFT JOIN  accounts AS a ON (a.skin = s.id)
                 WHERE  skin_tpl != \'\' AND ext != \'\'
              GROUP BY  id ORDER BY s.date DESC';
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit($page, $level = null)
    {
        if (S::suid()) {
            $old = S::user()->login();
            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
            Platal::session()->stopSUID();
            $target = S::s('suid_startpage');
            S::kill('suid_startpage');
            if (!empty($target)) {
                http_redirect($target);
            }
            pl_redirect('admin/user/' . $old);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            Platal::session()->killAccessCookie();
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            Platal::session()->killLoginFormCookies();
        }

        if (S::logged()) {
            S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
            Platal::session()->destroy();
        }

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review($page, $action = null, $mode = null)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        $this->load('review.inc.php');
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        $wp = new PlWikiPage($dom . '.Admin');
        $conf = explode('%0a', $wp->getField('text'));
        $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
5de0b7e1	23	{
bd5dad64	24	$list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
eb5a266d SJ	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
a88f005d	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
e5ceaa8c RB	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
	48	'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
	49	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
4da0b8d7	50
4da0b8d7	51	// password related thingies
a88f005d	52	'password' => $this->make_hook('password', AUTH_MDP, 'user,groups'),
eb5a266d	53	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
e5ceaa8c	54	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
eb5a266d	55	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
a88f005d RB	56	'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
a88f005d RB	57	'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
eb5a266d SJ	58	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
	59	'review' => $this->make_hook('review', AUTH_PUBLIC),
	60	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	61	);
	62	}
	63
26ba053e	64	function handler_index($page)
c9178c75	65	{
ab66bf7f	66	// Include X-XRDS-Location response-header for Yadis discovery
78507d96	67	global $globals;
34d91db6	68	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f AA	69
ab66bf7f AA	70	// Redirect to the suitable page
cab08090	71	if (S::logged()) {
8b00e0e0	72	pl_redirect('events');
ddb64990	73	} else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a	74	$this->handler_review($page);
c9178c75	75	}
c9178c75	76	}
c9178c75	77
26ba053e	78	function handler_cacert($page)
5de0b7e1	79	{
3cb500d5 VZ	80	pl_cached_content_headers("application/x-x509-ca-cert");
3cb500d5 VZ	81	readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1	82	exit;
	83	}
	84
26ba053e	85	function handler_changelog($page, $core = null)
5de0b7e1	86	{
8b1f8e12	87	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	88
78d4079a FB	89	function formatChangeLog($file) {
	90	$clog = pl_entities(file_get_contents($file));
	91	$clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
	92	// url catch only (not all wiki syntax)
	93	$clog = preg_replace(array(
	94	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	95	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	96	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	97	array(
	98	'<a href="\\0">\\0</a>',
	99	'\\1<a href="http://www.\\2">www.\\2</a>',
	100	'<a href="mailto:\\0">\\0</a>'),
	101	$clog);
2bb9e576	102	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
78d4079a FB	103	$clog = preg_replace('!vim:.*$!', '', $clog);
	104	return preg_replace("!(<hr />(\\s\|\n))?<pre>(\s\|\n)</pre>((\\s\|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
	105	}
	106	if ($core != 'core') {
	107	$page->assign('core', false);
	108	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
	109	} else {
	110	$page->assign('core', true);
	111	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
	112	}
5de0b7e1	113	}
5de0b7e1	114
7927d719	115	function __set_rss_state($state)
7927d719	116	{
7927d719	117	if ($state) {
19be891e FB	118	if (!S::user()->token) {
	119	S::user()->token = rand_url_id(16);
	120	S::set('token', S::user()->token);
	121	XDB::execute('UPDATE accounts
	122	SET token = {?}
	123	WHERE uid = {?}', S::user()->token, S::i('uid'));
	124	}
7927d719	125	} else {
31e01c97	126	S::kill('token');
19be891e	127	S::user()->token = null;
31e01c97 FB	128	XDB::execute('UPDATE accounts
	129	SET token = NULL
	130	WHERE uid = {?}', S::i('uid'));
7927d719	131	}
	132	}
	133
26ba053e	134	function handler_prefs($page)
e59506eb	135	{
8b1f8e12	136	$page->changeTpl('platal/preferences.tpl');
46f272fe	137	$page->setTitle('Mes préférences');
e59506eb	138
31e01c97	139	if (Post::has('email_format')) {
19be891e	140	S::assert_xsrf_token();
31e01c97	141	$fmt = Post::s('email_format');
8d308ee4	142	S::user()->setEmailFormat($fmt);
e59506eb	143	}
e59506eb	144
bee33d93	145	if (Post::has('rss')) {
19be891e FB	146	S::assert_xsrf_token();
19be891e FB	147	$this->__set_rss_state(Post::s('rss') == 'on');
e59506eb	148	}
e59506eb	149	}
9bae6004	150
26ba053e	151	function handler_webredir($page)
bce2f8eb	152	{
8b1f8e12	153	$page->changeTpl('platal/webredirect.tpl');
46f272fe	154	$page->setTitle('Redirection de page WEB');
bce2f8eb	155
c1e98576 FB	156	if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
	157	if (Env::blank('url')) {
	158	$page->trigError('URL invalide');
	159	} else {
	160	$url = Env::t('url');
00ba8a74 SJ	161	XDB::execute('INSERT INTO carvas (uid, url)
	162	VALUES ({?}, {?})
	163	ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576 FB	164	S::i('uid'), $url);
	165	S::logger()->log('carva_add', 'http://' . $url);
	166	$page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
	167	}
	168	} elseif (Env::v('submit') == 'Supprimer') {
	169	XDB::execute('DELETE FROM carvas
	170	WHERE uid = {?}', S::i('uid'));
bce2f8eb	171	Post::kill('url');
c1e98576	172	S::logger()->log('carva_del');
a7d35093	173	$page->trigSuccess('Redirection supprimée');
bce2f8eb	174	}
bce2f8eb	175
c1e98576 FB	176	$url = XDB::fetchOneCell('SELECT url
	177	FROM carvas
	178	WHERE uid = {?}', S::i('uid'));
	179	$page->assign('carva', $url);
e67b4436 VZ	180
	181	# FIXME: this code is not multi-domain compatible. We should decide how
	182	# carva will extend to users not in the main domain.
c0436d0b SJ	183	$best = XDB::fetchOneCell('SELECT email
	184	FROM email_source_account
	185	WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
	186	S::user()->id());
	187	$page->assign('bestalias', $best);
bce2f8eb	188	}
bce2f8eb	189
26ba053e	190	function handler_prefs_rss($page)
7927d719	191	{
8b1f8e12	192	$page->changeTpl('platal/filrss.tpl');
7927d719	193
5e2307dc	194	$page->assign('goback', Env::v('referer', 'login'));
7927d719	195
5e2307dc	196	if (Env::v('act_rss') == 'Activer') {
7927d719	197	$this->__set_rss_state(true);
a7d35093	198	$page->trigSuccess("Ton Fil RSS est activé.");
7927d719	199	}
7927d719	200	}
7927d719	201
26ba053e	202	function handler_password($page)
7c77c3ee	203	{
84270653 VZ	204	global $globals;
84270653 VZ	205
81b5a6c9	206	if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8	207	S::assert_xsrf_token();
7c77c3ee	208
81b5a6c9	209	S::set('password', $password = Post::t('pwhash'));
31e01c97 FB	210	XDB::execute('UPDATE accounts
	211	SET password = {?}
	212	WHERE uid={?}', $password,
	213	S::i('uid'));
7c77c3ee	214
84270653 VZ	215	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	216	// updates the Google Apps password as well.
	217	if ($globals->mailstorage->googleapps_domain) {
	218	require_once 'googleapps.inc.php';
d56cb887	219	$account = new GoogleAppsAccount(S::user());
f5c4bf30	220	if ($account->active() && $account->sync_password) {
84270653 VZ	221	$account->set_password($password);
	222	}
	223	}
	224
604dfd58 FB	225	S::logger()->log('passwd');
604dfd58 FB	226	Platal::session()->setAccessCookie(true);
7c77c3ee	227
4baa7323	228	$page->changeTpl('platal/password.success.tpl');
7c77c3ee	229	$page->run();
	230	}
	231
4baa7323	232	$page->changeTpl('platal/password.tpl');
46f272fe	233	$page->setTitle('Mon mot de passe');
a9ec9298	234	$page->assign('do_auth', 0);
7c77c3ee	235	}
7c77c3ee	236
26ba053e	237	function handler_smtppass($page)
1a5da857	238	{
8b1f8e12	239	$page->changeTpl('platal/acces_smtp.tpl');
46f272fe	240	$page->setTitle('Acces SMTP/NNTP');
eaf30d86	241
8f201b69 FB	242	$wp = new PlWikiPage('Xorg.SMTPSécurisé');
	243	$wp->buildCache();
	244	$wp = new PlWikiPage('Xorg.NNTPSécurisé');
	245	$wp->buildCache();
1a5da857	246
31e01c97	247	$uid = S::i('uid');
5e2307dc	248	$pass = Env::v('smtppass1');
1a5da857	249
eaf30d86	250	if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97	251	&& Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d FB	252	XDB::execute('UPDATE accounts
	253	SET weak_password = {?}
	254	WHERE uid = {?}', $pass, $uid);
a7d35093	255	$page->trigSuccess('Mot de passe enregistré');
732e5855	256	S::logger()->log("passwd_ssl");
5e2307dc	257	} elseif (Env::v('op') == "Supprimer") {
0511895d FB	258	XDB::execute('UPDATE accounts
	259	SET weak_password = NULL
	260	WHERE uid = {?}', $uid);
a7d35093	261	$page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855	262	S::logger()->log("passwd_del");
1a5da857	263	}
1a5da857	264
0511895d FB	265	$res = XDB::query("SELECT weak_password IS NOT NULL
	266	FROM accounts
	267	WHERE uid = {?}", $uid);
1a5da857	268	$page->assign('actif', $res->fetchOneCell());
1a5da857	269	}
1a5da857	270
26ba053e	271	function handler_recovery($page)
8858cfc1	272	{
	273	global $globals;
	274
8b1f8e12	275	$page->changeTpl('platal/recovery.tpl');
8858cfc1	276
8858cfc1	277	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	278	return;
8858cfc1	279	}
8858cfc1	280
cf5cf754	281	if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
a7d35093	282	$page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c	283	return;
8858cfc1	284	}
c9110c6c	285
c9110c6c	286	$birth = sprintf('%s-%s-%s',
5e2307dc	287	substr(Env::v('birth'), 4, 4),
	288	substr(Env::v('birth'), 2, 2),
	289	substr(Env::v('birth'), 0, 2));
8858cfc1	290
5e2307dc	291	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	292
6846791e FB	293	$profile = Profile::get(Env::t('login'));
	294	if (is_null($profile) \|\| $profile->birthdate != $birth) {
	295	$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
	296	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
	297	return;
	298	}
8c28edc9	299
6846791e FB	300	$user = $profile->owner();
	301	if ($user->state != 'active') {
	302	$page->trigError('Ton compte n\'est pas activé.');
	303	return;
	304	}
	305
c0436d0b	306	if ($user->lost) {
6846791e FB	307	$page->assign('no_addr', true);
	308	return;
	309	}
8858cfc1	310
6846791e FB	311	$page->assign('ok', true);
6846791e FB	312
c0436d0b	313	$url = rand_url_id();
06f4daf9	314	XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e	315	VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b SJ	316	$to = XDB::fetchOneCell('SELECT redirect
	317	FROM email_redirect_account
	318	WHERE uid = {?} AND redirect = {?}',
	319	$user->id(), Post::t('email'));
	320	if (is_null($to)) {
	321	$emails = XDB::fetchColumn('SELECT redirect
	322	FROM email_redirect_account
	323	WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
	324	$user->id());
	325	$inactives_to = implode(', ', $emails);
6846791e FB	326	}
	327	$mymail = new PlMailer();
	328	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b SJ	329	if (is_null($to)) {
	330	$mymail->addTo($user);
	331	$mymail->addTo($inactives_to);
	332	} else {
	333	$mymail->addTo($to);
	334	}
e46cf8c4	335	$mymail->setSubject("Ton certificat d'authentification");
6846791e	336	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1	337	{$globals->baseurl}/tmpPWD/$url
8858cfc1	338
e887e90d	339	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	340
eaf30d86	341	--
8858cfc1	342	Polytechnique.org
3bf63218	343	\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1	344
471882e8 SJ	345	Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
471882e8 SJ	346	Adresse de secours : ' . $to));
6846791e	347	$mymail->send();
8858cfc1	348
97a05304	349	S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
8858cfc1	350	}
8858cfc1	351
a88f005d RB	352	function handler_recovery_ext($page)
	353	{
	354	$page->changeTpl('xnet/recovery.tpl');
	355
	356	if (!Post::has('login')) {
	357	return;
	358	}
	359
	360	$user = User::getSilent(Post::t('login'));
	361	if (is_null($user)) {
	362	$page->trigError('Le compte n\'existe pas.');
	363	return;
	364	}
	365	if ($user->state != 'active') {
	366	$page->trigError('Ton compte n\'est pas activé.');
	367	return;
	368	}
	369
	370	$page->assign('ok', true);
	371
	372	$hash = rand_url_id();
	373	XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
	374	VALUES ({?}, NOW(), {?})',
	375	$user->id(), $hash);
	376
23906784	377	$mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
a88f005d	378	$mymail->addTo($user);
23906784 RB	379	$mymail->assign('hash', $hash);
23906784 RB	380	$mymail->assign('email', Post::t('login'));
a88f005d RB	381	$mymail->send();
	382
	383	S::logger($user->id())->log('recovery', $user->bestEmail());
	384	}
	385
26ba053e	386	function handler_tmpPWD($page, $certif = null)
6c49d0af	387	{
84270653	388	global $globals;
06f4daf9	389	XDB::execute('DELETE FROM account_lost_passwords
31e01c97	390	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	391
31e01c97	392	$res = XDB::query('SELECT uid
06f4daf9	393	FROM account_lost_passwords WHERE certificat={?}', $certif);
6c49d0af	394	$ligne = $res->fetchOneAssoc();
6c49d0af	395	if (!$ligne) {
8b1f8e12	396	$page->changeTpl('platal/index.tpl');
6c49d0af	397	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	398	}
	399
	400	$uid = $ligne["uid"];
81b5a6c9 SJ	401	if (Post::has('pwhash') && Post::t('pwhash')) {
81b5a6c9 SJ	402	$password = Post::t('pwhash');
31e01c97 FB	403	XDB::query('UPDATE accounts
	404	SET password={?}
	405	WHERE uid = {?} AND state = \'active\'',
	406	$password, $uid);
06f4daf9	407	XDB::query('DELETE FROM account_lost_passwords
31e01c97	408	WHERE certificat={?}', $certif);
84270653 VZ	409
	410	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	411	// updates the Google Apps password as well.
	412	if ($globals->mailstorage->googleapps_domain) {
	413	require_once 'googleapps.inc.php';
d56cb887	414	$account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30	415	if ($account->active() && $account->sync_password) {
84270653 VZ	416	$account->set_password($password);
	417	}
	418	}
	419
cf40e1ae	420	S::logger($uid)->log("passwd", "");
30439e34 SJ	421
	422	// Try to start a session (so the user don't have to log in); we will use
	423	// the password available in Post:: to authenticate the user.
	424	Platal::session()->start(AUTH_MDP);
	425
8b1f8e12	426	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	427	} else {
30439e34 SJ	428	$hruid = XDB::fetchOneCell('SELECT hruid
	429	FROM accounts
	430	WHERE uid = {?}',
	431	$uid);
4baa7323	432	$page->changeTpl('platal/password.tpl');
30439e34	433	$page->assign('hruid', $hruid);
a9ec9298	434	$page->assign('do_auth', 1);
6c49d0af	435	}
6c49d0af	436	}
6c49d0af	437
a88f005d RB	438	function handler_register_ext($page, $hash = null)
	439	{
	440	XDB::execute('DELETE FROM register_pending_xnet
	441	WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
23906784	442	$res = XDB::fetchOneAssoc('SELECT uid, hruid, email
a88f005d RB	443	FROM register_pending_xnet
	444	WHERE hash = {?}',
	445	$hash);
	446
	447	if (is_null($hash) \|\| is_null($res)) {
	448	$page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
	449	}
	450
	451	if (Post::has('pwhash') && Post::t('pwhash')) {
23906784	452	XDB::startTransaction();
a88f005d RB	453	XDB::query('UPDATE accounts
	454	SET password = {?}, state = \'active\', registration_date = NOW()
	455	WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
	456	Post::t('pwhash'), $res['uid']);
	457	XDB::query('DELETE FROM register_pending_xnet
	458	WHERE uid = {?}',
23906784 RB	459	$res['uid']);
23906784 RB	460	XDB::commit();
a88f005d RB	461
	462	S::logger($res['uid'])->log('passwd', '');
	463
	464	// Try to start a session (so the user don't have to log in); we will use
	465	// the password available in Post:: to authenticate the user.
	466	Post::kill('wait');
	467	Platal::session()->startAvailableAuth();
	468
	469	$page->changeTpl('xnet/register.success.tpl');
	470	$page->assign('email', $res['email']);
	471	} else {
	472	$page->changeTpl('platal/password.tpl');
	473	$page->assign('xnet', true);
	474	$page->assign('hruid', $res['hruid']);
	475	$page->assign('do_auth', 1);
	476	}
	477	}
	478
26ba053e	479	function handler_skin($page)
9bae6004	480	{
	481	global $globals;
	482
8b1f8e12	483	$page->changeTpl('platal/skins.tpl');
46f272fe	484	$page->setTitle('Skins');
9bae6004	485
a7de4ef7	486	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97 FB	487	XDB::execute('UPDATE accounts
	488	SET skin = {?}
	489	WHERE uid = {?}',
	490	Env::i('newskin'), S::i('uid'));
92e6a287	491	S::kill('skin');
47fa97fe	492	Platal::session()->setSkin();
9bae6004	493	}
9bae6004	494
31e01c97 FB	495	$res = XDB::query('SELECT id
	496	FROM skins
	497	WHERE skin_tpl = {?}', S::v('skin'));
92e6a287	498	$page->assign('skin_id', $res->fetchOneCell());
92e6a287	499
31e01c97 FB	500	$sql = 'SELECT s., auteur, COUNT() AS nb
	501	FROM skins AS s
	502	LEFT JOIN accounts AS a ON (a.skin = s.id)
	503	WHERE skin_tpl != \'\' AND ext != \'\'
	504	GROUP BY id ORDER BY s.date DESC';
a3afa47c	505	$page->assign('skins', XDB::iterator($sql));
9bae6004	506	}
4da0b8d7	507
26ba053e	508	function handler_exit($page, $level = null)
5de0b7e1	509	{
0c02607e	510	if (S::suid()) {
20b087ff FB	511	$old = S::user()->login();
20b087ff FB	512	S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe	513	Platal::session()->stopSUID();
20b087ff FB	514	$target = S::s('suid_startpage');
	515	S::kill('suid_startpage');
	516	if (!empty($target)) {
	517	http_redirect($target);
	518	}
	519	pl_redirect('admin/user/' . $old);
5de0b7e1	520	}
	521
	522	if ($level == 'forget' \|\| $level == 'forgetall') {
604dfd58	523	Platal::session()->killAccessCookie();
5de0b7e1	524	}
	525
	526	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
604dfd58	527	Platal::session()->killLoginFormCookies();
5de0b7e1	528	}
5de0b7e1	529
130b8708	530	if (S::logged()) {
59bec5bc FB	531	S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
59bec5bc FB	532	Platal::session()->destroy();
130b8708	533	}
5de0b7e1	534
5de0b7e1	535	if (Get::has('redirect')) {
5e2307dc	536	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	537	} else {
8b1f8e12	538	$page->changeTpl('platal/exit.tpl');
5de0b7e1	539	}
5de0b7e1	540	}
ddb64990	541
26ba053e	542	function handler_review($page, $action = null, $mode = null)
ddb64990	543	{
78507d96 AA	544	// Include X-XRDS-Location response-header for Yadis discovery
78507d96 AA	545	global $globals;
34d91db6	546	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96	547
460d8f55	548	$this->load('review.inc.php');
ddb64990 FB	549	$dom = 'Review';
	550	if (@$GLOBALS['IS_XNET_SITE']) {
	551	$dom .= 'Xnet';
	552	}
8f201b69 FB	553	$wp = new PlWikiPage($dom . '.Admin');
8f201b69 FB	554	$conf = explode('%0a', $wp->getField('text'));
6d20fb1d	555	$wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990 FB	556	foreach ($conf as $line) {
	557	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	558	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	559	}
	560	$wiz->apply($page, 'review', $action, $mode);
	561	}
e59506eb	562	}
e59506eb	563
a7de4ef7	564	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	565	?>