[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'             => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'        => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'         => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'             => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'         => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect' => $this->make_hook('webredir',  AUTH_MDP, 'mail'),
            'prefs/skin'        => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'          => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'            => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp'     => $this->make_hook('smtppass',  AUTH_MDP, 'mail'),
            'recovery'          => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'              => $this->make_hook('exit',      AUTH_PUBLIC),
            'review'            => $this->make_hook('review',    AUTH_PUBLIC),
            'deconnexion.php'   => $this->make_hook('exit',      AUTH_PUBLIC),
        );
    }

    function handler_index($page)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        // Redirect to the suitable page
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            $this->handler_review($page);
        }
    }

    function handler_cacert($page)
    {
        pl_cached_content_headers("application/x-x509-ca-cert");
        readfile("/etc/ssl/xorgCA/cacert.pem");
        exit;
    }

    function handler_changelog($page, $core = null)
    {
        $page->changeTpl('platal/changeLog.tpl');

        function formatChangeLog($file) {
            $clog = pl_entities(file_get_contents($file));
            $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
            // url catch only (not all wiki syntax)
            $clog = preg_replace(array(
                '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
                '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
                '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
              array(
                '<a href="\\0">\\0</a>',
                '\\1<a href="http://www.\\2">www.\\2</a>',
                '<a href="mailto:\\0">\\0</a>'),
              $clog);
            $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
            $clog = preg_replace('!vim:.*$!', '', $clog);
            return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
        }
        if ($core != 'core') {
            $page->assign('core', false);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
        } else {
            $page->assign('core', true);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
        }
    }

    function __set_rss_state($state)
    {
        if ($state) {
            if (!S::user()->token) {
                S::user()->token = rand_url_id(16);
                S::set('token', S::user()->token);
                XDB::execute('UPDATE  accounts
                                 SET  token = {?}
                               WHERE  uid = {?}', S::user()->token, S::i('uid'));
            }
        } else {
            S::kill('token');
            S::user()->token = null;
            XDB::execute('UPDATE  accounts
                             SET  token = NULL
                           WHERE  uid = {?}', S::i('uid'));
        }
    }

    function handler_prefs($page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->setTitle('Mes préférences');

        if (Post::has('email_format')) {
            S::assert_xsrf_token();
            $fmt = Post::s('email_format');
            S::user()->setEmailFormat($fmt);
        }

        if (Post::has('rss')) {
            S::assert_xsrf_token();
            $this->__set_rss_state(Post::s('rss') == 'on');
        }
    }

    function handler_webredir($page)
    {
        $page->changeTpl('platal/webredirect.tpl');
        $page->setTitle('Redirection de page WEB');

        if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
            if (Env::blank('url')) {
                $page->trigError('URL invalide');
            } else {
                $url = Env::t('url');
                XDB::execute('INSERT INTO  carvas (uid, url)
                                   VALUES  ({?}, {?})
                  ON DUPLICATE KEY UPDATE  url = VALUES(url)',
                             S::i('uid'), $url);
                S::logger()->log('carva_add', 'http://' . $url);
                $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
            }
        } elseif (Env::v('submit') == 'Supprimer') {
            XDB::execute('DELETE FROM carvas
                                WHERE uid = {?}', S::i('uid'));
            Post::kill('url');
            S::logger()->log('carva_del');
            $page->trigSuccess('Redirection supprimée');
        }

        $url = XDB::fetchOneCell('SELECT  url
                                    FROM  carvas
                                   WHERE  uid = {?}', S::i('uid'));
        $page->assign('carva', $url);

        # FIXME: this code is not multi-domain compatible. We should decide how
        # carva will extend to users not in the main domain.
        $best = XDB::fetchOneCell('SELECT  email
                                     FROM  email_source_account
                                    WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
                                  S::user()->id());
        $page->assign('bestalias', $best);
    }

    function handler_prefs_rss($page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trigSuccess("Ton Fil RSS est activé.");
        }
    }

    function handler_password($page)
    {
        global $globals;

        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(S::user());
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);

            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->setTitle('Mon mot de passe');
        $page->assign('do_auth', false);
    }

    function handler_smtppass($page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->setTitle('Acces SMTP/NNTP');

        $wp = new PlWikiPage('Xorg.SMTPSécurisé');
        $wp->buildCache();
        $wp = new PlWikiPage('Xorg.NNTPSécurisé');
        $wp->buildCache();

        $uid  = S::i('uid');
        $pass = Env::v('smtppass1');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
            &&  Env::v('smtppass1') == Env::v('smtppass2')) {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = {?}
                           WHERE  uid = {?}', $pass, $uid);
            $page->trigSuccess('Mot de passe enregistré');
            S::logger()->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = NULL
                           WHERE  uid = {?}', $uid);
            $page->trigSuccess('Compte SMTP et NNTP supprimé');
            S::logger()->log("passwd_del");
        }

        $res = XDB::query("SELECT  weak_password IS NOT NULL
                             FROM  accounts
                            WHERE  uid = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery($page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
            $page->trigError('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        $profile = Profile::get(Env::t('login'));
        if (is_null($profile) || $profile->birthdate != $birth) {
            $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
            return;
        }

        $user = $profile->owner();
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        if ($user->lost) {
            $page->assign('no_addr', true);
            return;
        }

        $page->assign('ok', true);

        $url = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (certificat,uid,created)
                           VALUES  ({?},{?},NOW())', $url, $user->id());
        $to = XDB::fetchOneCell('SELECT  redirect
                                   FROM  email_redirect_account
                                  WHERE  uid = {?} AND redirect = {?}',
                                $user->id(), Post::t('email'));
        if (is_null($to)) {
            $emails = XDB::fetchColumn('SELECT  redirect
                                          FROM  email_redirect_account
                                         WHERE  uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
                                       $user->id());
            $inactives_to = implode(', ', $emails);
        }
        $mymail = new PlMailer();
        $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
        if (is_null($to)) {
            $mymail->addTo($user);
            $mymail->addTo($inactives_to);
        } else {
            $mymail->addTo($to);
        }
        $mymail->setSubject("Ton certificat d'authentification");
        $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"

Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
        $mymail->send();

        S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
    }

    function handler_tmpPWD($page, $certif = null)
    {
        global $globals;
        // XXX: recovery requires data from the profile
        XDB::execute('DELETE FROM  account_lost_passwords
                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res = XDB::query('SELECT  uid
                             FROM  account_lost_passwords WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('pwhash') && Post::t('pwhash')) {
            $password = Post::t('pwhash');
            XDB::query('UPDATE  accounts
                           SET  password={?}
                         WHERE  uid = {?} AND state = \'active\'',
                       $password, $uid);
            XDB::query('DELETE FROM  account_lost_passwords
                              WHERE  certificat={?}', $certif);

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(User::getSilent($uid));
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger($uid)->log("passwd", "");

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Platal::session()->start(AUTH_MDP);

            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $hruid = XDB::fetchOneCell('SELECT  hruid
                                          FROM  accounts
                                         WHERE  uid = {?}',
                                       $uid);
            $page->changeTpl('platal/password.tpl');
            $page->assign('hruid', $hruid);
            $page->assign('do_auth', true);
        }
    }

    function handler_skin($page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->setTitle('Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE  accounts
                             SET  skin = {?}
                           WHERE  uid = {?}',
                         Env::i('newskin'), S::i('uid'));
            S::kill('skin');
            Platal::session()->setSkin();
        }

        $res = XDB::query('SELECT  id
                             FROM  skins
                            WHERE  skin_tpl = {?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = 'SELECT  s.*, auteur, COUNT(*) AS nb
                  FROM  skins AS s
             LEFT JOIN  accounts AS a ON (a.skin = s.id)
                 WHERE  skin_tpl != \'\' AND ext != \'\'
              GROUP BY  id ORDER BY s.date DESC';
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit($page, $level = null)
    {
        if (S::suid()) {
            $old = S::user()->login();
            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
            Platal::session()->stopSUID();
            $target = S::s('suid_startpage');
            S::kill('suid_startpage');
            if (!empty($target)) {
                http_redirect($target);
            }
            pl_redirect('admin/user/' . $old);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            Platal::session()->killAccessCookie();
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            Platal::session()->killLoginFormCookies();
        }

        if (S::logged()) {
            S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
            Platal::session()->destroy();
        }

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review($page, $action = null, $mode = null)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        $this->load('review.inc.php');
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        $wp = new PlWikiPage($dom . '.Admin');
        $conf = explode('%0a', $wp->getField('text'));
        $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
5de0b7e1	23	{
bd5dad64	24	$list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
eb5a266d SJ	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
eb5a266d SJ	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
eb5a266d SJ	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
2914271e	48	'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
eb5a266d	49	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	50
4da0b8d7	51	// password related thingies
eb5a266d SJ	52	'password' => $this->make_hook('password', AUTH_MDP),
eb5a266d SJ	53	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
2914271e	54	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
eb5a266d SJ	55	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
	56	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
	57	'review' => $this->make_hook('review', AUTH_PUBLIC),
	58	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	59	);
	60	}
	61
26ba053e	62	function handler_index($page)
c9178c75	63	{
ab66bf7f	64	// Include X-XRDS-Location response-header for Yadis discovery
78507d96	65	global $globals;
34d91db6	66	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f AA	67
ab66bf7f AA	68	// Redirect to the suitable page
cab08090	69	if (S::logged()) {
8b00e0e0	70	pl_redirect('events');
ddb64990	71	} else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a	72	$this->handler_review($page);
c9178c75	73	}
c9178c75	74	}
c9178c75	75
26ba053e	76	function handler_cacert($page)
5de0b7e1	77	{
3cb500d5 VZ	78	pl_cached_content_headers("application/x-x509-ca-cert");
3cb500d5 VZ	79	readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1	80	exit;
	81	}
	82
26ba053e	83	function handler_changelog($page, $core = null)
5de0b7e1	84	{
8b1f8e12	85	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	86
78d4079a FB	87	function formatChangeLog($file) {
	88	$clog = pl_entities(file_get_contents($file));
	89	$clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
	90	// url catch only (not all wiki syntax)
	91	$clog = preg_replace(array(
	92	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	93	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	94	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	95	array(
	96	'<a href="\\0">\\0</a>',
	97	'\\1<a href="http://www.\\2">www.\\2</a>',
	98	'<a href="mailto:\\0">\\0</a>'),
	99	$clog);
2bb9e576	100	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
78d4079a FB	101	$clog = preg_replace('!vim:.*$!', '', $clog);
	102	return preg_replace("!(<hr />(\\s\|\n))?<pre>(\s\|\n)</pre>((\\s\|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
	103	}
	104	if ($core != 'core') {
	105	$page->assign('core', false);
	106	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
	107	} else {
	108	$page->assign('core', true);
	109	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
	110	}
5de0b7e1	111	}
5de0b7e1	112
7927d719	113	function __set_rss_state($state)
7927d719	114	{
7927d719	115	if ($state) {
19be891e FB	116	if (!S::user()->token) {
	117	S::user()->token = rand_url_id(16);
	118	S::set('token', S::user()->token);
	119	XDB::execute('UPDATE accounts
	120	SET token = {?}
	121	WHERE uid = {?}', S::user()->token, S::i('uid'));
	122	}
7927d719	123	} else {
31e01c97	124	S::kill('token');
19be891e	125	S::user()->token = null;
31e01c97 FB	126	XDB::execute('UPDATE accounts
	127	SET token = NULL
	128	WHERE uid = {?}', S::i('uid'));
7927d719	129	}
	130	}
	131
26ba053e	132	function handler_prefs($page)
e59506eb	133	{
8b1f8e12	134	$page->changeTpl('platal/preferences.tpl');
46f272fe	135	$page->setTitle('Mes préférences');
e59506eb	136
31e01c97	137	if (Post::has('email_format')) {
19be891e	138	S::assert_xsrf_token();
31e01c97	139	$fmt = Post::s('email_format');
8d308ee4	140	S::user()->setEmailFormat($fmt);
e59506eb	141	}
e59506eb	142
bee33d93	143	if (Post::has('rss')) {
19be891e FB	144	S::assert_xsrf_token();
19be891e FB	145	$this->__set_rss_state(Post::s('rss') == 'on');
e59506eb	146	}
e59506eb	147	}
9bae6004	148
26ba053e	149	function handler_webredir($page)
bce2f8eb	150	{
8b1f8e12	151	$page->changeTpl('platal/webredirect.tpl');
46f272fe	152	$page->setTitle('Redirection de page WEB');
bce2f8eb	153
c1e98576 FB	154	if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
	155	if (Env::blank('url')) {
	156	$page->trigError('URL invalide');
	157	} else {
	158	$url = Env::t('url');
00ba8a74 SJ	159	XDB::execute('INSERT INTO carvas (uid, url)
	160	VALUES ({?}, {?})
	161	ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576 FB	162	S::i('uid'), $url);
	163	S::logger()->log('carva_add', 'http://' . $url);
	164	$page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
	165	}
	166	} elseif (Env::v('submit') == 'Supprimer') {
	167	XDB::execute('DELETE FROM carvas
	168	WHERE uid = {?}', S::i('uid'));
bce2f8eb	169	Post::kill('url');
c1e98576	170	S::logger()->log('carva_del');
a7d35093	171	$page->trigSuccess('Redirection supprimée');
bce2f8eb	172	}
bce2f8eb	173
c1e98576 FB	174	$url = XDB::fetchOneCell('SELECT url
	175	FROM carvas
	176	WHERE uid = {?}', S::i('uid'));
	177	$page->assign('carva', $url);
e67b4436 VZ	178
	179	# FIXME: this code is not multi-domain compatible. We should decide how
	180	# carva will extend to users not in the main domain.
c0436d0b SJ	181	$best = XDB::fetchOneCell('SELECT email
	182	FROM email_source_account
	183	WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
	184	S::user()->id());
	185	$page->assign('bestalias', $best);
bce2f8eb	186	}
bce2f8eb	187
26ba053e	188	function handler_prefs_rss($page)
7927d719	189	{
8b1f8e12	190	$page->changeTpl('platal/filrss.tpl');
7927d719	191
5e2307dc	192	$page->assign('goback', Env::v('referer', 'login'));
7927d719	193
5e2307dc	194	if (Env::v('act_rss') == 'Activer') {
7927d719	195	$this->__set_rss_state(true);
a7d35093	196	$page->trigSuccess("Ton Fil RSS est activé.");
7927d719	197	}
7927d719	198	}
7927d719	199
26ba053e	200	function handler_password($page)
7c77c3ee	201	{
84270653 VZ	202	global $globals;
84270653 VZ	203
81b5a6c9	204	if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8	205	S::assert_xsrf_token();
7c77c3ee	206
81b5a6c9	207	S::set('password', $password = Post::t('pwhash'));
31e01c97 FB	208	XDB::execute('UPDATE accounts
	209	SET password = {?}
	210	WHERE uid={?}', $password,
	211	S::i('uid'));
7c77c3ee	212
84270653 VZ	213	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	214	// updates the Google Apps password as well.
	215	if ($globals->mailstorage->googleapps_domain) {
	216	require_once 'googleapps.inc.php';
d56cb887	217	$account = new GoogleAppsAccount(S::user());
f5c4bf30	218	if ($account->active() && $account->sync_password) {
84270653 VZ	219	$account->set_password($password);
	220	}
	221	}
	222
604dfd58 FB	223	S::logger()->log('passwd');
604dfd58 FB	224	Platal::session()->setAccessCookie(true);
7c77c3ee	225
4baa7323	226	$page->changeTpl('platal/password.success.tpl');
7c77c3ee	227	$page->run();
	228	}
	229
4baa7323	230	$page->changeTpl('platal/password.tpl');
46f272fe	231	$page->setTitle('Mon mot de passe');
73f2bb48	232	$page->assign('do_auth', false);
7c77c3ee	233	}
7c77c3ee	234
26ba053e	235	function handler_smtppass($page)
1a5da857	236	{
8b1f8e12	237	$page->changeTpl('platal/acces_smtp.tpl');
46f272fe	238	$page->setTitle('Acces SMTP/NNTP');
eaf30d86	239
8f201b69 FB	240	$wp = new PlWikiPage('Xorg.SMTPSécurisé');
	241	$wp->buildCache();
	242	$wp = new PlWikiPage('Xorg.NNTPSécurisé');
	243	$wp->buildCache();
1a5da857	244
31e01c97	245	$uid = S::i('uid');
5e2307dc	246	$pass = Env::v('smtppass1');
1a5da857	247
eaf30d86	248	if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97	249	&& Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d FB	250	XDB::execute('UPDATE accounts
	251	SET weak_password = {?}
	252	WHERE uid = {?}', $pass, $uid);
a7d35093	253	$page->trigSuccess('Mot de passe enregistré');
732e5855	254	S::logger()->log("passwd_ssl");
5e2307dc	255	} elseif (Env::v('op') == "Supprimer") {
0511895d FB	256	XDB::execute('UPDATE accounts
	257	SET weak_password = NULL
	258	WHERE uid = {?}', $uid);
a7d35093	259	$page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855	260	S::logger()->log("passwd_del");
1a5da857	261	}
1a5da857	262
0511895d FB	263	$res = XDB::query("SELECT weak_password IS NOT NULL
	264	FROM accounts
	265	WHERE uid = {?}", $uid);
1a5da857	266	$page->assign('actif', $res->fetchOneCell());
1a5da857	267	}
1a5da857	268
26ba053e	269	function handler_recovery($page)
8858cfc1	270	{
	271	global $globals;
	272
8b1f8e12	273	$page->changeTpl('platal/recovery.tpl');
8858cfc1	274
8858cfc1	275	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	276	return;
8858cfc1	277	}
8858cfc1	278
cf5cf754	279	if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
a7d35093	280	$page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c	281	return;
8858cfc1	282	}
c9110c6c	283
c9110c6c	284	$birth = sprintf('%s-%s-%s',
5e2307dc	285	substr(Env::v('birth'), 4, 4),
	286	substr(Env::v('birth'), 2, 2),
	287	substr(Env::v('birth'), 0, 2));
8858cfc1	288
5e2307dc	289	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	290
6846791e FB	291	$profile = Profile::get(Env::t('login'));
	292	if (is_null($profile) \|\| $profile->birthdate != $birth) {
	293	$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
	294	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
	295	return;
	296	}
8c28edc9	297
6846791e FB	298	$user = $profile->owner();
	299	if ($user->state != 'active') {
	300	$page->trigError('Ton compte n\'est pas activé.');
	301	return;
	302	}
	303
c0436d0b	304	if ($user->lost) {
6846791e FB	305	$page->assign('no_addr', true);
	306	return;
	307	}
8858cfc1	308
6846791e FB	309	$page->assign('ok', true);
6846791e FB	310
c0436d0b	311	$url = rand_url_id();
06f4daf9	312	XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e	313	VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b SJ	314	$to = XDB::fetchOneCell('SELECT redirect
	315	FROM email_redirect_account
	316	WHERE uid = {?} AND redirect = {?}',
	317	$user->id(), Post::t('email'));
	318	if (is_null($to)) {
	319	$emails = XDB::fetchColumn('SELECT redirect
	320	FROM email_redirect_account
	321	WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
	322	$user->id());
	323	$inactives_to = implode(', ', $emails);
6846791e FB	324	}
	325	$mymail = new PlMailer();
	326	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b SJ	327	if (is_null($to)) {
	328	$mymail->addTo($user);
	329	$mymail->addTo($inactives_to);
	330	} else {
	331	$mymail->addTo($to);
	332	}
e46cf8c4	333	$mymail->setSubject("Ton certificat d'authentification");
6846791e	334	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1	335	{$globals->baseurl}/tmpPWD/$url
8858cfc1	336
e887e90d	337	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	338
eaf30d86	339	--
8858cfc1	340	Polytechnique.org
3bf63218	341	\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1	342
faefdbb7	343	Email envoyé à ".Env::v('login') . (Post::has('email') ? "
a4d5829b	344	Adresse de secours : " . Post::v('email') : ""));
6846791e	345	$mymail->send();
8858cfc1	346
97a05304	347	S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
8858cfc1	348	}
8858cfc1	349
26ba053e	350	function handler_tmpPWD($page, $certif = null)
6c49d0af	351	{
84270653	352	global $globals;
31e01c97	353	// XXX: recovery requires data from the profile
06f4daf9	354	XDB::execute('DELETE FROM account_lost_passwords
31e01c97	355	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	356
31e01c97	357	$res = XDB::query('SELECT uid
06f4daf9	358	FROM account_lost_passwords WHERE certificat={?}', $certif);
6c49d0af	359	$ligne = $res->fetchOneAssoc();
6c49d0af	360	if (!$ligne) {
8b1f8e12	361	$page->changeTpl('platal/index.tpl');
6c49d0af	362	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	363	}
	364
	365	$uid = $ligne["uid"];
81b5a6c9 SJ	366	if (Post::has('pwhash') && Post::t('pwhash')) {
81b5a6c9 SJ	367	$password = Post::t('pwhash');
31e01c97 FB	368	XDB::query('UPDATE accounts
	369	SET password={?}
	370	WHERE uid = {?} AND state = \'active\'',
	371	$password, $uid);
06f4daf9	372	XDB::query('DELETE FROM account_lost_passwords
31e01c97	373	WHERE certificat={?}', $certif);
84270653 VZ	374
	375	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	376	// updates the Google Apps password as well.
	377	if ($globals->mailstorage->googleapps_domain) {
	378	require_once 'googleapps.inc.php';
d56cb887	379	$account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30	380	if ($account->active() && $account->sync_password) {
84270653 VZ	381	$account->set_password($password);
	382	}
	383	}
	384
cf40e1ae	385	S::logger($uid)->log("passwd", "");
30439e34 SJ	386
	387	// Try to start a session (so the user don't have to log in); we will use
	388	// the password available in Post:: to authenticate the user.
	389	Platal::session()->start(AUTH_MDP);
	390
8b1f8e12	391	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	392	} else {
30439e34 SJ	393	$hruid = XDB::fetchOneCell('SELECT hruid
	394	FROM accounts
	395	WHERE uid = {?}',
	396	$uid);
4baa7323	397	$page->changeTpl('platal/password.tpl');
30439e34	398	$page->assign('hruid', $hruid);
73f2bb48	399	$page->assign('do_auth', true);
6c49d0af	400	}
6c49d0af	401	}
6c49d0af	402
26ba053e	403	function handler_skin($page)
9bae6004	404	{
	405	global $globals;
	406
8b1f8e12	407	$page->changeTpl('platal/skins.tpl');
46f272fe	408	$page->setTitle('Skins');
9bae6004	409
a7de4ef7	410	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97 FB	411	XDB::execute('UPDATE accounts
	412	SET skin = {?}
	413	WHERE uid = {?}',
	414	Env::i('newskin'), S::i('uid'));
92e6a287	415	S::kill('skin');
47fa97fe	416	Platal::session()->setSkin();
9bae6004	417	}
9bae6004	418
31e01c97 FB	419	$res = XDB::query('SELECT id
	420	FROM skins
	421	WHERE skin_tpl = {?}', S::v('skin'));
92e6a287	422	$page->assign('skin_id', $res->fetchOneCell());
92e6a287	423
31e01c97 FB	424	$sql = 'SELECT s., auteur, COUNT() AS nb
	425	FROM skins AS s
	426	LEFT JOIN accounts AS a ON (a.skin = s.id)
	427	WHERE skin_tpl != \'\' AND ext != \'\'
	428	GROUP BY id ORDER BY s.date DESC';
a3afa47c	429	$page->assign('skins', XDB::iterator($sql));
9bae6004	430	}
4da0b8d7	431
26ba053e	432	function handler_exit($page, $level = null)
5de0b7e1	433	{
0c02607e	434	if (S::suid()) {
20b087ff FB	435	$old = S::user()->login();
20b087ff FB	436	S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe	437	Platal::session()->stopSUID();
20b087ff FB	438	$target = S::s('suid_startpage');
	439	S::kill('suid_startpage');
	440	if (!empty($target)) {
	441	http_redirect($target);
	442	}
	443	pl_redirect('admin/user/' . $old);
5de0b7e1	444	}
	445
	446	if ($level == 'forget' \|\| $level == 'forgetall') {
604dfd58	447	Platal::session()->killAccessCookie();
5de0b7e1	448	}
	449
	450	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
604dfd58	451	Platal::session()->killLoginFormCookies();
5de0b7e1	452	}
5de0b7e1	453
130b8708	454	if (S::logged()) {
59bec5bc FB	455	S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
59bec5bc FB	456	Platal::session()->destroy();
130b8708	457	}
5de0b7e1	458
5de0b7e1	459	if (Get::has('redirect')) {
5e2307dc	460	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	461	} else {
8b1f8e12	462	$page->changeTpl('platal/exit.tpl');
5de0b7e1	463	}
5de0b7e1	464	}
ddb64990	465
26ba053e	466	function handler_review($page, $action = null, $mode = null)
ddb64990	467	{
78507d96 AA	468	// Include X-XRDS-Location response-header for Yadis discovery
78507d96 AA	469	global $globals;
34d91db6	470	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96	471
460d8f55	472	$this->load('review.inc.php');
ddb64990 FB	473	$dom = 'Review';
	474	if (@$GLOBALS['IS_XNET_SITE']) {
	475	$dom .= 'Xnet';
	476	}
8f201b69 FB	477	$wp = new PlWikiPage($dom . '.Admin');
8f201b69 FB	478	$conf = explode('%0a', $wp->getField('text'));
6d20fb1d	479	$wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990 FB	480	foreach ($conf as $line) {
	481	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	482	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	483	}
	484	$wiz->apply($page, 'review', $action, $mode);
	485	}
e59506eb	486	}
e59506eb	487
a7de4ef7	488	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	489	?>