[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
    	    'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'       => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'   => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                          => $this->make_hook('webredir',  AUTH_MDP),
            'prefs/skin'  => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),
            'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (S::logged()) {
            pl_redirect('events');
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
        header("Pragma:");
        header("Set-Cookie:");
        header("Cache-Control:");
        header("Expires:");
        header("Content-Type: application/x-x509-ca-cert");
        header("Content-Length: ".strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('platal/changeLog.tpl');

        $clog = htmlentities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $clog = preg_replace('!vim:.*$!', '', $clog);
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   S::v('core_rss_hash'), S::v('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   S::v('uid'));
            S::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');

        if (Post::has('mail_fmt')) {
            $fmt = Post::v('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     S::v('uid'));
            $_SESSION['mail_fmt'] = $fmt;
        }

        if (Post::has('rss')) {
            $this->__set_rss_state(Post::b('rss'));
        }
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('platal/webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& S::v('log');
        $url = Env::v('url');

        if (Env::v('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, S::v('uid'));
            $log->log('carva_add', 'http://'.Env::v('url'));
            $page->trig("Redirection activ�e vers <a href='http://$url'>$url</a>");
        } elseif (Env::v('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   S::v('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprim�e');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    S::v('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activ�.");
        }
    }

    function handler_password(&$page)
    {
        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::v('response2');

            XDB::execute('UPDATE  auth_user_md5 
                                       SET  password={?}
                                     WHERE  user_id={?}', $password,
                                     S::v('uid'));

            $log =& S::v('log');
            $log->log('passwd', '');

            if (Cookie::v('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('platal/motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/motdepasse.tpl');
        $page->addJsLink('motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
        
        require_once 'wiki.inc.php';
        wiki_require_page('Xorg.SMTPS�curis�');
        wiki_require_page('Xorg.NNTPS�curis�');

        $uid  = S::v('uid');
        $pass = Env::v('smtppass1');
        $log  = S::v('log');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6 
        &&  Env::v('smtppass1') == Env::v('smtppass2')) 
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistr�');
            $log->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprim�');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '') 
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trig('Date de naissance incorrecte ou incoh�rente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        // paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en esp�rant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type != 'homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $page->assign('ok', true);

            $url   = rand_url_id(); 
            XDB::execute('INSERT INTO  perte_pass (certificat,uid,created) 
                               VALUES  ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT  email
                                   FROM  emails
                                  WHERE  uid = {?} AND email = {?}',
                                $uid, Post::v('email'));
            if ($res->numRows()) {
                $mails = $res->fetchOneCell();
            } else {
                $res   = XDB::query('SELECT  email
                                       FROM  emails
                                      WHERE  uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
                $mails = implode(', ', $res->fetchColumn());
            }
            $mymail = new PlMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.

-- 
Polytechnique.org
\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"

Mail envoy� � ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new CoreLogger($uid);
            $logger->log('recovery', $mails);
        } else {
            $page->trig('Les informations que tu as rentr�es ne permettent pas de r�cup�rer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::v('response2');
            $logger   = new CoreLogger($uid);
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/motdepasse.tpl');
            $page->addJsLink('motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les donn�es envoy�es
            XDB::execute('UPDATE auth_user_quick
                             SET skin={?} WHERE user_id={?}',
                         Env::i('newskin'), S::v('uid'));
            S::kill('skin');
            set_skin();
        }

        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (S::has('suid')) {
            $a4l  = S::v('forlife');
            $suid = S::v('suid');
            $log  = S::v('log');
            $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
            $_SESSION = $suid;
            S::kill('suid');
            pl_redirect('admin/user/' . $a4l);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }
}

?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5ddeb07c	3	* Copyright (C) 2003-2007 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
c9178c75	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
dc41059a	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
5de0b7e1	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
bee33d93	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
bee33d93	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
bce2f8eb	48	'prefs/webredirect'
bee33d93	49	=> $this->make_hook('webredir', AUTH_MDP),
bee33d93	50	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	51
4da0b8d7	52	// password related thingies
1a5da857	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
5de0b7e1	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
58abb43b	58	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	59	);
	60	}
	61
c9178c75	62	function handler_index(&$page)
c9178c75	63	{
cab08090	64	if (S::logged()) {
8b00e0e0	65	pl_redirect('events');
c9178c75	66	}
c9178c75	67	}
c9178c75	68
5de0b7e1	69	function handler_cacert(&$page)
5de0b7e1	70	{
ca877168	71	$data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
ca877168	72	header("Pragma:");
dc41059a	73	header("Set-Cookie:");
	74	header("Cache-Control:");
	75	header("Expires:");
	76	header("Content-Type: application/x-x509-ca-cert");
ca877168	77	header("Content-Length: ".strlen($data));
5de0b7e1	78	echo $data;
	79	exit;
	80	}
	81
	82	function handler_changelog(&$page)
	83	{
8b1f8e12	84	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	85
	86	$clog = htmlentities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
	87	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
9408f155	88	$clog = preg_replace('!vim:.*$!', '', $clog);
5de0b7e1	89	$page->assign('ChangeLog', $clog);
	90	}
	91
7927d719	92	function __set_rss_state($state)
7927d719	93	{
7927d719	94	if ($state) {
7927d719	95	$_SESSION['core_rss_hash'] = rand_url_id(16);
08cce2ff	96	XDB::execute('UPDATE auth_user_quick
7927d719	97	SET core_rss_hash={?} WHERE user_id={?}',
cab08090	98	S::v('core_rss_hash'), S::v('uid'));
7927d719	99	} else {
08cce2ff	100	XDB::execute('UPDATE auth_user_quick
7927d719	101	SET core_rss_hash="" WHERE user_id={?}',
cab08090	102	S::v('uid'));
cab08090	103	S::kill('core_rss_hash');
7927d719	104	}
	105	}
	106
e59506eb	107	function handler_prefs(&$page)
e59506eb	108	{
8b1f8e12	109	$page->changeTpl('platal/preferences.tpl');
e59506eb	110	$page->assign('xorg_title','Polytechnique.org - Mes pr�f�rences');
e59506eb	111
bee33d93	112	if (Post::has('mail_fmt')) {
5e2307dc	113	$fmt = Post::v('mail_fmt');
e59506eb	114	if ($fmt != 'texte') $fmt = 'html';
08cce2ff	115	XDB::execute("UPDATE auth_user_quick
e59506eb	116	SET core_mail_fmt = '$fmt'
e59506eb	117	WHERE user_id = {?}",
cab08090	118	S::v('uid'));
e59506eb	119	$_SESSION['mail_fmt'] = $fmt;
e59506eb	120	}
e59506eb	121
bee33d93	122	if (Post::has('rss')) {
5e2307dc	123	$this->__set_rss_state(Post::b('rss'));
e59506eb	124	}
e59506eb	125	}
9bae6004	126
bce2f8eb	127	function handler_webredir(&$page)
bce2f8eb	128	{
8b1f8e12	129	$page->changeTpl('platal/webredirect.tpl');
bce2f8eb	130
	131	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	132
cab08090	133	$log =& S::v('log');
5e2307dc	134	$url = Env::v('url');
bce2f8eb	135
5e2307dc	136	if (Env::v('submit') == 'Valider' and Env::has('url')) {
08cce2ff	137	XDB::execute('UPDATE auth_user_quick
bce2f8eb	138	SET redirecturl = {?} WHERE user_id = {?}',
cab08090	139	$url, S::v('uid'));
5e2307dc	140	$log->log('carva_add', 'http://'.Env::v('url'));
bce2f8eb	141	$page->trig("Redirection activ�e vers <a href='http://$url'>$url</a>");
5e2307dc	142	} elseif (Env::v('submit') == "Supprimer") {
08cce2ff	143	XDB::execute("UPDATE auth_user_quick
bce2f8eb	144	SET redirecturl = ''
bce2f8eb	145	WHERE user_id = {?}",
cab08090	146	S::v('uid'));
bce2f8eb	147	$log->log("carva_del", $url);
	148	Post::kill('url');
	149	$page->trig('Redirection supprim�e');
	150	}
	151
08cce2ff	152	$res = XDB::query('SELECT redirecturl
bce2f8eb	153	FROM auth_user_quick
bce2f8eb	154	WHERE user_id = {?}',
cab08090	155	S::v('uid'));
bce2f8eb	156	$page->assign('carva', $res->fetchOneCell());
bce2f8eb	157	}
bce2f8eb	158
4da0b8d7	159	function handler_prefs_rss(&$page)
7927d719	160	{
8b1f8e12	161	$page->changeTpl('platal/filrss.tpl');
7927d719	162
5e2307dc	163	$page->assign('goback', Env::v('referer', 'login'));
7927d719	164
5e2307dc	165	if (Env::v('act_rss') == 'Activer') {
7927d719	166	$this->__set_rss_state(true);
	167	$page->trig("Ton Fil RSS est activ�.");
	168	}
7927d719	169	}
7927d719	170
7c77c3ee	171	function handler_password(&$page)
7c77c3ee	172	{
7c77c3ee	173	if (Post::has('response2')) {
	174	require_once 'secure_hash.inc.php';
	175
5e2307dc	176	$_SESSION['password'] = $password = Post::v('response2');
7c77c3ee	177
08cce2ff	178	XDB::execute('UPDATE auth_user_md5
7c77c3ee	179	SET password={?}
7c77c3ee	180	WHERE user_id={?}', $password,
cab08090	181	S::v('uid'));
7c77c3ee	182
cab08090	183	$log =& S::v('log');
7c77c3ee	184	$log->log('passwd', '');
7c77c3ee	185
5e2307dc	186	if (Cookie::v('ORGaccess')) {
7c77c3ee	187	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	188	}
	189
8b1f8e12	190	$page->changeTpl('platal/motdepasse.success.tpl');
7c77c3ee	191	$page->run();
	192	}
	193
8b1f8e12	194	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	195	$page->addJsLink('motdepasse.js');
7c77c3ee	196	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
7c77c3ee	197	}
7c77c3ee	198
1a5da857	199	function handler_smtppass(&$page)
1a5da857	200	{
8b1f8e12	201	$page->changeTpl('platal/acces_smtp.tpl');
1a5da857	202	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
41e3c724	203
	204	require_once 'wiki.inc.php';
	205	wiki_require_page('Xorg.SMTPS�curis�');
	206	wiki_require_page('Xorg.NNTPS�curis�');
1a5da857	207
cab08090	208	$uid = S::v('uid');
5e2307dc	209	$pass = Env::v('smtppass1');
cab08090	210	$log = S::v('log');
1a5da857	211
5e2307dc	212	if (Env::v('op') == "Valider" && strlen($pass) >= 6
5e2307dc	213	&& Env::v('smtppass1') == Env::v('smtppass2'))
1a5da857	214	{
08cce2ff	215	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
1a5da857	216	WHERE user_id = {?}', $pass, $uid);
	217	$page->trig('Mot de passe enregistr�');
	218	$log->log("passwd_ssl");
5e2307dc	219	} elseif (Env::v('op') == "Supprimer") {
08cce2ff	220	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
1a5da857	221	WHERE user_id = {?}', $uid);
	222	$page->trig('Compte SMTP et NNTP supprim�');
	223	$log->log("passwd_del");
	224	}
	225
08cce2ff	226	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
1a5da857	227	FROM auth_user_md5
	228	WHERE user_id = {?}", $uid);
	229	$page->assign('actif', $res->fetchOneCell());
1a5da857	230	}
1a5da857	231
8858cfc1	232	function handler_recovery(&$page)
	233	{
	234	global $globals;
	235
8b1f8e12	236	$page->changeTpl('platal/recovery.tpl');
8858cfc1	237
8858cfc1	238	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	239	return;
8858cfc1	240	}
8858cfc1	241
5e2307dc	242	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
c9110c6c	243	$page->trig('Date de naissance incorrecte ou incoh�rente');
c9110c6c	244	return;
8858cfc1	245	}
c9110c6c	246
c9110c6c	247	$birth = sprintf('%s-%s-%s',
5e2307dc	248	substr(Env::v('birth'), 4, 4),
	249	substr(Env::v('birth'), 2, 2),
	250	substr(Env::v('birth'), 0, 2));
8858cfc1	251
5e2307dc	252	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	253
	254	// paragraphe rajout� : si la date de naissance dans la base n'existe pas, on l'update
	255	// avec celle fournie ici en esp�rant que c'est la bonne
	256
08cce2ff	257	$res = XDB::query(
8858cfc1	258	"SELECT user_id, naissance
8858cfc1	259	FROM auth_user_md5 AS u
3a5c1551	260	INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
8858cfc1	261	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	262	list($uid, $naissance) = $res->fetchOneRow();
	263
	264	if ($naissance == $birth) {
	265	$page->assign('ok', true);
	266
	267	$url = rand_url_id();
a4d5829b	268	XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
	269	VALUES ({?},{?},NOW())', $url, $uid);
	270	$res = XDB::query('SELECT email
	271	FROM emails
	272	WHERE uid = {?} AND email = {?}',
	273	$uid, Post::v('email'));
	274	if ($res->numRows()) {
	275	$mails = $res->fetchOneCell();
	276	} else {
	277	$res = XDB::query('SELECT email
	278	FROM emails
	279	WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	280	$mails = implode(', ', $res->fetchColumn());
	281	}
1e33266a	282	$mymail = new PlMailer();
8858cfc1	283	$mymail->setFrom('"Gestion des mots de passe" <support+password@polytechnique.org>');
	284	$mymail->addTo($mails);
	285	$mymail->setSubject('Ton certificat d\'authentification');
	286	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	287	{$globals->baseurl}/tmpPWD/$url
	288
	289	Si en cliquant dessus tu n'y arrives pas, copie int�gralement l'adresse dans la barre de ton navigateur.
	290
	291	--
	292	Polytechnique.org
a4d5829b	293	\"Le portail des �l�ves & anciens �l�ves de l'Ecole polytechnique\"
8858cfc1	294
a4d5829b	295	Mail envoy� � ".Env::v('login') . (Post::has('email') ? "
a4d5829b	296	Adresse de secours : " . Post::v('email') : ""));
8858cfc1	297	$mymail->send();
	298
	299	// on cree un objet logger et on log l'evenement
c4271d38	300	$logger = $_SESSION['log'] = new CoreLogger($uid);
a4d5829b	301	$logger->log('recovery', $mails);
8858cfc1	302	} else {
3a5c1551	303	$page->trig('Les informations que tu as rentr�es ne permettent pas de r�cup�rer ton mot de passe.<br />'.
3a5c1551	304	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
8858cfc1	305	}
8858cfc1	306	}
8858cfc1	307
6c49d0af	308	function handler_tmpPWD(&$page, $certif = null)
6c49d0af	309	{
08cce2ff	310	XDB::execute('DELETE FROM perte_pass
6c49d0af	311	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	312
08cce2ff	313	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	314	$ligne = $res->fetchOneAssoc();
6c49d0af	315	if (!$ligne) {
8b1f8e12	316	$page->changeTpl('platal/index.tpl');
6c49d0af	317	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	318	}
	319
	320	$uid = $ligne["uid"];
	321	if (Post::has('response2')) {
5e2307dc	322	$password = Post::v('response2');
c4271d38	323	$logger = new CoreLogger($uid);
08cce2ff	324	XDB::query('UPDATE auth_user_md5 SET password={?}
6c49d0af	325	WHERE user_id={?} AND perms IN("admin","user")',
6c49d0af	326	$password, $uid);
08cce2ff	327	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	328	$logger->log("passwd","");
8b1f8e12	329	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	330	} else {
8b1f8e12	331	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	332	$page->addJsLink('motdepasse.js');
6c49d0af	333	}
6c49d0af	334	}
6c49d0af	335
9bae6004	336	function handler_skin(&$page)
	337	{
	338	global $globals;
	339
8b1f8e12	340	$page->changeTpl('platal/skins.tpl');
9bae6004	341	$page->assign('xorg_title','Polytechnique.org - Skins');
	342
	343	if (Env::has('newskin')) { // formulaire soumis, traitons les donn�es envoy�es
08cce2ff	344	XDB::execute('UPDATE auth_user_quick
63528107	345	SET skin={?} WHERE user_id={?}',
5e2307dc	346	Env::i('newskin'), S::v('uid'));
92e6a287	347	S::kill('skin');
9bae6004	348	set_skin();
	349	}
	350
92e6a287	351	$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
	352	$page->assign('skin_id', $res->fetchOneCell());
	353
9bae6004	354	$sql = "SELECT s.,auteur,count() AS nb
	355	FROM skins AS s
	356	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	357	WHERE skin_tpl != '' AND ext != ''
	358	GROUP BY id ORDER BY s.date DESC";
a3afa47c	359	$page->assign('skins', XDB::iterator($sql));
9bae6004	360	}
4da0b8d7	361
5de0b7e1	362	function handler_exit(&$page, $level = null)
5de0b7e1	363	{
cab08090	364	if (S::has('suid')) {
e74411f7	365	$a4l = S::v('forlife');
	366	$suid = S::v('suid');
	367	$log = S::v('log');
	368	$log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
	369	$_SESSION = $suid;
	370	S::kill('suid');
	371	pl_redirect('admin/user/' . $a4l);
5de0b7e1	372	}
	373
	374	if ($level == 'forget' \|\| $level == 'forgetall') {
	375	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	376	Cookie::kill('ORGaccess');
	377	if (isset($_SESSION['log']))
	378	$_SESSION['log']->log("cookie_off");
	379	}
	380
	381	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	382	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	383	Cookie::kill('ORGuid');
	384	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	385	Cookie::kill('ORGdomain');
	386	}
	387
	388	if (isset($_SESSION['log'])) {
	389	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	390	$_SESSION['log']->log('deconnexion',$ref);
	391	}
	392
	393	XorgSession::destroy();
	394
	395	if (Get::has('redirect')) {
5e2307dc	396	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	397	} else {
8b1f8e12	398	$page->changeTpl('platal/exit.tpl');
5de0b7e1	399	}
5de0b7e1	400	}
e59506eb	401	}
	402
	403	?>