[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'             => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'        => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'         => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'             => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'         => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect' => $this->make_hook('webredir',  AUTH_MDP, 'mail'),
            'prefs/skin'        => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'          => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'            => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp'     => $this->make_hook('smtppass',  AUTH_MDP, 'mail'),
            'recovery'          => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'              => $this->make_hook('exit',      AUTH_PUBLIC),
            'review'            => $this->make_hook('review',    AUTH_PUBLIC),
            'deconnexion.php'   => $this->make_hook('exit',      AUTH_PUBLIC),
        );
    }

    function handler_index($page)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        // Redirect to the suitable page
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            $this->handler_review($page);
        }
    }

    function handler_cacert($page)
    {
        pl_cached_content_headers("application/x-x509-ca-cert");
        readfile("/etc/ssl/xorgCA/cacert.pem");
        exit;
    }

    function handler_changelog($page, $core = null)
    {
        $page->changeTpl('platal/changeLog.tpl');

        function formatChangeLog($file) {
            $clog = pl_entities(file_get_contents($file));
            $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
            // url catch only (not all wiki syntax)
            $clog = preg_replace(array(
                '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
                '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
                '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
              array(
                '<a href="\\0">\\0</a>',
                '\\1<a href="http://www.\\2">www.\\2</a>',
                '<a href="mailto:\\0">\\0</a>'),
              $clog);
            $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
            $clog = preg_replace('!vim:.*$!', '', $clog);
            return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
        }
        if ($core != 'core') {
            $page->assign('core', false);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
        } else {
            $page->assign('core', true);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
        }
    }

    function __set_rss_state($state)
    {
        if ($state) {
            if (!S::user()->token) {
                S::user()->token = rand_url_id(16);
                S::set('token', S::user()->token);
                XDB::execute('UPDATE  accounts
                                 SET  token = {?}
                               WHERE  uid = {?}', S::user()->token, S::i('uid'));
            }
        } else {
            S::kill('token');
            S::user()->token = null;
            XDB::execute('UPDATE  accounts
                             SET  token = NULL
                           WHERE  uid = {?}', S::i('uid'));
        }
    }

    function handler_prefs($page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->setTitle('Mes préférences');

        if (Post::has('email_format')) {
            S::assert_xsrf_token();
            $fmt = Post::s('email_format');
            S::user()->setEmailFormat($fmt);
        }

        if (Post::has('rss')) {
            S::assert_xsrf_token();
            $this->__set_rss_state(Post::s('rss') == 'on');
        }
    }

    function handler_webredir($page)
    {
        $page->changeTpl('platal/webredirect.tpl');
        $page->setTitle('Redirection de page WEB');

        if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
            if (Env::blank('url')) {
                $page->trigError('URL invalide');
            } else {
                $url = Env::t('url');
                XDB::execute('INSERT INTO  carvas (uid, url)
                                   VALUES  ({?}, {?})
                  ON DUPLICATE KEY UPDATE  url = VALUES(url)',
                             S::i('uid'), $url);
                S::logger()->log('carva_add', 'http://' . $url);
                $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
            }
        } elseif (Env::v('submit') == 'Supprimer') {
            XDB::execute('DELETE FROM carvas
                                WHERE uid = {?}', S::i('uid'));
            Post::kill('url');
            S::logger()->log('carva_del');
            $page->trigSuccess('Redirection supprimée');
        }

        $url = XDB::fetchOneCell('SELECT  url
                                    FROM  carvas
                                   WHERE  uid = {?}', S::i('uid'));
        $page->assign('carva', $url);

        # FIXME: this code is not multi-domain compatible. We should decide how
        # carva will extend to users not in the main domain.
        $best = XDB::fetchOneCell('SELECT  email
                                     FROM  email_source_account
                                    WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
                                  S::user()->id());
        $page->assign('bestalias', $best);
    }

    function handler_prefs_rss($page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trigSuccess("Ton Fil RSS est activé.");
        }
    }

    function handler_password($page)
    {
        global $globals;

        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(S::user());
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);

            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->setTitle('Mon mot de passe');
    }

    function handler_smtppass($page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->setTitle('Acces SMTP/NNTP');

        $wp = new PlWikiPage('Xorg.SMTPSécurisé');
        $wp->buildCache();
        $wp = new PlWikiPage('Xorg.NNTPSécurisé');
        $wp->buildCache();

        $uid  = S::i('uid');
        $pass = Env::v('smtppass1');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
            &&  Env::v('smtppass1') == Env::v('smtppass2')) {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = {?}
                           WHERE  uid = {?}', $pass, $uid);
            $page->trigSuccess('Mot de passe enregistré');
            S::logger()->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = NULL
                           WHERE  uid = {?}', $uid);
            $page->trigSuccess('Compte SMTP et NNTP supprimé');
            S::logger()->log("passwd_del");
        }

        $res = XDB::query("SELECT  weak_password IS NOT NULL
                             FROM  accounts
                            WHERE  uid = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery($page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trigError('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        $profile = Profile::get(Env::t('login'));
        if (is_null($profile) || $profile->birthdate != $birth) {
            $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
            return;
        }

        $user = $profile->owner();
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        if ($user->lost) {
            $page->assign('no_addr', true);
            return;
        }

        $page->assign('ok', true);

        $url = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (certificat,uid,created)
                           VALUES  ({?},{?},NOW())', $url, $user->id());
        $to = XDB::fetchOneCell('SELECT  redirect
                                   FROM  email_redirect_account
                                  WHERE  uid = {?} AND redirect = {?}',
                                $user->id(), Post::t('email'));
        if (is_null($to)) {
            $emails = XDB::fetchColumn('SELECT  redirect
                                          FROM  email_redirect_account
                                         WHERE  uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
                                       $user->id());
            $inactives_to = implode(', ', $emails);
        }
        $mymail = new PlMailer();
        $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
        if (is_null($to)) {
            $mymail->addTo($user);
            $mymail->addTo($inactives_to);
        } else {
            $mymail->addTo($to);
        }
        $mymail->setSubject("Ton certificat d'authentification");
        $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"

Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
        $mymail->send();

        // on cree un objet logger et on log l'evenement
        S::logger($user->id())->log('recovery', $mails);
    }

    function handler_tmpPWD($page, $certif = null)
    {
        global $globals;
        // XXX: recovery requires data from the profile
        XDB::execute('DELETE FROM  account_lost_passwords
                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res = XDB::query('SELECT  uid
                             FROM  account_lost_passwords WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('pwhash') && Post::t('pwhash')) {
            $password = Post::t('pwhash');
            XDB::query('UPDATE  accounts
                           SET  password={?}
                         WHERE  uid = {?} AND state = \'active\'',
                       $password, $uid);
            XDB::query('DELETE FROM  account_lost_passwords
                              WHERE  certificat={?}', $certif);

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(User::getSilent($uid));
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger($uid)->log("passwd", "");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/password.tpl');
        }
    }

    function handler_skin($page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->setTitle('Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE  accounts
                             SET  skin = {?}
                           WHERE  uid = {?}',
                         Env::i('newskin'), S::i('uid'));
            S::kill('skin');
            Platal::session()->setSkin();
        }

        $res = XDB::query('SELECT  id
                             FROM  skins
                            WHERE  skin_tpl = {?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = 'SELECT  s.*, auteur, COUNT(*) AS nb
                  FROM  skins AS s
             LEFT JOIN  accounts AS a ON (a.skin = s.id)
                 WHERE  skin_tpl != \'\' AND ext != \'\'
              GROUP BY  id ORDER BY s.date DESC';
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit($page, $level = null)
    {
        if (S::suid()) {
            $old = S::user()->login();
            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
            Platal::session()->stopSUID();
            $target = S::s('suid_startpage');
            S::kill('suid_startpage');
            if (!empty($target)) {
                http_redirect($target);
            }
            pl_redirect('admin/user/' . $old);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            Platal::session()->killAccessCookie();
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            Platal::session()->killLoginFormCookies();
        }

        if (S::logged()) {
            S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
            Platal::session()->destroy();
        }

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review($page, $action = null, $mode = null)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        $this->load('review.inc.php');
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        $wp = new PlWikiPage($dom . '.Admin');
        $conf = explode('%0a', $wp->getField('text'));
        $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
5de0b7e1	23	{
26ba053e	24	$list = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
eb5a266d SJ	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
eb5a266d SJ	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
eb5a266d SJ	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
2914271e	48	'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
eb5a266d	49	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	50
4da0b8d7	51	// password related thingies
eb5a266d SJ	52	'password' => $this->make_hook('password', AUTH_MDP),
eb5a266d SJ	53	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
2914271e	54	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
eb5a266d SJ	55	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
	56	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
	57	'review' => $this->make_hook('review', AUTH_PUBLIC),
	58	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	59	);
	60	}
	61
26ba053e	62	function handler_index($page)
c9178c75	63	{
ab66bf7f	64	// Include X-XRDS-Location response-header for Yadis discovery
78507d96	65	global $globals;
34d91db6	66	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f AA	67
ab66bf7f AA	68	// Redirect to the suitable page
cab08090	69	if (S::logged()) {
8b00e0e0	70	pl_redirect('events');
ddb64990	71	} else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a	72	$this->handler_review($page);
c9178c75	73	}
c9178c75	74	}
c9178c75	75
26ba053e	76	function handler_cacert($page)
5de0b7e1	77	{
3cb500d5 VZ	78	pl_cached_content_headers("application/x-x509-ca-cert");
3cb500d5 VZ	79	readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1	80	exit;
	81	}
	82
26ba053e	83	function handler_changelog($page, $core = null)
5de0b7e1	84	{
8b1f8e12	85	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	86
78d4079a FB	87	function formatChangeLog($file) {
	88	$clog = pl_entities(file_get_contents($file));
	89	$clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
	90	// url catch only (not all wiki syntax)
	91	$clog = preg_replace(array(
	92	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	93	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	94	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	95	array(
	96	'<a href="\\0">\\0</a>',
	97	'\\1<a href="http://www.\\2">www.\\2</a>',
	98	'<a href="mailto:\\0">\\0</a>'),
	99	$clog);
	100	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
	101	$clog = preg_replace('!vim:.*$!', '', $clog);
	102	return preg_replace("!(<hr />(\\s\|\n))?<pre>(\s\|\n)</pre>((\\s\|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
	103	}
	104	if ($core != 'core') {
	105	$page->assign('core', false);
	106	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
	107	} else {
	108	$page->assign('core', true);
	109	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
	110	}
5de0b7e1	111	}
5de0b7e1	112
7927d719	113	function __set_rss_state($state)
7927d719	114	{
7927d719	115	if ($state) {
19be891e FB	116	if (!S::user()->token) {
	117	S::user()->token = rand_url_id(16);
	118	S::set('token', S::user()->token);
	119	XDB::execute('UPDATE accounts
	120	SET token = {?}
	121	WHERE uid = {?}', S::user()->token, S::i('uid'));
	122	}
7927d719	123	} else {
31e01c97	124	S::kill('token');
19be891e	125	S::user()->token = null;
31e01c97 FB	126	XDB::execute('UPDATE accounts
	127	SET token = NULL
	128	WHERE uid = {?}', S::i('uid'));
7927d719	129	}
	130	}
	131
26ba053e	132	function handler_prefs($page)
e59506eb	133	{
8b1f8e12	134	$page->changeTpl('platal/preferences.tpl');
46f272fe	135	$page->setTitle('Mes préférences');
e59506eb	136
31e01c97	137	if (Post::has('email_format')) {
19be891e	138	S::assert_xsrf_token();
31e01c97	139	$fmt = Post::s('email_format');
8d308ee4	140	S::user()->setEmailFormat($fmt);
e59506eb	141	}
e59506eb	142
bee33d93	143	if (Post::has('rss')) {
19be891e FB	144	S::assert_xsrf_token();
19be891e FB	145	$this->__set_rss_state(Post::s('rss') == 'on');
e59506eb	146	}
e59506eb	147	}
9bae6004	148
26ba053e	149	function handler_webredir($page)
bce2f8eb	150	{
8b1f8e12	151	$page->changeTpl('platal/webredirect.tpl');
46f272fe	152	$page->setTitle('Redirection de page WEB');
bce2f8eb	153
c1e98576 FB	154	if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
	155	if (Env::blank('url')) {
	156	$page->trigError('URL invalide');
	157	} else {
	158	$url = Env::t('url');
00ba8a74 SJ	159	XDB::execute('INSERT INTO carvas (uid, url)
	160	VALUES ({?}, {?})
	161	ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576 FB	162	S::i('uid'), $url);
	163	S::logger()->log('carva_add', 'http://' . $url);
	164	$page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
	165	}
	166	} elseif (Env::v('submit') == 'Supprimer') {
	167	XDB::execute('DELETE FROM carvas
	168	WHERE uid = {?}', S::i('uid'));
bce2f8eb	169	Post::kill('url');
c1e98576	170	S::logger()->log('carva_del');
a7d35093	171	$page->trigSuccess('Redirection supprimée');
bce2f8eb	172	}
bce2f8eb	173
c1e98576 FB	174	$url = XDB::fetchOneCell('SELECT url
	175	FROM carvas
	176	WHERE uid = {?}', S::i('uid'));
	177	$page->assign('carva', $url);
e67b4436 VZ	178
	179	# FIXME: this code is not multi-domain compatible. We should decide how
	180	# carva will extend to users not in the main domain.
c0436d0b SJ	181	$best = XDB::fetchOneCell('SELECT email
	182	FROM email_source_account
	183	WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
	184	S::user()->id());
	185	$page->assign('bestalias', $best);
bce2f8eb	186	}
bce2f8eb	187
26ba053e	188	function handler_prefs_rss($page)
7927d719	189	{
8b1f8e12	190	$page->changeTpl('platal/filrss.tpl');
7927d719	191
5e2307dc	192	$page->assign('goback', Env::v('referer', 'login'));
7927d719	193
5e2307dc	194	if (Env::v('act_rss') == 'Activer') {
7927d719	195	$this->__set_rss_state(true);
a7d35093	196	$page->trigSuccess("Ton Fil RSS est activé.");
7927d719	197	}
7927d719	198	}
7927d719	199
26ba053e	200	function handler_password($page)
7c77c3ee	201	{
84270653 VZ	202	global $globals;
84270653 VZ	203
81b5a6c9	204	if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8	205	S::assert_xsrf_token();
7c77c3ee	206
81b5a6c9	207	S::set('password', $password = Post::t('pwhash'));
31e01c97 FB	208	XDB::execute('UPDATE accounts
	209	SET password = {?}
	210	WHERE uid={?}', $password,
	211	S::i('uid'));
7c77c3ee	212
84270653 VZ	213	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	214	// updates the Google Apps password as well.
	215	if ($globals->mailstorage->googleapps_domain) {
	216	require_once 'googleapps.inc.php';
d56cb887	217	$account = new GoogleAppsAccount(S::user());
f5c4bf30	218	if ($account->active() && $account->sync_password) {
84270653 VZ	219	$account->set_password($password);
	220	}
	221	}
	222
604dfd58 FB	223	S::logger()->log('passwd');
604dfd58 FB	224	Platal::session()->setAccessCookie(true);
7c77c3ee	225
4baa7323	226	$page->changeTpl('platal/password.success.tpl');
7c77c3ee	227	$page->run();
	228	}
	229
4baa7323	230	$page->changeTpl('platal/password.tpl');
46f272fe	231	$page->setTitle('Mon mot de passe');
7c77c3ee	232	}
7c77c3ee	233
26ba053e	234	function handler_smtppass($page)
1a5da857	235	{
8b1f8e12	236	$page->changeTpl('platal/acces_smtp.tpl');
46f272fe	237	$page->setTitle('Acces SMTP/NNTP');
eaf30d86	238
8f201b69 FB	239	$wp = new PlWikiPage('Xorg.SMTPSécurisé');
	240	$wp->buildCache();
	241	$wp = new PlWikiPage('Xorg.NNTPSécurisé');
	242	$wp->buildCache();
1a5da857	243
31e01c97	244	$uid = S::i('uid');
5e2307dc	245	$pass = Env::v('smtppass1');
1a5da857	246
eaf30d86	247	if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97	248	&& Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d FB	249	XDB::execute('UPDATE accounts
	250	SET weak_password = {?}
	251	WHERE uid = {?}', $pass, $uid);
a7d35093	252	$page->trigSuccess('Mot de passe enregistré');
732e5855	253	S::logger()->log("passwd_ssl");
5e2307dc	254	} elseif (Env::v('op') == "Supprimer") {
0511895d FB	255	XDB::execute('UPDATE accounts
	256	SET weak_password = NULL
	257	WHERE uid = {?}', $uid);
a7d35093	258	$page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855	259	S::logger()->log("passwd_del");
1a5da857	260	}
1a5da857	261
0511895d FB	262	$res = XDB::query("SELECT weak_password IS NOT NULL
	263	FROM accounts
	264	WHERE uid = {?}", $uid);
1a5da857	265	$page->assign('actif', $res->fetchOneCell());
1a5da857	266	}
1a5da857	267
26ba053e	268	function handler_recovery($page)
8858cfc1	269	{
	270	global $globals;
	271
8b1f8e12	272	$page->changeTpl('platal/recovery.tpl');
8858cfc1	273
8858cfc1	274	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	275	return;
8858cfc1	276	}
8858cfc1	277
5e2307dc	278	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
a7d35093	279	$page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c	280	return;
8858cfc1	281	}
c9110c6c	282
c9110c6c	283	$birth = sprintf('%s-%s-%s',
5e2307dc	284	substr(Env::v('birth'), 4, 4),
	285	substr(Env::v('birth'), 2, 2),
	286	substr(Env::v('birth'), 0, 2));
8858cfc1	287
5e2307dc	288	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	289
6846791e FB	290	$profile = Profile::get(Env::t('login'));
	291	if (is_null($profile) \|\| $profile->birthdate != $birth) {
	292	$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
	293	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
	294	return;
	295	}
8c28edc9	296
6846791e FB	297	$user = $profile->owner();
	298	if ($user->state != 'active') {
	299	$page->trigError('Ton compte n\'est pas activé.');
	300	return;
	301	}
	302
c0436d0b	303	if ($user->lost) {
6846791e FB	304	$page->assign('no_addr', true);
	305	return;
	306	}
8858cfc1	307
6846791e FB	308	$page->assign('ok', true);
6846791e FB	309
c0436d0b	310	$url = rand_url_id();
06f4daf9	311	XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e	312	VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b SJ	313	$to = XDB::fetchOneCell('SELECT redirect
	314	FROM email_redirect_account
	315	WHERE uid = {?} AND redirect = {?}',
	316	$user->id(), Post::t('email'));
	317	if (is_null($to)) {
	318	$emails = XDB::fetchColumn('SELECT redirect
	319	FROM email_redirect_account
	320	WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
	321	$user->id());
	322	$inactives_to = implode(', ', $emails);
6846791e FB	323	}
	324	$mymail = new PlMailer();
	325	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b SJ	326	if (is_null($to)) {
	327	$mymail->addTo($user);
	328	$mymail->addTo($inactives_to);
	329	} else {
	330	$mymail->addTo($to);
	331	}
e46cf8c4	332	$mymail->setSubject("Ton certificat d'authentification");
6846791e	333	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1	334	{$globals->baseurl}/tmpPWD/$url
8858cfc1	335
e887e90d	336	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	337
eaf30d86	338	--
8858cfc1	339	Polytechnique.org
3bf63218	340	\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1	341
faefdbb7	342	Email envoyé à ".Env::v('login') . (Post::has('email') ? "
a4d5829b	343	Adresse de secours : " . Post::v('email') : ""));
6846791e	344	$mymail->send();
8858cfc1	345
6846791e FB	346	// on cree un objet logger et on log l'evenement
6846791e FB	347	S::logger($user->id())->log('recovery', $mails);
8858cfc1	348	}
8858cfc1	349
26ba053e	350	function handler_tmpPWD($page, $certif = null)
6c49d0af	351	{
84270653	352	global $globals;
31e01c97	353	// XXX: recovery requires data from the profile
06f4daf9	354	XDB::execute('DELETE FROM account_lost_passwords
31e01c97	355	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	356
31e01c97	357	$res = XDB::query('SELECT uid
06f4daf9	358	FROM account_lost_passwords WHERE certificat={?}', $certif);
6c49d0af	359	$ligne = $res->fetchOneAssoc();
6c49d0af	360	if (!$ligne) {
8b1f8e12	361	$page->changeTpl('platal/index.tpl');
6c49d0af	362	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	363	}
	364
	365	$uid = $ligne["uid"];
81b5a6c9 SJ	366	if (Post::has('pwhash') && Post::t('pwhash')) {
81b5a6c9 SJ	367	$password = Post::t('pwhash');
31e01c97 FB	368	XDB::query('UPDATE accounts
	369	SET password={?}
	370	WHERE uid = {?} AND state = \'active\'',
	371	$password, $uid);
06f4daf9	372	XDB::query('DELETE FROM account_lost_passwords
31e01c97	373	WHERE certificat={?}', $certif);
84270653 VZ	374
	375	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	376	// updates the Google Apps password as well.
	377	if ($globals->mailstorage->googleapps_domain) {
	378	require_once 'googleapps.inc.php';
d56cb887	379	$account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30	380	if ($account->active() && $account->sync_password) {
84270653 VZ	381	$account->set_password($password);
	382	}
	383	}
	384
cf40e1ae	385	S::logger($uid)->log("passwd", "");
8b1f8e12	386	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	387	} else {
4baa7323	388	$page->changeTpl('platal/password.tpl');
6c49d0af	389	}
6c49d0af	390	}
6c49d0af	391
26ba053e	392	function handler_skin($page)
9bae6004	393	{
	394	global $globals;
	395
8b1f8e12	396	$page->changeTpl('platal/skins.tpl');
46f272fe	397	$page->setTitle('Skins');
9bae6004	398
a7de4ef7	399	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97 FB	400	XDB::execute('UPDATE accounts
	401	SET skin = {?}
	402	WHERE uid = {?}',
	403	Env::i('newskin'), S::i('uid'));
92e6a287	404	S::kill('skin');
47fa97fe	405	Platal::session()->setSkin();
9bae6004	406	}
9bae6004	407
31e01c97 FB	408	$res = XDB::query('SELECT id
	409	FROM skins
	410	WHERE skin_tpl = {?}', S::v('skin'));
92e6a287	411	$page->assign('skin_id', $res->fetchOneCell());
92e6a287	412
31e01c97 FB	413	$sql = 'SELECT s., auteur, COUNT() AS nb
	414	FROM skins AS s
	415	LEFT JOIN accounts AS a ON (a.skin = s.id)
	416	WHERE skin_tpl != \'\' AND ext != \'\'
	417	GROUP BY id ORDER BY s.date DESC';
a3afa47c	418	$page->assign('skins', XDB::iterator($sql));
9bae6004	419	}
4da0b8d7	420
26ba053e	421	function handler_exit($page, $level = null)
5de0b7e1	422	{
0c02607e	423	if (S::suid()) {
20b087ff FB	424	$old = S::user()->login();
20b087ff FB	425	S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe	426	Platal::session()->stopSUID();
20b087ff FB	427	$target = S::s('suid_startpage');
	428	S::kill('suid_startpage');
	429	if (!empty($target)) {
	430	http_redirect($target);
	431	}
	432	pl_redirect('admin/user/' . $old);
5de0b7e1	433	}
	434
	435	if ($level == 'forget' \|\| $level == 'forgetall') {
604dfd58	436	Platal::session()->killAccessCookie();
5de0b7e1	437	}
	438
	439	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
604dfd58	440	Platal::session()->killLoginFormCookies();
5de0b7e1	441	}
5de0b7e1	442
130b8708	443	if (S::logged()) {
59bec5bc FB	444	S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
59bec5bc FB	445	Platal::session()->destroy();
130b8708	446	}
5de0b7e1	447
5de0b7e1	448	if (Get::has('redirect')) {
5e2307dc	449	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	450	} else {
8b1f8e12	451	$page->changeTpl('platal/exit.tpl');
5de0b7e1	452	}
5de0b7e1	453	}
ddb64990	454
26ba053e	455	function handler_review($page, $action = null, $mode = null)
ddb64990	456	{
78507d96 AA	457	// Include X-XRDS-Location response-header for Yadis discovery
78507d96 AA	458	global $globals;
34d91db6	459	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96	460
460d8f55	461	$this->load('review.inc.php');
ddb64990 FB	462	$dom = 'Review';
	463	if (@$GLOBALS['IS_XNET_SITE']) {
	464	$dom .= 'Xnet';
	465	}
8f201b69 FB	466	$wp = new PlWikiPage($dom . '.Admin');
8f201b69 FB	467	$conf = explode('%0a', $wp->getField('text'));
6d20fb1d	468	$wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990 FB	469	foreach ($conf as $line) {
	470	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	471	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	472	}
	473	$wiz->apply($page, 'review', $action, $mode);
	474	}
e59506eb	475	}
e59506eb	476
a7de4ef7	477	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	478	?>