projects / platal.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Happy New Year !
[platal.git] / modules / platal.php
CommitLineData
e59506eb 1<?php
2/***************************************************************************
ba6ae046 3 * Copyright (C) 2003-2013 Polytechnique.org *
e59506eb 4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
5de0b7e1 22function bugize($list)
23{
bd5dad64 24 $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1 25 $ans = array();
26
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
30 }
31
32 return join(',', $ans);
33}
34
35
e59506eb 36class PlatalModule extends PLModule
37{
38 function handlers()
39 {
40 return array(
bfe9f4c7
SJ		 41 'index' => $this->make_hook('index', AUTH_PUBLIC),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1 44
4da0b8d7 45 // Preferences thingies
bfe9f4c7
SJ		 46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
48 'prefs/webredirect' => $this->make_hook('webredir', AUTH_PASSWD, 'mail'),
49 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
40279e62 50 'prefs/email' => $this->make_hook('prefs_email', AUTH_COOKIE, 'mail'),
4da0b8d7 51
52 // password related thingies
bfe9f4c7
SJ		 53 'password' => $this->make_hook('password', AUTH_PASSWD, 'user,groups'),
54 'password/smtp' => $this->make_hook('smtppass', AUTH_PASSWD, 'mail'),
55 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
a88f005d
RB		 57 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
58 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
bfe9f4c7
SJ		 59 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
60 'review' => $this->make_hook('review', AUTH_PUBLIC),
61 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb 62 );
63 }
64
26ba053e 65 function handler_index($page)
c9178c75 66 {
ab66bf7f 67 // Include X-XRDS-Location response-header for Yadis discovery
78507d96 68 global $globals;
34d91db6 69 header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f
AA		 70
71 // Redirect to the suitable page
cab08090 72 if (S::logged()) {
8b00e0e0 73 pl_redirect('events');
ddb64990 74 } else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a 75 $this->handler_review($page);
c9178c75 76 }
c9178c75 77 }
78
26ba053e 79 function handler_cacert($page)
5de0b7e1 80 {
3cb500d5
VZ		 81 pl_cached_content_headers("application/x-x509-ca-cert");
82 readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1 83 exit;
84 }
85
26ba053e 86 function handler_changelog($page, $core = null)
5de0b7e1 87 {
8b1f8e12 88 $page->changeTpl('platal/changeLog.tpl');
5de0b7e1 89
78d4079a
FB		 90 function formatChangeLog($file) {
91 $clog = pl_entities(file_get_contents($file));
92 $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
93 // url catch only (not all wiki syntax)
94 $clog = preg_replace(array(
95 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
96 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
97 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
98 array(
99 '<a href="\\0">\\0</a>',
100 '\\1<a href="http://www.\\2">www.\\2</a>',
101 '<a href="mailto:\\0">\\0</a>'),
102 $clog);
2bb9e576 103 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
78d4079a
FB		 104 $clog = preg_replace('!vim:.*$!', '', $clog);
105 return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
106 }
107 if ($core != 'core') {
108 $page->assign('core', false);
109 $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
110 } else {
111 $page->assign('core', true);
112 $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
113 }
5de0b7e1 114 }
115
7927d719 116 function __set_rss_state($state)
117 {
7927d719 118 if ($state) {
19be891e
FB		 119 if (!S::user()->token) {
120 S::user()->token = rand_url_id(16);
121 S::set('token', S::user()->token);
122 XDB::execute('UPDATE accounts
123 SET token = {?}
124 WHERE uid = {?}', S::user()->token, S::i('uid'));
125 }
7927d719 126 } else {
31e01c97 127 S::kill('token');
19be891e 128 S::user()->token = null;
31e01c97
FB		 129 XDB::execute('UPDATE accounts
130 SET token = NULL
131 WHERE uid = {?}', S::i('uid'));
7927d719 132 }
133 }
134
26ba053e 135 function handler_prefs($page)
e59506eb 136 {
8b1f8e12 137 $page->changeTpl('platal/preferences.tpl');
46f272fe 138 $page->setTitle('Mes préférences');
e59506eb 139
31e01c97 140 if (Post::has('email_format')) {
19be891e 141 S::assert_xsrf_token();
31e01c97 142 $fmt = Post::s('email_format');
8d308ee4 143 S::user()->setEmailFormat($fmt);
e59506eb 144 }
145
bee33d93 146 if (Post::has('rss')) {
19be891e
FB		 147 S::assert_xsrf_token();
148 $this->__set_rss_state(Post::s('rss') == 'on');
e59506eb 149 }
e59506eb 150 }
9bae6004 151
26ba053e 152 function handler_webredir($page)
bce2f8eb 153 {
8b1f8e12 154 $page->changeTpl('platal/webredirect.tpl');
46f272fe 155 $page->setTitle('Redirection de page WEB');
bce2f8eb 156
c1e98576
FB		 157 if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
158 if (Env::blank('url')) {
159 $page->trigError('URL invalide');
160 } else {
161 $url = Env::t('url');
00ba8a74
SJ		 162 XDB::execute('INSERT INTO carvas (uid, url)
163 VALUES ({?}, {?})
164 ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576
FB		 165 S::i('uid'), $url);
166 S::logger()->log('carva_add', 'http://' . $url);
167 $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
168 }
169 } elseif (Env::v('submit') == 'Supprimer') {
170 XDB::execute('DELETE FROM carvas
171 WHERE uid = {?}', S::i('uid'));
bce2f8eb 172 Post::kill('url');
c1e98576 173 S::logger()->log('carva_del');
a7d35093 174 $page->trigSuccess('Redirection supprimée');
bce2f8eb 175 }
176
c1e98576
FB		 177 $url = XDB::fetchOneCell('SELECT url
178 FROM carvas
179 WHERE uid = {?}', S::i('uid'));
180 $page->assign('carva', $url);
e67b4436
VZ		 181
182 # FIXME: this code is not multi-domain compatible. We should decide how
183 # carva will extend to users not in the main domain.
c0436d0b
SJ		 184 $best = XDB::fetchOneCell('SELECT email
185 FROM email_source_account
186 WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
187 S::user()->id());
188 $page->assign('bestalias', $best);
bce2f8eb 189 }
190
26ba053e 191 function handler_prefs_rss($page)
7927d719 192 {
8b1f8e12 193 $page->changeTpl('platal/filrss.tpl');
7927d719 194
5e2307dc 195 $page->assign('goback', Env::v('referer', 'login'));
7927d719 196
5e2307dc 197 if (Env::v('act_rss') == 'Activer') {
7927d719 198 $this->__set_rss_state(true);
a7d35093 199 $page->trigSuccess("Ton Fil RSS est activé.");
7927d719 200 }
7927d719 201 }
202
40279e62
SJ		 203 function handler_prefs_email($page)
204 {
205 $page->changeTpl('platal/email_preferences.tpl');
206
207 if (Post::has('submit')) {
208 S::assert_xsrf_token();
209
210 $from_email = Post::t('from_email');
211 $from_format = Post::v('from_format');
212
213 // Checks email.
214 $email_regex = '/^[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+$/i';
215 if (!preg_match($email_regex, $from_email)) {
216 $full_regex = '/^[^<]*<[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+>$/i';
217 if (!preg_match($full_regex, $from_email)) {
218 $page->trigError("L'adresse email est erronée.");
219 $error = true;
220 $page->assign('from_email', $from_email);
221 $page->assign('from_format', $from_format);
222 $page->assign('error', true);
223 return;
224 }
225 }
226
227 // Saves data.
228 XDB::execute('UPDATE accounts
229 SET from_email = {?}, from_format = {?}
230 WHERE uid = {?}',
231 $from_email, ($from_format == 'html' ? 'html' : 'text'), S::user()->id());
232 $page->trigSuccess('Données enregistrées.');
233 }
234
235 $data = XDB::fetchOneAssoc('SELECT from_email, from_format
236 FROM accounts
237 WHERE uid = {?}',
238 S::user()->id());
239 $page->assign('from_email', $data['from_email']);
240 $page->assign('from_format', $data['from_format']);
241 $page->assign('error', false);
242 }
243
26ba053e 244 function handler_password($page)
7c77c3ee 245 {
84270653
VZ		 246 global $globals;
247
81b5a6c9 248 if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8 249 S::assert_xsrf_token();
7c77c3ee 250
81b5a6c9 251 S::set('password', $password = Post::t('pwhash'));
31e01c97
FB		 252 XDB::execute('UPDATE accounts
253 SET password = {?}
254 WHERE uid={?}', $password,
255 S::i('uid'));
7c77c3ee 256
84270653
VZ		 257 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
258 // updates the Google Apps password as well.
259 if ($globals->mailstorage->googleapps_domain) {
260 require_once 'googleapps.inc.php';
d56cb887 261 $account = new GoogleAppsAccount(S::user());
f5c4bf30 262 if ($account->active() && $account->sync_password) {
84270653
VZ		 263 $account->set_password($password);
264 }
265 }
266
604dfd58
FB		 267 S::logger()->log('passwd');
268 Platal::session()->setAccessCookie(true);
7c77c3ee 269
4baa7323 270 $page->changeTpl('platal/password.success.tpl');
7c77c3ee 271 $page->run();
272 }
273
4baa7323 274 $page->changeTpl('platal/password.tpl');
46f272fe 275 $page->setTitle('Mon mot de passe');
a9ec9298 276 $page->assign('do_auth', 0);
7c77c3ee 277 }
278
26ba053e 279 function handler_smtppass($page)
1a5da857 280 {
8b1f8e12 281 $page->changeTpl('platal/acces_smtp.tpl');
46f272fe 282 $page->setTitle('Acces SMTP/NNTP');
eaf30d86 283
8f201b69
FB		 284 $wp = new PlWikiPage('Xorg.SMTPSécurisé');
285 $wp->buildCache();
286 $wp = new PlWikiPage('Xorg.NNTPSécurisé');
287 $wp->buildCache();
1a5da857 288
31e01c97 289 $uid = S::i('uid');
5e2307dc 290 $pass = Env::v('smtppass1');
1a5da857 291
eaf30d86 292 if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97 293 && Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d
FB		 294 XDB::execute('UPDATE accounts
295 SET weak_password = {?}
296 WHERE uid = {?}', $pass, $uid);
a7d35093 297 $page->trigSuccess('Mot de passe enregistré');
732e5855 298 S::logger()->log("passwd_ssl");
5e2307dc 299 } elseif (Env::v('op') == "Supprimer") {
0511895d
FB		 300 XDB::execute('UPDATE accounts
301 SET weak_password = NULL
302 WHERE uid = {?}', $uid);
a7d35093 303 $page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855 304 S::logger()->log("passwd_del");
1a5da857 305 }
306
0511895d
FB		 307 $res = XDB::query("SELECT weak_password IS NOT NULL
308 FROM accounts
309 WHERE uid = {?}", $uid);
1a5da857 310 $page->assign('actif', $res->fetchOneCell());
1a5da857 311 }
312
26ba053e 313 function handler_recovery($page)
8858cfc1 314 {
315 global $globals;
316
8b1f8e12 317 $page->changeTpl('platal/recovery.tpl');
8858cfc1 318
319 if (!Env::has('login') || !Env::has('birth')) {
fd8f77de 320 return;
8858cfc1 321 }
322
cf5cf754 323 if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
a7d35093 324 $page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c 325 return;
8858cfc1 326 }
c9110c6c 327
328 $birth = sprintf('%s-%s-%s',
5e2307dc 329 substr(Env::v('birth'), 4, 4),
330 substr(Env::v('birth'), 2, 2),
331 substr(Env::v('birth'), 0, 2));
8858cfc1 332
5e2307dc 333 $mailorg = strtok(Env::v('login'), '@');
8858cfc1 334
6846791e
FB		 335 $profile = Profile::get(Env::t('login'));
336 if (is_null($profile) || $profile->birthdate != $birth) {
337 $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
338 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
339 return;
340 }
8c28edc9 341
6846791e
FB		 342 $user = $profile->owner();
343 if ($user->state != 'active') {
344 $page->trigError('Ton compte n\'est pas activé.');
345 return;
346 }
347
c0436d0b 348 if ($user->lost) {
6846791e
FB		 349 $page->assign('no_addr', true);
350 return;
351 }
8858cfc1 352
6846791e
FB		 353 $page->assign('ok', true);
354
c0436d0b 355 $url = rand_url_id();
06f4daf9 356 XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e 357 VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b
SJ		 358 $to = XDB::fetchOneCell('SELECT redirect
359 FROM email_redirect_account
360 WHERE uid = {?} AND redirect = {?}',
361 $user->id(), Post::t('email'));
362 if (is_null($to)) {
363 $emails = XDB::fetchColumn('SELECT redirect
364 FROM email_redirect_account
365 WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
366 $user->id());
367 $inactives_to = implode(', ', $emails);
6846791e
FB		 368 }
369 $mymail = new PlMailer();
370 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b
SJ		 371 if (is_null($to)) {
372 $mymail->addTo($user);
f1aff348
SJ		 373 $log_to = $user->bestEmail();
374 if (!is_null($inactives_to)) {
375 $log_to = $inactives_to . ', ' . $log_to;
376 $mymail->addTo($inactives_to);
377 }
c0436d0b
SJ		 378 } else {
379 $mymail->addTo($to);
f1aff348 380 $log_to = $to;
c0436d0b 381 }
e46cf8c4 382 $mymail->setSubject("Ton certificat d'authentification");
6846791e 383 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1 384{$globals->baseurl}/tmpPWD/$url
385
e887e90d 386Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1 387
eaf30d86 388--
8858cfc1 389Polytechnique.org
3bf63218 390\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1 391
471882e8
SJ		 392Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
393Adresse de secours : ' . $to));
6846791e 394 $mymail->send();
8858cfc1 395
f1aff348 396 S::logger($user->id())->log('recovery', $log_to);
8858cfc1 397 }
398
a88f005d
RB		 399 function handler_recovery_ext($page)
400 {
401 $page->changeTpl('xnet/recovery.tpl');
402
403 if (!Post::has('login')) {
404 return;
405 }
406
407 $user = User::getSilent(Post::t('login'));
408 if (is_null($user)) {
409 $page->trigError('Le compte n\'existe pas.');
410 return;
411 }
412 if ($user->state != 'active') {
413 $page->trigError('Ton compte n\'est pas activé.');
414 return;
415 }
416
417 $page->assign('ok', true);
418
419 $hash = rand_url_id();
420 XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
421 VALUES ({?}, NOW(), {?})',
422 $user->id(), $hash);
423
23906784 424 $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
1bbba0f6 425 $mymail->setTo($user);
23906784
RB		 426 $mymail->assign('hash', $hash);
427 $mymail->assign('email', Post::t('login'));
a88f005d
RB		 428 $mymail->send();
429
430 S::logger($user->id())->log('recovery', $user->bestEmail());
431 }
432
26ba053e 433 function handler_tmpPWD($page, $certif = null)
6c49d0af 434 {
84270653 435 global $globals;
06f4daf9 436 XDB::execute('DELETE FROM account_lost_passwords
31e01c97 437 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af 438
81b5a6c9 439 if (Post::has('pwhash') && Post::t('pwhash')) {
aba13e87
SJ		 440 $uid = XDB::fetchOneCell('SELECT uid
441 FROM accounts
442 WHERE hruid = {?}',
443 Post::t('username'));
81b5a6c9 444 $password = Post::t('pwhash');
31e01c97 445 XDB::query('UPDATE accounts
aba13e87 446 SET password = {?}
31e01c97
FB		 447 WHERE uid = {?} AND state = \'active\'',
448 $password, $uid);
06f4daf9 449 XDB::query('DELETE FROM account_lost_passwords
aba13e87 450 WHERE certificat = {?}', $certif);
84270653
VZ		 451
452 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
453 // updates the Google Apps password as well.
454 if ($globals->mailstorage->googleapps_domain) {
455 require_once 'googleapps.inc.php';
d56cb887 456 $account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30 457 if ($account->active() && $account->sync_password) {
84270653
VZ		 458 $account->set_password($password);
459 }
460 }
461
cf40e1ae 462 S::logger($uid)->log("passwd", "");
30439e34
SJ		 463
464 // Try to start a session (so the user don't have to log in); we will use
465 // the password available in Post:: to authenticate the user.
bfe9f4c7 466 Platal::session()->start(AUTH_PASSWD);
30439e34 467
8b1f8e12 468 $page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af 469 } else {
aba13e87
SJ		 470 $res = XDB::query('SELECT uid
471 FROM account_lost_passwords
472 WHERE certificat = {?}', $certif);
473 $ligne = $res->fetchOneAssoc();
474 if (!$ligne) {
475 $page->changeTpl('platal/index.tpl');
476 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
477 }
478
30439e34
SJ		 479 $hruid = XDB::fetchOneCell('SELECT hruid
480 FROM accounts
481 WHERE uid = {?}',
aba13e87 482 $ligne['uid']);
4baa7323 483 $page->changeTpl('platal/password.tpl');
30439e34 484 $page->assign('hruid', $hruid);
a9ec9298 485 $page->assign('do_auth', 1);
6c49d0af 486 }
6c49d0af 487 }
488
a88f005d
RB		 489 function handler_register_ext($page, $hash = null)
490 {
491 XDB::execute('DELETE FROM register_pending_xnet
492 WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
23906784 493 $res = XDB::fetchOneAssoc('SELECT uid, hruid, email
a88f005d
RB		 494 FROM register_pending_xnet
495 WHERE hash = {?}',
496 $hash);
497
498 if (is_null($hash) || is_null($res)) {
499 $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
500 }
501
502 if (Post::has('pwhash') && Post::t('pwhash')) {
23906784 503 XDB::startTransaction();
a88f005d
RB		 504 XDB::query('UPDATE accounts
505 SET password = {?}, state = \'active\', registration_date = NOW()
506 WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
507 Post::t('pwhash'), $res['uid']);
508 XDB::query('DELETE FROM register_pending_xnet
509 WHERE uid = {?}',
23906784
RB		 510 $res['uid']);
511 XDB::commit();
a88f005d
RB		 512
513 S::logger($res['uid'])->log('passwd', '');
514
515 // Try to start a session (so the user don't have to log in); we will use
516 // the password available in Post:: to authenticate the user.
517 Post::kill('wait');
518 Platal::session()->startAvailableAuth();
519
520 $page->changeTpl('xnet/register.success.tpl');
521 $page->assign('email', $res['email']);
522 } else {
523 $page->changeTpl('platal/password.tpl');
524 $page->assign('xnet', true);
525 $page->assign('hruid', $res['hruid']);
526 $page->assign('do_auth', 1);
527 }
528 }
529
26ba053e 530 function handler_skin($page)
9bae6004 531 {
532 global $globals;
533
8b1f8e12 534 $page->changeTpl('platal/skins.tpl');
46f272fe 535 $page->setTitle('Skins');
9bae6004 536
a7de4ef7 537 if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97
FB		 538 XDB::execute('UPDATE accounts
539 SET skin = {?}
540 WHERE uid = {?}',
541 Env::i('newskin'), S::i('uid'));
92e6a287 542 S::kill('skin');
47fa97fe 543 Platal::session()->setSkin();
9bae6004 544 }
545
31e01c97
FB		 546 $res = XDB::query('SELECT id
547 FROM skins
548 WHERE skin_tpl = {?}', S::v('skin'));
92e6a287 549 $page->assign('skin_id', $res->fetchOneCell());
550
31e01c97
FB		 551 $sql = 'SELECT s.*, auteur, COUNT(*) AS nb
552 FROM skins AS s
553 LEFT JOIN accounts AS a ON (a.skin = s.id)
554 WHERE skin_tpl != \'\' AND ext != \'\'
555 GROUP BY id ORDER BY s.date DESC';
a3afa47c 556 $page->assign('skins', XDB::iterator($sql));
9bae6004 557 }
4da0b8d7 558
26ba053e 559 function handler_exit($page, $level = null)
5de0b7e1 560 {
0c02607e 561 if (S::suid()) {
20b087ff
FB		 562 $old = S::user()->login();
563 S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe 564 Platal::session()->stopSUID();
20b087ff
FB		 565 $target = S::s('suid_startpage');
566 S::kill('suid_startpage');
567 if (!empty($target)) {
568 http_redirect($target);
569 }
570 pl_redirect('admin/user/' . $old);
5de0b7e1 571 }
572
573 if ($level == 'forget' || $level == 'forgetall') {
604dfd58 574 Platal::session()->killAccessCookie();
5de0b7e1 575 }
576
577 if ($level == 'forgetuid' || $level == 'forgetall') {
604dfd58 578 Platal::session()->killLoginFormCookies();
5de0b7e1 579 }
580
130b8708 581 if (S::logged()) {
59bec5bc
FB		 582 S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
583 Platal::session()->destroy();
130b8708 584 }
5de0b7e1 585
586 if (Get::has('redirect')) {
5e2307dc 587 http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1 588 } else {
8b1f8e12 589 $page->changeTpl('platal/exit.tpl');
5de0b7e1 590 }
5de0b7e1 591 }
ddb64990 592
26ba053e 593 function handler_review($page, $action = null, $mode = null)
ddb64990 594 {
78507d96
AA		 595 // Include X-XRDS-Location response-header for Yadis discovery
596 global $globals;
34d91db6 597 header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96 598
460d8f55 599 $this->load('review.inc.php');
ddb64990
FB		 600 $dom = 'Review';
601 if (@$GLOBALS['IS_XNET_SITE']) {
602 $dom .= 'Xnet';
603 }
8f201b69
FB		 604 $wp = new PlWikiPage($dom . '.Admin');
605 $conf = explode('%0a', $wp->getField('text'));
6d20fb1d 606 $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990
FB		 607 foreach ($conf as $line) {
608 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
609 $wiz->addPage('ReviewPage', $list[0], $list[1]);
610 }
611 $wiz->apply($page, 'review', $action, $mode);
612 }
e59506eb 613}
614
a7de4ef7 615// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb 616?>
plat/al