[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'             => $this->make_hook('index',        AUTH_PUBLIC),
            'cacert.pem'        => $this->make_hook('cacert',       AUTH_PUBLIC),
            'changelog'         => $this->make_hook('changelog',    AUTH_PUBLIC),

            // Preferences thingies
            'prefs'             => $this->make_hook('prefs',        AUTH_COOKIE, 'user,groups'),
            'prefs/rss'         => $this->make_hook('prefs_rss',    AUTH_COOKIE, 'user'),
            'prefs/webredirect' => $this->make_hook('webredir',     AUTH_PASSWD, 'mail'),
            'prefs/skin'        => $this->make_hook('skin',         AUTH_COOKIE, 'user'),

            // password related thingies
            'password'          => $this->make_hook('password',     AUTH_PASSWD, 'user,groups'),
            'password/smtp'     => $this->make_hook('smtppass',     AUTH_PASSWD, 'mail'),
            'tmpPWD'            => $this->make_hook('tmpPWD',       AUTH_PUBLIC),
            'recovery'          => $this->make_hook('recovery',     AUTH_PUBLIC),
            'recovery/ext'      => $this->make_hook('recovery_ext', AUTH_PUBLIC),
            'register/ext'      => $this->make_hook('register_ext', AUTH_PUBLIC),
            'exit'              => $this->make_hook('exit',         AUTH_PUBLIC),
            'review'            => $this->make_hook('review',       AUTH_PUBLIC),
            'deconnexion.php'   => $this->make_hook('exit',         AUTH_PUBLIC),
        );
    }

    function handler_index($page)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        // Redirect to the suitable page
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            $this->handler_review($page);
        }
    }

    function handler_cacert($page)
    {
        pl_cached_content_headers("application/x-x509-ca-cert");
        readfile("/etc/ssl/xorgCA/cacert.pem");
        exit;
    }

    function handler_changelog($page, $core = null)
    {
        $page->changeTpl('platal/changeLog.tpl');

        function formatChangeLog($file) {
            $clog = pl_entities(file_get_contents($file));
            $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
            // url catch only (not all wiki syntax)
            $clog = preg_replace(array(
                '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
                '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
                '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
              array(
                '<a href="\\0">\\0</a>',
                '\\1<a href="http://www.\\2">www.\\2</a>',
                '<a href="mailto:\\0">\\0</a>'),
              $clog);
            $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
            $clog = preg_replace('!vim:.*$!', '', $clog);
            return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
        }
        if ($core != 'core') {
            $page->assign('core', false);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
        } else {
            $page->assign('core', true);
            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
        }
    }

    function __set_rss_state($state)
    {
        if ($state) {
            if (!S::user()->token) {
                S::user()->token = rand_url_id(16);
                S::set('token', S::user()->token);
                XDB::execute('UPDATE  accounts
                                 SET  token = {?}
                               WHERE  uid = {?}', S::user()->token, S::i('uid'));
            }
        } else {
            S::kill('token');
            S::user()->token = null;
            XDB::execute('UPDATE  accounts
                             SET  token = NULL
                           WHERE  uid = {?}', S::i('uid'));
        }
    }

    function handler_prefs($page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->setTitle('Mes préférences');

        if (Post::has('email_format')) {
            S::assert_xsrf_token();
            $fmt = Post::s('email_format');
            S::user()->setEmailFormat($fmt);
        }

        if (Post::has('rss')) {
            S::assert_xsrf_token();
            $this->__set_rss_state(Post::s('rss') == 'on');
        }
    }

    function handler_webredir($page)
    {
        $page->changeTpl('platal/webredirect.tpl');
        $page->setTitle('Redirection de page WEB');

        if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
            if (Env::blank('url')) {
                $page->trigError('URL invalide');
            } else {
                $url = Env::t('url');
                XDB::execute('INSERT INTO  carvas (uid, url)
                                   VALUES  ({?}, {?})
                  ON DUPLICATE KEY UPDATE  url = VALUES(url)',
                             S::i('uid'), $url);
                S::logger()->log('carva_add', 'http://' . $url);
                $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
            }
        } elseif (Env::v('submit') == 'Supprimer') {
            XDB::execute('DELETE FROM carvas
                                WHERE uid = {?}', S::i('uid'));
            Post::kill('url');
            S::logger()->log('carva_del');
            $page->trigSuccess('Redirection supprimée');
        }

        $url = XDB::fetchOneCell('SELECT  url
                                    FROM  carvas
                                   WHERE  uid = {?}', S::i('uid'));
        $page->assign('carva', $url);

        # FIXME: this code is not multi-domain compatible. We should decide how
        # carva will extend to users not in the main domain.
        $best = XDB::fetchOneCell('SELECT  email
                                     FROM  email_source_account
                                    WHERE  uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
                                  S::user()->id());
        $page->assign('bestalias', $best);
    }

    function handler_prefs_rss($page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trigSuccess("Ton Fil RSS est activé.");
        }
    }

    function handler_password($page)
    {
        global $globals;

        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(S::user());
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);

            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->setTitle('Mon mot de passe');
        $page->assign('do_auth', 0);
    }

    function handler_smtppass($page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->setTitle('Acces SMTP/NNTP');

        $wp = new PlWikiPage('Xorg.SMTPSécurisé');
        $wp->buildCache();
        $wp = new PlWikiPage('Xorg.NNTPSécurisé');
        $wp->buildCache();

        $uid  = S::i('uid');
        $pass = Env::v('smtppass1');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
            &&  Env::v('smtppass1') == Env::v('smtppass2')) {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = {?}
                           WHERE  uid = {?}', $pass, $uid);
            $page->trigSuccess('Mot de passe enregistré');
            S::logger()->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE  accounts
                             SET  weak_password = NULL
                           WHERE  uid = {?}', $uid);
            $page->trigSuccess('Compte SMTP et NNTP supprimé');
            S::logger()->log("passwd_del");
        }

        $res = XDB::query("SELECT  weak_password IS NOT NULL
                             FROM  accounts
                            WHERE  uid = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery($page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
            $page->trigError('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        $profile = Profile::get(Env::t('login'));
        if (is_null($profile) || $profile->birthdate != $birth) {
            $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
            return;
        }

        $user = $profile->owner();
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        if ($user->lost) {
            $page->assign('no_addr', true);
            return;
        }

        $page->assign('ok', true);

        $url = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (certificat,uid,created)
                           VALUES  ({?},{?},NOW())', $url, $user->id());
        $to = XDB::fetchOneCell('SELECT  redirect
                                   FROM  email_redirect_account
                                  WHERE  uid = {?} AND redirect = {?}',
                                $user->id(), Post::t('email'));
        if (is_null($to)) {
            $emails = XDB::fetchColumn('SELECT  redirect
                                          FROM  email_redirect_account
                                         WHERE  uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
                                       $user->id());
            $inactives_to = implode(', ', $emails);
        }
        $mymail = new PlMailer();
        $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
        if (is_null($to)) {
            $mymail->addTo($user);
            $mymail->addTo($inactives_to);
        } else {
            $mymail->addTo($to);
        }
        $mymail->setSubject("Ton certificat d'authentification");
        $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"

Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
Adresse de secours : ' . $to));
        $mymail->send();

        S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
    }

    function handler_recovery_ext($page)
    {
        $page->changeTpl('xnet/recovery.tpl');

        if (!Post::has('login')) {
            return;
        }

        $user = User::getSilent(Post::t('login'));
        if (is_null($user)) {
            $page->trigError('Le compte n\'existe pas.');
            return;
        }
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        $page->assign('ok', true);

        $hash = rand_url_id();
        XDB::execute('INSERT INTO  account_lost_passwords (uid, created, certificat)
                           VALUES  ({?}, NOW(), {?})',
                     $user->id(), $hash);

        $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
        $mymail->setTo($user);
        $mymail->assign('hash', $hash);
        $mymail->assign('email', Post::t('login'));
        $mymail->send();

        S::logger($user->id())->log('recovery', $user->bestEmail());
    }

    function handler_tmpPWD($page, $certif = null)
    {
        global $globals;
        XDB::execute('DELETE FROM  account_lost_passwords
                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        if (Post::has('pwhash') && Post::t('pwhash')) {
            $uid = XDB::fetchOneCell('SELECT  uid
                                        FROM  accounts
                                       WHERE  hruid = {?}',
                                     Post::t('username'));
            $password = Post::t('pwhash');
            XDB::query('UPDATE  accounts
                           SET  password = {?}
                         WHERE  uid = {?} AND state = \'active\'',
                       $password, $uid);
            XDB::query('DELETE FROM  account_lost_passwords
                              WHERE  certificat = {?}', $certif);

            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
            // updates the Google Apps password as well.
            if ($globals->mailstorage->googleapps_domain) {
                require_once 'googleapps.inc.php';
                $account = new GoogleAppsAccount(User::getSilent($uid));
                if ($account->active() && $account->sync_password) {
                    $account->set_password($password);
                }
            }

            S::logger($uid)->log("passwd", "");

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Platal::session()->start(AUTH_PASSWD);

            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $res = XDB::query('SELECT  uid
                                 FROM  account_lost_passwords
                                WHERE  certificat = {?}', $certif);
            $ligne = $res->fetchOneAssoc();
            if (!$ligne) {
                $page->changeTpl('platal/index.tpl');
                $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
            }

            $hruid = XDB::fetchOneCell('SELECT  hruid
                                          FROM  accounts
                                         WHERE  uid = {?}',
                                       $ligne['uid']);
            $page->changeTpl('platal/password.tpl');
            $page->assign('hruid', $hruid);
            $page->assign('do_auth', 1);
        }
    }

    function handler_register_ext($page, $hash = null)
    {
        XDB::execute('DELETE FROM  register_pending_xnet
                            WHERE  DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
        $res = XDB::fetchOneAssoc('SELECT  uid, hruid, email
                                     FROM  register_pending_xnet
                                    WHERE  hash = {?}',
                                  $hash);

        if (is_null($hash) || is_null($res)) {
            $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
        }

        if (Post::has('pwhash') && Post::t('pwhash')) {
            XDB::startTransaction();
            XDB::query('UPDATE  accounts
                           SET  password = {?}, state = \'active\', registration_date = NOW()
                         WHERE  uid = {?} AND state = \'pending\' AND type = \'xnet\'',
                       Post::t('pwhash'), $res['uid']);
            XDB::query('DELETE FROM  register_pending_xnet
                              WHERE  uid = {?}',
                              $res['uid']);
            XDB::commit();

            S::logger($res['uid'])->log('passwd', '');

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Post::kill('wait');
            Platal::session()->startAvailableAuth();

            $page->changeTpl('xnet/register.success.tpl');
            $page->assign('email', $res['email']);
        } else {
            $page->changeTpl('platal/password.tpl');
            $page->assign('xnet', true);
            $page->assign('hruid', $res['hruid']);
            $page->assign('do_auth', 1);
        }
    }

    function handler_skin($page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->setTitle('Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE  accounts
                             SET  skin = {?}
                           WHERE  uid = {?}',
                         Env::i('newskin'), S::i('uid'));
            S::kill('skin');
            Platal::session()->setSkin();
        }

        $res = XDB::query('SELECT  id
                             FROM  skins
                            WHERE  skin_tpl = {?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = 'SELECT  s.*, auteur, COUNT(*) AS nb
                  FROM  skins AS s
             LEFT JOIN  accounts AS a ON (a.skin = s.id)
                 WHERE  skin_tpl != \'\' AND ext != \'\'
              GROUP BY  id ORDER BY s.date DESC';
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit($page, $level = null)
    {
        if (S::suid()) {
            $old = S::user()->login();
            S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
            Platal::session()->stopSUID();
            $target = S::s('suid_startpage');
            S::kill('suid_startpage');
            if (!empty($target)) {
                http_redirect($target);
            }
            pl_redirect('admin/user/' . $old);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            Platal::session()->killAccessCookie();
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            Platal::session()->killLoginFormCookies();
        }

        if (S::logged()) {
            S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
            Platal::session()->destroy();
        }

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review($page, $action = null, $mode = null)
    {
        // Include X-XRDS-Location response-header for Yadis discovery
        global $globals;
        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');

        $this->load('review.inc.php');
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        $wp = new PlWikiPage($dom . '.Admin');
        $conf = explode('%0a', $wp->getField('text'));
        $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
5de0b7e1	23	{
bd5dad64	24	$list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY);
5de0b7e1	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
bfe9f4c7 SJ	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
bfe9f4c7 SJ	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
	48	'prefs/webredirect' => $this->make_hook('webredir', AUTH_PASSWD, 'mail'),
	49	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
4da0b8d7	50
4da0b8d7	51	// password related thingies
bfe9f4c7 SJ	52	'password' => $this->make_hook('password', AUTH_PASSWD, 'user,groups'),
	53	'password/smtp' => $this->make_hook('smtppass', AUTH_PASSWD, 'mail'),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
a88f005d RB	56	'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
a88f005d RB	57	'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
bfe9f4c7 SJ	58	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
	59	'review' => $this->make_hook('review', AUTH_PUBLIC),
	60	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	61	);
	62	}
	63
26ba053e	64	function handler_index($page)
c9178c75	65	{
ab66bf7f	66	// Include X-XRDS-Location response-header for Yadis discovery
78507d96	67	global $globals;
34d91db6	68	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
ab66bf7f AA	69
ab66bf7f AA	70	// Redirect to the suitable page
cab08090	71	if (S::logged()) {
8b00e0e0	72	pl_redirect('events');
ddb64990	73	} else if (!@$GLOBALS['IS_XNET_SITE']) {
78d4079a	74	$this->handler_review($page);
c9178c75	75	}
c9178c75	76	}
c9178c75	77
26ba053e	78	function handler_cacert($page)
5de0b7e1	79	{
3cb500d5 VZ	80	pl_cached_content_headers("application/x-x509-ca-cert");
3cb500d5 VZ	81	readfile("/etc/ssl/xorgCA/cacert.pem");
5de0b7e1	82	exit;
	83	}
	84
26ba053e	85	function handler_changelog($page, $core = null)
5de0b7e1	86	{
8b1f8e12	87	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	88
78d4079a FB	89	function formatChangeLog($file) {
	90	$clog = pl_entities(file_get_contents($file));
	91	$clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
	92	// url catch only (not all wiki syntax)
	93	$clog = preg_replace(array(
	94	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	95	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	96	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	97	array(
	98	'<a href="\\0">\\0</a>',
	99	'\\1<a href="http://www.\\2">www.\\2</a>',
	100	'<a href="mailto:\\0">\\0</a>'),
	101	$clog);
2bb9e576	102	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
78d4079a FB	103	$clog = preg_replace('!vim:.*$!', '', $clog);
	104	return preg_replace("!(<hr />(\\s\|\n))?<pre>(\s\|\n)</pre>((\\s\|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
	105	}
	106	if ($core != 'core') {
	107	$page->assign('core', false);
	108	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
	109	} else {
	110	$page->assign('core', true);
	111	$page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
	112	}
5de0b7e1	113	}
5de0b7e1	114
7927d719	115	function __set_rss_state($state)
7927d719	116	{
7927d719	117	if ($state) {
19be891e FB	118	if (!S::user()->token) {
	119	S::user()->token = rand_url_id(16);
	120	S::set('token', S::user()->token);
	121	XDB::execute('UPDATE accounts
	122	SET token = {?}
	123	WHERE uid = {?}', S::user()->token, S::i('uid'));
	124	}
7927d719	125	} else {
31e01c97	126	S::kill('token');
19be891e	127	S::user()->token = null;
31e01c97 FB	128	XDB::execute('UPDATE accounts
	129	SET token = NULL
	130	WHERE uid = {?}', S::i('uid'));
7927d719	131	}
	132	}
	133
26ba053e	134	function handler_prefs($page)
e59506eb	135	{
8b1f8e12	136	$page->changeTpl('platal/preferences.tpl');
46f272fe	137	$page->setTitle('Mes préférences');
e59506eb	138
31e01c97	139	if (Post::has('email_format')) {
19be891e	140	S::assert_xsrf_token();
31e01c97	141	$fmt = Post::s('email_format');
8d308ee4	142	S::user()->setEmailFormat($fmt);
e59506eb	143	}
e59506eb	144
bee33d93	145	if (Post::has('rss')) {
19be891e FB	146	S::assert_xsrf_token();
19be891e FB	147	$this->__set_rss_state(Post::s('rss') == 'on');
e59506eb	148	}
e59506eb	149	}
9bae6004	150
26ba053e	151	function handler_webredir($page)
bce2f8eb	152	{
8b1f8e12	153	$page->changeTpl('platal/webredirect.tpl');
46f272fe	154	$page->setTitle('Redirection de page WEB');
bce2f8eb	155
c1e98576 FB	156	if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
	157	if (Env::blank('url')) {
	158	$page->trigError('URL invalide');
	159	} else {
	160	$url = Env::t('url');
00ba8a74 SJ	161	XDB::execute('INSERT INTO carvas (uid, url)
	162	VALUES ({?}, {?})
	163	ON DUPLICATE KEY UPDATE url = VALUES(url)',
c1e98576 FB	164	S::i('uid'), $url);
	165	S::logger()->log('carva_add', 'http://' . $url);
	166	$page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
	167	}
	168	} elseif (Env::v('submit') == 'Supprimer') {
	169	XDB::execute('DELETE FROM carvas
	170	WHERE uid = {?}', S::i('uid'));
bce2f8eb	171	Post::kill('url');
c1e98576	172	S::logger()->log('carva_del');
a7d35093	173	$page->trigSuccess('Redirection supprimée');
bce2f8eb	174	}
bce2f8eb	175
c1e98576 FB	176	$url = XDB::fetchOneCell('SELECT url
	177	FROM carvas
	178	WHERE uid = {?}', S::i('uid'));
	179	$page->assign('carva', $url);
e67b4436 VZ	180
	181	# FIXME: this code is not multi-domain compatible. We should decide how
	182	# carva will extend to users not in the main domain.
c0436d0b SJ	183	$best = XDB::fetchOneCell('SELECT email
	184	FROM email_source_account
	185	WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
	186	S::user()->id());
	187	$page->assign('bestalias', $best);
bce2f8eb	188	}
bce2f8eb	189
26ba053e	190	function handler_prefs_rss($page)
7927d719	191	{
8b1f8e12	192	$page->changeTpl('platal/filrss.tpl');
7927d719	193
5e2307dc	194	$page->assign('goback', Env::v('referer', 'login'));
7927d719	195
5e2307dc	196	if (Env::v('act_rss') == 'Activer') {
7927d719	197	$this->__set_rss_state(true);
a7d35093	198	$page->trigSuccess("Ton Fil RSS est activé.");
7927d719	199	}
7927d719	200	}
7927d719	201
26ba053e	202	function handler_password($page)
7c77c3ee	203	{
84270653 VZ	204	global $globals;
84270653 VZ	205
81b5a6c9	206	if (Post::has('pwhash') && Post::t('pwhash')) {
40d428d8	207	S::assert_xsrf_token();
7c77c3ee	208
81b5a6c9	209	S::set('password', $password = Post::t('pwhash'));
31e01c97 FB	210	XDB::execute('UPDATE accounts
	211	SET password = {?}
	212	WHERE uid={?}', $password,
	213	S::i('uid'));
7c77c3ee	214
84270653 VZ	215	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	216	// updates the Google Apps password as well.
	217	if ($globals->mailstorage->googleapps_domain) {
	218	require_once 'googleapps.inc.php';
d56cb887	219	$account = new GoogleAppsAccount(S::user());
f5c4bf30	220	if ($account->active() && $account->sync_password) {
84270653 VZ	221	$account->set_password($password);
	222	}
	223	}
	224
604dfd58 FB	225	S::logger()->log('passwd');
604dfd58 FB	226	Platal::session()->setAccessCookie(true);
7c77c3ee	227
4baa7323	228	$page->changeTpl('platal/password.success.tpl');
7c77c3ee	229	$page->run();
	230	}
	231
4baa7323	232	$page->changeTpl('platal/password.tpl');
46f272fe	233	$page->setTitle('Mon mot de passe');
a9ec9298	234	$page->assign('do_auth', 0);
7c77c3ee	235	}
7c77c3ee	236
26ba053e	237	function handler_smtppass($page)
1a5da857	238	{
8b1f8e12	239	$page->changeTpl('platal/acces_smtp.tpl');
46f272fe	240	$page->setTitle('Acces SMTP/NNTP');
eaf30d86	241
8f201b69 FB	242	$wp = new PlWikiPage('Xorg.SMTPSécurisé');
	243	$wp->buildCache();
	244	$wp = new PlWikiPage('Xorg.NNTPSécurisé');
	245	$wp->buildCache();
1a5da857	246
31e01c97	247	$uid = S::i('uid');
5e2307dc	248	$pass = Env::v('smtppass1');
1a5da857	249
eaf30d86	250	if (Env::v('op') == "Valider" && strlen($pass) >= 6
31e01c97	251	&& Env::v('smtppass1') == Env::v('smtppass2')) {
0511895d FB	252	XDB::execute('UPDATE accounts
	253	SET weak_password = {?}
	254	WHERE uid = {?}', $pass, $uid);
a7d35093	255	$page->trigSuccess('Mot de passe enregistré');
732e5855	256	S::logger()->log("passwd_ssl");
5e2307dc	257	} elseif (Env::v('op') == "Supprimer") {
0511895d FB	258	XDB::execute('UPDATE accounts
	259	SET weak_password = NULL
	260	WHERE uid = {?}', $uid);
a7d35093	261	$page->trigSuccess('Compte SMTP et NNTP supprimé');
732e5855	262	S::logger()->log("passwd_del");
1a5da857	263	}
1a5da857	264
0511895d FB	265	$res = XDB::query("SELECT weak_password IS NOT NULL
	266	FROM accounts
	267	WHERE uid = {?}", $uid);
1a5da857	268	$page->assign('actif', $res->fetchOneCell());
1a5da857	269	}
1a5da857	270
26ba053e	271	function handler_recovery($page)
8858cfc1	272	{
	273	global $globals;
	274
8b1f8e12	275	$page->changeTpl('platal/recovery.tpl');
8858cfc1	276
8858cfc1	277	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	278	return;
8858cfc1	279	}
8858cfc1	280
cf5cf754	281	if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
a7d35093	282	$page->trigError('Date de naissance incorrecte ou incohérente');
c9110c6c	283	return;
8858cfc1	284	}
c9110c6c	285
c9110c6c	286	$birth = sprintf('%s-%s-%s',
5e2307dc	287	substr(Env::v('birth'), 4, 4),
	288	substr(Env::v('birth'), 2, 2),
	289	substr(Env::v('birth'), 0, 2));
8858cfc1	290
5e2307dc	291	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	292
6846791e FB	293	$profile = Profile::get(Env::t('login'));
	294	if (is_null($profile) \|\| $profile->birthdate != $birth) {
	295	$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
	296	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
	297	return;
	298	}
8c28edc9	299
6846791e FB	300	$user = $profile->owner();
	301	if ($user->state != 'active') {
	302	$page->trigError('Ton compte n\'est pas activé.');
	303	return;
	304	}
	305
c0436d0b	306	if ($user->lost) {
6846791e FB	307	$page->assign('no_addr', true);
	308	return;
	309	}
8858cfc1	310
6846791e FB	311	$page->assign('ok', true);
6846791e FB	312
c0436d0b	313	$url = rand_url_id();
06f4daf9	314	XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
6846791e	315	VALUES ({?},{?},NOW())', $url, $user->id());
c0436d0b SJ	316	$to = XDB::fetchOneCell('SELECT redirect
	317	FROM email_redirect_account
	318	WHERE uid = {?} AND redirect = {?}',
	319	$user->id(), Post::t('email'));
	320	if (is_null($to)) {
	321	$emails = XDB::fetchColumn('SELECT redirect
	322	FROM email_redirect_account
	323	WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
	324	$user->id());
	325	$inactives_to = implode(', ', $emails);
6846791e FB	326	}
	327	$mymail = new PlMailer();
	328	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
c0436d0b SJ	329	if (is_null($to)) {
	330	$mymail->addTo($user);
	331	$mymail->addTo($inactives_to);
	332	} else {
	333	$mymail->addTo($to);
	334	}
e46cf8c4	335	$mymail->setSubject("Ton certificat d'authentification");
6846791e	336	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
8858cfc1	337	{$globals->baseurl}/tmpPWD/$url
8858cfc1	338
e887e90d	339	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	340
eaf30d86	341	--
8858cfc1	342	Polytechnique.org
3bf63218	343	\"Le portail des élèves & anciens élèves de l'École polytechnique\"
8858cfc1	344
471882e8 SJ	345	Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
471882e8 SJ	346	Adresse de secours : ' . $to));
6846791e	347	$mymail->send();
8858cfc1	348
97a05304	349	S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
8858cfc1	350	}
8858cfc1	351
a88f005d RB	352	function handler_recovery_ext($page)
	353	{
	354	$page->changeTpl('xnet/recovery.tpl');
	355
	356	if (!Post::has('login')) {
	357	return;
	358	}
	359
	360	$user = User::getSilent(Post::t('login'));
	361	if (is_null($user)) {
	362	$page->trigError('Le compte n\'existe pas.');
	363	return;
	364	}
	365	if ($user->state != 'active') {
	366	$page->trigError('Ton compte n\'est pas activé.');
	367	return;
	368	}
	369
	370	$page->assign('ok', true);
	371
	372	$hash = rand_url_id();
	373	XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
	374	VALUES ({?}, NOW(), {?})',
	375	$user->id(), $hash);
	376
23906784	377	$mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
1bbba0f6	378	$mymail->setTo($user);
23906784 RB	379	$mymail->assign('hash', $hash);
23906784 RB	380	$mymail->assign('email', Post::t('login'));
a88f005d RB	381	$mymail->send();
	382
	383	S::logger($user->id())->log('recovery', $user->bestEmail());
	384	}
	385
26ba053e	386	function handler_tmpPWD($page, $certif = null)
6c49d0af	387	{
84270653	388	global $globals;
06f4daf9	389	XDB::execute('DELETE FROM account_lost_passwords
31e01c97	390	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	391
81b5a6c9	392	if (Post::has('pwhash') && Post::t('pwhash')) {
aba13e87 SJ	393	$uid = XDB::fetchOneCell('SELECT uid
	394	FROM accounts
	395	WHERE hruid = {?}',
	396	Post::t('username'));
81b5a6c9	397	$password = Post::t('pwhash');
31e01c97	398	XDB::query('UPDATE accounts
aba13e87	399	SET password = {?}
31e01c97 FB	400	WHERE uid = {?} AND state = \'active\'',
31e01c97 FB	401	$password, $uid);
06f4daf9	402	XDB::query('DELETE FROM account_lost_passwords
aba13e87	403	WHERE certificat = {?}', $certif);
84270653 VZ	404
	405	// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
	406	// updates the Google Apps password as well.
	407	if ($globals->mailstorage->googleapps_domain) {
	408	require_once 'googleapps.inc.php';
d56cb887	409	$account = new GoogleAppsAccount(User::getSilent($uid));
f5c4bf30	410	if ($account->active() && $account->sync_password) {
84270653 VZ	411	$account->set_password($password);
	412	}
	413	}
	414
cf40e1ae	415	S::logger($uid)->log("passwd", "");
30439e34 SJ	416
	417	// Try to start a session (so the user don't have to log in); we will use
	418	// the password available in Post:: to authenticate the user.
bfe9f4c7	419	Platal::session()->start(AUTH_PASSWD);
30439e34	420
8b1f8e12	421	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	422	} else {
aba13e87 SJ	423	$res = XDB::query('SELECT uid
	424	FROM account_lost_passwords
	425	WHERE certificat = {?}', $certif);
	426	$ligne = $res->fetchOneAssoc();
	427	if (!$ligne) {
	428	$page->changeTpl('platal/index.tpl');
	429	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	430	}
	431
30439e34 SJ	432	$hruid = XDB::fetchOneCell('SELECT hruid
	433	FROM accounts
	434	WHERE uid = {?}',
aba13e87	435	$ligne['uid']);
4baa7323	436	$page->changeTpl('platal/password.tpl');
30439e34	437	$page->assign('hruid', $hruid);
a9ec9298	438	$page->assign('do_auth', 1);
6c49d0af	439	}
6c49d0af	440	}
6c49d0af	441
a88f005d RB	442	function handler_register_ext($page, $hash = null)
	443	{
	444	XDB::execute('DELETE FROM register_pending_xnet
	445	WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
23906784	446	$res = XDB::fetchOneAssoc('SELECT uid, hruid, email
a88f005d RB	447	FROM register_pending_xnet
	448	WHERE hash = {?}',
	449	$hash);
	450
	451	if (is_null($hash) \|\| is_null($res)) {
	452	$page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
	453	}
	454
	455	if (Post::has('pwhash') && Post::t('pwhash')) {
23906784	456	XDB::startTransaction();
a88f005d RB	457	XDB::query('UPDATE accounts
	458	SET password = {?}, state = \'active\', registration_date = NOW()
	459	WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
	460	Post::t('pwhash'), $res['uid']);
	461	XDB::query('DELETE FROM register_pending_xnet
	462	WHERE uid = {?}',
23906784 RB	463	$res['uid']);
23906784 RB	464	XDB::commit();
a88f005d RB	465
	466	S::logger($res['uid'])->log('passwd', '');
	467
	468	// Try to start a session (so the user don't have to log in); we will use
	469	// the password available in Post:: to authenticate the user.
	470	Post::kill('wait');
	471	Platal::session()->startAvailableAuth();
	472
	473	$page->changeTpl('xnet/register.success.tpl');
	474	$page->assign('email', $res['email']);
	475	} else {
	476	$page->changeTpl('platal/password.tpl');
	477	$page->assign('xnet', true);
	478	$page->assign('hruid', $res['hruid']);
	479	$page->assign('do_auth', 1);
	480	}
	481	}
	482
26ba053e	483	function handler_skin($page)
9bae6004	484	{
	485	global $globals;
	486
8b1f8e12	487	$page->changeTpl('platal/skins.tpl');
46f272fe	488	$page->setTitle('Skins');
9bae6004	489
a7de4ef7	490	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
31e01c97 FB	491	XDB::execute('UPDATE accounts
	492	SET skin = {?}
	493	WHERE uid = {?}',
	494	Env::i('newskin'), S::i('uid'));
92e6a287	495	S::kill('skin');
47fa97fe	496	Platal::session()->setSkin();
9bae6004	497	}
9bae6004	498
31e01c97 FB	499	$res = XDB::query('SELECT id
	500	FROM skins
	501	WHERE skin_tpl = {?}', S::v('skin'));
92e6a287	502	$page->assign('skin_id', $res->fetchOneCell());
92e6a287	503
31e01c97 FB	504	$sql = 'SELECT s., auteur, COUNT() AS nb
	505	FROM skins AS s
	506	LEFT JOIN accounts AS a ON (a.skin = s.id)
	507	WHERE skin_tpl != \'\' AND ext != \'\'
	508	GROUP BY id ORDER BY s.date DESC';
a3afa47c	509	$page->assign('skins', XDB::iterator($sql));
9bae6004	510	}
4da0b8d7	511
26ba053e	512	function handler_exit($page, $level = null)
5de0b7e1	513	{
0c02607e	514	if (S::suid()) {
20b087ff FB	515	$old = S::user()->login();
20b087ff FB	516	S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
47fa97fe	517	Platal::session()->stopSUID();
20b087ff FB	518	$target = S::s('suid_startpage');
	519	S::kill('suid_startpage');
	520	if (!empty($target)) {
	521	http_redirect($target);
	522	}
	523	pl_redirect('admin/user/' . $old);
5de0b7e1	524	}
	525
	526	if ($level == 'forget' \|\| $level == 'forgetall') {
604dfd58	527	Platal::session()->killAccessCookie();
5de0b7e1	528	}
	529
	530	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
604dfd58	531	Platal::session()->killLoginFormCookies();
5de0b7e1	532	}
5de0b7e1	533
130b8708	534	if (S::logged()) {
59bec5bc FB	535	S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
59bec5bc FB	536	Platal::session()->destroy();
130b8708	537	}
5de0b7e1	538
5de0b7e1	539	if (Get::has('redirect')) {
5e2307dc	540	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	541	} else {
8b1f8e12	542	$page->changeTpl('platal/exit.tpl');
5de0b7e1	543	}
5de0b7e1	544	}
ddb64990	545
26ba053e	546	function handler_review($page, $action = null, $mode = null)
ddb64990	547	{
78507d96 AA	548	// Include X-XRDS-Location response-header for Yadis discovery
78507d96 AA	549	global $globals;
34d91db6	550	header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
78507d96	551
460d8f55	552	$this->load('review.inc.php');
ddb64990 FB	553	$dom = 'Review';
	554	if (@$GLOBALS['IS_XNET_SITE']) {
	555	$dom .= 'Xnet';
	556	}
8f201b69 FB	557	$wp = new PlWikiPage($dom . '.Admin');
8f201b69 FB	558	$conf = explode('%0a', $wp->getField('text'));
6d20fb1d	559	$wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
ddb64990 FB	560	foreach ($conf as $line) {
	561	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	562	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	563	}
	564	$wiz->apply($page, 'review', $action, $mode);
	565	}
e59506eb	566	}
e59506eb	567
a7de4ef7	568	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	569	?>