[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'       => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'   => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                          => $this->make_hook('webredir',  AUTH_MDP),
            'prefs/skin'  => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),
            'review'        => $this->make_hook('review', AUTH_PUBLIC),
            'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            pl_redirect('review');
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
        header("Pragma:");
        header("Set-Cookie:");
        header("Cache-Control:");
        header("Expires:");
        header("Content-Type: application/x-x509-ca-cert");
        header("Content-Length: ".strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('platal/changeLog.tpl');

        $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        // url catch only (not all wiki syntax)
        $clog = preg_replace(array(
            '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
            '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
            '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
          array(
            '<a href="\\0">\\0</a>',
            '\\1<a href="http://www.\\2">www.\\2</a>',
            '<a href="mailto:\\0">\\0</a>'),
          $clog);
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $clog = preg_replace('!vim:.*$!', '', $clog);
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   S::v('core_rss_hash'), S::v('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   S::v('uid'));
            S::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes préférences');

        if (Post::has('mail_fmt')) {
            $fmt = Post::v('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     S::v('uid'));
            $_SESSION['mail_fmt'] = $fmt;
        }

        if (Post::has('rss')) {
            $this->__set_rss_state(Post::b('rss'));
        }
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('platal/webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& S::v('log');
        $url = Env::v('url');

        if (Env::v('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, S::v('uid'));
            $log->log('carva_add', 'http://'.Env::v('url'));
            $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
        } elseif (Env::v('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   S::v('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprimée');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    S::v('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activé.");
        }
    }

    function handler_password(&$page)
    {
        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::v('response2');

            XDB::execute('UPDATE  auth_user_md5
                             SET  password={?}
                           WHERE  user_id={?}', $password,
                           S::v('uid'));

            $log =& S::v('log');
            $log->log('passwd', '');

            if (Cookie::v('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('platal/motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/motdepasse.tpl');
        $page->addJsLink('motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');

        require_once 'wiki.inc.php';
        wiki_require_page('Xorg.SMTPSécurisé');
        wiki_require_page('Xorg.NNTPSécurisé');

        $uid  = S::v('uid');
        $pass = Env::v('smtppass1');
        $log  = S::v('log');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
        &&  Env::v('smtppass1') == Env::v('smtppass2'))
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistré');
            $log->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprimé');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trig('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en espérant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type != 'homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $res = XDB::query("SELECT  COUNT(*)
                                 FROM  emails
                                WHERE  uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
            $count = intval($res->fetchOneCell());
            if ($count == 0) {
                $page->assign('no_addr', true);
                return;
            }

            $page->assign('ok', true);

            $url   = rand_url_id();
            XDB::execute('INSERT INTO  perte_pass (certificat,uid,created)
                               VALUES  ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT  email
                                   FROM  emails
                                  WHERE  uid = {?} AND email = {?}',
                                $uid, Post::v('email'));
            if ($res->numRows()) {
                $mails = $res->fetchOneCell();
            } else {
                $res   = XDB::query('SELECT  email
                                       FROM  emails
                                      WHERE  uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
                $mails = implode(', ', $res->fetchColumn());
            }
            $mymail = new PlMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"

Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new CoreLogger($uid);
            $logger->log('recovery', $mails);
        } else {
            $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::v('response2');
            $logger   = new CoreLogger($uid);
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/motdepasse.tpl');
            $page->addJsLink('motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE auth_user_quick
                             SET skin={?} WHERE user_id={?}',
                         Env::i('newskin'), S::v('uid'));
            S::kill('skin');
            set_skin();
        }

        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (S::has('suid')) {
            $a4l  = S::v('forlife');
            $suid = S::v('suid');
            $log  = S::v('log');
            $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
            $_SESSION = $suid;
            S::kill('suid');
            pl_redirect('admin/user/' . $a4l);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review(&$page, $action = null, $mode = null) 
    {
        require_once 'wiki.inc.php';
        require_once dirname(__FILE__) . '/platal/review.inc.php';
        $dir = wiki_work_dir();
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        if (!is_dir($dir)) {
            $page->kill("Impossible de trouver le wiki");
        }
        if (!file_exists($dir . '/' . $dom . '.Admin')) {
            $page->kill("Impossible de trouver la page d'administration");
        }
        $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
        $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
        $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
e59506eb	1	<?php
e59506eb	2	/***************************************************************************
5ddeb07c	3	* Copyright (C) 2003-2007 Polytechnique.org *
e59506eb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
5de0b7e1	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
e59506eb	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
c9178c75	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
ddb64990	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
5de0b7e1	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
5de0b7e1	44
4da0b8d7	45	// Preferences thingies
bee33d93	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
bee33d93	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
bce2f8eb	48	'prefs/webredirect'
bee33d93	49	=> $this->make_hook('webredir', AUTH_MDP),
bee33d93	50	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
4da0b8d7	51
4da0b8d7	52	// password related thingies
1a5da857	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
8858cfc1	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
5de0b7e1	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
ddb64990	58	'review' => $this->make_hook('review', AUTH_PUBLIC),
58abb43b	59	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
e59506eb	60	);
	61	}
	62
c9178c75	63	function handler_index(&$page)
c9178c75	64	{
cab08090	65	if (S::logged()) {
8b00e0e0	66	pl_redirect('events');
ddb64990 FB	67	} else if (!@$GLOBALS['IS_XNET_SITE']) {
ddb64990 FB	68	pl_redirect('review');
c9178c75	69	}
c9178c75	70	}
c9178c75	71
5de0b7e1	72	function handler_cacert(&$page)
5de0b7e1	73	{
ca877168	74	$data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
ca877168	75	header("Pragma:");
dc41059a	76	header("Set-Cookie:");
	77	header("Cache-Control:");
	78	header("Expires:");
	79	header("Content-Type: application/x-x509-ca-cert");
ca877168	80	header("Content-Length: ".strlen($data));
5de0b7e1	81	echo $data;
	82	exit;
	83	}
	84
	85	function handler_changelog(&$page)
	86	{
8b1f8e12	87	$page->changeTpl('platal/changeLog.tpl');
5de0b7e1	88
493b6abe	89	$clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
4e95f720	90	// url catch only (not all wiki syntax)
	91	$clog = preg_replace(array(
	92	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	93	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	94	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	95	array(
	96	'<a href="\\0">\\0</a>',
	97	'\\1<a href="http://www.\\2">www.\\2</a>',
	98	'<a href="mailto:\\0">\\0</a>'),
	99	$clog);
5de0b7e1	100	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
9408f155	101	$clog = preg_replace('!vim:.*$!', '', $clog);
5de0b7e1	102	$page->assign('ChangeLog', $clog);
	103	}
	104
7927d719	105	function __set_rss_state($state)
7927d719	106	{
7927d719	107	if ($state) {
7927d719	108	$_SESSION['core_rss_hash'] = rand_url_id(16);
08cce2ff	109	XDB::execute('UPDATE auth_user_quick
7927d719	110	SET core_rss_hash={?} WHERE user_id={?}',
cab08090	111	S::v('core_rss_hash'), S::v('uid'));
7927d719	112	} else {
08cce2ff	113	XDB::execute('UPDATE auth_user_quick
7927d719	114	SET core_rss_hash="" WHERE user_id={?}',
cab08090	115	S::v('uid'));
cab08090	116	S::kill('core_rss_hash');
7927d719	117	}
	118	}
	119
e59506eb	120	function handler_prefs(&$page)
e59506eb	121	{
8b1f8e12	122	$page->changeTpl('platal/preferences.tpl');
a7de4ef7	123	$page->assign('xorg_title','Polytechnique.org - Mes préférences');
e59506eb	124
bee33d93	125	if (Post::has('mail_fmt')) {
5e2307dc	126	$fmt = Post::v('mail_fmt');
e59506eb	127	if ($fmt != 'texte') $fmt = 'html';
08cce2ff	128	XDB::execute("UPDATE auth_user_quick
e59506eb	129	SET core_mail_fmt = '$fmt'
e59506eb	130	WHERE user_id = {?}",
cab08090	131	S::v('uid'));
e59506eb	132	$_SESSION['mail_fmt'] = $fmt;
e59506eb	133	}
e59506eb	134
bee33d93	135	if (Post::has('rss')) {
5e2307dc	136	$this->__set_rss_state(Post::b('rss'));
e59506eb	137	}
e59506eb	138	}
9bae6004	139
bce2f8eb	140	function handler_webredir(&$page)
bce2f8eb	141	{
8b1f8e12	142	$page->changeTpl('platal/webredirect.tpl');
bce2f8eb	143
	144	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	145
cab08090	146	$log =& S::v('log');
5e2307dc	147	$url = Env::v('url');
bce2f8eb	148
5e2307dc	149	if (Env::v('submit') == 'Valider' and Env::has('url')) {
08cce2ff	150	XDB::execute('UPDATE auth_user_quick
bce2f8eb	151	SET redirecturl = {?} WHERE user_id = {?}',
cab08090	152	$url, S::v('uid'));
5e2307dc	153	$log->log('carva_add', 'http://'.Env::v('url'));
a7de4ef7	154	$page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
5e2307dc	155	} elseif (Env::v('submit') == "Supprimer") {
08cce2ff	156	XDB::execute("UPDATE auth_user_quick
bce2f8eb	157	SET redirecturl = ''
bce2f8eb	158	WHERE user_id = {?}",
cab08090	159	S::v('uid'));
bce2f8eb	160	$log->log("carva_del", $url);
bce2f8eb	161	Post::kill('url');
a7de4ef7	162	$page->trig('Redirection supprimée');
bce2f8eb	163	}
bce2f8eb	164
08cce2ff	165	$res = XDB::query('SELECT redirecturl
bce2f8eb	166	FROM auth_user_quick
bce2f8eb	167	WHERE user_id = {?}',
cab08090	168	S::v('uid'));
bce2f8eb	169	$page->assign('carva', $res->fetchOneCell());
bce2f8eb	170	}
bce2f8eb	171
4da0b8d7	172	function handler_prefs_rss(&$page)
7927d719	173	{
8b1f8e12	174	$page->changeTpl('platal/filrss.tpl');
7927d719	175
5e2307dc	176	$page->assign('goback', Env::v('referer', 'login'));
7927d719	177
5e2307dc	178	if (Env::v('act_rss') == 'Activer') {
7927d719	179	$this->__set_rss_state(true);
a7de4ef7	180	$page->trig("Ton Fil RSS est activé.");
7927d719	181	}
7927d719	182	}
7927d719	183
7c77c3ee	184	function handler_password(&$page)
7c77c3ee	185	{
7c77c3ee	186	if (Post::has('response2')) {
	187	require_once 'secure_hash.inc.php';
	188
5e2307dc	189	$_SESSION['password'] = $password = Post::v('response2');
7c77c3ee	190
eaf30d86	191	XDB::execute('UPDATE auth_user_md5
9ffe0e77	192	SET password={?}
	193	WHERE user_id={?}', $password,
	194	S::v('uid'));
7c77c3ee	195
cab08090	196	$log =& S::v('log');
7c77c3ee	197	$log->log('passwd', '');
7c77c3ee	198
5e2307dc	199	if (Cookie::v('ORGaccess')) {
7c77c3ee	200	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	201	}
	202
8b1f8e12	203	$page->changeTpl('platal/motdepasse.success.tpl');
7c77c3ee	204	$page->run();
	205	}
	206
8b1f8e12	207	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	208	$page->addJsLink('motdepasse.js');
7c77c3ee	209	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
7c77c3ee	210	}
7c77c3ee	211
1a5da857	212	function handler_smtppass(&$page)
1a5da857	213	{
8b1f8e12	214	$page->changeTpl('platal/acces_smtp.tpl');
1a5da857	215	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
eaf30d86	216
41e3c724	217	require_once 'wiki.inc.php';
a7de4ef7	218	wiki_require_page('Xorg.SMTPSécurisé');
a7de4ef7	219	wiki_require_page('Xorg.NNTPSécurisé');
1a5da857	220
cab08090	221	$uid = S::v('uid');
5e2307dc	222	$pass = Env::v('smtppass1');
cab08090	223	$log = S::v('log');
1a5da857	224
eaf30d86 PH	225	if (Env::v('op') == "Valider" && strlen($pass) >= 6
eaf30d86 PH	226	&& Env::v('smtppass1') == Env::v('smtppass2'))
1a5da857	227	{
08cce2ff	228	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
1a5da857	229	WHERE user_id = {?}', $pass, $uid);
a7de4ef7	230	$page->trig('Mot de passe enregistré');
1a5da857	231	$log->log("passwd_ssl");
5e2307dc	232	} elseif (Env::v('op') == "Supprimer") {
08cce2ff	233	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
1a5da857	234	WHERE user_id = {?}', $uid);
a7de4ef7	235	$page->trig('Compte SMTP et NNTP supprimé');
1a5da857	236	$log->log("passwd_del");
	237	}
	238
eaf30d86	239	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
1a5da857	240	FROM auth_user_md5
	241	WHERE user_id = {?}", $uid);
	242	$page->assign('actif', $res->fetchOneCell());
1a5da857	243	}
1a5da857	244
8858cfc1	245	function handler_recovery(&$page)
	246	{
	247	global $globals;
	248
8b1f8e12	249	$page->changeTpl('platal/recovery.tpl');
8858cfc1	250
8858cfc1	251	if (!Env::has('login') \|\| !Env::has('birth')) {
fd8f77de	252	return;
8858cfc1	253	}
8858cfc1	254
5e2307dc	255	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
a7de4ef7	256	$page->trig('Date de naissance incorrecte ou incohérente');
c9110c6c	257	return;
8858cfc1	258	}
c9110c6c	259
c9110c6c	260	$birth = sprintf('%s-%s-%s',
5e2307dc	261	substr(Env::v('birth'), 4, 4),
	262	substr(Env::v('birth'), 2, 2),
	263	substr(Env::v('birth'), 0, 2));
8858cfc1	264
5e2307dc	265	$mailorg = strtok(Env::v('login'), '@');
8858cfc1	266
a7de4ef7	267	// paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
a7de4ef7	268	// avec celle fournie ici en espérant que c'est la bonne
8858cfc1	269
08cce2ff	270	$res = XDB::query(
8858cfc1	271	"SELECT user_id, naissance
8858cfc1	272	FROM auth_user_md5 AS u
3a5c1551	273	INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
8858cfc1	274	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	275	list($uid, $naissance) = $res->fetchOneRow();
	276
	277	if ($naissance == $birth) {
8c28edc9	278	$res = XDB::query("SELECT COUNT(*)
	279	FROM emails
	280	WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
	281	$count = intval($res->fetchOneCell());
	282	if ($count == 0) {
	283	$page->assign('no_addr', true);
	284	return;
	285	}
	286
8858cfc1	287	$page->assign('ok', true);
8858cfc1	288
eaf30d86 PH	289	$url = rand_url_id();
eaf30d86 PH	290	XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
a4d5829b	291	VALUES ({?},{?},NOW())', $url, $uid);
	292	$res = XDB::query('SELECT email
	293	FROM emails
	294	WHERE uid = {?} AND email = {?}',
	295	$uid, Post::v('email'));
	296	if ($res->numRows()) {
	297	$mails = $res->fetchOneCell();
	298	} else {
	299	$res = XDB::query('SELECT email
	300	FROM emails
	301	WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	302	$mails = implode(', ', $res->fetchColumn());
	303	}
1e33266a	304	$mymail = new PlMailer();
1d55fe45	305	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
8858cfc1	306	$mymail->addTo($mails);
	307	$mymail->setSubject('Ton certificat d\'authentification');
	308	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	309	{$globals->baseurl}/tmpPWD/$url
	310
e887e90d	311	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
8858cfc1	312
eaf30d86	313	--
8858cfc1	314	Polytechnique.org
a7de4ef7	315	\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
8858cfc1	316
a7de4ef7	317	Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
a4d5829b	318	Adresse de secours : " . Post::v('email') : ""));
8858cfc1	319	$mymail->send();
	320
	321	// on cree un objet logger et on log l'evenement
c4271d38	322	$logger = $_SESSION['log'] = new CoreLogger($uid);
a4d5829b	323	$logger->log('recovery', $mails);
8858cfc1	324	} else {
a7de4ef7	325	$page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
3a5c1551	326	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
8858cfc1	327	}
8858cfc1	328	}
8858cfc1	329
6c49d0af	330	function handler_tmpPWD(&$page, $certif = null)
6c49d0af	331	{
08cce2ff	332	XDB::execute('DELETE FROM perte_pass
6c49d0af	333	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
6c49d0af	334
08cce2ff	335	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	336	$ligne = $res->fetchOneAssoc();
6c49d0af	337	if (!$ligne) {
8b1f8e12	338	$page->changeTpl('platal/index.tpl');
6c49d0af	339	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	340	}
	341
	342	$uid = $ligne["uid"];
	343	if (Post::has('response2')) {
5e2307dc	344	$password = Post::v('response2');
c4271d38	345	$logger = new CoreLogger($uid);
08cce2ff	346	XDB::query('UPDATE auth_user_md5 SET password={?}
6c49d0af	347	WHERE user_id={?} AND perms IN("admin","user")',
6c49d0af	348	$password, $uid);
08cce2ff	349	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
6c49d0af	350	$logger->log("passwd","");
8b1f8e12	351	$page->changeTpl('platal/tmpPWD.success.tpl');
6c49d0af	352	} else {
8b1f8e12	353	$page->changeTpl('platal/motdepasse.tpl');
c99ef281	354	$page->addJsLink('motdepasse.js');
6c49d0af	355	}
6c49d0af	356	}
6c49d0af	357
9bae6004	358	function handler_skin(&$page)
	359	{
	360	global $globals;
	361
8b1f8e12	362	$page->changeTpl('platal/skins.tpl');
9bae6004	363	$page->assign('xorg_title','Polytechnique.org - Skins');
9bae6004	364
a7de4ef7	365	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
08cce2ff	366	XDB::execute('UPDATE auth_user_quick
63528107	367	SET skin={?} WHERE user_id={?}',
5e2307dc	368	Env::i('newskin'), S::v('uid'));
92e6a287	369	S::kill('skin');
9bae6004	370	set_skin();
	371	}
	372
92e6a287	373	$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
	374	$page->assign('skin_id', $res->fetchOneCell());
	375
9bae6004	376	$sql = "SELECT s.,auteur,count() AS nb
	377	FROM skins AS s
	378	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	379	WHERE skin_tpl != '' AND ext != ''
	380	GROUP BY id ORDER BY s.date DESC";
a3afa47c	381	$page->assign('skins', XDB::iterator($sql));
9bae6004	382	}
4da0b8d7	383
5de0b7e1	384	function handler_exit(&$page, $level = null)
5de0b7e1	385	{
cab08090	386	if (S::has('suid')) {
e74411f7	387	$a4l = S::v('forlife');
	388	$suid = S::v('suid');
	389	$log = S::v('log');
	390	$log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
	391	$_SESSION = $suid;
	392	S::kill('suid');
	393	pl_redirect('admin/user/' . $a4l);
5de0b7e1	394	}
	395
	396	if ($level == 'forget' \|\| $level == 'forgetall') {
	397	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	398	Cookie::kill('ORGaccess');
	399	if (isset($_SESSION['log']))
	400	$_SESSION['log']->log("cookie_off");
	401	}
	402
	403	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	404	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	405	Cookie::kill('ORGuid');
	406	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	407	Cookie::kill('ORGdomain');
	408	}
	409
	410	if (isset($_SESSION['log'])) {
	411	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	412	$_SESSION['log']->log('deconnexion',$ref);
	413	}
	414
	415	XorgSession::destroy();
	416
	417	if (Get::has('redirect')) {
5e2307dc	418	http_redirect(rawurldecode(Get::v('redirect')));
5de0b7e1	419	} else {
8b1f8e12	420	$page->changeTpl('platal/exit.tpl');
5de0b7e1	421	}
5de0b7e1	422	}
ddb64990 FB	423
	424	function handler_review(&$page, $action = null, $mode = null)
	425	{
	426	require_once 'wiki.inc.php';
	427	require_once dirname(__FILE__) . '/platal/review.inc.php';
	428	$dir = wiki_work_dir();
	429	$dom = 'Review';
	430	if (@$GLOBALS['IS_XNET_SITE']) {
	431	$dom .= 'Xnet';
	432	}
	433	if (!is_dir($dir)) {
	434	$page->kill("Impossible de trouver le wiki");
	435	}
	436	if (!file_exists($dir . '/' . $dom . '.Admin')) {
	437	$page->kill("Impossible de trouver la page d'administration");
	438	}
	439	$conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
	440	$conf = preg_split('/(text\=\|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
	441	$wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
	442	foreach ($conf as $line) {
	443	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	444	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	445	}
	446	$wiz->apply($page, 'review', $action, $mode);
	447	}
e59506eb	448	}
e59506eb	449
a7de4ef7	450	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
e59506eb	451	?>