Commit | Line | Data |
---|---|---|
bd4be95d | 1 | <?php |
2 | /*************************************************************************** | |
5e1513f6 | 3 | * Copyright (C) 2003-2011 Polytechnique.org * |
bd4be95d | 4 | * http://opensource.polytechnique.org/ * |
5 | * * | |
6 | * This program is free software; you can redistribute it and/or modify * | |
7 | * it under the terms of the GNU General Public License as published by * | |
8 | * the Free Software Foundation; either version 2 of the License, or * | |
9 | * (at your option) any later version. * | |
10 | * * | |
11 | * This program is distributed in the hope that it will be useful, * | |
12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * | |
14 | * GNU General Public License for more details. * | |
15 | * * | |
16 | * You should have received a copy of the GNU General Public License * | |
17 | * along with this program; if not, write to the Free Software * | |
18 | * Foundation, Inc., * | |
19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * | |
20 | ***************************************************************************/ | |
21 | ||
22 | class XnetModule extends PLModule | |
23 | { | |
24 | function handlers() | |
25 | { | |
26 | return array( | |
5ae3e9a9 SJ |
27 | 'index' => $this->make_hook('index', AUTH_PUBLIC), |
28 | 'exit' => $this->make_hook('exit', AUTH_PUBLIC), | |
71fe935c | 29 | |
5ae3e9a9 SJ |
30 | 'admin' => $this->make_hook('admin', AUTH_MDP, 'admin'), |
31 | 'groups' => $this->make_hook('groups', AUTH_PUBLIC), | |
32 | 'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC), | |
33 | 'plan' => $this->make_hook('plan', AUTH_PUBLIC), | |
34 | 'photo' => $this->make_hook('photo', AUTH_MDP), | |
35 | 'autologin' => $this->make_hook('autologin', AUTH_MDP), | |
36 | 'login/ext' => $this->make_hook('login_ext', AUTH_PUBLIC), | |
b80cbf0d | 37 | 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC), |
e1e112b3 | 38 | 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC), |
5ae3e9a9 SJ |
39 | 'tmpPWD/ext' => $this->make_hook('tmpPWD_ext', AUTH_PUBLIC), |
40 | 'edit' => $this->make_hook('edit', AUTH_MDP, 'user'), | |
41 | 'password' => $this->make_hook('password', AUTH_MDP, 'user'), | |
6d69b527 | 42 | |
5ae3e9a9 | 43 | 'Xnet' => $this->make_wiki_hook(), |
bd4be95d | 44 | ); |
45 | } | |
46 | ||
26ba053e | 47 | function handler_photo($page, $x = null) |
deb09f59 | 48 | { |
706f830d | 49 | if (!$x || !($profile = Profile::get($x))) { |
deb09f59 | 50 | return PL_NOT_FOUND; |
51 | } | |
52 | ||
706f830d | 53 | // Retrieve the photo and its mime type. |
470d14f6 | 54 | $photo = $profile->getPhoto(true, true); |
deb09f59 | 55 | |
706f830d FB |
56 | // Display the photo, or a default one when not available. |
57 | $photo->send(); | |
deb09f59 | 58 | } |
eaf30d86 | 59 | |
26ba053e | 60 | function handler_index($page) |
bd4be95d | 61 | { |
d83a1b04 | 62 | $page->nomenu = true; |
bd4be95d | 63 | $page->changeTpl('xnet/index.tpl'); |
bd4be95d | 64 | } |
badfc7ee | 65 | |
26ba053e | 66 | function handler_exit($page) |
71fe935c | 67 | { |
ab694eb5 FB |
68 | Platal::session()->stopSUID(); |
69 | Platal::session()->destroy(); | |
b8e265bf | 70 | $page->changeTpl('xnet/deconnexion.tpl'); |
71fe935c | 71 | } |
72 | ||
26ba053e | 73 | function handler_admin($page) |
d55888e6 | 74 | { |
1490093c | 75 | $page->changeTpl('xnet/admin.tpl'); |
d55888e6 | 76 | |
77 | if (Get::has('del')) { | |
08cce2ff | 78 | $res = XDB::query('SELECT id, nom, mail_domain |
eb41eda9 | 79 | FROM groups WHERE diminutif={?}', |
5e2307dc | 80 | Get::v('del')); |
d55888e6 | 81 | list($id, $nom, $domain) = $res->fetchOneRow(); |
82 | $page->assign('nom', $nom); | |
40d428d8 VZ |
83 | if ($id && Post::has('del')) { |
84 | S::assert_xsrf_token(); | |
85 | ||
eb41eda9 | 86 | XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id); |
a7d35093 | 87 | $page->trigSuccess('membres supprimés'); |
d55888e6 | 88 | |
89 | if ($domain) { | |
831aa467 SJ |
90 | XDB::execute('DELETE v |
91 | FROM email_virtual AS v | |
92 | INNER JOIN email_virtual_domains AS d ON (v.domain = d.id) | |
93 | WHERE d.name = {?}', | |
94 | $domain); | |
95 | XDB::execute('DELETE FROM email_virtual_domains | |
96 | WHERE name = {?}', $domain); | |
a7d35093 | 97 | $page->trigSuccess('suppression des alias mails'); |
d55888e6 | 98 | |
9bb8bf21 | 99 | $mmlist = new MMList(S::v('uid'), S::v('password'), $domain); |
100 | if ($listes = $mmlist->get_lists()) { | |
d55888e6 | 101 | foreach ($listes as $l) { |
9bb8bf21 | 102 | $mmlist->delete_list($l['list'], true); |
d55888e6 | 103 | } |
a7d35093 | 104 | $page->trigSuccess('mail lists surpprimées'); |
d55888e6 | 105 | } |
106 | } | |
107 | ||
eb41eda9 | 108 | XDB::query('DELETE FROM groups WHERE id={?}', $id); |
a7d35093 | 109 | $page->trigSuccess("Groupe $nom supprimé"); |
d55888e6 | 110 | Get::kill('del'); |
111 | } | |
112 | if (!$id) { | |
113 | Get::kill('del'); | |
114 | } | |
115 | } | |
116 | ||
8d11b755 | 117 | if (Post::has('diminutif') && Post::v('diminutif') != "") { |
40d428d8 VZ |
118 | S::assert_xsrf_token(); |
119 | ||
3af5a31e | 120 | $res = XDB::query('SELECT COUNT(*) |
eb41eda9 | 121 | FROM groups |
3af5a31e SJ |
122 | WHERE diminutif = {?}', |
123 | Post::v('diminutif')); | |
124 | ||
125 | if ($res->fetchOneCell() == 0) { | |
eb41eda9 | 126 | XDB::execute('INSERT INTO groups (id, diminutif) |
3af5a31e SJ |
127 | VALUES (NULL, {?})', |
128 | Post::v('diminutif')); | |
fc4714d6 | 129 | pl_redirect(Post::v('diminutif') . '/edit'); |
3af5a31e SJ |
130 | } else { |
131 | $page->trigError('Le diminutif demandé est déjà pris.'); | |
132 | } | |
d55888e6 | 133 | } |
134 | ||
3af5a31e | 135 | $res = XDB::query('SELECT nom, diminutif |
eb41eda9 | 136 | FROM groups |
3af5a31e | 137 | ORDER BY nom'); |
d55888e6 | 138 | $page->assign('assos', $res->fetchAllAssoc()); |
139 | } | |
140 | ||
26ba053e | 141 | function handler_plan($page) |
71fe935c | 142 | { |
71fe935c | 143 | $page->changeTpl('xnet/plan.tpl'); |
144 | ||
145 | $page->setType('plan'); | |
146 | ||
08cce2ff | 147 | $res = XDB::iterator( |
e1406965 FB |
148 | 'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom |
149 | FROM group_dom AS dom | |
150 | INNER JOIN groups ON dom.id = groups.dom | |
151 | WHERE FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat) | |
152 | ORDER BY dom.nom, groups.nom'); | |
71fe935c | 153 | $groupesx = array(); |
154 | while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; } | |
155 | $page->assign('groupesx', $groupesx); | |
156 | ||
08cce2ff | 157 | $res = XDB::iterator( |
e1406965 FB |
158 | 'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom |
159 | FROM group_dom AS dom | |
160 | INNER JOIN groups ON dom.id = groups.dom | |
161 | WHERE FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat) | |
162 | ORDER BY dom.nom, groups.nom'); | |
71fe935c | 163 | $binets = array(); |
164 | while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; } | |
165 | $page->assign('binets', $binets); | |
166 | ||
08cce2ff | 167 | $res = XDB::iterator( |
e1406965 | 168 | 'SELECT diminutif, nom |
eb41eda9 | 169 | FROM groups |
71fe935c | 170 | WHERE cat LIKE "%Promotions%" |
171 | ORDER BY diminutif'); | |
172 | $page->assign('promos', $res); | |
173 | ||
08cce2ff | 174 | $res = XDB::iterator( |
e1406965 | 175 | 'SELECT diminutif, nom |
eb41eda9 | 176 | FROM groups |
71fe935c | 177 | WHERE FIND_IN_SET("Institutions", cat) |
178 | ORDER BY diminutif'); | |
179 | $page->assign('inst', $res); | |
045a1522 | 180 | } |
0e02493e | 181 | |
26ba053e | 182 | function handler_groups2($page) |
0e02493e | 183 | { |
26ba053e | 184 | $this->handler_groups($page, Get::v('cat'), Get::v('dom')); |
0e02493e | 185 | } |
186 | ||
26ba053e | 187 | function handler_groups($page, $cat = null, $dom = null) |
0e02493e | 188 | { |
0e02493e | 189 | if (!$cat) { |
26ba053e | 190 | $this->handler_index($page); |
0e02493e | 191 | } |
192 | ||
a953f7e7 | 193 | $cat = mb_strtolower($cat); |
0e02493e | 194 | |
195 | $page->changeTpl('xnet/groupes.tpl'); | |
196 | $page->assign('cat', $cat); | |
197 | $page->assign('dom', $dom); | |
198 | ||
aab2ffdd | 199 | $res = XDB::query("SELECT id,nom |
eb41eda9 | 200 | FROM group_dom |
00112b2e VZ |
201 | WHERE FIND_IN_SET({?}, cat) |
202 | ORDER BY nom", $cat); | |
0e02493e | 203 | $doms = $res->fetchAllAssoc(); |
204 | $page->assign('doms', $doms); | |
205 | ||
206 | if (empty($doms)) { | |
00112b2e | 207 | $res = XDB::query("SELECT diminutif, nom, site |
eb41eda9 | 208 | FROM groups |
00112b2e VZ |
209 | WHERE FIND_IN_SET({?}, cat) |
210 | ORDER BY nom", $cat); | |
f0430dc7 | 211 | $page->assign('gps', $res->fetchAllAssoc()); |
0e02493e | 212 | } elseif (!is_null($dom)) { |
00112b2e | 213 | $res = XDB::query("SELECT diminutif, nom, site |
eb41eda9 | 214 | FROM groups |
00112b2e VZ |
215 | WHERE FIND_IN_SET({?}, cat) AND dom={?} |
216 | ORDER BY nom", $cat, $dom); | |
f0430dc7 | 217 | $page->assign('gps', $res->fetchAllAssoc()); |
0e02493e | 218 | } |
0e02493e | 219 | |
0e02493e | 220 | $page->setType($cat); |
221 | } | |
eaf30d86 | 222 | |
26ba053e | 223 | function handler_autologin($page) |
4a8a1e0a | 224 | { |
8c5c6d64 | 225 | $allkeys = func_get_args(); |
226 | unset($allkeys[0]); | |
227 | $url = join('/',$allkeys); | |
3cb500d5 | 228 | pl_content_headers("text/javascript"); |
8c5c6d64 | 229 | echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});'; |
4a8a1e0a | 230 | exit; |
231 | } | |
f15d1307 | 232 | |
3c64137d SJ |
233 | function handler_login_ext($page) |
234 | { | |
235 | if (!S::logged()) { | |
236 | $page->changeTpl('xnet/login.tpl'); | |
237 | } else { | |
238 | pl_redirect(''); | |
239 | } | |
240 | } | |
241 | ||
b80cbf0d SJ |
242 | function handler_register_ext($page, $hash = null) |
243 | { | |
244 | XDB::execute('DELETE FROM register_pending_xnet | |
245 | WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date'); | |
246 | $res = XDB::fetchOneAssoc('SELECT uid, hruid | |
247 | FROM register_pending_xnet | |
248 | WHERE hash = {?}', | |
249 | $hash); | |
250 | ||
251 | if (is_null($hash) || is_null($res)) { | |
252 | $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', ''); | |
253 | } | |
254 | ||
255 | if (Post::has('pwhash') && Post::t('pwhash')) { | |
256 | XDB::query('UPDATE accounts | |
843707db | 257 | SET password = {?}, state = \'active\', registration_date = NOW() |
b80cbf0d SJ |
258 | WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'', |
259 | Post::t('pwhash'), $res['uid']); | |
260 | XDB::query('DELETE FROM register_pending_xnet | |
261 | WHERE uid = {?}', | |
262 | $res['uid']); | |
263 | ||
264 | S::logger($res['uid'])->log('passwd', ''); | |
30439e34 SJ |
265 | |
266 | // Try to start a session (so the user don't have to log in); we will use | |
267 | // the password available in Post:: to authenticate the user. | |
268 | Post::kill('wait'); | |
269 | Platal::session()->startAvailableAuth(); | |
270 | ||
b80cbf0d | 271 | $page->changeTpl('xnet/register.success.tpl'); |
8a0908db | 272 | $page->assign('email', $res['email']); |
b80cbf0d SJ |
273 | } else { |
274 | $page->changeTpl('platal/password.tpl'); | |
275 | $page->assign('xnet', true); | |
30439e34 | 276 | $page->assign('hruid', $res['hruid']); |
a9ec9298 | 277 | $page->assign('do_auth', 1); |
b80cbf0d SJ |
278 | } |
279 | } | |
280 | ||
e1e112b3 SJ |
281 | function handler_recovery_ext($page) |
282 | { | |
283 | $page->changeTpl('xnet/recovery.tpl'); | |
284 | ||
285 | if (!Post::has('login')) { | |
286 | return; | |
287 | } | |
288 | ||
289 | $user = User::getSilent(Post::t('login')); | |
290 | if (is_null($user)) { | |
291 | $page->trigError('Le compte n\'existe pas.'); | |
292 | return; | |
293 | } | |
294 | if ($user->state != 'active') { | |
295 | $page->trigError('Ton compte n\'est pas activé.'); | |
296 | return; | |
297 | } | |
298 | ||
299 | $page->assign('ok', true); | |
300 | ||
301 | $hash = rand_url_id(); | |
302 | XDB::execute('INSERT INTO account_xnet_lost_passwords (uid, date, hash) | |
303 | VALUES ({?}, NOW(), {?})', | |
304 | $user->id(), $hash); | |
305 | ||
306 | $mymail = new PlMailer(); | |
307 | $mymail->setFrom('"Gestion des mots de passe" <support+password@' . Platal::globals()->mail->domain . '>'); | |
308 | $mymail->addTo($user); | |
309 | $mymail->setSubject("Votre certificat d'authentification"); | |
310 | $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures : | |
4d74216b | 311 | http://polytechnique.net/tmpPWD/ext/$hash |
e1e112b3 SJ |
312 | |
313 | Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure. | |
314 | ||
315 | -- | |
316 | Polytechnique.org | |
317 | \"Le portail des élèves & anciens élèves de l'École polytechnique\" | |
318 | ||
319 | Email envoyé à " . Post::t('login')); | |
320 | $mymail->send(); | |
321 | ||
322 | S::logger($user->id())->log('recovery', $user->bestEmail()); | |
323 | } | |
324 | ||
325 | function handler_tmpPWD_ext($page, $hash = null) | |
326 | { | |
327 | global $globals; | |
328 | XDB::execute('DELETE FROM account_xnet_lost_passwords | |
329 | WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > date'); | |
330 | ||
331 | $uid = XDB::fetchOneCell('SELECT uid | |
332 | FROM account_xnet_lost_passwords | |
333 | WHERE hash = {?}', | |
334 | $hash); | |
335 | if (is_null($uid)) { | |
336 | $page->trigErrorRedirect("Cette adresse n'existe pas ou n'existe plus sur le serveur.", ''); | |
337 | } | |
338 | ||
8a0908db | 339 | $email = XDB::fetchOneCell('SELECT email |
e1e112b3 SJ |
340 | FROM accounts |
341 | WHERE uid = {?}', | |
342 | $uid); | |
343 | ||
344 | if (Post::has('pwhash') && Post::t('pwhash')) { | |
345 | $password = Post::t('pwhash'); | |
346 | XDB::query('UPDATE accounts | |
347 | SET password = {?} | |
348 | WHERE uid = {?} AND state = \'active\'', | |
349 | $password, $uid); | |
350 | XDB::query('DELETE FROM account_xnet_lost_passwords | |
351 | WHERE hash = {?}', | |
352 | $hash); | |
353 | ||
354 | S::logger($uid)->log('passwd', ''); | |
355 | ||
356 | // Try to start a session (so the user don't have to log in); we will use | |
357 | // the password available in Post:: to authenticate the user. | |
358 | Post::kill('wait'); | |
359 | Platal::session()->startAvailableAuth(); | |
360 | ||
361 | $page->changeTpl('xnet/register.success.tpl'); | |
8a0908db | 362 | $page->assign('email', $email); |
e1e112b3 SJ |
363 | } else { |
364 | $page->changeTpl('platal/password.tpl'); | |
365 | $page->assign('xnet_reset', true); | |
8a0908db | 366 | $page->assign('email', $email); |
a9ec9298 | 367 | $page->assign('do_auth', 1); |
e1e112b3 SJ |
368 | } |
369 | } | |
370 | ||
371 | ||
372 | ||
2a1cd4ab | 373 | function handler_edit($page) |
f15d1307 SJ |
374 | { |
375 | global $globals; | |
376 | ||
377 | $user = S::user(); | |
378 | if (empty($user)) { | |
379 | return PL_NOT_FOUND; | |
380 | } | |
381 | if ($user->type != 'xnet') { | |
382 | pl_redirect('index'); | |
383 | } | |
384 | ||
385 | $page->changeTpl('xnet/edit.tpl'); | |
386 | if (Post::has('change')) { | |
387 | S::assert_xsrf_token(); | |
388 | ||
389 | // Convert user status to X | |
390 | if (!Post::blank('login_X')) { | |
391 | $forlife = $this->changeLogin($page, $user, Post::t('login_X')); | |
392 | if ($forlife) { | |
393 | pl_redirect('index'); | |
394 | } | |
395 | } | |
396 | ||
397 | // Update user info | |
b7753795 SJ |
398 | $full_name = Post::t('firstname') . ' ' . Post::t('lastname'); |
399 | $directory_name = mb_strtoupper(Post::t('lastname')) . ' ' . Post::t('firstname'); | |
f15d1307 SJ |
400 | XDB::query('UPDATE accounts |
401 | SET full_name = {?}, directory_name = {?}, display_name = {?}, | |
b7753795 | 402 | firstname = {?}, lastname = {?}, sex = {?}, email = {?} |
f15d1307 | 403 | WHERE uid = {?}', |
b7753795 SJ |
404 | $full_name, $directory_name, Post::t('display_name'), |
405 | Post::t('firstname'), Post::t('lastname'), | |
f15d1307 | 406 | (Post::t('sex') == 'male') ? 'male' : 'female', Post::t('email'), $user->id()); |
f15d1307 | 407 | if (XDB::affectedRows()) { |
ca6980dc SJ |
408 | require_once 'emails.inc.php'; |
409 | if (require_email_update($user, Post::t('email'))) { | |
410 | $listClient = new MMList(S::user()); | |
411 | $listClient->change_user_email($user->forlifeEmail(), Post::t('email')); | |
412 | update_alias_user($user->forlifeEmail(), Post::t('email')); | |
413 | } | |
e716a2af SJ |
414 | $user = User::getWithUID($user->id()); |
415 | S::set('user', $user); | |
f15d1307 SJ |
416 | $page->trigSuccess('Données mises à jour.'); |
417 | } | |
418 | } | |
419 | ||
420 | $page->addJsLink('password.js'); | |
421 | $page->assign('user', $user); | |
422 | } | |
73f2bb48 SJ |
423 | |
424 | function handler_password ($page) | |
425 | { | |
426 | if (Post::has('pwhash') && Post::t('pwhash')) { | |
427 | S::assert_xsrf_token(); | |
428 | ||
429 | S::set('password', $password = Post::t('pwhash')); | |
430 | XDB::execute('UPDATE accounts | |
431 | SET password = {?} | |
432 | WHERE uid={?}', $password, | |
433 | S::i('uid')); | |
434 | S::logger()->log('passwd'); | |
435 | Platal::session()->setAccessCookie(true); | |
436 | $page->changeTpl('platal/password.success.tpl'); | |
437 | $page->run(); | |
438 | } | |
439 | ||
440 | $page->changeTpl('platal/password.tpl'); | |
441 | $page->assign('xnet_reset', true); | |
a9ec9298 | 442 | $page->assign('do_auth', 0); |
73f2bb48 | 443 | } |
bd4be95d | 444 | } |
445 | ||
a7de4ef7 | 446 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: |
bd4be95d | 447 | ?> |