[platal.git] / modules / xnet.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XnetModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
            'exit'        => $this->make_hook('exit',      AUTH_PUBLIC),

            'admin'       => $this->make_hook('admin',     AUTH_MDP, 'admin'),
            'groups'      => $this->make_hook('groups',    AUTH_PUBLIC),
            'groupes.php' => $this->make_hook('groups2',   AUTH_PUBLIC),
            'plan'        => $this->make_hook('plan',      AUTH_PUBLIC),
            'photo'       => $this->make_hook('photo',     AUTH_MDP),
            'autologin'   => $this->make_hook('autologin', AUTH_MDP),
            'login/ext'   => $this->make_hook('login_ext', AUTH_PUBLIC),
            'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
            'edit'        => $this->make_hook('edit',      AUTH_MDP, 'user'),
            'password'    => $this->make_hook('password',  AUTH_MDP, 'user'),

            'Xnet'        => $this->make_wiki_hook(),
        );
    }

    function handler_photo($page, $x = null)
    {
        if (!$x || !($profile = Profile::get($x))) {
            return PL_NOT_FOUND;
        }

        // Retrieve the photo and its mime type.
        $photo = $profile->getPhoto(true, true);

        // Display the photo, or a default one when not available.
        $photo->send();
    }

    function handler_index($page)
    {
        $page->nomenu = true;
        $page->changeTpl('xnet/index.tpl');
    }

    function handler_exit($page)
    {
        Platal::session()->stopSUID();
        Platal::session()->destroy();
        $page->changeTpl('xnet/deconnexion.tpl');
    }

    function handler_admin($page)
    {
        $page->changeTpl('xnet/admin.tpl');

        if (Get::has('del')) {
            $res = XDB::query('SELECT id, nom, mail_domain
                                           FROM groups WHERE diminutif={?}',
                                        Get::v('del'));
            list($id, $nom, $domain) = $res->fetchOneRow();
            $page->assign('nom', $nom);
            if ($id && Post::has('del')) {
                S::assert_xsrf_token();

                XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
                $page->trigSuccess('membres supprimés');

                if ($domain) {
                    XDB::execute('DELETE  v
                                    FROM  email_virtual         AS v
                              INNER JOIN  email_virtual_domains AS d ON (v.domain = d.id)
                                   WHERE  d.name = {?}',
                                 $domain);
                    XDB::execute('DELETE FROM  email_virtual_domains
                                        WHERE  name = {?}', $domain);
                    $page->trigSuccess('suppression des alias mails');

                    $mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
                    if ($listes = $mmlist->get_lists()) {
                        foreach ($listes as $l) {
                            $mmlist->delete_list($l['list'], true);
                        }
                        $page->trigSuccess('mail lists surpprimées');
                    }
                }

                XDB::query('DELETE FROM groups WHERE id={?}', $id);
                $page->trigSuccess("Groupe $nom supprimé");
                Get::kill('del');
            }
            if (!$id) {
                Get::kill('del');
            }
        }

        if (Post::has('diminutif') && Post::v('diminutif') != "") {
            S::assert_xsrf_token();

            $res = XDB::query('SELECT  COUNT(*)
                                 FROM  groups
                                WHERE  diminutif = {?}',
                              Post::v('diminutif'));

            if ($res->fetchOneCell() == 0) {
                XDB::execute('INSERT INTO  groups (id, diminutif)
                                   VALUES  (NULL, {?})',
                             Post::v('diminutif'));
                pl_redirect(Post::v('diminutif') . '/edit');
            } else {
                $page->trigError('Le diminutif demandé est déjà pris.');
            }
        }

        $res = XDB::query('SELECT  nom, diminutif
                             FROM  groups
                         ORDER BY  nom');
        $page->assign('assos', $res->fetchAllAssoc());
    }

    function handler_plan($page)
    {
        $page->changeTpl('xnet/plan.tpl');

        $page->setType('plan');

        $res = XDB::iterator(
                'SELECT  dom.id, dom.nom as domnom, groups.diminutif, groups.nom
                   FROM  group_dom AS dom
             INNER JOIN  groups ON dom.id = groups.dom
                  WHERE  FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat)
               ORDER BY  dom.nom, groups.nom');
        $groupesx = array();
        while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; }
        $page->assign('groupesx', $groupesx);

        $res = XDB::iterator(
                'SELECT  dom.id, dom.nom as domnom, groups.diminutif, groups.nom
                   FROM  group_dom AS dom
             INNER JOIN  groups ON dom.id = groups.dom
                  WHERE  FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat)
               ORDER BY  dom.nom, groups.nom');
        $binets = array();
        while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; }
        $page->assign('binets', $binets);

        $res = XDB::iterator(
                'SELECT  diminutif, nom
                   FROM  groups
                  WHERE  cat LIKE "%Promotions%"
               ORDER BY  diminutif');
        $page->assign('promos', $res);

        $res = XDB::iterator(
                'SELECT  diminutif, nom
                   FROM  groups
                  WHERE  FIND_IN_SET("Institutions", cat)
               ORDER BY  diminutif');
        $page->assign('inst', $res);
    }

    function handler_groups2($page)
    {
        $this->handler_groups($page, Get::v('cat'), Get::v('dom'));
    }

    function handler_groups($page, $cat = null, $dom = null)
    {
        if (!$cat) {
            $this->handler_index($page);
        }

        $cat = mb_strtolower($cat);

        $page->changeTpl('xnet/groupes.tpl');
        $page->assign('cat', $cat);
        $page->assign('dom', $dom);

        $res  = XDB::query("SELECT  id,nom
                              FROM  group_dom
                             WHERE  FIND_IN_SET({?}, cat)
                          ORDER BY  nom", $cat);
        $doms = $res->fetchAllAssoc();
        $page->assign('doms', $doms);

        if (empty($doms)) {
            $res = XDB::query("SELECT  diminutif, nom, site
                                 FROM  groups
                                WHERE  FIND_IN_SET({?}, cat)
                                ORDER  BY nom", $cat);
            $page->assign('gps', $res->fetchAllAssoc());
        } elseif (!is_null($dom)) {
            $res = XDB::query("SELECT  diminutif, nom, site
                                 FROM  groups
                                WHERE  FIND_IN_SET({?}, cat) AND dom={?}
                             ORDER BY  nom", $cat, $dom);
            $page->assign('gps', $res->fetchAllAssoc());
        }

        $page->setType($cat);
    }

    function handler_autologin($page)
    {
        $allkeys = func_get_args();
        unset($allkeys[0]);
        $url = join('/',$allkeys);
        pl_content_headers("text/javascript");
        echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
        exit;
    }

    function handler_login_ext($page)
    {
        if (!S::logged()) {
            $page->changeTpl('xnet/login.tpl');
        } else {
            pl_redirect('');
        }
    }

    function handler_register_ext($page, $hash = null)
    {
        XDB::execute('DELETE FROM  register_pending_xnet
                            WHERE  DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
        $res = XDB::fetchOneAssoc('SELECT  uid, hruid
                                     FROM  register_pending_xnet
                                    WHERE  hash = {?}',
                                  $hash);

        if (is_null($hash) || is_null($res)) {
            $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
        }

        if (Post::has('pwhash') && Post::t('pwhash')) {
            XDB::query('UPDATE  accounts
                           SET  password = {?}, state = \'active\'
                         WHERE  uid = {?} AND state = \'pending\' AND type = \'xnet\'',
                       Post::t('pwhash'), $res['uid']);
            XDB::query('DELETE FROM  register_pending_xnet
                              WHERE  uid = {?}',
                       $res['uid']);

            S::logger($res['uid'])->log('passwd', '');

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Post::kill('wait');
            Platal::session()->startAvailableAuth();

            $page->changeTpl('xnet/register.success.tpl');
            $page->assign('hruid', $res['hruid']);
        } else {
            $page->changeTpl('platal/password.tpl');
            $page->assign('xnet', true);
            $page->assign('hruid', $res['hruid']);
            $page->assign('do_auth', true);
        }
    }

    function handler_edit($page)
    {
        global $globals;

        $user = S::user();
        if (empty($user)) {
            return PL_NOT_FOUND;
        }
        if ($user->type != 'xnet') {
            pl_redirect('index');
        }

        $page->changeTpl('xnet/edit.tpl');
        if (Post::has('change')) {
            S::assert_xsrf_token();

            // Convert user status to X
            if (!Post::blank('login_X')) {
                $forlife = $this->changeLogin($page, $user, Post::t('login_X'));
                if ($forlife) {
                    pl_redirect('index');
                }
            }

            // Update user info
            XDB::query('UPDATE  accounts
                           SET  full_name = {?}, directory_name = {?}, display_name = {?},
                                sex = {?}, email = {?}
                         WHERE  uid = {?}',
                       Post::t('full_name'), Post::t('directory_name'), Post::t('display_name'),
                       (Post::t('sex') == 'male') ? 'male' : 'female', Post::t('email'), $user->id());
            if (XDB::affectedRows()) {
                $page->trigSuccess('Données mises à jour.');
            }
        }

        $page->addJsLink('password.js');
        $page->assign('user', $user);
    }

    function handler_password ($page)
    {
        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));
            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);
            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->assign('xnet_reset', true);
        $page->assign('do_auth', false);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
bd4be95d	1	<?php
bd4be95d	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
bd4be95d	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class XnetModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
020c8ed0 SJ	27	'index' => $this->make_hook('index', AUTH_PUBLIC),
020c8ed0 SJ	28	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
71fe935c	29
020c8ed0 SJ	30	'admin' => $this->make_hook('admin', AUTH_MDP, 'admin'),
	31	'groups' => $this->make_hook('groups', AUTH_PUBLIC),
	32	'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC),
	33	'plan' => $this->make_hook('plan', AUTH_PUBLIC),
	34	'photo' => $this->make_hook('photo', AUTH_MDP),
	35	'autologin' => $this->make_hook('autologin', AUTH_MDP),
3c64137d	36	'login/ext' => $this->make_hook('login_ext', AUTH_PUBLIC),
b80cbf0d	37	'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
f15d1307	38	'edit' => $this->make_hook('edit', AUTH_MDP, 'user'),
73f2bb48	39	'password' => $this->make_hook('password', AUTH_MDP, 'user'),
6d69b527 FB	40
6d69b527 FB	41	'Xnet' => $this->make_wiki_hook(),
bd4be95d	42	);
	43	}
	44
26ba053e	45	function handler_photo($page, $x = null)
deb09f59	46	{
706f830d	47	if (!$x \|\| !($profile = Profile::get($x))) {
deb09f59	48	return PL_NOT_FOUND;
	49	}
	50
706f830d	51	// Retrieve the photo and its mime type.
470d14f6	52	$photo = $profile->getPhoto(true, true);
deb09f59	53
706f830d FB	54	// Display the photo, or a default one when not available.
706f830d FB	55	$photo->send();
deb09f59	56	}
eaf30d86	57
26ba053e	58	function handler_index($page)
bd4be95d	59	{
d83a1b04	60	$page->nomenu = true;
bd4be95d	61	$page->changeTpl('xnet/index.tpl');
bd4be95d	62	}
badfc7ee	63
26ba053e	64	function handler_exit($page)
71fe935c	65	{
ab694eb5 FB	66	Platal::session()->stopSUID();
ab694eb5 FB	67	Platal::session()->destroy();
b8e265bf	68	$page->changeTpl('xnet/deconnexion.tpl');
71fe935c	69	}
71fe935c	70
26ba053e	71	function handler_admin($page)
d55888e6	72	{
1490093c	73	$page->changeTpl('xnet/admin.tpl');
d55888e6	74
d55888e6	75	if (Get::has('del')) {
08cce2ff	76	$res = XDB::query('SELECT id, nom, mail_domain
eb41eda9	77	FROM groups WHERE diminutif={?}',
5e2307dc	78	Get::v('del'));
d55888e6	79	list($id, $nom, $domain) = $res->fetchOneRow();
d55888e6	80	$page->assign('nom', $nom);
40d428d8 VZ	81	if ($id && Post::has('del')) {
	82	S::assert_xsrf_token();
	83
eb41eda9	84	XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
a7d35093	85	$page->trigSuccess('membres supprimés');
d55888e6	86
d55888e6	87	if ($domain) {
831aa467 SJ	88	XDB::execute('DELETE v
	89	FROM email_virtual AS v
	90	INNER JOIN email_virtual_domains AS d ON (v.domain = d.id)
	91	WHERE d.name = {?}',
	92	$domain);
	93	XDB::execute('DELETE FROM email_virtual_domains
	94	WHERE name = {?}', $domain);
a7d35093	95	$page->trigSuccess('suppression des alias mails');
d55888e6	96
9bb8bf21	97	$mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
9bb8bf21	98	if ($listes = $mmlist->get_lists()) {
d55888e6	99	foreach ($listes as $l) {
9bb8bf21	100	$mmlist->delete_list($l['list'], true);
d55888e6	101	}
a7d35093	102	$page->trigSuccess('mail lists surpprimées');
d55888e6	103	}
	104	}
	105
eb41eda9	106	XDB::query('DELETE FROM groups WHERE id={?}', $id);
a7d35093	107	$page->trigSuccess("Groupe $nom supprimé");
d55888e6	108	Get::kill('del');
	109	}
	110	if (!$id) {
	111	Get::kill('del');
	112	}
	113	}
	114
8d11b755	115	if (Post::has('diminutif') && Post::v('diminutif') != "") {
40d428d8 VZ	116	S::assert_xsrf_token();
40d428d8 VZ	117
3af5a31e	118	$res = XDB::query('SELECT COUNT(*)
eb41eda9	119	FROM groups
3af5a31e SJ	120	WHERE diminutif = {?}',
	121	Post::v('diminutif'));
	122
	123	if ($res->fetchOneCell() == 0) {
eb41eda9	124	XDB::execute('INSERT INTO groups (id, diminutif)
3af5a31e SJ	125	VALUES (NULL, {?})',
3af5a31e SJ	126	Post::v('diminutif'));
fc4714d6	127	pl_redirect(Post::v('diminutif') . '/edit');
3af5a31e SJ	128	} else {
	129	$page->trigError('Le diminutif demandé est déjà pris.');
	130	}
d55888e6	131	}
d55888e6	132
3af5a31e	133	$res = XDB::query('SELECT nom, diminutif
eb41eda9	134	FROM groups
3af5a31e	135	ORDER BY nom');
d55888e6	136	$page->assign('assos', $res->fetchAllAssoc());
	137	}
	138
26ba053e	139	function handler_plan($page)
71fe935c	140	{
71fe935c	141	$page->changeTpl('xnet/plan.tpl');
	142
	143	$page->setType('plan');
	144
08cce2ff	145	$res = XDB::iterator(
e1406965 FB	146	'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
	147	FROM group_dom AS dom
	148	INNER JOIN groups ON dom.id = groups.dom
	149	WHERE FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat)
	150	ORDER BY dom.nom, groups.nom');
71fe935c	151	$groupesx = array();
	152	while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; }
	153	$page->assign('groupesx', $groupesx);
	154
08cce2ff	155	$res = XDB::iterator(
e1406965 FB	156	'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
	157	FROM group_dom AS dom
	158	INNER JOIN groups ON dom.id = groups.dom
	159	WHERE FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat)
	160	ORDER BY dom.nom, groups.nom');
71fe935c	161	$binets = array();
	162	while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; }
	163	$page->assign('binets', $binets);
	164
08cce2ff	165	$res = XDB::iterator(
e1406965	166	'SELECT diminutif, nom
eb41eda9	167	FROM groups
71fe935c	168	WHERE cat LIKE "%Promotions%"
	169	ORDER BY diminutif');
	170	$page->assign('promos', $res);
	171
08cce2ff	172	$res = XDB::iterator(
e1406965	173	'SELECT diminutif, nom
eb41eda9	174	FROM groups
71fe935c	175	WHERE FIND_IN_SET("Institutions", cat)
	176	ORDER BY diminutif');
	177	$page->assign('inst', $res);
045a1522	178	}
0e02493e	179
26ba053e	180	function handler_groups2($page)
0e02493e	181	{
26ba053e	182	$this->handler_groups($page, Get::v('cat'), Get::v('dom'));
0e02493e	183	}
0e02493e	184
26ba053e	185	function handler_groups($page, $cat = null, $dom = null)
0e02493e	186	{
0e02493e	187	if (!$cat) {
26ba053e	188	$this->handler_index($page);
0e02493e	189	}
0e02493e	190
a953f7e7	191	$cat = mb_strtolower($cat);
0e02493e	192
	193	$page->changeTpl('xnet/groupes.tpl');
	194	$page->assign('cat', $cat);
	195	$page->assign('dom', $dom);
	196
aab2ffdd	197	$res = XDB::query("SELECT id,nom
eb41eda9	198	FROM group_dom
00112b2e VZ	199	WHERE FIND_IN_SET({?}, cat)
00112b2e VZ	200	ORDER BY nom", $cat);
0e02493e	201	$doms = $res->fetchAllAssoc();
	202	$page->assign('doms', $doms);
	203
	204	if (empty($doms)) {
00112b2e	205	$res = XDB::query("SELECT diminutif, nom, site
eb41eda9	206	FROM groups
00112b2e VZ	207	WHERE FIND_IN_SET({?}, cat)
00112b2e VZ	208	ORDER BY nom", $cat);
f0430dc7	209	$page->assign('gps', $res->fetchAllAssoc());
0e02493e	210	} elseif (!is_null($dom)) {
00112b2e	211	$res = XDB::query("SELECT diminutif, nom, site
eb41eda9	212	FROM groups
00112b2e VZ	213	WHERE FIND_IN_SET({?}, cat) AND dom={?}
00112b2e VZ	214	ORDER BY nom", $cat, $dom);
f0430dc7	215	$page->assign('gps', $res->fetchAllAssoc());
0e02493e	216	}
0e02493e	217
0e02493e	218	$page->setType($cat);
0e02493e	219	}
eaf30d86	220
26ba053e	221	function handler_autologin($page)
4a8a1e0a	222	{
8c5c6d64	223	$allkeys = func_get_args();
	224	unset($allkeys[0]);
	225	$url = join('/',$allkeys);
3cb500d5	226	pl_content_headers("text/javascript");
8c5c6d64	227	echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
4a8a1e0a	228	exit;
4a8a1e0a	229	}
f15d1307	230
3c64137d SJ	231	function handler_login_ext($page)
	232	{
	233	if (!S::logged()) {
	234	$page->changeTpl('xnet/login.tpl');
	235	} else {
	236	pl_redirect('');
	237	}
	238	}
	239
b80cbf0d SJ	240	function handler_register_ext($page, $hash = null)
	241	{
	242	XDB::execute('DELETE FROM register_pending_xnet
	243	WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
	244	$res = XDB::fetchOneAssoc('SELECT uid, hruid
	245	FROM register_pending_xnet
	246	WHERE hash = {?}',
	247	$hash);
	248
	249	if (is_null($hash) \|\| is_null($res)) {
	250	$page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
	251	}
	252
	253	if (Post::has('pwhash') && Post::t('pwhash')) {
	254	XDB::query('UPDATE accounts
	255	SET password = {?}, state = \'active\'
	256	WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
	257	Post::t('pwhash'), $res['uid']);
	258	XDB::query('DELETE FROM register_pending_xnet
	259	WHERE uid = {?}',
	260	$res['uid']);
	261
	262	S::logger($res['uid'])->log('passwd', '');
30439e34 SJ	263
	264	// Try to start a session (so the user don't have to log in); we will use
	265	// the password available in Post:: to authenticate the user.
	266	Post::kill('wait');
	267	Platal::session()->startAvailableAuth();
	268
b80cbf0d SJ	269	$page->changeTpl('xnet/register.success.tpl');
	270	$page->assign('hruid', $res['hruid']);
	271	} else {
	272	$page->changeTpl('platal/password.tpl');
	273	$page->assign('xnet', true);
30439e34	274	$page->assign('hruid', $res['hruid']);
73f2bb48	275	$page->assign('do_auth', true);
b80cbf0d SJ	276	}
	277	}
	278
2a1cd4ab	279	function handler_edit($page)
f15d1307 SJ	280	{
	281	global $globals;
	282
	283	$user = S::user();
	284	if (empty($user)) {
	285	return PL_NOT_FOUND;
	286	}
	287	if ($user->type != 'xnet') {
	288	pl_redirect('index');
	289	}
	290
	291	$page->changeTpl('xnet/edit.tpl');
	292	if (Post::has('change')) {
	293	S::assert_xsrf_token();
	294
	295	// Convert user status to X
	296	if (!Post::blank('login_X')) {
	297	$forlife = $this->changeLogin($page, $user, Post::t('login_X'));
	298	if ($forlife) {
	299	pl_redirect('index');
	300	}
	301	}
	302
	303	// Update user info
	304	XDB::query('UPDATE accounts
	305	SET full_name = {?}, directory_name = {?}, display_name = {?},
	306	sex = {?}, email = {?}
	307	WHERE uid = {?}',
	308	Post::t('full_name'), Post::t('directory_name'), Post::t('display_name'),
	309	(Post::t('sex') == 'male') ? 'male' : 'female', Post::t('email'), $user->id());
f15d1307 SJ	310	if (XDB::affectedRows()) {
	311	$page->trigSuccess('Données mises à jour.');
	312	}
	313	}
	314
	315	$page->addJsLink('password.js');
	316	$page->assign('user', $user);
	317	}
73f2bb48 SJ	318
	319	function handler_password ($page)
	320	{
	321	if (Post::has('pwhash') && Post::t('pwhash')) {
	322	S::assert_xsrf_token();
	323
	324	S::set('password', $password = Post::t('pwhash'));
	325	XDB::execute('UPDATE accounts
	326	SET password = {?}
	327	WHERE uid={?}', $password,
	328	S::i('uid'));
	329	S::logger()->log('passwd');
	330	Platal::session()->setAccessCookie(true);
	331	$page->changeTpl('platal/password.success.tpl');
	332	$page->run();
	333	}
	334
	335	$page->changeTpl('platal/password.tpl');
	336	$page->assign('xnet_reset', true);
	337	$page->assign('do_auth', false);
	338	}
bd4be95d	339	}
bd4be95d	340
a7de4ef7	341	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
bd4be95d	342	?>