[platal.git] / modules / xnet.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2011 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class XnetModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'        => $this->make_hook('index',        AUTH_PUBLIC),
            'exit'         => $this->make_hook('exit',         AUTH_PUBLIC),

            'admin'        => $this->make_hook('admin',        AUTH_MDP, 'admin'),
            'groups'       => $this->make_hook('groups',       AUTH_PUBLIC),
            'groupes.php'  => $this->make_hook('groups2',      AUTH_PUBLIC),
            'plan'         => $this->make_hook('plan',         AUTH_PUBLIC),
            'photo'        => $this->make_hook('photo',        AUTH_MDP),
            'autologin'    => $this->make_hook('autologin',    AUTH_MDP),
            'login/ext'    => $this->make_hook('login_ext',    AUTH_PUBLIC),
            'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
            'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
            'tmpPWD/ext'   => $this->make_hook('tmpPWD_ext',   AUTH_PUBLIC),
            'edit'         => $this->make_hook('edit',         AUTH_MDP, 'user'),
            'password'     => $this->make_hook('password',     AUTH_MDP, 'user'),

            'Xnet'         => $this->make_wiki_hook(),
        );
    }

    function handler_photo($page, $x = null)
    {
        if (!$x || !($profile = Profile::get($x))) {
            return PL_NOT_FOUND;
        }

        // Retrieve the photo and its mime type.
        $photo = $profile->getPhoto(true, true);

        // Display the photo, or a default one when not available.
        $photo->send();
    }

    function handler_index($page)
    {
        $page->nomenu = true;
        $page->changeTpl('xnet/index.tpl');
    }

    function handler_exit($page)
    {
        Platal::session()->stopSUID();
        Platal::session()->destroy();
        $page->changeTpl('xnet/deconnexion.tpl');
    }

    function handler_admin($page)
    {
        $page->changeTpl('xnet/admin.tpl');

        if (Get::has('del')) {
            $res = XDB::query('SELECT id, nom, mail_domain
                                           FROM groups WHERE diminutif={?}',
                                        Get::v('del'));
            list($id, $nom, $domain) = $res->fetchOneRow();
            $page->assign('nom', $nom);
            if ($id && Post::has('del')) {
                S::assert_xsrf_token();

                XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
                $page->trigSuccess('membres supprimés');

                if ($domain) {
                    XDB::execute('DELETE  v
                                    FROM  email_virtual         AS v
                              INNER JOIN  email_virtual_domains AS d ON (v.domain = d.id)
                                   WHERE  d.name = {?}',
                                 $domain);
                    XDB::execute('DELETE FROM  email_virtual_domains
                                        WHERE  name = {?}', $domain);
                    $page->trigSuccess('suppression des alias mails');

                    $mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
                    if ($listes = $mmlist->get_lists()) {
                        foreach ($listes as $l) {
                            $mmlist->delete_list($l['list'], true);
                        }
                        $page->trigSuccess('mail lists surpprimées');
                    }
                }

                XDB::query('DELETE FROM groups WHERE id={?}', $id);
                $page->trigSuccess("Groupe $nom supprimé");
                Get::kill('del');
            }
            if (!$id) {
                Get::kill('del');
            }
        }

        if (Post::has('diminutif') && Post::v('diminutif') != "") {
            S::assert_xsrf_token();

            $res = XDB::query('SELECT  COUNT(*)
                                 FROM  groups
                                WHERE  diminutif = {?}',
                              Post::v('diminutif'));

            if ($res->fetchOneCell() == 0) {
                XDB::execute('INSERT INTO  groups (id, diminutif)
                                   VALUES  (NULL, {?})',
                             Post::v('diminutif'));
                pl_redirect(Post::v('diminutif') . '/edit');
            } else {
                $page->trigError('Le diminutif demandé est déjà pris.');
            }
        }

        $res = XDB::query('SELECT  nom, diminutif
                             FROM  groups
                         ORDER BY  nom');
        $page->assign('assos', $res->fetchAllAssoc());
    }

    function handler_plan($page)
    {
        $page->changeTpl('xnet/plan.tpl');

        $page->setType('plan');

        $res = XDB::iterator(
                'SELECT  dom.id, dom.nom as domnom, groups.diminutif, groups.nom
                   FROM  group_dom AS dom
             INNER JOIN  groups ON dom.id = groups.dom
                  WHERE  FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat)
               ORDER BY  dom.nom, groups.nom');
        $groupesx = array();
        while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; }
        $page->assign('groupesx', $groupesx);

        $res = XDB::iterator(
                'SELECT  dom.id, dom.nom as domnom, groups.diminutif, groups.nom
                   FROM  group_dom AS dom
             INNER JOIN  groups ON dom.id = groups.dom
                  WHERE  FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat)
               ORDER BY  dom.nom, groups.nom');
        $binets = array();
        while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; }
        $page->assign('binets', $binets);

        $res = XDB::iterator(
                'SELECT  diminutif, nom
                   FROM  groups
                  WHERE  cat LIKE "%Promotions%"
               ORDER BY  diminutif');
        $page->assign('promos', $res);

        $res = XDB::iterator(
                'SELECT  diminutif, nom
                   FROM  groups
                  WHERE  FIND_IN_SET("Institutions", cat)
               ORDER BY  diminutif');
        $page->assign('inst', $res);
    }

    function handler_groups2($page)
    {
        $this->handler_groups($page, Get::v('cat'), Get::v('dom'));
    }

    function handler_groups($page, $cat = null, $dom = null)
    {
        if (!$cat) {
            $this->handler_index($page);
        }

        $cat = mb_strtolower($cat);

        $page->changeTpl('xnet/groupes.tpl');
        $page->assign('cat', $cat);
        $page->assign('dom', $dom);

        $res  = XDB::query("SELECT  id,nom
                              FROM  group_dom
                             WHERE  FIND_IN_SET({?}, cat)
                          ORDER BY  nom", $cat);
        $doms = $res->fetchAllAssoc();
        $page->assign('doms', $doms);

        if (empty($doms)) {
            $res = XDB::query("SELECT  diminutif, nom, site
                                 FROM  groups
                                WHERE  FIND_IN_SET({?}, cat)
                                ORDER  BY nom", $cat);
            $page->assign('gps', $res->fetchAllAssoc());
        } elseif (!is_null($dom)) {
            $res = XDB::query("SELECT  diminutif, nom, site
                                 FROM  groups
                                WHERE  FIND_IN_SET({?}, cat) AND dom={?}
                             ORDER BY  nom", $cat, $dom);
            $page->assign('gps', $res->fetchAllAssoc());
        }

        $page->setType($cat);
    }

    function handler_autologin($page)
    {
        $allkeys = func_get_args();
        unset($allkeys[0]);
        $url = join('/',$allkeys);
        pl_content_headers("text/javascript");
        echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
        exit;
    }

    function handler_login_ext($page)
    {
        if (!S::logged()) {
            $page->changeTpl('xnet/login.tpl');
        } else {
            pl_redirect('');
        }
    }

    function handler_register_ext($page, $hash = null)
    {
        XDB::execute('DELETE FROM  register_pending_xnet
                            WHERE  DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
        $res = XDB::fetchOneAssoc('SELECT  uid, hruid
                                     FROM  register_pending_xnet
                                    WHERE  hash = {?}',
                                  $hash);

        if (is_null($hash) || is_null($res)) {
            $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
        }

        if (Post::has('pwhash') && Post::t('pwhash')) {
            XDB::query('UPDATE  accounts
                           SET  password = {?}, state = \'active\'
                         WHERE  uid = {?} AND state = \'pending\' AND type = \'xnet\'',
                       Post::t('pwhash'), $res['uid']);
            XDB::query('DELETE FROM  register_pending_xnet
                              WHERE  uid = {?}',
                       $res['uid']);

            S::logger($res['uid'])->log('passwd', '');

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Post::kill('wait');
            Platal::session()->startAvailableAuth();

            $page->changeTpl('xnet/register.success.tpl');
            $page->assign('email', $res['email']);
        } else {
            $page->changeTpl('platal/password.tpl');
            $page->assign('xnet', true);
            $page->assign('hruid', $res['hruid']);
            $page->assign('do_auth', 1);
        }
    }

    function handler_recovery_ext($page)
    {
        $page->changeTpl('xnet/recovery.tpl');

        if (!Post::has('login')) {
            return;
        }

        $user = User::getSilent(Post::t('login'));
        if (is_null($user)) {
            $page->trigError('Le compte n\'existe pas.');
            return;
        }
        if ($user->state != 'active') {
            $page->trigError('Ton compte n\'est pas activé.');
            return;
        }

        $page->assign('ok', true);

        $hash = rand_url_id();
        XDB::execute('INSERT INTO  account_xnet_lost_passwords (uid, date, hash)
                           VALUES  ({?}, NOW(), {?})',
                     $user->id(), $hash);

        $mymail = new PlMailer();
        $mymail->setFrom('"Gestion des mots de passe" <support+password@' . Platal::globals()->mail->domain . '>');
        $mymail->addTo($user);
        $mymail->setSubject("Votre certificat d'authentification");
        $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures :
http://polytechnique.net/tmpPWD/ext/$hash

Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"

Email envoyé à " . Post::t('login'));
        $mymail->send();

        S::logger($user->id())->log('recovery', $user->bestEmail());
    }

    function handler_tmpPWD_ext($page, $hash = null)
    {
        global $globals;
        XDB::execute('DELETE FROM  account_xnet_lost_passwords
                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > date');

        $uid = XDB::fetchOneCell('SELECT  uid
                                    FROM  account_xnet_lost_passwords
                                   WHERE  hash = {?}',
                                 $hash);
        if (is_null($uid)) {
            $page->trigErrorRedirect("Cette adresse n'existe pas ou n'existe plus sur le serveur.", '');
        }

        $email = XDB::fetchOneCell('SELECT  email
                                      FROM  accounts
                                     WHERE  uid = {?}',
                                   $uid);

        if (Post::has('pwhash') && Post::t('pwhash')) {
            $password = Post::t('pwhash');
            XDB::query('UPDATE  accounts
                           SET  password = {?}
                         WHERE  uid = {?} AND state = \'active\'',
                       $password, $uid);
            XDB::query('DELETE FROM  account_xnet_lost_passwords
                              WHERE  hash = {?}',
                       $hash);

            S::logger($uid)->log('passwd', '');

            // Try to start a session (so the user don't have to log in); we will use
            // the password available in Post:: to authenticate the user.
            Post::kill('wait');
            Platal::session()->startAvailableAuth();

            $page->changeTpl('xnet/register.success.tpl');
            $page->assign('email', $email);
        } else {
            $page->changeTpl('platal/password.tpl');
            $page->assign('xnet_reset', true);
            $page->assign('email', $email);
            $page->assign('do_auth', 1);
        }
    }


    function handler_edit($page)
    {
        global $globals;

        $user = S::user();
        if (empty($user)) {
            return PL_NOT_FOUND;
        }
        if ($user->type != 'xnet') {
            pl_redirect('index');
        }

        $page->changeTpl('xnet/edit.tpl');
        if (Post::has('change')) {
            S::assert_xsrf_token();

            // Convert user status to X
            if (!Post::blank('login_X')) {
                $forlife = $this->changeLogin($page, $user, Post::t('login_X'));
                if ($forlife) {
                    pl_redirect('index');
                }
            }

            // Update user info
            $full_name = Post::t('firstname') . ' ' . Post::t('lastname');
            $directory_name = mb_strtoupper(Post::t('lastname')) . ' ' . Post::t('firstname');
            XDB::query('UPDATE  accounts
                           SET  full_name = {?}, directory_name = {?}, display_name = {?},
                                firstname = {?}, lastname = {?}, sex = {?}, email = {?}
                         WHERE  uid = {?}',
                       $full_name, $directory_name, Post::t('display_name'),
                       Post::t('firstname'), Post::t('lastname'),
                       (Post::t('sex') == 'male') ? 'male' : 'female', Post::t('email'), $user->id());
            if (XDB::affectedRows()) {
                require_once 'emails.inc.php';
                if (require_email_update($user, Post::t('email'))) {
                    $listClient = new MMList(S::user());
                    $listClient->change_user_email($user->forlifeEmail(), Post::t('email'));
                    update_alias_user($user->forlifeEmail(), Post::t('email'));
                }
                $user = User::getWithUID($user->id());
                S::set('user', $user);
                $page->trigSuccess('Données mises à jour.');
            }
        }

        $page->addJsLink('password.js');
        $page->assign('user', $user);
    }

    function handler_password ($page)
    {
        if (Post::has('pwhash') && Post::t('pwhash'))  {
            S::assert_xsrf_token();

            S::set('password', $password = Post::t('pwhash'));
            XDB::execute('UPDATE  accounts
                             SET  password = {?}
                           WHERE  uid={?}', $password,
                         S::i('uid'));
            S::logger()->log('passwd');
            Platal::session()->setAccessCookie(true);
            $page->changeTpl('platal/password.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/password.tpl');
        $page->assign('xnet_reset', true);
        $page->assign('do_auth', 0);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
bd4be95d	1	<?php
bd4be95d	2	/***************************************************************************
5e1513f6	3	* Copyright (C) 2003-2011 Polytechnique.org *
bd4be95d	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class XnetModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
5ae3e9a9 SJ	27	'index' => $this->make_hook('index', AUTH_PUBLIC),
5ae3e9a9 SJ	28	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
71fe935c	29
5ae3e9a9 SJ	30	'admin' => $this->make_hook('admin', AUTH_MDP, 'admin'),
	31	'groups' => $this->make_hook('groups', AUTH_PUBLIC),
	32	'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC),
	33	'plan' => $this->make_hook('plan', AUTH_PUBLIC),
	34	'photo' => $this->make_hook('photo', AUTH_MDP),
	35	'autologin' => $this->make_hook('autologin', AUTH_MDP),
	36	'login/ext' => $this->make_hook('login_ext', AUTH_PUBLIC),
b80cbf0d	37	'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
e1e112b3	38	'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
5ae3e9a9 SJ	39	'tmpPWD/ext' => $this->make_hook('tmpPWD_ext', AUTH_PUBLIC),
	40	'edit' => $this->make_hook('edit', AUTH_MDP, 'user'),
	41	'password' => $this->make_hook('password', AUTH_MDP, 'user'),
6d69b527	42
5ae3e9a9	43	'Xnet' => $this->make_wiki_hook(),
bd4be95d	44	);
	45	}
	46
26ba053e	47	function handler_photo($page, $x = null)
deb09f59	48	{
706f830d	49	if (!$x \|\| !($profile = Profile::get($x))) {
deb09f59	50	return PL_NOT_FOUND;
	51	}
	52
706f830d	53	// Retrieve the photo and its mime type.
470d14f6	54	$photo = $profile->getPhoto(true, true);
deb09f59	55
706f830d FB	56	// Display the photo, or a default one when not available.
706f830d FB	57	$photo->send();
deb09f59	58	}
eaf30d86	59
26ba053e	60	function handler_index($page)
bd4be95d	61	{
d83a1b04	62	$page->nomenu = true;
bd4be95d	63	$page->changeTpl('xnet/index.tpl');
bd4be95d	64	}
badfc7ee	65
26ba053e	66	function handler_exit($page)
71fe935c	67	{
ab694eb5 FB	68	Platal::session()->stopSUID();
ab694eb5 FB	69	Platal::session()->destroy();
b8e265bf	70	$page->changeTpl('xnet/deconnexion.tpl');
71fe935c	71	}
71fe935c	72
26ba053e	73	function handler_admin($page)
d55888e6	74	{
1490093c	75	$page->changeTpl('xnet/admin.tpl');
d55888e6	76
d55888e6	77	if (Get::has('del')) {
08cce2ff	78	$res = XDB::query('SELECT id, nom, mail_domain
eb41eda9	79	FROM groups WHERE diminutif={?}',
5e2307dc	80	Get::v('del'));
d55888e6	81	list($id, $nom, $domain) = $res->fetchOneRow();
d55888e6	82	$page->assign('nom', $nom);
40d428d8 VZ	83	if ($id && Post::has('del')) {
	84	S::assert_xsrf_token();
	85
eb41eda9	86	XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
a7d35093	87	$page->trigSuccess('membres supprimés');
d55888e6	88
d55888e6	89	if ($domain) {
831aa467 SJ	90	XDB::execute('DELETE v
	91	FROM email_virtual AS v
	92	INNER JOIN email_virtual_domains AS d ON (v.domain = d.id)
	93	WHERE d.name = {?}',
	94	$domain);
	95	XDB::execute('DELETE FROM email_virtual_domains
	96	WHERE name = {?}', $domain);
a7d35093	97	$page->trigSuccess('suppression des alias mails');
d55888e6	98
9bb8bf21	99	$mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
9bb8bf21	100	if ($listes = $mmlist->get_lists()) {
d55888e6	101	foreach ($listes as $l) {
9bb8bf21	102	$mmlist->delete_list($l['list'], true);
d55888e6	103	}
a7d35093	104	$page->trigSuccess('mail lists surpprimées');
d55888e6	105	}
	106	}
	107
eb41eda9	108	XDB::query('DELETE FROM groups WHERE id={?}', $id);
a7d35093	109	$page->trigSuccess("Groupe $nom supprimé");
d55888e6	110	Get::kill('del');
	111	}
	112	if (!$id) {
	113	Get::kill('del');
	114	}
	115	}
	116
8d11b755	117	if (Post::has('diminutif') && Post::v('diminutif') != "") {
40d428d8 VZ	118	S::assert_xsrf_token();
40d428d8 VZ	119
3af5a31e	120	$res = XDB::query('SELECT COUNT(*)
eb41eda9	121	FROM groups
3af5a31e SJ	122	WHERE diminutif = {?}',
	123	Post::v('diminutif'));
	124
	125	if ($res->fetchOneCell() == 0) {
eb41eda9	126	XDB::execute('INSERT INTO groups (id, diminutif)
3af5a31e SJ	127	VALUES (NULL, {?})',
3af5a31e SJ	128	Post::v('diminutif'));
fc4714d6	129	pl_redirect(Post::v('diminutif') . '/edit');
3af5a31e SJ	130	} else {
	131	$page->trigError('Le diminutif demandé est déjà pris.');
	132	}
d55888e6	133	}
d55888e6	134
3af5a31e	135	$res = XDB::query('SELECT nom, diminutif
eb41eda9	136	FROM groups
3af5a31e	137	ORDER BY nom');
d55888e6	138	$page->assign('assos', $res->fetchAllAssoc());
	139	}
	140
26ba053e	141	function handler_plan($page)
71fe935c	142	{
71fe935c	143	$page->changeTpl('xnet/plan.tpl');
	144
	145	$page->setType('plan');
	146
08cce2ff	147	$res = XDB::iterator(
e1406965 FB	148	'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
	149	FROM group_dom AS dom
	150	INNER JOIN groups ON dom.id = groups.dom
	151	WHERE FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat)
	152	ORDER BY dom.nom, groups.nom');
71fe935c	153	$groupesx = array();
	154	while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; }
	155	$page->assign('groupesx', $groupesx);
	156
08cce2ff	157	$res = XDB::iterator(
e1406965 FB	158	'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
	159	FROM group_dom AS dom
	160	INNER JOIN groups ON dom.id = groups.dom
	161	WHERE FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat)
	162	ORDER BY dom.nom, groups.nom');
71fe935c	163	$binets = array();
	164	while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; }
	165	$page->assign('binets', $binets);
	166
08cce2ff	167	$res = XDB::iterator(
e1406965	168	'SELECT diminutif, nom
eb41eda9	169	FROM groups
71fe935c	170	WHERE cat LIKE "%Promotions%"
	171	ORDER BY diminutif');
	172	$page->assign('promos', $res);
	173
08cce2ff	174	$res = XDB::iterator(
e1406965	175	'SELECT diminutif, nom
eb41eda9	176	FROM groups
71fe935c	177	WHERE FIND_IN_SET("Institutions", cat)
	178	ORDER BY diminutif');
	179	$page->assign('inst', $res);
045a1522	180	}
0e02493e	181
26ba053e	182	function handler_groups2($page)
0e02493e	183	{
26ba053e	184	$this->handler_groups($page, Get::v('cat'), Get::v('dom'));
0e02493e	185	}
0e02493e	186
26ba053e	187	function handler_groups($page, $cat = null, $dom = null)
0e02493e	188	{
0e02493e	189	if (!$cat) {
26ba053e	190	$this->handler_index($page);
0e02493e	191	}
0e02493e	192
a953f7e7	193	$cat = mb_strtolower($cat);
0e02493e	194
	195	$page->changeTpl('xnet/groupes.tpl');
	196	$page->assign('cat', $cat);
	197	$page->assign('dom', $dom);
	198
aab2ffdd	199	$res = XDB::query("SELECT id,nom
eb41eda9	200	FROM group_dom
00112b2e VZ	201	WHERE FIND_IN_SET({?}, cat)
00112b2e VZ	202	ORDER BY nom", $cat);
0e02493e	203	$doms = $res->fetchAllAssoc();
	204	$page->assign('doms', $doms);
	205
	206	if (empty($doms)) {
00112b2e	207	$res = XDB::query("SELECT diminutif, nom, site
eb41eda9	208	FROM groups
00112b2e VZ	209	WHERE FIND_IN_SET({?}, cat)
00112b2e VZ	210	ORDER BY nom", $cat);
f0430dc7	211	$page->assign('gps', $res->fetchAllAssoc());
0e02493e	212	} elseif (!is_null($dom)) {
00112b2e	213	$res = XDB::query("SELECT diminutif, nom, site
eb41eda9	214	FROM groups
00112b2e VZ	215	WHERE FIND_IN_SET({?}, cat) AND dom={?}
00112b2e VZ	216	ORDER BY nom", $cat, $dom);
f0430dc7	217	$page->assign('gps', $res->fetchAllAssoc());
0e02493e	218	}
0e02493e	219
0e02493e	220	$page->setType($cat);
0e02493e	221	}
eaf30d86	222
26ba053e	223	function handler_autologin($page)
4a8a1e0a	224	{
8c5c6d64	225	$allkeys = func_get_args();
	226	unset($allkeys[0]);
	227	$url = join('/',$allkeys);
3cb500d5	228	pl_content_headers("text/javascript");
8c5c6d64	229	echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
4a8a1e0a	230	exit;
4a8a1e0a	231	}
f15d1307	232
3c64137d SJ	233	function handler_login_ext($page)
	234	{
	235	if (!S::logged()) {
	236	$page->changeTpl('xnet/login.tpl');
	237	} else {
	238	pl_redirect('');
	239	}
	240	}
	241
b80cbf0d SJ	242	function handler_register_ext($page, $hash = null)
	243	{
	244	XDB::execute('DELETE FROM register_pending_xnet
	245	WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
	246	$res = XDB::fetchOneAssoc('SELECT uid, hruid
	247	FROM register_pending_xnet
	248	WHERE hash = {?}',
	249	$hash);
	250
	251	if (is_null($hash) \|\| is_null($res)) {
	252	$page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
	253	}
	254
	255	if (Post::has('pwhash') && Post::t('pwhash')) {
	256	XDB::query('UPDATE accounts
	257	SET password = {?}, state = \'active\'
	258	WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
	259	Post::t('pwhash'), $res['uid']);
	260	XDB::query('DELETE FROM register_pending_xnet
	261	WHERE uid = {?}',
	262	$res['uid']);
	263
	264	S::logger($res['uid'])->log('passwd', '');
30439e34 SJ	265
	266	// Try to start a session (so the user don't have to log in); we will use
	267	// the password available in Post:: to authenticate the user.
	268	Post::kill('wait');
	269	Platal::session()->startAvailableAuth();
	270
b80cbf0d	271	$page->changeTpl('xnet/register.success.tpl');
8a0908db	272	$page->assign('email', $res['email']);
b80cbf0d SJ	273	} else {
	274	$page->changeTpl('platal/password.tpl');
	275	$page->assign('xnet', true);
30439e34	276	$page->assign('hruid', $res['hruid']);
a9ec9298	277	$page->assign('do_auth', 1);
b80cbf0d SJ	278	}
	279	}
	280
e1e112b3 SJ	281	function handler_recovery_ext($page)
	282	{
	283	$page->changeTpl('xnet/recovery.tpl');
	284
	285	if (!Post::has('login')) {
	286	return;
	287	}
	288
	289	$user = User::getSilent(Post::t('login'));
	290	if (is_null($user)) {
	291	$page->trigError('Le compte n\'existe pas.');
	292	return;
	293	}
	294	if ($user->state != 'active') {
	295	$page->trigError('Ton compte n\'est pas activé.');
	296	return;
	297	}
	298
	299	$page->assign('ok', true);
	300
	301	$hash = rand_url_id();
	302	XDB::execute('INSERT INTO account_xnet_lost_passwords (uid, date, hash)
	303	VALUES ({?}, NOW(), {?})',
	304	$user->id(), $hash);
	305
	306	$mymail = new PlMailer();
	307	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . Platal::globals()->mail->domain . '>');
	308	$mymail->addTo($user);
	309	$mymail->setSubject("Votre certificat d'authentification");
	310	$mymail->setTxtBody("Visitez la page suivante qui expire dans six heures :
4d74216b	311	http://polytechnique.net/tmpPWD/ext/$hash
e1e112b3 SJ	312
	313	Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure.
	314
	315	--
	316	Polytechnique.org
	317	\"Le portail des élèves & anciens élèves de l'École polytechnique\"
	318
	319	Email envoyé à " . Post::t('login'));
	320	$mymail->send();
	321
	322	S::logger($user->id())->log('recovery', $user->bestEmail());
	323	}
	324
	325	function handler_tmpPWD_ext($page, $hash = null)
	326	{
	327	global $globals;
	328	XDB::execute('DELETE FROM account_xnet_lost_passwords
	329	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > date');
	330
	331	$uid = XDB::fetchOneCell('SELECT uid
	332	FROM account_xnet_lost_passwords
	333	WHERE hash = {?}',
	334	$hash);
	335	if (is_null($uid)) {
	336	$page->trigErrorRedirect("Cette adresse n'existe pas ou n'existe plus sur le serveur.", '');
	337	}
	338
8a0908db	339	$email = XDB::fetchOneCell('SELECT email
e1e112b3 SJ	340	FROM accounts
	341	WHERE uid = {?}',
	342	$uid);
	343
	344	if (Post::has('pwhash') && Post::t('pwhash')) {
	345	$password = Post::t('pwhash');
	346	XDB::query('UPDATE accounts
	347	SET password = {?}
	348	WHERE uid = {?} AND state = \'active\'',
	349	$password, $uid);
	350	XDB::query('DELETE FROM account_xnet_lost_passwords
	351	WHERE hash = {?}',
	352	$hash);
	353
	354	S::logger($uid)->log('passwd', '');
	355
	356	// Try to start a session (so the user don't have to log in); we will use
	357	// the password available in Post:: to authenticate the user.
	358	Post::kill('wait');
	359	Platal::session()->startAvailableAuth();
	360
	361	$page->changeTpl('xnet/register.success.tpl');
8a0908db	362	$page->assign('email', $email);
e1e112b3 SJ	363	} else {
	364	$page->changeTpl('platal/password.tpl');
	365	$page->assign('xnet_reset', true);
8a0908db	366	$page->assign('email', $email);
a9ec9298	367	$page->assign('do_auth', 1);
e1e112b3 SJ	368	}
	369	}
	370
	371
	372
2a1cd4ab	373	function handler_edit($page)
f15d1307 SJ	374	{
	375	global $globals;
	376
	377	$user = S::user();
	378	if (empty($user)) {
	379	return PL_NOT_FOUND;
	380	}
	381	if ($user->type != 'xnet') {
	382	pl_redirect('index');
	383	}
	384
	385	$page->changeTpl('xnet/edit.tpl');
	386	if (Post::has('change')) {
	387	S::assert_xsrf_token();
	388
	389	// Convert user status to X
	390	if (!Post::blank('login_X')) {
	391	$forlife = $this->changeLogin($page, $user, Post::t('login_X'));
	392	if ($forlife) {
	393	pl_redirect('index');
	394	}
	395	}
	396
	397	// Update user info
b7753795 SJ	398	$full_name = Post::t('firstname') . ' ' . Post::t('lastname');
b7753795 SJ	399	$directory_name = mb_strtoupper(Post::t('lastname')) . ' ' . Post::t('firstname');
f15d1307 SJ	400	XDB::query('UPDATE accounts
f15d1307 SJ	401	SET full_name = {?}, directory_name = {?}, display_name = {?},
b7753795	402	firstname = {?}, lastname = {?}, sex = {?}, email = {?}
f15d1307	403	WHERE uid = {?}',
b7753795 SJ	404	$full_name, $directory_name, Post::t('display_name'),
b7753795 SJ	405	Post::t('firstname'), Post::t('lastname'),
f15d1307	406	(Post::t('sex') == 'male') ? 'male' : 'female', Post::t('email'), $user->id());
f15d1307	407	if (XDB::affectedRows()) {
ca6980dc SJ	408	require_once 'emails.inc.php';
	409	if (require_email_update($user, Post::t('email'))) {
	410	$listClient = new MMList(S::user());
	411	$listClient->change_user_email($user->forlifeEmail(), Post::t('email'));
	412	update_alias_user($user->forlifeEmail(), Post::t('email'));
	413	}
e716a2af SJ	414	$user = User::getWithUID($user->id());
e716a2af SJ	415	S::set('user', $user);
f15d1307 SJ	416	$page->trigSuccess('Données mises à jour.');
	417	}
	418	}
	419
	420	$page->addJsLink('password.js');
	421	$page->assign('user', $user);
	422	}
73f2bb48 SJ	423
	424	function handler_password ($page)
	425	{
	426	if (Post::has('pwhash') && Post::t('pwhash')) {
	427	S::assert_xsrf_token();
	428
	429	S::set('password', $password = Post::t('pwhash'));
	430	XDB::execute('UPDATE accounts
	431	SET password = {?}
	432	WHERE uid={?}', $password,
	433	S::i('uid'));
	434	S::logger()->log('passwd');
	435	Platal::session()->setAccessCookie(true);
	436	$page->changeTpl('platal/password.success.tpl');
	437	$page->run();
	438	}
	439
	440	$page->changeTpl('platal/password.tpl');
	441	$page->assign('xnet_reset', true);
a9ec9298	442	$page->assign('do_auth', 0);
73f2bb48	443	}
bd4be95d	444	}
bd4be95d	445
a7de4ef7	446	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
bd4be95d	447	?>