Adds XSRF protection to the XnetEvents module.
[platal.git] / modules / xnetlists.php
CommitLineData
7b9d64a8 1<?php
2/***************************************************************************
179afa7f 3 * Copyright (C) 2003-2008 Polytechnique.org *
7b9d64a8 4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22require_once dirname(__FILE__).'/lists.php';
23
24class XnetListsModule extends ListsModule
25{
26 var $client;
27
28 function handlers()
29 {
30 return array(
1490093c 31 '%grp/lists' => $this->make_hook('lists', AUTH_MDP, 'groupmember'),
32 '%grp/lists/create' => $this->make_hook('create', AUTH_MDP, 'groupmember'),
7b9d64a8 33
d1ebc57a 34 '%grp/lists/members' => $this->make_hook('members', AUTH_COOKIE),
1cc0afe7 35 '%grp/lists/annu' => $this->make_hook('annu', AUTH_COOKIE),
d1ebc57a 36 '%grp/lists/archives' => $this->make_hook('archives', AUTH_COOKIE),
7f304b19 37 '%grp/lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC),
7b9d64a8 38
d1ebc57a 39 '%grp/lists/moderate' => $this->make_hook('moderate', AUTH_MDP),
40 '%grp/lists/admin' => $this->make_hook('admin', AUTH_MDP),
41 '%grp/lists/options' => $this->make_hook('options', AUTH_MDP),
42 '%grp/lists/delete' => $this->make_hook('delete', AUTH_MDP),
7b9d64a8 43
d1ebc57a 44 '%grp/lists/soptions' => $this->make_hook('soptions', AUTH_MDP),
45 '%grp/lists/check' => $this->make_hook('check', AUTH_MDP),
46 '%grp/lists/sync' => $this->make_hook('sync', AUTH_MDP),
7b9d64a8 47
c6c10b6b 48 '%grp/alias/admin' => $this->make_hook('aadmin', AUTH_MDP, 'groupadmin'),
49 '%grp/alias/create' => $this->make_hook('acreate', AUTH_MDP, 'groupadmin'),
d1fcf09c 50
7b9d64a8 51 /* hack: lists uses that */
52 'profile' => $this->make_hook('profile', AUTH_PUBLIC),
53 );
54 }
55
56 function prepare_client(&$page)
57 {
58 global $globals;
59
9bb8bf21 60 require_once dirname(__FILE__).'/lists/lists.inc.php';
7b9d64a8 61
9bb8bf21 62 $this->client = new MMList(S::v('uid'), S::v('password'),
63 $globals->asso('mail_domain'));
7b9d64a8 64
7b9d64a8 65 $page->assign('asso', $globals->asso());
66 $page->setType($globals->asso('cat'));
092945b4 67
68 return $globals->asso('mail_domain');
7b9d64a8 69 }
70
9fdacf8d 71 function handler_lists(&$page)
72 {
73 global $globals;
74
c77e45f1 75 if (!$globals->asso('mail_domain')) {
76 return PL_NOT_FOUND;
77 }
9fdacf8d 78 $this->prepare_client($page);
1490093c 79 $page->changeTpl('xnetlists/index.tpl');
9fdacf8d 80
81 if (Get::has('del')) {
5e2307dc 82 $this->client->unsubscribe(Get::v('del'));
8b00e0e0 83 pl_redirect('lists');
9fdacf8d 84 }
85 if (Get::has('add')) {
5e2307dc 86 $this->client->subscribe(Get::v('add'));
8b00e0e0 87 pl_redirect('lists');
9fdacf8d 88 }
89
90 if (Post::has('del_alias') && may_update()) {
5e2307dc 91 $alias = Post::v('del_alias');
9fdacf8d 92 // prevent group admin from erasing aliases from other groups
93 $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain');
08cce2ff 94 XDB::query(
c55cca6e 95 'DELETE FROM r, v
9fdacf8d 96 USING x4dat.virtual AS v
c55cca6e 97 LEFT JOIN x4dat.virtual_redirect AS r USING(vid)
9fdacf8d 98 WHERE v.alias={?}', $alias);
a7d35093 99 $page->trigSuccess(Post::v('del_alias')." supprimé !");
9fdacf8d 100 }
101
102 $listes = $this->client->get_lists();
103 $page->assign('listes',$listes);
104
08cce2ff 105 $alias = XDB::iterator(
9fdacf8d 106 'SELECT alias,type
107 FROM x4dat.virtual
108 WHERE alias
109 LIKE {?} AND type="user"
110 ORDER BY alias', '%@'.$globals->asso('mail_domain'));
111 $page->assign('alias', $alias);
112
113 $page->assign('may_update', may_update());
114 }
115
80f44cfe 116 function handler_create(&$page)
117 {
118 global $globals;
119
c77e45f1 120 if (!$globals->asso('mail_domain')) {
121 return PL_NOT_FOUND;
122 }
80f44cfe 123 $this->prepare_client($page);
3fe218e4 124 $page->changeTpl('xnetlists/create.tpl');
80f44cfe 125
126 if (!Post::has('submit')) {
127 return;
128 }
129
130 if (!Post::has('liste')) {
a7d35093 131 $page->trigError('champs «adresse souhaitée» vide');
c9110c6c 132 return;
80f44cfe 133 }
134
88f7a3f1 135 $liste = strtolower(Post::v('liste'));
80f44cfe 136
137 if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) {
a7d35093 138 $page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets');
c9110c6c 139 return;
80f44cfe 140 }
141
142 $new = $liste.'@'.$globals->asso('mail_domain');
92144f3e 143 $res = XDB::query('SELECT alias FROM x4dat.virtual WHERE alias={?}', $new);
80f44cfe 144
92144f3e 145 if ($res->numRows()) {
a7d35093 146 $page->trigError('cet alias est déjà pris');
c9110c6c 147 return;
80f44cfe 148 }
5e2307dc 149 if (!Post::v('desc')) {
a7d35093 150 $page->trigError('le sujet est vide');
c9110c6c 151 return;
80f44cfe 152 }
153
80f44cfe 154 $ret = $this->client->create_list(
92144f3e 155 $liste, utf8_decode(Post::v('desc')), Post::v('advertise'),
5e2307dc 156 Post::v('modlevel'), Post::v('inslevel'),
92144f3e 157 array(S::v('forlife')), array(S::v('forlife')));
80f44cfe 158
159 $dom = strtolower($globals->asso("mail_domain"));
160 $red = $dom.'_'.$liste;
161
162 if (!$ret) {
a7de4ef7 163 $page->kill("Un problème est survenu, contacter "
80f44cfe 164 ."<a href='mailto:support@m4x.org'>support@m4x.org</a>");
165 return;
166 }
7d427b10
FB
167 foreach (array('', 'owner', 'admin', 'bounces', 'unsubscribe') as $app) {
168 $mdir = $app == '' ? '+post' : '+' . $app;
18a039bd
FB
169 if (!empty($app)) {
170 $app = '-' . $app;
171 }
7d427b10
FB
172 XDB::execute('INSERT INTO x4dat.virtual (alias,type)
173 VALUES({?},{?})', $liste. $app . '@'.$dom, 'list');
174 XDB::execute('INSERT INTO x4dat.virtual_redirect (vid,redirect)
175 VALUES ({?}, {?})', XDB::insertId(),
176 $red . $mdir . '@listes.polytechnique.org');
177 }
8b00e0e0 178 pl_redirect('lists/admin/'.$liste);
80f44cfe 179 }
180
9fdacf8d 181 function handler_sync(&$page, $liste = null)
182 {
183 global $globals;
184
c77e45f1 185 if (!$globals->asso('mail_domain')) {
186 return PL_NOT_FOUND;
187 }
9fdacf8d 188 $this->prepare_client($page);
3fe218e4 189 $page->changeTpl('xnetlists/sync.tpl');
9fdacf8d 190
191 if (Env::has('add')) {
5e2307dc 192 $this->client->mass_subscribe($liste, array_keys(Env::v('add')));
9fdacf8d 193 }
194
195 list(,$members) = $this->client->get_members($liste);
196 $mails = array_map(create_function('$arr', 'return $arr[1];'), $members);
cf5e8ef1 197 $subscribers = array_unique($mails);
9fdacf8d 198
199 $not_in_group_x = array();
200 $not_in_group_ext = array();
201
08cce2ff 202 $ann = XDB::iterator(
c9110c6c 203 "SELECT if (m.origine='X',if (u.nom_usage<>'', u.nom_usage, u.nom) ,m.nom) AS nom,
204 if (m.origine='X',u.prenom,m.prenom) AS prenom,
a7de4ef7 205 if (m.origine='X',u.promo,'extérieur') AS promo,
1b2f6240 206 if (m.origine='X',CONCAT(a.alias, '@{$globals->mail->domain}'),m.email) AS email,
c9110c6c 207 if (m.origine='X',FIND_IN_SET('femme', u.flags),0) AS femme,
9fdacf8d 208 m.perms='admin' AS admin,
209 m.origine='X' AS x
210 FROM groupex.membres AS m
211 LEFT JOIN auth_user_md5 AS u ON ( u.user_id = m.uid )
212 LEFT JOIN aliases AS a ON ( a.id = m.uid AND a.type='a_vie' )
1bd2bc7e 213 WHERE m.asso_id = {?}
214 ORDER BY promo, nom, prenom", $globals->asso('id'));
9fdacf8d 215
216 $not_in_list = array();
217
218 while ($tmp = $ann->next()) {
cf5e8ef1 219 if (!in_array(strtolower($tmp['email']), $subscribers)) {
9fdacf8d 220 $not_in_list[] = $tmp;
221 }
222 }
223
224 $page->assign('not_in_list', $not_in_list);
225 }
226
d1fcf09c 227 function handler_aadmin(&$page, $lfull = null)
228 {
c77e45f1 229 global $globals;
230
231 if (!$globals->asso('mail_domain') || is_null($lfull)) {
d1fcf09c 232 return PL_NOT_FOUND;
233 }
1490093c 234 $page->changeTpl('xnetlists/alias-admin.tpl');
d1fcf09c 235
236 if (Env::has('add_member')) {
5e2307dc 237 $add = Env::v('add_member');
d1fcf09c 238 if (strstr($add, '@')) {
239 list($mbox,$dom) = explode('@', strtolower($add));
240 } else {
241 $mbox = $add;
242 $dom = 'm4x.org';
243 }
c9110c6c 244 if ($dom == 'polytechnique.org' || $dom == 'm4x.org') {
08cce2ff 245 $res = XDB::query(
d1fcf09c 246 "SELECT a.alias, b.alias
247 FROM x4dat.aliases AS a
248 LEFT JOIN x4dat.aliases AS b ON (a.id=b.id AND b.type = 'a_vie')
249 WHERE a.alias={?} AND a.type!='homonyme'", $mbox);
250 if (list($alias, $blias) = $res->fetchOneRow()) {
251 $alias = empty($blias) ? $alias : $blias;
08cce2ff 252 XDB::query(
d1fcf09c 253 "INSERT INTO x4dat.virtual_redirect (vid,redirect)
254 SELECT vid, {?}
255 FROM x4dat.virtual
256 WHERE alias={?}", "$alias@m4x.org", $lfull);
a7d35093 257 $page->trigSuccess("$alias@m4x.org ajouté");
d1fcf09c 258 } else {
a7d35093 259 $page->trigError("$mbox@{$globals->mail->domain} n'existe pas.");
d1fcf09c 260 }
261 } else {
08cce2ff 262 XDB::query(
d1fcf09c 263 "INSERT INTO x4dat.virtual_redirect (vid,redirect)
264 SELECT vid,{?}
265 FROM x4dat.virtual
266 WHERE alias={?}", "$mbox@$dom", $lfull);
a7d35093 267 $page->trigSuccess("$mbox@$dom ajouté");
d1fcf09c 268 }
269 }
270
271 if (Env::has('del_member')) {
08cce2ff 272 XDB::query(
d1fcf09c 273 "DELETE FROM x4dat.virtual_redirect
274 USING x4dat.virtual_redirect
275 INNER JOIN x4dat.virtual USING(vid)
5e2307dc 276 WHERE redirect={?} AND alias={?}", Env::v('del_member'), $lfull);
8b00e0e0 277 pl_redirect('alias/admin/'.$lfull);
d1fcf09c 278 }
279
7cdecf88 280 global $globals;
055dbf30
FB
281 $res = XDB::iterator("SELECT IF(r.login IS NULL, m.nom, IF(u.nom_usage != '', u.nom_usage, u.nom)) AS nom,
282 IF(r.login IS NULL, m.prenom, u.prenom) AS prenom,
283 IF(r.login IS NULL, 'extérieur', u.promo) AS promo,
284 m.perms = 'admin' AS admin, r.redirect, r.login AS alias
285 FROM (SELECT redirect AS redirect,
286 IF(SUBSTRING_INDEX(redirect, '@', -1) IN ({?}, {?}),
287 SUBSTRING_INDEX(redirect, '@', 1), NULL) AS login
288 FROM x4dat.virtual_redirect AS vr
289 INNER JOIN x4dat.virtual AS v USING(vid)
290 WHERE v.alias = {?}
291 ORDER BY redirect) AS r
292 LEFT JOIN aliases AS a ON (r.login IS NOT NULL AND r.login = a.alias)
293 LEFT JOIN auth_user_md5 AS u ON (u.user_id = a.id)
294 LEFT JOIN groupex.membres AS m ON (m.asso_id = {?} AND IF(r.login IS NULL, m.email = r.redirect, m.uid = u.user_id))",
295 $globals->mail->domain, $globals->mail->domain2,
296 $lfull, $globals->asso('id'));
d1fcf09c 297 $page->assign('mem', $res);
298 }
299
300 function handler_acreate(&$page)
301 {
302 global $globals;
303
c77e45f1 304 if (!$globals->asso('mail_domain')) {
305 return PL_NOT_FOUND;
306 }
1490093c 307 $page->changeTpl('xnetlists/alias-create.tpl');
d1fcf09c 308
309 if (!Post::has('submit')) {
310 return;
311 }
312
313 if (!Post::has('liste')) {
a7d35093 314 $page->trigError('champs «adresse souhaitée» vide');
d1fcf09c 315 return;
316 }
5e2307dc 317 $liste = Post::v('liste');
d1fcf09c 318 if (!preg_match("/^[a-zA-Z0-9\-\.]*$/", $liste)) {
a7d35093
FB
319 $page->trigError('le nom de l\'alias ne doit contenir que des lettres,'
320 .' chiffres, tirets et points');
d1fcf09c 321 return;
322 }
323
324 $new = $liste.'@'.$globals->asso('mail_domain');
08cce2ff 325 $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new);
d1fcf09c 326 $n = $res->fetchOneCell();
c9110c6c 327 if ($n) {
a7d35093 328 $page->trigError('cet alias est déjà pris');
d1fcf09c 329 return;
330 }
331
08cce2ff 332 XDB::query('INSERT INTO x4dat.virtual (alias,type) VALUES({?}, "user")', $new);
d1fcf09c 333
8b00e0e0 334 pl_redirect("alias/admin/$new");
d1fcf09c 335 }
336
7b9d64a8 337 function handler_profile(&$page, $user = null)
338 {
8b00e0e0 339 http_redirect('https://www.polytechnique.org/profile/'.$user);
7b9d64a8 340 }
341}
342
a7de4ef7 343// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
7b9d64a8 344?>