[platal.git] / modules / platal.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2007 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

function bugize($list)
{
    $list = split(',', $list);
    $ans  = array();

    foreach ($list as $bug) {
        $clean = str_replace('#', '', $bug);
        $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
    }

    return join(',', $ans);
}


class PlatalModule extends PLModule
{
    function handlers()
    {
        return array(
            'index'       => $this->make_hook('index',     AUTH_PUBLIC),
            'cacert.pem'  => $this->make_hook('cacert',    AUTH_PUBLIC),
            'changelog'   => $this->make_hook('changelog', AUTH_PUBLIC),

            // Preferences thingies
            'prefs'       => $this->make_hook('prefs',     AUTH_COOKIE),
            'prefs/rss'   => $this->make_hook('prefs_rss', AUTH_COOKIE),
            'prefs/webredirect'
                          => $this->make_hook('webredir',  AUTH_MDP),
            'prefs/skin'  => $this->make_hook('skin',      AUTH_COOKIE),

            // password related thingies
            'password'      => $this->make_hook('password',  AUTH_MDP),
            'tmpPWD'        => $this->make_hook('tmpPWD',    AUTH_PUBLIC),
            'password/smtp' => $this->make_hook('smtppass',  AUTH_MDP),
            'recovery'      => $this->make_hook('recovery',  AUTH_PUBLIC),
            'exit'          => $this->make_hook('exit', AUTH_PUBLIC),
            'review'        => $this->make_hook('review', AUTH_PUBLIC),
            'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
        );
    }

    function handler_index(&$page)
    {
        if (S::logged()) {
            pl_redirect('events');
        } else if (!@$GLOBALS['IS_XNET_SITE']) {
            pl_redirect('review');
        }
    }

    function handler_cacert(&$page)
    {
        $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
        header("Pragma:");
        header("Set-Cookie:");
        header("Cache-Control:");
        header("Expires:");
        header("Content-Type: application/x-x509-ca-cert");
        header("Content-Length: ".strlen($data));
        echo $data;
        exit;
    }

    function handler_changelog(&$page)
    {
        $page->changeTpl('platal/changeLog.tpl');

        $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
        // url catch only (not all wiki syntax)
        $clog = preg_replace(array(
            '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
            '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
            '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
          array(
            '<a href="\\0">\\0</a>',
            '\\1<a href="http://www.\\2">www.\\2</a>',
            '<a href="mailto:\\0">\\0</a>'),
          $clog);
        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
        $clog = preg_replace('!vim:.*$!', '', $clog);
        $page->assign('ChangeLog', $clog);
    }

    function __set_rss_state($state)
    {
        if ($state) {
            $_SESSION['core_rss_hash'] = rand_url_id(16);
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash={?} WHERE user_id={?}',
                                   S::v('core_rss_hash'), S::v('uid'));
        } else {
            XDB::execute('UPDATE  auth_user_quick
                                   SET  core_rss_hash="" WHERE user_id={?}',
                                   S::v('uid'));
            S::kill('core_rss_hash');
        }
    }

    function handler_prefs(&$page)
    {
        $page->changeTpl('platal/preferences.tpl');
        $page->assign('xorg_title','Polytechnique.org - Mes préférences');

        if (Post::has('mail_fmt')) {
            $fmt = Post::v('mail_fmt');
            if ($fmt != 'texte') $fmt = 'html';
            XDB::execute("UPDATE auth_user_quick
                                       SET core_mail_fmt = '$fmt'
                                     WHERE user_id = {?}",
                                     S::v('uid'));
            $_SESSION['mail_fmt'] = $fmt;
        }

        if (Post::has('rss')) {
            $this->__set_rss_state(Post::b('rss'));
        }
    }

    function handler_webredir(&$page)
    {
        $page->changeTpl('platal/webredirect.tpl');

        $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');

        $log =& S::v('log');
        $url = Env::v('url');

        if (Env::v('submit') == 'Valider' and Env::has('url')) {
            XDB::execute('UPDATE auth_user_quick
                                       SET redirecturl = {?} WHERE user_id = {?}',
                                   $url, S::v('uid'));
            $log->log('carva_add', 'http://'.Env::v('url'));
            $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
        } elseif (Env::v('submit') == "Supprimer") {
            XDB::execute("UPDATE auth_user_quick
                                       SET redirecturl = ''
                                     WHERE user_id = {?}",
                                   S::v('uid'));
            $log->log("carva_del", $url);
            Post::kill('url');
            $page->trig('Redirection supprimée');
        }

        $res = XDB::query('SELECT redirecturl
                                       FROM auth_user_quick
                                      WHERE user_id = {?}',
                                    S::v('uid'));
        $page->assign('carva', $res->fetchOneCell());
    }

    function handler_prefs_rss(&$page)
    {
        $page->changeTpl('platal/filrss.tpl');

        $page->assign('goback', Env::v('referer', 'login'));

        if (Env::v('act_rss') == 'Activer') {
            $this->__set_rss_state(true);
            $page->trig("Ton Fil RSS est activé.");
        }
    }

    function handler_password(&$page)
    {
        if (Post::has('response2'))  {
            require_once 'secure_hash.inc.php';

            $_SESSION['password'] = $password = Post::v('response2');

            XDB::execute('UPDATE  auth_user_md5
                             SET  password={?}
                           WHERE  user_id={?}', $password,
                           S::v('uid'));

            $log =& S::v('log');
            $log->log('passwd', '');

            if (Cookie::v('ORGaccess')) {
                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
            }

            $page->changeTpl('platal/motdepasse.success.tpl');
            $page->run();
        }

        $page->changeTpl('platal/motdepasse.tpl');
        $page->addJsLink('motdepasse.js');
        $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
    }

    function handler_smtppass(&$page)
    {
        $page->changeTpl('platal/acces_smtp.tpl');
        $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');

        require_once 'wiki.inc.php';
        wiki_require_page('Xorg.SMTPSécurisé');
        wiki_require_page('Xorg.NNTPSécurisé');

        $uid  = S::v('uid');
        $pass = Env::v('smtppass1');
        $log  = S::v('log');

        if (Env::v('op') == "Valider" && strlen($pass) >= 6
        &&  Env::v('smtppass1') == Env::v('smtppass2'))
        {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
                                     WHERE user_id = {?}', $pass, $uid);
            $page->trig('Mot de passe enregistré');
            $log->log("passwd_ssl");
        } elseif (Env::v('op') == "Supprimer") {
            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
                                     WHERE user_id = {?}', $uid);
            $page->trig('Compte SMTP et NNTP supprimé');
            $log->log("passwd_del");
        }

        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
                                       FROM auth_user_md5
                                      WHERE user_id = {?}", $uid);
        $page->assign('actif', $res->fetchOneCell());
    }

    function handler_recovery(&$page)
    {
        global $globals;

        $page->changeTpl('platal/recovery.tpl');

        if (!Env::has('login') || !Env::has('birth')) {
            return;
        }

        if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
            $page->trig('Date de naissance incorrecte ou incohérente');
            return;
        }

        $birth   = sprintf('%s-%s-%s',
                           substr(Env::v('birth'), 4, 4),
                           substr(Env::v('birth'), 2, 2),
                           substr(Env::v('birth'), 0, 2));

        $mailorg = strtok(Env::v('login'), '@');

        // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
        // avec celle fournie ici en espérant que c'est la bonne

        $res = XDB::query(
                "SELECT  user_id, naissance
                   FROM  auth_user_md5 AS u
             INNER JOIN  aliases       AS a ON (u.user_id=a.id AND type != 'homonyme')
                  WHERE  a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
        list($uid, $naissance) = $res->fetchOneRow();

        if ($naissance == $birth) {
            $res = XDB::query("SELECT  COUNT(*)
                                 FROM  emails
                                WHERE  uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
            $count = intval($res->fetchOneCell());
            if ($count == 0) {
                $page->assign('no_addr', true);
                return;
            }

            $page->assign('ok', true);

            $url   = rand_url_id();
            XDB::execute('INSERT INTO  perte_pass (certificat,uid,created)
                               VALUES  ({?},{?},NOW())', $url, $uid);
            $res   = XDB::query('SELECT  email
                                   FROM  emails
                                  WHERE  uid = {?} AND email = {?}',
                                $uid, Post::v('email'));
            if ($res->numRows()) {
                $mails = $res->fetchOneCell();
            } else {
                $res   = XDB::query('SELECT  email
                                       FROM  emails
                                      WHERE  uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
                $mails = implode(', ', $res->fetchColumn());
            }
            $mymail = new PlMailer();
            $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
            $mymail->addTo($mails);
            $mymail->setSubject('Ton certificat d\'authentification');
            $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url

Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.

--
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"

Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
            $mymail->send();

            // on cree un objet logger et on log l'evenement
            $logger = $_SESSION['log'] = new CoreLogger($uid);
            $logger->log('recovery', $mails);
        } else {
            $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                        'Si tu as un homonyme, utilise prenom.nom.promo comme login');
        }
    }

    function handler_tmpPWD(&$page, $certif = null)
    {
        XDB::execute('DELETE FROM perte_pass
                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');

        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
        $ligne = $res->fetchOneAssoc();
        if (!$ligne) {
            $page->changeTpl('platal/index.tpl');
            $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
        }

        $uid = $ligne["uid"];
        if (Post::has('response2')) {
            $password = Post::v('response2');
            $logger   = new CoreLogger($uid);
            XDB::query('UPDATE  auth_user_md5 SET password={?}
                                   WHERE  user_id={?} AND perms IN("admin","user")',
                                 $password, $uid);
            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
            $logger->log("passwd","");
            $page->changeTpl('platal/tmpPWD.success.tpl');
        } else {
            $page->changeTpl('platal/motdepasse.tpl');
            $page->addJsLink('motdepasse.js');
        }
    }

    function handler_skin(&$page)
    {
        global $globals;

        $page->changeTpl('platal/skins.tpl');
        $page->assign('xorg_title','Polytechnique.org - Skins');

        if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
            XDB::execute('UPDATE auth_user_quick
                             SET skin={?} WHERE user_id={?}',
                         Env::i('newskin'), S::v('uid'));
            S::kill('skin');
            set_skin();
        }

        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
        $page->assign('skin_id', $res->fetchOneCell());

        $sql = "SELECT s.*,auteur,count(*) AS nb
                  FROM skins AS s
             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
                 WHERE skin_tpl != '' AND ext != ''
              GROUP BY id ORDER BY s.date DESC";
        $page->assign('skins', XDB::iterator($sql));
    }

    function handler_exit(&$page, $level = null)
    {
        if (S::has('suid')) {
            $a4l  = S::v('forlife');
            $suid = S::v('suid');
            $log  = S::v('log');
            $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
            $_SESSION = $suid;
            S::kill('suid');
            pl_redirect('admin/user/' . $a4l);
        }

        if ($level == 'forget' || $level == 'forgetall') {
            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGaccess');
            if (isset($_SESSION['log']))
                $_SESSION['log']->log("cookie_off");
        }

        if ($level == 'forgetuid' || $level == 'forgetall') {
            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGuid');
            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
            Cookie::kill('ORGdomain');
        }

        if (isset($_SESSION['log'])) {
            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
            $_SESSION['log']->log('deconnexion',$ref);
        }

        XorgSession::destroy();

        if (Get::has('redirect')) {
            http_redirect(rawurldecode(Get::v('redirect')));
        } else {
            $page->changeTpl('platal/exit.tpl');
        }
    }

    function handler_review(&$page, $action = null, $mode = null) 
    {
        require_once 'wiki.inc.php';
        require_once dirname(__FILE__) . '/platal/review.inc.php';
        $dir = wiki_work_dir();
        $dom = 'Review';
        if (@$GLOBALS['IS_XNET_SITE']) {
            $dom .= 'Xnet';
        }
        if (!is_dir($dir)) {
            $page->kill("Impossible de trouver le wiki");
        }
        if (!file_exists($dir . '/' . $dom . '.Admin')) {
            $page->kill("Impossible de trouver la page d'administration");
        }
        $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
        $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
        $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
        foreach ($conf as $line) {
            $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
            $wiz->addPage('ReviewPage', $list[0], $list[1]);
        }
        $wiz->apply($page, 'review', $action, $mode);
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
	1	<?php
	2	/***************************************************************************
	3	* Copyright (C) 2003-2007 Polytechnique.org *
	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	function bugize($list)
	23	{
	24	$list = split(',', $list);
	25	$ans = array();
	26
	27	foreach ($list as $bug) {
	28	$clean = str_replace('#', '', $bug);
	29	$ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
	30	}
	31
	32	return join(',', $ans);
	33	}
	34
	35
	36	class PlatalModule extends PLModule
	37	{
	38	function handlers()
	39	{
	40	return array(
	41	'index' => $this->make_hook('index', AUTH_PUBLIC),
	42	'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
	43	'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
	44
	45	// Preferences thingies
	46	'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
	47	'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
	48	'prefs/webredirect'
	49	=> $this->make_hook('webredir', AUTH_MDP),
	50	'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
	51
	52	// password related thingies
	53	'password' => $this->make_hook('password', AUTH_MDP),
	54	'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
	55	'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
	56	'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
	57	'exit' => $this->make_hook('exit', AUTH_PUBLIC),
	58	'review' => $this->make_hook('review', AUTH_PUBLIC),
	59	'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
	60	);
	61	}
	62
	63	function handler_index(&$page)
	64	{
	65	if (S::logged()) {
	66	pl_redirect('events');
	67	} else if (!@$GLOBALS['IS_XNET_SITE']) {
	68	pl_redirect('review');
	69	}
	70	}
	71
	72	function handler_cacert(&$page)
	73	{
	74	$data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
	75	header("Pragma:");
	76	header("Set-Cookie:");
	77	header("Cache-Control:");
	78	header("Expires:");
	79	header("Content-Type: application/x-x509-ca-cert");
	80	header("Content-Length: ".strlen($data));
	81	echo $data;
	82	exit;
	83	}
	84
	85	function handler_changelog(&$page)
	86	{
	87	$page->changeTpl('platal/changeLog.tpl');
	88
	89	$clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
	90	// url catch only (not all wiki syntax)
	91	$clog = preg_replace(array(
	92	'/((?:https?\|ftp):\/\/(?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
	93	'/(\s\|^)www\.((?:\.,[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
	94	'/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
	95	array(
	96	'<a href="\\0">\\0</a>',
	97	'\\1<a href="http://www.\\2">www.\\2</a>',
	98	'<a href="mailto:\\0">\\0</a>'),
	99	$clog);
	100	$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
	101	$clog = preg_replace('!vim:.*$!', '', $clog);
	102	$page->assign('ChangeLog', $clog);
	103	}
	104
	105	function __set_rss_state($state)
	106	{
	107	if ($state) {
	108	$_SESSION['core_rss_hash'] = rand_url_id(16);
	109	XDB::execute('UPDATE auth_user_quick
	110	SET core_rss_hash={?} WHERE user_id={?}',
	111	S::v('core_rss_hash'), S::v('uid'));
	112	} else {
	113	XDB::execute('UPDATE auth_user_quick
	114	SET core_rss_hash="" WHERE user_id={?}',
	115	S::v('uid'));
	116	S::kill('core_rss_hash');
	117	}
	118	}
	119
	120	function handler_prefs(&$page)
	121	{
	122	$page->changeTpl('platal/preferences.tpl');
	123	$page->assign('xorg_title','Polytechnique.org - Mes préférences');
	124
	125	if (Post::has('mail_fmt')) {
	126	$fmt = Post::v('mail_fmt');
	127	if ($fmt != 'texte') $fmt = 'html';
	128	XDB::execute("UPDATE auth_user_quick
	129	SET core_mail_fmt = '$fmt'
	130	WHERE user_id = {?}",
	131	S::v('uid'));
	132	$_SESSION['mail_fmt'] = $fmt;
	133	}
	134
	135	if (Post::has('rss')) {
	136	$this->__set_rss_state(Post::b('rss'));
	137	}
	138	}
	139
	140	function handler_webredir(&$page)
	141	{
	142	$page->changeTpl('platal/webredirect.tpl');
	143
	144	$page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
	145
	146	$log =& S::v('log');
	147	$url = Env::v('url');
	148
	149	if (Env::v('submit') == 'Valider' and Env::has('url')) {
	150	XDB::execute('UPDATE auth_user_quick
	151	SET redirecturl = {?} WHERE user_id = {?}',
	152	$url, S::v('uid'));
	153	$log->log('carva_add', 'http://'.Env::v('url'));
	154	$page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
	155	} elseif (Env::v('submit') == "Supprimer") {
	156	XDB::execute("UPDATE auth_user_quick
	157	SET redirecturl = ''
	158	WHERE user_id = {?}",
	159	S::v('uid'));
	160	$log->log("carva_del", $url);
	161	Post::kill('url');
	162	$page->trig('Redirection supprimée');
	163	}
	164
	165	$res = XDB::query('SELECT redirecturl
	166	FROM auth_user_quick
	167	WHERE user_id = {?}',
	168	S::v('uid'));
	169	$page->assign('carva', $res->fetchOneCell());
	170	}
	171
	172	function handler_prefs_rss(&$page)
	173	{
	174	$page->changeTpl('platal/filrss.tpl');
	175
	176	$page->assign('goback', Env::v('referer', 'login'));
	177
	178	if (Env::v('act_rss') == 'Activer') {
	179	$this->__set_rss_state(true);
	180	$page->trig("Ton Fil RSS est activé.");
	181	}
	182	}
	183
	184	function handler_password(&$page)
	185	{
	186	if (Post::has('response2')) {
	187	require_once 'secure_hash.inc.php';
	188
	189	$_SESSION['password'] = $password = Post::v('response2');
	190
	191	XDB::execute('UPDATE auth_user_md5
	192	SET password={?}
	193	WHERE user_id={?}', $password,
	194	S::v('uid'));
	195
	196	$log =& S::v('log');
	197	$log->log('passwd', '');
	198
	199	if (Cookie::v('ORGaccess')) {
	200	setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
	201	}
	202
	203	$page->changeTpl('platal/motdepasse.success.tpl');
	204	$page->run();
	205	}
	206
	207	$page->changeTpl('platal/motdepasse.tpl');
	208	$page->addJsLink('motdepasse.js');
	209	$page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
	210	}
	211
	212	function handler_smtppass(&$page)
	213	{
	214	$page->changeTpl('platal/acces_smtp.tpl');
	215	$page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
	216
	217	require_once 'wiki.inc.php';
	218	wiki_require_page('Xorg.SMTPSécurisé');
	219	wiki_require_page('Xorg.NNTPSécurisé');
	220
	221	$uid = S::v('uid');
	222	$pass = Env::v('smtppass1');
	223	$log = S::v('log');
	224
	225	if (Env::v('op') == "Valider" && strlen($pass) >= 6
	226	&& Env::v('smtppass1') == Env::v('smtppass2'))
	227	{
	228	XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
	229	WHERE user_id = {?}', $pass, $uid);
	230	$page->trig('Mot de passe enregistré');
	231	$log->log("passwd_ssl");
	232	} elseif (Env::v('op') == "Supprimer") {
	233	XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
	234	WHERE user_id = {?}', $uid);
	235	$page->trig('Compte SMTP et NNTP supprimé');
	236	$log->log("passwd_del");
	237	}
	238
	239	$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
	240	FROM auth_user_md5
	241	WHERE user_id = {?}", $uid);
	242	$page->assign('actif', $res->fetchOneCell());
	243	}
	244
	245	function handler_recovery(&$page)
	246	{
	247	global $globals;
	248
	249	$page->changeTpl('platal/recovery.tpl');
	250
	251	if (!Env::has('login') \|\| !Env::has('birth')) {
	252	return;
	253	}
	254
	255	if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
	256	$page->trig('Date de naissance incorrecte ou incohérente');
	257	return;
	258	}
	259
	260	$birth = sprintf('%s-%s-%s',
	261	substr(Env::v('birth'), 4, 4),
	262	substr(Env::v('birth'), 2, 2),
	263	substr(Env::v('birth'), 0, 2));
	264
	265	$mailorg = strtok(Env::v('login'), '@');
	266
	267	// paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
	268	// avec celle fournie ici en espérant que c'est la bonne
	269
	270	$res = XDB::query(
	271	"SELECT user_id, naissance
	272	FROM auth_user_md5 AS u
	273	INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
	274	WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
	275	list($uid, $naissance) = $res->fetchOneRow();
	276
	277	if ($naissance == $birth) {
	278	$res = XDB::query("SELECT COUNT(*)
	279	FROM emails
	280	WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
	281	$count = intval($res->fetchOneCell());
	282	if ($count == 0) {
	283	$page->assign('no_addr', true);
	284	return;
	285	}
	286
	287	$page->assign('ok', true);
	288
	289	$url = rand_url_id();
	290	XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
	291	VALUES ({?},{?},NOW())', $url, $uid);
	292	$res = XDB::query('SELECT email
	293	FROM emails
	294	WHERE uid = {?} AND email = {?}',
	295	$uid, Post::v('email'));
	296	if ($res->numRows()) {
	297	$mails = $res->fetchOneCell();
	298	} else {
	299	$res = XDB::query('SELECT email
	300	FROM emails
	301	WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
	302	$mails = implode(', ', $res->fetchColumn());
	303	}
	304	$mymail = new PlMailer();
	305	$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
	306	$mymail->addTo($mails);
	307	$mymail->setSubject('Ton certificat d\'authentification');
	308	$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
	309	{$globals->baseurl}/tmpPWD/$url
	310
	311	Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
	312
	313	--
	314	Polytechnique.org
	315	\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
	316
	317	Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
	318	Adresse de secours : " . Post::v('email') : ""));
	319	$mymail->send();
	320
	321	// on cree un objet logger et on log l'evenement
	322	$logger = $_SESSION['log'] = new CoreLogger($uid);
	323	$logger->log('recovery', $mails);
	324	} else {
	325	$page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
	326	'Si tu as un homonyme, utilise prenom.nom.promo comme login');
	327	}
	328	}
	329
	330	function handler_tmpPWD(&$page, $certif = null)
	331	{
	332	XDB::execute('DELETE FROM perte_pass
	333	WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
	334
	335	$res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
	336	$ligne = $res->fetchOneAssoc();
	337	if (!$ligne) {
	338	$page->changeTpl('platal/index.tpl');
	339	$page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
	340	}
	341
	342	$uid = $ligne["uid"];
	343	if (Post::has('response2')) {
	344	$password = Post::v('response2');
	345	$logger = new CoreLogger($uid);
	346	XDB::query('UPDATE auth_user_md5 SET password={?}
	347	WHERE user_id={?} AND perms IN("admin","user")',
	348	$password, $uid);
	349	XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
	350	$logger->log("passwd","");
	351	$page->changeTpl('platal/tmpPWD.success.tpl');
	352	} else {
	353	$page->changeTpl('platal/motdepasse.tpl');
	354	$page->addJsLink('motdepasse.js');
	355	}
	356	}
	357
	358	function handler_skin(&$page)
	359	{
	360	global $globals;
	361
	362	$page->changeTpl('platal/skins.tpl');
	363	$page->assign('xorg_title','Polytechnique.org - Skins');
	364
	365	if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
	366	XDB::execute('UPDATE auth_user_quick
	367	SET skin={?} WHERE user_id={?}',
	368	Env::i('newskin'), S::v('uid'));
	369	S::kill('skin');
	370	set_skin();
	371	}
	372
	373	$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
	374	$page->assign('skin_id', $res->fetchOneCell());
	375
	376	$sql = "SELECT s.,auteur,count() AS nb
	377	FROM skins AS s
	378	LEFT JOIN auth_user_quick AS a ON s.id=a.skin
	379	WHERE skin_tpl != '' AND ext != ''
	380	GROUP BY id ORDER BY s.date DESC";
	381	$page->assign('skins', XDB::iterator($sql));
	382	}
	383
	384	function handler_exit(&$page, $level = null)
	385	{
	386	if (S::has('suid')) {
	387	$a4l = S::v('forlife');
	388	$suid = S::v('suid');
	389	$log = S::v('log');
	390	$log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
	391	$_SESSION = $suid;
	392	S::kill('suid');
	393	pl_redirect('admin/user/' . $a4l);
	394	}
	395
	396	if ($level == 'forget' \|\| $level == 'forgetall') {
	397	setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
	398	Cookie::kill('ORGaccess');
	399	if (isset($_SESSION['log']))
	400	$_SESSION['log']->log("cookie_off");
	401	}
	402
	403	if ($level == 'forgetuid' \|\| $level == 'forgetall') {
	404	setcookie('ORGuid', '', time() - 3600, '/', '', 0);
	405	Cookie::kill('ORGuid');
	406	setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
	407	Cookie::kill('ORGdomain');
	408	}
	409
	410	if (isset($_SESSION['log'])) {
	411	$ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
	412	$_SESSION['log']->log('deconnexion',$ref);
	413	}
	414
	415	XorgSession::destroy();
	416
	417	if (Get::has('redirect')) {
	418	http_redirect(rawurldecode(Get::v('redirect')));
	419	} else {
	420	$page->changeTpl('platal/exit.tpl');
	421	}
	422	}
	423
	424	function handler_review(&$page, $action = null, $mode = null)
	425	{
	426	require_once 'wiki.inc.php';
	427	require_once dirname(__FILE__) . '/platal/review.inc.php';
	428	$dir = wiki_work_dir();
	429	$dom = 'Review';
	430	if (@$GLOBALS['IS_XNET_SITE']) {
	431	$dom .= 'Xnet';
	432	}
	433	if (!is_dir($dir)) {
	434	$page->kill("Impossible de trouver le wiki");
	435	}
	436	if (!file_exists($dir . '/' . $dom . '.Admin')) {
	437	$page->kill("Impossible de trouver la page d'administration");
	438	}
	439	$conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
	440	$conf = preg_split('/(text\=\|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
	441	$wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
	442	foreach ($conf as $line) {
	443	$list = preg_split('/\s[\|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
	444	$wiz->addPage('ReviewPage', $list[0], $list[1]);
	445	}
	446	$wiz->apply($page, 'review', $action, $mode);
	447	}
	448	}
	449
	450	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
	451	?>