| 1 | <?php |
| 2 | /*************************************************************************** |
| 3 | * Copyright (C) 2003-2008 Polytechnique.org * |
| 4 | * http://opensource.polytechnique.org/ * |
| 5 | * * |
| 6 | * This program is free software; you can redistribute it and/or modify * |
| 7 | * it under the terms of the GNU General Public License as published by * |
| 8 | * the Free Software Foundation; either version 2 of the License, or * |
| 9 | * (at your option) any later version. * |
| 10 | * * |
| 11 | * This program is distributed in the hope that it will be useful, * |
| 12 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
| 13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * |
| 14 | * GNU General Public License for more details. * |
| 15 | * * |
| 16 | * You should have received a copy of the GNU General Public License * |
| 17 | * along with this program; if not, write to the Free Software * |
| 18 | * Foundation, Inc., * |
| 19 | * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * |
| 20 | ***************************************************************************/ |
| 21 | |
| 22 | function quoted_printable_encode($input, $line_max = 76) |
| 23 | { |
| 24 | $lines = preg_split("/(?:\r\n|\r|\n)/", $input); |
| 25 | $eol = "\n"; |
| 26 | $linebreak = "=0D=0A=\n "; |
| 27 | $escape = "="; |
| 28 | $output = ""; |
| 29 | |
| 30 | foreach ($lines as $j => $line) { |
| 31 | $linlen = strlen($line); |
| 32 | $newline = ""; |
| 33 | for($i = 0; $i < $linlen; $i++) { |
| 34 | $c = $line{$i}; |
| 35 | $dec = ord($c); |
| 36 | if ( ($dec == 32) && ($i == ($linlen - 1)) ) { |
| 37 | // convert space at eol only |
| 38 | $c = "=20"; |
| 39 | } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) { |
| 40 | // always encode "\t", which is *not* required |
| 41 | $c = $escape.strtoupper(sprintf("%02x",$dec)); |
| 42 | } |
| 43 | if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted |
| 44 | $output .= $newline.$escape.$eol; |
| 45 | $newline = " "; |
| 46 | } |
| 47 | $newline .= $c; |
| 48 | } // end of for |
| 49 | $output .= $newline; |
| 50 | if ($j<count($lines)-1) $output .= $linebreak; |
| 51 | } |
| 52 | return trim($output); |
| 53 | } |
| 54 | |
| 55 | /** vérifie si une adresse email convient comme adresse de redirection |
| 56 | * @param $email l'adresse email a verifier |
| 57 | * @return BOOL |
| 58 | */ |
| 59 | function isvalid_email_redirection($email) |
| 60 | { |
| 61 | return isvalid_email($email) && |
| 62 | !preg_match("/@(polytechnique\.(org|edu)|melix\.(org|net)|m4x\.org)$/", $email); |
| 63 | } |
| 64 | |
| 65 | /** genere une chaine aleatoire de 22 caracteres ou moins |
| 66 | * @param $len longueur souhaitée, 22 par défaut |
| 67 | * @return la chaine aleatoire qui contient les caractères [A-Za-z0-9+/] |
| 68 | */ |
| 69 | function rand_token($len = 22) |
| 70 | { |
| 71 | $len = max(2, $len); |
| 72 | $len = min(50, $len); |
| 73 | $fp = fopen('/dev/urandom', 'r'); |
| 74 | // $len * 2 is certainly an overkill, |
| 75 | // but HEY, reading 40 bytes from /dev/urandom is not that slow ! |
| 76 | $token = fread($fp, $len * 2); |
| 77 | fclose($fp); |
| 78 | $token = base64_encode($token); |
| 79 | $token = preg_replace("![Il10O+/]!", "", $token); |
| 80 | $token = substr($token,0,$len); |
| 81 | return $token; |
| 82 | } |
| 83 | |
| 84 | /** genere une chaine aleatoire convenable pour une url |
| 85 | * @param $len longueur souhaitée, 22 par défaut |
| 86 | * @return la chaine aleatoire |
| 87 | */ |
| 88 | function rand_url_id($len = 22) |
| 89 | { |
| 90 | return rand_token($len); |
| 91 | } |
| 92 | |
| 93 | |
| 94 | /** genere une chaine aleatoire convenable pour un mot de passe |
| 95 | * @return la chaine aleatoire |
| 96 | */ |
| 97 | function rand_pass() |
| 98 | { |
| 99 | return rand_token(8); |
| 100 | } |
| 101 | |
| 102 | /** Remove accent from a string and replace them by the nearest letter |
| 103 | */ |
| 104 | global $lc_convert, $uc_convert; |
| 105 | $lc_convert = array('é' => 'e', 'è' => 'e', 'ë' => 'e', 'ê' => 'e', |
| 106 | 'á' => 'a', 'à' => 'a', 'ä' => 'a', 'â' => 'a', 'å' => 'a', 'ã' => 'a', |
| 107 | 'ï' => 'i', 'î' => 'i', 'ì' => 'i', 'í' => 'i', |
| 108 | 'ô' => 'o', 'ö' => 'o', 'ò' => 'o', 'ó' => 'o', 'õ' => 'o', 'ø' => 'o', |
| 109 | 'ú' => 'u', 'ù' => 'u', 'û' => 'u', 'ü' => 'u', |
| 110 | 'ç' => 'c', 'ñ' => 'n'); |
| 111 | $uc_convert = array('É' => 'E', 'È' => 'E', 'Ë' => 'E', 'Ê' => 'E', |
| 112 | 'Á' => 'A', 'À' => 'A', 'Ä' => 'A', 'Â' => 'A', 'Å' => 'A', 'Ã' => 'A', |
| 113 | 'Ï' => 'I', 'Î' => 'I', 'Ì' => 'I', 'Í' => 'I', |
| 114 | 'Ô' => 'O', 'Ö' => 'O', 'Ò' => 'O', 'Ó' => 'O', 'Õ' => 'O', 'Ø' => 'O', |
| 115 | 'Ú' => 'U', 'Ù' => 'U', 'Û' => 'U', 'Ü' => 'U', |
| 116 | 'Ç' => 'C', 'Ñ' => 'N'); |
| 117 | |
| 118 | function replace_accent($string) |
| 119 | { |
| 120 | global $lc_convert, $uc_convert; |
| 121 | $string = strtr($string, $lc_convert); |
| 122 | return strtr($string, $uc_convert); |
| 123 | } |
| 124 | |
| 125 | /** creates a username from a first and last name |
| 126 | * |
| 127 | * @param $prenom the firstname |
| 128 | * @param $nom the last name |
| 129 | * |
| 130 | * return STRING the corresponding username |
| 131 | */ |
| 132 | function make_username($prenom,$nom) |
| 133 | { |
| 134 | /* on traite le prenom */ |
| 135 | $prenomUS=replace_accent(trim($prenom)); |
| 136 | $prenomUS=stripslashes($prenomUS); |
| 137 | |
| 138 | /* on traite le nom */ |
| 139 | $nomUS=replace_accent(trim($nom)); |
| 140 | $nomUS=stripslashes($nomUS); |
| 141 | |
| 142 | // calcul du login |
| 143 | $username = strtolower($prenomUS.".".$nomUS); |
| 144 | $username = str_replace(" ","-",$username); |
| 145 | $username = str_replace("'","",$username); |
| 146 | return $username; |
| 147 | } |
| 148 | |
| 149 | /* Un soundex en français posté par Frédéric Bouchery |
| 150 | Voici une adaptation en PHP de la fonction soundex2 francisée de Frédéric BROUARD (http://sqlpro.developpez.com/Soundex/). |
| 151 | C'est une bonne démonstration de la force des expressions régulières compatible Perl. |
| 152 | trouvé sur http://expreg.com/voirsource.php?id=40&type=Chaines%20de%20caract%E8res */ |
| 153 | function soundex_fr($sIn) |
| 154 | { |
| 155 | static $convVIn, $convVOut, $convGuIn, $convGuOut, $accents; |
| 156 | if (!isset($convGuIn)) { |
| 157 | global $uc_convert, $lc_convert; |
| 158 | $convGuIn = array( 'GUI', 'GUE', 'GA', 'GO', 'GU', 'SCI', 'SCE', 'SC', 'CA', 'CO', |
| 159 | 'CU', 'QU', 'Q', 'CC', 'CK', 'G', 'ST', 'PH'); |
| 160 | $convGuOut = array( 'KI', 'KE', 'KA', 'KO', 'K', 'SI', 'SE', 'SK', 'KA', 'KO', |
| 161 | 'KU', 'K', 'K', 'K', 'K', 'J', 'T', 'F'); |
| 162 | $convVIn = array( '/E?(AU)/', '/([EA])?[UI]([NM])([^EAIOUY]|$)/', '/[AE]O?[NM]([^AEIOUY]|$)/', |
| 163 | '/[EA][IY]([NM]?[^NM]|$)/', '/(^|[^OEUIA])(OEU|OE|EU)([^OEUIA]|$)/', '/OI/', |
| 164 | '/(ILLE?|I)/', '/O(U|W)/', '/O[NM]($|[^EAOUIY])/', '/(SC|S|C)H/', |
| 165 | '/([^AEIOUY1])[^AEIOUYLKTPNR]([UAO])([^AEIOUY])/', '/([^AEIOUY]|^)([AUO])[^AEIOUYLKTP]([^AEIOUY1])/', '/^KN/', |
| 166 | '/^PF/', '/C([^AEIOUY]|$)/', |
| 167 | '/C/', '/Z$/', '/(?<!^)Z+/', '/ER$/', '/H/', '/W/'); |
| 168 | $convVOut = array( 'O', '1\3', 'A\1', |
| 169 | 'E\1', '\1E\3', 'O', |
| 170 | 'Y', 'U', 'O\1', '9', |
| 171 | '\1\2\3', '\1\2\3', 'N', |
| 172 | 'F', 'K\1', |
| 173 | 'S', 'SE', 'S', 'E', '', 'V'); |
| 174 | $accents = $uc_convert + $lc_convert; |
| 175 | $accents['Ç'] = 'S'; |
| 176 | $accents['¿'] = 'E'; |
| 177 | } |
| 178 | // Si il n'y a pas de mot, on sort immédiatement |
| 179 | if ( $sIn === '' ) return ' '; |
| 180 | // On supprime les accents |
| 181 | $sIn = strtr( $sIn, $accents); |
| 182 | // On met tout en minuscule |
| 183 | $sIn = strtoupper( $sIn ); |
| 184 | // On supprime tout ce qui n'est pas une lettre |
| 185 | $sIn = preg_replace( '`[^A-Z]`', '', $sIn ); |
| 186 | // Si la chaîne ne fait qu'un seul caractère, on sort avec. |
| 187 | if ( strlen( $sIn ) === 1 ) return $sIn . ' '; |
| 188 | // on remplace les consonnances primaires |
| 189 | $sIn = str_replace( $convGuIn, $convGuOut, $sIn ); |
| 190 | // on supprime les lettres répétitives |
| 191 | $sIn = preg_replace( '`(.)\1`', '$1', $sIn ); |
| 192 | // on réinterprète les voyelles |
| 193 | $sIn = preg_replace( $convVIn, $convVOut, $sIn); |
| 194 | // on supprime les terminaisons T, D, S, X (et le L qui précède si existe) |
| 195 | $sIn = preg_replace( '`L?[TDX]S?$`', '', $sIn ); |
| 196 | // on supprime les E, A et Y qui ne sont pas en première position |
| 197 | $sIn = preg_replace( '`(?!^)Y([^AEOU]|$)`', '\1', $sIn); |
| 198 | $sIn = preg_replace( '`(?!^)[EA]`', '', $sIn); |
| 199 | return substr( $sIn . ' ', 0, 4); |
| 200 | } |
| 201 | |
| 202 | /** met les majuscules au debut de chaque atome du prénom |
| 203 | * @param $prenom le prénom à formater |
| 204 | * return STRING le prénom avec les majuscules |
| 205 | */ |
| 206 | function make_firstname_case($prenom) |
| 207 | { |
| 208 | $prenom = strtolower($prenom); |
| 209 | $pieces = explode('-',$prenom); |
| 210 | |
| 211 | foreach ($pieces as $piece) { |
| 212 | $subpieces = explode("'",$piece); |
| 213 | $usubpieces=""; |
| 214 | foreach ($subpieces as $subpiece) |
| 215 | $usubpieces[] = ucwords($subpiece); |
| 216 | $upieces[] = implode("'",$usubpieces); |
| 217 | } |
| 218 | return implode('-',$upieces); |
| 219 | } |
| 220 | |
| 221 | |
| 222 | function make_forlife($prenom, $nom, $promo) |
| 223 | { |
| 224 | $prenomUS = replace_accent(trim($prenom)); |
| 225 | $nomUS = replace_accent(trim($nom)); |
| 226 | |
| 227 | $forlife = strtolower($prenomUS.".".$nomUS.".".$promo); |
| 228 | $forlife = str_replace(" ","-",$forlife); |
| 229 | $forlife = str_replace("'","",$forlife); |
| 230 | return $forlife; |
| 231 | } |
| 232 | |
| 233 | /** Convert ip to uint (to store it in a database) |
| 234 | */ |
| 235 | function ip_to_uint($ip) |
| 236 | { |
| 237 | return ip2long($ip); |
| 238 | } |
| 239 | |
| 240 | /** Convert uint to ip (to build a human understandable ip) |
| 241 | */ |
| 242 | function uint_to_ip($uint) |
| 243 | { |
| 244 | return long2ip($uint); |
| 245 | } |
| 246 | |
| 247 | |
| 248 | /****************************************************************************** |
| 249 | * Security functions |
| 250 | *****************************************************************************/ |
| 251 | |
| 252 | function check_ip($level) |
| 253 | { |
| 254 | if (empty($_SERVER['REMOTE_ADDR'])) { |
| 255 | return false; |
| 256 | } |
| 257 | if (empty($_SESSION['check_ip'])) { |
| 258 | $ips = array(); |
| 259 | if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) { |
| 260 | $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); |
| 261 | } |
| 262 | $ips[] = $_SERVER['REMOTE_ADDR']; |
| 263 | foreach ($ips as &$ip) { |
| 264 | $ip = "ip = " . ip_to_uint($ip); |
| 265 | } |
| 266 | $res = XDB::query('SELECT state |
| 267 | FROM ip_watch |
| 268 | WHERE ' . implode(' OR ', $ips) . ' |
| 269 | ORDER BY state DESC'); |
| 270 | if ($res->numRows()) { |
| 271 | $_SESSION['check_ip'] = $res->fetchOneCell(); |
| 272 | } else { |
| 273 | $_SESSION['check_ip'] = 'safe'; |
| 274 | } |
| 275 | } |
| 276 | $test = array(); |
| 277 | switch ($level) { |
| 278 | case 'unsafe': $test[] = 'unsafe'; |
| 279 | case 'dangerous': $test[] = 'dangerous'; |
| 280 | case 'ban': $test[] = 'ban'; break; |
| 281 | default: return false; |
| 282 | } |
| 283 | return in_array($_SESSION['check_ip'], $test); |
| 284 | } |
| 285 | |
| 286 | function check_email($email, $message) |
| 287 | { |
| 288 | $res = XDB::query("SELECT state, description |
| 289 | FROM emails_watch |
| 290 | WHERE state != 'safe' AND email = {?}", $email); |
| 291 | if ($res->numRows()) { |
| 292 | send_warning_mail($message); |
| 293 | return true; |
| 294 | } |
| 295 | return false; |
| 296 | } |
| 297 | |
| 298 | function check_account() |
| 299 | { |
| 300 | return S::v('watch_account'); |
| 301 | } |
| 302 | |
| 303 | function check_redirect($red = null) |
| 304 | { |
| 305 | require_once 'emails.inc.php'; |
| 306 | if (is_null($red)) { |
| 307 | $red = new Redirect(S::v('uid')); |
| 308 | } |
| 309 | $_SESSION['no_redirect'] = !$red->other_active(''); |
| 310 | $_SESSION['mx_failures'] = $red->get_broken_mx(); |
| 311 | } |
| 312 | |
| 313 | function send_warning_mail($title) |
| 314 | { |
| 315 | global $globals; |
| 316 | $mailer = new PlMailer(); |
| 317 | $mailer->setFrom("webmaster@" . $globals->mail->domain); |
| 318 | $mailer->addTo($globals->core->admin_email); |
| 319 | $mailer->setSubject("[Plat/al Security Alert] $title"); |
| 320 | $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n" |
| 321 | ."Identifiants de connexion :\n" . var_export($_SERVER, true)); |
| 322 | $mailer->send(); |
| 323 | } |
| 324 | |
| 325 | function kill_sessions() |
| 326 | { |
| 327 | assert(S::has_perms()); |
| 328 | shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh'); |
| 329 | } |
| 330 | |
| 331 | |
| 332 | /****************************************************************************** |
| 333 | * Dynamic configuration update/edition stuff |
| 334 | *****************************************************************************/ |
| 335 | |
| 336 | function update_NbIns() |
| 337 | { |
| 338 | global $globals; |
| 339 | $res = XDB::query("SELECT COUNT(*) |
| 340 | FROM auth_user_md5 |
| 341 | WHERE perms IN ('admin','user') AND deces=0"); |
| 342 | $cnt = $res->fetchOneCell(); |
| 343 | $globals->change_dynamic_config(array('NbIns' => $cnt)); |
| 344 | } |
| 345 | |
| 346 | function update_NbValid() |
| 347 | { |
| 348 | global $globals; |
| 349 | $res = XDB::query("SELECT COUNT(*) |
| 350 | FROM requests"); |
| 351 | $globals->change_dynamic_config(array('NbValid' => $res->fetchOneCell())); |
| 352 | } |
| 353 | |
| 354 | function update_NbNotifs() |
| 355 | { |
| 356 | require_once 'notifs.inc.php'; |
| 357 | $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false); |
| 358 | $_SESSION['notifs'] = $n->numRows(); |
| 359 | } |
| 360 | |
| 361 | // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: |
| 362 | ?> |