include/xorg.misc.inc.php

   1 <?php
   2 /***************************************************************************
   3  *  Copyright (C) 2003-2008 Polytechnique.org                              *
   4  *  http://opensource.polytechnique.org/                                   *
   5  *                                                                         *
   6  *  This program is free software; you can redistribute it and/or modify   *
   7  *  it under the terms of the GNU General Public License as published by   *
   8  *  the Free Software Foundation; either version 2 of the License, or      *
   9  *  (at your option) any later version.                                    *
  10  *                                                                         *
  11  *  This program is distributed in the hope that it will be useful,        *
  12  *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
  13  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
  14  *  GNU General Public License for more details.                           *
  15  *                                                                         *
  16  *  You should have received a copy of the GNU General Public License      *
  17  *  along with this program; if not, write to the Free Software            *
  18  *  Foundation, Inc.,                                                      *
  19  *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
  20  ***************************************************************************/
  21
  22 function quoted_printable_encode($input, $line_max = 76)
  23 {
  24     $lines = preg_split("/(?:\r\n|\r|\n)/", $input);
  25     $eol = "\n";
  26     $linebreak = "=0D=0A=\n    ";
  27     $escape = "=";
  28     $output = "";
  29
  30     foreach ($lines as $j => $line) {
  31         $linlen = strlen($line);
  32         $newline = "";
  33         for($i = 0; $i < $linlen; $i++) {
  34             $c = $line{$i};
  35             $dec = ord($c);
  36             if ( ($dec == 32) && ($i == ($linlen - 1)) ) {
  37                 // convert space at eol only
  38                 $c = "=20";
  39             } elseif ( ($dec == 61) || ($dec < 32 ) || ($dec > 126) ) {
  40                 // always encode "\t", which is *not* required
  41                 $c = $escape.strtoupper(sprintf("%02x",$dec));
  42             }
  43             if ( (strlen($newline) + strlen($c)) >= $line_max ) { // CRLF is not counted
  44                 $output .= $newline.$escape.$eol;
  45                 $newline = "    ";
  46             }
  47             $newline .= $c;
  48         } // end of for
  49         $output .= $newline;
  50         if ($j<count($lines)-1) $output .= $linebreak;
  51     }
  52     return trim($output);
  53 }
  54
  55 /** vérifie si une adresse email convient comme adresse de redirection
  56  * @param $email l'adresse email a verifier
  57  * @return BOOL
  58  */
  59 function isvalid_email_redirection($email)
  60 {
  61     return isvalid_email($email) &&
  62         !preg_match("/@(polytechnique\.(org|edu)|melix\.(org|net)|m4x\.org)$/", $email);
  63 }
  64
  65 /** genere une chaine aleatoire de 22 caracteres ou moins
  66  * @param $len longueur souhaitée, 22 par défaut
  67  * @return la chaine aleatoire qui contient les caractères [A-Za-z0-9+/]
  68  */
  69 function rand_token($len = 22)
  70 {
  71     $len = max(2, $len);
  72     $len = min(50, $len);
  73     $fp = fopen('/dev/urandom', 'r');
  74     // $len * 2 is certainly an overkill,
  75     // but HEY, reading 40 bytes from /dev/urandom is not that slow !
  76     $token = fread($fp, $len * 2);
  77     fclose($fp);
  78     $token = base64_encode($token);
  79     $token = preg_replace("![Il10O+/]!", "", $token);
  80     $token = substr($token,0,$len);
  81     return $token;
  82 }
  83
  84 /** genere une chaine aleatoire convenable pour une url
  85  * @param $len longueur souhaitée, 22 par défaut
  86  * @return la chaine aleatoire
  87  */
  88 function rand_url_id($len = 22)
  89 {
  90     return rand_token($len);
  91 }
  92
  93
  94 /** genere une chaine aleatoire convenable pour un mot de passe
  95  * @return la chaine aleatoire
  96  */
  97 function rand_pass()
  98 {
  99     return rand_token(8);
 100 }
 101
 102 /** Remove accent from a string and replace them by the nearest letter
 103  */
 104 global $lc_convert, $uc_convert;
 105 $lc_convert = array('é' => 'e', 'è' => 'e', 'ë' => 'e', 'ê' => 'e',
 106     'á' => 'a', 'à' => 'a', 'ä' => 'a', 'â' => 'a', 'å' => 'a', 'ã' => 'a',
 107     'ï' => 'i', 'î' => 'i', 'ì' => 'i', 'í' => 'i',
 108     'ô' => 'o', 'ö' => 'o', 'ò' => 'o', 'ó' => 'o', 'õ' => 'o', 'ø' => 'o',
 109     'ú' => 'u', 'ù' => 'u', 'û' => 'u', 'ü' => 'u',
 110     'ç' => 'c', 'ñ' => 'n');
 111 $uc_convert = array('É' => 'E', 'È' => 'E', 'Ë' => 'E', 'Ê' => 'E',
 112     'Á' => 'A', 'À' => 'A', 'Ä' => 'A', 'Â' => 'A', 'Å' => 'A', 'Ã' => 'A',
 113     'Ï' => 'I', 'Î' => 'I', 'Ì' => 'I', 'Í' => 'I',
 114     'Ô' => 'O', 'Ö' => 'O', 'Ò' => 'O', 'Ó' => 'O', 'Õ' => 'O', 'Ø' => 'O',
 115     'Ú' => 'U', 'Ù' => 'U', 'Û' => 'U', 'Ü' => 'U',
 116     'Ç' => 'C', 'Ñ' => 'N');
 117
 118 function replace_accent($string)
 119 {
 120     global $lc_convert, $uc_convert;
 121     $string = strtr($string, $lc_convert);
 122     return strtr($string, $uc_convert);
 123 }
 124
 125 /** creates a username from a first and last name
 126  *
 127  * @param $prenom the firstname
 128  * @param $nom the last name
 129  *
 130  * return STRING the corresponding username
 131  */
 132 function make_username($prenom,$nom)
 133 {
 134     /* on traite le prenom */
 135     $prenomUS=replace_accent(trim($prenom));
 136     $prenomUS=stripslashes($prenomUS);
 137
 138     /* on traite le nom */
 139     $nomUS=replace_accent(trim($nom));
 140     $nomUS=stripslashes($nomUS);
 141
 142     // calcul du login
 143     $username = strtolower($prenomUS.".".$nomUS);
 144     $username = str_replace(" ","-",$username);
 145     $username = str_replace("'","",$username);
 146     return $username;
 147 }
 148
 149 /* Un soundex en français posté par Frédéric Bouchery
 150    Voici une adaptation en PHP de la fonction soundex2 francisée de Frédéric BROUARD (http://sqlpro.developpez.com/Soundex/).
 151    C'est une bonne démonstration de la force des expressions régulières compatible Perl.
 152 trouvé sur http://expreg.com/voirsource.php?id=40&type=Chaines%20de%20caract%E8res */
 153 function soundex_fr($sIn)
 154 {
 155     static $convVIn, $convVOut, $convGuIn, $convGuOut, $accents;
 156     if (!isset($convGuIn)) {
 157         global $uc_convert, $lc_convert;
 158         $convGuIn  = array( 'GUI', 'GUE', 'GA', 'GO', 'GU', 'SCI', 'SCE', 'SC', 'CA', 'CO',
 159                             'CU', 'QU', 'Q', 'CC', 'CK', 'G', 'ST', 'PH');
 160         $convGuOut = array( 'KI', 'KE', 'KA', 'KO', 'K', 'SI', 'SE', 'SK', 'KA', 'KO',
 161                             'KU', 'K', 'K', 'K', 'K', 'J', 'T', 'F');
 162         $convVIn   = array( '/E?(AU)/', '/([EA])?[UI]([NM])([^EAIOUY]|$)/', '/[AE]O?[NM]([^AEIOUY]|$)/',
 163             '/[EA][IY]([NM]?[^NM]|$)/', '/(^|[^OEUIA])(OEU|OE|EU)([^OEUIA]|$)/', '/OI/',
 164             '/(ILLE?|I)/', '/O(U|W)/', '/O[NM]($|[^EAOUIY])/', '/(SC|S|C)H/',
 165             '/([^AEIOUY1])[^AEIOUYLKTPNR]([UAO])([^AEIOUY])/', '/([^AEIOUY]|^)([AUO])[^AEIOUYLKTP]([^AEIOUY1])/', '/^KN/',
 166             '/^PF/', '/C([^AEIOUY]|$)/',
 167             '/C/', '/Z$/', '/(?<!^)Z+/', '/ER$/', '/H/', '/W/');
 168         $convVOut  = array( 'O', '1\3', 'A\1',
 169             'E\1', '\1E\3', 'O',
 170             'Y', 'U', 'O\1', '9',
 171             '\1\2\3', '\1\2\3', 'N',
 172             'F', 'K\1',
 173             'S', 'SE', 'S', 'E', '', 'V');
 174         $accents = $uc_convert + $lc_convert;
 175         $accents['Ç'] = 'S';
 176         $accents['¿'] = 'E';
 177     }
 178     // Si il n'y a pas de mot, on sort immédiatement
 179     if ( $sIn === '' ) return '    ';
 180     // On supprime les accents
 181     $sIn = strtr( $sIn, $accents);
 182     // On met tout en minuscule
 183     $sIn = strtoupper( $sIn );
 184     // On supprime tout ce qui n'est pas une lettre
 185     $sIn = preg_replace( '`[^A-Z]`', '', $sIn );
 186     // Si la chaîne ne fait qu'un seul caractère, on sort avec.
 187     if ( strlen( $sIn ) === 1 ) return $sIn . '   ';
 188     // on remplace les consonnances primaires
 189     $sIn = str_replace( $convGuIn, $convGuOut, $sIn );
 190     // on supprime les lettres répétitives
 191     $sIn = preg_replace( '`(.)\1`', '$1', $sIn );
 192     // on réinterprète les voyelles
 193     $sIn = preg_replace( $convVIn, $convVOut, $sIn);
 194     // on supprime les terminaisons T, D, S, X (et le L qui précède si existe)
 195     $sIn = preg_replace( '`L?[TDX]S?$`', '', $sIn );
 196     // on supprime les E, A et Y qui ne sont pas en première position
 197     $sIn = preg_replace( '`(?!^)Y([^AEOU]|$)`', '\1', $sIn);
 198     $sIn = preg_replace( '`(?!^)[EA]`', '', $sIn);
 199     return substr( $sIn . '    ', 0, 4);
 200 }
 201
 202 /** met les majuscules au debut de chaque atome du prénom
 203  * @param $prenom le prénom à formater
 204  * return STRING le prénom avec les majuscules
 205  */
 206 function make_firstname_case($prenom)
 207 {
 208     $prenom = strtolower($prenom);
 209     $pieces = explode('-',$prenom);
 210
 211     foreach ($pieces as $piece) {
 212         $subpieces = explode("'",$piece);
 213         $usubpieces="";
 214         foreach ($subpieces as $subpiece)
 215             $usubpieces[] = ucwords($subpiece);
 216         $upieces[] = implode("'",$usubpieces);
 217     }
 218     return implode('-',$upieces);
 219 }
 220
 221
 222 function make_forlife($prenom, $nom, $promo)
 223 {
 224     $prenomUS = replace_accent(trim($prenom));
 225     $nomUS    = replace_accent(trim($nom));
 226
 227     $forlife = strtolower($prenomUS.".".$nomUS.".".$promo);
 228     $forlife = str_replace(" ","-",$forlife);
 229     $forlife = str_replace("'","",$forlife);
 230     return $forlife;
 231 }
 232
 233 /** Convert ip to uint (to store it in a database)
 234  */
 235 function ip_to_uint($ip)
 236 {
 237     $part = explode('.', $ip);
 238     $v = 0;
 239     $fact = 0x1000000;
 240     for ($i = 0 ; $i < 4 ; ++$i) {
 241         $v += $fact * $part[$i];
 242         $fact >>= 8;
 243     }
 244     return $v;
 245 }
 246
 247 /** Convert uint to ip (to build a human understandable ip)
 248  */
 249 function uint_to_ip($uint)
 250 {
 251     return long2ip($uint);
 252 }
 253
 254
 255 /******************************************************************************
 256  * Security functions
 257  *****************************************************************************/
 258
 259 function check_ip($level)
 260 {
 261     if (empty($_SERVER['REMOTE_ADDR'])) {
 262         return false;
 263     }
 264     if (empty($_SESSION['check_ip'])) {
 265         $ips = array();
 266         if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
 267             $ips = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
 268         }
 269         $ips[] = $_SERVER['REMOTE_ADDR'];
 270         foreach ($ips as &$ip) {
 271             $ip = '(ip & mask) = (' . ip_to_uint($ip) . '& mask)';
 272         }
 273         $res = XDB::query('SELECT  state, description
 274                              FROM  ip_watch
 275                             WHERE  ' . implode(' OR ', $ips) . '
 276                          ORDER BY  state DESC');
 277         if ($res->numRows()) {
 278             $state = $res->fetchOneAssoc();
 279             $_SESSION['check_ip'] = $state['state'];
 280             $_SESSION['check_ip_desc'] = $state['description'];
 281         } else {
 282             $_SESSION['check_ip'] = 'safe';
 283         }
 284     }
 285     $test = array();
 286     switch ($level) {
 287       case 'unsafe': $test[] = 'unsafe';
 288       case 'dangerous': $test[] = 'dangerous';
 289       case 'ban': $test[] = 'ban'; break;
 290       default: return false;
 291     }
 292     return in_array($_SESSION['check_ip'], $test);
 293 }
 294
 295 function check_email($email, $message)
 296 {
 297     $res = XDB::query("SELECT state, description
 298         FROM emails_watch
 299         WHERE state != 'safe' AND email = {?}", $email);
 300     if ($res->numRows()) {
 301         send_warning_mail($message);
 302         return true;
 303     }
 304     return false;
 305 }
 306
 307 function check_account()
 308 {
 309     return S::v('watch_account');
 310 }
 311
 312 function check_redirect($red = null)
 313 {
 314     require_once 'emails.inc.php';
 315     if (is_null($red)) {
 316         $red = new Redirect(S::v('uid'));
 317     }
 318     if ($red->get_uid() == S::v('uid')) {
 319         $_SESSION['no_redirect'] = !$red->other_active('');
 320         $_SESSION['mx_failures'] = $red->get_broken_mx();
 321     }
 322 }
 323
 324 function send_warning_mail($title)
 325 {
 326     global $globals;
 327     $mailer = new PlMailer();
 328     $mailer->setFrom("webmaster@" . $globals->mail->domain);
 329     $mailer->addTo($globals->core->admin_email);
 330     $mailer->setSubject("[Plat/al Security Alert] $title");
 331     $mailer->setTxtBody("Identifiants de session :\n" . var_export($_SESSION, true) . "\n\n"
 332         ."Identifiants de connexion :\n" . var_export($_SERVER, true));
 333     $mailer->send();
 334 }
 335
 336 function kill_sessions()
 337 {
 338     assert(S::has_perms());
 339     shell_exec('sudo -u root ' . dirname(dirname(__FILE__)) . '/bin/kill_sessions.sh');
 340 }
 341
 342
 343 /******************************************************************************
 344  * Dynamic configuration update/edition stuff
 345  *****************************************************************************/
 346
 347 function update_NbIns()
 348 {
 349     global $globals;
 350     $res = XDB::query("SELECT  COUNT(*)
 351                          FROM  auth_user_md5
 352                         WHERE  perms IN ('admin','user') AND deces=0");
 353     $cnt = $res->fetchOneCell();
 354     $globals->change_dynamic_config(array('NbIns' => $cnt));
 355 }
 356
 357 function update_NbValid()
 358 {
 359     global $globals;
 360     $res = XDB::query("SELECT  COUNT(*)
 361                          FROM  requests");
 362     $globals->change_dynamic_config(array('NbValid' => $res->fetchOneCell()));
 363 }
 364
 365 function update_NbNotifs()
 366 {
 367     require_once 'notifs.inc.php';
 368     $n = select_notifs(false, S::i('uid'), S::v('watch_last'), false);
 369     $_SESSION['notifs'] = $n->numRows();
 370 }
 371
 372 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 373 ?>