2 /***************************************************************************
3 * Copyright (C) 2003-2007 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 function bugize($list)
24 $list = split(',', $list);
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
32 return join(',', $ans);
36 class PlatalModule
extends PLModule
41 'index' => $this->make_hook('index', AUTH_PUBLIC
),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC
),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC
),
45 // Preferences thingies
46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE
),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE
),
49 => $this->make_hook('webredir', AUTH_MDP
),
50 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE
),
52 // password related thingies
53 'password' => $this->make_hook('password', AUTH_MDP
),
54 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC
),
55 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP
),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC
),
57 'exit' => $this->make_hook('exit', AUTH_PUBLIC
),
58 'review' => $this->make_hook('review', AUTH_PUBLIC
),
59 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC
),
63 function handler_index(&$page)
66 pl_redirect('events');
67 } else if (!@$GLOBALS['IS_XNET_SITE']) {
68 pl_redirect('review');
72 function handler_cacert(&$page)
74 $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
76 header("Set-Cookie:");
77 header("Cache-Control:");
79 header("Content-Type: application/x-x509-ca-cert");
80 header("Content-Length: ".strlen($data));
85 function handler_changelog(&$page)
87 $page->changeTpl('platal/changeLog.tpl');
89 $clog = pl_entities(file_get_contents(dirname(__FILE__
).'/../ChangeLog'));
90 $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
91 // url catch only (not all wiki syntax)
92 $clog = preg_replace(array(
93 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
94 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
95 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
97 '<a href="\\0">\\0</a>',
98 '\\1<a href="http://www.\\2">www.\\2</a>',
99 '<a href="mailto:\\0">\\0</a>'),
101 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
102 $clog = preg_replace('!vim:.*$!', '', $clog);
103 $page->assign('ChangeLog', $clog);
106 function __set_rss_state($state)
109 $_SESSION['core_rss_hash'] = rand_url_id(16);
110 XDB
::execute('UPDATE auth_user_quick
111 SET core_rss_hash={?} WHERE user_id={?}',
112 S
::v('core_rss_hash'), S
::v('uid'));
114 XDB
::execute('UPDATE auth_user_quick
115 SET core_rss_hash="" WHERE user_id={?}',
117 S
::kill('core_rss_hash');
121 function handler_prefs(&$page)
123 $page->changeTpl('platal/preferences.tpl');
124 $page->assign('xorg_title','Polytechnique.org - Mes préférences');
126 if (Post
::has('mail_fmt')) {
127 $fmt = Post
::v('mail_fmt');
128 if ($fmt != 'texte') $fmt = 'html';
129 XDB
::execute("UPDATE auth_user_quick
130 SET core_mail_fmt = '$fmt'
131 WHERE user_id = {?}",
133 $_SESSION['mail_fmt'] = $fmt;
136 if (Post
::has('rss')) {
137 $this->__set_rss_state(Post
::b('rss'));
141 function handler_webredir(&$page)
143 $page->changeTpl('platal/webredirect.tpl');
145 $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
148 $url = Env
::v('url');
150 if (Env
::v('submit') == 'Valider' and Env
::has('url')) {
151 XDB
::execute('UPDATE auth_user_quick
152 SET redirecturl = {?} WHERE user_id = {?}',
154 $log->log('carva_add', 'http://'.Env
::v('url'));
155 $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
156 } elseif (Env
::v('submit') == "Supprimer") {
157 XDB
::execute("UPDATE auth_user_quick
159 WHERE user_id = {?}",
161 $log->log("carva_del", $url);
163 $page->trig('Redirection supprimée');
166 $res = XDB
::query('SELECT redirecturl
168 WHERE user_id = {?}',
170 $page->assign('carva', $res->fetchOneCell());
173 function handler_prefs_rss(&$page)
175 $page->changeTpl('platal/filrss.tpl');
177 $page->assign('goback', Env
::v('referer', 'login'));
179 if (Env
::v('act_rss') == 'Activer') {
180 $this->__set_rss_state(true
);
181 $page->trig("Ton Fil RSS est activé.");
185 function handler_password(&$page)
187 if (Post
::has('response2')) {
188 require_once 'secure_hash.inc.php';
190 $_SESSION['password'] = $password = Post
::v('response2');
192 XDB
::execute('UPDATE auth_user_md5
194 WHERE user_id={?}', $password,
198 $log->log('passwd', '');
200 if (Cookie
::v('ORGaccess')) {
201 setcookie('ORGaccess', hash_encrypt($password), (time()+
25920000), '/', '' ,0);
204 $page->changeTpl('platal/motdepasse.success.tpl');
208 $page->changeTpl('platal/motdepasse.tpl');
209 $page->addJsLink('motdepasse.js');
210 $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
213 function handler_smtppass(&$page)
215 $page->changeTpl('platal/acces_smtp.tpl');
216 $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
218 require_once 'wiki.inc.php';
219 wiki_require_page('Xorg.SMTPSécurisé');
220 wiki_require_page('Xorg.NNTPSécurisé');
223 $pass = Env
::v('smtppass1');
226 if (Env
::v('op') == "Valider" && strlen($pass) >= 6
227 && Env
::v('smtppass1') == Env
::v('smtppass2'))
229 XDB
::execute('UPDATE auth_user_md5 SET smtppass = {?}
230 WHERE user_id = {?}', $pass, $uid);
231 $page->trig('Mot de passe enregistré');
232 $log->log("passwd_ssl");
233 } elseif (Env
::v('op') == "Supprimer") {
234 XDB
::execute('UPDATE auth_user_md5 SET smtppass = ""
235 WHERE user_id = {?}', $uid);
236 $page->trig('Compte SMTP et NNTP supprimé');
237 $log->log("passwd_del");
240 $res = XDB
::query("SELECT IF(smtppass != '', 'actif', '')
242 WHERE user_id = {?}", $uid);
243 $page->assign('actif', $res->fetchOneCell());
246 function handler_recovery(&$page)
250 $page->changeTpl('platal/recovery.tpl');
252 if (!Env
::has('login') ||
!Env
::has('birth')) {
256 if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env
::v('birth'))) {
257 $page->trig('Date de naissance incorrecte ou incohérente');
261 $birth = sprintf('%s-%s-%s',
262 substr(Env
::v('birth'), 4, 4),
263 substr(Env
::v('birth'), 2, 2),
264 substr(Env
::v('birth'), 0, 2));
266 $mailorg = strtok(Env
::v('login'), '@');
268 // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
269 // avec celle fournie ici en espérant que c'est la bonne
272 "SELECT user_id, naissance
273 FROM auth_user_md5 AS u
274 INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
275 WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
276 list($uid, $naissance) = $res->fetchOneRow();
278 if ($naissance == $birth) {
279 $res = XDB
::query("SELECT COUNT(*)
281 WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
282 $count = intval($res->fetchOneCell());
284 $page->assign('no_addr', true
);
288 $page->assign('ok', true
);
290 $url = rand_url_id();
291 XDB
::execute('INSERT INTO perte_pass (certificat,uid,created)
292 VALUES ({?},{?},NOW())', $url, $uid);
293 $res = XDB
::query('SELECT email
295 WHERE uid = {?} AND email = {?}',
296 $uid, Post
::v('email'));
297 if ($res->numRows()) {
298 $mails = $res->fetchOneCell();
300 $res = XDB
::query('SELECT email
302 WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
303 $mails = implode(', ', $res->fetchColumn());
305 $mymail = new PlMailer();
306 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail
->domain
. '>');
307 $mymail->addTo($mails);
308 $mymail->setSubject('Ton certificat d\'authentification');
309 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
310 {$globals->baseurl}/tmpPWD/$url
312 Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
316 \"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
318 Mail envoyé à ".Env
::v('login') . (Post
::has('email') ?
"
319 Adresse de secours : " . Post
::v('email') : ""));
322 // on cree un objet logger et on log l'evenement
323 $logger = $_SESSION['log'] = new CoreLogger($uid);
324 $logger->log('recovery', $mails);
326 $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
327 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
331 function handler_tmpPWD(&$page, $certif = null
)
333 XDB
::execute('DELETE FROM perte_pass
334 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
336 $res = XDB
::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
337 $ligne = $res->fetchOneAssoc();
339 $page->changeTpl('platal/index.tpl');
340 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
343 $uid = $ligne["uid"];
344 if (Post
::has('response2')) {
345 $password = Post
::v('response2');
346 $logger = new CoreLogger($uid);
347 XDB
::query('UPDATE auth_user_md5 SET password={?}
348 WHERE user_id={?} AND perms IN("admin","user")',
350 XDB
::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
351 $logger->log("passwd","");
352 $page->changeTpl('platal/tmpPWD.success.tpl');
354 $page->changeTpl('platal/motdepasse.tpl');
355 $page->addJsLink('motdepasse.js');
359 function handler_skin(&$page)
363 $page->changeTpl('platal/skins.tpl');
364 $page->assign('xorg_title','Polytechnique.org - Skins');
366 if (Env
::has('newskin')) { // formulaire soumis, traitons les données envoyées
367 XDB
::execute('UPDATE auth_user_quick
368 SET skin={?} WHERE user_id={?}',
369 Env
::i('newskin'), S
::v('uid'));
374 $res = XDB
::query('SELECT id FROM skins WHERE skin_tpl={?}', S
::v('skin'));
375 $page->assign('skin_id', $res->fetchOneCell());
377 $sql = "SELECT s.*,auteur,count(*) AS nb
379 LEFT JOIN auth_user_quick AS a ON s.id=a.skin
380 WHERE skin_tpl != '' AND ext != ''
381 GROUP BY id ORDER BY s.date DESC";
382 $page->assign('skins', XDB
::iterator($sql));
385 function handler_exit(&$page, $level = null
)
387 if (S
::has('suid')) {
388 $a4l = S
::v('forlife');
389 $suid = S
::v('suid');
391 $log->log("suid_stop", S
::v('forlife') . " by " . $suid['forlife']);
394 pl_redirect('admin/user/' . $a4l);
397 if ($level == 'forget' ||
$level == 'forgetall') {
398 setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
399 Cookie
::kill('ORGaccess');
400 if (isset($_SESSION['log']))
401 $_SESSION['log']->log("cookie_off");
404 if ($level == 'forgetuid' ||
$level == 'forgetall') {
405 setcookie('ORGuid', '', time() - 3600, '/', '', 0);
406 Cookie
::kill('ORGuid');
407 setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
408 Cookie
::kill('ORGdomain');
411 if (isset($_SESSION['log'])) {
412 $ref = isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] : '';
413 $_SESSION['log']->log('deconnexion',$ref);
416 XorgSession
::destroy();
418 if (Get
::has('redirect')) {
419 http_redirect(rawurldecode(Get
::v('redirect')));
421 $page->changeTpl('platal/exit.tpl');
425 function handler_review(&$page, $action = null
, $mode = null
)
427 require_once 'wiki.inc.php';
428 require_once dirname(__FILE__
) . '/platal/review.inc.php';
429 $dir = wiki_work_dir();
431 if (@$GLOBALS['IS_XNET_SITE']) {
435 $page->kill("Impossible de trouver le wiki");
437 if (!file_exists($dir . '/' . $dom . '.Admin')) {
438 $page->kill("Impossible de trouver la page d'administration");
440 $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
441 $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY
);
442 $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true
);
443 foreach ($conf as $line) {
444 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY
);
445 $wiz->addPage('ReviewPage', $list[0], $list[1]);
447 $wiz->apply($page, 'review', $action, $mode);
451 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: