projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix accent sensitivity in autocompletion
[platal.git] / modules / platal.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2007 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 function bugize($list)
23 {
24 $list = split(',', $list);
25 $ans = array();
26
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
30 }
31
32 return join(',', $ans);
33 }
34
35
36 class PlatalModule extends PLModule
37 {
38 function handlers()
39 {
40 return array(
41 'index' => $this->make_hook('index', AUTH_PUBLIC),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
44
45 // Preferences thingies
46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
48 'prefs/webredirect'
49 => $this->make_hook('webredir', AUTH_MDP),
50 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
51
52 // password related thingies
53 'password' => $this->make_hook('password', AUTH_MDP),
54 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
55 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
57 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
58 'review' => $this->make_hook('review', AUTH_PUBLIC),
59 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
60 );
61 }
62
63 function handler_index(&$page)
64 {
65 if (S::logged()) {
66 pl_redirect('events');
67 } else if (!@$GLOBALS['IS_XNET_SITE']) {
68 pl_redirect('review');
69 }
70 }
71
72 function handler_cacert(&$page)
73 {
74 $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
75 header("Pragma:");
76 header("Set-Cookie:");
77 header("Cache-Control:");
78 header("Expires:");
79 header("Content-Type: application/x-x509-ca-cert");
80 header("Content-Length: ".strlen($data));
81 echo $data;
82 exit;
83 }
84
85 function handler_changelog(&$page)
86 {
87 $page->changeTpl('platal/changeLog.tpl');
88
89 $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
90 $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
91 // url catch only (not all wiki syntax)
92 $clog = preg_replace(array(
93 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
94 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
95 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
96 array(
97 '<a href="\\0">\\0</a>',
98 '\\1<a href="http://www.\\2">www.\\2</a>',
99 '<a href="mailto:\\0">\\0</a>'),
100 $clog);
101 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
102 $clog = preg_replace('!vim:.*$!', '', $clog);
103 $page->assign('ChangeLog', $clog);
104 }
105
106 function __set_rss_state($state)
107 {
108 if ($state) {
109 $_SESSION['core_rss_hash'] = rand_url_id(16);
110 XDB::execute('UPDATE auth_user_quick
111 SET core_rss_hash={?} WHERE user_id={?}',
112 S::v('core_rss_hash'), S::v('uid'));
113 } else {
114 XDB::execute('UPDATE auth_user_quick
115 SET core_rss_hash="" WHERE user_id={?}',
116 S::v('uid'));
117 S::kill('core_rss_hash');
118 }
119 }
120
121 function handler_prefs(&$page)
122 {
123 $page->changeTpl('platal/preferences.tpl');
124 $page->assign('xorg_title','Polytechnique.org - Mes préférences');
125
126 if (Post::has('mail_fmt')) {
127 $fmt = Post::v('mail_fmt');
128 if ($fmt != 'texte') $fmt = 'html';
129 XDB::execute("UPDATE auth_user_quick
130 SET core_mail_fmt = '$fmt'
131 WHERE user_id = {?}",
132 S::v('uid'));
133 $_SESSION['mail_fmt'] = $fmt;
134 }
135
136 if (Post::has('rss')) {
137 $this->__set_rss_state(Post::b('rss'));
138 }
139 }
140
141 function handler_webredir(&$page)
142 {
143 $page->changeTpl('platal/webredirect.tpl');
144
145 $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
146
147 $log =& S::v('log');
148 $url = Env::v('url');
149
150 if (Env::v('submit') == 'Valider' and Env::has('url')) {
151 XDB::execute('UPDATE auth_user_quick
152 SET redirecturl = {?} WHERE user_id = {?}',
153 $url, S::v('uid'));
154 $log->log('carva_add', 'http://'.Env::v('url'));
155 $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
156 } elseif (Env::v('submit') == "Supprimer") {
157 XDB::execute("UPDATE auth_user_quick
158 SET redirecturl = ''
159 WHERE user_id = {?}",
160 S::v('uid'));
161 $log->log("carva_del", $url);
162 Post::kill('url');
163 $page->trig('Redirection supprimée');
164 }
165
166 $res = XDB::query('SELECT redirecturl
167 FROM auth_user_quick
168 WHERE user_id = {?}',
169 S::v('uid'));
170 $page->assign('carva', $res->fetchOneCell());
171 }
172
173 function handler_prefs_rss(&$page)
174 {
175 $page->changeTpl('platal/filrss.tpl');
176
177 $page->assign('goback', Env::v('referer', 'login'));
178
179 if (Env::v('act_rss') == 'Activer') {
180 $this->__set_rss_state(true);
181 $page->trig("Ton Fil RSS est activé.");
182 }
183 }
184
185 function handler_password(&$page)
186 {
187 if (Post::has('response2')) {
188 require_once 'secure_hash.inc.php';
189
190 $_SESSION['password'] = $password = Post::v('response2');
191
192 XDB::execute('UPDATE auth_user_md5
193 SET password={?}
194 WHERE user_id={?}', $password,
195 S::v('uid'));
196
197 $log =& S::v('log');
198 $log->log('passwd', '');
199
200 if (Cookie::v('ORGaccess')) {
201 setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
202 }
203
204 $page->changeTpl('platal/motdepasse.success.tpl');
205 $page->run();
206 }
207
208 $page->changeTpl('platal/motdepasse.tpl');
209 $page->addJsLink('motdepasse.js');
210 $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
211 }
212
213 function handler_smtppass(&$page)
214 {
215 $page->changeTpl('platal/acces_smtp.tpl');
216 $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
217
218 require_once 'wiki.inc.php';
219 wiki_require_page('Xorg.SMTPSécurisé');
220 wiki_require_page('Xorg.NNTPSécurisé');
221
222 $uid = S::v('uid');
223 $pass = Env::v('smtppass1');
224 $log = S::v('log');
225
226 if (Env::v('op') == "Valider" && strlen($pass) >= 6
227 && Env::v('smtppass1') == Env::v('smtppass2'))
228 {
229 XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
230 WHERE user_id = {?}', $pass, $uid);
231 $page->trig('Mot de passe enregistré');
232 $log->log("passwd_ssl");
233 } elseif (Env::v('op') == "Supprimer") {
234 XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
235 WHERE user_id = {?}', $uid);
236 $page->trig('Compte SMTP et NNTP supprimé');
237 $log->log("passwd_del");
238 }
239
240 $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
241 FROM auth_user_md5
242 WHERE user_id = {?}", $uid);
243 $page->assign('actif', $res->fetchOneCell());
244 }
245
246 function handler_recovery(&$page)
247 {
248 global $globals;
249
250 $page->changeTpl('platal/recovery.tpl');
251
252 if (!Env::has('login') || !Env::has('birth')) {
253 return;
254 }
255
256 if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
257 $page->trig('Date de naissance incorrecte ou incohérente');
258 return;
259 }
260
261 $birth = sprintf('%s-%s-%s',
262 substr(Env::v('birth'), 4, 4),
263 substr(Env::v('birth'), 2, 2),
264 substr(Env::v('birth'), 0, 2));
265
266 $mailorg = strtok(Env::v('login'), '@');
267
268 // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
269 // avec celle fournie ici en espérant que c'est la bonne
270
271 $res = XDB::query(
272 "SELECT user_id, naissance
273 FROM auth_user_md5 AS u
274 INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
275 WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
276 list($uid, $naissance) = $res->fetchOneRow();
277
278 if ($naissance == $birth) {
279 $res = XDB::query("SELECT COUNT(*)
280 FROM emails
281 WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
282 $count = intval($res->fetchOneCell());
283 if ($count == 0) {
284 $page->assign('no_addr', true);
285 return;
286 }
287
288 $page->assign('ok', true);
289
290 $url = rand_url_id();
291 XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
292 VALUES ({?},{?},NOW())', $url, $uid);
293 $res = XDB::query('SELECT email
294 FROM emails
295 WHERE uid = {?} AND email = {?}',
296 $uid, Post::v('email'));
297 if ($res->numRows()) {
298 $mails = $res->fetchOneCell();
299 } else {
300 $res = XDB::query('SELECT email
301 FROM emails
302 WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
303 $mails = implode(', ', $res->fetchColumn());
304 }
305 $mymail = new PlMailer();
306 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
307 $mymail->addTo($mails);
308 $mymail->setSubject('Ton certificat d\'authentification');
309 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
310 {$globals->baseurl}/tmpPWD/$url
311
312 Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
313
314 --
315 Polytechnique.org
316 \"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
317
318 Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
319 Adresse de secours : " . Post::v('email') : ""));
320 $mymail->send();
321
322 // on cree un objet logger et on log l'evenement
323 $logger = $_SESSION['log'] = new CoreLogger($uid);
324 $logger->log('recovery', $mails);
325 } else {
326 $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
327 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
328 }
329 }
330
331 function handler_tmpPWD(&$page, $certif = null)
332 {
333 XDB::execute('DELETE FROM perte_pass
334 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
335
336 $res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
337 $ligne = $res->fetchOneAssoc();
338 if (!$ligne) {
339 $page->changeTpl('platal/index.tpl');
340 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
341 }
342
343 $uid = $ligne["uid"];
344 if (Post::has('response2')) {
345 $password = Post::v('response2');
346 $logger = new CoreLogger($uid);
347 XDB::query('UPDATE auth_user_md5 SET password={?}
348 WHERE user_id={?} AND perms IN("admin","user")',
349 $password, $uid);
350 XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
351 $logger->log("passwd","");
352 $page->changeTpl('platal/tmpPWD.success.tpl');
353 } else {
354 $page->changeTpl('platal/motdepasse.tpl');
355 $page->addJsLink('motdepasse.js');
356 }
357 }
358
359 function handler_skin(&$page)
360 {
361 global $globals;
362
363 $page->changeTpl('platal/skins.tpl');
364 $page->assign('xorg_title','Polytechnique.org - Skins');
365
366 if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
367 XDB::execute('UPDATE auth_user_quick
368 SET skin={?} WHERE user_id={?}',
369 Env::i('newskin'), S::v('uid'));
370 S::kill('skin');
371 set_skin();
372 }
373
374 $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
375 $page->assign('skin_id', $res->fetchOneCell());
376
377 $sql = "SELECT s.*,auteur,count(*) AS nb
378 FROM skins AS s
379 LEFT JOIN auth_user_quick AS a ON s.id=a.skin
380 WHERE skin_tpl != '' AND ext != ''
381 GROUP BY id ORDER BY s.date DESC";
382 $page->assign('skins', XDB::iterator($sql));
383 }
384
385 function handler_exit(&$page, $level = null)
386 {
387 if (S::has('suid')) {
388 $a4l = S::v('forlife');
389 $suid = S::v('suid');
390 $log = S::v('log');
391 $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
392 $_SESSION = $suid;
393 S::kill('suid');
394 pl_redirect('admin/user/' . $a4l);
395 }
396
397 if ($level == 'forget' || $level == 'forgetall') {
398 setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
399 Cookie::kill('ORGaccess');
400 if (isset($_SESSION['log']))
401 $_SESSION['log']->log("cookie_off");
402 }
403
404 if ($level == 'forgetuid' || $level == 'forgetall') {
405 setcookie('ORGuid', '', time() - 3600, '/', '', 0);
406 Cookie::kill('ORGuid');
407 setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
408 Cookie::kill('ORGdomain');
409 }
410
411 if (isset($_SESSION['log'])) {
412 $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
413 $_SESSION['log']->log('deconnexion',$ref);
414 }
415
416 XorgSession::destroy();
417
418 if (Get::has('redirect')) {
419 http_redirect(rawurldecode(Get::v('redirect')));
420 } else {
421 $page->changeTpl('platal/exit.tpl');
422 }
423 }
424
425 function handler_review(&$page, $action = null, $mode = null)
426 {
427 require_once 'wiki.inc.php';
428 require_once dirname(__FILE__) . '/platal/review.inc.php';
429 $dir = wiki_work_dir();
430 $dom = 'Review';
431 if (@$GLOBALS['IS_XNET_SITE']) {
432 $dom .= 'Xnet';
433 }
434 if (!is_dir($dir)) {
435 $page->kill("Impossible de trouver le wiki");
436 }
437 if (!file_exists($dir . '/' . $dom . '.Admin')) {
438 $page->kill("Impossible de trouver la page d'administration");
439 }
440 $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
441 $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
442 $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
443 foreach ($conf as $line) {
444 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
445 $wiz->addPage('ReviewPage', $list[0], $list[1]);
446 }
447 $wiz->apply($page, 'review', $action, $mode);
448 }
449 }
450
451 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
452 ?>
plat/al