2 /***************************************************************************
3 * Copyright (C) 2003-2007 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 function bugize($list)
24 $list = split(',', $list);
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
32 return join(',', $ans);
36 class PlatalModule
extends PLModule
41 'index' => $this->make_hook('index', AUTH_PUBLIC
),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC
),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC
),
45 // Preferences thingies
46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE
),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE
),
49 => $this->make_hook('webredir', AUTH_MDP
),
50 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE
),
52 // password related thingies
53 'password' => $this->make_hook('password', AUTH_MDP
),
54 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC
),
55 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP
),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC
),
57 'exit' => $this->make_hook('exit', AUTH_PUBLIC
),
58 'review' => $this->make_hook('review', AUTH_PUBLIC
),
59 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC
),
63 function handler_index(&$page)
66 pl_redirect('events');
67 } else if (!@$GLOBALS['IS_XNET_SITE']) {
68 pl_redirect('review');
72 function handler_cacert(&$page)
74 $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
76 header("Set-Cookie:");
77 header("Cache-Control:");
79 header("Content-Type: application/x-x509-ca-cert");
80 header("Content-Length: ".strlen($data));
85 function handler_changelog(&$page)
87 $page->changeTpl('platal/changeLog.tpl');
89 $clog = pl_entities(file_get_contents(dirname(__FILE__
).'/../ChangeLog'));
90 // url catch only (not all wiki syntax)
91 $clog = preg_replace(array(
92 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
93 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
94 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
96 '<a href="\\0">\\0</a>',
97 '\\1<a href="http://www.\\2">www.\\2</a>',
98 '<a href="mailto:\\0">\\0</a>'),
100 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
101 $clog = preg_replace('!vim:.*$!', '', $clog);
102 $page->assign('ChangeLog', $clog);
105 function __set_rss_state($state)
108 $_SESSION['core_rss_hash'] = rand_url_id(16);
109 XDB
::execute('UPDATE auth_user_quick
110 SET core_rss_hash={?} WHERE user_id={?}',
111 S
::v('core_rss_hash'), S
::v('uid'));
113 XDB
::execute('UPDATE auth_user_quick
114 SET core_rss_hash="" WHERE user_id={?}',
116 S
::kill('core_rss_hash');
120 function handler_prefs(&$page)
122 $page->changeTpl('platal/preferences.tpl');
123 $page->assign('xorg_title','Polytechnique.org - Mes préférences');
125 if (Post
::has('mail_fmt')) {
126 $fmt = Post
::v('mail_fmt');
127 if ($fmt != 'texte') $fmt = 'html';
128 XDB
::execute("UPDATE auth_user_quick
129 SET core_mail_fmt = '$fmt'
130 WHERE user_id = {?}",
132 $_SESSION['mail_fmt'] = $fmt;
135 if (Post
::has('rss')) {
136 $this->__set_rss_state(Post
::b('rss'));
140 function handler_webredir(&$page)
142 $page->changeTpl('platal/webredirect.tpl');
144 $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
147 $url = Env
::v('url');
149 if (Env
::v('submit') == 'Valider' and Env
::has('url')) {
150 XDB
::execute('UPDATE auth_user_quick
151 SET redirecturl = {?} WHERE user_id = {?}',
153 $log->log('carva_add', 'http://'.Env
::v('url'));
154 $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
155 } elseif (Env
::v('submit') == "Supprimer") {
156 XDB
::execute("UPDATE auth_user_quick
158 WHERE user_id = {?}",
160 $log->log("carva_del", $url);
162 $page->trig('Redirection supprimée');
165 $res = XDB
::query('SELECT redirecturl
167 WHERE user_id = {?}',
169 $page->assign('carva', $res->fetchOneCell());
172 function handler_prefs_rss(&$page)
174 $page->changeTpl('platal/filrss.tpl');
176 $page->assign('goback', Env
::v('referer', 'login'));
178 if (Env
::v('act_rss') == 'Activer') {
179 $this->__set_rss_state(true
);
180 $page->trig("Ton Fil RSS est activé.");
184 function handler_password(&$page)
186 if (Post
::has('response2')) {
187 require_once 'secure_hash.inc.php';
189 $_SESSION['password'] = $password = Post
::v('response2');
191 XDB
::execute('UPDATE auth_user_md5
193 WHERE user_id={?}', $password,
197 $log->log('passwd', '');
199 if (Cookie
::v('ORGaccess')) {
200 setcookie('ORGaccess', hash_encrypt($password), (time()+
25920000), '/', '' ,0);
203 $page->changeTpl('platal/motdepasse.success.tpl');
207 $page->changeTpl('platal/motdepasse.tpl');
208 $page->addJsLink('motdepasse.js');
209 $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
212 function handler_smtppass(&$page)
214 $page->changeTpl('platal/acces_smtp.tpl');
215 $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
217 require_once 'wiki.inc.php';
218 wiki_require_page('Xorg.SMTPSécurisé');
219 wiki_require_page('Xorg.NNTPSécurisé');
222 $pass = Env
::v('smtppass1');
225 if (Env
::v('op') == "Valider" && strlen($pass) >= 6
226 && Env
::v('smtppass1') == Env
::v('smtppass2'))
228 XDB
::execute('UPDATE auth_user_md5 SET smtppass = {?}
229 WHERE user_id = {?}', $pass, $uid);
230 $page->trig('Mot de passe enregistré');
231 $log->log("passwd_ssl");
232 } elseif (Env
::v('op') == "Supprimer") {
233 XDB
::execute('UPDATE auth_user_md5 SET smtppass = ""
234 WHERE user_id = {?}', $uid);
235 $page->trig('Compte SMTP et NNTP supprimé');
236 $log->log("passwd_del");
239 $res = XDB
::query("SELECT IF(smtppass != '', 'actif', '')
241 WHERE user_id = {?}", $uid);
242 $page->assign('actif', $res->fetchOneCell());
245 function handler_recovery(&$page)
249 $page->changeTpl('platal/recovery.tpl');
251 if (!Env
::has('login') ||
!Env
::has('birth')) {
255 if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env
::v('birth'))) {
256 $page->trig('Date de naissance incorrecte ou incohérente');
260 $birth = sprintf('%s-%s-%s',
261 substr(Env
::v('birth'), 4, 4),
262 substr(Env
::v('birth'), 2, 2),
263 substr(Env
::v('birth'), 0, 2));
265 $mailorg = strtok(Env
::v('login'), '@');
267 // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
268 // avec celle fournie ici en espérant que c'est la bonne
271 "SELECT user_id, naissance
272 FROM auth_user_md5 AS u
273 INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
274 WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
275 list($uid, $naissance) = $res->fetchOneRow();
277 if ($naissance == $birth) {
278 $res = XDB
::query("SELECT COUNT(*)
280 WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
281 $count = intval($res->fetchOneCell());
283 $page->assign('no_addr', true
);
287 $page->assign('ok', true
);
289 $url = rand_url_id();
290 XDB
::execute('INSERT INTO perte_pass (certificat,uid,created)
291 VALUES ({?},{?},NOW())', $url, $uid);
292 $res = XDB
::query('SELECT email
294 WHERE uid = {?} AND email = {?}',
295 $uid, Post
::v('email'));
296 if ($res->numRows()) {
297 $mails = $res->fetchOneCell();
299 $res = XDB
::query('SELECT email
301 WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
302 $mails = implode(', ', $res->fetchColumn());
304 $mymail = new PlMailer();
305 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail
->domain
. '>');
306 $mymail->addTo($mails);
307 $mymail->setSubject('Ton certificat d\'authentification');
308 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
309 {$globals->baseurl}/tmpPWD/$url
311 Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
315 \"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
317 Mail envoyé à ".Env
::v('login') . (Post
::has('email') ?
"
318 Adresse de secours : " . Post
::v('email') : ""));
321 // on cree un objet logger et on log l'evenement
322 $logger = $_SESSION['log'] = new CoreLogger($uid);
323 $logger->log('recovery', $mails);
325 $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
326 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
330 function handler_tmpPWD(&$page, $certif = null
)
332 XDB
::execute('DELETE FROM perte_pass
333 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
335 $res = XDB
::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
336 $ligne = $res->fetchOneAssoc();
338 $page->changeTpl('platal/index.tpl');
339 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
342 $uid = $ligne["uid"];
343 if (Post
::has('response2')) {
344 $password = Post
::v('response2');
345 $logger = new CoreLogger($uid);
346 XDB
::query('UPDATE auth_user_md5 SET password={?}
347 WHERE user_id={?} AND perms IN("admin","user")',
349 XDB
::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
350 $logger->log("passwd","");
351 $page->changeTpl('platal/tmpPWD.success.tpl');
353 $page->changeTpl('platal/motdepasse.tpl');
354 $page->addJsLink('motdepasse.js');
358 function handler_skin(&$page)
362 $page->changeTpl('platal/skins.tpl');
363 $page->assign('xorg_title','Polytechnique.org - Skins');
365 if (Env
::has('newskin')) { // formulaire soumis, traitons les données envoyées
366 XDB
::execute('UPDATE auth_user_quick
367 SET skin={?} WHERE user_id={?}',
368 Env
::i('newskin'), S
::v('uid'));
373 $res = XDB
::query('SELECT id FROM skins WHERE skin_tpl={?}', S
::v('skin'));
374 $page->assign('skin_id', $res->fetchOneCell());
376 $sql = "SELECT s.*,auteur,count(*) AS nb
378 LEFT JOIN auth_user_quick AS a ON s.id=a.skin
379 WHERE skin_tpl != '' AND ext != ''
380 GROUP BY id ORDER BY s.date DESC";
381 $page->assign('skins', XDB
::iterator($sql));
384 function handler_exit(&$page, $level = null
)
386 if (S
::has('suid')) {
387 $a4l = S
::v('forlife');
388 $suid = S
::v('suid');
390 $log->log("suid_stop", S
::v('forlife') . " by " . $suid['forlife']);
393 pl_redirect('admin/user/' . $a4l);
396 if ($level == 'forget' ||
$level == 'forgetall') {
397 setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
398 Cookie
::kill('ORGaccess');
399 if (isset($_SESSION['log']))
400 $_SESSION['log']->log("cookie_off");
403 if ($level == 'forgetuid' ||
$level == 'forgetall') {
404 setcookie('ORGuid', '', time() - 3600, '/', '', 0);
405 Cookie
::kill('ORGuid');
406 setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
407 Cookie
::kill('ORGdomain');
410 if (isset($_SESSION['log'])) {
411 $ref = isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] : '';
412 $_SESSION['log']->log('deconnexion',$ref);
415 XorgSession
::destroy();
417 if (Get
::has('redirect')) {
418 http_redirect(rawurldecode(Get
::v('redirect')));
420 $page->changeTpl('platal/exit.tpl');
424 function handler_review(&$page, $action = null
, $mode = null
)
426 require_once 'wiki.inc.php';
427 require_once dirname(__FILE__
) . '/platal/review.inc.php';
428 $dir = wiki_work_dir();
430 if (@$GLOBALS['IS_XNET_SITE']) {
434 $page->kill("Impossible de trouver le wiki");
436 if (!file_exists($dir . '/' . $dom . '.Admin')) {
437 $page->kill("Impossible de trouver la page d'administration");
439 $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
440 $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY
);
441 $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true
);
442 foreach ($conf as $line) {
443 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY
);
444 $wiz->addPage('ReviewPage', $list[0], $list[1]);
446 $wiz->apply($page, 'review', $action, $mode);
450 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: