a58398b03afe68a32fb9cebe4ab7462eca918248
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
22 function bugize($list)
24 $list = split(',', $list);
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
32 return join(',', $ans);
36 class PlatalModule
extends PLModule
41 'index' => $this->make_hook('index', AUTH_PUBLIC
),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC
),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC
),
45 // Preferences thingies
46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE
),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE
),
49 => $this->make_hook('webredir', AUTH_MDP
),
50 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE
),
52 // password related thingies
53 'password' => $this->make_hook('password', AUTH_MDP
),
54 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC
),
55 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP
),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC
),
57 'exit' => $this->make_hook('exit', AUTH_PUBLIC
),
58 'review' => $this->make_hook('review', AUTH_PUBLIC
),
59 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC
),
63 function handler_index(&$page)
66 pl_redirect('events');
67 } else if (!@$GLOBALS['IS_XNET_SITE']) {
68 pl_redirect('review');
72 function handler_cacert(&$page)
74 $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
76 header("Set-Cookie:");
77 header("Cache-Control:");
79 header("Content-Type: application/x-x509-ca-cert");
80 header("Content-Length: ".strlen($data));
85 function handler_changelog(&$page)
87 $page->changeTpl('platal/changeLog.tpl');
89 $clog = pl_entities(file_get_contents(dirname(__FILE__
).'/../ChangeLog'));
90 $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
91 // url catch only (not all wiki syntax)
92 $clog = preg_replace(array(
93 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
94 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
95 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
97 '<a href="\\0">\\0</a>',
98 '\\1<a href="http://www.\\2">www.\\2</a>',
99 '<a href="mailto:\\0">\\0</a>'),
101 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
102 $clog = preg_replace('!vim:.*$!', '', $clog);
103 $clog = preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
104 $page->assign('ChangeLog', $clog);
107 function __set_rss_state($state)
110 $_SESSION['core_rss_hash'] = rand_url_id(16);
111 XDB
::execute('UPDATE auth_user_quick
112 SET core_rss_hash={?} WHERE user_id={?}',
113 S
::v('core_rss_hash'), S
::v('uid'));
115 XDB
::execute('UPDATE auth_user_quick
116 SET core_rss_hash="" WHERE user_id={?}',
118 S
::kill('core_rss_hash');
122 function handler_prefs(&$page)
124 $page->changeTpl('platal/preferences.tpl');
125 $page->assign('xorg_title','Polytechnique.org - Mes préférences');
127 if (Post
::has('mail_fmt')) {
128 $fmt = Post
::v('mail_fmt');
129 if ($fmt != 'texte') $fmt = 'html';
130 XDB
::execute("UPDATE auth_user_quick
131 SET core_mail_fmt = '$fmt'
132 WHERE user_id = {?}",
134 $_SESSION['mail_fmt'] = $fmt;
137 if (Post
::has('rss')) {
138 $this->__set_rss_state(Post
::b('rss'));
142 function handler_webredir(&$page)
144 $page->changeTpl('platal/webredirect.tpl');
146 $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
149 $url = Env
::v('url');
151 if (Env
::v('submit') == 'Valider' and Env
::has('url')) {
152 XDB
::execute('UPDATE auth_user_quick
153 SET redirecturl = {?} WHERE user_id = {?}',
155 $log->log('carva_add', 'http://'.Env
::v('url'));
156 $page->trig("Redirection activée vers <a href='http://$url'>$url</a>");
157 } elseif (Env
::v('submit') == "Supprimer") {
158 XDB
::execute("UPDATE auth_user_quick
160 WHERE user_id = {?}",
162 $log->log("carva_del", $url);
164 $page->trig('Redirection supprimée');
167 $res = XDB
::query('SELECT redirecturl
169 WHERE user_id = {?}',
171 $page->assign('carva', $res->fetchOneCell());
174 function handler_prefs_rss(&$page)
176 $page->changeTpl('platal/filrss.tpl');
178 $page->assign('goback', Env
::v('referer', 'login'));
180 if (Env
::v('act_rss') == 'Activer') {
181 $this->__set_rss_state(true
);
182 $page->trig("Ton Fil RSS est activé.");
186 function handler_password(&$page)
190 if (Post
::has('response2') && Session
::has_xsrf_token()) {
191 require_once 'secure_hash.inc.php';
193 $_SESSION['password'] = $password = Post
::v('response2');
195 XDB
::execute('UPDATE auth_user_md5
197 WHERE user_id={?}', $password,
200 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
201 // updates the Google Apps password as well.
202 if ($globals->mailstorage
->googleapps_domain
) {
203 require_once 'googleapps.inc.php';
204 $account = new GoogleAppsAccount(S
::v('uid'), S
::v('forlife'));
205 if ($account->active() && $account->sync_password
) {
206 $account->set_password($password);
211 $log->log('passwd', '');
213 if (Cookie
::v('ORGaccess')) {
214 setcookie('ORGaccess', hash_encrypt($password), (time()+
25920000), '/', '' ,0);
217 $page->changeTpl('platal/motdepasse.success.tpl');
219 } else if (Post
::has('response2')) {
220 $page->trig('Le changement de ton mot de passe a échoué, merci de réessayer.');
223 $page->changeTpl('platal/motdepasse.tpl');
224 $page->addJsLink('motdepasse.js');
225 $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
228 function handler_smtppass(&$page)
230 $page->changeTpl('platal/acces_smtp.tpl');
231 $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
233 require_once 'wiki.inc.php';
234 wiki_require_page('Xorg.SMTPSécurisé');
235 wiki_require_page('Xorg.NNTPSécurisé');
238 $pass = Env
::v('smtppass1');
241 if (Env
::v('op') == "Valider" && strlen($pass) >= 6
242 && Env
::v('smtppass1') == Env
::v('smtppass2'))
244 XDB
::execute('UPDATE auth_user_md5 SET smtppass = {?}
245 WHERE user_id = {?}', $pass, $uid);
246 $page->trig('Mot de passe enregistré');
247 $log->log("passwd_ssl");
248 } elseif (Env
::v('op') == "Supprimer") {
249 XDB
::execute('UPDATE auth_user_md5 SET smtppass = ""
250 WHERE user_id = {?}', $uid);
251 $page->trig('Compte SMTP et NNTP supprimé');
252 $log->log("passwd_del");
255 $res = XDB
::query("SELECT IF(smtppass != '', 'actif', '')
257 WHERE user_id = {?}", $uid);
258 $page->assign('actif', $res->fetchOneCell());
261 function handler_recovery(&$page)
265 $page->changeTpl('platal/recovery.tpl');
267 if (!Env
::has('login') ||
!Env
::has('birth')) {
271 if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env
::v('birth'))) {
272 $page->trig('Date de naissance incorrecte ou incohérente');
276 $birth = sprintf('%s-%s-%s',
277 substr(Env
::v('birth'), 4, 4),
278 substr(Env
::v('birth'), 2, 2),
279 substr(Env
::v('birth'), 0, 2));
281 $mailorg = strtok(Env
::v('login'), '@');
283 // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
284 // avec celle fournie ici en espérant que c'est la bonne
287 "SELECT user_id, naissance
288 FROM auth_user_md5 AS u
289 INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
290 WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
291 list($uid, $naissance) = $res->fetchOneRow();
293 if ($naissance == $birth) {
294 $res = XDB
::query("SELECT COUNT(*)
296 WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
297 $count = intval($res->fetchOneCell());
299 $page->assign('no_addr', true
);
303 $page->assign('ok', true
);
305 $url = rand_url_id();
306 XDB
::execute('INSERT INTO perte_pass (certificat,uid,created)
307 VALUES ({?},{?},NOW())', $url, $uid);
308 $res = XDB
::query('SELECT email
310 WHERE uid = {?} AND email = {?}',
311 $uid, Post
::v('email'));
312 if ($res->numRows()) {
313 $mails = $res->fetchOneCell();
315 $res = XDB
::query('SELECT email
317 WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
318 $mails = implode(', ', $res->fetchColumn());
320 $mymail = new PlMailer();
321 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail
->domain
. '>');
322 $mymail->addTo($mails);
323 $mymail->setSubject('Ton certificat d\'authentification');
324 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
325 {$globals->baseurl}/tmpPWD/$url
327 Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
331 \"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
333 Mail envoyé à ".Env
::v('login') . (Post
::has('email') ?
"
334 Adresse de secours : " . Post
::v('email') : ""));
337 // on cree un objet logger et on log l'evenement
338 $logger = $_SESSION['log'] = new CoreLogger($uid);
339 $logger->log('recovery', $mails);
341 $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
342 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
346 function handler_tmpPWD(&$page, $certif = null
)
349 XDB
::execute('DELETE FROM perte_pass
350 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
352 $res = XDB
::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
353 $ligne = $res->fetchOneAssoc();
355 $page->changeTpl('platal/index.tpl');
356 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
359 $uid = $ligne["uid"];
360 if (Post
::has('response2')) {
361 $password = Post
::v('response2');
362 XDB
::query('UPDATE auth_user_md5 SET password={?}
363 WHERE user_id={?} AND perms IN("admin","user")',
365 XDB
::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
367 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
368 // updates the Google Apps password as well.
369 if ($globals->mailstorage
->googleapps_domain
) {
370 require_once 'googleapps.inc.php';
371 $account = new GoogleAppsAccount($uid);
372 if ($account->active() && $account->sync_password
) {
373 $account->set_password($password);
377 $logger = new CoreLogger($uid);
378 $logger->log("passwd","");
379 $page->changeTpl('platal/tmpPWD.success.tpl');
381 $page->changeTpl('platal/motdepasse.tpl');
382 $page->addJsLink('motdepasse.js');
386 function handler_skin(&$page)
390 $page->changeTpl('platal/skins.tpl');
391 $page->assign('xorg_title','Polytechnique.org - Skins');
393 if (Env
::has('newskin')) { // formulaire soumis, traitons les données envoyées
394 XDB
::execute('UPDATE auth_user_quick
395 SET skin={?} WHERE user_id={?}',
396 Env
::i('newskin'), S
::v('uid'));
401 $res = XDB
::query('SELECT id FROM skins WHERE skin_tpl={?}', S
::v('skin'));
402 $page->assign('skin_id', $res->fetchOneCell());
404 $sql = "SELECT s.*,auteur,count(*) AS nb
406 LEFT JOIN auth_user_quick AS a ON s.id=a.skin
407 WHERE skin_tpl != '' AND ext != ''
408 GROUP BY id ORDER BY s.date DESC";
409 $page->assign('skins', XDB
::iterator($sql));
412 function handler_exit(&$page, $level = null
)
414 if (S
::has('suid')) {
415 $a4l = S
::v('forlife');
416 $suid = S
::v('suid');
418 $log->log("suid_stop", S
::v('forlife') . " by " . $suid['forlife']);
421 pl_redirect('admin/user/' . $a4l);
424 if ($level == 'forget' ||
$level == 'forgetall') {
425 setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
426 Cookie
::kill('ORGaccess');
427 if (isset($_SESSION['log']))
428 $_SESSION['log']->log("cookie_off");
431 if ($level == 'forgetuid' ||
$level == 'forgetall') {
432 setcookie('ORGuid', '', time() - 3600, '/', '', 0);
433 Cookie
::kill('ORGuid');
434 setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
435 Cookie
::kill('ORGdomain');
438 if (isset($_SESSION['log'])) {
439 $ref = isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] : '';
440 $_SESSION['log']->log('deconnexion',$ref);
443 XorgSession
::destroy();
445 if (Get
::has('redirect')) {
446 http_redirect(rawurldecode(Get
::v('redirect')));
448 $page->changeTpl('platal/exit.tpl');
452 function handler_review(&$page, $action = null
, $mode = null
)
454 require_once 'wiki.inc.php';
455 require_once dirname(__FILE__
) . '/platal/review.inc.php';
456 $dir = wiki_work_dir();
458 if (@$GLOBALS['IS_XNET_SITE']) {
462 $page->kill("Impossible de trouver le wiki");
464 if (!file_exists($dir . '/' . $dom . '.Admin')) {
465 $page->kill("Impossible de trouver la page d'administration");
467 $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
468 $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY
);
469 $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true
);
470 foreach ($conf as $line) {
471 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY
);
472 $wiz->addPage('ReviewPage', $list[0], $list[1]);
474 $wiz->apply($page, 'review', $action, $mode);
478 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: