projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge branch 'platal-0.9.17'
[platal.git] / modules / platal.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2008 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 function bugize($list)
23 {
24 $list = split(',', $list);
25 $ans = array();
26
27 foreach ($list as $bug) {
28 $clean = str_replace('#', '', $bug);
29 $ans[] = "<a href='http://trackers.polytechnique.org/task/$clean'>$bug</a>";
30 }
31
32 return join(',', $ans);
33 }
34
35
36 class PlatalModule extends PLModule
37 {
38 function handlers()
39 {
40 return array(
41 'index' => $this->make_hook('index', AUTH_PUBLIC),
42 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
43 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
44
45 // Preferences thingies
46 'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
47 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
48 'prefs/webredirect'
49 => $this->make_hook('webredir', AUTH_MDP),
50 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
51
52 // password related thingies
53 'password' => $this->make_hook('password', AUTH_MDP),
54 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
55 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
56 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
57 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
58 'review' => $this->make_hook('review', AUTH_PUBLIC),
59 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
60 );
61 }
62
63 function handler_index(&$page)
64 {
65 if (S::logged()) {
66 pl_redirect('events');
67 } else if (!@$GLOBALS['IS_XNET_SITE']) {
68 pl_redirect('review');
69 }
70 }
71
72 function handler_cacert(&$page)
73 {
74 $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
75 header("Pragma:");
76 header("Set-Cookie:");
77 header("Cache-Control:");
78 header("Expires:");
79 header("Content-Type: application/x-x509-ca-cert");
80 header("Content-Length: ".strlen($data));
81 echo $data;
82 exit;
83 }
84
85 function handler_changelog(&$page)
86 {
87 $page->changeTpl('platal/changeLog.tpl');
88
89 $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
90 $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
91 // url catch only (not all wiki syntax)
92 $clog = preg_replace(array(
93 '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
94 '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
95 '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
96 array(
97 '<a href="\\0">\\0</a>',
98 '\\1<a href="http://www.\\2">www.\\2</a>',
99 '<a href="mailto:\\0">\\0</a>'),
100 $clog);
101 $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
102 $clog = preg_replace('!vim:.*$!', '', $clog);
103 $clog = preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
104 $page->assign('ChangeLog', $clog);
105 }
106
107 function __set_rss_state($state)
108 {
109 if ($state) {
110 $_SESSION['core_rss_hash'] = rand_url_id(16);
111 XDB::execute('UPDATE auth_user_quick
112 SET core_rss_hash={?} WHERE user_id={?}',
113 S::v('core_rss_hash'), S::v('uid'));
114 } else {
115 XDB::execute('UPDATE auth_user_quick
116 SET core_rss_hash="" WHERE user_id={?}',
117 S::v('uid'));
118 S::kill('core_rss_hash');
119 }
120 }
121
122 function handler_prefs(&$page)
123 {
124 $page->changeTpl('platal/preferences.tpl');
125 $page->setTitle('Mes préférences');
126
127 if (Post::has('mail_fmt')) {
128 $fmt = Post::v('mail_fmt');
129 if ($fmt != 'texte') $fmt = 'html';
130 XDB::execute("UPDATE auth_user_quick
131 SET core_mail_fmt = '$fmt'
132 WHERE user_id = {?}",
133 S::v('uid'));
134 $_SESSION['mail_fmt'] = $fmt;
135 }
136
137 if (Post::has('rss')) {
138 $this->__set_rss_state(Post::b('rss'));
139 }
140 }
141
142 function handler_webredir(&$page)
143 {
144 $page->changeTpl('platal/webredirect.tpl');
145
146 $page->setTitle('Redirection de page WEB');
147
148 $log =& S::v('log');
149 $url = Env::v('url');
150
151 if (Env::v('submit') == 'Valider' and Env::has('url')) {
152 XDB::execute('UPDATE auth_user_quick
153 SET redirecturl = {?} WHERE user_id = {?}',
154 $url, S::v('uid'));
155 S::logger()->log('carva_add', 'http://'.Env::v('url'));
156 $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
157 } elseif (Env::v('submit') == "Supprimer") {
158 XDB::execute("UPDATE auth_user_quick
159 SET redirecturl = ''
160 WHERE user_id = {?}",
161 S::v('uid'));
162 S::logger()->log("carva_del", $url);
163 Post::kill('url');
164 $page->trigSuccess('Redirection supprimée');
165 }
166
167 $res = XDB::query('SELECT redirecturl
168 FROM auth_user_quick
169 WHERE user_id = {?}',
170 S::v('uid'));
171 $page->assign('carva', $res->fetchOneCell());
172 }
173
174 function handler_prefs_rss(&$page)
175 {
176 $page->changeTpl('platal/filrss.tpl');
177
178 $page->assign('goback', Env::v('referer', 'login'));
179
180 if (Env::v('act_rss') == 'Activer') {
181 $this->__set_rss_state(true);
182 $page->trigSuccess("Ton Fil RSS est activé.");
183 }
184 }
185
186 function handler_password(&$page)
187 {
188 global $globals;
189
190 if (Post::has('response2')) {
191 require_once 'secure_hash.inc.php';
192 S::assert_xsrf_token();
193
194 $_SESSION['password'] = $password = Post::v('response2');
195
196 XDB::execute('UPDATE auth_user_md5
197 SET password={?}
198 WHERE user_id={?}', $password,
199 S::v('uid'));
200
201 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
202 // updates the Google Apps password as well.
203 if ($globals->mailstorage->googleapps_domain) {
204 require_once 'googleapps.inc.php';
205 $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife'));
206 if ($account->active() && $account->sync_password) {
207 $account->set_password($password);
208 }
209 }
210
211 $log =& S::v('log');
212 S::logger()->log('passwd', '');
213
214 if (Cookie::v('ORGaccess')) {
215 setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
216 }
217
218 $page->changeTpl('platal/motdepasse.success.tpl');
219 $page->run();
220 }
221
222 $page->changeTpl('platal/motdepasse.tpl');
223 $page->addJsLink('motdepasse.js');
224 $page->setTitle('Mon mot de passe');
225 }
226
227 function handler_smtppass(&$page)
228 {
229 $page->changeTpl('platal/acces_smtp.tpl');
230 $page->setTitle('Acces SMTP/NNTP');
231
232 $wp = new PlWikiPage('Xorg.SMTPSécurisé');
233 $wp->buildCache();
234 $wp = new PlWikiPage('Xorg.NNTPSécurisé');
235 $wp->buildCache();
236
237 $uid = S::v('uid');
238 $pass = Env::v('smtppass1');
239 $log = S::v('log');
240
241 if (Env::v('op') == "Valider" && strlen($pass) >= 6
242 && Env::v('smtppass1') == Env::v('smtppass2'))
243 {
244 XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
245 WHERE user_id = {?}', $pass, $uid);
246 $page->trigSuccess('Mot de passe enregistré');
247 S::logger()->log("passwd_ssl");
248 } elseif (Env::v('op') == "Supprimer") {
249 XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
250 WHERE user_id = {?}', $uid);
251 $page->trigSuccess('Compte SMTP et NNTP supprimé');
252 S::logger()->log("passwd_del");
253 }
254
255 $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
256 FROM auth_user_md5
257 WHERE user_id = {?}", $uid);
258 $page->assign('actif', $res->fetchOneCell());
259 }
260
261 function handler_recovery(&$page)
262 {
263 global $globals;
264
265 $page->changeTpl('platal/recovery.tpl');
266
267 if (!Env::has('login') || !Env::has('birth')) {
268 return;
269 }
270
271 if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
272 $page->trigError('Date de naissance incorrecte ou incohérente');
273 return;
274 }
275
276 $birth = sprintf('%s-%s-%s',
277 substr(Env::v('birth'), 4, 4),
278 substr(Env::v('birth'), 2, 2),
279 substr(Env::v('birth'), 0, 2));
280
281 $mailorg = strtok(Env::v('login'), '@');
282
283 // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
284 // avec celle fournie ici en espérant que c'est la bonne
285
286 $res = XDB::query(
287 "SELECT user_id, naissance
288 FROM auth_user_md5 AS u
289 INNER JOIN aliases AS a ON (u.user_id=a.id AND type != 'homonyme')
290 WHERE a.alias={?} AND u.perms IN ('admin','user') AND u.deces=0", $mailorg);
291 list($uid, $naissance) = $res->fetchOneRow();
292
293 if ($naissance == $birth) {
294 $res = XDB::query("SELECT COUNT(*)
295 FROM emails
296 WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $uid);
297 $count = intval($res->fetchOneCell());
298 if ($count == 0) {
299 $page->assign('no_addr', true);
300 return;
301 }
302
303 $page->assign('ok', true);
304
305 $url = rand_url_id();
306 XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
307 VALUES ({?},{?},NOW())', $url, $uid);
308 $res = XDB::query('SELECT email
309 FROM emails
310 WHERE uid = {?} AND email = {?}',
311 $uid, Post::v('email'));
312 if ($res->numRows()) {
313 $mails = $res->fetchOneCell();
314 } else {
315 $res = XDB::query('SELECT email
316 FROM emails
317 WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $uid);
318 $mails = implode(', ', $res->fetchColumn());
319 }
320 $mymail = new PlMailer();
321 $mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
322 $mymail->addTo($mails);
323 $mymail->setSubject('Ton certificat d\'authentification');
324 $mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
325 {$globals->baseurl}/tmpPWD/$url
326
327 Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.
328
329 --
330 Polytechnique.org
331 \"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
332
333 Email envoyé à ".Env::v('login') . (Post::has('email') ? "
334 Adresse de secours : " . Post::v('email') : ""));
335 $mymail->send();
336
337 // on cree un objet logger et on log l'evenement
338 $logger = $_SESSION['log'] = new PlLogger($uid);
339 S::logger()->log('recovery', $mails);
340 } else {
341 $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
342 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
343 }
344 }
345
346 function handler_tmpPWD(&$page, $certif = null)
347 {
348 global $globals;
349 XDB::execute('DELETE FROM perte_pass
350 WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
351
352 $res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
353 $ligne = $res->fetchOneAssoc();
354 if (!$ligne) {
355 $page->changeTpl('platal/index.tpl');
356 $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur.");
357 }
358
359 $uid = $ligne["uid"];
360 if (Post::has('response2')) {
361 $password = Post::v('response2');
362 XDB::query('UPDATE auth_user_md5 SET password={?}
363 WHERE user_id={?} AND perms IN("admin","user")',
364 $password, $uid);
365 XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
366
367 // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
368 // updates the Google Apps password as well.
369 if ($globals->mailstorage->googleapps_domain) {
370 require_once 'googleapps.inc.php';
371 $account = new GoogleAppsAccount($uid);
372 if ($account->active() && $account->sync_password) {
373 $account->set_password($password);
374 }
375 }
376
377 $logger = new PlLogger($uid);
378 S::logger()->log("passwd","");
379 $page->changeTpl('platal/tmpPWD.success.tpl');
380 } else {
381 $page->changeTpl('platal/motdepasse.tpl');
382 $page->addJsLink('motdepasse.js');
383 }
384 }
385
386 function handler_skin(&$page)
387 {
388 global $globals;
389
390 $page->changeTpl('platal/skins.tpl');
391 $page->setTitle('Skins');
392
393 if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
394 XDB::execute('UPDATE auth_user_quick
395 SET skin={?} WHERE user_id={?}',
396 Env::i('newskin'), S::v('uid'));
397 S::kill('skin');
398 Platal::session()->setSkin();
399 }
400
401 $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
402 $page->assign('skin_id', $res->fetchOneCell());
403
404 $sql = "SELECT s.*,auteur,count(*) AS nb
405 FROM skins AS s
406 LEFT JOIN auth_user_quick AS a ON s.id=a.skin
407 WHERE skin_tpl != '' AND ext != ''
408 GROUP BY id ORDER BY s.date DESC";
409 $page->assign('skins', XDB::iterator($sql));
410 }
411
412 function handler_exit(&$page, $level = null)
413 {
414 if (S::has('suid')) {
415 $a4l = S::v('forlife');
416 $suid = S::v('suid');
417 $log = S::v('log');
418 S::logger()->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
419 Platal::session()->stopSUID();
420 pl_redirect('admin/user/' . $a4l);
421 }
422
423 if ($level == 'forget' || $level == 'forgetall') {
424 setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
425 Cookie::kill('ORGaccess');
426 if (isset($_SESSION['log']))
427 S::logger()->log("cookie_off");
428 }
429
430 if ($level == 'forgetuid' || $level == 'forgetall') {
431 setcookie('ORGuid', '', time() - 3600, '/', '', 0);
432 Cookie::kill('ORGuid');
433 setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
434 Cookie::kill('ORGdomain');
435 }
436
437 if (isset($_SESSION['log'])) {
438 $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
439 S::logger()->log('deconnexion',$ref);
440 }
441 Platal::session()->destroy();
442
443 if (Get::has('redirect')) {
444 http_redirect(rawurldecode(Get::v('redirect')));
445 } else {
446 $page->changeTpl('platal/exit.tpl');
447 }
448 }
449
450 function handler_review(&$page, $action = null, $mode = null)
451 {
452 $this->load('review.inc.php');
453 $dom = 'Review';
454 if (@$GLOBALS['IS_XNET_SITE']) {
455 $dom .= 'Xnet';
456 }
457 $wp = new PlWikiPage($dom . '.Admin');
458 $conf = explode('%0a', $wp->getField('text'));
459 $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
460 foreach ($conf as $line) {
461 $list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
462 $wiz->addPage('ReviewPage', $list[0], $list[1]);
463 }
464 $wiz->apply($page, 'review', $action, $mode);
465 }
466 }
467
468 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
469 ?>
plat/al