- // Check if there was a submission
- foreach($_POST as $key => $val) {
- S::assert_xsrf_token();
-
- switch ($key) {
- case "add_fwd":
- $email = trim(Env::v('email'));
- if (!isvalid_email_redirection($email)) {
- $page->trigError("Email non valide: $email");
- } else {
- $redirect->add_email($email);
- $page->trigSuccess("Ajout de $email effectué");
- }
- break;
-
- case "del_fwd":
- if (!empty($val)) {
- $redirect->delete_email($val);
- }
- break;
-
- case "del_alias":
- if (!empty($val)) {
- XDB::execute("DELETE FROM aliases
- WHERE id={?} AND alias={?}
- AND type!='a_vie' AND type!='homonyme'", $mr['user_id'], $val);
- XDB::execute("UPDATE emails
- SET rewrite = ''
- WHERE uid = {?} AND rewrite LIKE CONCAT({?}, '@%')",
- $mr['user_id'], $val);
- fix_bestalias($mr['user_id']);
- $page->trigSuccess($val." a été supprimé");
- }
- break;
- case "activate_fwd":
- if (!empty($val)) {
- $redirect->modify_one_email($val, true);
- }
- break;
- case "deactivate_fwd":
- if (!empty($val)) {
- $redirect->modify_one_email($val, false);
- }
- break;
- case "disable_fwd":
- $redirect->disable();
- break;
- case "enable_fwd":
- $redirect->enable();
- break;
- case "clean_fwd":
- if (!empty($val)) {
- $redirect->clean_errors($val);
- }
- break;
- case "add_alias":
- global $globals;
- $alias = trim(Env::v('email'));
- if (strpos($alias, '@') !== false) {
- list($alias, $domain) = explode('@', $alias);
- } else {
- $domain = $globals->mail->domain;
- }
- if (!preg_match('/[-a-z0-9\.]+/s', $alias)) {
- $page->trigError("'$alias' n'est pas un alias valide");
- }
- if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
- $req = new AliasReq($mr['user_id'], $alias, 'Admin request', false);
- if ($req->commit()) {
- $page->trigSuccess("Nouvel alias '$alias@$domain' attribué");
- } else {
- $page->trigError("Impossible d'ajouter l'alias '$alias@$domain', il est probablement déjà attribué");
- }
- } elseif ($domain == $globals->mail->domain || $domain == $globals->mail->domain2) {
- if (XDB::execute("INSERT INTO aliases (id,alias,type) VALUES ({?}, {?}, 'alias')",
- $mr['user_id'], $alias)) {
- $page->trigSuccess("Nouvel alias '$alias' ajouté");
- } else {
- $page->trigError("Impossible d'ajouter l'alias '$alias', il est probablement déjà attribué");
- }
- } else {
- $page->trigError("Le domaine '$domain' n'est pas valide");
- }
- break;
-
- case "best":
- // 'bestalias' is the first bit of the set : 1
- // 255 is the max for flags (8 sets max)
- XDB::execute("UPDATE aliases SET flags= flags & (255 - 1) WHERE id={?}", $mr['user_id']);
- XDB::execute("UPDATE aliases
- SET flags= flags | 1
- WHERE id={?} AND alias={?}", $mr['user_id'], $val);
- break;
-
-
- // Editer un profil
- case "u_edit":
- require_once('secure_hash.inc.php');
- $pass_encrypted = Env::v('newpass_clair') != "********" ? hash_encrypt(Env::v('newpass_clair')) : Env::v('passw');
- $naiss = Env::v('naissanceN');
- $deces = Env::v('decesN');
- $perms = Env::v('permsN');
- $prenm = Env::v('prenomN');
- $nom = Env::v('nomN');
- $nomusage = Env::v('nomusageN');
- $promo = Env::i('promoN');
- $sexe = Env::v('sexeN');
- $comm = trim(Env::v('commentN'));
- $watch = Env::v('watchN');
- $flags = '';
- if ($sexe) {
- $flags = 'femme';
- }
- if ($watch) {
- if ($flags) {
- $flags .= ',';
- }
- $flags .= 'watch';
- }
-
- if ($watch && !$comm) {
- $page->trigError("Il est nécessaire de mettre un commentaire pour surveiller un compte");
- break;
- }
-
- $watch = 'SELECT naissance, deces, password, perms, nom_usage,
- prenom, nom, flags, promo, comment
- FROM auth_user_md5
- WHERE user_id = ' . $mr['user_id'];
- $res = XDB::query($watch);
- $old_fields = $res->fetchOneAssoc();
- $query = "UPDATE auth_user_md5 SET
- naissance = '$naiss',
- deces = '$deces',
- password = '$pass_encrypted',
- perms = '$perms',
- prenom = '".addslashes($prenm)."',
- nom = '".addslashes($nom)."',
- nom_usage = '".addslashes($nomusage)."',
- flags = '$flags',
- promo = $promo,
- comment = '".addslashes($comm)."'
- WHERE user_id = '{$mr['user_id']}'";
- if ($perms == 'disabled' && $old_fields['perms'] != 'disabled') {
- // A user has been banned ==> ensure his php session has been killed
- // This solution is ugly and overkill, but, it should be efficient.
- kill_sessions();
- }
- if (XDB::execute($query)) {
- user_reindex($mr['user_id']);
-
- $res = XDB::query($watch);
- $new_fields = $res->fetchOneAssoc();
-
- $mailer = new PlMailer("admin/useredit.mail.tpl");
- $mailer->assign("admin", S::v('forlife'));
- $mailer->assign("user", $mr['forlife']);
- $mailer->assign('old', $old_fields);
- $mailer->assign('new', $new_fields);
- $mailer->send();
-
- // update number of subscribers (perms or deceased may have changed)
- $globals->updateNbIns();
-
- $page->trigSuccess("updaté correctement.");
- }
- if (Env::v('nomusageN') != $mr['nom_usage']) {
- set_new_usage($mr['user_id'], Env::v('nomusageN'), make_username(Env::v('prenomN'), Env::v('nomusageN')));
- }
- if (Env::v('decesN') != $mr['deces']) {
- require_once 'notifs.inc.php';
- register_watch_op($mr['user_id'], WATCH_DEATH, $mr['deces']);
- user_clear_all_subs($mr['user_id'], false);
- }
- $r = XDB::query("SELECT *, a.alias AS forlife,
- FIND_IN_SET('watch', u.flags) AS watch, FIND_IN_SET('femme', u.flags) AS sexe
- FROM auth_user_md5 AS u
- LEFT JOIN aliases AS a ON (a.id = u.user_id AND type= 'a_vie')
- WHERE u.user_id = {?}", $mr['user_id']);
- $mr = $r->fetchOneAssoc();
-
- // If GoogleApps is enabled, the user did choose to use synchronized passwords,
- // and the password was changed, updates the Google Apps password as well.
- if ($globals->mailstorage->googleapps_domain && Env::v('newpass_clair') != "********") {
- require_once 'googleapps.inc.php';
- $account = new GoogleAppsAccount(User::get($mr['forlife']));
- if ($account->active() && $account->sync_password) {
- $account->set_password($pass_encrypted);
- }
- }