- // Fetches user data.
- $userinfo_query = "SELECT *, FIND_IN_SET('watch', flags) AS watch, FIND_IN_SET('femme', flags) AS sexe,
- (year(naissance) > promo - 15 or year(naissance) < promo - 25) AS naiss_err
- FROM auth_user_md5
- WHERE user_id = {?}";
- $mr = XDB::query($userinfo_query, $user->id())->fetchOneAssoc();
- $redirect = ($registered ? new Redirect($user) : null);
-
- // Processes admin requests, if any.
- foreach($_POST as $key => $val) {
- S::assert_xsrf_token();
-
- switch ($key) {
- // Email redirection actions.
- case "add_fwd":
- $email = trim(Env::v('email'));
- if (!isvalid_email_redirection($email)) {
- $page->trigError("Email non valide: $email");
- } else {
- $redirect->add_email($email);
- $page->trigSuccess("Ajout de $email effectué");
- }
- break;
-
- case "del_fwd":
- if (!empty($val)) {
- $redirect->delete_email($val);
- }
- break;
-
- case "activate_fwd":
- if (!empty($val)) {
- $redirect->modify_one_email($val, true);
- }
- break;
- case "deactivate_fwd":
- if (!empty($val)) {
- $redirect->modify_one_email($val, false);
- }
- break;
- case "disable_fwd":
- $redirect->disable();
- break;
- case "enable_fwd":
- $redirect->enable();
- break;
- case "clean_fwd":
- if (!empty($val)) {
- $redirect->clean_errors($val);
- }
- break;
-
- // Alias actions.
- case "add_alias":
- global $globals;
-
- // Splits new alias in user and fqdn.
- $alias = trim(Env::v('email'));
- if (strpos($alias, '@') !== false) {
- list($alias, $domain) = explode('@', $alias);
- } else {
- $domain = $globals->mail->domain;
- }
-
- // Checks for alias' user validity.
- if (!preg_match('/[-a-z0-9\.]+/s', $alias)) {
- $page->trigError("'$alias' n'est pas un alias valide");
- break;
- }
-
- // Eventually adds the alias to the right domain.
- if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
- $req = new AliasReq($user, $alias, 'Admin request', false);
- if ($req->commit()) {
- $page->trigSuccess("Nouvel alias '$alias@$domain' attribué");
- } else {
- $page->trigError("Impossible d'ajouter l'alias '$alias@$domain', il est probablement déjà attribué");
- }
- } elseif ($domain == $globals->mail->domain || $domain == $globals->mail->domain2) {
- $res = XDB::execute("INSERT INTO aliases (id,alias,type) VALUES ({?}, {?}, 'alias')",
- $user->id(), $alias);
- if ($res) {
- $page->trigSuccess("Nouvel alias '$alias' ajouté");
- } else {
- $page->trigError("Impossible d'ajouter l'alias '$alias', il est probablement déjà attribué");
- }
- } else {
- $page->trigError("Le domaine '$domain' n'est pas valide");
- }
- break;
-
- case "del_alias":
- if (!empty($val)) {
- XDB::execute("DELETE FROM aliases
- WHERE id = {?} AND alias = {?} AND
- type NOT IN ('a_vie', 'homonyme')",
- $user->id(), $val);
- XDB::execute("UPDATE emails
- SET rewrite = ''
- WHERE uid = {?} AND rewrite LIKE CONCAT({?}, '@%')",
- $user->id(), $val);
- fix_bestalias($user);
- $page->trigSuccess("L'alias '$val' a été supprimé");
- }
- break;
-
- case "best":
- XDB::execute("UPDATE aliases
- SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))
- WHERE id = {?}", $user->id());
- XDB::execute("UPDATE aliases
- SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')
- WHERE id = {?} AND alias = {?}", $user->id(), $val);
-
- // As having a non-null bestalias value is critical in
- // plat/al's code, we do an a posteriori check on the
- // validity of the bestalias.
- fix_bestalias($user);
- break;
-
- // Profile edition.
- case "u_edit":
- // Loads new values from environment.
- require_once('secure_hash.inc.php');
- $pass_encrypted = Env::v('newpass_clair') != "********" ? hash_encrypt(Env::v('newpass_clair')) : Env::v('passw');
- $naiss = Env::v('naissanceN');
- $deces = Env::v('decesN');
- $perms = Env::v('permsN');
- $prenom = Env::v('prenomN');
- $nom = Env::v('nomN');
- $nomusage = Env::v('nomusageN');
- $promo = Env::i('promoN');
- $sexe = Env::v('sexeN');
- $comm = trim(Env::v('commentN'));
- $watch = Env::v('watchN');
-
- $flags = ($sexe ? 'femme' : '');
- if ($watch) {
- $flags .= ($flags ? ',watch' : 'watch');
- }
- if ($watch && !$comm) {
- $page->trigError("Il est nécessaire de mettre un commentaire pour surveiller un compte");
- break;
- }
-
- // Fetches fields to watch for changes.
- $watch_query = "SELECT naissance, deces, password, perms, nom_usage,
- prenom, nom, flags, promo, comment
- FROM auth_user_md5
- WHERE user_id = {?}";
- $old_fields = XDB::query($watch_query, $user->id())->fetchOneAssoc();
-
- // If user was newly banned, we need to ensure her php session
- // is killed. This hack is ugly (and largely overkill); it should
- // however suits our needs.
- if ($perms == 'disabled' && $old_fields['perms'] != 'disabled') {
- kill_sessions();
-
- // Also serve a reminder to the admin: disabling an account
- // does not deactivate email forwarding.
- $page->trigWarning("N'oubliez pas, le cas échéant, de désactiver les redirections et le compte GoogleApps de l'utilisateur.");
- }
-
- // Updates the user profile with the new values.
- $res = XDB::execute("UPDATE auth_user_md5
- SET naissance = {?}, deces = {?}, password = {?},
- perms = {?}, prenom = {?}, nom = {?}, nom_usage = {?},
- flags = {?}, promo = {?}, comment = {?}
- WHERE user_id = {?}",
- $naiss, $deces, $pass_encrypted,
- $perms, $prenom, $nom, $nomusage,
- $flags, $promo, $comm, $user->id());
- if ($res) {
- require_once("user.func.inc.php");
- user_reindex($user->id());
- $new_fields = XDB::query($watch_query, $user->id())->fetchOneAssoc();
-
- // Redacts the password in the notification, to avoid transmitting
- // sensitive information by email.
- $new_fields['password'] = ($old_fields['password'] != $new_fields['password'] ? 'new' : 'old');
- $old_fields['password'] = 'old';
-
- // Notifies the admins of the profile update.
- $mailer = new PlMailer("admin/useredit.mail.tpl");
- $mailer->assign("admin", S::user()->login());
- $mailer->assign("user", $user->login());
- $mailer->assign('old', $old_fields);
- $mailer->assign('new', $new_fields);
- $mailer->send();
-
- $globals->updateNbIns();
- $page->trigSuccess("La mise à jour a été faite avec succès.");
- } else {
- $page->trigError("La mise à jour a échoué. S'il te plaît, vérifie les valeurs.");
- }
-
- // Checks for changes, and updates other tables of plat/al.
- if (Env::v('nomusageN') != $mr['nom_usage']) {
- set_new_usage($user->id(), Env::v('nomusageN'), make_username(Env::v('prenomN'), Env::v('nomusageN')));
- }
- if (Env::v('decesN') != $mr['deces']) {
- require_once 'notifs.inc.php';
- register_watch_op($user->id(), WATCH_DEATH, $mr['deces']);
- user_clear_all_subs($user->id(), false);
- }
-
- // Eventually updates the Google Apps account.
- if ($globals->mailstorage->googleapps_domain) {
- // If the user did choose to use synchronized passwords,
- // and the password was changed, updates the Google Apps
- // password as well.
- if (Env::v('newpass_clair') != "********") {
- require_once 'googleapps.inc.php';
- $account = new GoogleAppsAccount($user);
- if ($account->active() && $account->sync_password) {
- $account->set_password($pass_encrypted);
- }
- }
- }
-
+ // Account Form {{{
+ $to_update = array();
+ if (Post::has('disable_weak_access')) {
+ $to_update['weak_password'] = null;
+ } else if (Post::has('update_account')) {
+ if (Post::s('full_name') != $user->fullName()) {
+ // XXX: Update profile if a profile is associated
+ $to_update['full_name'] = Post::s('full_name');
+ }
+ if (Post::s('display_name') != $user->displayName()) {
+ // XXX: Update profile if a profile is associated
+ $to_update['display_name'] = Post::s('display_name');
+ }
+ if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
+ $to_update['sex'] = Post::s('sex');
+ }
+ if (!Post::blank('hashpass')) {
+ $to_update['password'] = Post::s('hashpass');
+ // TODO: Propagate the password update to GoogleApps, when required. Eg:
+ // $account = new GoogleAppsAccount($user);
+ // if ($account->active() && $account->sync_password) {
+ // $account->set_password($pass_encrypted);
+ // }
+ }
+ if (!Post::blank('weak_password')) {
+ $to_update['weak_password'] = Post::s('weak_password');
+ }
+ if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
+ $to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
+ }
+ if (Post::i('skin') != $user->skin) {
+ $to_update['skin'] = Post::i('skin');
+ if ($to_update['skin'] == 0) {
+ $to_update['skin'] = null;
+ }
+ }
+ if (Post::s('state') != $user->state) {
+ $to_update['state'] = Post::s('state');
+ }
+ if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
+ $to_update['is_admin'] = Post::b('is_admin');
+ }
+ if (Post::s('type') != $user->type) {
+ $to_update['type'] = Post::s('type');
+ }
+ if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
+ $to_update['flags'] = new PlFlagset();
+ $to_update['flags']->addFlag('watch', Post::i('watch'));
+ }
+ if (Post::t('comment') != $user->comment) {
+ $to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
+ }
+ }
+ if (!empty($to_update)) {
+ // TODO: fetch the initial values of the fields, and eventually send
+ // a summary of the changes to an admin.
+ $set = array();
+ foreach ($to_update as $k => $value) {
+ $set[] = XDB::format($k . ' = {?}', $value);
+ }
+ XDB::execute('UPDATE accounts
+ SET ' . implode(', ', $set) . '
+ WHERE uid = ' . XDB::format('{?}', $user->id()));
+ $page->trigSuccess('Données du compte mise à jour avec succès');
+ $user = User::getWithUID($user->id());
+ }
+ // }}}
+
+ // Profile form {{{
+ if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
+ if (Post::i('del_profile', 0) != 0) {
+ XDB::execute('DELETE FROM account_profiles
+ WHERE uid = {?} AND pid = {?}',
+ $user->id(), Post::i('del_profile'));
+ } else if (!Post::blank('new_profile')) {
+ $profile = Profile::get(Post::t('new_profile'));
+ if (!$profile) {
+ $page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
+ } else {
+ XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid)
+ VALUES ({?}, {?})',
+ $user->id(), $profile->id());
+ }
+ }
+ XDB::execute('UPDATE account_profiles
+ SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
+ WHERE uid = {?}',
+ Post::i('owner'), $user->id());
+ }
+ // }}}