Clear mentor entry of the user when is expertise is empty.

[platal.git] / modules / admin.php

diff --git a/modules/admin.php b/modules/admin.php
index 1b3dc43..5afa055 100644 (file)
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -27,6 +27,7 @@ class AdminModule extends PLModule
             'phpinfo'                      => $this->make_hook('phpinfo', AUTH_MDP, 'admin'),
             'admin'                        => $this->make_hook('default', AUTH_MDP, 'admin'),
             'admin/ax-xorg'                => $this->make_hook('ax_xorg', AUTH_MDP, 'admin'),
+            'admin/dead-but-active'        => $this->make_hook('dead_but_active', AUTH_MDP, 'admin'),
             'admin/deaths'                 => $this->make_hook('deaths', AUTH_MDP, 'admin'),
             'admin/downtime'               => $this->make_hook('downtime', AUTH_MDP, 'admin'),
             'admin/homonyms'               => $this->make_hook('homonyms', AUTH_MDP, 'admin'),
@@ -45,6 +46,7 @@ class AdminModule extends PLModule
             'admin/validate/answers'       => $this->make_hook('validate_answers', AUTH_MDP, 'admin'),
             'admin/wiki'                   => $this->make_hook('wiki', AUTH_MDP, 'admin'),
             'admin/ipwatch'                => $this->make_hook('ipwatch', AUTH_MDP, 'admin'),
+            'admin/icons'                  => $this->make_hook('icons', AUTH_MDP, 'admin'),
         );
     }
 
@@ -350,13 +352,14 @@ class AdminModule extends PLModule
 
     function handler_user(&$page, $login = false)
     {
+        global $globals;
         $page->changeTpl('admin/utilisateurs.tpl');
         $page->assign('xorg_title','Polytechnique.org - Administration - Edit/Su/Log');
         require_once("emails.inc.php");
         require_once("user.func.inc.php");
 
         if (S::has('suid')) {
-            $page->kill("déjà en SUID !!!");
+            $page->kill("Déjà en SUID !!!");
         }
 
         if (Env::has('user_id')) {
@@ -381,7 +384,7 @@ class AdminModule extends PLModule
             $_SESSION['suid'] = $_SESSION;
             $r = XDB::query("SELECT id FROM aliases WHERE alias={?}", $login);
             if($uid = $r->fetchOneCell()) {
-                start_connexion($uid,true);
+                start_connexion($uid, true);
                 pl_redirect("");
             }
         }
@@ -395,20 +398,23 @@ class AdminModule extends PLModule
                               LEFT JOIN aliases       AS a ON (a.id = u.user_id AND type= 'a_vie')
                                   WHERE u.user_id = {?}", $login);
             } else {
-                $r  = XDB::query("SELECT  *, a.alias AS forlife, 
+                $r  = XDB::query("SELECT  *, a.alias AS forlife,
                                           FIND_IN_SET('watch', u.flags) AS watch, FIND_IN_SET('femme', u.flags) AS sexe,
                                           (year(naissance) > promo - 15 or year(naissance) < promo - 25) AS naiss_err
                                     FROM  auth_user_md5 AS u
                               INNER JOIN  aliases       AS a ON ( a.id = u.user_id AND a.alias={?} AND type!='homonyme' )", $login);
-            }   
+            }
             $mr = $r->fetchOneAssoc();
 
-            if (!is_numeric($login)) { //user has a forlife
+            // Checks the user has a forlife, as non-registered user can't have redirections.
+            if ($mr['forlife']) {
                 $redirect = new Redirect($mr['user_id']);
             }
 
             // Check if there was a submission
             foreach($_POST as $key => $val) {
+                S::assert_xsrf_token();
+
                 switch ($key) {
                     case "add_fwd":
                         $email = trim(Env::v('email'));
@@ -434,24 +440,60 @@ class AdminModule extends PLModule
                             XDB::execute("UPDATE emails
                                              SET rewrite = ''
                                            WHERE uid = {?} AND rewrite LIKE CONCAT({?}, '@%')",
-                                         $mr['user_id'], $val);               
+                                         $mr['user_id'], $val);
                             fix_bestalias($mr['user_id']);
                             $page->trig($val." a été supprimé");
                         }
                         break;
-                case "activate_fwd":
-                if (!empty($val)) {
-                    $redirect->modify_one_email($val, true);
-                }
-                break;
-                case "deactivate_fwd":
-                if (!empty($val)) {
-                    $redirect->modify_one_email($val, false);
-                }
-                break;
+                    case "activate_fwd":
+                        if (!empty($val)) {
+                            $redirect->modify_one_email($val, true);
+                        }
+                        break;
+                    case "deactivate_fwd":
+                        if (!empty($val)) {
+                            $redirect->modify_one_email($val, false);
+                        }
+                        break;
+                    case "disable_fwd":
+                        $redirect->disable();
+                        break;
+                    case "enable_fwd":
+                        $redirect->enable();
+                        break;
+                    case "clean_fwd":
+                        if (!empty($val)) {
+                            $redirect->clean_errors($val);
+                        }
+                        break;
                     case "add_alias":
-                        XDB::execute("INSERT INTO  aliases (id,alias,type) VALUES  ({?}, {?}, 'alias')",
-                                $mr['user_id'], Env::v('email'));
+                        global $globals;
+                        $alias = trim(Env::v('email'));
+                        if (strpos($alias, '@') !== false) {
+                            list($alias, $domain) = explode('@', $alias);
+                        } else {
+                            $domain = $globals->mail->domain;
+                        }
+                        if (!preg_match('/[-a-z0-9\.]+/s', $alias)) {
+                            $page->trig("'$alias' n'est pas un alias valide");
+                        }
+                        if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
+                            $req = new AliasReq($mr['user_id'], $alias, 'Admin request', false);
+                            if ($req->commit()) {
+                                $page->trig("Nouvel alias '$alias@$domain' attribué");
+                            } else {
+                                $page->trig("Impossible d'ajouter l'alias '$alias@$domain', il est probablement déjà attribué");
+                            }
+                        } elseif ($domain == $globals->mail->domain || $domain == $globals->mail->domain2) {
+                            if (XDB::execute("INSERT INTO  aliases (id,alias,type) VALUES  ({?}, {?}, 'alias')",
+                                    $mr['user_id'], $alias)) {
+                                $page->trig("Nouvel alias '$alias' ajouté");
+                            } else {
+                                $page->trig("Impossible d'ajouter l'alias '$alias', il est probablement déjà attribué");
+                            }
+                        } else {
+                            $page->trig("Le domaine '$domain' n'est pas valide");
+                        }
                         break;
 
                     case "best":
@@ -466,52 +508,73 @@ class AdminModule extends PLModule
 
                     // Editer un profil
                     case "u_edit":
-                    require_once('secure_hash.inc.php');
-                    $pass_encrypted = Env::v('newpass_clair') != "********" ? hash_encrypt(Env::v('newpass_clair')) : Env::v('passw');
-                    $naiss = Env::v('naissanceN');
-                    $deces = Env::v('decesN');
-                    $perms = Env::v('permsN');
-                    $prenm = Env::v('prenomN');
-                    $nom   = Env::v('nomN');
-                    $promo = Env::i('promoN');
-                    $sexe  = Env::v('sexeN');
-                    $comm  = trim(Env::v('commentN'));
-                    $watch = Env::v('watchN');
-                    $flags = '';
-                    if ($sexe) {
-                        $flags = 'femme';
-                    }
-                    if ($watch) {
-                        if ($flags) {
-                            $flags .= ',';
+                        require_once('secure_hash.inc.php');
+                        $pass_encrypted = Env::v('newpass_clair') != "********" ? hash_encrypt(Env::v('newpass_clair')) : Env::v('passw');
+                        $naiss    = Env::v('naissanceN');
+                        $deces    = Env::v('decesN');
+                        $perms    = Env::v('permsN');
+                        $prenm    = Env::v('prenomN');
+                        $nom      = Env::v('nomN');
+                        $nomusage = Env::v('nomusageN');
+                        $promo    = Env::i('promoN');
+                        $sexe     = Env::v('sexeN');
+                        $comm     = trim(Env::v('commentN'));
+                        $watch    = Env::v('watchN');
+                        $flags    = '';
+                        if ($sexe) {
+                            $flags = 'femme';
+                        }
+                        if ($watch) {
+                            if ($flags) {
+                                $flags .= ',';
+                            }
+                            $flags .= 'watch';
                         }
-                        $flags .= 'watch';
-                    }
 
-                    if ($watch && !$comm) {
-                        $page->trig("Il est nécessaire de mettre un commentaire pour surveiller un compte");
-                        break;
-                    }
+                        if ($watch && !$comm) {
+                            $page->trig("Il est nécessaire de mettre un commentaire pour surveiller un compte");
+                            break;
+                        }
 
-                    $query = "UPDATE auth_user_md5 SET
-                            naissance = '$naiss',
-                            deces     = '$deces',
-                            password  = '$pass_encrypted',
-                            perms     = '$perms',
-                            prenom    = '".addslashes($prenm)."',
-                            nom       = '".addslashes($nom)."',
-                            flags     = '$flags',
-                            promo     = $promo,
-                            comment   = '".addslashes($comm)."'
-                        WHERE user_id = '{$mr['user_id']}'";
-                    if (XDB::execute($query)) {
+                        $watch = 'SELECT naissance, deces, password, perms, nom_usage,
+                                         prenom, nom, flags, promo, comment
+                                    FROM auth_user_md5
+                                   WHERE user_id = ' . $mr['user_id'];
+                        $res = XDB::query($watch);
+                        $old_fields = $res->fetchOneAssoc();
+                        $query = "UPDATE auth_user_md5 SET
+                                         naissance = '$naiss',
+                                         deces     = '$deces',
+                                         password  = '$pass_encrypted',
+                                         perms     = '$perms',
+                                         prenom    = '".addslashes($prenm)."',
+                                         nom       = '".addslashes($nom)."',
+                                         nom_usage = '".addslashes($nomusage)."',
+                                         flags     = '$flags',
+                                         promo     = $promo,
+                                         comment   = '".addslashes($comm)."'
+                                   WHERE user_id = '{$mr['user_id']}'";
+                        if ($perms == 'disabled' && $old_fields['perms'] != 'disabled') {
+                            // A user has been banned ==> ensure his php session has been killed
+                            // This solution is ugly and overkill, but, it should be efficient.
+                            kill_sessions();
+                        }
+                        if (XDB::execute($query)) {
                             user_reindex($mr['user_id']);
 
-                            $mailer = new PlMailer("admin/mail_intervention.tpl");
-                            $mailer->assign("user", S::v('forlife'));
-                            $mailer->assign("query", $query);
+                            $res = XDB::query($watch);
+                            $new_fields = $res->fetchOneAssoc();
+
+                            $mailer = new PlMailer("admin/useredit.mail.tpl");
+                            $mailer->assign("admin", S::v('forlife'));
+                            $mailer->assign("user", $mr['forlife']);
+                            $mailer->assign('old', $old_fields);
+                            $mailer->assign('new', $new_fields);
                             $mailer->send();
 
+                            // update number of subscribers (perms or deceased may have changed)
+                            update_NbIns();
+
                             $page->trig("updaté correctement.");
                         }
                         if (Env::v('nomusageN') != $mr['nom_usage']) {
@@ -519,6 +582,8 @@ class AdminModule extends PLModule
                             set_new_usage($mr['user_id'], Env::v('nomusageN'), make_username(Env::v('prenomN'), Env::v('nomusageN')));
                         }
                         if (Env::v('decesN') != $mr['deces']) {
+                            require_once 'notifs.inc.php';
+                            register_watch_op($mr['user_id'], WATCH_DEATH, $mr['deces']);
                             user_clear_all_subs($mr['user_id'], false);
                         }
                         $r = XDB::query("SELECT *, a.alias AS forlife,
@@ -527,17 +592,54 @@ class AdminModule extends PLModule
                                       LEFT JOIN aliases       AS a ON (a.id = u.user_id AND type= 'a_vie')
                                           WHERE u.user_id = {?}", $mr['user_id']);
                         $mr = $r->fetchOneAssoc();
+
+                        // If GoogleApps is enabled, the user did choose to use synchronized passwords,
+                        // and the password was changed, updates the Google Apps password as well.
+                        if ($globals->mailstorage->googleapps_domain && Env::v('newpass_clair') != "********") {
+                            require_once 'googleapps.inc.php';
+                            $account = new GoogleAppsAccount($mr['user_id'], $mr['forlife']);
+                            if ($account->active() && $account->sync_password) {
+                                $account->set_password($pass_encrypted);
+                            }
+                        }
+
+                        // If GoogleApps is enabled, and the user is now disabled, disables the Google Apps account as well.
+                        if ($globals->mailstorage->googleapps_domain &&
+                            $new_fields['perms'] == 'disabled' &&
+                            $new_fields['perms'] != $old_fields['perms']) {
+                            require_once 'googleapps.inc.php';
+                            $account = new GoogleAppsAccount($mr['user_id'], $mr['forlife']);
+                            $account->suspend();
+                        }
                         break;
 
                     // DELETE FROM auth_user_md5
                     case "u_kill":
                         user_clear_all_subs($mr['user_id']);
+                        // update number of subscribers (perms or deceased may have changed)
+                        update_NbIns();
                         $page->trig("'{$mr['user_id']}' a été désinscrit !");
-                        $mailer = new PlMailer("admin/mail_intervention.tpl");
-                        $mailer->assign("user", S::v('forlife'));
-                        $mailer->assign("query", "\nUtilisateur $login désinscrit");
+                        $mailer = new PlMailer("admin/useredit.mail.tpl");
+                        $mailer->assign("admin", S::v('forlife'));
+                        $mailer->assign("user", $mr['forlife']);
+                        $mailer->assign("deletion", true);
                         $mailer->send();
                         break;
+
+                    case "b_edit":
+                        XDB::execute("DELETE FROM forums.innd WHERE uid = {?}", $mr['user_id']);
+                        if (Env::v('write_perm') != "" || Env::v('read_perm') != ""  || Env::v('commentaire') != "" ) {
+                          XDB::execute("INSERT INTO forums.innd
+                                                SET ipmin = '0',
+                                                    ipmax = '4294967295',
+                                                    write_perm = {?},
+                                                    read_perm = {?},
+                                                    comment = {?},
+                                                    priority = '200',
+                                                    uid = {?}",
+                                       Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $mr['user_id']);
+                        }
+                        break;
                 }
             }
 
@@ -550,24 +652,29 @@ class AdminModule extends PLModule
             $page->assign('lastlogin', $lastlogin);
             $page->assign('host', $host);
 
-            $res = XDB::query("SELECT  alias
-                                 FROM  virtual
-                           INNER JOIN  virtual_redirect USING(vid)
-                                WHERE  type = 'user' AND redirect LIKE '" . $login . "@%'");
-            if ($res->numRows()) {
-                $page->assign('virtual', $res->fetchOneCell());
-            }
+            $res = XDB::iterator("SELECT  alias
+                                    FROM  virtual
+                              INNER JOIN  virtual_redirect USING(vid)
+                                   WHERE  type = 'user' AND redirect LIKE '" . $mr['forlife'] . "@%'");
+            $page->assign('virtuals', $res);
 
             $page->assign('aliases', XDB::iterator(
                         "SELECT  alias, type='a_vie' AS for_life,FIND_IN_SET('bestalias',flags) AS best,expire
                            FROM  aliases
                           WHERE  id = {?} AND type!='homonyme'
                        ORDER BY  type!= 'a_vie'", $mr["user_id"]));
-            if ($mr['perms'] != 'pending') {
-                $page->assign('emails',$redirect->emails);
+            if ($mr['perms'] != 'pending' && isset($redirect)) {
+                $page->assign('emails', $redirect->emails);
             }
 
             $page->assign('mr',$mr);
+
+            // Bans forums
+            $res = XDB::query("SELECT  write_perm, read_perm, comment
+                                 FROM  forums.innd
+                                WHERE  uid = {?}", $mr['user_id']);
+            $bans = $res->fetchOneAssoc();
+            $page->assign('bans', $bans);
         }
     }
 
@@ -588,7 +695,7 @@ class AdminModule extends PLModule
     {
         if (Env::has('promo')) {
             if(Env::i('promo') > 1900 && Env::i('promo') < 2050) {
-                $action = Env::v('valid_promo') == 'Ajouter des membres' ? 'add' : 'ax'; 
+                $action = Env::v('valid_promo') == 'Ajouter des membres' ? 'add' : 'ax';
                 pl_redirect('admin/promo/' . $action . '/' . Env::i('promo'));
             } else {
                 $page->trig('Promo non valide');
@@ -606,7 +713,7 @@ class AdminModule extends PLModule
         $importer->registerFunction('matricule', 'matricle Ecole vers X.org', array($this, 'getMatricule'));
         switch ($action) {
           case 'add':
-            $fields = array('nom', 'nom_ini', 'prenom',
+            $fields = array('nom', 'nom_ini', 'prenom', 'naissance_ini',
                             'prenom_ini', 'promo', 'promo_sortie', 'flags',
                             'matricule', 'matricule_ax', 'perms');
             $importer->forceValue('promo', $promo);
@@ -635,24 +742,28 @@ class AdminModule extends PLModule
             }
         }
 
-        $page->assign('op',$op);
-        $page->assign('target',$target);
+        $page->assign('op', $op);
+        $page->assign('target', $target);
 
         // on a un $target valide, on prepare les mails
         if ($target) {
-
             // on examine l'op a effectuer
             switch ($op) {
                 case 'mail':
-                send_warning_homonyme($prenom, $nom, $forlife, $loginbis);
-                switch_bestalias($target, $loginbis);
+                    S::assert_xsrf_token();
+
+                    send_warning_homonyme($prenom, $nom, $forlife, $loginbis);
+                    switch_bestalias($target, $loginbis);
                     $op = 'list';
                     break;
+
                 case 'correct':
-                switch_bestalias($target, $loginbis);
+                    S::assert_xsrf_token();
+
+                    switch_bestalias($target, $loginbis);
                     XDB::execute("UPDATE aliases SET type='homonyme',expire=NOW() WHERE alias={?}", $loginbis);
                     XDB::execute("REPLACE INTO homonymes (homonyme_id,user_id) VALUES({?},{?})", $target, $target);
-                send_robot_homonyme($prenom, $nom, $forlife, $loginbis);
+                    send_robot_homonyme($prenom, $nom, $forlife, $loginbis);
                     $op = 'list';
                     break;
             }
@@ -720,19 +831,24 @@ class AdminModule extends PLModule
         $page->assign('promo',$promo);
 
         if ($validate) {
+            S::assert_xsrf_token();
+
             $new_deces = array();
             $res = XDB::iterRow("SELECT user_id,matricule,nom,prenom,deces FROM auth_user_md5 WHERE promo = {?}", $promo);
             while (list($uid,$mat,$nom,$prenom,$deces) = $res->next()) {
                 $val = Env::v($mat);
-            if($val == $deces || empty($val)) continue;
-            XDB::execute('UPDATE auth_user_md5 SET deces={?} WHERE matricule = {?}', $val, $mat);
-            $new_deces[] = array('name' => "$prenom $nom", 'date' => "$val");
-            if($deces=='0000-00-00' or empty($deces)) {
-                require_once('notifs.inc.php');
-                register_watch_op($uid, WATCH_DEATH, $val);
-                require_once('user.func.inc.php');
-                user_clear_all_subs($uid, false);   // by default, dead ppl do not loose their email
-            }
+                if($val == $deces || empty($val)) {
+                    continue;
+                }
+
+                XDB::execute('UPDATE auth_user_md5 SET deces={?} WHERE matricule = {?}', $val, $mat);
+                $new_deces[] = array('name' => "$prenom $nom", 'date' => "$val");
+                if($deces == '0000-00-00' || empty($deces)) {
+                    require_once('notifs.inc.php');
+                    register_watch_op($uid, WATCH_DEATH, $val);
+                    require_once('user.func.inc.php');
+                    user_clear_all_subs($uid, false);   // by default, dead ppl do not loose their email
+                }
             }
             $page->assign('new_deces',$new_deces);
         }
@@ -741,6 +857,21 @@ class AdminModule extends PLModule
         $page->assign('decedes', $res);
     }
 
+    function handler_dead_but_active(&$page) {
+        $page->changeTpl('admin/dead_but_active.tpl');
+        $page->assign('xorg_title','Polytechnique.org - Administration - Décédés');
+
+        $res = XDB::iterator(
+                "SELECT  u.promo, u.nom, u.prenom, u.deces, u.matricule_ax, a.alias, DATE(MAX(s.start)) AS last
+                   FROM  auth_user_md5 AS u
+              LEFT JOIN  aliases AS a ON (a.id = u.user_id AND a.type = 'a_vie')
+              LEFT JOIN  logger.sessions AS s ON (s.uid = u.user_id AND suid = 0)
+                  WHERE  perms IN ('admin', 'user') AND deces <> 0
+               GROUP BY  u.user_id
+               ORDER BY  u.promo, u.nom");
+        $page->assign('dead', $res);
+    }
+
     function handler_synchro_ax(&$page, $user = null, $action = null) {
         $page->changeTpl('admin/synchro_ax.tpl');
         $page->assign('xorg_title','Polytechnique.org - Administration - Synchro AX');
@@ -788,19 +919,24 @@ class AdminModule extends PLModule
         }
     }
 
-    function handler_validate(&$page, $action = 'list', $id = null) {
+    function handler_validate(&$page, $action = 'list', $id = null)
+    {
         $page->changeTpl('admin/valider.tpl');
         $page->assign('xorg_title','Polytechnique.org - Administration - Valider une demande');
-               $page->addCssLink('nl.css');
-               require_once("validations.inc.php");
+                $page->addCssLink('nl.css');
+        $page->addJsLink('ajax.js');
+        require_once("validations.inc.php");
+
 
         if ($action == 'edit' and !is_null($id)) {
             $page->assign('preview_id', $id);
         }
 
         if(Env::has('uid') && Env::has('type') && Env::has('stamp')) {
+            S::assert_xsrf_token();
+
             $req = Validate::get_typed_request(Env::v('uid'), Env::v('type'), Env::v('stamp'));
-            if($req) { $req->handle_formu(); }
+            $req->handle_formu();
         }
 
         $r = XDB::iterator('SHOW COLUMNS FROM requests_answers');
@@ -822,8 +958,12 @@ class AdminModule extends PLModule
         }
         $page->assign('hide_requests', $hidden);
 
+        // Update the count of item to validate here... useful in development configuration
+        // where several copies of the site use the same DB, but not the same "dynamic configuration"
+        update_NbValid();
         $page->assign('vit', new ValidateIterator());
     }
+
     function handler_validate_answers(&$page, $action = 'list', $id = null) {
         $page->assign('xorg_title','Polytechnique.org - Administration - Réponses automatiques de validation');
         $page->assign('title', 'Gestion des réponses automatiques');
@@ -845,6 +985,7 @@ class AdminModule extends PLModule
         $table_editor->describe('ext','extension du screenshot',false);
         $table_editor->apply($page, $action, $id);
     }
+
     function handler_postfix_blacklist(&$page, $action = 'list', $id = null) {
         $page->assign('xorg_title','Polytechnique.org - Administration - Postfix : Blacklist');
         $page->assign('title', 'Blacklist de postfix');
@@ -889,12 +1030,19 @@ class AdminModule extends PLModule
         $table_editor->apply($page, $action, $id);
     }
 
-    function handler_wiki(&$page, $action='list')
+    function handler_wiki(&$page, $action='list', $wikipage='', $wikipage2='')
     {
         require_once 'wiki.inc.php';
 
+        if (S::v('core_rss_hash')) {
+           $page->setRssLink('Changement Récents',
+                             '/Site/AllRecentChanges?action=rss&user=' . S::v('forlife') . '&hash=' . S::v('core_rss_hash'));
+        }
+
         // update wiki perms
         if ($action == 'update') {
+            S::assert_xsrf_token();
+
             $perms_read = Post::v('read');
             $perms_edot = Post::v('edit');
             if ($perms_read || $perms_edit) {
@@ -911,6 +1059,30 @@ class AdminModule extends PLModule
             }
         }
 
+        if ($action == 'delete' && $wikipage != '') {
+            S::assert_xsrf_token();
+
+            if (wiki_delete_page($wikipage)) {
+                $page->trig("La page ".$wikipage." a été supprimée.");
+            } else {
+                $page->trig("Impossible de supprimer la page ".$wikipage.".");
+            }
+        }
+
+        if ($action == 'rename' && $wikipage != '' && $wikipage2 != '' && $wikipage != $wikipage2) {
+            S::assert_xsrf_token();
+
+            if ($changedLinks = wiki_rename_page($wikipage, $wikipage2)) {
+                $s = 'La page <em>'.$wikipage.'</em> a été déplacée en <em>'.$wikipage2.'</em>.';
+                if (is_numeric($changedLinks)) {
+                    $s .= $changedLinks.' lien'.(($changedLinks>1)?'s ont été modifiés.':' a été modifié.');
+                }
+                $page->trig($s);
+            } else {
+                $page->trig("Impossible de déplacer la page ".$wikipage);
+            }
+        }
+
         $perms = wiki_perms_options();
 
         // list wiki pages and their perms
@@ -938,41 +1110,45 @@ class AdminModule extends PLModule
             $wiki_tree[$cat][$name] = $desc;
         }
 
-
-
         $page->changeTpl('admin/wiki.tpl');
+        $page->addJsLink('jquery.js');
         $page->assign('wiki_pages', $wiki_tree);
         $page->assign('perms_opts', $perms);
     }
 
     function handler_ipwatch(&$page, $action = 'list', $ip = null)
-    { 
+    {
         $page->changeTpl('admin/ipwatcher.tpl');
-            
+
         $states = array('safe'      => 'Ne pas surveiller',
-                        'unsafe'    => 'Surveiller les inscription',
+                        'unsafe'    => 'Surveiller les inscriptions',
                         'dangerous' => 'Surveiller tous les accès',
                         'ban'       => 'Bannir cette adresse');
         $page->assign('states', $states);
 
         switch (Post::v('action')) {
-        case 'create':
+          case 'create':
             if (trim(Post::v('ipN')) != '') {
-                Xdb::execute('INSERT IGNORE INTO ip_watch (ip, state, detection, last, uid, description)
-                                          VALUES ({?}, {?}, CURDATE(), NOW(), {?}, {?})',
-                             trim(Post::v('ipN')), Post::v('stateN'), S::i('uid'), Post::v('descriptionN'));
-            };      
-            break;  
-                                   
-        case 'edit':               
-            Xdb::execute('UPDATE ip_watch 
-                             SET state = {?}, last = NOW(), uid = {?}, description = {?}
-                           WHERE ip = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), Post::v('ipN'));
+                S::assert_xsrf_token();
+                Xdb::execute('INSERT IGNORE INTO ip_watch (ip, mask, state, detection, last, uid, description)
+                                          VALUES ({?}, {?}, {?}, CURDATE(), NOW(), {?}, {?})',
+                             ip_to_uint(trim(Post::v('ipN'))), ip_to_uint(trim(Post::v('maskN'))),
+                             Post::v('stateN'), S::i('uid'), Post::v('descriptionN'));
+            };
+            break;
+
+          case 'edit':
+            S::assert_xsrf_token();
+            Xdb::execute('UPDATE ip_watch
+                             SET state = {?}, last = NOW(), uid = {?}, description = {?}, mask = {?}
+                           WHERE ip = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'),
+                          ip_to_uint(Post::v('maskN')), ip_to_uint(Post::v('ipN')));
             break;
-            
-        default:
+
+          default:
             if ($action == 'delete' && !is_null($ip)) {
-                Xdb::execute('DELETE FROM emails_watch WHERE ip = {?}', $ip);
+                S::assert_xsrf_token();
+                Xdb::execute('DELETE FROM ip_watch WHERE ip = {?}', ip_to_uint($ip));
             }
         }
         if ($action != 'create' && $action != 'edit') {
@@ -981,22 +1157,29 @@ class AdminModule extends PLModule
         $page->assign('action', $action);
 
         if ($action == 'list') {
-            $sql = "SELECT  w.ip, IF(w.ip = s.ip, s.host, s.forward_host), w.detection, w.state, a.alias AS forlife
+            $sql = "SELECT  w.ip, IF(s.ip IS NULL,
+                                     IF(w.ip = s2.ip, s2.host, s2.forward_host),
+                                     IF(w.ip = s.ip, s.host, s.forward_host)),
+                            w.mask, w.detection, w.state, a.alias AS forlife
                       FROM  ip_watch        AS w
-                 LEFT JOIN  logger.sessions AS s ON (s.ip = w.ip OR s.forward_ip = w.ip)
-                 LEFT JOIN  aliases         AS a ON (a.id = s.uid AND a.type = 'a_vie')
+                 LEFT JOIN  logger.sessions AS s  ON (s.ip = w.ip)
+                 LEFT JOIN  logger.sessions AS s2 ON (s2.forward_ip = w.ip)
+                 LEFT JOIN  aliases         AS a  ON (a.id = s.uid AND a.type = 'a_vie')
                   GROUP BY  w.ip, a.alias
                   ORDER BY  w.state, w.ip, a.alias";
             $it = Xdb::iterRow($sql);
 
             $table = array();
             $props = array();
-            while (list($ip, $host, $date, $state, $forlife) = $it->next()) {
+            while (list($ip, $host, $mask, $date, $state, $forlife) = $it->next()) {
+                $ip = uint_to_ip($ip);
+                $mask = uint_to_ip($mask);
                 if (count($props) == 0 || $props['ip'] != $ip) {
                     if (count($props) > 0) {
                         $table[] = $props;
                     }
                     $props = array('ip'        => $ip,
+                                   'mask'      => $mask,
                                    'host'      => $host,
                                    'detection' => $date,
                                    'state'     => $state,
@@ -1010,21 +1193,22 @@ class AdminModule extends PLModule
             }
             $page->assign('table', $table);
         } elseif ($action == 'edit') {
-            $sql = "SELECT  w.detection, w.state, w.last, w.description,
+            $sql = "SELECT  w.detection, w.state, w.last, w.description, w.mask,
                             a1.alias AS edit, a2.alias AS forlife, s.host
                       FROM  ip_watch        AS w
-                 LEFT JOIN  aliases         AS a1 ON (a1.id = w.uid AND a1.type = 'a_vie')     
+                 LEFT JOIN  aliases         AS a1 ON (a1.id = w.uid AND a1.type = 'a_vie')
                  LEFT JOIN  logger.sessions AS s  ON (w.ip = s.ip)
                  LEFT JOIN  aliases         AS a2 ON (a2.id = s.uid AND a2.type = 'a_vie')
                      WHERE  w.ip = {?}
                   GROUP BY  a2.alias
                   ORDER BY  a2.alias";
-            $it = Xdb::iterRow($sql, $ip);
+            $it = Xdb::iterRow($sql, ip_to_uint($ip));
 
             $props = array();
-            while (list($detection, $state, $last, $description, $edit, $forlife, $host) = $it->next()) {
+            while (list($detection, $state, $last, $description, $mask, $edit, $forlife, $host) = $it->next()) {
                 if (count($props) == 0) {
                     $props = array('ip'          => $ip,
+                                   'mask'        => uint_to_ip($mask),
                                    'host'        => $host,
                                    'detection'   => $detection,
                                    'state'       => $state,
@@ -1039,6 +1223,23 @@ class AdminModule extends PLModule
             $page->assign('ip', $props);
         }
     }
+
+    function handler_icons(&$page)
+    {
+        $page->changeTpl('admin/icons.tpl');
+        $dh = opendir('../htdocs/images/icons');
+        if (!$dh) {
+            $page->trig('Dossier des icones introuvables.');
+        }
+        $icons = array();
+        while (($file = readdir($dh)) !== false) {
+            if (strlen($file) > 4 && substr($file,-4) == '.gif') {
+                array_push($icons, substr($file, 0, -4));
+            }
+        }
+        sort($icons);
+        $page->assign('icons', $icons);
+    }
 }
 
 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: