Merge commit 'origin/fusionax' into account

[platal.git] / modules / platal.php

diff --git a/modules/platal.php b/modules/platal.php
index 951803b..450022a 100644 (file)
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2008 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -62,10 +62,15 @@ class PlatalModule extends PLModule
 
     function handler_index(&$page)
     {
+        // Include X-XRDS-Location response-header for Yadis discovery
+        global $globals;
+        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/idp_xrds');
+
+        // Redirect to the suitable page
         if (S::logged()) {
             pl_redirect('events');
         } else if (!@$GLOBALS['IS_XNET_SITE']) {
-            pl_redirect('review');
+            $this->handler_review($page);
         }
     }
 
@@ -82,40 +87,48 @@ class PlatalModule extends PLModule
         exit;
     }
 
-    function handler_changelog(&$page)
+    function handler_changelog(&$page, $core = null)
     {
         $page->changeTpl('platal/changeLog.tpl');
 
-        $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
-        $clog = preg_replace('/=+\s*/', '</pre><hr /><pre>', $clog);
-        // url catch only (not all wiki syntax)
-        $clog = preg_replace(array(
-            '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
-            '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
-            '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
-          array(
-            '<a href="\\0">\\0</a>',
-            '\\1<a href="http://www.\\2">www.\\2</a>',
-            '<a href="mailto:\\0">\\0</a>'),
-          $clog);
-        $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
-        $clog = preg_replace('!vim:.*$!', '', $clog);
-        $clog = preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
-        $page->assign('ChangeLog', $clog);
+        function formatChangeLog($file) {
+            $clog = pl_entities(file_get_contents($file));
+            $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
+            // url catch only (not all wiki syntax)
+            $clog = preg_replace(array(
+                '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
+                '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
+                '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
+              array(
+                '<a href="\\0">\\0</a>',
+                '\\1<a href="http://www.\\2">www.\\2</a>',
+                '<a href="mailto:\\0">\\0</a>'),
+              $clog);
+            $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
+            $clog = preg_replace('!vim:.*$!', '', $clog);
+            return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
+        }
+        if ($core != 'core') {
+            $page->assign('core', false);
+            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
+        } else {
+            $page->assign('core', true);
+            $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
+        }
     }
 
     function __set_rss_state($state)
     {
         if ($state) {
-            $_SESSION['core_rss_hash'] = rand_url_id(16);
-            XDB::execute('UPDATE  auth_user_quick
-                                   SET  core_rss_hash={?} WHERE user_id={?}',
-                                   S::v('core_rss_hash'), S::v('uid'));
+            S::set('token', rand_url_id(16));
+            XDB::execute('UPDATE  accounts
+                             SET  token = {?}
+                           WHERE  uid = {?}', S::s('token'), S::i('uid'));
         } else {
-            XDB::execute('UPDATE  auth_user_quick
-                                   SET  core_rss_hash="" WHERE user_id={?}',
-                                   S::v('uid'));
-            S::kill('core_rss_hash');
+            S::kill('token');
+            XDB::execute('UPDATE  accounts
+                             SET  token = NULL
+                           WHERE  uid = {?}', S::i('uid'));
         }
     }
 
@@ -124,14 +137,13 @@ class PlatalModule extends PLModule
         $page->changeTpl('platal/preferences.tpl');
         $page->setTitle('Mes préférences');
 
-        if (Post::has('mail_fmt')) {
-            $fmt = Post::v('mail_fmt');
-            if ($fmt != 'texte') $fmt = 'html';
-            XDB::execute("UPDATE auth_user_quick
-                                       SET core_mail_fmt = '$fmt'
-                                     WHERE user_id = {?}",
-                                     S::v('uid'));
-            $_SESSION['mail_fmt'] = $fmt;
+        if (Post::has('email_format')) {
+            $fmt = Post::s('email_format');
+            XDB::execute("UPDATE accounts
+                             SET email_format = {?}
+                           WHERE uid = {?}",
+                         $fmt, S::v('uid'));
+            S::set('email_format', $fmt);
         }
 
         if (Post::has('rss')) {
@@ -150,33 +162,31 @@ class PlatalModule extends PLModule
     function handler_webredir(&$page)
     {
         $page->changeTpl('platal/webredirect.tpl');
-
         $page->setTitle('Redirection de page WEB');
 
-        $log =& S::v('log');
-        $url = Env::v('url');
-
-        if (Env::v('submit') == 'Valider' and Env::has('url')) {
-            XDB::execute('UPDATE auth_user_quick
-                                       SET redirecturl = {?} WHERE user_id = {?}',
-                                   $url, S::v('uid'));
-            S::logger()->log('carva_add', 'http://'.Env::v('url'));
-            $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
-        } elseif (Env::v('submit') == "Supprimer") {
-            XDB::execute("UPDATE auth_user_quick
-                                       SET redirecturl = ''
-                                     WHERE user_id = {?}",
-                                   S::v('uid'));
-            S::logger()->log("carva_del", $url);
+        if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
+            if (Env::blank('url')) {
+                $page->trigError('URL invalide');
+            } else {
+                $url = Env::t('url');
+                XDB::execute('REPLACE INTO  carvas (uid, url)
+                                    VALUES  ({?}, {?})',
+                             S::i('uid'), $url);
+                S::logger()->log('carva_add', 'http://' . $url);
+                $page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
+            }
+        } elseif (Env::v('submit') == 'Supprimer') {
+            XDB::execute('DELETE FROM carvas
+                                WHERE uid = {?}', S::i('uid'));
             Post::kill('url');
+            S::logger()->log('carva_del');
             $page->trigSuccess('Redirection supprimée');
         }
 
-        $res = XDB::query('SELECT redirecturl
-                                       FROM auth_user_quick
-                                      WHERE user_id = {?}',
-                                    S::v('uid'));
-        $page->assign('carva', $res->fetchOneCell());
+        $url = XDB::fetchOneCell('SELECT  url
+                                    FROM  carvas
+                                   WHERE  uid = {?}', S::i('uid'));
+        $page->assign('carva', $url);
 
         # FIXME: this code is not multi-domain compatible. We should decide how
         # carva will extend to users not in the main domain.
@@ -204,15 +214,13 @@ class PlatalModule extends PLModule
         global $globals;
 
         if (Post::has('response2'))  {
-            require_once 'secure_hash.inc.php';
             S::assert_xsrf_token();
 
-            $_SESSION['password'] = $password = Post::v('response2');
-
-            XDB::execute('UPDATE  auth_user_md5
-                             SET  password={?}
-                           WHERE  user_id={?}', $password,
-                           S::v('uid'));
+            S::set('password', $password = Post::v('response2'));
+            XDB::execute('UPDATE  accounts
+                             SET  password = {?}
+                           WHERE  uid={?}', $password,
+                         S::i('uid'));
 
             // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
             // updates the Google Apps password as well.
@@ -224,12 +232,8 @@ class PlatalModule extends PLModule
                 }
             }
 
-            $log =& S::v('log');
-            S::logger()->log('passwd', '');
-
-            if (Cookie::v('ORGaccess')) {
-                setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
-            }
+            S::logger()->log('passwd');
+            Platal::session()->setAccessCookie(true);
 
             $page->changeTpl('platal/motdepasse.success.tpl');
             $page->run();
@@ -250,27 +254,27 @@ class PlatalModule extends PLModule
         $wp = new PlWikiPage('Xorg.NNTPSécurisé');
         $wp->buildCache();
 
-        $uid  = S::v('uid');
+        $uid  = S::i('uid');
         $pass = Env::v('smtppass1');
-        $log  = S::v('log');
 
         if (Env::v('op') == "Valider" && strlen($pass) >= 6
-        &&  Env::v('smtppass1') == Env::v('smtppass2'))
-        {
-            XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
-                                     WHERE user_id = {?}', $pass, $uid);
+            &&  Env::v('smtppass1') == Env::v('smtppass2')) {
+            XDB::execute('UPDATE  accounts
+                             SET  weak_password = {?}
+                           WHERE  uid = {?}', $pass, $uid);
             $page->trigSuccess('Mot de passe enregistré');
             S::logger()->log("passwd_ssl");
         } elseif (Env::v('op') == "Supprimer") {
-            XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
-                                     WHERE user_id = {?}', $uid);
+            XDB::execute('UPDATE  accounts
+                             SET  weak_password = NULL
+                           WHERE  uid = {?}', $uid);
             $page->trigSuccess('Compte SMTP et NNTP supprimé');
             S::logger()->log("passwd_del");
         }
 
-        $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
-                                       FROM auth_user_md5
-                                      WHERE user_id = {?}", $uid);
+        $res = XDB::query("SELECT  weak_password IS NOT NULL
+                             FROM  accounts
+                            WHERE  uid = {?}", $uid);
         $page->assign('actif', $res->fetchOneCell());
     }
 
@@ -296,9 +300,7 @@ class PlatalModule extends PLModule
 
         $mailorg = strtok(Env::v('login'), '@');
 
-        // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
-        // avec celle fournie ici en espérant que c'est la bonne
-
+        // XXX: recovery requires usage of profile data.
         $res = XDB::query(
                 "SELECT  user_id, naissance
                    FROM  auth_user_md5 AS u
@@ -351,8 +353,7 @@ Adresse de secours : " . Post::v('email') : ""));
             $mymail->send();
 
             // on cree un objet logger et on log l'evenement
-            $logger = $_SESSION['log'] = new PlLogger($uid);
-            S::logger()->log('recovery', $mails);
+            S::logger(uid)->log('recovery', $mails);
         } else {
             $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
                         'Si tu as un homonyme, utilise prenom.nom.promo comme login');
@@ -362,10 +363,12 @@ Adresse de secours : " . Post::v('email') : ""));
     function handler_tmpPWD(&$page, $certif = null)
     {
         global $globals;
-        XDB::execute('DELETE FROM perte_pass
-                                      WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
+        // XXX: recovery requires data from the profile
+        XDB::execute('DELETE FROM  perte_pass
+                            WHERE  DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
 
-        $res   = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
+        $res = XDB::query('SELECT  uid
+                             FROM  perte_pass WHERE certificat={?}', $certif);
         $ligne = $res->fetchOneAssoc();
         if (!$ligne) {
             $page->changeTpl('platal/index.tpl');
@@ -375,10 +378,12 @@ Adresse de secours : " . Post::v('email') : ""));
         $uid = $ligne["uid"];
         if (Post::has('response2')) {
             $password = Post::v('response2');
-            XDB::query('UPDATE  auth_user_md5 SET password={?}
-                                   WHERE  user_id={?} AND perms IN("admin","user")',
-                                 $password, $uid);
-            XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
+            XDB::query('UPDATE  accounts
+                           SET  password={?}
+                         WHERE  uid = {?} AND state = \'active\'',
+                       $password, $uid);
+            XDB::query('DELETE FROM  perte_pass
+                              WHERE  certificat={?}', $certif);
 
             // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
             // updates the Google Apps password as well.
@@ -390,8 +395,7 @@ Adresse de secours : " . Post::v('email') : ""));
                 }
             }
 
-            $logger = new PlLogger($uid);
-            S::logger()->log("passwd","");
+            S::logger($uid)->log("passwd", "");
             $page->changeTpl('platal/tmpPWD.success.tpl');
         } else {
             $page->changeTpl('platal/motdepasse.tpl');
@@ -407,53 +411,47 @@ Adresse de secours : " . Post::v('email') : ""));
         $page->setTitle('Skins');
 
         if (Env::has('newskin'))  {  // formulaire soumis, traitons les données envoyées
-            XDB::execute('UPDATE auth_user_quick
-                             SET skin={?} WHERE user_id={?}',
-                         Env::i('newskin'), S::v('uid'));
+            XDB::execute('UPDATE  accounts
+                             SET  skin = {?}
+                           WHERE  uid = {?}',
+                         Env::i('newskin'), S::i('uid'));
             S::kill('skin');
             Platal::session()->setSkin();
         }
 
-        $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
+        $res = XDB::query('SELECT  id
+                             FROM  skins
+                            WHERE  skin_tpl = {?}', S::v('skin'));
         $page->assign('skin_id', $res->fetchOneCell());
 
-        $sql = "SELECT s.*,auteur,count(*) AS nb
-                  FROM skins AS s
-             LEFT JOIN auth_user_quick AS a ON s.id=a.skin
-                 WHERE skin_tpl != '' AND ext != ''
-              GROUP BY id ORDER BY s.date DESC";
+        $sql = 'SELECT  s.*, auteur, COUNT(*) AS nb
+                  FROM  skins AS s
+             LEFT JOIN  accounts AS a ON (a.skin = s.id)
+                 WHERE  skin_tpl != \'\' AND ext != \'\'
+              GROUP BY  id ORDER BY s.date DESC';
         $page->assign('skins', XDB::iterator($sql));
     }
 
     function handler_exit(&$page, $level = null)
     {
-        if (S::has('suid')) {
-            $suid = S::v('suid');
-            $log  = S::v('log');
-            S::logger()->log("suid_stop", S::user()->login() . " by " . $suid['hruid']);
+        if (S::suid()) {
+            S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
             Platal::session()->stopSUID();
             pl_redirect('admin/user/' . S::user()->login());
         }
 
         if ($level == 'forget' || $level == 'forgetall') {
-            setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
-            Cookie::kill('ORGaccess');
-            if (isset($_SESSION['log']))
-                S::logger()->log("cookie_off");
+            Platal::session()->killAccessCookie();
         }
 
         if ($level == 'forgetuid' || $level == 'forgetall') {
-            setcookie('ORGuid', '', time() - 3600, '/', '', 0);
-            Cookie::kill('ORGuid');
-            setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
-            Cookie::kill('ORGdomain');
+            Platal::session()->killLoginFormCookies();
         }
 
-        if (isset($_SESSION['log'])) {
-            $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
-            S::logger()->log('deconnexion',$ref);
+        if (S::logged()) {
+            S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
+            Platal::session()->destroy();
         }
-        Platal::session()->destroy();
 
         if (Get::has('redirect')) {
             http_redirect(rawurldecode(Get::v('redirect')));
@@ -464,6 +462,10 @@ Adresse de secours : " . Post::v('email') : ""));
 
     function handler_review(&$page, $action = null, $mode = null) 
     {
+        // Include X-XRDS-Location response-header for Yadis discovery
+        global $globals;
+        header('X-XRDS-Location: ' . $globals->baseurl . '/openid/idp_xrds');
+
         $this->load('review.inc.php');
         $dom = 'Review';
         if (@$GLOBALS['IS_XNET_SITE']) {