if (S::logged()) {
pl_redirect('events');
} else if (!@$GLOBALS['IS_XNET_SITE']) {
- pl_redirect('review');
+ $this->handler_review($page);
}
}
exit;
}
- function handler_changelog(&$page)
+ function handler_changelog(&$page, $core = null)
{
$page->changeTpl('platal/changeLog.tpl');
- $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
- $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
- // url catch only (not all wiki syntax)
- $clog = preg_replace(array(
- '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
- '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
- '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
- array(
- '<a href="\\0">\\0</a>',
- '\\1<a href="http://www.\\2">www.\\2</a>',
- '<a href="mailto:\\0">\\0</a>'),
- $clog);
- $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
- $clog = preg_replace('!vim:.*$!', '', $clog);
- $clog = preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
- $page->assign('ChangeLog', $clog);
+ function formatChangeLog($file) {
+ $clog = pl_entities(file_get_contents($file));
+ $clog = preg_replace('/===+\s*/', '</pre><hr /><pre>', $clog);
+ // url catch only (not all wiki syntax)
+ $clog = preg_replace(array(
+ '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
+ '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
+ '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
+ array(
+ '<a href="\\0">\\0</a>',
+ '\\1<a href="http://www.\\2">www.\\2</a>',
+ '<a href="mailto:\\0">\\0</a>'),
+ $clog);
+ $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
+ $clog = preg_replace('!vim:.*$!', '', $clog);
+ return preg_replace("!(<hr />(\\s|\n)*)?<pre>(\s|\n)*</pre>((\\s|\n)*<hr />)?!m", "", "<pre>$clog</pre>");
+ }
+ if ($core != 'core') {
+ $page->assign('core', false);
+ $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
+ } else {
+ $page->assign('core', true);
+ $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
+ }
}
function __set_rss_state($state)
{
if ($state) {
- $_SESSION['core_rss_hash'] = rand_url_id(16);
- XDB::execute('UPDATE auth_user_quick
- SET core_rss_hash={?} WHERE user_id={?}',
- S::v('core_rss_hash'), S::v('uid'));
+ S::set('token', rand_url_id(16));
+ XDB::execute('UPDATE accounts
+ SET token = {?}
+ WHERE uid = {?}', S::s('token'), S::i('uid'));
} else {
- XDB::execute('UPDATE auth_user_quick
- SET core_rss_hash="" WHERE user_id={?}',
- S::v('uid'));
- S::kill('core_rss_hash');
+ S::kill('token');
+ XDB::execute('UPDATE accounts
+ SET token = NULL
+ WHERE uid = {?}', S::i('uid'));
}
}
$page->changeTpl('platal/preferences.tpl');
$page->setTitle('Mes préférences');
- if (Post::has('mail_fmt')) {
- $fmt = Post::v('mail_fmt');
- if ($fmt != 'texte') $fmt = 'html';
- XDB::execute("UPDATE auth_user_quick
- SET core_mail_fmt = '$fmt'
- WHERE user_id = {?}",
- S::v('uid'));
- $_SESSION['mail_fmt'] = $fmt;
+ if (Post::has('email_format')) {
+ $fmt = Post::s('email_format');
+ XDB::execute("UPDATE accounts
+ SET email_format = {?}
+ WHERE uid = {?}",
+ $fmt, S::v('uid'));
+ S::set('email_format', $fmt);
}
if (Post::has('rss')) {
$url = Env::v('url');
if (Env::v('submit') == 'Valider' and Env::has('url')) {
- XDB::execute('UPDATE auth_user_quick
- SET redirecturl = {?} WHERE user_id = {?}',
- $url, S::v('uid'));
+ XDB::execute('UPDATE auth_user_quick
+ SET redirecturl = {?} WHERE user_id = {?}',
+ $url, S::i('uid'));
S::logger()->log('carva_add', 'http://'.Env::v('url'));
$page->trigSuccess("Redirection activée vers <a href='http://$url'>$url</a>");
} elseif (Env::v('submit') == "Supprimer") {
- XDB::execute("UPDATE auth_user_quick
- SET redirecturl = ''
- WHERE user_id = {?}",
- S::v('uid'));
+ XDB::execute("UPDATE auth_user_quick
+ SET redirecturl = ''
+ WHERE user_id = {?}",
+ S::i('uid'));
S::logger()->log("carva_del", $url);
Post::kill('url');
$page->trigSuccess('Redirection supprimée');
}
- $res = XDB::query('SELECT redirecturl
- FROM auth_user_quick
- WHERE user_id = {?}',
- S::v('uid'));
+ $res = XDB::query('SELECT redirecturl
+ FROM auth_user_quick
+ WHERE user_id = {?}',
+ S::i('uid'));
$page->assign('carva', $res->fetchOneCell());
# FIXME: this code is not multi-domain compatible. We should decide how
global $globals;
if (Post::has('response2')) {
- require_once 'secure_hash.inc.php';
S::assert_xsrf_token();
- $_SESSION['password'] = $password = Post::v('response2');
-
- XDB::execute('UPDATE auth_user_md5
- SET password={?}
- WHERE user_id={?}', $password,
- S::v('uid'));
+ S::set('password', $password = Post::v('response2'));
+ XDB::execute('UPDATE accounts
+ SET password = {?}
+ WHERE uid={?}', $password,
+ S::i('uid'));
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
// updates the Google Apps password as well.
}
}
- $log =& S::v('log');
- S::logger()->log('passwd', '');
-
- if (Cookie::v('ORGaccess')) {
- setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
- }
+ S::logger()->log('passwd');
+ Platal::session()->setAccessCookie(true);
$page->changeTpl('platal/motdepasse.success.tpl');
$page->run();
$wp = new PlWikiPage('Xorg.NNTPSécurisé');
$wp->buildCache();
- $uid = S::v('uid');
+ $uid = S::i('uid');
$pass = Env::v('smtppass1');
- $log = S::v('log');
if (Env::v('op') == "Valider" && strlen($pass) >= 6
- && Env::v('smtppass1') == Env::v('smtppass2'))
- {
- XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
- WHERE user_id = {?}', $pass, $uid);
+ && Env::v('smtppass1') == Env::v('smtppass2')) {
+ // FIXME: Put smtppass somewhere
+ XDB::execute('UPDATE auth_user_md5
+ SET smtppass = {?}
+ WHERE user_id = {?}', $pass, $uid);
$page->trigSuccess('Mot de passe enregistré');
S::logger()->log("passwd_ssl");
} elseif (Env::v('op') == "Supprimer") {
- XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
- WHERE user_id = {?}', $uid);
+ // FIXME: Put smtppass somewhere
+ XDB::execute('UPDATE auth_user_md5
+ SET smtppass = ""
+ WHERE user_id = {?}', $uid);
$page->trigSuccess('Compte SMTP et NNTP supprimé');
S::logger()->log("passwd_del");
}
$mailorg = strtok(Env::v('login'), '@');
- // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
- // avec celle fournie ici en espérant que c'est la bonne
-
+ // XXX: recovery requires usage of profile data.
$res = XDB::query(
"SELECT user_id, naissance
FROM auth_user_md5 AS u
$mymail->send();
// on cree un objet logger et on log l'evenement
- $logger = $_SESSION['log'] = new PlLogger($uid);
- S::logger()->log('recovery', $mails);
+ S::logger(uid)->log('recovery', $mails);
} else {
$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />'.
'Si tu as un homonyme, utilise prenom.nom.promo comme login');
function handler_tmpPWD(&$page, $certif = null)
{
global $globals;
- XDB::execute('DELETE FROM perte_pass
- WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
+ // XXX: recovery requires data from the profile
+ XDB::execute('DELETE FROM perte_pass
+ WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
- $res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
+ $res = XDB::query('SELECT uid
+ FROM perte_pass WHERE certificat={?}', $certif);
$ligne = $res->fetchOneAssoc();
if (!$ligne) {
$page->changeTpl('platal/index.tpl');
$uid = $ligne["uid"];
if (Post::has('response2')) {
$password = Post::v('response2');
- XDB::query('UPDATE auth_user_md5 SET password={?}
- WHERE user_id={?} AND perms IN("admin","user")',
- $password, $uid);
- XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
+ XDB::query('UPDATE accounts
+ SET password={?}
+ WHERE uid = {?} AND state = \'active\'',
+ $password, $uid);
+ XDB::query('DELETE FROM perte_pass
+ WHERE certificat={?}', $certif);
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
// updates the Google Apps password as well.
}
}
- $logger = new PlLogger($uid);
- S::logger()->log("passwd","");
+ S::logger($uid)->log("passwd", "");
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
$page->changeTpl('platal/motdepasse.tpl');
$page->setTitle('Skins');
if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
- XDB::execute('UPDATE auth_user_quick
- SET skin={?} WHERE user_id={?}',
- Env::i('newskin'), S::v('uid'));
+ XDB::execute('UPDATE accounts
+ SET skin = {?}
+ WHERE uid = {?}',
+ Env::i('newskin'), S::i('uid'));
S::kill('skin');
Platal::session()->setSkin();
}
- $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
+ $res = XDB::query('SELECT id
+ FROM skins
+ WHERE skin_tpl = {?}', S::v('skin'));
$page->assign('skin_id', $res->fetchOneCell());
- $sql = "SELECT s.*,auteur,count(*) AS nb
- FROM skins AS s
- LEFT JOIN auth_user_quick AS a ON s.id=a.skin
- WHERE skin_tpl != '' AND ext != ''
- GROUP BY id ORDER BY s.date DESC";
+ $sql = 'SELECT s.*, auteur, COUNT(*) AS nb
+ FROM skins AS s
+ LEFT JOIN accounts AS a ON (a.skin = s.id)
+ WHERE skin_tpl != \'\' AND ext != \'\'
+ GROUP BY id ORDER BY s.date DESC';
$page->assign('skins', XDB::iterator($sql));
}
function handler_exit(&$page, $level = null)
{
- if (S::has('suid')) {
- $suid = S::v('suid');
- $log = S::v('log');
- S::logger()->log("suid_stop", S::user()->login() . " by " . $suid['hruid']);
+ if (S::suid()) {
+ S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
Platal::session()->stopSUID();
pl_redirect('admin/user/' . S::user()->login());
}
if ($level == 'forget' || $level == 'forgetall') {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGaccess');
- if (isset($_SESSION['log']))
- S::logger()->log("cookie_off");
+ Platal::session()->killAccessCookie();
}
if ($level == 'forgetuid' || $level == 'forgetall') {
- setcookie('ORGuid', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGuid');
- setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGdomain');
+ Platal::session()->killLoginFormCookies();
}
- if (isset($_SESSION['log'])) {
- $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
- S::logger()->log('deconnexion',$ref);
- }
+ S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->destroy();
if (Get::has('redirect')) {