'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
// Preferences thingies
- 'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
- 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
- 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
- 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
+ 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
+ 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
+ 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
+ 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
// password related thingies
- 'password' => $this->make_hook('password', AUTH_MDP),
+ 'password' => $this->make_hook('password', AUTH_MDP, 'user,groups'),
'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
- 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
+ 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
+ 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
+ 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
'exit' => $this->make_hook('exit', AUTH_PUBLIC),
'review' => $this->make_hook('review', AUTH_PUBLIC),
'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
$page->changeTpl('platal/password.tpl');
$page->setTitle('Mon mot de passe');
- $page->assign('do_auth', false);
+ $page->assign('do_auth', 0);
}
function handler_smtppass($page)
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'École polytechnique\"
-Email envoyé à ".Env::v('login') . (Post::has('email') ? "
-Adresse de secours : " . Post::v('email') : ""));
+Email envoyé à ".Env::v('login') . (is_null($to) ? '' : '
+Adresse de secours : ' . $to));
$mymail->send();
S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
}
+ function handler_recovery_ext($page)
+ {
+ $page->changeTpl('xnet/recovery.tpl');
+
+ if (!Post::has('login')) {
+ return;
+ }
+
+ $user = User::getSilent(Post::t('login'));
+ if (is_null($user)) {
+ $page->trigError('Le compte n\'existe pas.');
+ return;
+ }
+ if ($user->state != 'active') {
+ $page->trigError('Ton compte n\'est pas activé.');
+ return;
+ }
+
+ $page->assign('ok', true);
+
+ $hash = rand_url_id();
+ XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
+ VALUES ({?}, NOW(), {?})',
+ $user->id(), $hash);
+
+ $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl');
+ $mymail->addTo($user);
+ $mymail->assign('hash', $hash);
+ $mymail->assign('email', Post::t('login'));
+ $mymail->send();
+
+ S::logger($user->id())->log('recovery', $user->bestEmail());
+ }
+
function handler_tmpPWD($page, $certif = null)
{
global $globals;
- // XXX: recovery requires data from the profile
XDB::execute('DELETE FROM account_lost_passwords
WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
$uid);
$page->changeTpl('platal/password.tpl');
$page->assign('hruid', $hruid);
- $page->assign('do_auth', true);
+ $page->assign('do_auth', 1);
+ }
+ }
+
+ function handler_register_ext($page, $hash = null)
+ {
+ XDB::execute('DELETE FROM register_pending_xnet
+ WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
+ $res = XDB::fetchOneAssoc('SELECT uid, hruid, email
+ FROM register_pending_xnet
+ WHERE hash = {?}',
+ $hash);
+
+ if (is_null($hash) || is_null($res)) {
+ $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
+ }
+
+ if (Post::has('pwhash') && Post::t('pwhash')) {
+ XDB::startTransaction();
+ XDB::query('UPDATE accounts
+ SET password = {?}, state = \'active\', registration_date = NOW()
+ WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
+ Post::t('pwhash'), $res['uid']);
+ XDB::query('DELETE FROM register_pending_xnet
+ WHERE uid = {?}',
+ $res['uid']);
+ XDB::commit();
+
+ S::logger($res['uid'])->log('passwd', '');
+
+ // Try to start a session (so the user don't have to log in); we will use
+ // the password available in Post:: to authenticate the user.
+ Post::kill('wait');
+ Platal::session()->startAvailableAuth();
+
+ $page->changeTpl('xnet/register.success.tpl');
+ $page->assign('email', $res['email']);
+ } else {
+ $page->changeTpl('platal/password.tpl');
+ $page->assign('xnet', true);
+ $page->assign('hruid', $res['hruid']);
+ $page->assign('do_auth', 1);
}
}
projects / platal.git / blobdiff