X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fplatal.php;h=9502edd254612979057fd91a204c1fa1ee4747be;hb=35be58456be0f138e9acc010bb6670fb0b1e1b5d;hp=7c3093be3b10889f1913ad7e808ba61a91f88feb;hpb=1c4a1d0a32c52851e9ffbbf585bb206c9a472dc9;p=platal.git
diff --git a/modules/platal.php b/modules/platal.php
index 7c3093b..9502edd 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
changeTpl('platal/changeLog.tpl');
@@ -129,7 +129,7 @@ class PlatalModule extends PLModule
}
}
- function handler_prefs(&$page)
+ function handler_prefs($page)
{
$page->changeTpl('platal/preferences.tpl');
$page->setTitle('Mes préférences');
@@ -146,7 +146,7 @@ class PlatalModule extends PLModule
}
}
- function handler_webredir(&$page)
+ function handler_webredir($page)
{
$page->changeTpl('platal/webredirect.tpl');
$page->setTitle('Redirection de page WEB');
@@ -156,8 +156,9 @@ class PlatalModule extends PLModule
$page->trigError('URL invalide');
} else {
$url = Env::t('url');
- XDB::execute('REPLACE INTO carvas (uid, url)
- VALUES ({?}, {?})',
+ XDB::execute('INSERT INTO carvas (uid, url)
+ VALUES ({?}, {?})
+ ON DUPLICATE KEY UPDATE url = VALUES(url)',
S::i('uid'), $url);
S::logger()->log('carva_add', 'http://' . $url);
$page->trigSuccess("Redirection activée vers $url");
@@ -177,14 +178,14 @@ class PlatalModule extends PLModule
# FIXME: this code is not multi-domain compatible. We should decide how
# carva will extend to users not in the main domain.
- $res = XDB::query("SELECT alias
- FROM aliases
- WHERE uid = {?} AND FIND_IN_SET('bestalias', flags)",
- S::user()->id());
- $page->assign('bestalias', $res->fetchOneCell());
+ $best = XDB::fetchOneCell('SELECT email
+ FROM email_source_account
+ WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
+ S::user()->id());
+ $page->assign('bestalias', $best);
}
- function handler_prefs_rss(&$page)
+ function handler_prefs_rss($page)
{
$page->changeTpl('platal/filrss.tpl');
@@ -196,7 +197,7 @@ class PlatalModule extends PLModule
}
}
- function handler_password(&$page)
+ function handler_password($page)
{
global $globals;
@@ -227,11 +228,11 @@ class PlatalModule extends PLModule
}
$page->changeTpl('platal/password.tpl');
- $page->addJsLink('password.js');
$page->setTitle('Mon mot de passe');
+ $page->assign('do_auth', 0);
}
- function handler_smtppass(&$page)
+ function handler_smtppass($page)
{
$page->changeTpl('platal/acces_smtp.tpl');
$page->setTitle('Acces SMTP/NNTP');
@@ -265,7 +266,7 @@ class PlatalModule extends PLModule
$page->assign('actif', $res->fetchOneCell());
}
- function handler_recovery(&$page)
+ function handler_recovery($page)
{
global $globals;
@@ -275,7 +276,7 @@ class PlatalModule extends PLModule
return;
}
- if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
+ if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
$page->trigError('Date de naissance incorrecte ou incohérente');
return;
}
@@ -300,35 +301,35 @@ class PlatalModule extends PLModule
return;
}
- $res = XDB::query("SELECT COUNT(*)
- FROM emails
- WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $user->id());
- $count = intval($res->fetchOneCell());
- if ($count == 0) {
+ if ($user->lost) {
$page->assign('no_addr', true);
return;
}
$page->assign('ok', true);
- $url = rand_url_id();
+ $url = rand_url_id();
XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
VALUES ({?},{?},NOW())', $url, $user->id());
- $res = XDB::query('SELECT email
- FROM emails
- WHERE uid = {?} AND email = {?}',
- $user->id(), Post::v('email'));
- if ($res->numRows()) {
- $mails = $res->fetchOneCell();
- } else {
- $res = XDB::query("SELECT email
- FROM emails
- WHERE uid = {?} AND NOT FIND_IN_SET('filter', flags)", $user->id());
- $mails = implode(', ', $res->fetchColumn());
+ $to = XDB::fetchOneCell('SELECT redirect
+ FROM email_redirect_account
+ WHERE uid = {?} AND redirect = {?}',
+ $user->id(), Post::t('email'));
+ if (is_null($to)) {
+ $emails = XDB::fetchColumn('SELECT redirect
+ FROM email_redirect_account
+ WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
+ $user->id());
+ $inactives_to = implode(', ', $emails);
}
$mymail = new PlMailer();
$mymail->setFrom('"Gestion des mots de passe" mail->domain . '>');
- $mymail->addTo($mails);
+ if (is_null($to)) {
+ $mymail->addTo($user);
+ $mymail->addTo($inactives_to);
+ } else {
+ $mymail->addTo($to);
+ }
$mymail->setSubject("Ton certificat d'authentification");
$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url
@@ -343,11 +344,10 @@ Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
$mymail->send();
- // on cree un objet logger et on log l'evenement
- S::logger($user->id())->log('recovery', $mails);
+ S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
}
- function handler_tmpPWD(&$page, $certif = null)
+ function handler_tmpPWD($page, $certif = null)
{
global $globals;
// XXX: recovery requires data from the profile
@@ -383,14 +383,24 @@ Adresse de secours : " . Post::v('email') : ""));
}
S::logger($uid)->log("passwd", "");
+
+ // Try to start a session (so the user don't have to log in); we will use
+ // the password available in Post:: to authenticate the user.
+ Platal::session()->start(AUTH_MDP);
+
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
+ $hruid = XDB::fetchOneCell('SELECT hruid
+ FROM accounts
+ WHERE uid = {?}',
+ $uid);
$page->changeTpl('platal/password.tpl');
- $page->addJsLink('password.js');
+ $page->assign('hruid', $hruid);
+ $page->assign('do_auth', 1);
}
}
- function handler_skin(&$page)
+ function handler_skin($page)
{
global $globals;
@@ -419,7 +429,7 @@ Adresse de secours : " . Post::v('email') : ""));
$page->assign('skins', XDB::iterator($sql));
}
- function handler_exit(&$page, $level = null)
+ function handler_exit($page, $level = null)
{
if (S::suid()) {
$old = S::user()->login();
@@ -453,7 +463,7 @@ Adresse de secours : " . Post::v('email') : ""));
}
}
- function handler_review(&$page, $action = null, $mode = null)
+ function handler_review($page, $action = null, $mode = null)
{
// Include X-XRDS-Location response-header for Yadis discovery
global $globals;