X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Femail.php;h=e3f5e8e8fed789a04b1149e4878b023cbee6c008;hb=3e53a496dd11e5082bfefc22fc9322d80152edd6;hp=ddecd56ea86be319d96e6b0bbf865d2b2af1faae;hpb=08cce2ff528b38bde27cdec6d6bc28d6af4a42d4;p=platal.git diff --git a/modules/email.php b/modules/email.php index ddecd56..bfc5c06 100644 --- a/modules/email.php +++ b/modules/email.php @@ -1,6 +1,6 @@ $this->make_hook('broken', AUTH_COOKIE), 'emails/redirect' => $this->make_hook('redirect', AUTH_MDP), 'emails/send' => $this->make_hook('send', AUTH_MDP), + 'emails/antispam/submit' => $this->make_hook('submit', AUTH_COOKIE), + 'emails/test' => $this->make_hook('test', AUTH_COOKIE, 'user', NO_AUTH), + + 'emails/rewrite/in' => $this->make_hook('rewrite_in', AUTH_PUBLIC), + 'emails/rewrite/out' => $this->make_hook('rewrite_out', AUTH_PUBLIC), + + 'emails/imap/in' => $this->make_hook('imap_in', AUTH_PUBLIC), + + 'admin/emails/duplicated' => $this->make_hook('duplicated', AUTH_MDP, 'admin'), + 'admin/emails/watch' => $this->make_hook('duplicated', AUTH_MDP, 'admin'), + 'admin/emails/lost' => $this->make_hook('lost', AUTH_MDP, 'admin'), ); } - function handler_emails(&$page) + function handler_emails(&$page, $action = null, $email = null) { global $globals; + require_once 'emails.inc.php'; $page->changeTpl('emails/index.tpl'); - $page->assign('xorg_title','Polytechnique.org - Mes emails'); + $page->setTitle('Mes emails'); - $uid = Session::getInt('uid'); + $user = S::user(); - if (Post::has('best')) { - // bestalias is the first bit : 1 - // there will be maximum 8 bits in flags : 255 - XDB::execute("UPDATE aliases SET flags=flags & (255 - 1) WHERE id={?}", $uid); - XDB::execute("UPDATE aliases SET flags=flags | 1 WHERE id={?} AND alias={?}", - $uid, Post::get('best')); + // Apply the bestalias change request. + if ($action == 'best' && $email) { + if (!S::has_xsrf_token()) { + return PL_FORBIDDEN; + } + + XDB::execute("UPDATE aliases + SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ',')) + WHERE id = {?}", $user->id()); + XDB::execute("UPDATE aliases + SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias') + WHERE id = {?} AND alias = {?}", $user->id(), $email); + + // As having a non-null bestalias value is critical in + // plat/al's code, we do an a posteriori check on the + // validity of the bestalias. + fix_bestalias($user); } - // on regarde si on a affaire à un homonyme + // Fetch and display aliases. $sql = "SELECT alias, (type='a_vie') AS a_vie, (alias REGEXP '\\\\.[0-9]{2}$') AS cent_ans, FIND_IN_SET('bestalias',flags) AS best, expire FROM aliases WHERE id = {?} AND type!='homonyme' ORDER BY LENGTH(alias)"; - $page->assign('aliases', XDB::iterator($sql, $uid)); + $page->assign('aliases', XDB::iterator($sql, $user->id())); - $sql = "SELECT email - FROM emails - WHERE uid = {?} AND FIND_IN_SET('active', flags)"; - $page->assign('mails', XDB::iterator($sql, $uid)); + // Check for homonyms. + $homonyme = XDB::query( + "SELECT alias + FROM aliases + INNER JOIN homonymes ON (id = homonyme_id) + WHERE user_id = {?} AND type = 'homonyme'", $user->id()); + $page->assign('homonyme', $homonyme->fetchOneCell()); + // Display active redirections. + $redirect = new Redirect($user); + $page->assign('mails', $redirect->active_emails()); - // on regarde si l'utilisateur a un alias et si oui on l'affiche ! - $forlife = Session::get('forlife'); + // Display, when available, the @alias_dom email alias. $res = XDB::query( "SELECT alias FROM virtual AS v INNER JOIN virtual_redirect AS vr USING(vid) - WHERE (redirect={?} OR redirect={?}) + WHERE (redirect={?} OR redirect={?}) AND alias LIKE '%@{$globals->mail->alias_dom}'", - $forlife.'@'.$globals->mail->domain, $forlife.'@'.$globals->mail->domain2); + $user->forlifeEmail(), + // TODO: remove this über-ugly hack. The issue is that you need + // to remove all @m4x.org addresses in virtual_redirect first. + $user->login() . '@' . $globals->mail->domain2); $page->assign('melix', $res->fetchOneCell()); } @@ -84,41 +115,34 @@ class EmailModule extends PLModule global $globals; $page->changeTpl('emails/alias.tpl'); - $page->assign('xorg_title','Polytechnique.org - Alias melix.net'); + $page->setTitle('Alias melix.net'); - $uid = Session::getInt('uid'); - $forlife = Session::get('forlife'); + $user = S::user(); + $page->assign('demande', AliasReq::get_request($user->id())); - $page->assign('demande', AliasReq::get_request($uid)); + // Remove the email alias. + if ($action == 'delete' && $value) { + S::assert_xsrf_token(); - if ($action == 'suppr' && $value) { - //Suppression d'un alias XDB::execute( - 'DELETE virtual, virtual_redirect - FROM virtual - INNER JOIN virtual_redirect USING (vid) - WHERE alias = {?} AND (redirect = {?} OR redirect = {?})', $value, - $forlife.'@'.$globals->mail->domain, $forlife.'@'.$globals->mail->domain2); + "DELETE virtual, virtual_redirect + FROM virtual + INNER JOIN virtual_redirect USING (vid) + WHERE alias = {?} AND (redirect = {?} OR redirect = {?})", + $value, $user->forlifeEmail(), $user->m4xForlifeEmail()); } - //Récupération des alias éventuellement existants - $res = XDB::query( - "SELECT alias, emails_alias_pub - FROM auth_user_quick, virtual - INNER JOIN virtual_redirect USING(vid) - WHERE ( redirect={?} OR redirect= {?} ) - AND alias LIKE '%@{$globals->mail->alias_dom}' AND user_id = {?}", - $forlife.'@'.$globals->mail->domain, - $forlife.'@'.$globals->mail->domain2, Session::getInt('uid')); - list($alias, $visibility) = $res->fetchOneRow(); - $page->assign('actuel', $alias); + // Fetch existing @alias_dom aliases. + $alias = $user->emailAlias(); + $visibility = $user->hasProfile() && $user->profile()->alias_pub; - if ($action == 'ask' && Env::has('alias') and Env::has('raison')) { - //Si l'utilisateur vient de faire une damande + if ($action == 'ask' && Env::has('alias') && Env::has('raison')) { + S::assert_xsrf_token(); - $alias = Env::get('alias'); - $raison = Env::get('raison'); - $public = (Env::get('public', 'off') == 'on')?"public":"private"; + //Si l'utilisateur vient de faire une damande + $alias = Env::v('alias'); + $raison = Env::v('raison'); + $public = (Env::v('public', 'off') == 'on')?"public":"private"; $page->assign('r_alias', $alias); $page->assign('r_raison', $raison); @@ -126,55 +150,60 @@ class EmailModule extends PLModule $page->assign('r_public', true); } - //Quelques vérifications sur l'alias (caractères spéciaux) - if (!preg_match( "/^[a-zA-Z0-9\-.]{3,20}$/", $alias)) { - $page->trig("L'adresse demandée n'est pas valide. - Vérifie qu'elle comporte entre 3 et 20 caractères - et qu'elle ne contient que des lettres non accentuées, - des chiffres ou les caractères - et ."); + //Quelques vérifications sur l'alias (caractères spéciaux) + if (!preg_match("/^[a-zA-Z0-9\-.]{3,20}$/", $alias)) { + $page->trigError("L'adresse demandée n'est pas valide." + . " Vérifie qu'elle comporte entre 3 et 20 caractères" + . " et qu'elle ne contient que des lettres non accentuées," + . " des chiffres ou les caractères - et ."); return; } else { - //vérifier que l'alias n'est pas déja pris - $res = XDB::query('SELECT COUNT(*) FROM virtual WHERE alias={?}', - $alias.'@'.$globals->mail->alias_dom); + $alias_mail = $alias.'@'.$globals->mail->alias_dom; + + //vérifier que l'alias n'est pas déja pris + $res = XDB::query('SELECT COUNT(*) + FROM virtual + WHERE alias={?}', + $alias_mail); if ($res->fetchOneCell() > 0) { - $page->trig("L'alias $alias@{$globals->mail->alias_dom} a déja été attribué. - Tu ne peux donc pas l'obtenir."); + $page->trigError("L'alias $alias_mail a déja été attribué. + Tu ne peux donc pas l'obtenir."); return; } - //vérifier que l'alias n'est pas déja en demande - $it = new ValidateIterator (); + //vérifier que l'alias n'est pas déja en demande + $it = new ValidateIterator(); while($req = $it->next()) { - if ($req->type == "alias" and $req->alias == $alias) { - $page->trig("L'alias $alias@{$globals->mail->alias_dom} a déja été demandé. + if ($req->type == 'alias' and $req->alias == $alias_mail) { + $page->trigError("L'alias $alias_mail a déja été demandé. Tu ne peux donc pas l'obtenir pour l'instant."); return ; } } - //Insertion de la demande dans la base, écrase les requêtes précédente - $myalias = new AliasReq($uid, $alias, $raison, $public); + //Insertion de la demande dans la base, écrase les requêtes précédente + $myalias = new AliasReq($user, $alias, $raison, $public); $myalias->submit(); $page->assign('success',$alias); return; } - } - elseif ($action == 'set' - && ($value == 'public' || $value == 'private')) - { - if ($value == 'public') { - XDB::execute("UPDATE auth_user_quick SET emails_alias_pub = 'public' - WHERE user_id = {?}", Session::getInt('uid')); - } else { - XDB::execute("UPDATE auth_user_quick SET emails_alias_pub = 'private' - WHERE user_id = {?}", Session::getInt('uid')); + } elseif ($action == 'set' && ($value == 'public' || $value == 'private')) { + if (!S::has_xsrf_token()) { + return PL_FORBIDDEN; } - $visibility = $value; + if ($user->hasProfile()) { + XDB::execute("UPDATE profiles + SET alias_pub = {?} + WHERE pid = {?}", + $value, $user->profile()->id()); + } + $visibility = ($value == 'public'); } - $page->assign('mail_public', ($visibility == 'public')); + $page->assign('actuel', $alias); + $page->assign('user', $user); + $page->assign('mail_public', $visibility); } function handler_redirect(&$page, $action = null, $email = null) @@ -185,195 +214,596 @@ class EmailModule extends PLModule $page->changeTpl('emails/redirect.tpl'); - $uid = Session::getInt('uid'); - $forlife = Session::get('forlife'); + $user = S::user(); + $page->assign_by_ref('user', $user); + $page->assign('eleve', $user->promo() >= date("Y") - 5); - $redirect = new Redirect(Session::getInt('uid')); + $redirect = new Redirect($user); + // FS#703 : $_GET is urldecoded twice, hence + // + (the data) => %2B (in the url) => + (first decoding) => ' ' (second decoding) + // Since there can be no spaces in emails, we can fix this with : + $email = str_replace(' ', '+', $email); + + // Apply email redirection change requests. if ($action == 'remove' && $email) { - $page->assign('retour', $redirect->delete_email($email)); + $retour = $redirect->delete_email($email); + } + + if ($action == 'active' && $email) { + $redirect->modify_one_email($email, true); + } + + if ($action == 'inactive' && $email) { + $redirect->modify_one_email($email, false); + } + + if ($action == 'rewrite' && $email) { + $rewrite = @func_get_arg(3); + $redirect->modify_one_email_redirect($email, $rewrite); } if (Env::has('emailop')) { - $actifs = Env::getMixed('emails_actifs', Array()); - if (Env::get('emailop') == "ajouter" && Env::has('email')) { - $page->assign('retour', $redirect->add_email(Env::get('email'))); + S::assert_xsrf_token(); + + $actifs = Env::v('emails_actifs', Array()); + print_r(Env::v('emails_rewrite')); + if (Env::v('emailop') == "ajouter" && Env::has('email')) { + $new_email = Env::v('email'); + if ($new_email == "new@example.org") { + $new_email = Env::v('email_new'); + } + $retour = $redirect->add_email($new_email); + if ($retour == ERROR_INVALID_EMAIL) { + $page->assign('email', $new_email); + } + $page->assign('retour', $retour); } elseif (empty($actifs)) { - $page->assign('retour', ERROR_INACTIVE_REDIRECTION); + $retour = ERROR_INACTIVE_REDIRECTION; } elseif (is_array($actifs)) { - $page->assign('retour', $redirect->modify_email($actifs, - Env::getMixed('emails_rewrite',Array()))); + $retour = $redirect->modify_email($actifs, Env::v('emails_rewrite', Array())); } } + switch ($retour) { + case ERROR_INACTIVE_REDIRECTION: + $page->trigError('Tu ne peux pas avoir aucune adresse de redirection active, sinon ton adresse ' + . $user->forlifeEmail() . ' ne fonctionnerait plus.'); + break; + case ERROR_INVALID_EMAIL: + $page->trigError('Erreur: l\'email n\'est pas valide.'); + break; + case ERROR_LOOP_EMAIL: + $page->trigError('Erreur : ' . $user->forlifeEmail() + . ' ne doit pas être renvoyé vers lui-même, ni vers son équivalent en ' + . $globals->mail->domain2 . ' ni vers polytechnique.edu.'); + break; + } + + // Fetch the @alias_dom email alias, if any. $res = XDB::query( "SELECT alias FROM virtual INNER JOIN virtual_redirect USING(vid) WHERE (redirect={?} OR redirect={?}) - AND alias LIKE '%@{$globals->mail->alias_dom}'", - $forlife.'@'.$globals->mail->domain, $forlife.'@'.$globals->mail->domain2); + AND alias LIKE '%@{$globals->mail->alias_dom}'", + $user->forlifeEmail(), + // TODO: remove this über-ugly hack. The issue is that you need + // to remove all @m4x.org addresses in virtual_redirect first. + $user->login() . '@' . $globals->mail->domain2); $melix = $res->fetchOneCell(); if ($melix) { list($melix) = explode('@', $melix); $page->assign('melix',$melix); } + // Fetch existing email aliases. $res = XDB::query( "SELECT alias,expire FROM aliases WHERE id={?} AND (type='a_vie' OR type='alias') - ORDER BY !FIND_IN_SET('usage',flags), LENGTH(alias)", $uid); + ORDER BY !FIND_IN_SET('usage',flags), LENGTH(alias)", $user->id()); $page->assign('alias', $res->fetchAllAssoc()); - $page->assign('emails',$redirect->emails); + $page->assign('emails', $redirect->emails); + + // Display GoogleApps acount information. + require_once 'googleapps.inc.php'; + $page->assign('googleapps', GoogleAppsAccount::account_status($user->id())); + + require_once 'emails.combobox.inc.php'; + fill_email_combobox($page); } - function handler_antispam(&$page) + function handler_antispam(&$page, $statut_filtre = null) { require_once 'emails.inc.php'; + $wp = new PlWikiPage('Xorg.Antispam'); + $wp->buildCache(); $page->changeTpl('emails/antispam.tpl'); - $bogo = new Bogo(Session::getInt('uid')); - if (Env::has('statut_filtre')) { - $bogo->change(Session::getInt('uid'), Env::getInt('statut_filtre')); + $bogo = new Bogo(S::user()); + if (isset($statut_filtre)) { + $bogo->change($statut_filtre + 0); } - $page->assign('filtre',$bogo->level()); + $page->assign('filtre', $bogo->level()); } - function handler_send(&$page) + function handler_submit(&$page) { - global $globals; + $wp = new PlWikiPage('Xorg.Mails'); + $wp->buildCache(); + $page->changeTpl('emails/submit_spam.tpl'); + + if (Post::has('send_email')) { + S::assert_xsrf_token(); + $upload = PlUpload::get($_FILES['mail'], S::user()->login(), 'spam.submit', true); + if (!$upload) { + $page->trigError('Une erreur a été rencontrée lors du transfert du fichier'); + return; + } + $mime = $upload->contentType(); + if ($mime != 'text/x-mail' && $mime != 'message/rfc822') { + $upload->clear(); + $page->trigError('Le fichier ne contient pas un email complet'); + return; + } + $type = (Post::v('type') == 'spam' ? 'spam' : 'nonspam'); + + global $globals; + $box = $type . '@' . $globals->mail->domain; + $mailer = new PlMailer(); + $mailer->addTo($box); + $mailer->setFrom('"' . S::user()->fullName() . '" mail->domain . '>'); + $mailer->setTxtBody($type . ' soumis par ' . S::user()->login() . ' via le web'); + $mailer->addUploadAttachment($upload, $type . '.mail'); + $mailer->send(); + $page->trigSuccess('Le message a été transmis à ' . $box); + $upload->clear(); + } + } + + function handler_send(&$page) + { $page->changeTpl('emails/send.tpl'); + $page->addJsLink('ajax.js'); - $page->assign('xorg_title','Polytechnique.org - Envoyer un email'); + $page->setTitle('Envoyer un email'); // action si on recoit un formulaire - if (Env::get('submit') == 'Envoyer') - { - $to2 = join(', ', Env::getMixed('contacts', Array())); - $txt = str_replace('^M', '', Env::get('contenu')); - $to = Env::get('to'); - $subj = Env::get('sujet'); - $from = Env::get('from'); - $cc = Env::get('cc'); - $bcc = Env::get('bcc'); - - if (empty($to) && empty($cc) && empty($to2)) { - $page->trig("Indique au moins un destinataire."); - } else { - require_once("diogenes/diogenes.hermes.inc.php"); - - $mymail = new HermesMailer(); - $mymail->setFrom($from); - $mymail->setSubject($subj); - if (!empty($to)) { $mymail->addTo($to); } - if (!empty($cc)) { $mymail->addCc($cc); } - if (!empty($bcc)) { $mymail->addBcc($bcc); } - if (!empty($to2)) { $mymail->addTo($to2); } - $mymail->setTxtBody(wordwrap($txt,72,"\n")); - if ($mymail->send()) { - $page->trig("Ton mail a bien été envoyé."); - $_REQUEST = array('bcc' => Session::get('bestalias').'@'.$globals->mail->domain); + if (Post::has('save')) { + if (!S::has_xsrf_token()) { + return PL_FORBIDDEN; + } + + unset($_POST['save']); + if (trim(preg_replace('/-- .*/', '', Post::v('contenu'))) != "") { + $_POST['to_contacts'] = explode(';', @$_POST['to_contacts']); + $_POST['cc_contacts'] = explode(';', @$_POST['cc_contacts']); + $data = serialize($_POST); + XDB::execute("REPLACE INTO email_send_save + VALUES ({?}, {?})", S::i('uid'), $data); + } + exit; + } else if (Env::v('submit') == 'Envoyer') { + S::assert_xsrf_token(); + + function getEmails($aliases) + { + if (!is_array($aliases)) { + return null; + } + $rel = Env::v('contacts'); + $ret = array(); + foreach ($aliases as $alias) { + $ret[$alias] = $rel[$alias]; + } + return join(', ', $ret); + } + + $error = false; + foreach ($_FILES as &$file) { + if ($file['name'] && !PlUpload::get($file, S::user()->login(), 'emails.send', false)) { + $page->trigError(PlUpload::$lastError); + $error = true; + break; + } + } + + if (!$error) { + XDB::execute("DELETE FROM email_send_save + WHERE uid = {?}", S::i('uid')); + + $to2 = getEmails(Env::v('to_contacts')); + $cc2 = getEmails(Env::v('cc_contacts')); + $txt = str_replace('^M', '', Env::v('contenu')); + $to = Env::v('to'); + $subj = Env::v('sujet'); + $from = Env::v('from'); + $cc = trim(Env::v('cc')); + $bcc = trim(Env::v('bcc')); + + if (empty($to) && empty($cc) && empty($to2) && empty($bcc) && empty($cc2)) { + $page->trigError("Indique au moins un destinataire."); + $page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send')); } else { - $page->trig("Erreur lors de l'envoi du courriel, réessaye."); + $mymail = new PlMailer(); + $mymail->setFrom($from); + $mymail->setSubject($subj); + if (!empty($to)) { $mymail->addTo($to); } + if (!empty($cc)) { $mymail->addCc($cc); } + if (!empty($bcc)) { $mymail->addBcc($bcc); } + if (!empty($to2)) { $mymail->addTo($to2); } + if (!empty($cc2)) { $mymail->addCc($cc2); } + $files =& PlUpload::listFiles(S::user()->login(), 'emails.send'); + foreach ($files as $name=>&$upload) { + $mymail->addUploadAttachment($upload, $name); + } + if (Env::v('nowiki')) { + $mymail->setTxtBody(wordwrap($txt, 78, "\n")); + } else { + $mymail->setWikiBody($txt); + } + if ($mymail->send()) { + $page->trigSuccess("Ton email a bien été envoyé."); + $_REQUEST = array('bcc' => S::user()->bestEmail()); + PlUpload::clear(S::user()->login(), 'emails.send'); + } else { + $page->trigError("Erreur lors de l'envoi du courriel, réessaye."); + $page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send')); + } } } } else { - $_REQUEST['bcc'] = Session::get('bestalias').'@'.$globals->mail->domain; + $res = XDB::query("SELECT data + FROM email_send_save + WHERE uid = {?}", S::i('uid')); + if ($res->numRows() == 0) { + PlUpload::clear(S::user()->login(), 'emails.send'); + $_REQUEST['bcc'] = S::user()->bestEmail(); + } else { + $data = unserialize($res->fetchOneCell()); + $_REQUEST = array_merge($_REQUEST, $data); + } } $res = XDB::query( - "SELECT u.prenom, u.nom, u.promo, a.alias as forlife - FROM auth_user_md5 AS u - INNER JOIN contacts AS c ON (u.user_id = c.contact) - INNER JOIN aliases AS a ON (u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) + "SELECT ac.full_name, a.alias as forlife + FROM accounts AS ac + INNER JOIN contacts AS c ON (ac.uid = c.contact) + INNER JOIN aliases AS a ON (ac.uid = a.id AND FIND_IN_SET('bestalias', a.flags)) WHERE c.uid = {?} - ORDER BY u.nom, u.prenom", Session::getInt('uid')); + ORDER BY ac.full_name", S::i('uid')); $page->assign('contacts', $res->fetchAllAssoc()); + $page->assign('maxsize', ini_get('upload_max_filesize') . 'o'); + $page->assign('user', S::user()); + } + + function handler_test(&$page, $hruid = null) + { + require_once 'emails.inc.php'; + + if (!S::has_xsrf_token()) { + return PL_FORBIDDEN; + } + + // Retrieves the User object for the test email recipient. + if (S::has_perms() && $hruid) { + $user = User::getSilent($hruid); + } else { + $user = S::user(); + } + if (!$user) { + return PL_NOT_FOUND; + } + + // Sends the test email. + $redirect = new Redirect($user); + + $mailer = new PlMailer('emails/test.mail.tpl'); + $mailer->assign('email', $user->bestEmail()); + $mailer->assign('redirects', $redirect->active_emails()); + $mailer->assign('display_name', $user->displayName()); + $mailer->assign('sexe', $user->isFemale()); + $mailer->send($user->isEmailFormatHtml()); + exit; + } + + function handler_rewrite_in(&$page, $mail, $hash) + { + $page->changeTpl('emails/rewrite.tpl'); + $page->assign('option', 'in'); + if (empty($mail) || empty($hash)) { + return PL_NOT_FOUND; + } + $pos = strrpos($mail, '_'); + if ($pos === false) { + return PL_NOT_FOUND; + } + $mail{$pos} = '@'; + $res = XDB::query("SELECT COUNT(*) + FROM emails + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $count = intval($res->fetchOneCell()); + if ($count > 0) { + XDB::query("UPDATE emails + SET allow_rewrite = true, hash = NULL + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $page->trigSuccess("Réécriture activée pour l'adresse " . $mail); + return; + } + return PL_NOT_FOUND; + } + + function handler_rewrite_out(&$page, $mail, $hash) + { + $page->changeTpl('emails/rewrite.tpl'); + $page->assign('option', 'out'); + if (empty($mail) || empty($hash)) { + return PL_NOT_FOUND; + } + $pos = strrpos($mail, '_'); + if ($pos === false) { + return PL_NOT_FOUND; + } + $mail{$pos} = '@'; + $res = XDB::query("SELECT COUNT(*) + FROM emails + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $count = intval($res->fetchOneCell()); + if ($count > 0) { + global $globals; + $res = XDB::query("SELECT e.email, e.rewrite, a.alias + FROM emails AS e + INNER JOIN aliases AS a ON (a.id = e.uid AND a.type = 'a_vie') + WHERE e.email = {?} AND e.hash = {?}", + $mail, $hash); + XDB::query("UPDATE emails + SET allow_rewrite = false, hash = NULL + WHERE email = {?} AND hash = {?}", + $mail, $hash); + list($mail, $rewrite, $forlife) = $res->fetchOneRow(); + $mail = new PlMailer(); + $mail->setFrom("webmaster@" . $globals->mail->domain); + $mail->addTo("support@" . $globals->mail->domain); + $mail->setSubject("Tentative de détournement de correspondance via le rewrite"); + $mail->setTxtBody("$forlife a tenté un rewrite de $mail vers $rewrite. Cette demande a été rejetée via le web"); + $mail->send(); + $page->trigWarning("Un mail d'alerte a été envoyé à l'équipe de " . $globals->core->sitename); + return; + } + return PL_NOT_FOUND; + } + + function handler_imap_in(&$page, $hash = null, $login = null) + { + $page->changeTpl('emails/imap_register.tpl'); + $user = null; + if (!empty($hash) || !empty($login)) { + $user = User::getSilent($login); + if ($user) { + $req = XDB::query("SELECT 1 FROM newsletter_ins WHERE user_id = {?} AND hash = {?}", $user->id(), $hash); + if ($req->numRows() == 0) { + $user = null; + } + } + } + + require_once('emails.inc.php'); + $page->assign('ok', false); + if (S::logged() && (is_null($user) || $user->id() == S::i('uid'))) { + $storage = new EmailStorage(S::user(), 'imap'); + $storage->activate(); + $page->assign('ok', true); + $page->assign('prenom', S::v('prenom')); + $page->assign('sexe', S::v('femme')); + } else if (!S::logged() && $user) { + $storage = new EmailStorage($user, 'imap'); + $storage->activate(); + $page->assign('ok', true); + $page->assign('prenom', $user->displayName()); + $page->assign('sexe', $user->isFemale()); + } } function handler_broken(&$page, $warn = null, $email = null) { require_once 'emails.inc.php'; + $wp = new PlWikiPage('Xorg.PatteCassée'); + $wp->buildCache(); global $globals; $page->changeTpl('emails/broken.tpl'); if ($warn == 'warn' && $email) { + S::assert_xsrf_token(); + $email = valide_email($email); - // vérifications d'usage - $sel = XDB::query( - "SELECT e.uid, a.alias - FROM emails AS e - INNER JOIN auth_user_md5 AS u ON e.uid = u.user_id - INNER JOIN aliases AS a ON (e.uid = a.id AND type!='homonyme' - AND FIND_IN_SET('bestalias',a.flags)) - WHERE e.email={?}", $email); - - if (list($uid, $dest) = $sel->fetchOneRow()) { + // vérifications d'usage + $sel = XDB::query("SELECT uid FROM emails WHERE email = {?}", $email); + if (($uid = $sel->fetchOneCell())) { + $dest = User::getSilent($uid); + // envoi du mail $message = "Bonjour ! -Ce mail a été généré automatiquement par le service de patte cassée de -Polytechnique.org car un autre utilisateur, ".Session::get('prenom').' '.Session::get('nom').", -nous a signalé qu'en t'envoyant un mail, il avait reçu un message d'erreur +Cet email a été généré automatiquement par le service de patte cassée de +Polytechnique.org car un autre utilisateur, " . S::user()->fullName() . ", +nous a signalé qu'en t'envoyant un email, il avait reçu un message d'erreur indiquant que ton adresse de redirection $email ne fonctionnait plus ! -Nous te suggérons de vérifier cette adresse, et le cas échéant de mettre -à jour sur le site <{$globals->baseurl}/emails> tes adresses +Nous te suggérons de vérifier cette adresse, et le cas échéant de mettre +à jour sur le site <{$globals->baseurl}/emails> tes adresses de redirection... -Pour plus de rensignements sur le service de patte cassée, n'hésites pas à +Pour plus de renseignements sur le service de patte cassée, n'hésite pas à consulter la page <{$globals->baseurl}/emails/broken>. -A bientôt sur Polytechnique.org ! -L'équipe d'administration "; +À bientôt sur Polytechnique.org ! +L'équipe d'administration mail->domain . '>'; - require_once("diogenes/diogenes.hermes.inc.php"); - $mail = new HermesMailer(); - $mail->setFrom('"Polytechnique.org" '); - $mail->addTo("$dest@polytechnique.org"); + $mail = new PlMailer(); + $mail->setFrom('"Polytechnique.org" mail->domain . '>'); + $mail->addTo($dest->bestEmail()); $mail->setSubject("Une de tes adresse de redirection Polytechnique.org ne marche plus !!"); $mail->setTxtBody($message); $mail->send(); - $page->trig("Mail envoyé ! :o)"); + $page->trigSuccess("Email envoyé !"); } } elseif (Post::has('email')) { - $email = valide_email(Post::get('email')); + S::assert_xsrf_token(); + + $email = valide_email(Post::v('email')); list(,$fqdn) = explode('@', $email); $fqdn = strtolower($fqdn); - if ($fqdn == 'polytechnique.org' || $fqdn == 'melix.org' - || $fqdn == 'm4x.org' || $fqdn == 'melix.net') - { + if ($fqdn == 'polytechnique.org' || $fqdn == 'melix.org' || $fqdn == 'm4x.org' || $fqdn == 'melix.net') { $page->assign('neuneu', true); } else { $page->assign('email',$email); $sel = XDB::query( - "SELECT e1.uid, e1.panne != 0 AS panne, count(e2.uid) AS nb_mails, - u.nom, u.prenom, u.promo + "SELECT e1.uid, e1.panne != 0 AS panne, + (count(e2.uid) + IF(FIND_IN_SET('googleapps', u.mail_storage), 1, 0)) AS nb_mails, + u.nom, u.prenom, u.promo, u.hruid FROM emails as e1 - LEFT JOIN emails as e2 ON(e1.uid = e2.uid + LEFT JOIN emails as e2 ON(e1.uid = e2.uid AND FIND_IN_SET('active', e2.flags) AND e1.email != e2.email) INNER JOIN auth_user_md5 as u ON(e1.uid = u.user_id) WHERE e1.email = {?} GROUP BY e1.uid", $email); if ($x = $sel->fetchOneAssoc()) { - // on écrit dans la base que l'adresse est cassée + // on écrit dans la base que l'adresse est cassée if (!$x['panne']) { - XDB::execute("UPDATE emails SET panne=NOW() WHERE email = {?}", $email); + XDB::execute("UPDATE emails + SET panne=NOW(), + last=NOW(), + panne_level = 1 + WHERE email = {?}", $email); + } else { + XDB::execute("UPDATE emails + SET panne_level = 1 + WHERE email = {?} AND panne_level = 0", $email); } $page->assign_by_ref('x', $x); } } } } + + function handler_duplicated(&$page, $action = 'list', $email = null) + { + $page->changeTpl('emails/duplicated.tpl'); + + $states = array('pending' => 'En attente...', + 'safe' => 'Pas d\'inquiétude', + 'unsafe' => 'Recherches en cours', + 'dangerous' => 'Usurpations par cette adresse'); + $page->assign('states', $states); + + if (Post::has('action')) { + S::assert_xsrf_token(); + } + switch (Post::v('action')) { + case 'create': + if (trim(Post::v('emailN')) != '') { + Xdb::execute('INSERT IGNORE INTO emails_watch (email, state, detection, last, uid, description) + VALUES ({?}, {?}, CURDATE(), NOW(), {?}, {?})', + trim(Post::v('emailN')), Post::v('stateN'), S::i('uid'), Post::v('descriptionN')); + }; + break; + + case 'edit': + Xdb::execute('UPDATE emails_watch + SET state = {?}, last = NOW(), uid = {?}, description = {?} + WHERE email = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), Post::v('emailN')); + break; + + default: + if ($action == 'delete' && !is_null($email)) { + Xdb::execute('DELETE FROM emails_watch WHERE email = {?}', $email); + } + } + if ($action != 'create' && $action != 'edit') { + $action = 'list'; + } + $page->assign('action', $action); + + if ($action == 'list') { + $sql = "SELECT w.email, w.detection, w.state, a.alias AS forlife + FROM emails_watch AS w + LEFT JOIN emails AS e USING(email) + LEFT JOIN aliases AS a ON (a.id = e.uid AND a.type = 'a_vie') + ORDER BY w.state, w.email, a.alias"; + $it = Xdb::iterRow($sql); + + $table = array(); + $props = array(); + while (list($email, $date, $state, $forlife) = $it->next()) { + if (count($props) == 0 || $props['mail'] != $email) { + if (count($props) > 0) { + $table[] = $props; + } + $props = array('mail' => $email, + 'detection' => $date, + 'state' => $state, + 'users' => array($forlife)); + } else { + $props['users'][] = $forlife; + } + } + if (count($props) > 0) { + $table[] = $props; + } + $page->assign('table', $table); + } elseif ($action == 'edit') { + $sql = "SELECT w.detection, w.state, w.last, w.description, + a1.alias AS edit, a2.alias AS forlife + FROM emails_watch AS w + LEFT JOIN aliases AS a1 ON (a1.id = w.uid AND a1.type = 'a_vie') + LEFT JOIN emails AS e ON (w.email = e.email) + LEFT JOIN aliases AS a2 ON (a2.id = e.uid AND a2.type = 'a_vie') + WHERE w.email = {?} + ORDER BY a2.alias"; + $it = Xdb::iterRow($sql, $email); + + $props = array(); + while (list($detection, $state, $last, $description, $edit, $forlife) = $it->next()) { + if (count($props) == 0) { + $props = array('mail' => $email, + 'detection' => $detection, + 'state' => $state, + 'last' => $last, + 'description' => $description, + 'edit' => $edit, + 'users' => array($forlife)); + } else { + $props['users'][] = $forlife; + } + } + $page->assign('doublon', $props); + } + } + function handler_lost(&$page, $action = 'list', $email = null) + { + $page->changeTpl('emails/lost.tpl'); + + $page->assign('lost_emails', XDB::iterator(" + SELECT u.user_id, u.hruid + FROM auth_user_md5 AS u + LEFT JOIN emails AS e ON (u.user_id = e.uid AND FIND_IN_SET('active', e.flags)) + WHERE e.uid IS NULL AND FIND_IN_SET('googleapps', u.mail_storage) = 0 AND + u.deces = 0 AND u.perms IN ('user', 'admin', 'disabled') + ORDER BY u.promo DESC, u.nom, u.prenom")); + } } +// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?>