X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=123a1c0b6cabe651ca65c3ed1cd883a9afd3e551;hb=b57e77e04468990dd5c20d9ddd7826c917e3d4e3;hp=7b76ae35a8745456300887719a2ad8d96a0942b1;hpb=d39eceb9238c3594a4b20e514850341d2d3da331;p=platal.git
diff --git a/modules/platal.php b/modules/platal.php
index 7b76ae3..123a1c0 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
baseurl . '/openid/idp_xrds');
+
+ // Redirect to the suitable page
if (S::logged()) {
pl_redirect('events');
} else if (!@$GLOBALS['IS_XNET_SITE']) {
@@ -87,7 +92,7 @@ class PlatalModule extends PLModule
$page->changeTpl('platal/changeLog.tpl');
$clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
- $clog = preg_replace('/=+\s*/', '
', $clog);
+ $clog = preg_replace('/===+\s*/', '
', $clog);
// url catch only (not all wiki syntax)
$clog = preg_replace(array(
'/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
@@ -100,6 +105,7 @@ class PlatalModule extends PLModule
$clog);
$clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
$clog = preg_replace('!vim:.*$!', '', $clog);
+ $clog = preg_replace("!(
(\\s|\n)*)?(\s|\n)*
((\\s|\n)*
)?!m", "", "$clog
");
$page->assign('ChangeLog', $clog);
}
@@ -121,7 +127,7 @@ class PlatalModule extends PLModule
function handler_prefs(&$page)
{
$page->changeTpl('platal/preferences.tpl');
- $page->assign('xorg_title','Polytechnique.org - Mes préférences');
+ $page->setTitle('Mes préférences');
if (Post::has('mail_fmt')) {
$fmt = Post::v('mail_fmt');
@@ -136,13 +142,21 @@ class PlatalModule extends PLModule
if (Post::has('rss')) {
$this->__set_rss_state(Post::b('rss'));
}
+
+ # FIXME: this code is not multi-domain compatible. We should decide how
+ # carva will extend to users not in the main domain.
+ $res = XDB::query("SELECT alias
+ FROM aliases
+ WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
+ S::user()->id());
+ $page->assign('bestalias', $res->fetchOneCell());
}
function handler_webredir(&$page)
{
$page->changeTpl('platal/webredirect.tpl');
- $page->assign('xorg_title','Polytechnique.org - Redirection de page WEB');
+ $page->setTitle('Redirection de page WEB');
$log =& S::v('log');
$url = Env::v('url');
@@ -151,16 +165,16 @@ class PlatalModule extends PLModule
XDB::execute('UPDATE auth_user_quick
SET redirecturl = {?} WHERE user_id = {?}',
$url, S::v('uid'));
- $log->log('carva_add', 'http://'.Env::v('url'));
- $page->trig("Redirection activée vers $url");
+ S::logger()->log('carva_add', 'http://'.Env::v('url'));
+ $page->trigSuccess("Redirection activée vers $url");
} elseif (Env::v('submit') == "Supprimer") {
XDB::execute("UPDATE auth_user_quick
SET redirecturl = ''
WHERE user_id = {?}",
S::v('uid'));
- $log->log("carva_del", $url);
+ S::logger()->log("carva_del", $url);
Post::kill('url');
- $page->trig('Redirection supprimée');
+ $page->trigSuccess('Redirection supprimée');
}
$res = XDB::query('SELECT redirecturl
@@ -168,6 +182,14 @@ class PlatalModule extends PLModule
WHERE user_id = {?}',
S::v('uid'));
$page->assign('carva', $res->fetchOneCell());
+
+ # FIXME: this code is not multi-domain compatible. We should decide how
+ # carva will extend to users not in the main domain.
+ $res = XDB::query("SELECT alias
+ FROM aliases
+ WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
+ S::user()->id());
+ $page->assign('bestalias', $res->fetchOneCell());
}
function handler_prefs_rss(&$page)
@@ -178,14 +200,16 @@ class PlatalModule extends PLModule
if (Env::v('act_rss') == 'Activer') {
$this->__set_rss_state(true);
- $page->trig("Ton Fil RSS est activé.");
+ $page->trigSuccess("Ton Fil RSS est activé.");
}
}
function handler_password(&$page)
{
+ global $globals;
+
if (Post::has('response2')) {
- require_once 'secure_hash.inc.php';
+ S::assert_xsrf_token();
$_SESSION['password'] = $password = Post::v('response2');
@@ -194,11 +218,22 @@ class PlatalModule extends PLModule
WHERE user_id={?}', $password,
S::v('uid'));
+ // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
+ // updates the Google Apps password as well.
+ if ($globals->mailstorage->googleapps_domain) {
+ require_once 'googleapps.inc.php';
+ $account = new GoogleAppsAccount(S::user());
+ if ($account->active() && $account->sync_password) {
+ $account->set_password($password);
+ }
+ }
+
$log =& S::v('log');
- $log->log('passwd', '');
+ S::logger()->log('passwd', '');
if (Cookie::v('ORGaccess')) {
- setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
+ setcookie('ORGaccess', sha1($password), (time()+25920000), '/', '' ,0);
+ S::logger()->log('cookie_on', '');
}
$page->changeTpl('platal/motdepasse.success.tpl');
@@ -207,17 +242,18 @@ class PlatalModule extends PLModule
$page->changeTpl('platal/motdepasse.tpl');
$page->addJsLink('motdepasse.js');
- $page->assign('xorg_title','Polytechnique.org - Mon mot de passe');
+ $page->setTitle('Mon mot de passe');
}
function handler_smtppass(&$page)
{
$page->changeTpl('platal/acces_smtp.tpl');
- $page->assign('xorg_title','Polytechnique.org - Acces SMTP/NNTP');
+ $page->setTitle('Acces SMTP/NNTP');
- require_once 'wiki.inc.php';
- wiki_require_page('Xorg.SMTPSécurisé');
- wiki_require_page('Xorg.NNTPSécurisé');
+ $wp = new PlWikiPage('Xorg.SMTPSécurisé');
+ $wp->buildCache();
+ $wp = new PlWikiPage('Xorg.NNTPSécurisé');
+ $wp->buildCache();
$uid = S::v('uid');
$pass = Env::v('smtppass1');
@@ -228,13 +264,13 @@ class PlatalModule extends PLModule
{
XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
WHERE user_id = {?}', $pass, $uid);
- $page->trig('Mot de passe enregistré');
- $log->log("passwd_ssl");
+ $page->trigSuccess('Mot de passe enregistré');
+ S::logger()->log("passwd_ssl");
} elseif (Env::v('op') == "Supprimer") {
XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
WHERE user_id = {?}', $uid);
- $page->trig('Compte SMTP et NNTP supprimé');
- $log->log("passwd_del");
+ $page->trigSuccess('Compte SMTP et NNTP supprimé');
+ S::logger()->log("passwd_del");
}
$res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
@@ -254,7 +290,7 @@ class PlatalModule extends PLModule
}
if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) {
- $page->trig('Date de naissance incorrecte ou incohérente');
+ $page->trigError('Date de naissance incorrecte ou incohérente');
return;
}
@@ -315,21 +351,21 @@ Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la
Polytechnique.org
\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
-Mail envoyé à ".Env::v('login') . (Post::has('email') ? "
+Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
$mymail->send();
// on cree un objet logger et on log l'evenement
- $logger = $_SESSION['log'] = new CoreLogger($uid);
- $logger->log('recovery', $mails);
+ S::logger(uid)->log('recovery', $mails);
} else {
- $page->trig('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.
'.
+ $page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.
'.
'Si tu as un homonyme, utilise prenom.nom.promo comme login');
}
}
function handler_tmpPWD(&$page, $certif = null)
{
+ global $globals;
XDB::execute('DELETE FROM perte_pass
WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
@@ -343,12 +379,22 @@ Adresse de secours : " . Post::v('email') : ""));
$uid = $ligne["uid"];
if (Post::has('response2')) {
$password = Post::v('response2');
- $logger = new CoreLogger($uid);
XDB::query('UPDATE auth_user_md5 SET password={?}
WHERE user_id={?} AND perms IN("admin","user")',
$password, $uid);
XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
- $logger->log("passwd","");
+
+ // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
+ // updates the Google Apps password as well.
+ if ($globals->mailstorage->googleapps_domain) {
+ require_once 'googleapps.inc.php';
+ $account = new GoogleAppsAccount(User::getSilent($uid));
+ if ($account->active() && $account->sync_password) {
+ $account->set_password($password);
+ }
+ }
+
+ S::logger($uid)->log("passwd", "");
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
$page->changeTpl('platal/motdepasse.tpl');
@@ -361,14 +407,14 @@ Adresse de secours : " . Post::v('email') : ""));
global $globals;
$page->changeTpl('platal/skins.tpl');
- $page->assign('xorg_title','Polytechnique.org - Skins');
+ $page->setTitle('Skins');
if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
XDB::execute('UPDATE auth_user_quick
SET skin={?} WHERE user_id={?}',
Env::i('newskin'), S::v('uid'));
S::kill('skin');
- set_skin();
+ Platal::session()->setSkin();
}
$res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
@@ -385,20 +431,17 @@ Adresse de secours : " . Post::v('email') : ""));
function handler_exit(&$page, $level = null)
{
if (S::has('suid')) {
- $a4l = S::v('forlife');
$suid = S::v('suid');
$log = S::v('log');
- $log->log("suid_stop", S::v('forlife') . " by " . $suid['forlife']);
- $_SESSION = $suid;
- S::kill('suid');
- pl_redirect('admin/user/' . $a4l);
+ S::logger()->log("suid_stop", S::user()->login() . " by " . $suid['hruid']);
+ Platal::session()->stopSUID();
+ pl_redirect('admin/user/' . S::user()->login());
}
if ($level == 'forget' || $level == 'forgetall') {
setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
Cookie::kill('ORGaccess');
- if (isset($_SESSION['log']))
- $_SESSION['log']->log("cookie_off");
+ S::logger()->log("cookie_off");
}
if ($level == 'forgetuid' || $level == 'forgetall') {
@@ -408,12 +451,9 @@ Adresse de secours : " . Post::v('email') : ""));
Cookie::kill('ORGdomain');
}
- if (isset($_SESSION['log'])) {
- $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
- $_SESSION['log']->log('deconnexion',$ref);
- }
-
- XorgSession::destroy();
+ $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
+ S::logger()->log('deconnexion',$ref);
+ Platal::session()->destroy();
if (Get::has('redirect')) {
http_redirect(rawurldecode(Get::v('redirect')));
@@ -424,22 +464,18 @@ Adresse de secours : " . Post::v('email') : ""));
function handler_review(&$page, $action = null, $mode = null)
{
- require_once 'wiki.inc.php';
- require_once dirname(__FILE__) . '/platal/review.inc.php';
- $dir = wiki_work_dir();
+ // Include X-XRDS-Location response-header for Yadis discovery
+ global $globals;
+ header('X-XRDS-Location: ' . $globals->baseurl . '/openid/idp_xrds');
+
+ $this->load('review.inc.php');
$dom = 'Review';
if (@$GLOBALS['IS_XNET_SITE']) {
$dom .= 'Xnet';
}
- if (!is_dir($dir)) {
- $page->kill("Impossible de trouver le wiki");
- }
- if (!file_exists($dir . '/' . $dom . '.Admin')) {
- $page->kill("Impossible de trouver la page d'administration");
- }
- $conf = preg_grep('/^text=/', explode("\n", file_get_contents($dir . '/' . $dom . '.Admin')));
- $conf = preg_split('/(text\=|\%0a)/', array_shift($conf), -1, PREG_SPLIT_NO_EMPTY);
- $wiz = new PlWizard('Tour d\'horizon', 'core/plwizard.tpl', true);
+ $wp = new PlWikiPage($dom . '.Admin');
+ $conf = explode('%0a', $wp->getField('text'));
+ $wiz = new PlWizard('Tour d\'horizon', PlPage::getCoreTpl('plwizard.tpl'), true);
foreach ($conf as $line) {
$list = preg_split('/\s*[*|]\s*/', $line, -1, PREG_SPLIT_NO_EMPTY);
$wiz->addPage('ReviewPage', $list[0], $list[1]);