X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=1772921ecfa007ba220570dbb3c6f09e6fb67908;hb=07e02fe3af9db38b14225e5bf0ed937147acb37d;hp=9502edd254612979057fd91a204c1fa1ee4747be;hpb=3d964835e8ff04f0f86c80aea026b82896cb4a46;p=platal.git diff --git a/modules/platal.php b/modules/platal.php index 9502edd..1772921 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_PUBLIC), - 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC), - 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), + 'index' => $this->make_hook('index', AUTH_PUBLIC), + 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC), + 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), // Preferences thingies - 'prefs' => $this->make_hook('prefs', AUTH_COOKIE), - 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE), - 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), - 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE), + 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'), + 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'), + 'prefs/webredirect' => $this->make_hook('webredir', AUTH_PASSWD, 'mail'), + 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'), + 'prefs/email' => $this->make_hook('prefs_email', AUTH_COOKIE, 'mail'), // password related thingies - 'password' => $this->make_hook('password', AUTH_MDP), - 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), - 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), - 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), - 'exit' => $this->make_hook('exit', AUTH_PUBLIC), - 'review' => $this->make_hook('review', AUTH_PUBLIC), - 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC), + 'password' => $this->make_hook('password', AUTH_PASSWD, 'user,groups'), + 'password/smtp' => $this->make_hook('smtppass', AUTH_PASSWD, 'mail'), + 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), + 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), + 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC), + 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC), + 'exit' => $this->make_hook('exit', AUTH_PUBLIC), + 'review' => $this->make_hook('review', AUTH_PUBLIC), + 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC), + + 'error' => $this->make_hook('test_error', AUTH_COOKIE), ); } @@ -197,6 +202,47 @@ class PlatalModule extends PLModule } } + function handler_prefs_email($page) + { + $page->changeTpl('platal/email_preferences.tpl'); + + if (Post::has('submit')) { + S::assert_xsrf_token(); + + $from_email = Post::t('from_email'); + $from_format = Post::v('from_format'); + + // Checks email. + $email_regex = '/^[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+$/i'; + if (!preg_match($email_regex, $from_email)) { + $full_regex = '/^[^<]*<[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+>$/i'; + if (!preg_match($full_regex, $from_email)) { + $page->trigError("L'adresse email est erronée."); + $error = true; + $page->assign('from_email', $from_email); + $page->assign('from_format', $from_format); + $page->assign('error', true); + return; + } + } + + // Saves data. + XDB::execute('UPDATE accounts + SET from_email = {?}, from_format = {?} + WHERE uid = {?}', + $from_email, ($from_format == 'html' ? 'html' : 'text'), S::user()->id()); + $page->trigSuccess('Données enregistrées.'); + } + + $data = XDB::fetchOneAssoc('SELECT from_email, from_format + FROM accounts + WHERE uid = {?}', + S::user()->id()); + $page->assign('from_email', $data['from_email']); + $page->assign('from_format', $data['from_format']); + $page->assign('error', false); + } + function handler_password($page) { global $globals; @@ -326,9 +372,14 @@ class PlatalModule extends PLModule $mymail->setFrom('"Gestion des mots de passe" mail->domain . '>'); if (is_null($to)) { $mymail->addTo($user); - $mymail->addTo($inactives_to); + $log_to = $user->bestEmail(); + if (!is_null($inactives_to)) { + $log_to = $inactives_to . ', ' . $log_to; + $mymail->addTo($inactives_to); + } } else { $mymail->addTo($to); + $log_to = $to; } $mymail->setSubject("Ton certificat d'authentification"); $mymail->setTxtBody("Visite la page suivante qui expire dans six heures : @@ -340,37 +391,65 @@ Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la Polytechnique.org \"Le portail des élèves & anciens élèves de l'École polytechnique\" -Email envoyé à ".Env::v('login') . (Post::has('email') ? " -Adresse de secours : " . Post::v('email') : "")); +Email envoyé à ".Env::v('login') . (is_null($to) ? '' : ' +Adresse de secours : ' . $to)); + $mymail->send(); + + S::logger($user->id())->log('recovery', $log_to); + } + + function handler_recovery_ext($page) + { + $page->changeTpl('xnet/recovery.tpl'); + + if (!Post::has('login')) { + return; + } + + $user = User::getSilent(Post::t('login')); + if (is_null($user)) { + $page->trigError('Le compte n\'existe pas.'); + return; + } + if ($user->state != 'active') { + $page->trigError('Ton compte n\'est pas activé.'); + return; + } + + $page->assign('ok', true); + + $hash = rand_url_id(); + XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat) + VALUES ({?}, NOW(), {?})', + $user->id(), $hash); + + $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl'); + $mymail->setTo($user); + $mymail->assign('hash', $hash); + $mymail->assign('email', Post::t('login')); $mymail->send(); - S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to); + S::logger($user->id())->log('recovery', $user->bestEmail()); } function handler_tmpPWD($page, $certif = null) { global $globals; - // XXX: recovery requires data from the profile XDB::execute('DELETE FROM account_lost_passwords WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); - $res = XDB::query('SELECT uid - FROM account_lost_passwords WHERE certificat={?}', $certif); - $ligne = $res->fetchOneAssoc(); - if (!$ligne) { - $page->changeTpl('platal/index.tpl'); - $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); - } - - $uid = $ligne["uid"]; if (Post::has('pwhash') && Post::t('pwhash')) { + $uid = XDB::fetchOneCell('SELECT uid + FROM accounts + WHERE hruid = {?}', + Post::t('username')); $password = Post::t('pwhash'); XDB::query('UPDATE accounts - SET password={?} + SET password = {?} WHERE uid = {?} AND state = \'active\'', $password, $uid); XDB::query('DELETE FROM account_lost_passwords - WHERE certificat={?}', $certif); + WHERE certificat = {?}', $certif); // If GoogleApps is enabled, and the user did choose to use synchronized passwords, // updates the Google Apps password as well. @@ -386,20 +465,70 @@ Adresse de secours : " . Post::v('email') : "")); // Try to start a session (so the user don't have to log in); we will use // the password available in Post:: to authenticate the user. - Platal::session()->start(AUTH_MDP); + Platal::session()->start(AUTH_PASSWD); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { + $res = XDB::query('SELECT uid + FROM account_lost_passwords + WHERE certificat = {?}', $certif); + $ligne = $res->fetchOneAssoc(); + if (!$ligne) { + $page->changeTpl('platal/index.tpl'); + $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); + } + $hruid = XDB::fetchOneCell('SELECT hruid FROM accounts WHERE uid = {?}', - $uid); + $ligne['uid']); $page->changeTpl('platal/password.tpl'); $page->assign('hruid', $hruid); $page->assign('do_auth', 1); } } + function handler_register_ext($page, $hash = null) + { + XDB::execute('DELETE FROM register_pending_xnet + WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date'); + $res = XDB::fetchOneAssoc('SELECT uid, hruid, email + FROM register_pending_xnet + WHERE hash = {?}', + $hash); + + if (is_null($hash) || is_null($res)) { + $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', ''); + } + + if (Post::has('pwhash') && Post::t('pwhash')) { + XDB::startTransaction(); + XDB::query('UPDATE accounts + SET password = {?}, state = \'active\', registration_date = NOW() + WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'', + Post::t('pwhash'), $res['uid']); + XDB::query('DELETE FROM register_pending_xnet + WHERE uid = {?}', + $res['uid']); + XDB::commit(); + + S::logger($res['uid'])->log('passwd', ''); + + // Try to start a session (so the user don't have to log in); we will use + // the password available in Post:: to authenticate the user. + Post::kill('wait'); + Platal::session()->startAvailableAuth(); + + $page->changeTpl('xnet/register.success.tpl'); + $page->assign('email', $res['email']); + } else { + $page->changeTpl('platal/password.tpl'); + $page->assign('xnet', true); + $page->assign('hruid', $res['hruid']); + $page->assign('do_auth', 1); + } + } + function handler_skin($page) { global $globals; @@ -483,7 +612,16 @@ Adresse de secours : " . Post::v('email') : "")); } $wiz->apply($page, 'review', $action, $mode); } + + function handler_test_error($page, $mode = null) + { + if ($mode == 'js') { + $page->changeTpl('platal/error.tpl'); + } else { + throw new Exception("Blih"); + } + } } -// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: +// vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8: ?>