X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=29821a6fde947b4522f2f624dcbe0f295732a3af;hb=30439e345867f0ba5535ad37744301fc021983bd;hp=f123ba75a096c67657139624a436a0778ea52c12;hpb=6846791e5d324dd3907f69da8caa0c678fe453ac;p=platal.git
diff --git a/modules/platal.php b/modules/platal.php
index f123ba7..29821a6 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
$this->make_hook('index', AUTH_PUBLIC),
- 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
- 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
+ 'index' => $this->make_hook('index', AUTH_PUBLIC),
+ 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC),
+ 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
// Preferences thingies
- 'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
- 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
- 'prefs/webredirect'
- => $this->make_hook('webredir', AUTH_MDP),
- 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
+ 'prefs' => $this->make_hook('prefs', AUTH_COOKIE),
+ 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
+ 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
+ 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
// password related thingies
- 'password' => $this->make_hook('password', AUTH_MDP),
- 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
- 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
- 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
- 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
- 'review' => $this->make_hook('review', AUTH_PUBLIC),
- 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
+ 'password' => $this->make_hook('password', AUTH_MDP),
+ 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
+ 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
+ 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
+ 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
+ 'review' => $this->make_hook('review', AUTH_PUBLIC),
+ 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
);
}
- function handler_index(&$page)
+ function handler_index($page)
{
// Include X-XRDS-Location response-header for Yadis discovery
global $globals;
- header('X-XRDS-Location: ' . $globals->baseurl . '/openid/idp_xrds');
+ header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
// Redirect to the suitable page
if (S::logged()) {
@@ -74,20 +73,14 @@ class PlatalModule extends PLModule
}
}
- function handler_cacert(&$page)
+ function handler_cacert($page)
{
- $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
- header("Pragma:");
- header("Set-Cookie:");
- header("Cache-Control:");
- header("Expires:");
- header("Content-Type: application/x-x509-ca-cert");
- header("Content-Length: ".strlen($data));
- echo $data;
+ pl_cached_content_headers("application/x-x509-ca-cert");
+ readfile("/etc/ssl/xorgCA/cacert.pem");
exit;
}
- function handler_changelog(&$page, $core = null)
+ function handler_changelog($page, $core = null)
{
$page->changeTpl('platal/changeLog.tpl');
@@ -120,46 +113,40 @@ class PlatalModule extends PLModule
function __set_rss_state($state)
{
if ($state) {
- S::set('token', rand_url_id(16));
- XDB::execute('UPDATE accounts
- SET token = {?}
- WHERE uid = {?}', S::s('token'), S::i('uid'));
+ if (!S::user()->token) {
+ S::user()->token = rand_url_id(16);
+ S::set('token', S::user()->token);
+ XDB::execute('UPDATE accounts
+ SET token = {?}
+ WHERE uid = {?}', S::user()->token, S::i('uid'));
+ }
} else {
S::kill('token');
+ S::user()->token = null;
XDB::execute('UPDATE accounts
SET token = NULL
WHERE uid = {?}', S::i('uid'));
}
}
- function handler_prefs(&$page)
+ function handler_prefs($page)
{
$page->changeTpl('platal/preferences.tpl');
$page->setTitle('Mes préférences');
if (Post::has('email_format')) {
+ S::assert_xsrf_token();
$fmt = Post::s('email_format');
- XDB::execute("UPDATE accounts
- SET email_format = {?}
- WHERE uid = {?}",
- $fmt, S::v('uid'));
- S::set('email_format', $fmt);
+ S::user()->setEmailFormat($fmt);
}
if (Post::has('rss')) {
- $this->__set_rss_state(Post::b('rss'));
+ S::assert_xsrf_token();
+ $this->__set_rss_state(Post::s('rss') == 'on');
}
-
- # FIXME: this code is not multi-domain compatible. We should decide how
- # carva will extend to users not in the main domain.
- $res = XDB::query("SELECT alias
- FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
- S::user()->id());
- $page->assign('bestalias', $res->fetchOneCell());
}
- function handler_webredir(&$page)
+ function handler_webredir($page)
{
$page->changeTpl('platal/webredirect.tpl');
$page->setTitle('Redirection de page WEB');
@@ -169,8 +156,9 @@ class PlatalModule extends PLModule
$page->trigError('URL invalide');
} else {
$url = Env::t('url');
- XDB::execute('REPLACE INTO carvas (uid, url)
- VALUES ({?}, {?})',
+ XDB::execute('INSERT INTO carvas (uid, url)
+ VALUES ({?}, {?})
+ ON DUPLICATE KEY UPDATE url = VALUES(url)',
S::i('uid'), $url);
S::logger()->log('carva_add', 'http://' . $url);
$page->trigSuccess("Redirection activée vers $url");
@@ -190,14 +178,14 @@ class PlatalModule extends PLModule
# FIXME: this code is not multi-domain compatible. We should decide how
# carva will extend to users not in the main domain.
- $res = XDB::query("SELECT alias
- FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
- S::user()->id());
- $page->assign('bestalias', $res->fetchOneCell());
+ $best = XDB::fetchOneCell('SELECT email
+ FROM email_source_account
+ WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)',
+ S::user()->id());
+ $page->assign('bestalias', $best);
}
- function handler_prefs_rss(&$page)
+ function handler_prefs_rss($page)
{
$page->changeTpl('platal/filrss.tpl');
@@ -209,14 +197,14 @@ class PlatalModule extends PLModule
}
}
- function handler_password(&$page)
+ function handler_password($page)
{
global $globals;
- if (Post::has('response2')) {
+ if (Post::has('pwhash') && Post::t('pwhash')) {
S::assert_xsrf_token();
- S::set('password', $password = Post::v('response2'));
+ S::set('password', $password = Post::t('pwhash'));
XDB::execute('UPDATE accounts
SET password = {?}
WHERE uid={?}', $password,
@@ -235,16 +223,15 @@ class PlatalModule extends PLModule
S::logger()->log('passwd');
Platal::session()->setAccessCookie(true);
- $page->changeTpl('platal/motdepasse.success.tpl');
+ $page->changeTpl('platal/password.success.tpl');
$page->run();
}
- $page->changeTpl('platal/motdepasse.tpl');
- $page->addJsLink('motdepasse.js');
+ $page->changeTpl('platal/password.tpl');
$page->setTitle('Mon mot de passe');
}
- function handler_smtppass(&$page)
+ function handler_smtppass($page)
{
$page->changeTpl('platal/acces_smtp.tpl');
$page->setTitle('Acces SMTP/NNTP');
@@ -278,7 +265,7 @@ class PlatalModule extends PLModule
$page->assign('actif', $res->fetchOneCell());
}
- function handler_recovery(&$page)
+ function handler_recovery($page)
{
global $globals;
@@ -313,36 +300,36 @@ class PlatalModule extends PLModule
return;
}
- $res = XDB::query("SELECT COUNT(*)
- FROM emails
- WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $user->id());
- $count = intval($res->fetchOneCell());
- if ($count == 0) {
+ if ($user->lost) {
$page->assign('no_addr', true);
return;
}
$page->assign('ok', true);
- $url = rand_url_id();
- XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
+ $url = rand_url_id();
+ XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
VALUES ({?},{?},NOW())', $url, $user->id());
- $res = XDB::query('SELECT email
- FROM emails
- WHERE uid = {?} AND email = {?}',
- $user->id(), Post::v('email'));
- if ($res->numRows()) {
- $mails = $res->fetchOneCell();
- } else {
- $res = XDB::query('SELECT email
- FROM emails
- WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $user->id());
- $mails = implode(', ', $res->fetchColumn());
+ $to = XDB::fetchOneCell('SELECT redirect
+ FROM email_redirect_account
+ WHERE uid = {?} AND redirect = {?}',
+ $user->id(), Post::t('email'));
+ if (is_null($to)) {
+ $emails = XDB::fetchColumn('SELECT redirect
+ FROM email_redirect_account
+ WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'',
+ $user->id());
+ $inactives_to = implode(', ', $emails);
}
$mymail = new PlMailer();
$mymail->setFrom('"Gestion des mots de passe" mail->domain . '>');
- $mymail->addTo($mails);
- $mymail->setSubject('Ton certificat d\'authentification');
+ if (is_null($to)) {
+ $mymail->addTo($user);
+ $mymail->addTo($inactives_to);
+ } else {
+ $mymail->addTo($to);
+ }
+ $mymail->setSubject("Ton certificat d'authentification");
$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url
@@ -350,7 +337,7 @@ Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la
--
Polytechnique.org
-\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
+\"Le portail des élèves & anciens élèves de l'Ãcole polytechnique\"
Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
@@ -360,15 +347,15 @@ Adresse de secours : " . Post::v('email') : ""));
S::logger($user->id())->log('recovery', $mails);
}
- function handler_tmpPWD(&$page, $certif = null)
+ function handler_tmpPWD($page, $certif = null)
{
global $globals;
// XXX: recovery requires data from the profile
- XDB::execute('DELETE FROM perte_pass
+ XDB::execute('DELETE FROM account_lost_passwords
WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
$res = XDB::query('SELECT uid
- FROM perte_pass WHERE certificat={?}', $certif);
+ FROM account_lost_passwords WHERE certificat={?}', $certif);
$ligne = $res->fetchOneAssoc();
if (!$ligne) {
$page->changeTpl('platal/index.tpl');
@@ -376,13 +363,13 @@ Adresse de secours : " . Post::v('email') : ""));
}
$uid = $ligne["uid"];
- if (Post::has('response2')) {
- $password = Post::v('response2');
+ if (Post::has('pwhash') && Post::t('pwhash')) {
+ $password = Post::t('pwhash');
XDB::query('UPDATE accounts
SET password={?}
WHERE uid = {?} AND state = \'active\'',
$password, $uid);
- XDB::query('DELETE FROM perte_pass
+ XDB::query('DELETE FROM account_lost_passwords
WHERE certificat={?}', $certif);
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
@@ -396,14 +383,23 @@ Adresse de secours : " . Post::v('email') : ""));
}
S::logger($uid)->log("passwd", "");
+
+ // Try to start a session (so the user don't have to log in); we will use
+ // the password available in Post:: to authenticate the user.
+ Platal::session()->start(AUTH_MDP);
+
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
- $page->changeTpl('platal/motdepasse.tpl');
- $page->addJsLink('motdepasse.js');
+ $hruid = XDB::fetchOneCell('SELECT hruid
+ FROM accounts
+ WHERE uid = {?}',
+ $uid);
+ $page->changeTpl('platal/password.tpl');
+ $page->assign('hruid', $hruid);
}
}
- function handler_skin(&$page)
+ function handler_skin($page)
{
global $globals;
@@ -432,12 +428,18 @@ Adresse de secours : " . Post::v('email') : ""));
$page->assign('skins', XDB::iterator($sql));
}
- function handler_exit(&$page, $level = null)
+ function handler_exit($page, $level = null)
{
if (S::suid()) {
- S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
+ $old = S::user()->login();
+ S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
Platal::session()->stopSUID();
- pl_redirect('admin/user/' . S::user()->login());
+ $target = S::s('suid_startpage');
+ S::kill('suid_startpage');
+ if (!empty($target)) {
+ http_redirect($target);
+ }
+ pl_redirect('admin/user/' . $old);
}
if ($level == 'forget' || $level == 'forgetall') {
@@ -460,11 +462,11 @@ Adresse de secours : " . Post::v('email') : ""));
}
}
- function handler_review(&$page, $action = null, $mode = null)
+ function handler_review($page, $action = null, $mode = null)
{
// Include X-XRDS-Location response-header for Yadis discovery
global $globals;
- header('X-XRDS-Location: ' . $globals->baseurl . '/openid/idp_xrds');
+ header('X-XRDS-Location: ' . $globals->baseurl . '/openid/xrds');
$this->load('review.inc.php');
$dom = 'Review';