X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=3c4776a798dd071f320804d8509832d6472d5c3b;hb=22c5024fa1ae6ca6462890e2da38921e76096a80;hp=c9fd3d958bd2a3ebe20791e70527923a92256f61;hpb=d89a495539357b3ad30f7b891bd23d1805355a52;p=platal.git diff --git a/modules/platal.php b/modules/platal.php index c9fd3d9..3c4776a 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -38,26 +38,27 @@ class PlatalModule extends PLModule function handlers() { return array( - 'index' => $this->make_hook('index', AUTH_PUBLIC), - 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC), - 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), + 'index' => $this->make_hook('index', AUTH_PUBLIC), + 'cacert.pem' => $this->make_hook('cacert', AUTH_PUBLIC), + 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), // Preferences thingies - 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'), - 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'), - 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), - 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'), + 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'), + 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'), + 'prefs/webredirect' => $this->make_hook('webredir', AUTH_PASSWD, 'mail'), + 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'), + 'prefs/email' => $this->make_hook('prefs_email', AUTH_COOKIE, 'mail'), // password related thingies - 'password' => $this->make_hook('password', AUTH_MDP, 'user,groups'), - 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), - 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), - 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), + 'password' => $this->make_hook('password', AUTH_PASSWD, 'user,groups'), + 'password/smtp' => $this->make_hook('smtppass', AUTH_PASSWD, 'mail'), + 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), + 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC), 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC), - 'exit' => $this->make_hook('exit', AUTH_PUBLIC), - 'review' => $this->make_hook('review', AUTH_PUBLIC), - 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC), + 'exit' => $this->make_hook('exit', AUTH_PUBLIC), + 'review' => $this->make_hook('review', AUTH_PUBLIC), + 'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC), ); } @@ -199,6 +200,47 @@ class PlatalModule extends PLModule } } + function handler_prefs_email($page) + { + $page->changeTpl('platal/email_preferences.tpl'); + + if (Post::has('submit')) { + S::assert_xsrf_token(); + + $from_email = Post::t('from_email'); + $from_format = Post::v('from_format'); + + // Checks email. + $email_regex = '/^[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+$/i'; + if (!preg_match($email_regex, $from_email)) { + $full_regex = '/^[^<]*<[a-z0-9.\-+_\$]+@([\-.+_]?[a-z0-9])+>$/i'; + if (!preg_match($full_regex, $from_email)) { + $page->trigError("L'adresse email est erronée."); + $error = true; + $page->assign('from_email', $from_email); + $page->assign('from_format', $from_format); + $page->assign('error', true); + return; + } + } + + // Saves data. + XDB::execute('UPDATE accounts + SET from_email = {?}, from_format = {?} + WHERE uid = {?}', + $from_email, ($from_format == 'html' ? 'html' : 'text'), S::user()->id()); + $page->trigSuccess('Données enregistrées.'); + } + + $data = XDB::fetchOneAssoc('SELECT from_email, from_format + FROM accounts + WHERE uid = {?}', + S::user()->id()); + $page->assign('from_email', $data['from_email']); + $page->assign('from_format', $data['from_format']); + $page->assign('error', false); + } + function handler_password($page) { global $globals; @@ -328,9 +370,14 @@ class PlatalModule extends PLModule $mymail->setFrom('"Gestion des mots de passe" mail->domain . '>'); if (is_null($to)) { $mymail->addTo($user); - $mymail->addTo($inactives_to); + $log_to = $user->bestEmail(); + if (!is_null($inactives_to)) { + $log_to = $inactives_to . ', ' . $log_to; + $mymail->addTo($inactives_to); + } } else { $mymail->addTo($to); + $log_to = $to; } $mymail->setSubject("Ton certificat d'authentification"); $mymail->setTxtBody("Visite la page suivante qui expire dans six heures : @@ -346,7 +393,7 @@ Email envoyé à ".Env::v('login') . (is_null($to) ? '' : ' Adresse de secours : ' . $to)); $mymail->send(); - S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to); + S::logger($user->id())->log('recovery', $log_to); } function handler_recovery_ext($page) @@ -375,7 +422,7 @@ Adresse de secours : ' . $to)); $user->id(), $hash); $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl'); - $mymail->addTo($user); + $mymail->setTo($user); $mymail->assign('hash', $hash); $mymail->assign('email', Post::t('login')); $mymail->send(); @@ -389,23 +436,18 @@ Adresse de secours : ' . $to)); XDB::execute('DELETE FROM account_lost_passwords WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); - $res = XDB::query('SELECT uid - FROM account_lost_passwords WHERE certificat={?}', $certif); - $ligne = $res->fetchOneAssoc(); - if (!$ligne) { - $page->changeTpl('platal/index.tpl'); - $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); - } - - $uid = $ligne["uid"]; if (Post::has('pwhash') && Post::t('pwhash')) { + $uid = XDB::fetchOneCell('SELECT uid + FROM accounts + WHERE hruid = {?}', + Post::t('username')); $password = Post::t('pwhash'); XDB::query('UPDATE accounts - SET password={?} + SET password = {?} WHERE uid = {?} AND state = \'active\'', $password, $uid); XDB::query('DELETE FROM account_lost_passwords - WHERE certificat={?}', $certif); + WHERE certificat = {?}', $certif); // If GoogleApps is enabled, and the user did choose to use synchronized passwords, // updates the Google Apps password as well. @@ -421,14 +463,23 @@ Adresse de secours : ' . $to)); // Try to start a session (so the user don't have to log in); we will use // the password available in Post:: to authenticate the user. - Platal::session()->start(AUTH_MDP); + Platal::session()->start(AUTH_PASSWD); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { + $res = XDB::query('SELECT uid + FROM account_lost_passwords + WHERE certificat = {?}', $certif); + $ligne = $res->fetchOneAssoc(); + if (!$ligne) { + $page->changeTpl('platal/index.tpl'); + $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); + } + $hruid = XDB::fetchOneCell('SELECT hruid FROM accounts WHERE uid = {?}', - $uid); + $ligne['uid']); $page->changeTpl('platal/password.tpl'); $page->assign('hruid', $hruid); $page->assign('do_auth', 1);