X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=450022a1de660801df156ff160630a5341834bcd;hb=6d1747b3dbcf944c995dc2d87e8561c7a66f3aa6;hp=cf73869f7ecd846ca87b4e88c9a3eb540aff5c7b;hpb=54e73532f787629c1b9b98b0700aa37b75e01d33;p=platal.git
diff --git a/modules/platal.php b/modules/platal.php
index cf73869..450022a 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
handler_review($page);
}
}
@@ -87,40 +87,48 @@ class PlatalModule extends PLModule
exit;
}
- function handler_changelog(&$page)
+ function handler_changelog(&$page, $core = null)
{
$page->changeTpl('platal/changeLog.tpl');
- $clog = pl_entities(file_get_contents(dirname(__FILE__).'/../ChangeLog'));
- $clog = preg_replace('/===+\s*/', '
', $clog);
- // url catch only (not all wiki syntax)
- $clog = preg_replace(array(
- '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
- '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
- '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
- array(
- '\\0',
- '\\1www.\\2',
- '\\0'),
- $clog);
- $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
- $clog = preg_replace('!vim:.*$!', '', $clog);
- $clog = preg_replace("!(
(\\s|\n)*)?(\s|\n)*
((\\s|\n)*
)?!m", "", "$clog
");
- $page->assign('ChangeLog', $clog);
+ function formatChangeLog($file) {
+ $clog = pl_entities(file_get_contents($file));
+ $clog = preg_replace('/===+\s*/', '
', $clog);
+ // url catch only (not all wiki syntax)
+ $clog = preg_replace(array(
+ '/((?:https?|ftp):\/\/(?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/ui',
+ '/(\s|^)www\.((?:\.*,*[\w@~%$£µ&i#\-+=_\/\?;])*)/iu',
+ '/(?:mailto:)?([a-z0-9.\-+_]+@([\-.+_]?[a-z0-9])+)/i'),
+ array(
+ '\\0',
+ '\\1www.\\2',
+ '\\0'),
+ $clog);
+ $clog = preg_replace('!(#[0-9]+(,[0-9]+)*)!e', 'bugize("\1")', $clog);
+ $clog = preg_replace('!vim:.*$!', '', $clog);
+ return preg_replace("!(
(\\s|\n)*)?(\s|\n)*
((\\s|\n)*
)?!m", "", "$clog
");
+ }
+ if ($core != 'core') {
+ $page->assign('core', false);
+ $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../ChangeLog'));
+ } else {
+ $page->assign('core', true);
+ $page->assign('ChangeLog', formatChangeLog(dirname(__FILE__).'/../core/ChangeLog'));
+ }
}
function __set_rss_state($state)
{
if ($state) {
- $_SESSION['core_rss_hash'] = rand_url_id(16);
- XDB::execute('UPDATE auth_user_quick
- SET core_rss_hash={?} WHERE user_id={?}',
- S::v('core_rss_hash'), S::v('uid'));
+ S::set('token', rand_url_id(16));
+ XDB::execute('UPDATE accounts
+ SET token = {?}
+ WHERE uid = {?}', S::s('token'), S::i('uid'));
} else {
- XDB::execute('UPDATE auth_user_quick
- SET core_rss_hash="" WHERE user_id={?}',
- S::v('uid'));
- S::kill('core_rss_hash');
+ S::kill('token');
+ XDB::execute('UPDATE accounts
+ SET token = NULL
+ WHERE uid = {?}', S::i('uid'));
}
}
@@ -129,14 +137,13 @@ class PlatalModule extends PLModule
$page->changeTpl('platal/preferences.tpl');
$page->setTitle('Mes préférences');
- if (Post::has('mail_fmt')) {
- $fmt = Post::v('mail_fmt');
- if ($fmt != 'texte') $fmt = 'html';
- XDB::execute("UPDATE auth_user_quick
- SET core_mail_fmt = '$fmt'
- WHERE user_id = {?}",
- S::v('uid'));
- $_SESSION['mail_fmt'] = $fmt;
+ if (Post::has('email_format')) {
+ $fmt = Post::s('email_format');
+ XDB::execute("UPDATE accounts
+ SET email_format = {?}
+ WHERE uid = {?}",
+ $fmt, S::v('uid'));
+ S::set('email_format', $fmt);
}
if (Post::has('rss')) {
@@ -155,33 +162,31 @@ class PlatalModule extends PLModule
function handler_webredir(&$page)
{
$page->changeTpl('platal/webredirect.tpl');
-
$page->setTitle('Redirection de page WEB');
- $log =& S::v('log');
- $url = Env::v('url');
-
- if (Env::v('submit') == 'Valider' and Env::has('url')) {
- XDB::execute('UPDATE auth_user_quick
- SET redirecturl = {?} WHERE user_id = {?}',
- $url, S::v('uid'));
- S::logger()->log('carva_add', 'http://'.Env::v('url'));
- $page->trigSuccess("Redirection activée vers $url");
- } elseif (Env::v('submit') == "Supprimer") {
- XDB::execute("UPDATE auth_user_quick
- SET redirecturl = ''
- WHERE user_id = {?}",
- S::v('uid'));
- S::logger()->log("carva_del", $url);
+ if (Env::v('submit') == 'Valider' && !Env::blank('url')) {
+ if (Env::blank('url')) {
+ $page->trigError('URL invalide');
+ } else {
+ $url = Env::t('url');
+ XDB::execute('REPLACE INTO carvas (uid, url)
+ VALUES ({?}, {?})',
+ S::i('uid'), $url);
+ S::logger()->log('carva_add', 'http://' . $url);
+ $page->trigSuccess("Redirection activée vers $url");
+ }
+ } elseif (Env::v('submit') == 'Supprimer') {
+ XDB::execute('DELETE FROM carvas
+ WHERE uid = {?}', S::i('uid'));
Post::kill('url');
+ S::logger()->log('carva_del');
$page->trigSuccess('Redirection supprimée');
}
- $res = XDB::query('SELECT redirecturl
- FROM auth_user_quick
- WHERE user_id = {?}',
- S::v('uid'));
- $page->assign('carva', $res->fetchOneCell());
+ $url = XDB::fetchOneCell('SELECT url
+ FROM carvas
+ WHERE uid = {?}', S::i('uid'));
+ $page->assign('carva', $url);
# FIXME: this code is not multi-domain compatible. We should decide how
# carva will extend to users not in the main domain.
@@ -209,15 +214,13 @@ class PlatalModule extends PLModule
global $globals;
if (Post::has('response2')) {
- require_once 'secure_hash.inc.php';
S::assert_xsrf_token();
- $_SESSION['password'] = $password = Post::v('response2');
-
- XDB::execute('UPDATE auth_user_md5
- SET password={?}
- WHERE user_id={?}', $password,
- S::v('uid'));
+ S::set('password', $password = Post::v('response2'));
+ XDB::execute('UPDATE accounts
+ SET password = {?}
+ WHERE uid={?}', $password,
+ S::i('uid'));
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
// updates the Google Apps password as well.
@@ -229,13 +232,8 @@ class PlatalModule extends PLModule
}
}
- $log =& S::v('log');
- S::logger()->log('passwd', '');
-
- if (Cookie::v('ORGaccess')) {
- setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
- S::logger()->log('cookie_on', '');
- }
+ S::logger()->log('passwd');
+ Platal::session()->setAccessCookie(true);
$page->changeTpl('platal/motdepasse.success.tpl');
$page->run();
@@ -256,27 +254,27 @@ class PlatalModule extends PLModule
$wp = new PlWikiPage('Xorg.NNTPSécurisé');
$wp->buildCache();
- $uid = S::v('uid');
+ $uid = S::i('uid');
$pass = Env::v('smtppass1');
- $log = S::v('log');
if (Env::v('op') == "Valider" && strlen($pass) >= 6
- && Env::v('smtppass1') == Env::v('smtppass2'))
- {
- XDB::execute('UPDATE auth_user_md5 SET smtppass = {?}
- WHERE user_id = {?}', $pass, $uid);
+ && Env::v('smtppass1') == Env::v('smtppass2')) {
+ XDB::execute('UPDATE accounts
+ SET weak_password = {?}
+ WHERE uid = {?}', $pass, $uid);
$page->trigSuccess('Mot de passe enregistré');
S::logger()->log("passwd_ssl");
} elseif (Env::v('op') == "Supprimer") {
- XDB::execute('UPDATE auth_user_md5 SET smtppass = ""
- WHERE user_id = {?}', $uid);
+ XDB::execute('UPDATE accounts
+ SET weak_password = NULL
+ WHERE uid = {?}', $uid);
$page->trigSuccess('Compte SMTP et NNTP supprimé');
S::logger()->log("passwd_del");
}
- $res = XDB::query("SELECT IF(smtppass != '', 'actif', '')
- FROM auth_user_md5
- WHERE user_id = {?}", $uid);
+ $res = XDB::query("SELECT weak_password IS NOT NULL
+ FROM accounts
+ WHERE uid = {?}", $uid);
$page->assign('actif', $res->fetchOneCell());
}
@@ -302,9 +300,7 @@ class PlatalModule extends PLModule
$mailorg = strtok(Env::v('login'), '@');
- // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update
- // avec celle fournie ici en espérant que c'est la bonne
-
+ // XXX: recovery requires usage of profile data.
$res = XDB::query(
"SELECT user_id, naissance
FROM auth_user_md5 AS u
@@ -367,10 +363,12 @@ Adresse de secours : " . Post::v('email') : ""));
function handler_tmpPWD(&$page, $certif = null)
{
global $globals;
- XDB::execute('DELETE FROM perte_pass
- WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
+ // XXX: recovery requires data from the profile
+ XDB::execute('DELETE FROM perte_pass
+ WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
- $res = XDB::query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif);
+ $res = XDB::query('SELECT uid
+ FROM perte_pass WHERE certificat={?}', $certif);
$ligne = $res->fetchOneAssoc();
if (!$ligne) {
$page->changeTpl('platal/index.tpl');
@@ -380,10 +378,12 @@ Adresse de secours : " . Post::v('email') : ""));
$uid = $ligne["uid"];
if (Post::has('response2')) {
$password = Post::v('response2');
- XDB::query('UPDATE auth_user_md5 SET password={?}
- WHERE user_id={?} AND perms IN("admin","user")',
- $password, $uid);
- XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
+ XDB::query('UPDATE accounts
+ SET password={?}
+ WHERE uid = {?} AND state = \'active\'',
+ $password, $uid);
+ XDB::query('DELETE FROM perte_pass
+ WHERE certificat={?}', $certif);
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
// updates the Google Apps password as well.
@@ -411,50 +411,47 @@ Adresse de secours : " . Post::v('email') : ""));
$page->setTitle('Skins');
if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées
- XDB::execute('UPDATE auth_user_quick
- SET skin={?} WHERE user_id={?}',
- Env::i('newskin'), S::v('uid'));
+ XDB::execute('UPDATE accounts
+ SET skin = {?}
+ WHERE uid = {?}',
+ Env::i('newskin'), S::i('uid'));
S::kill('skin');
Platal::session()->setSkin();
}
- $res = XDB::query('SELECT id FROM skins WHERE skin_tpl={?}', S::v('skin'));
+ $res = XDB::query('SELECT id
+ FROM skins
+ WHERE skin_tpl = {?}', S::v('skin'));
$page->assign('skin_id', $res->fetchOneCell());
- $sql = "SELECT s.*,auteur,count(*) AS nb
- FROM skins AS s
- LEFT JOIN auth_user_quick AS a ON s.id=a.skin
- WHERE skin_tpl != '' AND ext != ''
- GROUP BY id ORDER BY s.date DESC";
+ $sql = 'SELECT s.*, auteur, COUNT(*) AS nb
+ FROM skins AS s
+ LEFT JOIN accounts AS a ON (a.skin = s.id)
+ WHERE skin_tpl != \'\' AND ext != \'\'
+ GROUP BY id ORDER BY s.date DESC';
$page->assign('skins', XDB::iterator($sql));
}
function handler_exit(&$page, $level = null)
{
- if (S::has('suid')) {
- $suid = S::v('suid');
- $log = S::v('log');
- S::logger()->log("suid_stop", S::user()->login() . " by " . $suid['hruid']);
+ if (S::suid()) {
+ S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
Platal::session()->stopSUID();
pl_redirect('admin/user/' . S::user()->login());
}
if ($level == 'forget' || $level == 'forgetall') {
- setcookie('ORGaccess', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGaccess');
- S::logger()->log("cookie_off");
+ Platal::session()->killAccessCookie();
}
if ($level == 'forgetuid' || $level == 'forgetall') {
- setcookie('ORGuid', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGuid');
- setcookie('ORGdomain', '', time() - 3600, '/', '', 0);
- Cookie::kill('ORGdomain');
+ Platal::session()->killLoginFormCookies();
}
- $ref = isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : '';
- S::logger()->log('deconnexion',$ref);
- Platal::session()->destroy();
+ if (S::logged()) {
+ S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
+ Platal::session()->destroy();
+ }
if (Get::has('redirect')) {
http_redirect(rawurldecode(Get::v('redirect')));