X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=7c3093be3b10889f1913ad7e808ba61a91f88feb;hb=cecdf74795e71ed038411915dad5e0dff6ea51fa;hp=e24ce587ebd5b42c50b2664f33b9694a2a21b8c8;hpb=2ab3486b89b57e612d6f412afa97f7442a0e2ac0;p=platal.git diff --git a/modules/platal.php b/modules/platal.php index e24ce58..7c3093b 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -45,13 +45,13 @@ class PlatalModule extends PLModule // Preferences thingies 'prefs' => $this->make_hook('prefs', AUTH_COOKIE), 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE), - 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP), + 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE), // password related thingies 'password' => $this->make_hook('password', AUTH_MDP), 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), - 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP), + 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), 'exit' => $this->make_hook('exit', AUTH_PUBLIC), 'review' => $this->make_hook('review', AUTH_PUBLIC), @@ -113,12 +113,16 @@ class PlatalModule extends PLModule function __set_rss_state($state) { if ($state) { - S::user()->token = rand_url_id(16); - XDB::execute('UPDATE accounts - SET token = {?} - WHERE uid = {?}', S::user()->token, S::i('uid')); + if (!S::user()->token) { + S::user()->token = rand_url_id(16); + S::set('token', S::user()->token); + XDB::execute('UPDATE accounts + SET token = {?} + WHERE uid = {?}', S::user()->token, S::i('uid')); + } } else { S::kill('token'); + S::user()->token = null; XDB::execute('UPDATE accounts SET token = NULL WHERE uid = {?}', S::i('uid')); @@ -131,21 +135,15 @@ class PlatalModule extends PLModule $page->setTitle('Mes préférences'); if (Post::has('email_format')) { + S::assert_xsrf_token(); $fmt = Post::s('email_format'); S::user()->setEmailFormat($fmt); } if (Post::has('rss')) { - $this->__set_rss_state(Post::b('rss')); + S::assert_xsrf_token(); + $this->__set_rss_state(Post::s('rss') == 'on'); } - - # FIXME: this code is not multi-domain compatible. We should decide how - # carva will extend to users not in the main domain. - $res = XDB::query("SELECT alias - FROM aliases - WHERE uid = {?} AND FIND_IN_SET('bestalias', flags)", - S::user()->id()); - $page->assign('bestalias', $res->fetchOneCell()); } function handler_webredir(&$page) @@ -202,10 +200,10 @@ class PlatalModule extends PLModule { global $globals; - if (Post::has('response2')) { + if (Post::has('pwhash') && Post::t('pwhash')) { S::assert_xsrf_token(); - S::set('password', $password = Post::v('response2')); + S::set('password', $password = Post::t('pwhash')); XDB::execute('UPDATE accounts SET password = {?} WHERE uid={?}', $password, @@ -224,12 +222,12 @@ class PlatalModule extends PLModule S::logger()->log('passwd'); Platal::session()->setAccessCookie(true); - $page->changeTpl('platal/motdepasse.success.tpl'); + $page->changeTpl('platal/password.success.tpl'); $page->run(); } - $page->changeTpl('platal/motdepasse.tpl'); - $page->addJsLink('motdepasse.js'); + $page->changeTpl('platal/password.tpl'); + $page->addJsLink('password.js'); $page->setTitle('Mon mot de passe'); } @@ -365,8 +363,8 @@ Adresse de secours : " . Post::v('email') : "")); } $uid = $ligne["uid"]; - if (Post::has('response2')) { - $password = Post::v('response2'); + if (Post::has('pwhash') && Post::t('pwhash')) { + $password = Post::t('pwhash'); XDB::query('UPDATE accounts SET password={?} WHERE uid = {?} AND state = \'active\'', @@ -387,8 +385,8 @@ Adresse de secours : " . Post::v('email') : "")); S::logger($uid)->log("passwd", ""); $page->changeTpl('platal/tmpPWD.success.tpl'); } else { - $page->changeTpl('platal/motdepasse.tpl'); - $page->addJsLink('motdepasse.js'); + $page->changeTpl('platal/password.tpl'); + $page->addJsLink('password.js'); } } @@ -424,9 +422,15 @@ Adresse de secours : " . Post::v('email') : "")); function handler_exit(&$page, $level = null) { if (S::suid()) { - S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid')); + $old = S::user()->login(); + S::logger()->log('suid_stop', $old . " by " . S::suid('hruid')); Platal::session()->stopSUID(); - pl_redirect('admin/user/' . S::user()->login()); + $target = S::s('suid_startpage'); + S::kill('suid_startpage'); + if (!empty($target)) { + http_redirect($target); + } + pl_redirect('admin/user/' . $old); } if ($level == 'forget' || $level == 'forgetall') { @@ -449,7 +453,7 @@ Adresse de secours : " . Post::v('email') : "")); } } - function handler_review(&$page, $action = null, $mode = null) + function handler_review(&$page, $action = null, $mode = null) { // Include X-XRDS-Location response-header for Yadis discovery global $globals;