X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=cfa973f1e5c1b6d6e3cb327fa3b5ed6dd0b8c98b;hb=2d89ec936167033886ae76b153605d7ccf19bc20;hp=94a4077c8e6a8a36be25322316eb7984eb12835b;hpb=b00527ff4a4883f2bd8bdfcceb6d4123f19ef785;p=platal.git
diff --git a/modules/platal.php b/modules/platal.php
index 94a4077..cfa973f 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -1,6 +1,6 @@
$this->make_hook('prefs', AUTH_COOKIE),
'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE),
- 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP),
+ 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE),
// password related thingies
'password' => $this->make_hook('password', AUTH_MDP),
'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
- 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP),
+ 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
'exit' => $this->make_hook('exit', AUTH_PUBLIC),
'review' => $this->make_hook('review', AUTH_PUBLIC),
@@ -75,14 +75,8 @@ class PlatalModule extends PLModule
function handler_cacert(&$page)
{
- $data = file_get_contents("/etc/ssl/xorgCA/cacert.pem","r");
- header("Pragma:");
- header("Set-Cookie:");
- header("Cache-Control:");
- header("Expires:");
- header("Content-Type: application/x-x509-ca-cert");
- header("Content-Length: ".strlen($data));
- echo $data;
+ pl_cached_content_headers("application/x-x509-ca-cert");
+ readfile("/etc/ssl/xorgCA/cacert.pem");
exit;
}
@@ -119,12 +113,16 @@ class PlatalModule extends PLModule
function __set_rss_state($state)
{
if ($state) {
- S::set('token', rand_url_id(16));
- XDB::execute('UPDATE accounts
- SET token = {?}
- WHERE uid = {?}', S::s('token'), S::i('uid'));
+ if (!S::user()->token) {
+ S::user()->token = rand_url_id(16);
+ S::set('token', S::user()->token);
+ XDB::execute('UPDATE accounts
+ SET token = {?}
+ WHERE uid = {?}', S::user()->token, S::i('uid'));
+ }
} else {
S::kill('token');
+ S::user()->token = null;
XDB::execute('UPDATE accounts
SET token = NULL
WHERE uid = {?}', S::i('uid'));
@@ -137,25 +135,15 @@ class PlatalModule extends PLModule
$page->setTitle('Mes préférences');
if (Post::has('email_format')) {
+ S::assert_xsrf_token();
$fmt = Post::s('email_format');
- XDB::execute("UPDATE accounts
- SET email_format = {?}
- WHERE uid = {?}",
- $fmt, S::v('uid'));
- S::set('email_format', $fmt);
+ S::user()->setEmailFormat($fmt);
}
if (Post::has('rss')) {
- $this->__set_rss_state(Post::b('rss'));
+ S::assert_xsrf_token();
+ $this->__set_rss_state(Post::s('rss') == 'on');
}
-
- # FIXME: this code is not multi-domain compatible. We should decide how
- # carva will extend to users not in the main domain.
- $res = XDB::query("SELECT alias
- FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
- S::user()->id());
- $page->assign('bestalias', $res->fetchOneCell());
}
function handler_webredir(&$page)
@@ -168,8 +156,9 @@ class PlatalModule extends PLModule
$page->trigError('URL invalide');
} else {
$url = Env::t('url');
- XDB::execute('REPLACE INTO carvas (uid, url)
- VALUES ({?}, {?})',
+ XDB::execute('INSERT INTO carvas (uid, url)
+ VALUES ({?}, {?})
+ ON DUPLICATE KEY UPDATE url = VALUES(url)',
S::i('uid'), $url);
S::logger()->log('carva_add', 'http://' . $url);
$page->trigSuccess("Redirection activée vers $url");
@@ -191,7 +180,7 @@ class PlatalModule extends PLModule
# carva will extend to users not in the main domain.
$res = XDB::query("SELECT alias
FROM aliases
- WHERE id = {?} AND FIND_IN_SET('bestalias', flags)",
+ WHERE uid = {?} AND FIND_IN_SET('bestalias', flags)",
S::user()->id());
$page->assign('bestalias', $res->fetchOneCell());
}
@@ -212,10 +201,10 @@ class PlatalModule extends PLModule
{
global $globals;
- if (Post::has('response2')) {
+ if (Post::has('pwhash') && Post::t('pwhash')) {
S::assert_xsrf_token();
- S::set('password', $password = Post::v('response2'));
+ S::set('password', $password = Post::t('pwhash'));
XDB::execute('UPDATE accounts
SET password = {?}
WHERE uid={?}', $password,
@@ -234,12 +223,12 @@ class PlatalModule extends PLModule
S::logger()->log('passwd');
Platal::session()->setAccessCookie(true);
- $page->changeTpl('platal/motdepasse.success.tpl');
+ $page->changeTpl('platal/password.success.tpl');
$page->run();
}
- $page->changeTpl('platal/motdepasse.tpl');
- $page->addJsLink('motdepasse.js');
+ $page->changeTpl('platal/password.tpl');
+ $page->addJsLink('password.js');
$page->setTitle('Mon mot de passe');
}
@@ -324,7 +313,7 @@ class PlatalModule extends PLModule
$page->assign('ok', true);
$url = rand_url_id();
- XDB::execute('INSERT INTO perte_pass (certificat,uid,created)
+ XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
VALUES ({?},{?},NOW())', $url, $user->id());
$res = XDB::query('SELECT email
FROM emails
@@ -333,15 +322,15 @@ class PlatalModule extends PLModule
if ($res->numRows()) {
$mails = $res->fetchOneCell();
} else {
- $res = XDB::query('SELECT email
+ $res = XDB::query("SELECT email
FROM emails
- WHERE uid = {?} AND NOT FIND_IN_SET("filter", flags)', $user->id());
+ WHERE uid = {?} AND NOT FIND_IN_SET('filter', flags)", $user->id());
$mails = implode(', ', $res->fetchColumn());
}
$mymail = new PlMailer();
$mymail->setFrom('"Gestion des mots de passe" mail->domain . '>');
$mymail->addTo($mails);
- $mymail->setSubject('Ton certificat d\'authentification');
+ $mymail->setSubject("Ton certificat d'authentification");
$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :
{$globals->baseurl}/tmpPWD/$url
@@ -349,7 +338,7 @@ Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la
--
Polytechnique.org
-\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"
+\"Le portail des élèves & anciens élèves de l'Ãcole polytechnique\"
Email envoyé à ".Env::v('login') . (Post::has('email') ? "
Adresse de secours : " . Post::v('email') : ""));
@@ -363,11 +352,11 @@ Adresse de secours : " . Post::v('email') : ""));
{
global $globals;
// XXX: recovery requires data from the profile
- XDB::execute('DELETE FROM perte_pass
+ XDB::execute('DELETE FROM account_lost_passwords
WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
$res = XDB::query('SELECT uid
- FROM perte_pass WHERE certificat={?}', $certif);
+ FROM account_lost_passwords WHERE certificat={?}', $certif);
$ligne = $res->fetchOneAssoc();
if (!$ligne) {
$page->changeTpl('platal/index.tpl');
@@ -375,13 +364,13 @@ Adresse de secours : " . Post::v('email') : ""));
}
$uid = $ligne["uid"];
- if (Post::has('response2')) {
- $password = Post::v('response2');
+ if (Post::has('pwhash') && Post::t('pwhash')) {
+ $password = Post::t('pwhash');
XDB::query('UPDATE accounts
SET password={?}
WHERE uid = {?} AND state = \'active\'',
$password, $uid);
- XDB::query('DELETE FROM perte_pass
+ XDB::query('DELETE FROM account_lost_passwords
WHERE certificat={?}', $certif);
// If GoogleApps is enabled, and the user did choose to use synchronized passwords,
@@ -397,8 +386,8 @@ Adresse de secours : " . Post::v('email') : ""));
S::logger($uid)->log("passwd", "");
$page->changeTpl('platal/tmpPWD.success.tpl');
} else {
- $page->changeTpl('platal/motdepasse.tpl');
- $page->addJsLink('motdepasse.js');
+ $page->changeTpl('platal/password.tpl');
+ $page->addJsLink('password.js');
}
}
@@ -434,9 +423,15 @@ Adresse de secours : " . Post::v('email') : ""));
function handler_exit(&$page, $level = null)
{
if (S::suid()) {
- S::logger()->log('suid_stop', S::user()->login() . " by " . S::suid('hruid'));
+ $old = S::user()->login();
+ S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
Platal::session()->stopSUID();
- pl_redirect('admin/user/' . S::user()->login());
+ $target = S::s('suid_startpage');
+ S::kill('suid_startpage');
+ if (!empty($target)) {
+ http_redirect($target);
+ }
+ pl_redirect('admin/user/' . $old);
}
if ($level == 'forget' || $level == 'forgetall') {
@@ -459,7 +454,7 @@ Adresse de secours : " . Post::v('email') : ""));
}
}
- function handler_review(&$page, $action = null, $mode = null)
+ function handler_review(&$page, $action = null, $mode = null)
{
// Include X-XRDS-Location response-header for Yadis discovery
global $globals;