X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=f2d4d96b684086cdc66448976829e7c977d71c6d;hb=a5878ac19cc6ea75a753470cf68b7d2180d6cd51;hp=0507494f2b7c8c2cb630e8bf807f8b0168912777;hpb=a7c29df3b9bf8f3c3b23fec0f1d2feb814cb61fe;p=platal.git

diff --git a/modules/platal.php b/modules/platal.php
index 0507494..f2d4d96 100644
--- a/modules/platal.php
+++ b/modules/platal.php
@@ -185,8 +185,11 @@ class PlatalModule extends PLModule
 
     function handler_password(&$page)
     {
+        global $globals;
+
         if (Post::has('response2'))  {
             require_once 'secure_hash.inc.php';
+            S::assert_xsrf_token();
 
             $_SESSION['password'] = $password = Post::v('response2');
 
@@ -195,6 +198,16 @@ class PlatalModule extends PLModule
                            WHERE  user_id={?}', $password,
                            S::v('uid'));
 
+            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
+            // updates the Google Apps password as well.
+            if ($globals->mailstorage->googleapps_domain) {
+                require_once 'googleapps.inc.php';
+                $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife'));
+                if ($account->active() && $account->sync_password) {
+                    $account->set_password($password);
+                }
+            }
+
             $log =& S::v('log');
             $log->log('passwd', '');
 
@@ -331,6 +344,7 @@ Adresse de secours : " . Post::v('email') : ""));
 
     function handler_tmpPWD(&$page, $certif = null)
     {
+        global $globals;
         XDB::execute('DELETE FROM perte_pass
                                       WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
 
@@ -344,11 +358,22 @@ Adresse de secours : " . Post::v('email') : ""));
         $uid = $ligne["uid"];
         if (Post::has('response2')) {
             $password = Post::v('response2');
-            $logger   = new CoreLogger($uid);
             XDB::query('UPDATE  auth_user_md5 SET password={?}
                                    WHERE  user_id={?} AND perms IN("admin","user")',
                                  $password, $uid);
             XDB::query('DELETE FROM perte_pass WHERE certificat={?}', $certif);
+
+            // If GoogleApps is enabled, and the user did choose to use synchronized passwords,
+            // updates the Google Apps password as well.
+            if ($globals->mailstorage->googleapps_domain) {
+                require_once 'googleapps.inc.php';
+                $account = new GoogleAppsAccount($uid);
+                if ($account->active() && $account->sync_password) {
+                    $account->set_password($password);
+                }
+            }
+
+            $logger = new CoreLogger($uid);
             $logger->log("passwd","");
             $page->changeTpl('platal/tmpPWD.success.tpl');
         } else {