X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fplatal.php;h=f57f2705f004b7591536103fd909e54e7eced914;hb=c1a0ab3022938ae15d5ba3af8fdf01e7f991b1fb;hp=940f13bc4f3123d0c4bef535d059da26abcfe4d2;hpb=26ba053e75092d038f571b77eaf3005509da0648;p=platal.git diff --git a/modules/platal.php b/modules/platal.php index 940f13b..f57f270 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -21,7 +21,7 @@ function bugize($list) { - $list = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY); + $list = preg_split('/,/', $list, -1, PREG_SPLIT_NO_EMPTY); $ans = array(); foreach ($list as $bug) { @@ -43,15 +43,15 @@ class PlatalModule extends PLModule 'changelog' => $this->make_hook('changelog', AUTH_PUBLIC), // Preferences thingies - 'prefs' => $this->make_hook('prefs', AUTH_COOKIE), - 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE), - 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), - 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE), + 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user'), + 'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'), + 'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'), + 'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'), // password related thingies - 'password' => $this->make_hook('password', AUTH_MDP), + 'password' => $this->make_hook('password', AUTH_MDP, 'user'), 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), - 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), + 'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'), 'recovery' => $this->make_hook('recovery', AUTH_PUBLIC), 'exit' => $this->make_hook('exit', AUTH_PUBLIC), 'review' => $this->make_hook('review', AUTH_PUBLIC), @@ -178,11 +178,11 @@ class PlatalModule extends PLModule # FIXME: this code is not multi-domain compatible. We should decide how # carva will extend to users not in the main domain. - $res = XDB::query("SELECT alias - FROM aliases - WHERE uid = {?} AND FIND_IN_SET('bestalias', flags)", - S::user()->id()); - $page->assign('bestalias', $res->fetchOneCell()); + $best = XDB::fetchOneCell('SELECT email + FROM email_source_account + WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)', + S::user()->id()); + $page->assign('bestalias', $best); } function handler_prefs_rss($page) @@ -228,8 +228,8 @@ class PlatalModule extends PLModule } $page->changeTpl('platal/password.tpl'); - $page->addJsLink('password.js'); $page->setTitle('Mon mot de passe'); + $page->assign('do_auth', 0); } function handler_smtppass($page) @@ -276,7 +276,7 @@ class PlatalModule extends PLModule return; } - if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::v('birth'))) { + if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) { $page->trigError('Date de naissance incorrecte ou incohérente'); return; } @@ -301,35 +301,35 @@ class PlatalModule extends PLModule return; } - $res = XDB::query("SELECT COUNT(*) - FROM emails - WHERE uid = {?} AND flags != 'panne' AND flags != 'filter'", $user->id()); - $count = intval($res->fetchOneCell()); - if ($count == 0) { + if ($user->lost) { $page->assign('no_addr', true); return; } $page->assign('ok', true); - $url = rand_url_id(); + $url = rand_url_id(); XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created) VALUES ({?},{?},NOW())', $url, $user->id()); - $res = XDB::query('SELECT email - FROM emails - WHERE uid = {?} AND email = {?}', - $user->id(), Post::v('email')); - if ($res->numRows()) { - $mails = $res->fetchOneCell(); - } else { - $res = XDB::query("SELECT email - FROM emails - WHERE uid = {?} AND NOT FIND_IN_SET('filter', flags)", $user->id()); - $mails = implode(', ', $res->fetchColumn()); + $to = XDB::fetchOneCell('SELECT redirect + FROM email_redirect_account + WHERE uid = {?} AND redirect = {?}', + $user->id(), Post::t('email')); + if (is_null($to)) { + $emails = XDB::fetchColumn('SELECT redirect + FROM email_redirect_account + WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'', + $user->id()); + $inactives_to = implode(', ', $emails); } $mymail = new PlMailer(); $mymail->setFrom('"Gestion des mots de passe" mail->domain . '>'); - $mymail->addTo($mails); + if (is_null($to)) { + $mymail->addTo($user); + $mymail->addTo($inactives_to); + } else { + $mymail->addTo($to); + } $mymail->setSubject("Ton certificat d'authentification"); $mymail->setTxtBody("Visite la page suivante qui expire dans six heures : {$globals->baseurl}/tmpPWD/$url @@ -340,12 +340,11 @@ Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la Polytechnique.org \"Le portail des élèves & anciens élèves de l'École polytechnique\" -Email envoyé à ".Env::v('login') . (Post::has('email') ? " -Adresse de secours : " . Post::v('email') : "")); +Email envoyé à ".Env::v('login') . (is_null($to) ? '' : ' +Adresse de secours : ' . $to)); $mymail->send(); - // on cree un objet logger et on log l'evenement - S::logger($user->id())->log('recovery', $mails); + S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to); } function handler_tmpPWD($page, $certif = null) @@ -384,10 +383,20 @@ Adresse de secours : " . Post::v('email') : "")); } S::logger($uid)->log("passwd", ""); + + // Try to start a session (so the user don't have to log in); we will use + // the password available in Post:: to authenticate the user. + Platal::session()->start(AUTH_MDP); + $page->changeTpl('platal/tmpPWD.success.tpl'); } else { + $hruid = XDB::fetchOneCell('SELECT hruid + FROM accounts + WHERE uid = {?}', + $uid); $page->changeTpl('platal/password.tpl'); - $page->addJsLink('password.js'); + $page->assign('hruid', $hruid); + $page->assign('do_auth', 1); } }