From: x2000habouzit Date: Sun, 9 Jul 2006 00:12:45 +0000 (+0000) Subject: exit tmpPWD X-Git-Tag: xorg/0.9.11~495 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=6c49d0afde51e4fe1733bb82dbab1ec72e30b131;p=platal.git exit tmpPWD git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@401 839d8a87-29fc-0310-9880-83ba4fa771e5 --- diff --git a/htdocs/recovery.php b/htdocs/recovery.php index 3c7e1fc..8045fd2 100644 --- a/htdocs/recovery.php +++ b/htdocs/recovery.php @@ -54,7 +54,7 @@ if (Env::has('login') and Env::has('birth')) { $mymail->addTo($mails); $mymail->setSubject('Ton certificat d\'authentification'); $mymail->setTxtBody("Visite la page suivante qui expire dans six heures : -{$globals->baseurl}/tmpPWD.php?certificat=$url +{$globals->baseurl}/tmpPWD/$url Si en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. diff --git a/htdocs/tmpPWD.php b/htdocs/tmpPWD.php deleted file mode 100644 index aa1b62b..0000000 --- a/htdocs/tmpPWD.php +++ /dev/null @@ -1,49 +0,0 @@ -xdb->execute('DELETE FROM perte_pass WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); - -$certif = Env::get('certificat'); -$res = $globals->xdb->query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif); - -if ($ligne = $res->fetchOneAssoc()) { - $uid = $ligne["uid"]; - if (Post::has('response2')) { - $password = Post::get('response2'); - $logger = new DiogenesCoreLogger($uid); - $globals->xdb->query('UPDATE auth_user_md5 SET password={?} WHERE user_id={?} AND perms IN("admin","user")', $password, $uid); - $globals->xdb->query('DELETE FROM perte_pass WHERE certificat={?}', $certif); - $logger->log("passwd",""); - new_skinned_page('tmpPWD.success.tpl', AUTH_PUBLIC); - $page->run(); - } else { - new_skinned_page('motdepasse.tpl', AUTH_PUBLIC); - $page->addJsLink('javascript/motdepasse.js'); - $page->run(); - } -} else { - new_skinned_page('index.tpl', AUTH_PUBLIC); - $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); -} - -?> diff --git a/install.d/platal.files b/install.d/platal.files index 396cb9c..5a72241 100644 --- a/install.d/platal.files +++ b/install.d/platal.files @@ -250,14 +250,10 @@ htdocs/images/sk_default_headlogo.jpg htdocs/images/sk_default_lesX.gif htdocs/images/sk_default_snapshot.png htdocs/images/sk_default_titre.gif -htdocs/index.php htdocs/javascript/do_challenge_response.js htdocs/javascript/md5.js htdocs/javascript/xorg.js -htdocs/motdepasse.php -htdocs/preferences.php htdocs/recovery.php -htdocs/tmpPWD.php include/validations.inc.php include/xml-rpc-client.inc.php include/platal/database.inc.php diff --git a/modules/platal.php b/modules/platal.php index 640e1ca..488743d 100644 --- a/modules/platal.php +++ b/modules/platal.php @@ -26,6 +26,7 @@ class PlatalModule extends PLModule return array( 'preferences' => $this->make_hook('prefs', AUTH_COOKIE), 'password' => $this->make_hook('password', AUTH_MDP), + 'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC), 'skin' => $this->make_hook('skin', AUTH_COOKIE), ); } @@ -101,6 +102,38 @@ class PlatalModule extends PLModule return PL_OK; } + function handler_tmpPWD(&$page, $certif = null) + { + global $globals; + + $globals->xdb->execute('DELETE FROM perte_pass + WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created'); + + $res = $globals->xdb->query('SELECT uid FROM perte_pass WHERE certificat={?}', $certif); + $ligne = $res->fetchOneAssoc(); + if (!$ligne) { + $page->changeTpl('index.tpl'); + $page->kill("Cette adresse n'existe pas ou n'existe plus sur le serveur."); + } + + $uid = $ligne["uid"]; + if (Post::has('response2')) { + $password = Post::get('response2'); + $logger = new DiogenesCoreLogger($uid); + $globals->xdb->query('UPDATE auth_user_md5 SET password={?} + WHERE user_id={?} AND perms IN("admin","user")', + $password, $uid); + $globals->xdb->query('DELETE FROM perte_pass WHERE certificat={?}', $certif); + $logger->log("passwd",""); + $page->changeTpl('tmpPWD.success.tpl'); + } else { + $page->changeTpl('motdepasse.tpl'); + $page->addJsLink('javascript/motdepasse.js'); + } + + return PL_OK; + } + function handler_skin(&$page) { global $globals;