From 3d17e48f42eaf218c25920cb5c3829c6aa3986ce Mon Sep 17 00:00:00 2001 From: Florent Bruneau Date: Wed, 3 Sep 2008 23:17:24 +0200 Subject: [PATCH] Opt-in for email rewriting. Signed-off-by: Florent Bruneau --- configs/mails.conf | 3 ++ include/emails.inc.php | 34 +++++++++++++++-- modules/email.php | 72 ++++++++++++++++++++++++++++++++++++ templates/emails/redirect.tpl | 18 ++++++++- templates/emails/rewrite-in.mail.tpl | 48 ++++++++++++++++++++++++ templates/emails/rewrite.tpl | 27 ++++++++++++++ upgrade/0.9.18/02_emails.sql | 8 ++++ 7 files changed, 205 insertions(+), 5 deletions(-) create mode 100644 templates/emails/rewrite-in.mail.tpl create mode 100644 templates/emails/rewrite.tpl create mode 100644 upgrade/0.9.18/02_emails.sql diff --git a/configs/mails.conf b/configs/mails.conf index 428ccb8..29bdd72 100644 --- a/configs/mails.conf +++ b/configs/mails.conf @@ -45,6 +45,9 @@ from="Gestion des paiements" [test_email] from="Polytechnique.org" +[rewrite_email] +from="Polytechnique.org" + [carnet] from="Carnet Polytechnicien " diff --git a/include/emails.inc.php b/include/emails.inc.php index 792d099..12c4059 100644 --- a/include/emails.inc.php +++ b/include/emails.inc.php @@ -140,6 +140,8 @@ abstract class Email public $broken; public $disabled; public $rewrite; + public $allow_rewrite; + public $hash; // Redirection bounces stats. public $panne; @@ -179,7 +181,7 @@ class EmailRedirection extends Email $this->uid = $uid; $this->sufficient = true; - list($this->email, $flags, $this->rewrite, $this->panne, $this->last, $this->panne_level) = $row; + list($this->email, $flags, $this->rewrite, $this->allow_rewrite, $this->hash, $this->panne, $this->last, $this->panne_level) = $row; $this->display_email = $this->email; $this->active = ($flags == 'active'); $this->broken = ($flags == 'panne'); @@ -225,6 +227,32 @@ class EmailRedirection extends Email } XDB::execute('UPDATE emails SET rewrite={?} WHERE uid={?} AND email={?}', $rewrite, $this->uid, $this->email); $this->rewrite = $rewrite; + if (!$this->allow_rewrite) { + global $globals; + if (empty($this->hash)) { + $this->hash = rand_url_id(); + XDB::execute("UPDATE emails + SET hash = {?} + WHERE uid = {?} AND email = {?}", $this->hash, $this->uid, $this->email); + } + $res = XDB::query("SELECT IF(u.nom_usage = '', u.nom, u.nom_usage) AS nom, u.prenom, FIND_IN_SET('femme', u.flags) AS sex, + q.core_mail_fmt, a.alias AS forlife, a2.alias AS bestalias + FROM auth_user_md5 AS u + INNER JOIN auth_user_quick AS q ON (u.user_id = q.user_id) + INNER JOIN aliases AS a ON (a.id = u.user_id AND a.type = 'a_vie') + INNER JOIN aliases AS a2 ON (a2.id = u.user_id AND FIND_IN_SET('bestalias', a2.flags)) + WHERE u.user_id = {?}", $this->uid); + list($nom, $prenom, $sexe, $fmt, $forlife, $bestalias) = $res->fetchOneRow(); + $mail = new PlMailer('emails/rewrite-in.mail.tpl'); + $mail->assign('mail', $this); + $mail->assign('nom', $nom); + $mail->assign('prenom', $prenom); + $mail->assign('sexe', $sexe); + $mail->assign('forlife', $forlife); + $mail->assign('baseurl', $globals->baseurl); + $mail->assign('to', $bestalias . '@' . $globals->mail->domain); + $mail->send($fmt == 'html'); + } return; } @@ -386,7 +414,7 @@ class Redirect $this->bogo = new Bogo($_uid); // Adds third-party email redirections. - $res = XDB::iterRow("SELECT email, flags, rewrite, panne, last, panne_level + $res = XDB::iterRow("SELECT email, flags, rewrite, allow_rewrite, hash, panne, last, panne_level FROM emails WHERE uid = {?} AND flags != 'filter'", $_uid); $this->emails = Array(); @@ -450,7 +478,7 @@ class Redirect return SUCCESS; } } - $this->emails[] = new EmailRedirection($this->uid, array($email, 'active', '', '0000-00-00', '0000-00-00', 0)); + $this->emails[] = new EmailRedirection($this->uid, array($email, 'active', '', false, null, '0000-00-00', '0000-00-00', 0)); // security stuff check_email($email, "Ajout d'une adresse surveillée aux redirections de " . $this->uid); diff --git a/modules/email.php b/modules/email.php index f499509..3776043 100644 --- a/modules/email.php +++ b/modules/email.php @@ -33,6 +33,9 @@ class EmailModule extends PLModule 'emails/antispam/submit' => $this->make_hook('submit', AUTH_COOKIE), 'emails/test' => $this->make_hook('test', AUTH_COOKIE, 'user', NO_AUTH), + 'emails/rewrite/in' => $this->make_hook('rewrite_in', AUTH_PUBLIC), + 'emails/rewrite/out' => $this->make_hook('rewrite_out', AUTH_PUBLIC), + 'emails/imap/in' => $this->make_hook('imap_in', AUTH_PUBLIC), 'admin/emails/duplicated' => $this->make_hook('duplicated', AUTH_MDP, 'admin'), @@ -466,6 +469,75 @@ class EmailModule extends PLModule exit; } + function handler_rewrite_in(&$page, $mail, $hash) + { + $page->changeTpl('emails/rewrite.tpl'); + $page->assign('option', 'in'); + if (empty($mail) || empty($hash)) { + return PL_NOT_FOUND; + } + $pos = strrpos($mail, '_'); + if ($pos === false) { + return PL_NOT_FOUND; + } + $mail{$pos} = '@'; + $res = XDB::query("SELECT COUNT(*) + FROM emails + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $count = intval($res->fetchOneCell()); + if ($count > 0) { + XDB::query("UPDATE emails + SET allow_rewrite = true, hash = NULL + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $page->trigSuccess("Réécriture activée pour l'adresse " . $mail); + return; + } + return PL_NOT_FOUND; + } + + function handler_rewrite_out(&$page, $mail, $hash) + { + $page->changeTpl('emails/rewrite.tpl'); + $page->assign('option', 'out'); + if (empty($mail) || empty($hash)) { + return PL_NOT_FOUND; + } + $pos = strrpos($mail, '_'); + if ($pos === false) { + return PL_NOT_FOUND; + } + $mail{$pos} = '@'; + $res = XDB::query("SELECT COUNT(*) + FROM emails + WHERE email = {?} AND hash = {?}", + $mail, $hash); + $count = intval($res->fetchOneCell()); + if ($count > 0) { + global $globals; + $res = XDB::query("SELECT e.email, e.rewrite, a.alias + FROM emails AS e + INNER JOIN aliases AS a ON (a.id = e.uid AND a.type = 'a_vie') + WHERE e.email = {?} AND e.hash = {?}", + $mail, $hash); + XDB::query("UPDATE emails + SET allow_rewrite = false, hash = NULL + WHERE email = {?} AND hash = {?}", + $mail, $hash); + list($mail, $rewrite, $forlife) = $res->fetchOneRow(); + $mail = new PlMailer(); + $mail->setFrom("webmaster@" . $globals->mail->domain); + $mail->addTo("support@" . $globals->mail->domain); + $mail->setSubject("Tentative de détournement de correspondance via le rewrite"); + $mail->setTxtBody("$forlife a tenté un rewrite de $mail vers $rewrite. Cette demande a été rejetée via le web"); + $mail->send(); + $page->trigWarning("Un mail d'alerte a été envoyé à l'équipe de " . $globals->core->sitename); + return; + } + return PL_NOT_FOUND; + } + function handler_imap_in(&$page, $hash = null, $login = null) { $page->changeTpl('emails/imap_register.tpl'); diff --git a/templates/emails/redirect.tpl b/templates/emails/redirect.tpl index 8c7d3aa..68fe928 100644 --- a/templates/emails/redirect.tpl +++ b/templates/emails/redirect.tpl @@ -122,6 +122,19 @@ Ajax.update_html(null, 'emails/redirect/' + (checked ? '' : 'in') + 'active/' + email, redirectUpdate); } + function rewriteUpdate(mail, allow, box) + { + return function() { + if (!allow) { + if (box.value != '') { + alert("Un mail de validation vient d'être envoyer sur " + mail + + ". La réécriture ne sera active que lorsque tu auras cliqué sur le lien indiqué dans ce mail."); + } + } + redirectUpdate(); + }; + } + {/literal} //]]> {test_email} @@ -149,9 +162,9 @@ {if $e->active}checked="checked"{/if} {if $smarty.foreach.redirect.total eq 1}disabled="disabled"{/if} onchange="updateRedirect(this.checked, '{$e->email}')" /> - + {if $e->has_rewrite()} - {assign var=dom1 value=#globals.mail.domain#} {assign var=dom2 value=#globals.mail.domain2#} @@ -162,6 +175,7 @@ value='{$a.alias}@{#globals.mail.domain2#}'>{$a.alias}@{#globals.mail.domain2#} {/foreach} + {if $e->rewrite neq '' && !$e->allow_rewrite}{icon name="error" title="en attente de validation"}{/if} {else} pas de réécriture {/if} diff --git a/templates/emails/rewrite-in.mail.tpl b/templates/emails/rewrite-in.mail.tpl new file mode 100644 index 0000000..f27d947 --- /dev/null +++ b/templates/emails/rewrite-in.mail.tpl @@ -0,0 +1,48 @@ +{**************************************************************************} +{* *} +{* Copyright (C) 2003-2008 Polytechnique.org *} +{* http://opensource.polytechnique.org/ *} +{* *} +{* This program is free software; you can redistribute it and/or modify *} +{* it under the terms of the GNU General Public License as published by *} +{* the Free Software Foundation; either version 2 of the License, or *} +{* (at your option) any later version. *} +{* *} +{* This program is distributed in the hope that it will be useful, *} +{* but WITHOUT ANY WARRANTY; without even the implied warranty of *} +{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *} +{* GNU General Public License for more details. *} +{* *} +{* You should have received a copy of the GNU General Public License *} +{* along with this program; if not, write to the Free Software *} +{* Foundation, Inc., *} +{* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *} +{* *} +{**************************************************************************} + +{config_load file="mails.conf" section="rewrite_email"} +{if $mail_part eq 'head'} +{from full=#from#} +{to addr=$to} +{subject text="Validation de la demande de réécriture pour l'adresse `$mail->email`"} +{elseif $mail_part eq 'wiki'} +{if $sexe}Chère{else}Cher{/if} {$prenom}, + +Tu reçois cet email car une demande de réécriture vient d'être effectuée sur {#globals.core.sitename#} pour que les mails +l'adresse {$mail->email} soit automatiquement réécrite en {$mail->rewrite}. + +Si tu es à l'origine de cette demande, clique sur le lien suivant pour activer la réécriture : +* {$baseurl}/emails/rewrite/in/{$mail->email|replace:'@':'_'}/{$mail->hash} + +Si tu n'est pas à l'origine de cette demande, il peut s'agir d'une tentative de détournement de ta correspondance par un +camarade mal intentionné. Dans ce cas, clique sur le lien suivant pour avertir l'équipe de {#globals.core.sitename#} : +* {$baseurl}/emails/rewrite/out/{$mail->email|replace:'@':'_'}/{$mail->hash} + +Merci encore de la confiance que tu portes à nos services. + +-- \\ +Très Cordialement,\\ +L'Équipe de Polytechnique.org +{/if} + +{* vim:set et sw=2 sts=2 sws=2: *} diff --git a/templates/emails/rewrite.tpl b/templates/emails/rewrite.tpl new file mode 100644 index 0000000..aefdb25 --- /dev/null +++ b/templates/emails/rewrite.tpl @@ -0,0 +1,27 @@ +{**************************************************************************} +{* *} +{* Copyright (C) 2003-2008 Polytechnique.org *} +{* http://opensource.polytechnique.org/ *} +{* *} +{* This program is free software; you can redistribute it and/or modify *} +{* it under the terms of the GNU General Public License as published by *} +{* the Free Software Foundation; either version 2 of the License, or *} +{* (at your option) any later version. *} +{* *} +{* This program is distributed in the hope that it will be useful, *} +{* but WITHOUT ANY WARRANTY; without even the implied warranty of *} +{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *} +{* GNU General Public License for more details. *} +{* *} +{* You should have received a copy of the GNU General Public License *} +{* along with this program; if not, write to the Free Software *} +{* Foundation, Inc., *} +{* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *} +{* *} +{**************************************************************************} + +{if $option eq 'in'} +{else} +{/if} + +{* vim:set et sw=2 sts=2 sws=2 enc=utf-8: *} diff --git a/upgrade/0.9.18/02_emails.sql b/upgrade/0.9.18/02_emails.sql new file mode 100644 index 0000000..e0d5cc7 --- /dev/null +++ b/upgrade/0.9.18/02_emails.sql @@ -0,0 +1,8 @@ +# Rewrite protection + +alter table emails add column hash varchar(32) default NULL; +alter table emails add column allow_rewrite boolean default false; +update emails set allow_rewrite = true where rewrite != '' and flags != 'filter'; + + +# vim:set syntax=mysql: -- 2.1.4