projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix login on X.net with only 'groups' perm.
[platal.git] / modules / xnet.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2014 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class XnetModule extends PLModule
23 {
24 function handlers()
25 {
26 return array(
27 'index' => $this->make_hook('index', AUTH_PUBLIC),
28 'exit' => $this->make_hook('exit', AUTH_PUBLIC),
29
30 'login' => $this->make_hook('login', AUTH_COOKIE, 'groups'),
31 'admin' => $this->make_hook('admin', AUTH_PASSWD, 'admin'),
32 'groups' => $this->make_hook('groups', AUTH_PUBLIC),
33 'groupes.php' => $this->make_hook('groups2', AUTH_PUBLIC),
34 'plan' => $this->make_hook('plan', AUTH_PUBLIC),
35 // Should be removed in a future release as links will have expired anyway.
36 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
37 'photo' => $this->make_hook('photo', AUTH_PASSWD, 'groups'),
38 'autologin' => $this->make_hook('autologin', AUTH_PASSWD, 'groups'),
39 'edit' => $this->make_hook('edit', AUTH_PASSWD, 'groups'),
40 'Xnet' => $this->make_wiki_hook(),
41 );
42 }
43
44 function handler_login()
45 {
46 // We require different credentials for '/login/' ("groups" instead of "user").
47 // We have to redirect the call to the actual CoreModule->handler_login.
48 $args = func_get_args();
49 return call_user_func_array(array("CoreModule", "handler_login"), $args);
50 }
51
52 function handler_photo($page, $x = null)
53 {
54 if (!$x || !($profile = Profile::get($x))) {
55 return PL_NOT_FOUND;
56 }
57
58 // Retrieve the photo and its mime type.
59 $photo = $profile->getPhoto(true, true);
60
61 // Display the photo, or a default one when not available.
62 $photo->send();
63 }
64
65 function handler_index($page)
66 {
67 $page->nomenu = true;
68 $page->changeTpl('xnet/index.tpl');
69 }
70
71 function handler_exit($page)
72 {
73 Platal::session()->stopSUID();
74 Platal::session()->destroy();
75 $page->changeTpl('xnet/deconnexion.tpl');
76 }
77
78 function handler_admin($page)
79 {
80 $page->changeTpl('xnet/admin.tpl');
81
82 if (Get::has('del')) {
83 $res = XDB::query('SELECT id, nom, mail_domain
84 FROM groups WHERE diminutif={?}',
85 Get::v('del'));
86 list($id, $nom, $domain) = $res->fetchOneRow();
87 $page->assign('nom', $nom);
88 if ($id && Post::has('del')) {
89 S::assert_xsrf_token();
90
91 XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
92 $page->trigSuccess('membres supprimés');
93
94 if ($domain) {
95 XDB::execute('DELETE v
96 FROM email_virtual AS v
97 INNER JOIN email_virtual_domains AS d ON (v.domain = d.id)
98 WHERE d.name = {?}',
99 $domain);
100 XDB::execute('DELETE FROM email_virtual_domains
101 WHERE name = {?}', $domain);
102 $page->trigSuccess('suppression des alias mails');
103
104 $mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
105 if ($listes = $mmlist->get_lists()) {
106 foreach ($listes as $l) {
107 $mmlist->delete_list($l['list'], true);
108 }
109 $page->trigSuccess('mail lists surpprimées');
110 }
111 }
112
113 XDB::query('DELETE FROM groups WHERE id={?}', $id);
114 $page->trigSuccess("Groupe $nom supprimé");
115 Get::kill('del');
116 }
117 if (!$id) {
118 Get::kill('del');
119 }
120 }
121
122 if (Post::has('diminutif') && Post::v('diminutif') != "") {
123 S::assert_xsrf_token();
124
125 $res = XDB::query('SELECT COUNT(*)
126 FROM groups
127 WHERE diminutif = {?}',
128 Post::v('diminutif'));
129
130 if ($res->fetchOneCell() == 0) {
131 XDB::execute('INSERT INTO groups (id, diminutif)
132 VALUES (NULL, {?})',
133 Post::v('diminutif'));
134 pl_redirect(Post::v('diminutif') . '/edit');
135 } else {
136 $page->trigError('Le diminutif demandé est déjà pris.');
137 }
138 }
139
140 $res = XDB::query('SELECT nom, diminutif
141 FROM groups
142 ORDER BY nom');
143 $page->assign('assos', $res->fetchAllAssoc());
144 }
145
146 function handler_plan($page)
147 {
148 $page->changeTpl('xnet/plan.tpl');
149
150 $page->setType('plan');
151
152 $res = XDB::iterator(
153 'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
154 FROM group_dom AS dom
155 INNER JOIN groups ON dom.id = groups.dom
156 WHERE FIND_IN_SET("GroupesX", dom.cat) AND FIND_IN_SET("GroupesX", groups.cat)
157 ORDER BY dom.nom, groups.nom');
158 $groupesx = array();
159 while ($tmp = $res->next()) { $groupesx[$tmp['id']][] = $tmp; }
160 $page->assign('groupesx', $groupesx);
161
162 $res = XDB::iterator(
163 'SELECT dom.id, dom.nom as domnom, groups.diminutif, groups.nom
164 FROM group_dom AS dom
165 INNER JOIN groups ON dom.id = groups.dom
166 WHERE FIND_IN_SET("Binets", dom.cat) AND FIND_IN_SET("Binets", groups.cat)
167 ORDER BY dom.nom, groups.nom');
168 $binets = array();
169 while ($tmp = $res->next()) { $binets[$tmp['id']][] = $tmp; }
170 $page->assign('binets', $binets);
171
172 $res = XDB::iterator(
173 'SELECT diminutif, nom
174 FROM groups
175 WHERE cat LIKE "%Promotions%"
176 ORDER BY diminutif');
177 $page->assign('promos', $res);
178
179 $res = XDB::iterator(
180 'SELECT diminutif, nom
181 FROM groups
182 WHERE FIND_IN_SET("Institutions", cat)
183 ORDER BY diminutif');
184 $page->assign('inst', $res);
185 }
186
187 function handler_groups2($page)
188 {
189 $this->handler_groups($page, Get::v('cat'), Get::v('dom'));
190 }
191
192 function handler_groups($page, $cat = null, $dom = null)
193 {
194 if (!$cat) {
195 $this->handler_index($page);
196 }
197
198 $cat = mb_strtolower($cat);
199
200 $page->changeTpl('xnet/groupes.tpl');
201 $page->assign('cat', $cat);
202 $page->assign('dom', $dom);
203
204 $res = XDB::query("SELECT id,nom
205 FROM group_dom
206 WHERE FIND_IN_SET({?}, cat)
207 ORDER BY nom", $cat);
208 $doms = $res->fetchAllAssoc();
209 $page->assign('doms', $doms);
210
211 if (empty($doms)) {
212 $res = XDB::query("SELECT diminutif, nom, site
213 FROM groups
214 WHERE FIND_IN_SET({?}, cat)
215 ORDER BY nom", $cat);
216 $page->assign('gps', $res->fetchAllAssoc());
217 } elseif (!is_null($dom)) {
218 $res = XDB::query("SELECT diminutif, nom, site
219 FROM groups
220 WHERE FIND_IN_SET({?}, cat) AND dom={?}
221 ORDER BY nom", $cat, $dom);
222 $page->assign('gps', $res->fetchAllAssoc());
223 }
224
225 $page->setType($cat);
226 }
227
228 function handler_autologin($page)
229 {
230 $allkeys = func_get_args();
231 unset($allkeys[0]);
232 $url = join('/',$allkeys);
233 pl_content_headers("text/javascript");
234 echo '$.ajax({ url: "'.$url.'?forceXml=1", dataType: "xml", success: function(xml) { $("body",xml).insertBefore("body"); $("body:eq(1)").remove(); }});';
235 exit;
236 }
237
238 function handler_edit($page)
239 {
240 global $globals;
241
242 $user = S::user();
243 if (empty($user)) {
244 return PL_NOT_FOUND;
245 }
246 if ($user->type != 'xnet') {
247 pl_redirect('index');
248 }
249
250 $page->changeTpl('xnet/edit.tpl');
251 if (Post::has('change')) {
252 S::assert_xsrf_token();
253
254 // Convert user status to X
255 if (!Post::blank('login_X')) {
256 $forlife = $this->changeLogin($page, $user, Post::t('login_X'));
257 if ($forlife) {
258 pl_redirect('index');
259 }
260 }
261
262 require_once 'emails.inc.php';
263 require_once 'name.func.inc.php';
264
265 // Update user info
266 $lastname = capitalize_name(Post::t('lastname'));
267 $firstname = capitalize_name(Post::t('firstname'));
268 $full_name = build_full_name($firstname, $lastname);
269 $directory_name = build_directory_name($firstname, $lastname);
270 $sort_name = build_sort_name($firstname, $lastname);
271 XDB::query('UPDATE accounts
272 SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
273 firstname = {?}, lastname = {?}, sex = {?}
274 WHERE uid = {?}',
275 $full_name, $directory_name, $sort_name, Post::t('display_name'),
276 Post::t('firstname'), Post::t('lastname'),
277 (Post::t('sex') == 'male') ? 'male' : 'female', $user->id());
278
279 // Updates email.
280 $new_email = strtolower(Post::t('email'));
281 if (require_email_update($user, $new_email)) {
282 XDB::query('UPDATE accounts
283 SET email = {?}
284 WHERE uid = {?}',
285 $new_email, $user->id());
286 $listClient = new MMList(S::user());
287 $listClient->change_user_email($user->forlifeEmail(), $new_email);
288 update_alias_user($user->forlifeEmail(), $new_email);
289 }
290 $user = User::getWithUID($user->id());
291 S::set('user', $user);
292 $page->trigSuccess('Données mises à jour.');
293 }
294
295 $page->addJsLink('password.js');
296 $page->assign('user', $user);
297 }
298
299 function handler_register_ext($page, $hash = null)
300 {
301 http_redirect(Platal::globals()->xnet->xorg_baseurl . 'register/ext/' . $hash);
302 }
303 }
304
305 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker fenc=utf-8:
306 ?>
plat/al