$sub['documentation'] = 'Xnet';
if (S::user()->type == 'xnet') {
$sub['mon compte'] = 'edit';
- $sub['mon mot de passe'] = 'password';
+ $sub['mes préférences'] = $globals->xnet->xorg_baseurl . 'prefs';
}
$sub['signaler un bug'] = array('href' => 'send_bug/'.$_SERVER['REQUEST_URI'], 'class' => 'popup_840x600');
$menu["no_title"] = $sub;
}
}
- if (!S::logged() && Post::has('auth_type') && Post::v('auth_type') == 'xnet' && !Post::has('wait')) {
- $email = Post::v('username');
- $type = XDB::fetchOneCell('SELECT type
- FROM accounts
- WHERE email = {?}',
- $email);
- if ((!is_null($type) && $type != 'xnet') || !User::isForeignEmailAddress($email)) {
- Platal::page()->trigErrorRedirect('Ce formulaire d\'authentification est réservé aux extérieurs à la communauté polytechnicienne.', '');
- }
-
- $user = parent::doAuth(AUTH_MDP);
- if (is_null($user)) {
- return false;
- }
- if (!parent::checkAuth(AUTH_MDP) || !parent::startSessionAs($user, AUTH_MDP)) {
- $this->destroy();
- return false;
- }
- }
-
global $globals;
if (!S::logged() && $globals->xnet->auth_baseurl) {
// prevent connection to be linked to disconnection
protected function doAuth($level)
{
- if (S::identified()) { // ok, c'est bon, on n'a rien à faire
+ if (S::identified()) { // Nothing to do there
return User::getSilentWithValues(null, array('uid' => S::i('uid')));
}
if (!Get::has('auth')) {
if (!$user->checkPerms('groups')) {
return false;
}
- S::v('perms')->addFlag(PERMS_USER);
+
if ($level == AUTH_SUID) {
S::set('auth', AUTH_MDP);
}
S::set('perms', $user->perms);
S::set('is_admin', $user->is_admin);
-
- $this->makePerms($user->perms, $user->is_admin);
+ // Add the 'user' perms to the user.
+ $this->makePerms($user->perms . ',' . PERMS_USER, $user->is_admin);
S::kill('challenge');
S::kill('loginX');
S::kill('may_update');
if (!$this->startSUID($user)) {
return false;
}
- S::set('perms', User::makePerms(PERMS_USER));
+ S::set('perms', User::makePerms(PERMS_USER . ",groups"));
return true;
}
; Baseurl of the site used to perform authentication
auth_baseurl = ""
+; $globals->xnet->xorg_baseurl
+; Baseurl of the 'X.org' website
+xorg_baseurl = "https://www.polytechnique.org/"
+
; $globals->xnet->evts_domain
; Domain address where the aliases containing the list of (non-)subscribers
; of an event are created.
define('PL_PAGE_CLASS', 'XnetPage');
require_once dirname(dirname(__FILE__)) . '/core/include/platal.inc.php';
-require_once 'security.inc.php';
require_once 'common.inc.php';
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
'changelog' => $this->make_hook('changelog', AUTH_PUBLIC),
// Preferences thingies
- 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user'),
+ 'prefs' => $this->make_hook('prefs', AUTH_COOKIE, 'user,groups'),
'prefs/rss' => $this->make_hook('prefs_rss', AUTH_COOKIE, 'user'),
'prefs/webredirect' => $this->make_hook('webredir', AUTH_MDP, 'mail'),
'prefs/skin' => $this->make_hook('skin', AUTH_COOKIE, 'user'),
// password related thingies
- 'password' => $this->make_hook('password', AUTH_MDP, 'user'),
+ 'password' => $this->make_hook('password', AUTH_MDP, 'user,groups'),
'tmpPWD' => $this->make_hook('tmpPWD', AUTH_PUBLIC),
'password/smtp' => $this->make_hook('smtppass', AUTH_MDP, 'mail'),
'recovery' => $this->make_hook('recovery', AUTH_PUBLIC),
+ 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
+ 'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
'exit' => $this->make_hook('exit', AUTH_PUBLIC),
'review' => $this->make_hook('review', AUTH_PUBLIC),
'deconnexion.php' => $this->make_hook('exit', AUTH_PUBLIC),
S::logger($user->id())->log('recovery', is_null($to) ? $inactives_to . ', ' . $user->bestEmail() : $to);
}
+ function handler_recovery_ext($page)
+ {
+ $page->changeTpl('xnet/recovery.tpl');
+
+ if (!Post::has('login')) {
+ return;
+ }
+
+ $user = User::getSilent(Post::t('login'));
+ if (is_null($user)) {
+ $page->trigError('Le compte n\'existe pas.');
+ return;
+ }
+ if ($user->state != 'active') {
+ $page->trigError('Ton compte n\'est pas activé.');
+ return;
+ }
+
+ $page->assign('ok', true);
+
+ $hash = rand_url_id();
+ XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat)
+ VALUES ({?}, NOW(), {?})',
+ $user->id(), $hash);
+
+ $mymail = new PlMailer();
+ $mymail->setFrom('"Gestion des mots de passe" <support+password@' . Platal::globals()->mail->domain . '>');
+ $mymail->addTo($user);
+ $mymail->setSubject("Votre certificat d'authentification");
+ $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures :
+https://www.polytechnique.org/tmpPWD/$hash
+
+Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure.
+
+--
+Polytechnique.org
+\"Le portail des élèves & anciens élèves de l'École polytechnique\"
+
+Email envoyé à " . Post::t('login'));
+ $mymail->send();
+
+ S::logger($user->id())->log('recovery', $user->bestEmail());
+ }
+
function handler_tmpPWD($page, $certif = null)
{
global $globals;
- // XXX: recovery requires data from the profile
XDB::execute('DELETE FROM account_lost_passwords
WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > created');
}
}
+ function handler_register_ext($page, $hash = null)
+ {
+ XDB::execute('DELETE FROM register_pending_xnet
+ WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
+ $res = XDB::fetchOneAssoc('SELECT uid, hruid
+ FROM register_pending_xnet
+ WHERE hash = {?}',
+ $hash);
+
+ if (is_null($hash) || is_null($res)) {
+ $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
+ }
+
+ if (Post::has('pwhash') && Post::t('pwhash')) {
+ XDB::query('UPDATE accounts
+ SET password = {?}, state = \'active\', registration_date = NOW()
+ WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
+ Post::t('pwhash'), $res['uid']);
+ XDB::query('DELETE FROM register_pending_xnet
+ WHERE uid = {?}',
+ $res['uid']);
+
+ S::logger($res['uid'])->log('passwd', '');
+
+ // Try to start a session (so the user don't have to log in); we will use
+ // the password available in Post:: to authenticate the user.
+ Post::kill('wait');
+ Platal::session()->startAvailableAuth();
+
+ $page->changeTpl('xnet/register.success.tpl');
+ $page->assign('email', $res['email']);
+ } else {
+ $page->changeTpl('platal/password.tpl');
+ $page->assign('xnet', true);
+ $page->assign('hruid', $res['hruid']);
+ $page->assign('do_auth', 1);
+ }
+ }
+
function handler_skin($page)
{
global $globals;
'referent/country' => $this->make_hook('ref_country', AUTH_COOKIE, 'user', NO_AUTH),
'referent/autocomplete' => $this->make_hook('ref_autocomplete', AUTH_COOKIE, 'user', NO_AUTH),
- 'groupes-x' => $this->make_hook('xnet', AUTH_COOKIE, 'user'),
+ 'groupes-x' => $this->make_hook('xnet', AUTH_COOKIE, 'groups'),
'groupes-x/logo' => $this->make_hook('xnetlogo', AUTH_PUBLIC),
'vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS),
default:
return null;
}
+ if (!S::user()->checkPerms(PERMS_USER)) {
+ $where .= XDB::format(' AND mode = {?}', self::MODE_ALL);
+ }
$sql = 'SELECT id, title, end, mode
FROM surveys
WHERE '.$where.'
'plan' => $this->make_hook('plan', AUTH_PUBLIC),
'photo' => $this->make_hook('photo', AUTH_MDP, 'groups'),
'autologin' => $this->make_hook('autologin', AUTH_MDP, 'groups'),
- 'login/ext' => $this->make_hook('login_ext', AUTH_PUBLIC),
'register/ext' => $this->make_hook('register_ext', AUTH_PUBLIC),
- 'recovery/ext' => $this->make_hook('recovery_ext', AUTH_PUBLIC),
- 'tmpPWD/ext' => $this->make_hook('tmpPWD_ext', AUTH_PUBLIC),
'edit' => $this->make_hook('edit', AUTH_MDP, 'groups'),
- 'password' => $this->make_hook('password', AUTH_MDP, 'groups'),
-
'Xnet' => $this->make_wiki_hook(),
);
}
exit;
}
- function handler_login_ext($page)
- {
- if (!S::logged()) {
- $page->changeTpl('xnet/login.tpl');
- } else {
- pl_redirect('');
- }
- }
-
- function handler_register_ext($page, $hash = null)
- {
- XDB::execute('DELETE FROM register_pending_xnet
- WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
- $res = XDB::fetchOneAssoc('SELECT uid, hruid
- FROM register_pending_xnet
- WHERE hash = {?}',
- $hash);
-
- if (is_null($hash) || is_null($res)) {
- $page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
- }
-
- if (Post::has('pwhash') && Post::t('pwhash')) {
- XDB::query('UPDATE accounts
- SET password = {?}, state = \'active\', registration_date = NOW()
- WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'',
- Post::t('pwhash'), $res['uid']);
- XDB::query('DELETE FROM register_pending_xnet
- WHERE uid = {?}',
- $res['uid']);
-
- S::logger($res['uid'])->log('passwd', '');
-
- // Try to start a session (so the user don't have to log in); we will use
- // the password available in Post:: to authenticate the user.
- Post::kill('wait');
- Platal::session()->startAvailableAuth();
-
- $page->changeTpl('xnet/register.success.tpl');
- $page->assign('email', $res['email']);
- } else {
- $page->changeTpl('platal/password.tpl');
- $page->assign('xnet', true);
- $page->assign('hruid', $res['hruid']);
- $page->assign('do_auth', 1);
- }
- }
-
- function handler_recovery_ext($page)
- {
- $page->changeTpl('xnet/recovery.tpl');
-
- if (!Post::has('login')) {
- return;
- }
-
- $user = User::getSilent(Post::t('login'));
- if (is_null($user)) {
- $page->trigError('Le compte n\'existe pas.');
- return;
- }
- if ($user->state != 'active') {
- $page->trigError('Ton compte n\'est pas activé.');
- return;
- }
-
- $page->assign('ok', true);
-
- $hash = rand_url_id();
- XDB::execute('INSERT INTO account_xnet_lost_passwords (uid, date, hash)
- VALUES ({?}, NOW(), {?})',
- $user->id(), $hash);
-
- $mymail = new PlMailer();
- $mymail->setFrom('"Gestion des mots de passe" <support+password@' . Platal::globals()->mail->domain . '>');
- $mymail->addTo($user);
- $mymail->setSubject("Votre certificat d'authentification");
- $mymail->setTxtBody("Visitez la page suivante qui expire dans six heures :
-http://polytechnique.net/tmpPWD/ext/$hash
-
-Si en cliquant dessus vous n'y arrivez pas, copiez intégralement l'adresse dans la barre de votre navigateur. Si vous n'avez pas utilisé ce lien dans six heures, vous pouvez tout simplement recommencer cette procédure.
-
---
-Polytechnique.org
-\"Le portail des élèves & anciens élèves de l'École polytechnique\"
-
-Email envoyé à " . Post::t('login'));
- $mymail->send();
-
- S::logger($user->id())->log('recovery', $user->bestEmail());
- }
-
- function handler_tmpPWD_ext($page, $hash = null)
- {
- global $globals;
- XDB::execute('DELETE FROM account_xnet_lost_passwords
- WHERE DATE_SUB(NOW(), INTERVAL 380 MINUTE) > date');
-
- $uid = XDB::fetchOneCell('SELECT uid
- FROM account_xnet_lost_passwords
- WHERE hash = {?}',
- $hash);
- if (is_null($uid)) {
- $page->trigErrorRedirect("Cette adresse n'existe pas ou n'existe plus sur le serveur.", '');
- }
-
- $email = XDB::fetchOneCell('SELECT email
- FROM accounts
- WHERE uid = {?}',
- $uid);
-
- if (Post::has('pwhash') && Post::t('pwhash')) {
- $password = Post::t('pwhash');
- XDB::query('UPDATE accounts
- SET password = {?}
- WHERE uid = {?} AND state = \'active\'',
- $password, $uid);
- XDB::query('DELETE FROM account_xnet_lost_passwords
- WHERE hash = {?}',
- $hash);
-
- S::logger($uid)->log('passwd', '');
-
- // Try to start a session (so the user don't have to log in); we will use
- // the password available in Post:: to authenticate the user.
- Post::kill('wait');
- Platal::session()->startAvailableAuth();
-
- $page->changeTpl('xnet/register.success.tpl');
- $page->assign('email', $email);
- } else {
- $page->changeTpl('platal/password.tpl');
- $page->assign('xnet_reset', true);
- $page->assign('email', $email);
- $page->assign('do_auth', 1);
- }
- }
-
-
-
function handler_edit($page)
{
global $globals;
$page->assign('user', $user);
}
- function handler_password ($page)
- {
- if (Post::has('pwhash') && Post::t('pwhash')) {
- S::assert_xsrf_token();
-
- S::set('password', $password = Post::t('pwhash'));
- XDB::execute('UPDATE accounts
- SET password = {?}
- WHERE uid={?}', $password,
- S::i('uid'));
- S::logger()->log('passwd');
- Platal::session()->setAccessCookie(true);
- $page->changeTpl('platal/password.success.tpl');
- $page->run();
- }
-
- $page->changeTpl('platal/password.tpl');
- $page->assign('xnet_reset', true);
- $page->assign('do_auth', 0);
- }
}
// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
{else}
la page que vous avez demandée
{/if}
- (<strong>{if t($referer)}{$smarty.server.HTTP_REFERER}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}</strong>)
+ (<strong>{if t($referer)}{$smarty.server.HTTP_REFERER|truncate:120:"...":false}{else}{$globals->baseurl}/{$platal->pl_self()}{/if}</strong>)
nécessite une authentification.
</p>
{else}
</tr>
<tr>
<td colspan="2">
- <a href="recovery" style="float: left">Mot de passe perdu ?</a>
+ <span style="float: left">
+ Mot de passe perdu :
+ <a href="recovery">Étudiants et diplômés de l'X</a> |
+ <a href="recovery/ext">Extérieurs</a>
+ </span>
+
<input type="submit" name="submitbtn" value="Me connecter" style="float: right" />
</td>
</tr>
</tr>
<tr>
<td>
- <input type="hidden" name="username" value="{$email}" />
+ <input type="hidden" name="username" value="{$hruid}" />
<input type="hidden" name="password" value="" />
<input type="hidden" name="domain" value="email" />
</td>
<form action="prefs" method="post" id="form">
{xsrf_token_field}
<dl>
+ {if hasPerm('user')}
<dt>Apparence du site</dt>
<dd>
Tu peux changer l'apparence du site en choisissant une autre skin.<br />
<a href="prefs/skin">Changer de skin</a>
</dd>
+ {/if}
<dt>Format des emails envoyés par le site</dt>
<dd>
Lorsque le site t'envoie des emails (lettre mensuelle, carnet, ...) ceux-ci peuvent
{if $smarty.session.user->googleapps}
<div class="menu_item"><a href="http://gmail.polytechnique.org/">Emails Google Apps</a></div>
{/if}
+{if hasPerm('user')}
<div class="menu_item"><a href="lists">Listes de diffusion</a></div>
+{/if}
{if hasPerm('payment')}
<div class="menu_item"><a href="payment">Télépaiements</a></div>
{/if}
{assign var="has_cs" value="true"}
{/if}
{/iterate}
+ {if hasPerm('user')}
<tr class="impair">
<td colspan="3" style="text-align: right">
{if $smarty.session.auth}<a href="survey/edit/new">{icon name=page_edit} Proposer un sondage</a>{/if}
</td>
</tr>
+ {/if}
</table>
{/if}
+++ /dev/null
-{**************************************************************************}
-{* *}
-{* Copyright (C) 2003-2011 Polytechnique.org *}
-{* http://opensource.polytechnique.org/ *}
-{* *}
-{* This program is free software; you can redistribute it and/or modify *}
-{* it under the terms of the GNU General Public License as published by *}
-{* the Free Software Foundation; either version 2 of the License, or *}
-{* (at your option) any later version. *}
-{* *}
-{* This program is distributed in the hope that it will be useful, *}
-{* but WITHOUT ANY WARRANTY; without even the implied warranty of *}
-{* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *}
-{* GNU General Public License for more details. *}
-{* *}
-{* You should have received a copy of the GNU General Public License *}
-{* along with this program; if not, write to the Free Software *}
-{* Foundation, Inc., *}
-{* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *}
-{* *}
-{**************************************************************************}
-
-<h1>Identification</h1>
-
-<form action="{$smarty.server.REQUEST_URI}" method="post" id="login" onsubmit='doChallengeResponse(); return false;'>
- <table class="bicol">
- <tr>
- <td class="titre">Identifiant (adresse email) :</td>
- <td>
- <input type="text" name="username" />
- <input type="hidden" name="domain" value="email" />
- </td>
- </tr>
- <tr>
- <td class="titre">Mot de passe :</td>
- <td><input type="password" name="password" size="10" maxlength="256" /></td>
- </tr>
- <tr>
- <td {popup caption='Connexion permanente' width='300' text='Décocher cette case pour que le site oublie ce navigateur.<br />
- Il est conseillé de décocher la case si cette machine n\'est pas <b>strictement</b> personnelle'} colspan="2">
- <label><input type="checkbox" name="remember" checked="checked" />
- Garder l'accès aux services après déconnexion.
- </label>
- <br />
- <a href="recovery/ext">Mot de passe perdu ?</a>
- </td>
- </tr>
- <tr>
- <td colspan="2" class="center"><input type="submit" name="submitbtn" value="Envoyer" /></td>
- </tr>
- </table>
-</form>
-
-<form action="{$smarty.server.REQUEST_URI}" method="post" id="loginsub">
- <div>
- <input type="hidden" name="challenge" value="{$smarty.session.challenge}" />
- <input type="hidden" name="username" value="" />
- <input type="hidden" name="remember" value="" />
- <input type="hidden" name="response" value="" />
- <input type="hidden" name="xorpass" value="" />
- <input type="hidden" name="domain" value="" />
- <input type="hidden" name="auth_type" value="xnet" />
- </div>
-</form>
-
-{* vim:set et sw=2 sts=2 sws=2 enc=utf-8: *}
</p>
<p>
Votre compte est maintenant activé et votre passe créé. Vous pouvez donc
- profiter dès à présent des multiples fonctionnalités de Polytechnique.net.
+ profiter dès à présent des multiples fonctionnalités de <a href="http://www.polytechnique.net/">Polytechnique.net</a>.
</p>
<p>
Pour rappel, votre identifiant est : <strong>{$email}</strong>
<td id="perso">
{list_all_my_groups}
{if !$smarty.session.auth}
- <div>Me connecter :</div>
- <table style="margin-left: 1em">
- <tr>
- <td>
- <a class="gp" href="login/{if $platal->pl_self() eq 'exit'}index{else}{$platal->pl_self()}{/if}">X, masters, doctorants…</a>
- </td>
- </tr>
- <tr>
- <td><a class="gp" href="login/ext">Extérieurs</a></td>
- </tr>
- </table>
+ <div>
+ <a href="login/{if $platal->pl_self() eq 'exit'}index{else}{$platal->pl_self()}{/if}">Connexion</a>
+ </div>
{/if}
</td>
<td class="right" style="vertical-align: middle">
projects / platal.git / commitdiff