Ejemplo n.º 1
0
 function handler_sso($page)
 {
     $this->load('sso.inc.php');
     // First, perform security checks.
     if (!wats4u_sso_check()) {
         return PL_BAD_REQUEST;
     }
     global $globals;
     if (!S::logged()) {
         // Request auth.
         $page->assign('external_auth', true);
         $page->assign('ext_url', $globals->wats4u->public_url);
         $page->setTitle('Authentification');
         $page->setDefaultSkin('group_login');
         $page->assign('group', null);
         return PL_DO_AUTH;
     }
     if (!S::user()->checkPerms(PERMS_USER)) {
         // External (X.net) account
         return PL_FORBIDDEN;
     }
     // Update the last login information (unless the user is in SUID).
     $uid = S::i('uid');
     if (!S::suid()) {
         global $platal;
         S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url']));
     }
     // If we logged in specifically for this 'external_auth' request
     // and didn't want to "keep access to services", we kill the session
     // just before returning.
     // See classes/xorgsession.php:startSessionAs
     if (S::b('external_auth_exit')) {
         S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
         Platal::session()->killAccessCookie();
         Platal::session()->destroy();
     }
     // Compute return URL
     $full_return = wats4u_sso_build_return_url(S::user());
     if ($full_return === "") {
         // Something went wrong
         $page->kill("Erreur dans le traitement de la requête Wats4U.");
     }
     http_redirect($full_return);
 }
Ejemplo n.º 2
0
 public function stopSUID()
 {
     $perms = S::suid('perms');
     if (!parent::stopSUID()) {
         return false;
     }
     S::kill('may_update');
     S::kill('is_member');
     S::set('perms', $perms);
     return true;
 }
Ejemplo n.º 3
0
 public function setAccessCookie($replace = false, $log = true)
 {
     if (S::suid() || $replace && !Cookie::blank('access')) {
         return;
     }
     Cookie::set('access', sha1(S::user()->password()), 300, true);
     if ($log) {
         S::logger()->log('cookie_on');
     }
 }
Ejemplo n.º 4
0
 function handler_exit($page, $level = null)
 {
     if (S::suid()) {
         $old = S::user()->login();
         S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
         Platal::session()->stopSUID();
         $target = S::s('suid_startpage');
         S::kill('suid_startpage');
         if (!empty($target)) {
             http_redirect($target);
         }
         pl_redirect('admin/user/' . $old);
     }
     if ($level == 'forget' || $level == 'forgetall') {
         Platal::session()->killAccessCookie();
     }
     if ($level == 'forgetuid' || $level == 'forgetall') {
         Platal::session()->killLoginFormCookies();
     }
     if (S::logged()) {
         S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
         Platal::session()->destroy();
     }
     if (Get::has('redirect')) {
         http_redirect(rawurldecode(Get::v('redirect')));
     } else {
         $page->changeTpl('platal/exit.tpl');
     }
 }
Ejemplo n.º 5
0
 function handler_user($page, $login = false)
 {
     global $globals;
     $page->changeTpl('admin/user.tpl');
     $page->setTitle('Administration - Compte');
     if (S::suid()) {
         $page->kill("Déjà en SUID !!!");
     }
     // Loads the user identity using the environment.
     if ($login) {
         $user = User::get($login);
     }
     if (empty($user)) {
         pl_redirect('admin/accounts');
     }
     $listClient = new MMList(S::user());
     $login = $user->login();
     $registered = $user->state != 'pending';
     // Form processing
     if (!empty($_POST)) {
         S::assert_xsrf_token();
         if (Post::has('uid') && Post::i('uid') != $user->id()) {
             $page->kill('Une erreur s\'est produite');
         }
     }
     // Handles specific requests (AX sync, su, ...).
     if (Post::has('log_account')) {
         pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m'));
     }
     if (Post::has('su_account') && $registered) {
         if (!Platal::session()->startSUID($user)) {
             $page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login());
         } else {
             pl_redirect("");
         }
     }
     // Handles account deletion.
     if (Post::has('account_deletion_confirmation')) {
         $uid = $user->id();
         $name = $user->fullName();
         $profile = $user->profile();
         if ($profile && Post::b('clear_profile')) {
             $user->profile()->clear();
         }
         $user->clear(true);
         $page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit.");
         if (Post::b('erase_account')) {
             XDB::execute('DELETE FROM  accounts
                                 WHERE  uid = {?}', $uid);
             $page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données");
         }
     }
     // Account Form {{{
     require_once 'emails.inc.php';
     $to_update = array();
     if (Post::has('disable_weak_access')) {
         $to_update['weak_password'] = null;
     } else {
         if (Post::has('update_account')) {
             if (!$user->hasProfile()) {
                 require_once 'name.func.inc.php';
                 $name_update = false;
                 $lastname = capitalize_name(Post::t('lastname'));
                 $firstname = capitalize_name(Post::t('firstname'));
                 if ($lastname != $user->lastname) {
                     $to_update['lastname'] = $lastname;
                     $name_update = true;
                 }
                 if (Post::s('type') != 'virtual' && $firstname != $user->firstname) {
                     $to_update['firstname'] = $firstname;
                     $name_update = true;
                 }
                 if ($name_update) {
                     if (Post::s('type') == 'virtual') {
                         $firstname = '';
                     }
                     $to_update['full_name'] = build_full_name($firstname, $lastname);
                     $to_update['directory_name'] = build_directory_name($firstname, $lastname);
                     $to_update['sort_name'] = build_sort_name($firstname, $lastname);
                 }
                 if (Post::s('display_name') != $user->displayName()) {
                     $to_update['display_name'] = Post::s('display_name');
                 }
             }
             if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
                 $to_update['sex'] = Post::s('sex');
                 if ($user->hasProfile()) {
                     XDB::execute('UPDATE  profiles
                                  SET  sex = {?}
                                WHERE  pid = {?}', Post::s('sex'), $user->profile()->id());
                 }
             }
             if (!Post::blank('pwhash')) {
                 $to_update['password'] = Post::s('pwhash');
                 require_once 'googleapps.inc.php';
                 $account = new GoogleAppsAccount($user);
                 if ($account->active() && $account->sync_password) {
                     $account->set_password(Post::s('pwhash'));
                 }
             }
             if (!Post::blank('weak_password')) {
                 $to_update['weak_password'] = Post::s('weak_password');
             }
             if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
                 $to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
             }
             if (Post::i('skin') != $user->skin) {
                 $to_update['skin'] = Post::i('skin');
                 if ($to_update['skin'] == 0) {
                     $to_update['skin'] = null;
                 }
             }
             if (Post::s('state') != $user->state) {
                 $to_update['state'] = Post::s('state');
             }
             if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
                 $to_update['is_admin'] = Post::b('is_admin');
             }
             if (Post::s('type') != $user->type) {
                 $to_update['type'] = Post::s('type');
             }
             if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
                 $to_update['flags'] = new PlFlagset();
                 $to_update['flags']->addFlag('watch', Post::i('watch'));
             }
             if (Post::t('comment') != $user->comment) {
                 $to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
             }
             $new_email = strtolower(Post::t('email'));
             if (require_email_update($user, $new_email)) {
                 $to_update['email'] = $new_email;
                 $listClient->change_user_email($user->forlifeEmail(), $new_email);
                 update_alias_user($user->forlifeEmail(), $new_email);
             }
         }
     }
     if (!empty($to_update)) {
         $res = XDB::query('SELECT  *
                              FROM  accounts
                             WHERE  uid = {?}', $user->id());
         $oldValues = $res->fetchAllAssoc();
         $oldValues = $oldValues[0];
         $set = array();
         $diff = array();
         foreach ($to_update as $k => $value) {
             $value = XDB::format('{?}', $value);
             $set[] = $k . ' = ' . $value;
             $diff[$k] = array($oldValues[$k], trim($value, "'"));
             unset($oldValues[$k]);
         }
         XDB::rawExecute('UPDATE  accounts
                             SET  ' . implode(', ', $set) . '
                           WHERE  uid = ' . XDB::format('{?}', $user->id()));
         $page->trigSuccess('Données du compte mise à jour avec succès');
         $user = User::getWithUID($user->id());
         /* Formats the $diff and send it to the site administrators. The rules are the folowing:
          *  -formats: password, token, weak_password
          */
         foreach (array('password', 'token', 'weak_password') as $key) {
             if (isset($diff[$key])) {
                 $diff[$key] = array('old value', 'new value');
             } else {
                 $oldValues[$key] = 'old value';
             }
         }
         $mail = new PlMailer('admin/useredit.mail.tpl');
         $mail->assign('admin', S::user()->hruid);
         $mail->assign('hruid', $user->hruid);
         $mail->assign('diff', $diff);
         $mail->assign('oldValues', $oldValues);
         $mail->send();
     }
     // }}}
     // Profile form {{{
     if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
         if (Post::i('del_profile', 0) != 0) {
             XDB::execute('DELETE FROM  account_profiles
                                 WHERE  uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile'));
             XDB::execute('DELETE FROM  profiles
                                 WHERE  pid = {?}', Post::i('del_profile'));
         } else {
             if (!Post::blank('new_profile')) {
                 $profile = Profile::get(Post::t('new_profile'));
                 if (!$profile) {
                     $page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
                 } else {
                     XDB::execute('INSERT IGNORE INTO  account_profiles (uid, pid)
                                           VALUES  ({?}, {?})', $user->id(), $profile->id());
                 }
             }
         }
         XDB::execute('UPDATE  account_profiles
                          SET  perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
                        WHERE  uid = {?}', Post::i('owner'), $user->id());
     }
     // }}}
     // Email forwards form {{{
     $redirect = $registered ? new Redirect($user) : null;
     if (Post::has('add_fwd')) {
         $email = Post::t('email');
         if (!isvalid_email_redirection($email, $user)) {
             $page->trigError("Email non valide: {$email}");
         } else {
             $redirect->add_email($email);
             $page->trigSuccess("Ajout de {$email} effectué");
         }
     } else {
         if (!Post::blank('del_fwd')) {
             $redirect->delete_email(Post::t('del_fwd'));
         } else {
             if (!Post::blank('activate_fwd')) {
                 $redirect->modify_one_email(Post::t('activate_fwd'), true);
             } else {
                 if (!Post::blank('deactivate_fwd')) {
                     $redirect->modify_one_email(Post::t('deactivate_fwd'), false);
                 } else {
                     if (Post::has('disable_fwd')) {
                         $redirect->disable();
                     } else {
                         if (Post::has('enable_fwd')) {
                             $redirect->enable();
                         } else {
                             if (!Post::blank('clean_fwd')) {
                                 $redirect->clean_errors(Post::t('clean_fwd'));
                             }
                         }
                     }
                 }
             }
         }
     }
     // }}}
     // Email alias form {{{
     if (Post::has('add_alias')) {
         // Splits new alias in user and fqdn.
         $alias = Env::t('email');
         if (strpos($alias, '@') !== false) {
             list($alias, $domain) = explode('@', $alias);
         } else {
             $domain = $user->mainEmailDomain();
         }
         // Checks for alias' user validity.
         if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) {
             $page->trigError("'{$alias}' n'est pas un alias valide");
         }
         // Eventually adds the alias to the right domain.
         if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
             $req = new AliasReq($user, $alias, 'Admin request', false);
             if ($req->commit()) {
                 $page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué.");
             } else {
                 $page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué.");
             }
         } elseif ($domain == $user->mainEmailDomain()) {
             XDB::execute('INSERT INTO  email_source_account (email, uid, domain, type, flags)
                                SELECT  {?}, {?}, id, \'alias\', \'\'
                                  FROM  email_virtual_domains
                                 WHERE  name = {?}', $alias, $user->id(), $domain);
             $page->trigSuccess("Nouvel alias '{$alias}' ajouté");
         } else {
             $page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur.");
         }
     } else {
         if (!Post::blank('del_alias')) {
             $delete_alias = Post::t('del_alias');
             list($email, $domain) = explode('@', $delete_alias);
             XDB::execute('DELETE  s
                         FROM  email_source_account  AS s
                   INNER JOIN  email_virtual_domains AS m ON (s.domain = m.id)
                   INNER JOIN  email_virtual_domains AS d ON (d.aliasing = m.id)
                        WHERE  s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain);
             XDB::execute('UPDATE  email_redirect_account AS r
                   INNER JOIN  email_virtual_domains  AS m ON (m.name = {?})
                   INNER JOIN  email_virtual_domains  AS d ON (d.aliasing = m.id)
                          SET  r.rewrite = \'\'
                        WHERE  r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email);
             fix_bestalias($user);
             $page->trigSuccess("L'alias '{$delete_alias}' a été supprimé");
         } else {
             if (!Post::blank('best')) {
                 $best_alias = Post::t('best');
                 // First delete the bestalias flag from all this user's emails.
                 XDB::execute("UPDATE  email_source_account\n                             SET  flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n                           WHERE  uid = {?}", $user->id());
                 // Then gives the bestalias flag to the given email.
                 list($email, $domain) = explode('@', $best_alias);
                 XDB::execute("UPDATE  email_source_account\n                             SET  flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n                           WHERE  uid = {?} AND email = {?}", $user->id(), $email);
                 // As having a non-null bestalias value is critical in
                 // plat/al's code, we do an a posteriori check on the
                 // validity of the bestalias.
                 fix_bestalias($user);
             }
         }
     }
     // }}}
     // OpenId form {{{
     if (Post::has('del_openid')) {
         XDB::execute('DELETE FROM  account_auth_openid
                             WHERE  id = {?}', Post::i('del_openid'));
     }
     // }}}
     // Forum form {{{
     if (Post::has('b_edit')) {
         XDB::execute("DELETE FROM  forum_innd\n                                WHERE  uid = {?}", $user->id());
         if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") {
             XDB::execute("INSERT INTO  forum_innd\n                                      SET  ipmin = '0', ipmax = '4294967295',\n                                           write_perm = {?}, read_perm = {?},\n                                           comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id());
         }
     }
     // }}}
     $page->addJsLink('jquery.ui.xorg.js');
     // Displays last login and last host information.
     $res = XDB::query("SELECT  start, host\n                             FROM  log_sessions\n                            WHERE  uid = {?} AND suid IS NULL\n                         ORDER BY  start DESC\n                            LIMIT  1", $user->id());
     list($lastlogin, $host) = $res->fetchOneRow();
     $page->assign('lastlogin', $lastlogin);
     $page->assign('host', $host);
     // Display mailing lists
     $page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail()));
     // Display active aliases.
     $page->assign('virtuals', $user->emailGroupAliases());
     $aliases = XDB::iterator("SELECT  CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n                                          (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n                                          FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n                                          (s.type = 'alias_aux') AS alias\n                                    FROM  email_source_account  AS s\n                              INNER JOIN  email_virtual_domains AS d ON (s.domain = d.id)\n                                   WHERE  s.uid = {?}\n                                ORDER BY  !alias, s.email", $user->id());
     $page->assign('aliases', $aliases);
     $page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type'));
     $page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name'));
     $page->assign('profiles', XDB::iterator('SELECT  p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id
                                                FROM  account_profiles AS ap
                                          INNER JOIN  profiles AS p ON (ap.pid = p.pid)
                                               WHERE  ap.uid = {?}', $user->id()));
     $page->assign('openid', XDB::iterator('SELECT  id, url
                                              FROM  account_auth_openid
                                             WHERE  uid = {?}', $user->id()));
     // Displays email redirection and the general profile.
     if ($registered && $redirect) {
         $page->assign('emails', $redirect->emails);
     }
     $page->assign('user', $user);
     $page->assign('hasProfile', $user->hasProfile());
     // Displays forum bans.
     $res = XDB::query("SELECT  write_perm, read_perm, comment\n                             FROM  forum_innd\n                            WHERE  uid = {?}", $user->id());
     $bans = $res->fetchOneAssoc();
     $page->assign('bans', $bans);
 }
Ejemplo n.º 6
0
 function handler_change_rights($page)
 {
     if (Env::has('right') && (may_update() || S::suid())) {
         switch (Env::v('right')) {
             case 'admin':
                 Platal::session()->stopSUID();
                 break;
             case 'anim':
                 Platal::session()->doSelfSuid();
                 may_update(true);
                 is_member(true);
                 break;
             case 'member':
                 Platal::session()->doSelfSuid();
                 may_update(false, true);
                 is_member(true);
                 break;
             case 'logged':
                 Platal::session()->doSelfSuid();
                 may_update(false, true);
                 is_member(false, true);
                 break;
         }
     }
     if (!empty($_SERVER['HTTP_REFERER'])) {
         http_redirect($_SERVER['HTTP_REFERER']);
     } else {
         pl_redirect('');
     }
 }
Ejemplo n.º 7
0
 public function setAccessCookie($replace = false)
 {
     Cookie::set('uid', S::user()->id(), 300);
     if (S::suid() || $replace && !Cookie::blank('hash')) {
         return;
     }
     // FIXME : should switch to true instead of false for HTTPS safety
     Cookie::set('hash', sha1(S::user()->password()), 300, false);
 }
Ejemplo n.º 8
0
 function handler_lists($page, $order_by = null, $order = null)
 {
     require_once 'emails.inc.php';
     if (!$this->get_lists_domain()) {
         return PL_NOT_FOUND;
     }
     $page->changeTpl('xnetlists/index.tpl');
     if (Get::has('del')) {
         S::assert_xsrf_token();
         $mlist = $this->prepare_list(Get::v('del'));
         $mlist->unsubscribe();
         pl_redirect('lists');
     }
     if (Get::has('add')) {
         S::assert_xsrf_token();
         $mlist = $this->prepare_list(Get::v('add'));
         $mlist->subscribe();
         pl_redirect('lists');
     }
     if (Post::has('del_alias') && may_update()) {
         S::assert_xsrf_token();
         $alias = Post::t('del_alias');
         list($local_part, ) = explode('@', $alias);
         delete_list_alias($local_part, $this->get_lists_domain());
         $page->trigSuccess($alias . ' supprimé !');
     }
     $client = $this->prepare_client();
     $listes = $client->get_lists();
     // Default ordering is by ascending names.
     if (is_null($order_by) || is_null($order) || !in_array($order_by, array('list', 'desc', 'nbsub')) || !in_array($order, array('asc', 'desc'))) {
         $order_by = 'list';
         $order = 'asc';
     }
     $compare = function ($a, $b) use($order_by, $order) {
         switch ($order_by) {
             case 'desc':
                 $a[$order_by] = replace_accent($a[$order_by]);
                 $b[$order_by] = replace_accent($b[$order_by]);
             case 'list':
                 $res = strcasecmp($a[$order_by], $b[$order_by]);
                 break;
             case 'nbsub':
                 $res = $a[$order_by] - $b[$order_by];
                 break;
             default:
                 $res = 0;
         }
         if ($order == 'asc') {
             return $res;
         }
         return $res * -1;
     };
     usort($listes, $compare);
     $page->assign('listes', $listes);
     $page->assign('order_by', $order_by);
     $page->assign('order', $order);
     $page->assign('aliases', iterate_list_alias($this->get_lists_domain()));
     $page->assign('may_update', may_update());
     if (S::suid()) {
         $page->trigWarning("Attention : l'affichage des listes de diffusion ne tient pas compte de l'option « Voir le site comme… ».");
     }
     global $globals;
     if (count($listes) > 0 && !$globals->asso('has_ml')) {
         XDB::execute("UPDATE  groups\n                             SET  flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml')\n                           WHERE  id = {?}", $globals->asso('id'));
     }
 }