function handler_upload($page)
{
$page->assign('exception', false);
$page->assign('image', false);
if (FrankizUpload::has('file')) {
$g = Group::from('temp')->select(GroupSelect::castes());
$temp = $g->caste(Rights::everybody());
try {
$upload = FrankizUpload::v('file');
$secret = uniqid();
$i = new FrankizImage();
$i->insert();
$i->caste($temp);
$i->label($secret);
$i->image($upload);
$page->assign('image', $i);
$page->assign('secret', $secret);
} catch (Exception $e) {
try {
if ($i) {
$i->delete();
}
} catch (Exception $eb) {
$page->assign('exception', $eb);
}
$page->assign('exception', $e);
if ($e instanceof ImageSizeException) {
$page->assign('pixels', true);
} else {
if ($e instanceof UploadSizeException) {
$page->assign('bytes', true);
} else {
if ($e instanceof ImageFormatException) {
$page->assign('format', true);
}
}
}
}
}
if (Env::has('delete')) {
$image = new FrankizImage(Env::i('iid'));
$image->select(FrankizImageSelect::base());
if ($image->label() == Env::s('secret')) {
$image->delete();
}
}
$page->addCssLink('upload.css');
$page->changeTpl('images/upload.tpl', SIMPLE);
}
public function handle_editor()
{
$this->title = Env::t('title', '');
$this->content = Env::t('news_content', '');
$this->begin = new FrankizDateTime(Env::t('begin'));
$this->end = new FrankizDateTime(Env::t('end'));
if (Env::has('image')) {
$image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp()));
$image = $image->get(true);
if (!$image) {
throw new Exception("This image doesn't exist anymore");
}
$image->select(FrankizImageSelect::caste());
$image->label($this->title);
$image->caste($this->target);
$this->image($image);
}
return true;
}
function handler_links_admin($page)
{
if (!S::user()->perms()->hasFlag('admin')) {
return PL_FORBIDDEN;
}
$collec = Link::all();
$collec->select(LinkSelect::all());
$results = $collec->split('ns');
if (Env::has('modify')) {
$id = Env::i('id');
$link = $collec->get($id);
if ($link !== false) {
if (Env::has('image')) {
try {
$group = Group::from('partnership');
$group->select();
$image = new FrankizImage();
$image->insert();
$image->label($link->label());
$image->caste($group->caste('everybody'));
$image->image(FrankizUpload::v('image'));
$link->image($image);
} catch (Exception $e) {
$page->assign('err', $e->getMessage());
}
}
$link->label(Env::t('label'));
$link->link(Env::t('link'));
$link->description(Env::t('description'));
$link->comment(Env::t('comment'));
} else {
$err = 'Le lien modifié n\'existe plus.';
$page->assign('err', $err);
}
}
$page->addCssLink('links.css');
$page->assign('links', $results);
$page->assign('title', 'Administrer les liens');
$page->changeTpl('links/admin_links.tpl');
}
protected function handle_editor()
{
$this->titre = Env::v('titre');
$this->texte = Env::v('texte');
$this->pmin = Env::i('promo_min');
$this->pmax = Env::i('promo_max');
$this->expiration = Env::v('expiration');
if (@$_FILES['image']['tmp_name']) {
$upload = PlUpload::get($_FILES['image'], S::user()->login(), 'event');
if (!$upload) {
$this->trigError("Impossible de télécharger le fichier");
} elseif (!$upload->isType('image')) {
$page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG');
$upload->rm();
} elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) {
$page->trigError('Impossible de retraiter l\'image');
} else {
$this->readImage($upload);
}
}
return true;
}
function handler_admin($page, $nid = false)
{
$news = News::fromId($nid);
if ($news !== false) {
$news->select(NewsSelect::news());
if (S::user()->hasRights($news->target()->group(), Rights::admin()) || S::user()->isWeb()) {
if (Env::has('modify') || Env::has('delete')) {
S::assert_xsrf_token();
}
if (Env::has('modify')) {
$news->title(Env::t('title'));
$news->content(Env::t('news_content'));
$news->begin(new FrankizDateTime(Env::t('begin')));
$news->end(new FrankizDateTime(Env::t('end')));
if (Env::has('reappear')) {
$news->removeReadFlags();
}
if (Env::has('image')) {
$image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp()));
$image = $image->get(true);
if (!$image) {
throw new Exception("This image doesn't exist anymore");
}
$image->select(FrankizImageSelect::caste());
$image->label($news->title());
$image->caste($news->target());
$news->image($image);
}
$page->assign('msg', "L'annonce a été modifiée.");
}
if (Env::has('delete')) {
$news->delete();
$page->assign('delete', true);
}
}
}
$page->assign('news', $news);
$page->assign('isEdition', true);
$page->assign('title', "Modifier l'annonce");
$page->addCssLink('validate.css');
$page->changeTpl('news/admin.tpl');
}
function handler_group_admin($page, $group = null)
{
$group = Group::fromId($group);
if ($group && (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb())) {
$group->select(GroupSelect::see());
$page->assign('group', $group);
if (Env::has('name') && Env::t('name') != '' && S::user()->isAdmin()) {
S::logger()->log("groups/admin", array("gid" => $group->id(), "old_name" => $group->name(), "new_name" => Env::t('name')));
$group->name(Env::t('name'));
}
if (Env::has('update') && S::user()->isAdmin()) {
$group->external(Env::has('external'));
$group->leavable(Env::has('leavable'));
$group->visible(Env::has('visible'));
}
if (Env::has('label')) {
$group->label(Env::t('label'));
}
if (Env::has('update')) {
$group->description(Env::t('description'));
$group->web(Env::t('web'));
$group->wikix(Env::t('wikix'));
$group->mail(Env::t('mail'));
}
if (Env::has('image')) {
$image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp()));
$image = $image->get(true);
if (!$image) {
throw new Exception("This image doesn't exist anymore");
}
$image->select(FrankizImageSelect::caste());
$image->label($group->label());
$image->caste($group->caste(Rights::everybody()));
$group->image($image);
}
if (S::user()->isWeb()) {
$nss = XDB::fetchColumn('SELECT ns FROM groups GROUP BY ns');
$page->assign('nss', $nss);
if (Env::has('ns')) {
S::logger()->log("groups/admin", array("gid" => $group->id(), "old_ns" => $group->ns(), "new_ns" => Env::t('ns')));
$group->ns(Env::t('ns'));
}
}
$promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO);
$page->assign('promos', $promos);
$page->assign('title', 'Administration de "' . $group->label() . '"');
$page->addCssLink('groups.css');
$page->changeTpl('groups/admin.tpl');
} else {
$page->assign('title', "Ce groupe n'existe pas ou vous n'en êtes pas administrateur");
$page->changeTpl('groups/no_group.tpl');
}
}
/**
* The authentication schema is based on three query parameters:
* ?user=<hruid>×tamp=<timestamp>&sig=<sig>
* where:
* - hruid is the hruid of the querying user
* - timestamp is the current UNIX timestamp, which has to be within a
* given distance of the server-side UNIX timestamp
* - sig is the HMAC of "<method>#<resource>#<payload>#<timestamp>" using
* a known secret of the user as the key.
*
* At the moment, the shared secret of the user is the sha1 hash of its
* password. This is temporary, though, until better support for tokens is
* implemented in plat/al.
* TODO(vzanotti): Switch to dedicated secrets for authentication.
*/
public function apiAuth($method, $resource, $payload)
{
// Verify that the timestamp is within acceptable bounds.
$timestamp = Env::i('timestamp', 0);
if (abs($timestamp - time()) > Platal::globals()->api->timestamp_tolerance) {
return null;
}
// Retrieve the user corresponding to the forlife. Note that at the
// moment, other aliases are also accepted.
$user = User::getSilent(Env::s('user', ''));
if (is_null($user) || !$user->isActive()) {
return null;
}
// Determine the list of tokens associated with the user. At the moment,
// this is just the sha1 of the password.
$tokens = array($user->password());
// For each token, try to validate the signature.
$message = implode('#', array($method, $resource, $payload, $timestamp));
$signature = Env::s('sig');
foreach ($tokens as $token) {
$expected_signature = hash_hmac(Platal::globals()->api->hmac_algo, $message, $token);
if ($signature == $expected_signature) {
return $user;
}
}
return null;
}
function handler_skin($page)
{
global $globals;
$page->changeTpl('platal/skins.tpl');
$page->setTitle('Skins');
if (Env::has('newskin')) {
// formulaire soumis, traitons les données envoyées
XDB::execute('UPDATE accounts
SET skin = {?}
WHERE uid = {?}', Env::i('newskin'), S::i('uid'));
S::kill('skin');
Platal::session()->setSkin();
}
$res = XDB::query('SELECT id
FROM skins
WHERE skin_tpl = {?}', S::v('skin'));
$page->assign('skin_id', $res->fetchOneCell());
$sql = 'SELECT s.*, auteur, COUNT(*) AS nb
FROM skins AS s
LEFT JOIN accounts AS a ON (a.skin = s.id)
WHERE skin_tpl != \'\' AND ext != \'\'
GROUP BY id ORDER BY s.date DESC';
$page->assign('skins', XDB::iterator($sql));
}
public function handler_admin_account($page, $hruid = null, $added = false)
{
$err = array();
$msg = array();
$add = false;
if ($added) {
$msg[] = "L'utilisateur a été ajouté avec succès";
}
if ($hruid === null) {
$user = new User();
$add = true;
} else {
$user = new UserFilter(new UFC_Hruid($hruid));
$user = $user->get(true);
if ($user !== false) {
$user->select(UserSelect::tol());
} else {
throw new Exception("Impossible de charger les données de l'utilisateur " . $hruid);
}
}
if (Env::has('add_room') && !$add) {
$r = Room::batchFrom(array(Env::t('rid')));
if ($r->count() == 0) {
$err[] = "La chambre entrée n'existe pas.";
} else {
$user->addRoom($r->pop());
}
}
if (Env::has('del_room') && !$add) {
$r = Room::batchFrom(array(Env::t('rid')));
if ($r->count() == 0) {
$err[] = "La chambre entrée n'existe pas.";
} else {
$user->removeRoom($r->pop());
}
}
if (Env::has('add_perm') && !$add && S::user()->isAdmin()) {
$user->addPerm(Env::t('perm'));
}
if (Env::has('del_perm') && !$add && S::user()->isAdmin()) {
$user->removePerm(Env::t('perm'));
}
if (Env::has('upd_study') && !$add) {
$user->updateStudy(Env::t('formation_id'), Env::t('forlife'), Env::t('year_in'), Env::t('year_out'), Env::t('promo'));
}
if (Env::has('add_study') && !$add) {
$user->addStudy(Env::t('formation_id'), Env::t('year_in'), Env::t('year_out'), Env::t('promo'), Env::t('forlife'));
}
if (Env::has('del_study') && !$add) {
$user->removeStudy(Env::t('formation_id'), Env::t('forlife'));
}
if (Env::has('add_group') && !$add) {
$g = Group::from(Env::t('name'))->select(GroupSelect::castes());
$g->caste(Rights::member())->addUser($user);
}
if (Env::has('del_group') && !$add) {
$g = Group::from(Env::t('name'))->select(GroupSelect::castes());
$g->caste(Rights::member())->removeUser($user);
}
if (Env::has('change_profile')) {
if ($add) {
if (Env::blank('hruid')) {
$hruid = Env::t('firstname') . '.' . Env::t('lastname');
$hruid = strtolower($hruid);
$already = new UserFilter(new UFC_Hruid($hruid));
$nbr = 1;
while ($already->getTotalCount() > 0) {
$nbr++;
$hruid = Env::t('firstname') . '.' . Env::t('lastname') . '.' . $nbr;
$hruid = strtolower($hruid);
$already = new UserFilter(new UFC_Hruid($hruid));
}
} else {
$hruid = Env::t('hruid');
$already = new UserFilter(new UFC_Hruid($hruid));
if ($already->getTotalCount() > 0) {
throw new Exception("Le hruid spécifié est déjà pris.");
}
}
$user->insert();
if (Env::blank('hruid')) {
$user->hruid($hruid);
}
$msg[] = "L'utilisateur a été ajouté.";
}
if (Env::has('image')) {
$group = Group::from('tol')->select(GroupSelect::castes());
$image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp()));
$image = $image->get(true);
if (!$image) {
throw new Exception("This image doesn't exist anymore");
}
$image->select(FrankizImageSelect::caste());
$image->label($user->fullName());
$image->caste($group->caste(Rights::everybody()));
$tv = new TolValidate($image, $user);
$v = new Validate(array('writer' => $user, 'group' => $group, 'item' => $tv, 'type' => 'tol'));
$v->insert();
$msg[] = 'La demande de changement de photo tol a été prise en compte.
Les tolmestres essaieront de te la valider au plus tôt.';
}
if (Env::has('password')) {
$user->password(Env::t('password'));
}
if (!Env::blank('hruid')) {
$user->hruid(Env::t('hruid'));
}
$user->nickname(Env::t('nickname'));
$user->lastname(Env::t('lastname'));
$user->firstname(Env::t('firstname'));
$user->birthdate(new FrankizDateTime(Env::t('birthdate')));
$user->gender(Env::t('gender') == 'man' ? User::GENDER_MALE : User::GENDER_FEMALE);
$user->email(Env::t('bestalias'));
$user->cellphone(new Phone(Env::t('cellphone')));
$user->skin(Env::t('skin'));
$user->email_format(Env::t('format') == 'text' ? User::FORMAT_TEXT : User::FORMAT_HTML);
$user->comment(Env::t('comment'));
if ($add) {
//Let's add common minimodules if requested (we copy them from anonymous.internal (uid 0) one's)
if (Env::has('addCommonMinimodules')) {
$user->select(UserSelect::minimodules());
$user->copyMinimodulesFromUser(0);
}
pl_redirect('profile/admin/account/' . $user->hruid() . '/added');
}
}
if (!empty($err)) {
$page->assign('err', $err);
}
if (!empty($msg)) {
$page->assign('msg', $msg);
}
$page->assign('formations', XDB::query("SELECT formation_id, label FROM formations")->fetchAllAssoc());
$gfun = new GroupFilter(new PFC_And(new GFC_Namespace('nationality'), new GFC_User($user)));
$page->assign('user_nationalities', $gfun->get()->select(GroupSelect::base())->toArray());
$gfn = new GroupFilter(new GFC_Namespace('nationality'));
$page->assign('nationalities', $gfn->get()->select(GroupSelect::base())->toArray());
$gfus = new GroupFilter(new PFC_And(new GFC_Namespace('sport'), new GFC_User($user)));
$page->assign('user_sports', $gfus->get()->select(GroupSelect::base())->toArray());
$gfs = new GroupFilter(new GFC_Namespace('sport'));
$page->assign('sports', $gfs->get()->select(GroupSelect::base())->toArray());
$page->assign('userEdit', $user);
$page->addCssLink('profile.css');
$page->assign('add', $add);
$page->assign('title', "Changement du profil : " . $user->fullName());
if ($add) {
$page->assign('title', "Création d'un utilisateur");
}
$page->assign('perms', array('admin'));
$page->changeTpl('profile/admin_account.tpl');
}
function handler_mail($page)
{
$subject = Env::t('subject', '');
$body = Env::t('mail_body', '');
$no_wiki = Env::has('no_wiki');
// Retrieve the years on_platal of each formation
$formations = Formation::selectAll(FormationSelect::on_platal());
if (Env::has('send')) {
try {
$required_fields = array('subject' => 'Il faut donner un sujet à ton mail', 'mail_body' => 'Tu ne veux pas envoyer de mail vide à tous. Si ?');
foreach ($required_fields as $field => $msg) {
if (Env::v($field, '') == '') {
throw new Exception($msg);
}
}
if (Env::t('origin_mail_proposal') == 'false') {
$origin = false;
} else {
$origin = new Group(Env::i('origin_mail_proposal'));
}
if ($origin !== false && !S::user()->hasRights($origin, Rights::admin())) {
throw new Exception("Invalid credentials for origin Group");
}
if (Env::t('type_mail_proposal') == 'group') {
// Mail to a group
list($temp, $target_group) = self::target_picker_to_caste_group('mail');
$target = new Collection('Caste');
$target->add($temp);
$target_group->select(GroupSelect::validate());
$nv = new MailValidate(array('writer' => S::user(), 'type_mail' => Env::t('type_mail_proposal'), 'origin' => $origin, 'targets' => $target, 'subject' => $subject, 'body' => $body, 'nowiki' => $no_wiki, 'formation' => $target_group));
$el = new Validate(array('item' => $nv, 'group' => $target_group, 'writer' => S::user(), 'type' => 'mail'));
$el->insert();
} elseif (Env::t('type_mail_proposal') == 'promo') {
// Target group is a Collection of formation groups, which validate requests
$target_group = new Collection('Group');
// Group promos by formation
$promos = unflatten(Env::v('promos'));
$promosByFormation = array();
foreach ($promos as $formation_promo) {
$formation_promo = trim($formation_promo);
if (!$formation_promo) {
continue;
}
if (!preg_match('/^([0-9]+)_([0-9]+)$/', $formation_promo, $matches)) {
throw new Exception("Oops, mauvais format de destinataire.");
}
$formid = (int) $matches[1];
$promo = (int) $matches[2];
if (isset($promosByFormation[$formid])) {
$promosByFormation[$formid][] = $promo;
} else {
$promosByFormation[$formid] = array($promo);
}
}
if (empty($promosByFormation)) {
throw new Exception("Il faut indiquer au moins un destinataire.");
}
foreach ($promosByFormation as $formid => $promos) {
// Now, $promos are the list of promos of formation $formid
$form = $formations->get($formid);
// Study group are the people the mail is sent to, array of CasteFilterCondition
$cfc_study_groups = array();
foreach ($promos as $promo) {
if (!$form->hasPlatalYear($promo)) {
throw new Exception("Mauvaise promo " . $promo . " pour " . $form->label() . ".");
}
$cfc_study_groups[] = new CFC_Group($form->getGroupForPromo($promo), Rights::restricted());
}
$target = new CasteFilter(new PFC_Or($cfc_study_groups));
$target = $target->get();
$target->select(CasteSelect::validate());
// $target_group is the group which validates this email
$target_group = $form->getGroup();
$target_group->select(GroupSelect::validate());
$nv = new MailValidate(array('writer' => S::user(), 'type_mail' => Env::t('type_mail_proposal'), 'origin' => $origin, 'targets' => $target, 'subject' => $subject, 'body' => $body, 'nowiki' => $no_wiki, 'formation' => $target_group));
$el = new Validate(array('item' => $nv, 'group' => $target_group, 'writer' => S::user(), 'type' => 'mail'));
$el->insert();
}
}
$page->assign('envoye', true);
} catch (Exception $e) {
$page->trigError($e->getMessage());
}
}
$page->assign('subject', $subject);
$page->assign('body', $body);
$page->assign('nowiki', $no_wiki);
$page->assign('formations', $formations);
$page->assign('title', 'Envoi des mails');
$page->addCssLink('validate.css');
$page->changeTpl('validate/prop.mail.tpl');
}
function handler_cyber2_return($page, $uid = null)
{
global $globals, $platal;
/* on vérifie la signature */
$vads_params = array();
foreach ($_REQUEST as $key => $value) {
if (substr($key, 0, 5) == 'vads_') {
$vads_params[$key] = $value;
}
}
ksort($vads_params);
$signature = sha1(join('+', $vads_params) . '+' . $globals->money->cyperplus_key);
//if($signature != Env::v('signature')) {
// cb_erreur("signature invalide");
//}
/* on extrait les informations sur l'utilisateur */
$user = User::get(Env::i('vads_cust_id'));
if (!$user) {
cb_erreur("uid invalide");
}
/* on extrait la reference de la commande */
if (!preg_match('/-([0-9]+)$/', Env::v('vads_order_id'), $matches)) {
cb_erreur("référence de commande invalide");
}
$ref = $matches[1];
$res = XDB::query('SELECT mail, text, confirmation
FROM payments
WHERE id={?}', $ref);
if ($res->numRows() != 1) {
cb_erreur("référence de commande inconnue");
}
list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow();
/* on extrait le montant */
if (Env::v('vads_currency') != '978') {
cb_erreur("monnaie autre que l'euro");
}
$montant = (double) Env::i('vads_amount') / 100;
/* on extrait le code de retour */
if (Env::v('vads_result') != '00') {
cb_erreur('erreur lors du paiement : ?? (' . Env::v('vads_result') . ')', $conf_title);
}
/* on fait l'insertion en base de donnees */
XDB::execute('INSERT INTO payment_transactions (id, method_id, uid, ref, fullref, ts_confirmed, amount, pkey, comment, status, display)
VALUES ({?}, 2, {?}, {?}, {?}, NOW(), {?}, {?}, {?}, "confirmed", {?})', Env::v('vads_trans_date'), $user->id(), $ref, Env::v('vads_order_id'), $montant, '', Env::v('vads_order_info'), Env::i('vads_order_info2'));
echo "Payment stored.\n";
// We check if it is an Xnet payment and then update the related ML.
$res = XDB::query('SELECT eid, asso_id
FROM group_events
WHERE paiement_id = {?}', $ref);
if ($res->numRows() == 1) {
list($eid, $asso_id) = $res->fetchOneRow();
require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php';
$evt = get_event_detail($eid, false, $asso_id);
subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true);
}
/* on genere le mail de confirmation */
$conf_text = str_replace(array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', '<comment>'), array($user->firstName(), $user->lastName(), $user->promo(), $montant, $user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher', Env::v('vads_order_info')), $conf_text);
global $globals;
$mymail = new PlMailer();
$mymail->setFrom($conf_mail);
$mymail->addCc($conf_mail);
$mymail->setSubject($conf_title);
$mymail->setWikiBody($conf_text);
$mymail->sendTo($user);
/* on envoie les details de la transaction à telepaiement@ */
$mymail = new PlMailer();
$mymail->setFrom("webmaster@" . $globals->mail->domain);
$mymail->addTo($globals->money->email);
$mymail->setSubject($conf_title);
$msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" . 'mail : ' . $user->forlifeEmail() . "\n\n" . "paiement : {$conf_title} ({$conf_mail})\n" . "reference : " . Env::v('vads_order_id') . "\n" . "montant : {$montant}\n\n" . "dump de REQUEST:\n" . var_export($_REQUEST, true);
$mymail->setTxtBody($msg);
$mymail->send();
echo "Notifications sent.\n";
exit;
}
protected function handle_editor()
{
$this->titre = Env::v('pay_titre');
$this->site = Env::v('pay_site');
$this->montant = Env::t('pay_montant');
$this->montant_min = Env::i('pay_montant_min');
$this->montant_max = Env::i('pay_montant_max');
$this->msg_reponse = Env::v('pay_msg_reponse');
$this->public = Env::v('pay_public') == 'yes';
$this->rib_id = Env::v('pay_rib_id');
if ($this->rib_id) {
$res = XDB::query("SELECT owner FROM payment_bankaccounts WHERE id = {?}", $this->rib_id);
$this->rib_nom = $res->fetchOneCell();
} else {
$this->rib_nom = null;
}
return true;
}
function handler_admin($page, $eid = null, $item_id = null)
{
global $globals;
$this->load('xnetevents.inc.php');
$evt = get_event_detail($eid, $item_id);
if (!$evt) {
return PL_NOT_FOUND;
}
$page->changeTpl('xnetevents/admin.tpl');
if (!$evt['show_participants'] && !may_update()) {
return PL_FORBIDDEN;
}
if (may_update() && Post::v('adm')) {
S::assert_xsrf_token();
$member = User::getSilent(Post::v('mail'));
if (!$member) {
$page->trigError("Membre introuvable");
}
// change the price paid by a participant
if (Env::v('adm') == 'prix' && $member) {
$amount = strtr(Env::v('montant'), ',', '.');
XDB::execute("UPDATE group_event_participants\n SET paid = paid + {?}\n WHERE uid = {?} AND eid = {?} AND nb > 0\n ORDER BY item_id ASC\n LIMIT 1", $amount, $member->uid, $evt['eid']);
subscribe_lists_event($member->uid, $evt['short_name'], 1, $amount);
}
// change the number of personns coming with a participant
if (Env::v('adm') == 'nbs' && $member) {
$res = XDB::query("SELECT SUM(paid)\n FROM group_event_participants\n WHERE uid = {?} AND eid = {?}", $member->uid, $evt['eid']);
$paid = $res->fetchOneCell();
// Ensure we have an integer
if ($paid == null) {
$paid = 0;
}
$nbs = Post::v('nb', array());
$paid_inserted = false;
foreach ($nbs as $id => $nb) {
$nb = max(intval($nb), 0);
if (!$paid_inserted && $nb > 0) {
$item_paid = $paid;
$paid_inserted = true;
} else {
$item_paid = 0;
}
XDB::execute('INSERT INTO group_event_participants (eid, uid, item_id, nb, flags, paid)
VALUES ({?}, {?}, {?}, {?}, {?}, {?})
ON DUPLICATE KEY UPDATE nb = VALUES(nb), flags = VALUES(flags), paid = VALUES(paid)', $evt['eid'], $member->uid, $id, $nb, '', $item_paid);
}
$res = XDB::query('SELECT COUNT(uid) AS cnt, SUM(nb) AS nb
FROM group_event_participants
WHERE uid = {?} AND eid = {?}
GROUP BY uid', $member->uid, $evt['eid']);
$u = $res->fetchOneAssoc();
if ($paid == 0 && Post::v('cancel')) {
XDB::execute("DELETE FROM group_event_participants\n WHERE uid = {?} AND eid = {?}", $member->uid, $evt['eid']);
$u = 0;
subscribe_lists_event($member->uid, $evt['short_name'], -1, $paid);
} else {
$u = $u['cnt'] ? $u['nb'] : null;
subscribe_lists_event($member->uid, $evt['short_name'], $u > 0 ? 1 : 0, $paid);
}
}
$evt = get_event_detail($eid, $item_id);
}
$page->assign_by_ref('evt', $evt);
$page->assign('tout', is_null($item_id));
if (count($evt['moments'])) {
$page->assign('moments', $evt['moments']);
}
if ($evt['paiement_id']) {
$infos = User::getBulkUsersWithUIDs(XDB::fetchAllAssoc('SELECT t.uid, t.amount
FROM payment_transactions AS t
LEFT JOIN group_event_participants AS ep ON(ep.uid = t.uid AND ep.eid = {?})
WHERE t.status = "confirmed" AND t.ref = {?} AND ep.uid IS NULL', $evt['eid'], $evt['paiement_id']), 'uid', 'user');
$page->assign('oublis', count($infos));
$page->assign('oubliinscription', $infos);
}
$absents = User::getBulkUsersFromDB('SELECT p.uid
FROM group_event_participants AS p
LEFT JOIN group_event_participants AS p2 ON (p2.uid = p.uid
AND p2.eid = p.eid
AND p2.nb != 0)
WHERE p.eid = {?} AND p2.eid IS NULL
GROUP BY p.uid', $evt['eid']);
$ofs = Env::i('offset');
$part = get_event_participants($evt, $item_id, UserFilter::sortByName(), NB_PER_PAGE, $ofs * NB_PER_PAGE);
$nbp = ceil($evt['user_count'] / NB_PER_PAGE);
if ($nbp > 1) {
$links = array();
if ($ofs) {
$links['précédent'] = $ofs - 1;
}
for ($i = 1; $i <= $nbp; $i++) {
$links[(string) $i] = $i - 1;
}
if ($ofs < $nbp - 1) {
$links['suivant'] = $ofs + 1;
}
$page->assign('links', $links);
}
$page->assign('absents', $absents);
$page->assign('participants', $part);
}
public function i($key, $def = 0)
{
if ($this->fake_env) {
return $this->fake_env->i($key, $def);
} else {
return Env::i($this->envprefix . $key, $def);
}
}
function handler_modify_regular($page, $aid = false)
{
$activities = new ActivityFilter(new PFC_And(new AFC_TargetGroup(S::user()->castes(Rights::admin())->groups()), new AFC_Regular(true)));
$c = $activities->get();
$c->select(ActivitySelect::base());
$aid = Env::i('aid', $aid);
if ($aid) {
$a = $c->get($aid);
if ($a === false) {
throw new Exception("Invalid credentials");
}
if (Env::has('modify')) {
S::assert_xsrf_token();
if (preg_match('`^\\d{2}:\\d{2}$`', Env::t('begin')) && strtotime(Env::t('begin')) !== false && preg_match('`^\\d{2}:\\d{2}$`', Env::t('end')) && strtotime(Env::t('end')) !== false) {
$a->title(Env::t('title', $a->title()));
$a->description(Env::t('activity_description', $a->description()));
$a->days(implode(',', Env::v('days', $a->days())));
$a->default_begin(Env::t('begin') . ':00');
$a->default_end(Env::t('end') . ':00');
$page->assign('msg', 'L\'activité a été modifiée.');
} else {
$page->assign('msg', 'Les dates données sont incorrectes.');
}
}
$page->assign('aid', $aid);
$page->assign('activity', $a);
}
$page->assign('activities', $c);
$page->assign('title', 'Modifier une activité régulière');
$page->changeTpl('activity/modify_regular.tpl');
}
function handler_jobs($page, $id = -1)
{
$page->changeTpl('admin/jobs.tpl');
if (Env::has('search')) {
$res = XDB::query("SELECT id, name, acronym\n FROM profile_job_enum\n WHERE name LIKE CONCAT('%', {?}, '%') OR acronym LIKE CONCAT('%', {?}, '%')", Env::t('job'), Env::t('job'));
if ($res->numRows() <= 20) {
$page->assign('jobs', $res->fetchAllAssoc());
} else {
$page->trigError("Il y a trop d'entreprises correspondant à ton choix. Affine-le !");
}
$page->assign('askedJob', Env::v('job'));
return;
}
if (Env::has('edit')) {
S::assert_xsrf_token();
$selectedJob = Env::has('selectedJob');
Phone::deletePhones(0, Phone::LINK_COMPANY, $id);
Address::deleteAddresses(null, Address::LINK_COMPANY, $id);
if (Env::has('change')) {
if (Env::has('newJobId') && Env::i('newJobId') > 0) {
XDB::execute('UPDATE profile_job
SET jobid = {?}
WHERE jobid = {?}', Env::i('newJobId'), $id);
XDB::execute('DELETE FROM profile_job_enum
WHERE id = {?}', $id);
$page->trigSuccess("L'entreprise a bien été remplacée.");
} else {
$page->trigError("L'entreprise n'a pas été remplacée car l'identifiant fourni n'est pas valide.");
}
} else {
XDB::execute('UPDATE profile_job_enum
SET name = {?}, acronym = {?}, url = {?}, email = {?},
SIREN_code = {?}, NAF_code = {?}, AX_code = {?}, holdingid = {?}
WHERE id = {?}', Env::t('name'), Env::t('acronym'), Env::t('url'), Env::t('email'), Env::t('SIREN') == 0 ? null : Env::t('SIREN'), Env::t('NAF_code') == 0 ? null : Env::t('NAF_code'), Env::i('AX_code') == 0 ? null : Env::t('AX_code'), Env::i('holdingId') == 0 ? null : Env::t('holdingId'), $id);
$phone = new Phone(array('display' => Env::v('tel'), 'link_id' => $id, 'id' => 0, 'type' => 'fixed', 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public'));
$fax = new Phone(array('display' => Env::v('fax'), 'link_id' => $id, 'id' => 1, 'type' => 'fax', 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public'));
$address = new Address(array('jobid' => $id, 'type' => Address::LINK_COMPANY, 'text' => Env::t('address')));
$phone->save();
$fax->save();
$address->save();
$page->trigSuccess("L'entreprise a bien été mise à jour.");
}
}
if (!Env::has('change') && $id != -1) {
$res = XDB::query("SELECT e.id, e.name, e.acronym, e.url, e.email, e.SIREN_code AS SIREN, e.NAF_code, e.AX_code,\n h.id AS holdingId, h.name AS holdingName, h.acronym AS holdingAcronym,\n t.display_tel AS tel, f.display_tel AS fax, a.text AS address\n FROM profile_job_enum AS e\n LEFT JOIN profile_job_enum AS h ON (e.holdingid = h.id)\n LEFT JOIN profile_phones AS t ON (t.pid = e.id AND t.link_type = 'hq' AND t.tel_id = 0)\n LEFT JOIN profile_phones AS f ON (f.pid = e.id AND f.link_type = 'hq' AND f.tel_id = 1)\n LEFT JOIN profile_addresses AS a ON (a.jobid = e.id AND a.type = 'hq')\n WHERE e.id = {?}", $id);
if ($res->numRows() == 0) {
$page->trigError('Auncune entreprise ne correspond à cet identifiant.');
} else {
$page->assign('selectedJob', $res->fetchOneAssoc());
}
}
}
protected function handle_editor()
{
foreach (array('name', 'acronym', 'url', 'email', 'SIREN', 'NAF_code', 'tel', 'fax', 'address') as $field) {
$this->{$field} = Env::t($field) == '' ? null : Env::t($field);
}
foreach (array('AX_code', 'holdingid') as $field) {
$this->{$field} = Env::i($field) == 0 ? null : Env::i($field);
}
return true;
}
function handler_moderate($page, $liste = null)
{
if (is_null($liste)) {
return PL_NOT_FOUND;
}
$mlist = $this->prepare_list($liste);
if (!$this->is_group_admin($page)) {
$this->verify_list_owner($page, $mlist);
}
$page->changeTpl('lists/moderate.tpl');
$page->register_modifier('hdc', 'list_header_decode');
if (Env::has('sadd') || Env::has('sdel')) {
S::assert_xsrf_token();
if (Env::has('sadd')) {
// Ensure the moderated request is still active
$sub = $mlist->getPendingSubscription(Env::v('sadd'));
$mlist->handleRequest(MailingList::REQ_SUBSCRIBE, Env::v('sadd'));
$info = "validée";
}
if (Post::has('sdel')) {
// Ensure the moderated request is still active
$sub = $mlist->getPendingSubscription(Env::v('sdel'));
$mlist->handleRequest(MailingList::REQ_REJECT, Post::v('sdel'), Post::v('reason'));
$info = "refusée";
}
if ($sub) {
$mailer = new PlMailer();
$mailer->setFrom($mlist->getAddress(MailingList::KIND_BOUNCE));
$mailer->addTo($mlist->getAddress(MailingList::KIND_OWNER));
$mailer->addHeader('Reply-To', $mlist->getAddress(MailingList::KIND_OWNER));
$mailer->setSubject("L'inscription de {$sub['name']} a été {$info}");
$text = "L'inscription de {$sub['name']} à la liste " . $mlist->address . " a été {$info} par " . S::user()->fullName(true) . ".\n";
if (trim(Post::v('reason'))) {
$text .= "\nLa raison invoquée est :\n" . Post::v('reason');
}
$mailer->setTxtBody(wordwrap($text, 72));
$mailer->send();
}
if (Env::has('sadd')) {
pl_redirect('lists/moderate/' . $liste);
}
}
if (Post::has('moderate_mails') && Post::has('select_mails')) {
S::assert_xsrf_token();
$mails = array_keys(Post::v('select_mails'));
foreach ($mails as $mail) {
$this->moderate_mail($mlist, $mail);
}
} elseif (Env::has('mid')) {
if (Get::has('mid') && !Env::has('mok') && !Env::has('mdel')) {
require_once 'banana/moderate.inc.php';
$page->changeTpl('lists/moderate_mail.tpl');
$params = array('listname' => $mlist->mbox, 'domain' => $mlist->domain, 'artid' => Get::i('mid'), 'part' => Get::v('part'), 'action' => Get::v('action'));
$params['client'] = $this->prepare_client();
run_banana($page, 'ModerationBanana', $params);
$msg = file_get_contents('/etc/mailman/fr/refuse.txt');
$msg = str_replace("%(adminaddr)s", $mlist->getAddress(MailingList::KIND_OWNER), $msg);
$msg = str_replace("%(request)s", "<< SUJET DU MAIL >>", $msg);
$msg = str_replace("%(reason)s", "<< TON EXPLICATION >>", $msg);
$msg = str_replace("%(listname)s", $liste, $msg);
$page->assign('msg', $msg);
return;
}
$this->moderate_mail($mlist, Env::i('mid'));
} elseif (Env::has('sid')) {
if (list($subs, $mails) = $this->get_pending_ops($mlist)) {
foreach ($subs as $user) {
if ($user['id'] == Env::v('sid')) {
$page->changeTpl('lists/moderate_sub.tpl');
$page->assign('del_user', $user);
return;
}
}
}
}
if (list($subs, $mails) = $this->get_pending_ops($mlist)) {
foreach ($mails as $key => $mail) {
$mails[$key]['stamp'] = strftime("%Y%m%d%H%M%S", $mail['stamp']);
if ($mail['fromx']) {
$page->assign('with_fromx', true);
} else {
$page->assign('with_nonfromx', true);
}
}
$page->assign_by_ref('subs', $subs);
$page->assign_by_ref('mails', $mails);
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de la modérer.");
}
}
function handler_admin_announce($page)
{
global $globals;
$page->changeTpl('xnetgrp/announce-admin.tpl');
if (Env::has('del')) {
S::assert_xsrf_token();
XDB::execute('DELETE FROM group_announces
WHERE id = {?} AND asso_id = {?}', Env::i('del'), $globals->asso('id'));
}
$res = XDB::iterator('SELECT id, titre, expiration, expiration < CURRENT_DATE() AS perime
FROM group_announces
WHERE asso_id = {?}
ORDER BY expiration DESC', $globals->asso('id'));
$page->assign('articles', $res);
}
/** Handles form validation.
*/
public function handle_formu()
{
if ($this->requireAdmin && !S::admin()) {
$this->trigError('Vous n\'avez pas les permissions nécessaires pour valider cette demande.');
return false;
}
if (Env::has('delete')) {
$this->clean();
$this->trigSuccess('Requête supprimée.');
return true;
}
// Data updates.
if (Env::has('edit')) {
if ($this->handle_editor()) {
$this->update();
$this->trigSuccess('Requête mise à jour.');
return true;
}
return false;
}
// Comment addition.
if (Env::has('hold') && Env::has('comm')) {
$formid = Env::i('formid');
foreach ($this->comments as $comment) {
if ($comment[2] === $formid) {
return true;
}
}
if (!strlen(trim(Env::v('comm')))) {
return true;
}
$this->comments[] = array(S::user()->login(), Env::v('comm'), $formid);
// Sends email to our hotline.
global $globals;
$mailer = new PlMailer();
$mailer->setSubject("Commentaires de validation {$this->type}");
$mailer->setFrom("validation+{$this->type}@{$globals->mail->domain}");
$mailer->addTo($globals->core->admin_email);
$body = "Validation {$this->type} pour {$this->user->login()}\n\n" . S::user()->login() . " a ajouté le commentaire :\n\n" . Env::v('comm') . "\n\n" . "cf la discussion sur : " . $globals->baseurl . "/admin/validate";
$mailer->setTxtBody(wordwrap($body));
$mailer->send();
$this->update();
$this->trigSuccess('Commentaire ajouté.');
return true;
}
if (Env::has('accept')) {
if ($this->commit()) {
$this->sendmail(true);
$this->clean();
$this->trigSuccess('Email de validation envoyé');
return true;
} else {
$this->trigError('Erreur lors de la validation');
return false;
}
}
if (Env::has('refuse')) {
if (Env::v('comm')) {
$this->sendmail(false);
$this->clean();
$this->trigSuccess('Email de refus envoyé.');
return true;
} else {
$this->trigError('Pas de motivation pour le refus !!!');
}
}
return false;
}
function handler_list($page, $type = null, $idVal = null)
{
$page->assign('name', $type);
$page->assign('with_text_value', true);
$page->assign('onchange', "document.forms.recherche.{$type}Txt.value = this.options[this.selectedIndex].text");
// Give the list of all values possible of type and builds a select input for it
$ids = null;
switch ($type) {
case 'binet':
$ids = DirEnum::getOptionsIter(DirEnum::BINETS);
break;
case 'networking_type':
$ids = DirEnum::getOptionsIter(DirEnum::NETWORKS);
break;
case 'country':
$ids = DirEnum::getOptionsIter(DirEnum::COUNTRIES);
$page->assign('onchange', 'changeAddressComponents(\'' . $type . '\', this.value)');
break;
case 'administrative_area_level_1':
case 'administrative_area_level_2':
case 'locality':
$page->assign('onchange', 'changeAddressComponents(\'' . $type . '\', this.value)');
case 'postal_code':
$ids = XDB::iterator("SELECT pace1.id, pace1.long_name AS field\n FROM profile_addresses_components_enum AS pace1\n INNER JOIN profile_addresses_components AS pac1 ON (pac1.component_id = pace1.id)\n INNER JOIN profile_addresses_components AS pac2 ON (pac1.pid = pac2.pid AND pac1.jobid = pac2.jobid AND pac1.id = pac2.id\n AND pac1.groupid = pac2.groupid AND pac1.type = pac2.type)\n INNER JOIN profile_addresses_components_enum AS pace2 ON (pac2.component_id = pace2.id AND FIND_IN_SET({?}, pace2.types))\n WHERE pace2.id = {?} AND FIND_IN_SET({?}, pace1.types) AND pac1.type = 'home'\n GROUP BY pace1.long_name", Env::v('previous'), Env::v('value'), $type);
break;
case 'diploma':
if (Env::has('school') && Env::i('school') != 0) {
$ids = DirEnum::getOptionsIter(DirEnum::EDUDEGREES, Env::i('school'));
} else {
$ids = DirEnum::getOptionsIter(DirEnum::EDUDEGREES);
}
break;
case 'groupex':
$ids = DirEnum::getOptionsIter(DirEnum::GROUPESX);
break;
case 'nationalite':
$ids = DirEnum::getOptionsIter(DirEnum::NATIONALITIES);
break;
case 'school':
$ids = DirEnum::getOptionsIter(DirEnum::EDUSCHOOLS);
$page->assign('onchange', 'changeSchool(this.value)');
break;
case 'section':
$ids = DirEnum::getOptionsIter(DirEnum::SECTIONS);
break;
case 'jobterm':
if (Env::has('jtid')) {
JobTerms::ajaxGetBranch($page, JobTerms::ONLY_JOBS);
return;
} else {
pl_content_headers('text/xml');
echo '<div>';
// global container so that response is valid xml
echo '<input name="jobtermTxt" type="text" style="display:none" size="32" />';
echo '<input name="jobterm" type="hidden"/>';
echo '<div class="term_tree"></div>';
// container where to create the tree
echo '<script type="text/javascript" src="javascript/jquery.jstree.js"></script>';
echo '<script type="text/javascript" src="javascript/jobtermstree.js"></script>';
echo '<script type="text/javascript">createJobTermsTree(".term_tree", "search/list/jobterm", "search", "searchForJobTerm");</script>';
echo '</div>';
exit;
}
default:
exit;
}
if (isset($idVal)) {
pl_content_headers("text/plain");
echo $ids[$idVal];
exit;
}
pl_content_headers("text/xml");
$page->changeTpl('include/field.select.tpl', NO_SKIN);
$page->assign('list', $ids);
}
