public function handler_admin_nl_enable($page)
{
global $globals;
$nl = $this->getNl();
if ($nl) {
return PL_FORBIDDEN;
}
if (Post::has('title')) {
if (!S::has_xsrf_token()) {
return PL_FORBIDDEN;
}
XDB::execute('INSERT INTO newsletters
SET group_id = {?}, name = {?}', $globals->asso('id'), Post::s('title'));
$mailer = new PlMailer();
$mailer->assign('group', $globals->asso('nom'));
$mailer->assign('user', S::user());
$mailer->send();
$page->trigSuccessRedirect("La lettre d'informations du groupe " . $globals->asso('nom') . " a bien été créée", $globals->asso('shortname') . '/admin/nl');
}
$page->setTitle('Activation de la newsletter');
$page->changeTpl('newsletter/enable.tpl');
}
function handler_admin_nl_edit($page, $nid = 'last', $aid = null, $action = 'edit')
{
$page->changeTpl('newsletter/edit.tpl');
$page->addCssLink('nl.Polytechnique.org.css');
$page->setTitle('Administration - Newsletter : Édition');
$nl = $this->getNl();
if (!$nl) {
return PL_NOT_FOUND;
}
try {
$issue = $nl->getIssue($nid, false);
} catch (MailNotFound $e) {
return PL_NOT_FOUND;
}
$ufb = $nl->getSubscribersUFB();
$ufb_keepenv = false;
// Will be set to True if there were invalid modification to the UFB.
// Convert NLIssue error messages to human-readable errors
$error_msgs = array(NLIssue::ERROR_INVALID_REPLY_TO => "L'adresse de réponse est invalide.", NLIssue::ERROR_INVALID_SHORTNAME => "Le nom court est invalide ou vide.", NLIssue::ERROR_INVALID_UFC => "Le filtre des destinataires est invalide.", NLIssue::ERROR_TOO_LONG_UFC => "Le nombre de matricules AX renseigné est trop élevé.", NLIssue::ERROR_SQL_SAVE => "Une erreur est survenue en tentant de sauvegarder la lettre, merci de réessayer.");
// Update the current issue
if ($aid == 'update' && Post::has('submit')) {
// Save common fields
$issue->title = Post::s('title');
$issue->title_mail = Post::s('title_mail');
$issue->head = Post::s('head');
$issue->signature = Post::s('signature');
$issue->reply_to = Post::s('reply_to');
if ($issue->isEditable()) {
// Date and shortname may only be modified for pending NLs, otherwise all links get broken.
$issue->date = Post::s('date');
$issue->shortname = strlen(Post::blank('shortname')) ? null : Post::s('shortname');
$issue->sufb->updateFromEnv($ufb->getEnv());
if ($nl->automaticMailingEnabled()) {
$issue->send_before = preg_replace('/^(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)$/', '\\1-\\2-\\3', Post::v('send_before_date')) . ' ' . Post::i('send_before_time_Hour') . ':00:00';
}
}
$errors = $issue->save();
if (count($errors)) {
foreach ($errors as $error_code) {
$page->trigError($error_msgs[$error_code]);
}
}
}
// Delete an article
if ($action == 'delete') {
$issue->delArticle($aid);
pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}");
}
// Save an article
if (Post::v('save')) {
$art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $aid, Post::v('cid'), Post::v('pos'));
$issue->saveArticle($art);
pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}");
}
// Edit an article
if ($action == 'edit' && $aid != 'update') {
$eaid = $aid;
if (Post::has('title')) {
$art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $eaid, Post::v('cid'), Post::v('pos'));
} else {
$art = $eaid == 'new' ? new NLArticle() : $issue->getArt($eaid);
}
if ($art && !$art->check()) {
$page->trigError("Cet article est trop long.");
}
$page->assign('art', $art);
}
// Check blacklisted IPs
if ($aid == 'blacklist_check') {
global $globals;
$ips_to_check = array();
$blacklist_host_resolution_count = 0;
foreach ($issue->arts as $key => $articles) {
foreach ($articles as $article) {
$article_ips = $article->getLinkIps($blacklist_host_resolution_count);
if (!empty($article_ips)) {
$ips_to_check[$article->title()] = $article_ips;
}
}
}
$page->assign('ips_to_check', $ips_to_check);
if ($blacklist_host_resolution_count >= $globals->mail->blacklist_host_resolution_limit) {
$page->trigError("Toutes les url et adresses emails de la lettre" . " n'ont pas été prises en compte car la" . " limite du nombre de résolutions DNS" . " autorisée a été atteinte.");
}
}
if ($issue->state == NLIssue::STATE_SENT) {
$page->trigWarning("Cette lettre a déjà été envoyée ; il est recommandé de limiter les modifications au maximum (orthographe, adresses web et mail).");
}
$ufb->setEnv($issue->sufb->getEnv());
$page->assign_by_ref('nl', $nl);
$page->assign_by_ref('issue', $issue);
}
protected function action_updateProfile()
{
global $globals;
$page =& Platal::page();
$colors = glob(dirname(__FILE__) . '/../../htdocs/images/banana/m2*.gif');
foreach ($colors as $key => $path) {
$path = basename($path, '.gif');
$colors[$key] = substr($path, 2);
}
$page->assign('colors', $colors);
if (Post::has('action') && Post::v('action') == 'Enregistrer') {
S::assert_xsrf_token();
$flags = new PlFlagSet();
if (Post::b('bananadisplay')) {
$flags->addFlag('threads');
}
if (Post::b('bananaupdate')) {
$flags->addFlag('automaj');
}
if (Post::b('bananaxface')) {
$flags->addFlag('xface');
}
$unread = Post::s('unread');
$read = Post::s('read');
if (!in_array($unread, $colors) || !in_array($read, $colors)) {
$page->trigError('Le choix de type pour l\'arborescence est invalide');
} else {
$last_seen = XDB::query('SELECT last_seen
FROM forum_profiles
WHERE uid = {?}', $this->user->id());
if ($last_seen->numRows() > 0) {
$last_seen = $last_seen->fetchOneCell();
} else {
$last_seen = '0000-00-00';
}
XDB::execute('INSERT INTO forum_profiles (uid, sig, mail, name, flags, tree_unread, tree_read, last_seen)
VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})
ON DUPLICATE KEY UPDATE sig = VALUES(sig), mail = VALUES(mail), name = VALUES(name), flags = VALUES(flags),
tree_unread = VALUES(tree_unread), tree_read = VALUES(tree_read), last_seen = VALUES(last_seen)', $this->user->id(), Post::v('bananasig'), Post::v('bananamail'), Post::v('banananame'), $flags, $unread, $read, $last_seen);
$page->trigSuccess('Ton profil a été mis à jour');
}
}
$infos = $this->fetchProfile();
$page->assign('nom', $infos['name']);
$page->assign('mail', $infos['mail']);
$page->assign('sig', $infos['sig']);
$page->assign('disp', $infos['threads']);
$page->assign('maj', $infos['maj']);
$page->assign('xface', $infos['xface']);
$page->assign('unread', $infos['tree_unread']);
$page->assign('read', $infos['tree_read']);
return null;
}
function handler_prefs($page)
{
$page->changeTpl('platal/preferences.tpl');
$page->setTitle('Mes préférences');
if (Post::has('email_format')) {
S::assert_xsrf_token();
$fmt = Post::s('email_format');
S::user()->setEmailFormat($fmt);
}
if (Post::has('rss')) {
S::assert_xsrf_token();
$this->__set_rss_state(Post::s('rss') == 'on');
}
}
function handler_accounts(PlPage $page)
{
$page->changeTpl('admin/accounts.tpl');
$page->setTitle('Administration - Comptes');
if (Post::has('create_account')) {
S::assert_xsrf_token();
$firstname = Post::t('firstname');
$lastname = mb_strtoupper(Post::t('lastname'));
$sex = Post::s('sex');
$email = Post::t('email');
$type = Post::s('type');
if (!$type) {
$page->trigError("Empty account type");
} elseif (!isvalid_email($email)) {
$page->trigError("Invalid email address: {$email}");
} elseif (strlen(Post::s('pwhash')) != 40) {
$page->trigError("Invalid password hash");
} else {
$login = PlUser::makeHrid($firstname, $lastname, $type);
$full_name = $firstname . ' ' . $lastname;
$directory_name = $lastname . ' ' . $firstname;
XDB::execute("INSERT INTO accounts (hruid, type, state, password,\n registration_date, email, full_name,\n display_name, sex, directory_name,\n lastname, firstname)\n VALUES ({?}, {?}, 'active', {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?})", $login, $type, Post::s('pwhash'), $email, $full_name, $full_name, $sex, $directory_name, $lastname, $firstname);
}
}
$uf = new UserFilter(new UFC_AccountType('ax', 'school', 'fx'));
$page->assign('users', $uf->iterUsers());
}
function handler_send($page)
{
$page->changeTpl('emails/send.tpl');
$page->setTitle('Envoyer un email');
// action si on recoit un formulaire
if (Post::has('save')) {
if (!S::has_xsrf_token()) {
return PL_FORBIDDEN;
}
unset($_POST['save']);
if (trim(preg_replace('/-- .*/', '', Post::v('contenu'))) != "") {
Post::set('to_contacts', explode(';', Post::s('to_contacts')));
Post::set('cc_contacts', explode(';', Post::s('cc_contacts')));
$data = serialize($_POST);
XDB::execute('INSERT INTO email_send_save (uid, data)
VALUES ({?}, {?})
ON DUPLICATE KEY UPDATE data = VALUES(data)', S::user()->id('uid'), $data);
}
exit;
} else {
if (Env::v('submit') == 'Envoyer') {
S::assert_xsrf_token();
function getEmails($aliases)
{
if (!is_array($aliases)) {
return null;
}
$uf = new UserFilter(new UFC_Hrpid($aliases));
$users = $uf->iterUsers();
$ret = array();
while ($user = $users->next()) {
$ret[] = $user->forlife;
}
return join(', ', $ret);
}
$error = false;
foreach ($_FILES as &$file) {
if ($file['name'] && !PlUpload::get($file, S::user()->login(), 'emails.send', false)) {
$page->trigError(PlUpload::$lastError);
$error = true;
break;
}
}
if (!$error) {
XDB::execute("DELETE FROM email_send_save\n WHERE uid = {?}", S::user()->id());
$to2 = getEmails(Env::v('to_contacts'));
$cc2 = getEmails(Env::v('cc_contacts'));
$txt = str_replace('^M', '', Env::v('contenu'));
$to = str_replace(';', ',', Env::t('to'));
$subj = Env::t('sujet');
$from = Env::t('from');
$cc = str_replace(';', ',', Env::t('cc'));
$bcc = str_replace(';', ',', Env::t('bcc'));
$email_regex = '/^[a-z0-9.\\-+_\\$]+@([\\-.+_]?[a-z0-9])+$/i';
foreach (explode(',', $to . ',' . $cc . ',' . $bcc) as $email) {
$email = trim($email);
if ($email != '' && !preg_match($email_regex, $email)) {
$page->trigError("L'adresse email " . $email . ' est erronée.');
$error = true;
}
}
if (empty($to) && empty($cc) && empty($to2) && empty($bcc) && empty($cc2)) {
$page->trigError("Indique au moins un destinataire.");
$error = true;
}
if ($error) {
$page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send'));
} else {
$mymail = new PlMailer();
$mymail->setFrom($from);
$mymail->setSubject($subj);
if (!empty($to)) {
$mymail->addTo($to);
}
if (!empty($cc)) {
$mymail->addCc($cc);
}
if (!empty($bcc)) {
$mymail->addBcc($bcc);
}
if (!empty($to2)) {
$mymail->addTo($to2);
}
if (!empty($cc2)) {
$mymail->addCc($cc2);
}
$files =& PlUpload::listFiles(S::user()->login(), 'emails.send');
foreach ($files as $name => &$upload) {
$mymail->addUploadAttachment($upload, $name);
}
if (Env::v('wiki') == 'text') {
$mymail->setTxtBody(wordwrap($txt, 78, "\n"));
} else {
$mymail->setWikiBody($txt);
}
if ($mymail->send()) {
$page->trigSuccess("Ton email a bien été envoyé.");
$_REQUEST = array('bcc' => S::user()->bestEmail());
PlUpload::clear(S::user()->login(), 'emails.send');
} else {
$page->trigError("Erreur lors de l'envoi du courriel, réessaye.");
$page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send'));
}
}
}
} else {
$res = XDB::query("SELECT data\n FROM email_send_save\n WHERE uid = {?}", S::i('uid'));
if ($res->numRows() == 0) {
PlUpload::clear(S::user()->login(), 'emails.send');
$_REQUEST['bcc'] = S::user()->bestEmail();
} else {
$data = unserialize($res->fetchOneCell());
$_REQUEST = array_merge($_REQUEST, $data);
}
}
}
$uf = new UserFilter(new PFC_And(new UFC_Contact(S::user()), new UFC_Registered()), UserFilter::sortByName());
$contacts = $uf->getProfiles();
$page->assign('contacts', $contacts);
$page->assign('maxsize', ini_get('upload_max_filesize') . 'o');
$page->assign('user', S::user());
$preferences = XDB::fetchOneAssoc('SELECT from_email, from_format
FROM accounts
WHERE uid = {?}', S::user()->id());
if ($preferences['from_email'] == '') {
$preferences['from_email'] = '"' . S::user()->fullName() . '" <' . S::user()->bestEmail() . '>';
}
$page->assign('preferences', $preferences);
}
public function handler_licenses_final($page, $no_reason = false)
{
$softwares = License::getSoftwares();
$keys = array();
if (Post::has('disagree') || !$no_reason && !Post::has('resend') && (!Post::has('reason') || Post::v('reason') == "") || !Post::has('software') || !in_array(Post::v('software'), array_keys($softwares))) {
$this->handler_licenses($page);
} else {
$page->changeTpl('licenses/licenses_final.tpl');
$page->assign('title', "Demande de licence pour {$softwares[Post::v('software')]}");
$page->assign('software', Post::s('software'));
$page->assign('software_name', $softwares[Post::s('software')]);
if (($key = License::adminKey(Post::s('software'))) && License::hasRights(S::user())) {
$key->give(S::user());
$page->assign('direct', true);
} elseif (Post::has('resend')) {
$l = License::fetch(array('id' => Post::i('id')));
if ($l[0]->uid() == S::user()->id()) {
License::send($l);
} else {
die("La license n'appartient pas à l'utilisateur courant");
}
$page->assign('direct', true);
} else {
$lv = new LicensesValidate(Post::s('software'), Post::s('reason'));
$v = new Validate(array('writer' => S::user(), 'group' => Group::from('licenses'), 'item' => $lv, 'type' => 'licenses'));
$v->insert();
$page->assign('direct', false);
}
}
}
function handler_admin_member($page, $user)
{
global $globals;
$user = User::getSilent($user);
if (empty($user)) {
return PL_NOT_FOUND;
}
if (!$user->inGroup($globals->asso('id'))) {
pl_redirect('annuaire');
}
$page->changeTpl('xnetgrp/membres-edit.tpl');
$page->addJsLink('xnet_members.js');
$mmlist = new MMList(S::user(), $globals->asso('mail_domain'));
if (Post::has('change')) {
S::assert_xsrf_token();
require_once 'emails.inc.php';
require_once 'name.func.inc.php';
// Convert user status to X
if (!Post::blank('x')) {
$forlife = $this->changeLogin($page, $user, Post::i('userid'), Post::b('broken'), Post::b('marketing'), Post::v('marketing_from'));
if ($forlife) {
pl_redirect('member/' . $forlife);
}
}
// Update user info
if ($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) {
$lastname = capitalize_name(Post::t('lastname'));
if (Post::s('type') != 'virtual') {
$firstname = capitalize_name(Post::t('firstname'));
} else {
$firstname = '';
}
$full_name = build_full_name($firstname, $lastname);
$directory_name = build_directory_name($firstname, $lastname);
$sort_name = build_sort_name($firstname, $lastname);
XDB::query('UPDATE accounts
SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
firstname = {?}, lastname = {?}, sex = {?}, type = {?}
WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), $firstname, $lastname, Post::t('sex') == 'male' ? 'male' : 'female', Post::t('type') == 'xnet' ? 'xnet' : 'virtual', $user->id());
}
// Updates email.
$new_email = strtolower(Post::t('email'));
if (($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) && require_email_update($user, $new_email)) {
XDB::query('UPDATE accounts
SET email = {?}
WHERE uid = {?}', $new_email, $user->id());
if ($user->forlifeEmail()) {
$listClient = new MMList(S::user());
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
$user = User::getWithUID($user->id());
}
if (XDB::affectedRows()) {
$page->trigSuccess('Données de l\'utilisateur mises à jour.');
}
if ($user->type == 'xnet' && !$user->perms) {
if (Post::b('suggest')) {
$request = new AccountReq(S::user(), $user->hruid, Post::t('email'), $globals->asso('nom'), $globals->asso('diminutif'));
$request->submit();
$page->trigSuccess('Le compte va bientôt être activé.');
}
if (Post::b('again')) {
$this->again($user->id());
$page->trigSuccess('Relance effectuée avec succès.');
}
}
// Update group params for user
$perms = Post::v('group_perms');
$comm = Post::t('comm');
$position = Post::t('group_position') == '' ? null : Post::v('group_position');
if ($user->group_perms != $perms || $user->group_comm != $comm || $user->group_position != $position) {
XDB::query('UPDATE group_members
SET perms = {?}, comm = {?}, position = {?}
WHERE uid = {?} AND asso_id = {?}', $perms == 'admin' ? 'admin' : 'membre', $comm, $position, $user->id(), $globals->asso('id'));
if (XDB::affectedRows()) {
if ($perms != $user->group_perms) {
$page->trigSuccess('Permissions modifiées !');
}
if ($comm != $user->group_comm) {
$page->trigSuccess('Commentaire mis à jour.');
}
if ($position != $user->group_position) {
$page->trigSuccess('Poste mis à jour.');
}
}
}
// Gets user info again as they might have change
$user = User::getSilent($user->id());
// Update ML subscriptions
foreach (Env::v('ml1', array()) as $ml => $state) {
$ask = empty($_REQUEST['ml2'][$ml]) ? 0 : 2;
if ($ask == $state) {
continue;
}
if ($state == '1') {
$page->trigWarning("{$user->fullName()} a " . "actuellement une demande d'inscription en " . "cours sur <strong>{$ml}@</strong> !!!");
} elseif ($ask) {
$mmlist->mass_subscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}@.");
} else {
$mmlist->mass_unsubscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}@.");
}
}
// Change subscriptioin to aliases
foreach (Env::v('ml3', array()) as $ml => $state) {
require_once 'emails.inc.php';
$ask = !empty($_REQUEST['ml4'][$ml]);
list($local_part, ) = explode('@', $ml);
if ($ask == $state) {
continue;
}
if ($ask) {
add_to_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}.");
} else {
delete_from_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}.");
}
}
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
// Updates group's newsletter subscription.
if (Post::i('newsletter') == 1) {
$nl->subscribe($user);
} else {
$nl->unsubscribe(null, $user->id());
}
}
}
$res = XDB::rawFetchAllAssoc('SHOW COLUMNS FROM group_members LIKE \'position\'');
$positions = str_replace(array('enum(', ')', '\''), '', $res[0]['Type']);
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
$nl_registered = $nl->subscriptionState($user);
} else {
$nl_registered = false;
}
$page->assign('user', $user);
$page->assign('suggest', $this->suggest($user));
$page->assign('listes', $mmlist->get_lists($user->forlifeEmail()));
$page->assign('alias', $user->emailGroupAliases($globals->asso('mail_domain')));
$page->assign('positions', explode(',', $positions));
$page->assign('nl_registered', $nl_registered);
$page->assign('pending_xnet_account', XDB::fetchOneCell('SELECT 1
FROM register_pending_xnet
WHERE uid = {?}', $user->id()));
}
