function smarty_function_test_email($params, $smarty)
{
$label = isset($params['title']) ? $params['title'] : 'Envoyer un email de test';
$token = "'" . S::v('xsrf_token') . (isset($params['hruid']) ? "', " : "'");
$hruid = isset($params['hruid']) ? "'" . $params['hruid'] . "'" : '';
return '<div class="center">' . ' <div id="mail_sent" style="position: absolute;"></div><br />' . ' <div><input type="submit" name="send" value="' . $label . '" onclick="sendTestEmail(' . $token . $hruid . ')" /></div>' . '</div>';
}
public function run()
{
global $platal, $globals;
$nom = S::v('prenom') . ' ' . S::v('nom');
$mail = $this->user->bestEmail();
$sig = $nom . ' (' . S::v('promo') . ')';
Banana::$msgedit_headers['X-Org-Mail'] = $this->user->forlifeEmail();
// Tree color
$req = XDB::query('SELECT tree_unread, tree_read
FROM forum_profiles
WHERE uid= {?}', $this->user->id());
if (!(list($unread, $read) = $req->fetchOneRow())) {
$unread = 'o';
$read = 'dg';
}
Banana::$tree_unread = $unread;
Banana::$tree_read = $read;
// Build user profile
Banana::$profile['headers']['From'] = "{$nom} <{$mail}>";
Banana::$profile['headers']['Organization'] = make_Organization();
Banana::$profile['signature'] = $sig;
// Page design
Banana::$page->killPage('forums');
Banana::$page->killPage('subscribe');
// Run Banana
return parent::run();
}
public static function IsCandidate(User $user, $candidate)
{
if (!$user->checkPerms(User::PERM_MAIL)) {
return false;
}
return S::v('no_redirect');
}
public static function IsCandidate(User $user, $candidate)
{
if (!$user->checkPerms(User::PERM_MAIL)) {
return false;
}
return count(S::v('mx_failures', array())) > 0;
}
public function force_login(PlPage $page)
{
$redirect = S::v('loginX');
if (!$redirect) {
$page->trigError('Impossible de s\'authentifier. Problème de configuration de plat/al.');
return;
}
http_redirect($redirect);
}
function smarty_insert_getUsername()
{
$id = Cookie::i('uid', -1);
$id = S::v('uid', $id);
if ($id < 0) {
return '';
}
$user = User::getSilentWithUID($id);
return $user->bestEmail();
}
function handler_admin($page)
{
$page->changeTpl('xnet/admin.tpl');
if (Get::has('del')) {
$res = XDB::query('SELECT id, nom, mail_domain
FROM groups WHERE diminutif={?}', Get::v('del'));
list($id, $nom, $domain) = $res->fetchOneRow();
$page->assign('nom', $nom);
if ($id && Post::has('del')) {
S::assert_xsrf_token();
XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id);
$page->trigSuccess('membres supprimés');
if ($domain) {
XDB::execute('DELETE v
FROM email_virtual AS v
INNER JOIN email_virtual_domains AS d ON (v.domain = d.id)
WHERE d.name = {?}', $domain);
XDB::execute('DELETE FROM email_virtual_domains
WHERE name = {?}', $domain);
$page->trigSuccess('suppression des alias mails');
$mmlist = new MMList(S::v('uid'), S::v('password'), $domain);
if ($listes = $mmlist->get_lists()) {
foreach ($listes as $l) {
$mmlist->delete_list($l['list'], true);
}
$page->trigSuccess('mail lists surpprimées');
}
}
XDB::query('DELETE FROM groups WHERE id={?}', $id);
$page->trigSuccess("Groupe {$nom} supprimé");
Get::kill('del');
}
if (!$id) {
Get::kill('del');
}
}
if (Post::has('diminutif') && Post::v('diminutif') != "") {
S::assert_xsrf_token();
$res = XDB::query('SELECT COUNT(*)
FROM groups
WHERE diminutif = {?}', Post::v('diminutif'));
if ($res->fetchOneCell() == 0) {
XDB::execute('INSERT INTO groups (id, diminutif)
VALUES (NULL, {?})', Post::v('diminutif'));
pl_redirect(Post::v('diminutif') . '/edit');
} else {
$page->trigError('Le diminutif demandé est déjà pris.');
}
}
$res = XDB::query('SELECT nom, diminutif
FROM groups
ORDER BY nom');
$page->assign('assos', $res->fetchAllAssoc());
}
function smarty_function_print_eleve_name($params, &$smarty)
{
$user = $params['eleve'];
$name = $user->displayName();
if (isset($params['show_promo'])) {
$name .= " (" . $user->promo() . ")";
}
if (S::v('auth', AUTH_PUBLIC) >= AUTH_INTERNE) {
$name = "<a href='tol/" . $user->login() . "'>" . $name . "</a>";
}
return $name;
}
private static function init($type)
{
if (Platal::globals()->cacheEnabled() && S::has('__DE_' . $type)) {
self::$enumerations[$type] = S::v('__DE_' . $type);
} else {
$cls = "DE_" . ucfirst($type);
$obj = new $cls();
self::$enumerations[$type] = $obj;
if (Platal::globals()->cacheEnabled() && $obj->capabilities & DirEnumeration::SAVE_IN_SESSION) {
S::set('__DE_' . $type, $obj);
}
}
}
public function run()
{
global $globals, $platal;
if ($this->forced_skin !== null) {
$skin = $this->forced_skin . '.tpl';
} else {
if ($this->default_skin === null) {
$default_skin = $globals->skin;
} else {
$default_skin = $this->default_skin;
}
$skin = S::v('skin', $default_skin . '.tpl');
}
$this->_run('skin/' . $skin);
}
function prepareform($pay, $user)
{
global $globals, $platal;
$log = S::v('log');
// Transaction's reference computation.
$prefix = rand_url_id();
$fullref = substr("{$prefix}-{$pay->id}", -12);
// FIXME : check for duplicates
$ts = time();
$trans_date = gmdate("YmdHis", $ts);
$trans_id = gmdate("His", $ts);
// FIXME : check for duplicates
// Form's content.
$this->urlform = "https://systempay.cyberpluspaiement.com/vads-payment/";
$this->infos['commercant'] = array('vads_site_id' => $globals->money->cyperplus_account, 'vads_return_mode' => 'NONE', 'vads_url_return' => $pay->url ? $pay->url : $globals->baseurl . '/' . $platal->ns);
$this->infos['client'] = array('vads_cust_email' => $user->bestEmail(), 'vads_cust_id' => $user->id(), 'vads_cust_name' => substr(self::replaceNonAlpha(replace_accent($user->shortName())), 0, 127));
$this->infos['commande'] = array('vads_amount' => $this->val, 'vads_currency' => '978', 'vads_payment_config' => 'SINGLE', 'vads_trans_date' => $trans_date, 'vads_trans_id' => $trans_id, 'vads_order_id' => $fullref, 'vads_order_info' => substr(self::replaceNonAlpha(replace_accent(Env::v('comment'))), 0, 255), 'vads_order_info2' => Post::i('display'));
$this->infos['divers'] = array('vads_version' => 'V2', 'vads_ctx_mode' => $globals->money->cyperplus_prod, 'vads_page_action' => 'PAYMENT', 'vads_action_mode' => 'INTERACTIVE');
// Entry key computation.
$all_params = array_merge($this->infos['commercant'], $this->infos['client'], $this->infos['commande'], $this->infos['divers']);
ksort($all_params);
$this->infos['divers']['signature'] = sha1(join('+', $all_params) . '+' . $globals->money->cyperplus_key);
}
function init_igoogle_html($template, $auth = AUTH_PUBLIC)
{
$page =& Platal::page();
$page->changeTpl('gadgets/ig-skin.tpl', NO_SKIN);
$page->register_modifier('escape_html', 'escape_html');
$page->default_modifiers = array('@escape_html');
header('Accept-Charset: utf-8');
// Adds external JavaScript libraries provided by iGoogle to the page.
if (Env::has('libs')) {
$libs = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY);
foreach ($libs as $lib) {
if (preg_match('@^[a-z0-9/._-]+$@i', $lib) && !preg_match('@([.][.])|([.]/)|(//)@', $lib)) {
$page->append('gadget_js', 'https://www.google.com/ig/f/' . $lib);
}
}
}
// Redirects the user to the login pagin if required.
if ($auth > S::v('auth', AUTH_PUBLIC)) {
$page->assign('gadget_tpl', 'gadgets/ig-login.tpl');
return false;
}
$page->assign('gadget_tpl', $template);
return true;
}
function get_banana_params(array &$get, $group = null, $action = null, $artid = null)
{
if ($group == 'forums') {
$group = null;
} else {
if ($group == 'thread') {
$group = S::v('banana_group');
} else {
if ($group == 'message') {
$action = 'read';
$group = S::v('banana_group');
$artid = S::i('banana_artid');
} else {
if ($action == 'message') {
$action = 'read';
$artid = S::i('banana_artid');
} else {
if ($group == 'subscribe' || $group == 'subscription') {
$group = null;
$action = null;
$get['action'] = 'subscribe';
} else {
if ($group == 'profile') {
$group = null;
$action = null;
$get['action'] = 'profile';
}
}
}
}
}
}
if (!is_null($group)) {
$get['group'] = $group;
}
if (!is_null($action)) {
if ($action == 'new') {
$get['action'] = 'new';
} elseif (!is_null($artid)) {
$get['artid'] = $artid;
if ($action == 'reply') {
$get['action'] = 'new';
} elseif ($action == 'cancel') {
$get['action'] = $action;
} elseif ($action == 'from') {
$get['first'] = $artid;
unset($get['artid']);
} elseif ($action == 'read') {
$get['part'] = @$_GET['part'];
} elseif ($action == 'source') {
$get['part'] = 'source';
} elseif ($action == 'xface') {
$get['part'] = 'xface';
} elseif ($action) {
$get['part'] = str_replace('.', '/', $action);
}
if (Get::v('action') == 'showext') {
$get['action'] = 'showext';
}
}
}
}
protected function startSessionAs($user, $level)
{
if (!is_null(S::user()) && S::user()->id() != $user->id() || S::has('uid') && S::i('uid') != $user->id()) {
return false;
} else {
if (S::has('uid')) {
return true;
}
}
if ($level == AUTH_SUID) {
S::set('auth', AUTH_PASSWD);
}
// Loads uid and hruid into the session for developement conveniance.
$_SESSION = array_merge($_SESSION, array('uid' => $user->id(), 'hruid' => $user->hruid, 'token' => $user->token, 'user' => $user));
// Starts the session's logger, and sets up the permanent cookie.
if (S::suid()) {
S::logger()->log("suid_start", S::v('hruid') . ' by ' . S::suid('hruid'));
} else {
S::logger()->saveLastSession();
Cookie::set('uid', $user->id(), 300);
if (S::i('auth_by_cookie') == $user->id() || Post::v('remember', 'false') == 'true') {
$this->setAccessCookie(false, S::i('auth_by_cookie') != $user->id());
} else {
$this->killAccessCookie();
// If login for an external website and not activating cookie,
// mark that we want to disconnect once external auth checks
// have been performed.
if (Post::b('external_auth')) {
S::set('external_auth_exit', true);
}
}
}
// Finalizes the session setup.
$this->makePerms($user->perms, $user->is_admin);
$this->securityChecks();
$this->setSkin();
$this->updateNbNotifs();
// Only check email redirection for 'internal' users.
if ($user->checkPerms(PERMS_USER)) {
check_redirect();
}
// We should not have to use this private data anymore
S::kill('auth_by_cookie');
return true;
}
function handler_ev($page, $action = 'list', $eid = null, $pound = null)
{
$page->changeTpl('events/index.tpl');
$user = S::user();
/** XXX: Tips and reminder only for user with 'email' permission.
* We can do better in the future by storing a userfilter
* with the tip/reminder.
*/
if ($user->checkPerms(User::PERM_MAIL)) {
$page->assign('tips', $this->get_tips());
}
// Adds a reminder onebox to the page.
require_once 'reminder.inc.php';
if ($reminder = Reminder::GetCandidateReminder($user)) {
$reminder->Prepare($page);
}
// Wishes "Happy birthday" when required
$profile = $user->profile();
if (!is_null($profile)) {
if ($profile->next_birthday == date('Y-m-d')) {
$birthyear = (int) date('Y', strtotime($profile->birthdate));
$curyear = (int) date('Y');
$page->assign('birthday', $curyear - $birthyear);
}
}
// Direct link to the RSS feed, when available.
if (S::hasAuthToken()) {
$page->setRssLink('Polytechnique.org :: News', '/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml');
}
// Hide the read event, and reload the page to get to the next event.
if ($action == 'read' && $eid) {
XDB::execute('DELETE ev.*
FROM announce_read AS ev
INNER JOIN announces AS e ON e.id = ev.evt_id
WHERE expiration < NOW()');
XDB::execute('INSERT IGNORE INTO announce_read (evt_id, uid)
VALUES ({?}, {?})', $eid, S::v('uid'));
pl_redirect('events#' . $pound);
}
// Unhide the requested event, and reload the page to display it.
if ($action == 'unread' && $eid) {
XDB::execute('DELETE FROM announce_read
WHERE evt_id = {?} AND uid = {?}', $eid, S::v('uid'));
pl_redirect('events#newsid' . $eid);
}
// Fetch the events to display, along with their metadata.
$array = array();
$it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, e.uid,\n p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,\n FIND_IN_SET('important', e.flags) AS important,\n e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,\n e.expiration < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,\n ev.uid IS NULL AS nonlu, e.promo_min, e.promo_max\n FROM announces AS e\n LEFT JOIN announce_photos AS p ON (e.id = p.eid)\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY important DESC, news DESC, end DESC, e.expiration, e.creation_date DESC", S::i('uid'));
$cats = array('important', 'news', 'end', 'body');
$this->load('feed.inc.php');
$user = S::user();
$body = EventFeed::nextEvent($it, $user);
foreach ($cats as $cat) {
$data = array();
if (!$body) {
continue;
}
do {
if ($cat == 'body' || $body[$cat]) {
$data[] = $body;
} else {
break;
}
$body = EventFeed::nextEvent($it, $user);
} while ($body);
if (!empty($data)) {
$array[$cat] = $data;
}
}
$page->assign_by_ref('events', $array);
}
private function useMenu()
{
global $globals;
$menu = array();
$sub = array();
$sub['tous les groupes'] = 'plan';
$sub['documentation'] = 'Xnet';
if (S::user()->type == 'xnet') {
$sub['mon compte'] = 'edit';
$sub['mes préférences'] = $globals->xnet->xorg_baseurl . 'prefs';
}
$sub['signaler un bug'] = array('href' => 'send_bug/' . $_SERVER['REQUEST_URI'], 'class' => 'popup_840x600');
$menu["no_title"] = $sub;
$perms = S::v('perms');
$dim = $globals->asso('diminutif');
if (S::logged() && $globals->asso()) {
$sub = array();
$sub['présentation'] = "login/{$dim}/";
if ($perms->hasFlag('groupannu')) {
$sub['annuaire du groupe'] = "{$dim}/annuaire";
$sub['trombinoscope'] = "{$dim}/trombi";
}
if ($globals->asso('forum')) {
$sub['forum'] = "{$dim}/forum";
}
if ($perms->hasFlag('groupmember')) {
if ($globals->asso('mail_domain')) {
$sub['listes de diffusion'] = "{$dim}/lists";
}
if ($globals->asso('has_nl')) {
$sub['newsletter'] = "{$dim}/nl";
}
}
$sub['événement'] = "{$dim}/events";
if ($perms->hasFlag('groupadmin')) {
$sub['télépaiement'] = "{$dim}/payment";
}
$menu[$globals->asso('nom')] = $sub;
}
if ($globals->asso() && is_object($perms) && $perms->hasFlag('groupadmin')) {
$sub = array();
$sub['modifier l\'accueil'] = "{$dim}/edit";
$sub['gérer les annonces'] = "{$dim}/admin/announces";
if ($globals->asso('mail_domain')) {
if (!$globals->asso('disable_mails')) {
$sub['envoyer un mail'] = "{$dim}/mail";
}
$sub['créer une liste'] = "{$dim}/lists/create";
$sub['créer un alias'] = "{$dim}/alias/create";
}
if (!$globals->asso('has_nl')) {
$sub['créer la newsletter'] = "{$dim}/admin/nl/enable";
}
if (S::admin()) {
$sub['gérer les groupes'] = array('href' => 'admin', 'style' => 'color: gray;');
$sub['clear cache'] = array('href' => 'purge_cache?token=' . S::v('xsrf_token'), 'style' => 'color: gray;');
}
$menu['Administrer'] = $sub;
} elseif (S::admin()) {
$sub = array();
$sub['gérer les groupes'] = 'admin';
$sub['clear cache'] = 'purge_cache?token=' . S::v('xsrf_token');
$menu['Administrer'] = $sub;
}
$this->assign('menu', $menu);
}
function handler_batch($page)
{
$page->changeTpl('carnet/batch.tpl');
$errors = false;
$incomplete = array();
if (Post::has('add')) {
S::assert_xsrf_token();
require_once 'userset.inc.php';
require_once 'emails.inc.php';
require_once 'marketing.inc.php';
$list = explode("\n", Post::v('list'));
$origin = Post::v('origin');
foreach ($list as $item) {
if ($item = trim($item)) {
$elements = preg_split("/\\s/", $item);
$email = array_pop($elements);
if (!isvalid_email($email)) {
$page->trigError('Email invalide : ' . $email);
$incomplete[] = $item;
$errors = true;
continue;
}
$user = User::getSilent($email);
if (is_null($user)) {
$details = implode(' ', $elements);
$promo = trim(array_pop($elements));
$cond = new PFC_And();
if (preg_match('/^[MDX]\\d{4}$/', $promo)) {
$cond->addChild(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
} else {
$cond->addChild(new UFC_NameTokens($promo));
}
foreach ($elements as $element) {
$cond->addChild(new UFC_NameTokens($element));
}
$uf = new UserFilter($cond);
$count = $uf->getTotalCount();
if ($count == 0) {
$page->trigError('Les informations : « ' . $item . ' » ne correspondent à aucun camarade.');
$incomplete[] = $item;
$errors = true;
continue;
} elseif ($count > 1) {
$page->trigError('Les informations : « ' . $item . ' » sont ambigues et correspondent à plusieurs camarades.');
$incomplete[] = $item;
$errors = true;
continue;
} else {
$user = $uf->getUser();
}
}
if ($user->state == 'active') {
$this->addRegistered($page, $user->profile());
} else {
if (!User::isForeignEmailAddress($email)) {
$page->trigError('Email pas encore attribué : ' . $email);
$incomplete[] = $item;
$errors = true;
} else {
$this->addNonRegistered($page, $user);
if (!Marketing::get($user->id(), $email, true)) {
check_email($email, "Une adresse surveillée est proposée au marketing par " . S::user()->login());
$market = new Marketing($user->id(), $email, 'default', null, $origin, S::v('uid'), null);
$market->add();
}
}
}
}
}
}
$page->assign('errors', $errors);
$page->assign('incomplete', $incomplete);
}
function handler_admin($page, $liste = null)
{
global $globals;
if (is_null($liste)) {
return PL_NOT_FOUND;
}
$mlist = $this->prepare_list($liste);
$this->is_group_admin($page);
if (!$this->is_group_admin($page)) {
$this->verify_list_owner($page, $mlist);
}
$page->changeTpl('lists/admin.tpl');
if (Env::has('send_mark')) {
S::assert_xsrf_token();
$actions = Env::v('mk_action');
$uids = Env::v('mk_uid');
$mails = Env::v('mk_email');
foreach ($actions as $key => $action) {
switch ($action) {
case 'none':
break;
case 'marketu':
case 'markets':
require_once 'emails.inc.php';
$user = User::get($uids[$key]);
$mail = valide_email($mails[$key]);
if (isvalid_email_redirection($mail, $user)) {
$from = $action == 'marketu' ? 'user' : 'staff';
$market = Marketing::get($uids[$key], $mail);
if (!$market) {
$market = new Marketing($uids[$key], $mail, 'list', $mlist->address, $from, S::v('uid'));
$market->add();
break;
}
}
default:
XDB::execute('INSERT IGNORE INTO register_subs (uid, type, sub, domain)
VALUES ({?}, \'list\', {?}, {?})', $uids[$key], $mlist->mbox, $mlist->domain);
}
}
}
if (Env::has('add_member') || isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
S::assert_xsrf_token();
if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
$upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
if (!$upload) {
$page->trigError("Une erreur s'est produite lors du téléchargement du fichier.");
} else {
$logins = $upload->getContents();
}
} else {
$logins = Env::v('add_member');
}
$logins = preg_split("/[; ,\r\n\\|]+/", $logins);
$members = User::getBulkForlifeEmailsFromEmail($logins);
$unfound = array_diff_key($logins, $members);
// Make sure we send a list (array_values) of unique (array_unique)
// emails.
$members = array_values(array_unique($members));
$arr = $mlist->subscribeBulk($members);
$successes = array();
if (is_array($arr)) {
foreach ($arr as $addr) {
$successes[] = $addr[1];
$page->trigSuccess("{$addr[0]} inscrit.");
}
}
$already = array_diff($members, $successes);
if (is_array($already)) {
foreach ($already as $item) {
$page->trigWarning($item . ' est déjà inscrit.');
}
}
if (is_array($unfound)) {
foreach ($unfound as $item) {
if (trim($item) != '') {
$page->trigError($item . " ne correspond pas à un compte existant et n'est pas une adresse email.");
}
}
}
}
if (Env::has('del_member')) {
S::assert_xsrf_token();
if (strpos(Env::v('del_member'), '@') === false) {
if ($del_member = User::getSilent(Env::t('del_member'))) {
$mlist->unsubscribeBulk(array($del_member->forlifeEmail()));
}
} else {
$mlist->unsubscribeBulk(array(Env::v('del_member')));
}
pl_redirect('lists/admin/' . $liste);
}
if (Env::has('add_owner')) {
S::assert_xsrf_token();
$owners = User::getBulkForlifeEmailsFromEmail(Env::v('add_owner'));
if ($owners) {
foreach ($owners as $forlife_email) {
if ($mlist->addOwner($forlife_email)) {
$page->trigSuccess($login . " ajouté aux modérateurs.");
}
}
}
}
if (Env::has('del_owner')) {
S::assert_xsrf_token();
if (strpos(Env::v('del_owner'), '@') === false) {
if ($del_owner = User::getSilent(Env::t('del_owner'))) {
$mlist->removeOwner($del_owner->forlifeEmail());
} else {
// Shit happens, and a non-email could be set as the owner
$mlist->removeOwner(Env::v('del_owner'));
}
} else {
$mlist->removeOwner(Env::v('del_owner'));
}
pl_redirect('lists/admin/' . $liste);
}
if (list($det, $mem, $own) = $mlist->getMembers()) {
global $list_unregistered;
if ($list_unregistered) {
$page->assign_by_ref('unregistered', $list_unregistered);
}
$membres = list_sort_members($mem, @$tri_promo);
$moderos = list_sort_owners($own, @$tri_promo);
$page->assign_by_ref('details', $det);
$page->assign_by_ref('members', $membres);
$page->assign_by_ref('owners', $moderos);
$page->assign('np_m', count($mem));
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.<br />" . " Si tu penses qu'il s'agit d'une erreur, " . "<a href='mailto:support@polytechnique.org'>contact le support</a>.");
}
}
function hook_checkcancel($_headers)
{
return $_headers['x-org-id'] == S::v('hruid') or S::admin();
}
function handler_skin($page)
{
global $globals;
$page->changeTpl('platal/skins.tpl');
$page->setTitle('Skins');
if (Env::has('newskin')) {
// formulaire soumis, traitons les données envoyées
XDB::execute('UPDATE accounts
SET skin = {?}
WHERE uid = {?}', Env::i('newskin'), S::i('uid'));
S::kill('skin');
Platal::session()->setSkin();
}
$res = XDB::query('SELECT id
FROM skins
WHERE skin_tpl = {?}', S::v('skin'));
$page->assign('skin_id', $res->fetchOneCell());
$sql = 'SELECT s.*, auteur, COUNT(*) AS nb
FROM skins AS s
LEFT JOIN accounts AS a ON (a.skin = s.id)
WHERE skin_tpl != \'\' AND ext != \'\'
GROUP BY id ORDER BY s.date DESC';
$page->assign('skins', XDB::iterator($sql));
}
function handler_public($page, $hruid = null)
{
$page->changeTpl('marketing/public.tpl');
// Retrieves the user info, and checks the user is not yet registered.
$user = User::getSilent($hruid);
if (!$user || !$user->hasProfile()) {
return PL_NOT_FOUND;
}
if ($user->state != 'pending') {
$page->kill('Cet utilisateur est déjà inscrit');
}
// Displays the page, and handles the eventual user actions.
$page->assign('full_name', $user->fullName());
$page->assign('promo', $user->promo());
if (Post::has('valide')) {
S::assert_xsrf_token();
$email = trim(Post::v('mail'));
require_once 'emails.inc.php';
if (!isvalid_email_redirection($email, $user)) {
$page->trigError('Email invalide !');
} else {
// On cherche les marketings précédents sur cette adresse
// email, en se restreignant au dernier mois
if (Marketing::get($user->id(), $email, true)) {
$page->assign('already', true);
} else {
$page->assign('ok', true);
check_email($email, "Une adresse surveillée est proposée au marketing par " . S::user()->login());
$market = new Marketing($user->id(), $email, 'default', null, Post::v('origine'), S::v('uid'), Post::v('origine') == 'user' ? Post::v('personal_notes') : null);
$market->add();
}
}
} else {
global $globals;
require_once 'marketing.inc.php';
$sender = User::getSilent(S::v('uid'));
$perso_signature = 'Cordialement,<br />-- <br />' . $sender->fullName();
$market = new AnnuaireMarketing(null, true);
$text = $market->getText(array('sexe' => $user->isFemale(), 'forlife_email' => $user->hruid . "@" . $user->mainEmailDomain(), 'forlife_email2' => $user->hruid . "@" . $user->alternateEmailDomain()));
$text = str_replace('%%hash%%', '', $text);
$text = str_replace('%%personal_notes%%', '<em id="personal_notes_display"></em>', $text);
$text = str_replace('%%sender%%', '<span id="sender">' . $perso_signature . '</span>', $text);
$page->assign('text', nl2br($text));
$page->assign('perso_signature', $perso_signature);
$page->assign('mail_part', 'escaped_html');
}
}
function get_event_detail($eid, $item_id = false, $asso_id = null)
{
global $globals;
if (is_null($asso_id)) {
$asso_id = $globals->asso('id');
}
if (!$item_id) {
$where = '';
$group_by = 'e.eid';
} else {
$where = XDB::format(' AND ei.item_id = {?}', $item_id);
$group_by = 'ei.item_id';
}
$evt = XDB::fetchOneAssoc('SELECT SUM(nb) AS nb_tot, COUNT(DISTINCT ep.uid) AS nb, e.*, SUM(IF(nb > 0, 1, 0)) AS user_count,
IF(e.deadline_inscription,
e.deadline_inscription >= LEFT(NOW(), 10),
1) AS inscr_open,
LEFT(e.debut, 10) AS first_day, LEFT(e.fin, 10) AS last_day,
LEFT(NOW(), 10) AS now,
ei.titre, e.subscription_notification
FROM group_events AS e
INNER JOIN group_event_items AS ei ON (e.eid = ei.eid)
LEFT JOIN group_event_participants AS ep ON(e.eid = ep.eid AND ei.item_id = ep.item_id)
WHERE (e.eid = {?} OR e.short_name = {?}) AND e.asso_id = {?}' . $where . '
GROUP BY ' . $group_by, $eid, $eid, $asso_id);
if (!$evt) {
return null;
}
if ($GLOBALS['IS_XNET_SITE'] && $evt['accept_nonmembre'] == 0 && !is_member() && !may_update()) {
return false;
}
if (!$item_id) {
/* Don't try to be to smart here, in case we're getting the global summary, we cannot have
* a general formula to estimate the total number of comers since 'moments' may (or may not be)
* disjuncted. As a consequence, we can only provides the number of user having fullfiled the
* registration procedure.
*/
$evt['user_count'] = $evt['nb_tot'] = $evt['nb'];
$evt['titre'] = '';
$evt['item_id'] = 0;
$evt['csv_name'] = urlencode($evt['intitule']);
} else {
$evt['csv_name'] = urlencode($evt['intitule'] . '.' . $evt['titre']);
}
$evt['moments'] = XDB::fetchAllAssoc('SELECT titre, details, montant, ei.item_id, nb,
ep.paid, FIND_IN_SET(\'notify_payment\', ep.flags) AS notify_payment
FROM group_event_items AS ei
LEFT JOIN group_event_participants AS ep ON (ep.eid = ei.eid AND ep.item_id = ei.item_id
AND uid = {?})
WHERE ei.eid = {?}', S::i('uid'), $evt['eid']);
$evt['topay'] = 0;
$evt['paid'] = 0;
$evt['notify_payment'] = false;
foreach ($evt['moments'] as $m) {
$evt['topay'] += $m['nb'] * $m['montant'];
if ($m['montant']) {
$evt['money'] = true;
}
$evt['paid'] += $m['paid'];
$evt['notify_payment'] = $evt['notify_payment'] || $m['notify_payment'];
}
$montant = XDB::fetchOneCell('SELECT SUM(amount) AS sum_amount
FROM payment_transactions AS t
WHERE status = "confirmed" AND ref = {?} AND uid = {?}', $evt['paiement_id'], S::v('uid'));
$evt['telepaid'] = $montant;
$evt['paid'] += $montant;
$evt['organizer'] = User::getSilent($evt['uid']);
$evt['date'] = make_event_date($evt['debut'], $evt['fin']);
$evt['show_participants'] = $evt['show_participants'] && $GLOBALS['IS_XNET_SITE'] && (is_member() || may_update());
return $evt;
}
public function run()
{
$skin = $this->load_skin();
$this->assign('skin', S::v('skin'));
$user = S::user();
$this->assign('user', $user);
$this->assign('logged', !is_null($user) && S::logged());
// Remote IP
$this->assign('remip', IPAddress::getInstance());
$this->assign('MiniModules_COL_FLOAT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_FLOAT)));
$this->addCssLink(FrankizMiniModule::batchCss());
// Enable JSON loading of the module only
if (Env::has('solo')) {
$this->jsonAssign('content', $this->raw());
$this->jsonAssign('title', $this->get_template_vars('title'));
$this->jsonAssign('pl_css', $this->get_template_vars('pl_css'));
$this->jsonAssign('pl_js', $this->get_template_vars('pl_js'));
$this->runJSon();
} else {
$this->assign('quick_validate', array());
if (S::user()->castes(Rights::admin())->count() > 0) {
$validate_filter = new ValidateFilter(new VFC_User(S::user()));
$validates = $validate_filter->get()->select(ValidateSelect::quick());
$quick_validate = $validates->split('group');
$this->assign('quick_validate', $quick_validate);
}
$request_filter = new ValidateFilter(new VFC_Writer(S::user()));
$requests = $request_filter->get()->select(ValidateSelect::quick());
$this->assign('self_url', pl_self());
$this->assign('quick_requests', $requests);
$this->_run(self::getTplPath('frankiz.tpl'));
}
}
function handler_admin_user($page, $user = null)
{
require_once 'emails.inc.php';
require_once 'googleapps.inc.php';
$page->changeTpl('googleapps/admin.user.tpl');
$page->setTitle('Administration Google Apps');
$page->assign('googleapps_admin', GoogleAppsAccount::is_administrator(S::v('uid')));
if (!$user && Post::has('login')) {
$user = Post::v('login');
}
$user = User::get($user);
if ($user) {
$account = new GoogleAppsAccount($user);
// Apply requested actions.
if (Post::has('suspend') && $account->active() && !$account->pending_update_suspension) {
S::assert_xsrf_token();
$account->suspend();
$page->trigSuccess('Le compte est en cours de suspension.');
} else {
if (Post::has('unsuspend') && $account->suspended() && !$account->pending_update_suspension) {
S::assert_xsrf_token();
$account->do_unsuspend();
$page->trigSuccess('Le compte est en cours de réactivation.');
} else {
if (Post::has('forcesync') && $account->active() && $account->sync_password) {
$account->set_password($user->password());
$page->trigSuccess('Le mot de passe est en cours de synchronisation.');
} else {
if (Post::has('sync') && $account->active()) {
$account->set_password($user->password());
$account->set_password_sync(true);
} else {
if (Post::has('nosync') && $account->active()) {
$account->set_password_sync(false);
}
}
}
}
}
// Displays basic account information.
$page->assign('account', $account);
$page->assign('admin_account', GoogleAppsAccount::is_administrator($user->id()));
$page->assign('googleapps_storage', Email::is_active_storage($user, 'googleapps'));
$page->assign('user', $user->id());
// Retrieves user's pending requests.
$res = XDB::iterator("SELECT q_id, q_recipient_id, p_status, j_type, UNIX_TIMESTAMP(p_entry_date) AS p_entry_date\n FROM gapps_queue\n WHERE q_recipient_id = {?}\n ORDER BY p_entry_date DESC", $user->id());
$page->assign('requests', $res);
}
}
public function add_email($email)
{
$email_stripped = strtolower(trim($email));
if (!isvalid_email($email_stripped)) {
return ERROR_INVALID_EMAIL;
}
if (!isvalid_email_redirection($email_stripped, $this->user)) {
return ERROR_LOOP_EMAIL;
}
// We first need to retrieve the value for the antispam filter: it is
// either the user's redirections common value, or if they differ, our
// default value.
$bogo = new Bogo($this->user);
$filter = $bogo->single_state ? Bogo::$states[$bogo->state] : Bogo::MAIN_DEFAULT;
// If the email was already present for this user, we reset it to the default values, we thus use REPLACE INTO.
XDB::execute('REPLACE INTO email_redirect_account (uid, redirect, flags, action)
VALUES ({?}, {?}, \'active\', {?})', $this->user->id(), $email, $filter);
// Replace this email by forlife email, if present in aliases and MLs.
$listClient = new MMList(S::user());
$listClient->change_user_email($email, $this->user->forlifeEmail());
update_alias_user($email, $this->user->forlifeEmail());
if ($logger = S::v('log', null)) {
// may be absent --> step4.php
S::logger()->log('email_add', $email . ($this->user->id() != S::v('uid') ? " (admin on {$this->user->login()})" : ""));
}
foreach ($this->emails as $mail) {
if ($mail->email == $email_stripped) {
return SUCCESS;
}
}
$this->emails[] = new Email($this->user, array('redirect' => $email, 'rewrite' => '', 'type' => 'smtp', 'action' => $filter, 'broken_date' => '0000-00-00', 'broken_level' => 0, 'last' => '0000-00-00', 'flags' => 'active', 'hash' => null, 'allow_rewrite' => 0));
// security stuff
check_email($email, "Ajout d'une adresse surveillée aux redirections de " . $this->user->login());
check_redirect($this);
$this->update_imap();
return SUCCESS;
}
function handler_wiki($page, $action = 'list', $wikipage = null, $wikipage2 = null)
{
if (S::hasAuthToken()) {
$page->setRssLink('Changement Récents', '/Site/AllRecentChanges?action=rss&user='******'hruid') . '&hash=' . S::user()->token);
}
// update wiki perms
if ($action == 'update') {
S::assert_xsrf_token();
$perms_read = Post::v('read');
$perms_edit = Post::v('edit');
if ($perms_read || $perms_edit) {
foreach ($_POST as $wiki_page => $val) {
if ($val == 'on') {
$wp = new PlWikiPage(str_replace(array('_', '/'), '.', $wiki_page));
if ($wp->setPerms($perms_read ? $perms_read : $wp->readPerms(), $perms_edit ? $perms_edit : $wp->writePerms())) {
$page->trigSuccess("Permission de la page {$wiki_page} mises à jour");
} else {
$page->trigError("Impossible de mettre les permissions de la page {$wiki_page} à jour");
}
}
}
}
} else {
if ($action != 'list' && !empty($wikipage)) {
$wp = new PlWikiPage($wikipage);
S::assert_xsrf_token();
if ($action == 'delete') {
if ($wp->delete()) {
$page->trigSuccess("La page " . $wikipage . " a été supprimée.");
} else {
$page->trigError("Impossible de supprimer la page " . $wikipage . ".");
}
} else {
if ($action == 'rename' && !empty($wikipage2) && $wikipage != $wikipage2) {
if ($changedLinks = $wp->rename($wikipage2)) {
$s = 'La page <em>' . $wikipage . '</em> a été déplacée en <em>' . $wikipage2 . '</em>.';
if (is_numeric($changedLinks)) {
$s .= $changedLinks . ' lien' . ($changedLinks > 1 ? 's ont été modifiés.' : ' a été modifié.');
}
$page->trigSuccess($s);
} else {
$page->trigError("Impossible de déplacer la page " . $wikipage);
}
}
}
}
}
$perms = PlWikiPage::permOptions();
// list wiki pages and their perms
$wiki_pages = PlWikiPage::listPages();
ksort($wiki_pages);
$wiki_tree = array();
foreach ($wiki_pages as $file => $desc) {
list($cat, $name) = explode('.', $file);
if (!isset($wiki_tree[$cat])) {
$wiki_tree[$cat] = array();
}
$wiki_tree[$cat][$name] = $desc;
}
$page->changeTpl('admin/wiki.tpl');
$page->assign('wiki_pages', $wiki_tree);
$page->assign('perms_opts', $perms);
}
private function create_queue_job($type, $parameters)
{
$parameters["username"] = $this->g_account_name;
XDB::execute("INSERT INTO gapps_queue\n SET q_owner_id = {?}, q_recipient_id = {?},\n p_entry_date = NOW(), p_notbefore_date = NOW(),\n p_priority = 'immediate',\n j_type = {?}, j_parameters = {?}", S::v('uid'), $this->user->id(), $type, json_encode($parameters));
}
public static function getSilentWithValues($login, $values)
{
global $globals;
if ($login == 0) {
// If the anonymous_user is already in session
if (S::has('anonymous_user')) {
return S::v('anonymous_user');
}
$uid = IPAddress::getInstance()->is_x_internal() ? $globals->anonymous->internal : $globals->anonymous->external;
S::set('newuid', $uid);
try {
$u = new User($uid);
$u->select(UserSelect::login());
} catch (Exception $e) {
S::kill('newuid');
throw $e;
}
S::kill('newuid');
S::set('anonymous_user', $u);
return $u;
}
throw new Exception('DEPRECATED call to getSilentWithValues()');
}
protected function doAuth($level)
{
if (S::identified()) {
// Nothing to do there
return User::getSilentWithValues(null, array('uid' => S::i('uid')));
}
if (!Get::has('auth')) {
return null;
}
global $globals;
if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
return null;
}
Get::kill('auth');
S::set('auth', AUTH_PASSWD);
return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
}
function handler_edit($page, $action = 'show', $qid = 'root')
{
$this->load('survey.inc.php');
$action = Post::v('survey_action', $action);
$qid = Post::v('survey_qid', $qid);
if (Post::has('survey_cancel')) {
// after cancelling changes, shows the survey
if (S::has('survey')) {
$action = 'show';
} else {
// unless no editing has been done at all (shows to the surveys index page)
return $this->handler_index($page);
}
}
$page->assign('survey_editmode', true);
if (S::has('survey_id')) {
// if 'survey_id' is in session, it means we are modifying a survey in admin mode
$page->assign('survey_updatemode', true);
}
if ($action == 'show' && !S::has('survey')) {
$action = 'new';
}
if ($action == 'question') {
// {{{ modifies an existing question
if (Post::has('survey_submit')) {
// if the form has been submitted, makes the modifications
$survey = unserialize(S::v('survey'));
$args = Post::v('survey_question');
if (!$survey->editQuestion($qid, $args)) {
// update the survey object structure
return $this->show_error($page, '', 'survey/edit');
}
$this->show_survey($page, $survey);
$this->store_session($survey);
} else {
// if a form has not been submitted, shows modification form
$survey = unserialize(S::v('survey'));
$current = $survey->toArray($qid);
// gets the current parameters of the question
if ($current == null) {
return $this->show_error($page, '', 'survey/edit');
}
$this->show_form($page, $action, $qid, $current['type'], $current);
}
// }}}
} elseif ($action == 'new') {
// {{{ create a new survey : actually store the root question
if (Post::has('survey_submit')) {
// if the form has been submitted, creates the survey
$this->clear_session();
$survey = new Survey(Post::v('survey_question'));
// creates the object structure
$this->show_survey($page, $survey);
$this->store_session($survey);
} else {
$this->clear_session();
$this->show_form($page, $action, 'root', 'newsurvey');
}
// }}}
} elseif ($action == 'add') {
// {{{ adds a new question
if (Post::has('survey_submit')) {
// if the form has been submitted, adds the question
$survey = unserialize(S::v('survey'));
if (!$survey->addQuestion($qid, $survey->factory(Post::v('survey_type'), Post::v('survey_question')))) {
return $this->show_error($page, '', 'survey/edit');
}
$this->show_survey($page, $survey);
$this->store_session($survey);
} else {
$this->show_form($page, $action, $qid);
}
// }}}
} elseif ($action == 'del') {
// {{{ deletes a question
if (Post::has('survey_submit')) {
// if a confirmation has been sent, deletes the question
$survey = unserialize(S::v('survey'));
if (!$survey->delQuestion(Post::v('survey_qid'))) {
// deletes the node in the survey object structure
return $this->show_error($page, '', 'survey/edit');
}
$this->show_survey($page, $survey);
$this->store_session($survey);
} else {
// if user has not confirmed, shows a confirmation form
$survey = unserialize(S::v('survey'));
$current = $survey->toArray($qid);
// needed to get the title of the question to delete (more user-friendly than an id)
if ($current == null) {
return $this->show_error($page, '', 'survey/edit');
}
$this->show_confirm($page, 'Êtes-vous certain de vouloir supprimer la question intitulé "' . $current['question'] . '" ? ' . 'Attention, cela supprimera en même temps toutes les questions qui dépendent de celle-ci.', 'edit', array('action' => 'del', 'qid' => $qid));
}
// }}}
} elseif ($action == 'show') {
// {{{ simply shows the survey in its current state
$this->show_survey($page, unserialize(S::v('survey')));
// }}}
} elseif ($action == 'valid') {
// {{{ validates the proposition, i.e stores the proposition in the database
// but an admin will still need to validate the survey before it is activated
if (Post::has('survey_submit')) {
// needs a confirmation before storing the proposition
$survey = unserialize(S::v('survey'));
if (S::has('survey_id')) {
// if 'survey_id' is in session, we are modifying an existing survey (in admin mode) instead of proposing a new one
$link = S::has('survey_validate') ? 'admin/validate' : 'survey/admin';
if ($survey->updateSurvey()) {
// updates the database according the new survey object structure
$this->show_success($page, "Les modifications sur le sondage ont bien été enregistrées.", $link);
} else {
$this->show_error($page, '', $link);
}
} else {
// if no 'survey_id' is in session, we are indeed proposing a new survey
if ($survey->proposeSurvey()) {
// stores the survey object structure in database
$this->show_success($page, "Votre proposition de sondage a bien été enregistrée,\n elle est en attente de validation par un administrateur du site.", 'survey');
} else {
$this->show_error($page, '', 'survey');
}
}
$this->clear_session();
} else {
// asks for a confirmation if it has not been sent
$survey = unserialize(S::v('survey'));
$errors = $survey->checkSyntax();
if (!is_null($errors)) {
$this->show_error($page, "", 'survey/edit', $errors);
} else {
if (S::has('survey_id')) {
$this->show_confirm($page, "Veuillez confirmer l'enregistrement des modifications apportées à ce sondage.", 'edit', array('action' => 'valid'));
} else {
$this->show_confirm($page, "Veuillez confirmer l'envoi de cette proposition de sondage.", 'edit', array('action' => 'valid'));
}
}
}
// }}}
} elseif ($action == 'cancel') {
// {{{ cancels the creation/modification of a survey
if (Post::has('survey_submit')) {
// needs a confirmation
if (S::has('survey_id')) {
// only possible when modifying a survey in admin mode
if (S::has('survey_validate')) {
// if a link has been supplied, uses it
$this->clear_session();
return $this->show_success($page, "Les modifications effectuées ont été annulées", 'admin/validate');
} else {
// else shows the admin index
$this->clear_session();
return $this->handler_admin($page);
}
} else {
$this->clear_session();
return $this->handler_index($page);
// else shows the 'normal' index
}
} else {
// asks for a confirmation if it has not been sent
$this->show_confirm($page, "Êtes-vous certain de vouloir annuler totalement l'édition de ce sondage ? Attention, " . "toutes les données éditées jusque là seront définitivement perdues.", 'edit', array('action' => $action));
}
}
// }}}
}
