function handler_upload($page) { $page->assign('exception', false); $page->assign('image', false); if (FrankizUpload::has('file')) { $g = Group::from('temp')->select(GroupSelect::castes()); $temp = $g->caste(Rights::everybody()); try { $upload = FrankizUpload::v('file'); $secret = uniqid(); $i = new FrankizImage(); $i->insert(); $i->caste($temp); $i->label($secret); $i->image($upload); $page->assign('image', $i); $page->assign('secret', $secret); } catch (Exception $e) { try { if ($i) { $i->delete(); } } catch (Exception $eb) { $page->assign('exception', $eb); } $page->assign('exception', $e); if ($e instanceof ImageSizeException) { $page->assign('pixels', true); } else { if ($e instanceof UploadSizeException) { $page->assign('bytes', true); } else { if ($e instanceof ImageFormatException) { $page->assign('format', true); } } } } } if (Env::has('delete')) { $image = new FrankizImage(Env::i('iid')); $image->select(FrankizImageSelect::base()); if ($image->label() == Env::s('secret')) { $image->delete(); } } $page->addCssLink('upload.css'); $page->changeTpl('images/upload.tpl', SIMPLE); }
public function handle_editor() { $this->title = Env::t('title', ''); $this->content = Env::t('news_content', ''); $this->begin = new FrankizDateTime(Env::t('begin')); $this->end = new FrankizDateTime(Env::t('end')); if (Env::has('image')) { $image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp())); $image = $image->get(true); if (!$image) { throw new Exception("This image doesn't exist anymore"); } $image->select(FrankizImageSelect::caste()); $image->label($this->title); $image->caste($this->target); $this->image($image); } return true; }
function handler_links_admin($page) { if (!S::user()->perms()->hasFlag('admin')) { return PL_FORBIDDEN; } $collec = Link::all(); $collec->select(LinkSelect::all()); $results = $collec->split('ns'); if (Env::has('modify')) { $id = Env::i('id'); $link = $collec->get($id); if ($link !== false) { if (Env::has('image')) { try { $group = Group::from('partnership'); $group->select(); $image = new FrankizImage(); $image->insert(); $image->label($link->label()); $image->caste($group->caste('everybody')); $image->image(FrankizUpload::v('image')); $link->image($image); } catch (Exception $e) { $page->assign('err', $e->getMessage()); } } $link->label(Env::t('label')); $link->link(Env::t('link')); $link->description(Env::t('description')); $link->comment(Env::t('comment')); } else { $err = 'Le lien modifié n\'existe plus.'; $page->assign('err', $err); } } $page->addCssLink('links.css'); $page->assign('links', $results); $page->assign('title', 'Administrer les liens'); $page->changeTpl('links/admin_links.tpl'); }
protected function handle_editor() { $this->titre = Env::v('titre'); $this->texte = Env::v('texte'); $this->pmin = Env::i('promo_min'); $this->pmax = Env::i('promo_max'); $this->expiration = Env::v('expiration'); if (@$_FILES['image']['tmp_name']) { $upload = PlUpload::get($_FILES['image'], S::user()->login(), 'event'); if (!$upload) { $this->trigError("Impossible de télécharger le fichier"); } elseif (!$upload->isType('image')) { $page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG'); $upload->rm(); } elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) { $page->trigError('Impossible de retraiter l\'image'); } else { $this->readImage($upload); } } return true; }
function handler_admin($page, $nid = false) { $news = News::fromId($nid); if ($news !== false) { $news->select(NewsSelect::news()); if (S::user()->hasRights($news->target()->group(), Rights::admin()) || S::user()->isWeb()) { if (Env::has('modify') || Env::has('delete')) { S::assert_xsrf_token(); } if (Env::has('modify')) { $news->title(Env::t('title')); $news->content(Env::t('news_content')); $news->begin(new FrankizDateTime(Env::t('begin'))); $news->end(new FrankizDateTime(Env::t('end'))); if (Env::has('reappear')) { $news->removeReadFlags(); } if (Env::has('image')) { $image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp())); $image = $image->get(true); if (!$image) { throw new Exception("This image doesn't exist anymore"); } $image->select(FrankizImageSelect::caste()); $image->label($news->title()); $image->caste($news->target()); $news->image($image); } $page->assign('msg', "L'annonce a été modifiée."); } if (Env::has('delete')) { $news->delete(); $page->assign('delete', true); } } } $page->assign('news', $news); $page->assign('isEdition', true); $page->assign('title', "Modifier l'annonce"); $page->addCssLink('validate.css'); $page->changeTpl('news/admin.tpl'); }
function handler_group_admin($page, $group = null) { $group = Group::fromId($group); if ($group && (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb())) { $group->select(GroupSelect::see()); $page->assign('group', $group); if (Env::has('name') && Env::t('name') != '' && S::user()->isAdmin()) { S::logger()->log("groups/admin", array("gid" => $group->id(), "old_name" => $group->name(), "new_name" => Env::t('name'))); $group->name(Env::t('name')); } if (Env::has('update') && S::user()->isAdmin()) { $group->external(Env::has('external')); $group->leavable(Env::has('leavable')); $group->visible(Env::has('visible')); } if (Env::has('label')) { $group->label(Env::t('label')); } if (Env::has('update')) { $group->description(Env::t('description')); $group->web(Env::t('web')); $group->wikix(Env::t('wikix')); $group->mail(Env::t('mail')); } if (Env::has('image')) { $image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp())); $image = $image->get(true); if (!$image) { throw new Exception("This image doesn't exist anymore"); } $image->select(FrankizImageSelect::caste()); $image->label($group->label()); $image->caste($group->caste(Rights::everybody())); $group->image($image); } if (S::user()->isWeb()) { $nss = XDB::fetchColumn('SELECT ns FROM groups GROUP BY ns'); $page->assign('nss', $nss); if (Env::has('ns')) { S::logger()->log("groups/admin", array("gid" => $group->id(), "old_ns" => $group->ns(), "new_ns" => Env::t('ns'))); $group->ns(Env::t('ns')); } } $promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO); $page->assign('promos', $promos); $page->assign('title', 'Administration de "' . $group->label() . '"'); $page->addCssLink('groups.css'); $page->changeTpl('groups/admin.tpl'); } else { $page->assign('title', "Ce groupe n'existe pas ou vous n'en êtes pas administrateur"); $page->changeTpl('groups/no_group.tpl'); } }
/** * The authentication schema is based on three query parameters: * ?user=<hruid>×tamp=<timestamp>&sig=<sig> * where: * - hruid is the hruid of the querying user * - timestamp is the current UNIX timestamp, which has to be within a * given distance of the server-side UNIX timestamp * - sig is the HMAC of "<method>#<resource>#<payload>#<timestamp>" using * a known secret of the user as the key. * * At the moment, the shared secret of the user is the sha1 hash of its * password. This is temporary, though, until better support for tokens is * implemented in plat/al. * TODO(vzanotti): Switch to dedicated secrets for authentication. */ public function apiAuth($method, $resource, $payload) { // Verify that the timestamp is within acceptable bounds. $timestamp = Env::i('timestamp', 0); if (abs($timestamp - time()) > Platal::globals()->api->timestamp_tolerance) { return null; } // Retrieve the user corresponding to the forlife. Note that at the // moment, other aliases are also accepted. $user = User::getSilent(Env::s('user', '')); if (is_null($user) || !$user->isActive()) { return null; } // Determine the list of tokens associated with the user. At the moment, // this is just the sha1 of the password. $tokens = array($user->password()); // For each token, try to validate the signature. $message = implode('#', array($method, $resource, $payload, $timestamp)); $signature = Env::s('sig'); foreach ($tokens as $token) { $expected_signature = hash_hmac(Platal::globals()->api->hmac_algo, $message, $token); if ($signature == $expected_signature) { return $user; } } return null; }
function handler_skin($page) { global $globals; $page->changeTpl('platal/skins.tpl'); $page->setTitle('Skins'); if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées XDB::execute('UPDATE accounts SET skin = {?} WHERE uid = {?}', Env::i('newskin'), S::i('uid')); S::kill('skin'); Platal::session()->setSkin(); } $res = XDB::query('SELECT id FROM skins WHERE skin_tpl = {?}', S::v('skin')); $page->assign('skin_id', $res->fetchOneCell()); $sql = 'SELECT s.*, auteur, COUNT(*) AS nb FROM skins AS s LEFT JOIN accounts AS a ON (a.skin = s.id) WHERE skin_tpl != \'\' AND ext != \'\' GROUP BY id ORDER BY s.date DESC'; $page->assign('skins', XDB::iterator($sql)); }
public function handler_admin_account($page, $hruid = null, $added = false) { $err = array(); $msg = array(); $add = false; if ($added) { $msg[] = "L'utilisateur a été ajouté avec succès"; } if ($hruid === null) { $user = new User(); $add = true; } else { $user = new UserFilter(new UFC_Hruid($hruid)); $user = $user->get(true); if ($user !== false) { $user->select(UserSelect::tol()); } else { throw new Exception("Impossible de charger les données de l'utilisateur " . $hruid); } } if (Env::has('add_room') && !$add) { $r = Room::batchFrom(array(Env::t('rid'))); if ($r->count() == 0) { $err[] = "La chambre entrée n'existe pas."; } else { $user->addRoom($r->pop()); } } if (Env::has('del_room') && !$add) { $r = Room::batchFrom(array(Env::t('rid'))); if ($r->count() == 0) { $err[] = "La chambre entrée n'existe pas."; } else { $user->removeRoom($r->pop()); } } if (Env::has('add_perm') && !$add && S::user()->isAdmin()) { $user->addPerm(Env::t('perm')); } if (Env::has('del_perm') && !$add && S::user()->isAdmin()) { $user->removePerm(Env::t('perm')); } if (Env::has('upd_study') && !$add) { $user->updateStudy(Env::t('formation_id'), Env::t('forlife'), Env::t('year_in'), Env::t('year_out'), Env::t('promo')); } if (Env::has('add_study') && !$add) { $user->addStudy(Env::t('formation_id'), Env::t('year_in'), Env::t('year_out'), Env::t('promo'), Env::t('forlife')); } if (Env::has('del_study') && !$add) { $user->removeStudy(Env::t('formation_id'), Env::t('forlife')); } if (Env::has('add_group') && !$add) { $g = Group::from(Env::t('name'))->select(GroupSelect::castes()); $g->caste(Rights::member())->addUser($user); } if (Env::has('del_group') && !$add) { $g = Group::from(Env::t('name'))->select(GroupSelect::castes()); $g->caste(Rights::member())->removeUser($user); } if (Env::has('change_profile')) { if ($add) { if (Env::blank('hruid')) { $hruid = Env::t('firstname') . '.' . Env::t('lastname'); $hruid = strtolower($hruid); $already = new UserFilter(new UFC_Hruid($hruid)); $nbr = 1; while ($already->getTotalCount() > 0) { $nbr++; $hruid = Env::t('firstname') . '.' . Env::t('lastname') . '.' . $nbr; $hruid = strtolower($hruid); $already = new UserFilter(new UFC_Hruid($hruid)); } } else { $hruid = Env::t('hruid'); $already = new UserFilter(new UFC_Hruid($hruid)); if ($already->getTotalCount() > 0) { throw new Exception("Le hruid spécifié est déjà pris."); } } $user->insert(); if (Env::blank('hruid')) { $user->hruid($hruid); } $msg[] = "L'utilisateur a été ajouté."; } if (Env::has('image')) { $group = Group::from('tol')->select(GroupSelect::castes()); $image = new ImageFilter(new PFC_And(new IFC_Id(Env::i('image')), new IFC_Temp())); $image = $image->get(true); if (!$image) { throw new Exception("This image doesn't exist anymore"); } $image->select(FrankizImageSelect::caste()); $image->label($user->fullName()); $image->caste($group->caste(Rights::everybody())); $tv = new TolValidate($image, $user); $v = new Validate(array('writer' => $user, 'group' => $group, 'item' => $tv, 'type' => 'tol')); $v->insert(); $msg[] = 'La demande de changement de photo tol a été prise en compte. Les tolmestres essaieront de te la valider au plus tôt.'; } if (Env::has('password')) { $user->password(Env::t('password')); } if (!Env::blank('hruid')) { $user->hruid(Env::t('hruid')); } $user->nickname(Env::t('nickname')); $user->lastname(Env::t('lastname')); $user->firstname(Env::t('firstname')); $user->birthdate(new FrankizDateTime(Env::t('birthdate'))); $user->gender(Env::t('gender') == 'man' ? User::GENDER_MALE : User::GENDER_FEMALE); $user->email(Env::t('bestalias')); $user->cellphone(new Phone(Env::t('cellphone'))); $user->skin(Env::t('skin')); $user->email_format(Env::t('format') == 'text' ? User::FORMAT_TEXT : User::FORMAT_HTML); $user->comment(Env::t('comment')); if ($add) { //Let's add common minimodules if requested (we copy them from anonymous.internal (uid 0) one's) if (Env::has('addCommonMinimodules')) { $user->select(UserSelect::minimodules()); $user->copyMinimodulesFromUser(0); } pl_redirect('profile/admin/account/' . $user->hruid() . '/added'); } } if (!empty($err)) { $page->assign('err', $err); } if (!empty($msg)) { $page->assign('msg', $msg); } $page->assign('formations', XDB::query("SELECT formation_id, label FROM formations")->fetchAllAssoc()); $gfun = new GroupFilter(new PFC_And(new GFC_Namespace('nationality'), new GFC_User($user))); $page->assign('user_nationalities', $gfun->get()->select(GroupSelect::base())->toArray()); $gfn = new GroupFilter(new GFC_Namespace('nationality')); $page->assign('nationalities', $gfn->get()->select(GroupSelect::base())->toArray()); $gfus = new GroupFilter(new PFC_And(new GFC_Namespace('sport'), new GFC_User($user))); $page->assign('user_sports', $gfus->get()->select(GroupSelect::base())->toArray()); $gfs = new GroupFilter(new GFC_Namespace('sport')); $page->assign('sports', $gfs->get()->select(GroupSelect::base())->toArray()); $page->assign('userEdit', $user); $page->addCssLink('profile.css'); $page->assign('add', $add); $page->assign('title', "Changement du profil : " . $user->fullName()); if ($add) { $page->assign('title', "Création d'un utilisateur"); } $page->assign('perms', array('admin')); $page->changeTpl('profile/admin_account.tpl'); }
function handler_mail($page) { $subject = Env::t('subject', ''); $body = Env::t('mail_body', ''); $no_wiki = Env::has('no_wiki'); // Retrieve the years on_platal of each formation $formations = Formation::selectAll(FormationSelect::on_platal()); if (Env::has('send')) { try { $required_fields = array('subject' => 'Il faut donner un sujet à ton mail', 'mail_body' => 'Tu ne veux pas envoyer de mail vide à tous. Si ?'); foreach ($required_fields as $field => $msg) { if (Env::v($field, '') == '') { throw new Exception($msg); } } if (Env::t('origin_mail_proposal') == 'false') { $origin = false; } else { $origin = new Group(Env::i('origin_mail_proposal')); } if ($origin !== false && !S::user()->hasRights($origin, Rights::admin())) { throw new Exception("Invalid credentials for origin Group"); } if (Env::t('type_mail_proposal') == 'group') { // Mail to a group list($temp, $target_group) = self::target_picker_to_caste_group('mail'); $target = new Collection('Caste'); $target->add($temp); $target_group->select(GroupSelect::validate()); $nv = new MailValidate(array('writer' => S::user(), 'type_mail' => Env::t('type_mail_proposal'), 'origin' => $origin, 'targets' => $target, 'subject' => $subject, 'body' => $body, 'nowiki' => $no_wiki, 'formation' => $target_group)); $el = new Validate(array('item' => $nv, 'group' => $target_group, 'writer' => S::user(), 'type' => 'mail')); $el->insert(); } elseif (Env::t('type_mail_proposal') == 'promo') { // Target group is a Collection of formation groups, which validate requests $target_group = new Collection('Group'); // Group promos by formation $promos = unflatten(Env::v('promos')); $promosByFormation = array(); foreach ($promos as $formation_promo) { $formation_promo = trim($formation_promo); if (!$formation_promo) { continue; } if (!preg_match('/^([0-9]+)_([0-9]+)$/', $formation_promo, $matches)) { throw new Exception("Oops, mauvais format de destinataire."); } $formid = (int) $matches[1]; $promo = (int) $matches[2]; if (isset($promosByFormation[$formid])) { $promosByFormation[$formid][] = $promo; } else { $promosByFormation[$formid] = array($promo); } } if (empty($promosByFormation)) { throw new Exception("Il faut indiquer au moins un destinataire."); } foreach ($promosByFormation as $formid => $promos) { // Now, $promos are the list of promos of formation $formid $form = $formations->get($formid); // Study group are the people the mail is sent to, array of CasteFilterCondition $cfc_study_groups = array(); foreach ($promos as $promo) { if (!$form->hasPlatalYear($promo)) { throw new Exception("Mauvaise promo " . $promo . " pour " . $form->label() . "."); } $cfc_study_groups[] = new CFC_Group($form->getGroupForPromo($promo), Rights::restricted()); } $target = new CasteFilter(new PFC_Or($cfc_study_groups)); $target = $target->get(); $target->select(CasteSelect::validate()); // $target_group is the group which validates this email $target_group = $form->getGroup(); $target_group->select(GroupSelect::validate()); $nv = new MailValidate(array('writer' => S::user(), 'type_mail' => Env::t('type_mail_proposal'), 'origin' => $origin, 'targets' => $target, 'subject' => $subject, 'body' => $body, 'nowiki' => $no_wiki, 'formation' => $target_group)); $el = new Validate(array('item' => $nv, 'group' => $target_group, 'writer' => S::user(), 'type' => 'mail')); $el->insert(); } } $page->assign('envoye', true); } catch (Exception $e) { $page->trigError($e->getMessage()); } } $page->assign('subject', $subject); $page->assign('body', $body); $page->assign('nowiki', $no_wiki); $page->assign('formations', $formations); $page->assign('title', 'Envoi des mails'); $page->addCssLink('validate.css'); $page->changeTpl('validate/prop.mail.tpl'); }
function handler_cyber2_return($page, $uid = null) { global $globals, $platal; /* on vérifie la signature */ $vads_params = array(); foreach ($_REQUEST as $key => $value) { if (substr($key, 0, 5) == 'vads_') { $vads_params[$key] = $value; } } ksort($vads_params); $signature = sha1(join('+', $vads_params) . '+' . $globals->money->cyperplus_key); //if($signature != Env::v('signature')) { // cb_erreur("signature invalide"); //} /* on extrait les informations sur l'utilisateur */ $user = User::get(Env::i('vads_cust_id')); if (!$user) { cb_erreur("uid invalide"); } /* on extrait la reference de la commande */ if (!preg_match('/-([0-9]+)$/', Env::v('vads_order_id'), $matches)) { cb_erreur("référence de commande invalide"); } $ref = $matches[1]; $res = XDB::query('SELECT mail, text, confirmation FROM payments WHERE id={?}', $ref); if ($res->numRows() != 1) { cb_erreur("référence de commande inconnue"); } list($conf_mail, $conf_title, $conf_text) = $res->fetchOneRow(); /* on extrait le montant */ if (Env::v('vads_currency') != '978') { cb_erreur("monnaie autre que l'euro"); } $montant = (double) Env::i('vads_amount') / 100; /* on extrait le code de retour */ if (Env::v('vads_result') != '00') { cb_erreur('erreur lors du paiement : ?? (' . Env::v('vads_result') . ')', $conf_title); } /* on fait l'insertion en base de donnees */ XDB::execute('INSERT INTO payment_transactions (id, method_id, uid, ref, fullref, ts_confirmed, amount, pkey, comment, status, display) VALUES ({?}, 2, {?}, {?}, {?}, NOW(), {?}, {?}, {?}, "confirmed", {?})', Env::v('vads_trans_date'), $user->id(), $ref, Env::v('vads_order_id'), $montant, '', Env::v('vads_order_info'), Env::i('vads_order_info2')); echo "Payment stored.\n"; // We check if it is an Xnet payment and then update the related ML. $res = XDB::query('SELECT eid, asso_id FROM group_events WHERE paiement_id = {?}', $ref); if ($res->numRows() == 1) { list($eid, $asso_id) = $res->fetchOneRow(); require_once dirname(__FILE__) . '/xnetevents/xnetevents.inc.php'; $evt = get_event_detail($eid, false, $asso_id); subscribe_lists_event($user->id(), $evt['short_name'], 1, $montant, true); } /* on genere le mail de confirmation */ $conf_text = str_replace(array('<prenom>', '<nom>', '<promo>', '<montant>', '<salutation>', '<cher>', '<comment>'), array($user->firstName(), $user->lastName(), $user->promo(), $montant, $user->isFemale() ? 'Chère' : 'Cher', $user->isFemale() ? 'Chère' : 'Cher', Env::v('vads_order_info')), $conf_text); global $globals; $mymail = new PlMailer(); $mymail->setFrom($conf_mail); $mymail->addCc($conf_mail); $mymail->setSubject($conf_title); $mymail->setWikiBody($conf_text); $mymail->sendTo($user); /* on envoie les details de la transaction à telepaiement@ */ $mymail = new PlMailer(); $mymail->setFrom("webmaster@" . $globals->mail->domain); $mymail->addTo($globals->money->email); $mymail->setSubject($conf_title); $msg = 'utilisateur : ' . $user->login() . ' (' . $user->id() . ')' . "\n" . 'mail : ' . $user->forlifeEmail() . "\n\n" . "paiement : {$conf_title} ({$conf_mail})\n" . "reference : " . Env::v('vads_order_id') . "\n" . "montant : {$montant}\n\n" . "dump de REQUEST:\n" . var_export($_REQUEST, true); $mymail->setTxtBody($msg); $mymail->send(); echo "Notifications sent.\n"; exit; }
protected function handle_editor() { $this->titre = Env::v('pay_titre'); $this->site = Env::v('pay_site'); $this->montant = Env::t('pay_montant'); $this->montant_min = Env::i('pay_montant_min'); $this->montant_max = Env::i('pay_montant_max'); $this->msg_reponse = Env::v('pay_msg_reponse'); $this->public = Env::v('pay_public') == 'yes'; $this->rib_id = Env::v('pay_rib_id'); if ($this->rib_id) { $res = XDB::query("SELECT owner FROM payment_bankaccounts WHERE id = {?}", $this->rib_id); $this->rib_nom = $res->fetchOneCell(); } else { $this->rib_nom = null; } return true; }
function handler_admin($page, $eid = null, $item_id = null) { global $globals; $this->load('xnetevents.inc.php'); $evt = get_event_detail($eid, $item_id); if (!$evt) { return PL_NOT_FOUND; } $page->changeTpl('xnetevents/admin.tpl'); if (!$evt['show_participants'] && !may_update()) { return PL_FORBIDDEN; } if (may_update() && Post::v('adm')) { S::assert_xsrf_token(); $member = User::getSilent(Post::v('mail')); if (!$member) { $page->trigError("Membre introuvable"); } // change the price paid by a participant if (Env::v('adm') == 'prix' && $member) { $amount = strtr(Env::v('montant'), ',', '.'); XDB::execute("UPDATE group_event_participants\n SET paid = paid + {?}\n WHERE uid = {?} AND eid = {?} AND nb > 0\n ORDER BY item_id ASC\n LIMIT 1", $amount, $member->uid, $evt['eid']); subscribe_lists_event($member->uid, $evt['short_name'], 1, $amount); } // change the number of personns coming with a participant if (Env::v('adm') == 'nbs' && $member) { $res = XDB::query("SELECT SUM(paid)\n FROM group_event_participants\n WHERE uid = {?} AND eid = {?}", $member->uid, $evt['eid']); $paid = $res->fetchOneCell(); // Ensure we have an integer if ($paid == null) { $paid = 0; } $nbs = Post::v('nb', array()); $paid_inserted = false; foreach ($nbs as $id => $nb) { $nb = max(intval($nb), 0); if (!$paid_inserted && $nb > 0) { $item_paid = $paid; $paid_inserted = true; } else { $item_paid = 0; } XDB::execute('INSERT INTO group_event_participants (eid, uid, item_id, nb, flags, paid) VALUES ({?}, {?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE nb = VALUES(nb), flags = VALUES(flags), paid = VALUES(paid)', $evt['eid'], $member->uid, $id, $nb, '', $item_paid); } $res = XDB::query('SELECT COUNT(uid) AS cnt, SUM(nb) AS nb FROM group_event_participants WHERE uid = {?} AND eid = {?} GROUP BY uid', $member->uid, $evt['eid']); $u = $res->fetchOneAssoc(); if ($paid == 0 && Post::v('cancel')) { XDB::execute("DELETE FROM group_event_participants\n WHERE uid = {?} AND eid = {?}", $member->uid, $evt['eid']); $u = 0; subscribe_lists_event($member->uid, $evt['short_name'], -1, $paid); } else { $u = $u['cnt'] ? $u['nb'] : null; subscribe_lists_event($member->uid, $evt['short_name'], $u > 0 ? 1 : 0, $paid); } } $evt = get_event_detail($eid, $item_id); } $page->assign_by_ref('evt', $evt); $page->assign('tout', is_null($item_id)); if (count($evt['moments'])) { $page->assign('moments', $evt['moments']); } if ($evt['paiement_id']) { $infos = User::getBulkUsersWithUIDs(XDB::fetchAllAssoc('SELECT t.uid, t.amount FROM payment_transactions AS t LEFT JOIN group_event_participants AS ep ON(ep.uid = t.uid AND ep.eid = {?}) WHERE t.status = "confirmed" AND t.ref = {?} AND ep.uid IS NULL', $evt['eid'], $evt['paiement_id']), 'uid', 'user'); $page->assign('oublis', count($infos)); $page->assign('oubliinscription', $infos); } $absents = User::getBulkUsersFromDB('SELECT p.uid FROM group_event_participants AS p LEFT JOIN group_event_participants AS p2 ON (p2.uid = p.uid AND p2.eid = p.eid AND p2.nb != 0) WHERE p.eid = {?} AND p2.eid IS NULL GROUP BY p.uid', $evt['eid']); $ofs = Env::i('offset'); $part = get_event_participants($evt, $item_id, UserFilter::sortByName(), NB_PER_PAGE, $ofs * NB_PER_PAGE); $nbp = ceil($evt['user_count'] / NB_PER_PAGE); if ($nbp > 1) { $links = array(); if ($ofs) { $links['précédent'] = $ofs - 1; } for ($i = 1; $i <= $nbp; $i++) { $links[(string) $i] = $i - 1; } if ($ofs < $nbp - 1) { $links['suivant'] = $ofs + 1; } $page->assign('links', $links); } $page->assign('absents', $absents); $page->assign('participants', $part); }
public function i($key, $def = 0) { if ($this->fake_env) { return $this->fake_env->i($key, $def); } else { return Env::i($this->envprefix . $key, $def); } }
function handler_modify_regular($page, $aid = false) { $activities = new ActivityFilter(new PFC_And(new AFC_TargetGroup(S::user()->castes(Rights::admin())->groups()), new AFC_Regular(true))); $c = $activities->get(); $c->select(ActivitySelect::base()); $aid = Env::i('aid', $aid); if ($aid) { $a = $c->get($aid); if ($a === false) { throw new Exception("Invalid credentials"); } if (Env::has('modify')) { S::assert_xsrf_token(); if (preg_match('`^\\d{2}:\\d{2}$`', Env::t('begin')) && strtotime(Env::t('begin')) !== false && preg_match('`^\\d{2}:\\d{2}$`', Env::t('end')) && strtotime(Env::t('end')) !== false) { $a->title(Env::t('title', $a->title())); $a->description(Env::t('activity_description', $a->description())); $a->days(implode(',', Env::v('days', $a->days()))); $a->default_begin(Env::t('begin') . ':00'); $a->default_end(Env::t('end') . ':00'); $page->assign('msg', 'L\'activité a été modifiée.'); } else { $page->assign('msg', 'Les dates données sont incorrectes.'); } } $page->assign('aid', $aid); $page->assign('activity', $a); } $page->assign('activities', $c); $page->assign('title', 'Modifier une activité régulière'); $page->changeTpl('activity/modify_regular.tpl'); }
function handler_jobs($page, $id = -1) { $page->changeTpl('admin/jobs.tpl'); if (Env::has('search')) { $res = XDB::query("SELECT id, name, acronym\n FROM profile_job_enum\n WHERE name LIKE CONCAT('%', {?}, '%') OR acronym LIKE CONCAT('%', {?}, '%')", Env::t('job'), Env::t('job')); if ($res->numRows() <= 20) { $page->assign('jobs', $res->fetchAllAssoc()); } else { $page->trigError("Il y a trop d'entreprises correspondant à ton choix. Affine-le !"); } $page->assign('askedJob', Env::v('job')); return; } if (Env::has('edit')) { S::assert_xsrf_token(); $selectedJob = Env::has('selectedJob'); Phone::deletePhones(0, Phone::LINK_COMPANY, $id); Address::deleteAddresses(null, Address::LINK_COMPANY, $id); if (Env::has('change')) { if (Env::has('newJobId') && Env::i('newJobId') > 0) { XDB::execute('UPDATE profile_job SET jobid = {?} WHERE jobid = {?}', Env::i('newJobId'), $id); XDB::execute('DELETE FROM profile_job_enum WHERE id = {?}', $id); $page->trigSuccess("L'entreprise a bien été remplacée."); } else { $page->trigError("L'entreprise n'a pas été remplacée car l'identifiant fourni n'est pas valide."); } } else { XDB::execute('UPDATE profile_job_enum SET name = {?}, acronym = {?}, url = {?}, email = {?}, SIREN_code = {?}, NAF_code = {?}, AX_code = {?}, holdingid = {?} WHERE id = {?}', Env::t('name'), Env::t('acronym'), Env::t('url'), Env::t('email'), Env::t('SIREN') == 0 ? null : Env::t('SIREN'), Env::t('NAF_code') == 0 ? null : Env::t('NAF_code'), Env::i('AX_code') == 0 ? null : Env::t('AX_code'), Env::i('holdingId') == 0 ? null : Env::t('holdingId'), $id); $phone = new Phone(array('display' => Env::v('tel'), 'link_id' => $id, 'id' => 0, 'type' => 'fixed', 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public')); $fax = new Phone(array('display' => Env::v('fax'), 'link_id' => $id, 'id' => 1, 'type' => 'fax', 'link_type' => Phone::LINK_COMPANY, 'pub' => 'public')); $address = new Address(array('jobid' => $id, 'type' => Address::LINK_COMPANY, 'text' => Env::t('address'))); $phone->save(); $fax->save(); $address->save(); $page->trigSuccess("L'entreprise a bien été mise à jour."); } } if (!Env::has('change') && $id != -1) { $res = XDB::query("SELECT e.id, e.name, e.acronym, e.url, e.email, e.SIREN_code AS SIREN, e.NAF_code, e.AX_code,\n h.id AS holdingId, h.name AS holdingName, h.acronym AS holdingAcronym,\n t.display_tel AS tel, f.display_tel AS fax, a.text AS address\n FROM profile_job_enum AS e\n LEFT JOIN profile_job_enum AS h ON (e.holdingid = h.id)\n LEFT JOIN profile_phones AS t ON (t.pid = e.id AND t.link_type = 'hq' AND t.tel_id = 0)\n LEFT JOIN profile_phones AS f ON (f.pid = e.id AND f.link_type = 'hq' AND f.tel_id = 1)\n LEFT JOIN profile_addresses AS a ON (a.jobid = e.id AND a.type = 'hq')\n WHERE e.id = {?}", $id); if ($res->numRows() == 0) { $page->trigError('Auncune entreprise ne correspond à cet identifiant.'); } else { $page->assign('selectedJob', $res->fetchOneAssoc()); } } }
protected function handle_editor() { foreach (array('name', 'acronym', 'url', 'email', 'SIREN', 'NAF_code', 'tel', 'fax', 'address') as $field) { $this->{$field} = Env::t($field) == '' ? null : Env::t($field); } foreach (array('AX_code', 'holdingid') as $field) { $this->{$field} = Env::i($field) == 0 ? null : Env::i($field); } return true; }
function handler_moderate($page, $liste = null) { if (is_null($liste)) { return PL_NOT_FOUND; } $mlist = $this->prepare_list($liste); if (!$this->is_group_admin($page)) { $this->verify_list_owner($page, $mlist); } $page->changeTpl('lists/moderate.tpl'); $page->register_modifier('hdc', 'list_header_decode'); if (Env::has('sadd') || Env::has('sdel')) { S::assert_xsrf_token(); if (Env::has('sadd')) { // Ensure the moderated request is still active $sub = $mlist->getPendingSubscription(Env::v('sadd')); $mlist->handleRequest(MailingList::REQ_SUBSCRIBE, Env::v('sadd')); $info = "validée"; } if (Post::has('sdel')) { // Ensure the moderated request is still active $sub = $mlist->getPendingSubscription(Env::v('sdel')); $mlist->handleRequest(MailingList::REQ_REJECT, Post::v('sdel'), Post::v('reason')); $info = "refusée"; } if ($sub) { $mailer = new PlMailer(); $mailer->setFrom($mlist->getAddress(MailingList::KIND_BOUNCE)); $mailer->addTo($mlist->getAddress(MailingList::KIND_OWNER)); $mailer->addHeader('Reply-To', $mlist->getAddress(MailingList::KIND_OWNER)); $mailer->setSubject("L'inscription de {$sub['name']} a été {$info}"); $text = "L'inscription de {$sub['name']} à la liste " . $mlist->address . " a été {$info} par " . S::user()->fullName(true) . ".\n"; if (trim(Post::v('reason'))) { $text .= "\nLa raison invoquée est :\n" . Post::v('reason'); } $mailer->setTxtBody(wordwrap($text, 72)); $mailer->send(); } if (Env::has('sadd')) { pl_redirect('lists/moderate/' . $liste); } } if (Post::has('moderate_mails') && Post::has('select_mails')) { S::assert_xsrf_token(); $mails = array_keys(Post::v('select_mails')); foreach ($mails as $mail) { $this->moderate_mail($mlist, $mail); } } elseif (Env::has('mid')) { if (Get::has('mid') && !Env::has('mok') && !Env::has('mdel')) { require_once 'banana/moderate.inc.php'; $page->changeTpl('lists/moderate_mail.tpl'); $params = array('listname' => $mlist->mbox, 'domain' => $mlist->domain, 'artid' => Get::i('mid'), 'part' => Get::v('part'), 'action' => Get::v('action')); $params['client'] = $this->prepare_client(); run_banana($page, 'ModerationBanana', $params); $msg = file_get_contents('/etc/mailman/fr/refuse.txt'); $msg = str_replace("%(adminaddr)s", $mlist->getAddress(MailingList::KIND_OWNER), $msg); $msg = str_replace("%(request)s", "<< SUJET DU MAIL >>", $msg); $msg = str_replace("%(reason)s", "<< TON EXPLICATION >>", $msg); $msg = str_replace("%(listname)s", $liste, $msg); $page->assign('msg', $msg); return; } $this->moderate_mail($mlist, Env::i('mid')); } elseif (Env::has('sid')) { if (list($subs, $mails) = $this->get_pending_ops($mlist)) { foreach ($subs as $user) { if ($user['id'] == Env::v('sid')) { $page->changeTpl('lists/moderate_sub.tpl'); $page->assign('del_user', $user); return; } } } } if (list($subs, $mails) = $this->get_pending_ops($mlist)) { foreach ($mails as $key => $mail) { $mails[$key]['stamp'] = strftime("%Y%m%d%H%M%S", $mail['stamp']); if ($mail['fromx']) { $page->assign('with_fromx', true); } else { $page->assign('with_nonfromx', true); } } $page->assign_by_ref('subs', $subs); $page->assign_by_ref('mails', $mails); } else { $page->kill("La liste n'existe pas ou tu n'as pas le droit de la modérer."); } }
function handler_admin_announce($page) { global $globals; $page->changeTpl('xnetgrp/announce-admin.tpl'); if (Env::has('del')) { S::assert_xsrf_token(); XDB::execute('DELETE FROM group_announces WHERE id = {?} AND asso_id = {?}', Env::i('del'), $globals->asso('id')); } $res = XDB::iterator('SELECT id, titre, expiration, expiration < CURRENT_DATE() AS perime FROM group_announces WHERE asso_id = {?} ORDER BY expiration DESC', $globals->asso('id')); $page->assign('articles', $res); }
/** Handles form validation. */ public function handle_formu() { if ($this->requireAdmin && !S::admin()) { $this->trigError('Vous n\'avez pas les permissions nécessaires pour valider cette demande.'); return false; } if (Env::has('delete')) { $this->clean(); $this->trigSuccess('Requête supprimée.'); return true; } // Data updates. if (Env::has('edit')) { if ($this->handle_editor()) { $this->update(); $this->trigSuccess('Requête mise à jour.'); return true; } return false; } // Comment addition. if (Env::has('hold') && Env::has('comm')) { $formid = Env::i('formid'); foreach ($this->comments as $comment) { if ($comment[2] === $formid) { return true; } } if (!strlen(trim(Env::v('comm')))) { return true; } $this->comments[] = array(S::user()->login(), Env::v('comm'), $formid); // Sends email to our hotline. global $globals; $mailer = new PlMailer(); $mailer->setSubject("Commentaires de validation {$this->type}"); $mailer->setFrom("validation+{$this->type}@{$globals->mail->domain}"); $mailer->addTo($globals->core->admin_email); $body = "Validation {$this->type} pour {$this->user->login()}\n\n" . S::user()->login() . " a ajouté le commentaire :\n\n" . Env::v('comm') . "\n\n" . "cf la discussion sur : " . $globals->baseurl . "/admin/validate"; $mailer->setTxtBody(wordwrap($body)); $mailer->send(); $this->update(); $this->trigSuccess('Commentaire ajouté.'); return true; } if (Env::has('accept')) { if ($this->commit()) { $this->sendmail(true); $this->clean(); $this->trigSuccess('Email de validation envoyé'); return true; } else { $this->trigError('Erreur lors de la validation'); return false; } } if (Env::has('refuse')) { if (Env::v('comm')) { $this->sendmail(false); $this->clean(); $this->trigSuccess('Email de refus envoyé.'); return true; } else { $this->trigError('Pas de motivation pour le refus !!!'); } } return false; }
function handler_list($page, $type = null, $idVal = null) { $page->assign('name', $type); $page->assign('with_text_value', true); $page->assign('onchange', "document.forms.recherche.{$type}Txt.value = this.options[this.selectedIndex].text"); // Give the list of all values possible of type and builds a select input for it $ids = null; switch ($type) { case 'binet': $ids = DirEnum::getOptionsIter(DirEnum::BINETS); break; case 'networking_type': $ids = DirEnum::getOptionsIter(DirEnum::NETWORKS); break; case 'country': $ids = DirEnum::getOptionsIter(DirEnum::COUNTRIES); $page->assign('onchange', 'changeAddressComponents(\'' . $type . '\', this.value)'); break; case 'administrative_area_level_1': case 'administrative_area_level_2': case 'locality': $page->assign('onchange', 'changeAddressComponents(\'' . $type . '\', this.value)'); case 'postal_code': $ids = XDB::iterator("SELECT pace1.id, pace1.long_name AS field\n FROM profile_addresses_components_enum AS pace1\n INNER JOIN profile_addresses_components AS pac1 ON (pac1.component_id = pace1.id)\n INNER JOIN profile_addresses_components AS pac2 ON (pac1.pid = pac2.pid AND pac1.jobid = pac2.jobid AND pac1.id = pac2.id\n AND pac1.groupid = pac2.groupid AND pac1.type = pac2.type)\n INNER JOIN profile_addresses_components_enum AS pace2 ON (pac2.component_id = pace2.id AND FIND_IN_SET({?}, pace2.types))\n WHERE pace2.id = {?} AND FIND_IN_SET({?}, pace1.types) AND pac1.type = 'home'\n GROUP BY pace1.long_name", Env::v('previous'), Env::v('value'), $type); break; case 'diploma': if (Env::has('school') && Env::i('school') != 0) { $ids = DirEnum::getOptionsIter(DirEnum::EDUDEGREES, Env::i('school')); } else { $ids = DirEnum::getOptionsIter(DirEnum::EDUDEGREES); } break; case 'groupex': $ids = DirEnum::getOptionsIter(DirEnum::GROUPESX); break; case 'nationalite': $ids = DirEnum::getOptionsIter(DirEnum::NATIONALITIES); break; case 'school': $ids = DirEnum::getOptionsIter(DirEnum::EDUSCHOOLS); $page->assign('onchange', 'changeSchool(this.value)'); break; case 'section': $ids = DirEnum::getOptionsIter(DirEnum::SECTIONS); break; case 'jobterm': if (Env::has('jtid')) { JobTerms::ajaxGetBranch($page, JobTerms::ONLY_JOBS); return; } else { pl_content_headers('text/xml'); echo '<div>'; // global container so that response is valid xml echo '<input name="jobtermTxt" type="text" style="display:none" size="32" />'; echo '<input name="jobterm" type="hidden"/>'; echo '<div class="term_tree"></div>'; // container where to create the tree echo '<script type="text/javascript" src="javascript/jquery.jstree.js"></script>'; echo '<script type="text/javascript" src="javascript/jobtermstree.js"></script>'; echo '<script type="text/javascript">createJobTermsTree(".term_tree", "search/list/jobterm", "search", "searchForJobTerm");</script>'; echo '</div>'; exit; } default: exit; } if (isset($idVal)) { pl_content_headers("text/plain"); echo $ids[$idVal]; exit; } pl_content_headers("text/xml"); $page->changeTpl('include/field.select.tpl', NO_SKIN); $page->assign('list', $ids); }