function event() { if ($this->asso_id) { $res = XDB::query("SELECT e.eid, a.diminutif\n FROM group_events AS e\n INNER JOIN groups AS a ON (e.asso_id = a.id)\n LEFT JOIN group_event_participants AS p ON (p.eid = e.eid AND p.uid = {?})\n WHERE e.paiement_id = {?} AND p.uid IS NULL", S::i('uid'), $this->id); if ($res->numRows()) { return $res->fetchOneAssoc(); } } return null; }
public function Prepare($page) { parent::Prepare($page); $res = XDB::iterRow("SELECT sub, domain\n FROM register_subs\n WHERE uid = {?} AND type = 'list'\n ORDER BY domain", S::i('uid')); $lists = array(); while (list($sub, $domain) = $res->next()) { $mlist = new MailingList($sub, $domain); list($details, ) = $mlist->getMembers(); $lists["{$sub}@{$domain}"] = $details; } $page->assign_by_ref('lists', $lists); }
protected function doAuth($level) { if (S::identified()) { // Nothing to do there return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { return null; } global $globals; if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) { return null; } Get::kill('auth'); S::set('auth', AUTH_PASSWD); return User::getSilentWithValues(null, array('uid' => Get::i('uid'))); }
function handler_ig_events($page) { require_once 'gadgets/gadgets.inc.php'; init_igoogle_html('gadgets/ig-events.tpl', AUTH_COOKIE); $events = XDB::iterator("SELECT SQL_CALC_FOUND_ROWS\n e.id, e.titre, UNIX_TIMESTAMP(e.creation_date) AS creation_date,\n ev.uid IS NULL AS nonlu, e.uid\n FROM announces AS e\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY e.creation_date DESC", S::i('uid')); $page->assign('event_count', XDB::query("SELECT FOUND_ROWS()")->fetchOneCell()); Platal::load('events', 'feed.inc.php'); $user = S::user(); $data = array(); while ($e = PlFeed::nextEvent($events, $user)) { $data[] = $e; if (count($data) == 5) { break; } } $page->assign('events', $data); }
function handler_sso($page) { $this->load('sso.inc.php'); // First, perform security checks. if (!wats4u_sso_check()) { return PL_BAD_REQUEST; } global $globals; if (!S::logged()) { // Request auth. $page->assign('external_auth', true); $page->assign('ext_url', $globals->wats4u->public_url); $page->setTitle('Authentification'); $page->setDefaultSkin('group_login'); $page->assign('group', null); return PL_DO_AUTH; } if (!S::user()->checkPerms(PERMS_USER)) { // External (X.net) account return PL_FORBIDDEN; } // Update the last login information (unless the user is in SUID). $uid = S::i('uid'); if (!S::suid()) { global $platal; S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url'])); } // If we logged in specifically for this 'external_auth' request // and didn't want to "keep access to services", we kill the session // just before returning. // See classes/xorgsession.php:startSessionAs if (S::b('external_auth_exit')) { S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']); Platal::session()->killAccessCookie(); Platal::session()->destroy(); } // Compute return URL $full_return = wats4u_sso_build_return_url(S::user()); if ($full_return === "") { // Something went wrong $page->kill("Erreur dans le traitement de la requête Wats4U."); } http_redirect($full_return); }
function handler_skin($page) { global $globals; $page->changeTpl('platal/skins.tpl'); $page->setTitle('Skins'); if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées XDB::execute('UPDATE accounts SET skin = {?} WHERE uid = {?}', Env::i('newskin'), S::i('uid')); S::kill('skin'); Platal::session()->setSkin(); } $res = XDB::query('SELECT id FROM skins WHERE skin_tpl = {?}', S::v('skin')); $page->assign('skin_id', $res->fetchOneCell()); $sql = 'SELECT s.*, auteur, COUNT(*) AS nb FROM skins AS s LEFT JOIN accounts AS a ON (a.skin = s.id) WHERE skin_tpl != \'\' AND ext != \'\' GROUP BY id ORDER BY s.date DESC'; $page->assign('skins', XDB::iterator($sql)); }
function handler_ipwatch($page, $action = 'list', $ip = null) { $page->changeTpl('admin/ipwatcher.tpl'); $states = array('safe' => 'Ne pas surveiller', 'unsafe' => 'Surveiller les inscriptions', 'dangerous' => 'Surveiller tous les accès', 'ban' => 'Bannir cette adresse'); $page->assign('states', $states); switch (Post::v('action')) { case 'create': if (trim(Post::v('ipN')) != '') { S::assert_xsrf_token(); Xdb::execute('INSERT IGNORE INTO ip_watch (ip, mask, state, detection, last, uid, description) VALUES ({?}, {?}, {?}, CURDATE(), NOW(), {?}, {?})', ip_to_uint(trim(Post::v('ipN'))), ip_to_uint(trim(Post::v('maskN'))), Post::v('stateN'), S::i('uid'), Post::v('descriptionN')); } break; case 'edit': S::assert_xsrf_token(); Xdb::execute('UPDATE ip_watch SET state = {?}, last = NOW(), uid = {?}, description = {?}, mask = {?} WHERE ip = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), ip_to_uint(Post::v('maskN')), ip_to_uint(Post::v('ipN'))); break; default: if ($action == 'delete' && !is_null($ip)) { S::assert_xsrf_token(); Xdb::execute('DELETE FROM ip_watch WHERE ip = {?}', ip_to_uint($ip)); } } if ($action != 'create' && $action != 'edit') { $action = 'list'; } $page->assign('action', $action); if ($action == 'list') { $sql = "SELECT w.ip, IF(s.ip IS NULL,\n IF(w.ip = s2.ip, s2.host, s2.forward_host),\n IF(w.ip = s.ip, s.host, s.forward_host)),\n w.mask, w.detection, w.state, a.hruid\n FROM ip_watch AS w\n LEFT JOIN log_sessions AS s ON (s.ip = w.ip)\n LEFT JOIN log_sessions AS s2 ON (s2.forward_ip = w.ip)\n LEFT JOIN accounts AS a ON (a.uid = s.uid)\n GROUP BY w.ip, a.hruid\n ORDER BY w.state, w.ip, a.hruid"; $it = Xdb::iterRow($sql); $table = array(); $props = array(); while (list($ip, $host, $mask, $date, $state, $hruid) = $it->next()) { $ip = uint_to_ip($ip); $mask = uint_to_ip($mask); if (count($props) == 0 || $props['ip'] != $ip) { if (count($props) > 0) { $table[] = $props; } $props = array('ip' => $ip, 'mask' => $mask, 'host' => $host, 'detection' => $date, 'state' => $state, 'users' => array($hruid)); } else { $props['users'][] = $hruid; } } if (count($props) > 0) { $table[] = $props; } $page->assign('table', $table); } elseif ($action == 'edit') { $sql = "SELECT w.detection, w.state, w.last, w.description, w.mask,\n a1.hruid AS edit, a2.hruid AS hruid, s.host\n FROM ip_watch AS w\n LEFT JOIN accounts AS a1 ON (a1.uid = w.uid)\n LEFT JOIN log_sessions AS s ON (w.ip = s.ip)\n LEFT JOIN accounts AS a2 ON (a2.uid = s.uid)\n WHERE w.ip = {?}\n GROUP BY a2.hruid\n ORDER BY a2.hruid"; $it = Xdb::iterRow($sql, ip_to_uint($ip)); $props = array(); while (list($detection, $state, $last, $description, $mask, $edit, $hruid, $host) = $it->next()) { if (count($props) == 0) { $props = array('ip' => $ip, 'mask' => uint_to_ip($mask), 'host' => $host, 'detection' => $detection, 'state' => $state, 'last' => $last, 'description' => $description, 'edit' => $edit, 'users' => array($hruid)); } else { $props['users'][] = $hruid; } } $page->assign('ip', $props); } }
function handler_duplicated($page, $action = 'list', $email = null) { $page->changeTpl('emails/duplicated.tpl'); $states = array('pending' => 'En attente...', 'safe' => 'Pas d\'inquiétude', 'unsafe' => 'Recherches en cours', 'dangerous' => 'Usurpations par cette adresse'); $page->assign('states', $states); if (Post::has('action')) { S::assert_xsrf_token(); } switch (Post::v('action')) { case 'create': if (trim(Post::v('emailN')) != '') { Xdb::execute('INSERT IGNORE INTO email_watch (email, state, detection, last, uid, description) VALUES ({?}, {?}, CURDATE(), NOW(), {?}, {?})', trim(Post::v('emailN')), Post::v('stateN'), S::i('uid'), Post::v('descriptionN')); } break; case 'edit': Xdb::execute('UPDATE email_watch SET state = {?}, last = NOW(), uid = {?}, description = {?} WHERE email = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), Post::v('emailN')); break; default: if ($action == 'delete' && !is_null($email)) { Xdb::execute('DELETE FROM email_watch WHERE email = {?}', $email); } } if ($action != 'create' && $action != 'edit') { $action = 'list'; } $page->assign('action', $action); if ($action == 'list') { $it = XDB::iterRow('SELECT w.email, w.detection, w.state, s.email AS forlife FROM email_watch AS w INNER JOIN email_redirect_account AS r ON (w.email = r.redirect) INNER JOIN email_source_account AS s ON (s.uid = r.uid AND s.type = \'forlife\') ORDER BY w.state, w.email, s.email'); $table = array(); $props = array(); while (list($email, $date, $state, $forlife) = $it->next()) { if (count($props) == 0 || $props['mail'] != $email) { if (count($props) > 0) { $table[] = $props; } $props = array('mail' => $email, 'detection' => $date, 'state' => $state, 'users' => array($forlife)); } else { $props['users'][] = $forlife; } } if (count($props) > 0) { $table[] = $props; } $page->assign('table', $table); } elseif ($action == 'edit') { $it = XDB::iterRow('SELECT w.detection, w.state, w.last, w.description, a.hruid AS edit, s.email AS forlife FROM email_watch AS w INNER JOIN email_redirect_account AS r ON (w.email = r.redirect) INNER JOIN email_source_account AS s ON (s.uid = r.uid AND s.type = \'forlife\') LEFT JOIN accounts AS a ON (w.uid = a.uid) WHERE w.email = {?} ORDER BY s.email', $email); $props = array(); while (list($detection, $state, $last, $description, $edit, $forlife) = $it->next()) { if (count($props) == 0) { $props = array('mail' => $email, 'detection' => $detection, 'state' => $state, 'last' => $last, 'description' => $description, 'edit' => $edit, 'users' => array($forlife)); } else { $props['users'][] = $forlife; } } $page->assign('doublon', $props); } }
public function handler_notifs($page, $action = null, $arg = null) { $page->changeTpl('carnet/notifs.tpl'); if ($action) { S::assert_xsrf_token(); switch ($action) { case 'add_promo': $this->addPromo($page, $arg); break; case 'del_promo': $this->delPromo($page, $arg); break; case 'add_group': $this->addGroup($page, $arg); break; case 'del_group': $this->delGroup($page, $arg); break; case 'del_nonins': $user = User::get($arg); if ($user) { $this->delNonRegistered($page, $user); } break; case 'add_nonins': $user = User::get($arg); if ($user) { $this->addNonRegistered($page, $user); } break; } } if (Env::has('subs')) { S::assert_xsrf_token(); $flags = new PlFlagSet(); foreach (Env::v('sub') as $key => $value) { $flags->addFlag($key, $value); } XDB::execute('UPDATE watch SET actions = {?} WHERE uid = {?}', $flags, S::i('uid')); S::user()->invalidWatchCache(); Platal::session()->updateNbNotifs(); } if (Env::has('flags_contacts')) { S::assert_xsrf_token(); XDB::execute('UPDATE watch SET ' . XDB::changeFlag('flags', 'contacts', Env::b('contacts')) . ' WHERE uid = {?}', S::i('uid')); S::user()->invalidWatchCache(); Platal::session()->updateNbNotifs(); } if (Env::has('flags_mail')) { S::assert_xsrf_token(); XDB::execute('UPDATE watch SET ' . XDB::changeFlag('flags', 'mail', Env::b('mail')) . ' WHERE uid = {?}', S::i('uid')); S::user()->invalidWatchCache(); Platal::session()->updateNbNotifs(); } $user = S::user(); $nonins = new UserFilter(new UFC_WatchRegistration($user)); $promo = XDB::fetchColumn('SELECT promo FROM watch_promo WHERE uid = {?} ORDER BY promo', S::i('uid')); $page->assign('promo_count', count($promo)); $ranges = array(); $range_start = null; $range_end = null; foreach ($promo as $p) { if (is_null($range_start)) { $range_start = $range_end = $p; } else { if ($p != $range_end + 1) { $ranges[] = array($range_start, $range_end); $range_start = $range_end = $p; } else { $range_end = $p; } } } $ranges[] = array($range_start, $range_end); $page->assign('promo_ranges', $ranges); $page->assign('nonins', $nonins->getUsers()); $groups = XDB::fetchColumn('SELECT g.nom FROM watch_group AS w INNER JOIN groups AS g ON (g.id = w.groupid) WHERE w.uid = {?} ORDER BY g.nom', S::i('uid')); $page->assign('groups', $groups); $page->assign('groups_count', count($groups)); list($flags, $actions) = XDB::fetchOneRow('SELECT flags, actions FROM watch WHERE uid = {?}', S::i('uid')); $flags = new PlFlagSet($flags); $actions = new PlFlagSet($actions); $page->assign('flags', $flags); $page->assign('actions', $actions); }
function handler_xnet_payment($page, $pid = null) { global $globals; $perms = S::v('perms'); if (is_null($pid)) { if (!(S::identified() && $perms->hasFlag('groupadmin'))) { return PL_FORBIDDEN; } } else { if (!(S::identified() && $perms->hasFlag('groupmember'))) { $res = XDB::query("SELECT 1\n FROM group_events AS e\n INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id')); $public = XDB::query("SELECT 1\n FROM payments AS p\n INNER JOIN group_events AS g ON (g.paiement_id = p.id)\n WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", $globals->asso('id'), $pid); if ($res->numRows() == 0 && $public->numRows() == 0) { return PL_FORBIDDEN; } } } if (!is_null($pid)) { return $this->handler_payment($page, $pid); } $page->changeTpl('payment/xnet.tpl'); $res = XDB::query("SELECT id, text, url\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)\n ORDER BY id DESC", $globals->asso('id')); $tit = $res->fetchAllAssoc(); $page->assign('titles', $tit); $trans = array(); $event = array(); if (may_update()) { static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p'); if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) { $order_id = Get::i('order_id'); $order = Get::v('order'); $ordering = ' ORDER BY ' . $orders[$order] . '.' . $order; if (Get::has('order_inv') && Get::i('order_inv') == 1) { $ordering .= ' DESC'; $page->assign('order_inv', 0); } else { $page->assign('order_inv', 1); } $page->assign('order_id', $order_id); $page->assign('order', $order); $page->assign('anchor', 'legend_' . $order_id); } else { $order_id = false; $ordering = ''; $page->assign('order', false); } } else { $ordering = ''; $page->assign('order', false); } foreach ($tit as $foo) { $pid = $foo['id']; if (may_update()) { $res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount FROM payment_transactions AS p INNER JOIN accounts AS a ON (a.uid = p.uid) LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms)) LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid) WHERE p.ref = {?}' . ($order_id == $pid ? $ordering : ''), $pid); $trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user'); $sum = 0; foreach ($trans[$pid] as $i => $t) { $sum += $t['amount']; $trans[$pid][$i]['amount'] = $t['amount']; } $trans[$pid][] = array('limit' => true, 'amount' => $sum); } $res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid\n FROM group_events AS e\n LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)\n WHERE e.paiement_id = {?}", S::v('uid'), $pid); $event[$pid] = array(); $event[$pid]['paid'] = 0; if ($res->total()) { $event[$pid]['topay'] = 0; while (list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) { $event[$pid]['topay'] += $nb * $montant; $event[$pid]['eid'] = $eid; $event[$pid]['shortname'] = $shortname; $event[$pid]['title'] = $title; $event[$pid]['ins'] = !is_null($nb); $event[$pid]['paid'] = $paid; } } $res = XDB::query('SELECT SUM(amount) AS sum_amount FROM payment_transactions WHERE ref = {?} AND uid = {?}', $pid, S::v('uid')); $event[$pid]['paid'] = $res->fetchOneCell(); } $page->register_modifier('decode_comment', 'decode_comment'); $page->assign('trans', $trans); $page->assign('event', $event); }
function handler_ev($page, $action = 'list', $eid = null, $pound = null) { $page->changeTpl('events/index.tpl'); $user = S::user(); /** XXX: Tips and reminder only for user with 'email' permission. * We can do better in the future by storing a userfilter * with the tip/reminder. */ if ($user->checkPerms(User::PERM_MAIL)) { $page->assign('tips', $this->get_tips()); } // Adds a reminder onebox to the page. require_once 'reminder.inc.php'; if ($reminder = Reminder::GetCandidateReminder($user)) { $reminder->Prepare($page); } // Wishes "Happy birthday" when required $profile = $user->profile(); if (!is_null($profile)) { if ($profile->next_birthday == date('Y-m-d')) { $birthyear = (int) date('Y', strtotime($profile->birthdate)); $curyear = (int) date('Y'); $page->assign('birthday', $curyear - $birthyear); } } // Direct link to the RSS feed, when available. if (S::hasAuthToken()) { $page->setRssLink('Polytechnique.org :: News', '/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml'); } // Hide the read event, and reload the page to get to the next event. if ($action == 'read' && $eid) { XDB::execute('DELETE ev.* FROM announce_read AS ev INNER JOIN announces AS e ON e.id = ev.evt_id WHERE expiration < NOW()'); XDB::execute('INSERT IGNORE INTO announce_read (evt_id, uid) VALUES ({?}, {?})', $eid, S::v('uid')); pl_redirect('events#' . $pound); } // Unhide the requested event, and reload the page to display it. if ($action == 'unread' && $eid) { XDB::execute('DELETE FROM announce_read WHERE evt_id = {?} AND uid = {?}', $eid, S::v('uid')); pl_redirect('events#newsid' . $eid); } // Fetch the events to display, along with their metadata. $array = array(); $it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, e.uid,\n p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,\n FIND_IN_SET('important', e.flags) AS important,\n e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,\n e.expiration < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,\n ev.uid IS NULL AS nonlu, e.promo_min, e.promo_max\n FROM announces AS e\n LEFT JOIN announce_photos AS p ON (e.id = p.eid)\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY important DESC, news DESC, end DESC, e.expiration, e.creation_date DESC", S::i('uid')); $cats = array('important', 'news', 'end', 'body'); $this->load('feed.inc.php'); $user = S::user(); $body = EventFeed::nextEvent($it, $user); foreach ($cats as $cat) { $data = array(); if (!$body) { continue; } do { if ($cat == 'body' || $body[$cat]) { $data[] = $body; } else { break; } $body = EventFeed::nextEvent($it, $user); } while ($body); if (!empty($data)) { $array[$cat] = $data; } } $page->assign_by_ref('events', $array); }
function get_banana_params(array &$get, $group = null, $action = null, $artid = null) { if ($group == 'forums') { $group = null; } else { if ($group == 'thread') { $group = S::v('banana_group'); } else { if ($group == 'message') { $action = 'read'; $group = S::v('banana_group'); $artid = S::i('banana_artid'); } else { if ($action == 'message') { $action = 'read'; $artid = S::i('banana_artid'); } else { if ($group == 'subscribe' || $group == 'subscription') { $group = null; $action = null; $get['action'] = 'subscribe'; } else { if ($group == 'profile') { $group = null; $action = null; $get['action'] = 'profile'; } } } } } } if (!is_null($group)) { $get['group'] = $group; } if (!is_null($action)) { if ($action == 'new') { $get['action'] = 'new'; } elseif (!is_null($artid)) { $get['artid'] = $artid; if ($action == 'reply') { $get['action'] = 'new'; } elseif ($action == 'cancel') { $get['action'] = $action; } elseif ($action == 'from') { $get['first'] = $artid; unset($get['artid']); } elseif ($action == 'read') { $get['part'] = @$_GET['part']; } elseif ($action == 'source') { $get['part'] = 'source'; } elseif ($action == 'xface') { $get['part'] = 'xface'; } elseif ($action) { $get['part'] = str_replace('.', '/', $action); } if (Get::v('action') == 'showext') { $get['action'] = 'showext'; } } } }
function handler_group_see($page, $group = null) { global $platal; $page->addCssLink('groups.css'); $group = Group::fromId($group); if (!$group) { $page->assign('title', "Ce groupe n'existe pas"); $page->changeTpl('groups/no_group.tpl'); return; } // Fetch the group $group->select(GroupSelect::base()); $page->assign('group', $group); // Check rights if (S::i('auth') <= AUTH_PUBLIC && !$group->external()) { $platal->force_login($page); return; } $group->select(GroupSelect::see()); $page->assign('roomMaster', $group->isRoomMaster()); $promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO); $page->assign('promos', $promos); // Relation between the user & the group $page->assign('user', S::user()); if ($group->ns() != 'user') { $caste = $group->caste(Rights::member()); if (!is_null($caste)) { $page->assign('member_allowed', $caste->userfilter()); } } $page->assign('title', $group->label()); $page->changeTpl('groups/group.tpl'); }
public function filteredFetch($skin, array &$infos = null) { global $globals, $platal; $this->register_prefilter('trimwhitespace'); $this->register_prefilter('form_force_encodings'); $this->register_prefilter('wiki_include'); $this->register_prefilter('core_include'); $this->register_prefilter('if_rewrites'); $this->assign_by_ref('platal', $platal); $this->assign_by_ref('globals', $globals); $this->register_modifier('escape_html', 'escape_html'); $this->default_modifiers = array('@escape_html'); if (S::i('auth') <= AUTH_PUBLIC) { $this->register_outputfilter('hide_emails'); } if ($infos !== null) { $START_SMARTY = microtime(true); } $result = $this->fetch($skin); if ($infos !== null) { $infos['time'] = microtime(true) - $START_SMARTY; } return $result; }
function gpex_make($chlg, $privkey, $datafields, $charset) { $tohash = "1{$chlg}{$privkey}"; $params = ""; $fieldarr = explode(',', $datafields); $user =& S::user(); if ($user->hasProfile()) { /* Transition table for authentification. */ $personnal_data = $user->profile()->data(); $personnal_data['full_promo'] = $personnal_data['promo']; $personnal_data['promo'] = $personnal_data['entry_year']; $personnal_data['matricule'] = $personnal_data['xorg_id']; $personnal_data['matricule_ax'] = $personnal_data['ax_id']; $personnal_data['promo_sortie'] = $personnal_data['grad_year']; $personnal_data['nationalite'] = $personnal_data['nationality1']; $personnal_data['naissance'] = $personnal_data['birthdate']; $personnal_data['deces'] = $personnal_data['deathdate']; $personnal_data['nom'] = $personnal_data['lastname']; $personnal_data['prenom'] = $personnal_data['firstname']; $personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : ''; } else { // Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife $personnal_data = array('lastname' => $user->lastname, 'firstname' => $user->firstname, 'sex' => $user->gender); } foreach ($fieldarr as $val) { // Determine the requested value, and add it to the answer. if ($val == 'perms') { $params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset); } else { if ($val == 'forlife') { $params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset); } else { if (S::has($val)) { $params .= gpex_prepare_param($val, S::v($val), $tohash, $charset); } else { if (isset($personnal_data[$val])) { $params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset); } else { if ($val == 'username') { $min_username = XDB::fetchOneCell('SELECT email FROM email_source_account WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)', S::i('uid')); $params .= gpex_prepare_param($val, is_null($min_username) ? '' : $min_username, $tohash, $charset); } else { if ($val == 'grpauth') { if (isset($_GET['group'])) { $res = XDB::query("SELECT perms\n FROM group_members\n INNER JOIN groups ON(id = asso_id)\n WHERE uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']); $perms = $res->fetchOneCell(); } else { // if no group asked, return main rights $perms = S::admin() ? 'admin' : 'membre'; } $params .= gpex_prepare_param($val, $perms, $tohash, $charset); } else { $params .= gpex_prepare_param($val, '', $tohash, $charset); } } } } } } } $tohash .= "1"; $auth = md5($tohash); return array($auth, "&auth=" . $auth . $params); }
function handler_edit_announce($page, $aid = null) { global $globals, $platal; $page->changeTpl('xnetgrp/announce-edit.tpl'); $page->assign('new', is_null($aid)); $art = array(); if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') { S::assert_xsrf_token(); if (!is_null($aid)) { $art['id'] = $aid; } $art['titre'] = Post::v('titre'); $art['texte'] = Post::v('texte'); $art['contacts'] = Post::v('contacts'); $art['promo_min'] = Post::i('promo_min'); $art['promo_max'] = Post::i('promo_max'); $art['nom'] = S::v('nom'); $art['prenom'] = S::v('prenom'); $art['promo'] = S::v('promo'); $art['hruid'] = S::user()->login(); $art['uid'] = S::user()->id(); $art['expiration'] = Post::v('expiration'); $art['public'] = Post::has('public'); $art['xorg'] = Post::has('xorg'); $art['nl'] = Post::has('nl'); $art['event'] = Post::v('event'); $upload = new PlUpload(S::user()->login(), 'xnetannounce'); $this->upload_image($page, $upload); $art['contact_html'] = $art['contacts']; if ($art['event']) { $art['contact_html'] .= "\n{$globals->baseurl}/{$platal->ns}events/sub/{$art['event']}"; } if (!$art['public'] && ($art['promo_min'] > $art['promo_max'] && $art['promo_max'] != 0 || $art['promo_min'] != 0 && ($art['promo_min'] <= 1900 || $art['promo_min'] >= 2020) || $art['promo_max'] != 0 && ($art['promo_max'] <= 1900 || $art['promo_max'] >= 2020))) { $page->trigError("L'intervalle de promotions est invalide."); Post::kill('valid'); } if (!trim($art['titre']) || !trim($art['texte'])) { $page->trigError("L'article doit avoir un titre et un contenu."); Post::kill('valid'); } if (Post::v('valid') == 'Supprimer l\'image') { $upload->rm(); Post::kill('valid'); } $art['photo'] = $upload->exists() || Post::i('photo'); if (Post::v('valid') == 'Pas d\'image' && !is_null($aid)) { XDB::query('DELETE FROM group_announces_photo WHERE eid = {?}', $aid); $upload->rm(); Post::kill('valid'); $art['photo'] = false; } } if (Post::v('valid') == 'Enregistrer') { $promo_min = $art['public'] ? 0 : $art['promo_min']; $promo_max = $art['public'] ? 0 : $art['promo_max']; $flags = new PlFlagSet(); if ($art['public']) { $flags->addFlag('public'); } if ($art['photo']) { $flags->addFlag('photo'); } if (is_null($aid)) { $fulltext = $art['texte']; if (!empty($art['contact_html'])) { $fulltext .= "\n\n'''Contacts :'''\\\\\n" . $art['contact_html']; } $post = null; if ($globals->asso('forum')) { require_once 'banana/forum.inc.php'; $banana = new ForumsBanana(S::user()); $post = $banana->post($globals->asso('forum'), null, $art['titre'], MiniWiki::wikiToText($fulltext, false, 0, 80)); } XDB::query('INSERT INTO group_announces (uid, asso_id, create_date, titre, texte, contacts, expiration, promo_min, promo_max, flags, post_id) VALUES ({?}, {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', S::i('uid'), $globals->asso('id'), $art['titre'], $art['texte'], $art['contact_html'], $art['expiration'], $promo_min, $promo_max, $flags, $post); $aid = XDB::insertId(); if ($art['photo']) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', $aid, $imgtype, $imgx, $imgy, $upload->getContents()); } if ($art['xorg']) { $article = new EvtReq("[{$globals->asso('nom')}] " . $art['titre'], $fulltext, $art['promo_min'], $art['promo_max'], $art['expiration'], "", S::user(), $upload); $article->submit(); $page->trigWarning("L'affichage sur la page d'accueil de Polytechnique.org est en attente de validation."); } else { if ($upload && $upload->exists()) { $upload->rm(); } } if ($art['nl']) { $article = new NLReq(S::user(), $globals->asso('nom') . " : " . $art['titre'], $art['texte'], $art['contact_html']); $article->submit(); $page->trigWarning("La parution dans la Lettre Mensuelle est en attente de validation."); } } else { XDB::query('UPDATE group_announces SET titre = {?}, texte = {?}, contacts = {?}, expiration = {?}, promo_min = {?}, promo_max = {?}, flags = {?} WHERE id = {?} AND asso_id = {?}', $art['titre'], $art['texte'], $art['contacts'], $art['expiration'], $promo_min, $promo_max, $flags, $art['id'], $globals->asso('id')); if ($art['photo'] && $upload->exists()) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo (eid, attachmime, attach, x, y) VALUES ({?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $aid, $imgtype, $upload->getContents(), $imgx, $imgy); $upload->rm(); } } } if (Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Annuler') { pl_redirect(""); } if (empty($art) && !is_null($aid)) { $res = XDB::query("SELECT *, FIND_IN_SET('public', flags) AS public,\n FIND_IN_SET('photo', flags) AS photo\n FROM group_announces\n WHERE asso_id = {?} AND id = {?}", $globals->asso('id'), $aid); if ($res->numRows()) { $art = $res->fetchOneAssoc(); $art['contact_html'] = $art['contacts']; } else { $page->kill("Aucun article correspond à l'identifiant indiqué."); } } if (is_null($aid)) { $events = XDB::iterator("SELECT *\n FROM group_events\n WHERE asso_id = {?} AND archive = 0", $globals->asso('id')); if ($events->total()) { $page->assign('events', $events); } } $art['contact_html'] = @MiniWiki::WikiToHTML($art['contact_html']); $page->assign('art', $art); $page->assign_by_ref('upload', $upload); }
function handler_ajax_hruid($page) { if (S::i('auth') < AUTH_COOKIE) { $page->jsonAssign('error', "Utilisateur inconnu"); } else { $page->jsonAssign('hruid', S::user()->login()); } return PL_JSON; }
/** Register a moderation decision. * @param $mlist MailingList: the mailing list being moderated * @param $mid int: the message being moderated */ protected function moderate_mail($mlist, $mid) { if (Env::has('mok')) { $action = 'accept'; } elseif (Env::has('mno')) { $action = 'refuse'; } elseif (Env::has('mdel')) { $action = 'delete'; } else { return false; } Get::kill('mid'); return XDB::execute("INSERT IGNORE INTO email_list_moderate\n VALUES ({?}, {?}, {?}, {?}, {?}, NOW(), {?}, NULL)", $mlist->mbox, $mlist->domain, $mid, S::i('uid'), $action, Post::v('reason')); }
/** Start a session as user $user */ protected function startSessionAs($user, $level) { /* Session data and required data mismatch */ if (!is_null(S::v('user')) && S::v('user')->id() != $user->id() || S::has('uid') && S::i('uid') != $user->id()) { return false; } else { if (S::has('uid')) { return true; } } /* If we want to do a SUID */ if ($level == AUTH_SUID) { S::set('auth', AUTH_MDP); } S::set('user', $user); S::set('uid', $user->id()); if (!isSmartphone()) { S::set('skin', $user->skin()); } if (!S::suid()) { if (Post::v('remember', 'false') == 'on') { $this->setAccessCookie(false); } S::logger()->saveLastSession(); } else { S::logger()->log("suid_start", S::v('hruid') . ' by ' . S::suid('hruid')); } // Set session perms from User perms S::set('perms', $user->perms()); /* Clean temp var 'cookie_uid' */ S::kill('cookie_uid'); return true; }
function list_all_my_groups($params) { if (!S::logged()) { return; } $res = XDB::iterRow('SELECT a.nom, a.diminutif FROM groups AS a INNER JOIN group_members AS m ON m.asso_id = a.id WHERE m.uid = {?}', S::i('uid')); $links = '<a href="exit">déconnexion</a>'; $html = '<div>Mes groupes (' . $links . ') :</div>'; while (list($nom, $mini) = $res->next()) { $html .= "<span class='gp'>• <a href='login/{$mini}'>{$nom}</a></span>"; } return $html; }
function handler_acreate($page) { if (!$this->get_lists_domain()) { return PL_NOT_FOUND; } $page->changeTpl('xnetlists/alias-create.tpl'); if (!Post::has('submit')) { return; } else { S::assert_xsrf_token(); } if (!Post::has('liste')) { $page->trigError('Le champs « adresse souhaitée » est vide.'); return; } $list = Post::v('liste'); if (!preg_match("/^[a-zA-Z0-9\\-\\.]*\$/", $list)) { $page->trigError('Le nom de l\'alias ne doit contenir que des lettres,' . ' chiffres, tirets et points.'); return; } require_once 'emails.inc.php'; $lists_domain = $this->get_lists_domain(); if (list_exist($list, $lists_domain)) { $page->trigError('Cet alias est déjà pris.'); return; } add_to_list_alias(S::i('uid'), $list, $lists_domain); pl_redirect('alias/admin/' . $list . '@' . $lists_domain); }
public function setSkin() { if (S::logged() && (!S::has('skin') || S::suid())) { $res = XDB::query('SELECT skin_tpl FROM accounts AS a INNER JOIN skins AS s on (a.skin = s.id) WHERE a.uid = {?} AND skin_tpl != \'\'', S::i('uid')); S::set('skin', $res->fetchOneCell()); } }
function handler_events($page, $archive = null) { global $globals; $page->changeTpl('xnetevents/index.tpl'); $this->load('xnetevents.inc.php'); $action = null; $archive = $archive == 'archive' && may_update(); if (Post::has('del')) { $action = 'del'; $eid = Post::v('del'); } elseif (Post::has('archive')) { $action = 'archive'; $eid = Post::v('archive'); } elseif (Post::has('unarchive')) { $action = 'unarchive'; $eid = Post::v('unarchive'); } if (!is_null($action)) { if (!may_update()) { return PL_FORBIDDEN; } S::assert_xsrf_token(); $res = XDB::query("SELECT asso_id, short_name FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); $tmp = $res->fetchOneRow(); if (!$tmp) { return PL_FORBIDDEN; } } if ($action == 'del') { // deletes the event mailing aliases if ($tmp[1]) { require_once 'emails.inc.php'; foreach (explode(',', $globals->xnet->event_lists) as $suffix) { delete_list_alias($tmp[1] . $suffix, $globals->xnet->evts_domain, 'event'); } } // archive le paiement associé si il existe $pay_id = XDB::fetchOneCell("SELECT paiement_id\n FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); if (!$pay_id == '') { XDB::execute("UPDATE payments\n SET flags = 'old'\n WHERE id = {?}", $pay_id); } // deletes the event items XDB::execute('DELETE FROM group_event_items WHERE eid = {?}', $eid); // deletes the event participants XDB::execute('DELETE FROM group_event_participants WHERE eid = {?}', $eid); // deletes the event XDB::execute('DELETE FROM group_events WHERE eid = {?} AND asso_id = {?}', $eid, $globals->asso('id')); // delete the requests for payments XDB::execute("DELETE FROM requests\n WHERE type = 'paiements' AND data LIKE {?}", PayReq::same_event($eid, $globals->asso('id'))); $globals->updateNbValid(); } if ($action == 'archive') { $pay_id = XDB::fetchOneCell("SELECT paiement_id \n FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); if (!$pay_id == '') { XDB::execute("UPDATE payments\n SET flags = 'old'\n WHERE id = {?}", $pay_id); } XDB::execute("UPDATE group_events\n SET archive = 1\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); } if ($action == 'unarchive') { $pay_id = XDB::fetchOneCell("SELECT paiement_id FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); if (!$pay_id == '') { XDB::execute("UPDATE payments\n SET flags = ''\n WHERE id = {?}", $pay_id); } XDB::execute("UPDATE group_events\n SET archive = 0\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); } $page->assign('archive', $archive); if (Post::has('order')) { $order = Post::v('order'); XDB::execute("UPDATE groups\n SET event_order = {?}\n WHERE id = {?}", $order, $globals->asso('id')); } $order = get_event_order($globals->asso('id')); $evts = get_events($globals->asso('id'), $order, $archive); $page->assign('order', $order); $undisplayed_events = 0; foreach ($evts as $eid => &$e) { if (!is_member() && !may_update() && !$e['accept_nonmembre']) { $undisplayed_events++; continue; } $e['show_participants'] = $e['show_participants'] && (is_member() || may_update()); $e['items'] = get_event_items($eid); $e['topay'] = 0; $e['paid'] = 0; $sub = get_event_subscription($eid, S::i('uid')); if (empty($sub)) { $e['inscrit'] = false; } else { $e['inscrit'] = true; foreach ($e['items'] as $item_id => $m) { if (isset($sub[$item_id])) { $e['topay'] += $sub[$item_id]['nb'] * $m['montant']; $e['paid'] += $sub[$item_id]['paid']; } } } $e['sub'] = $sub; $telepaid = get_event_telepaid($eid, S::i('uid')); $e['paid'] += $telepaid; $e['date'] = make_event_date($e['debut'], $e['fin']); if ($e['deadline_inscription'] == null || strtotime($e['deadline_inscription']) >= time()) { $e['inscr_open'] = true; } else { $e['inscr_open'] = false; } if (Env::has('updated') && $e['eid'] == Env::i('updated')) { $page->assign('updated', $e); } } $page->assign('evenements', $evts); $page->assign('undisplayed_events', $undisplayed_events); }
function get_event_detail($eid, $item_id = false, $asso_id = null) { global $globals; if (is_null($asso_id)) { $asso_id = $globals->asso('id'); } if (!$item_id) { $where = ''; $group_by = 'e.eid'; } else { $where = XDB::format(' AND ei.item_id = {?}', $item_id); $group_by = 'ei.item_id'; } $evt = XDB::fetchOneAssoc('SELECT SUM(nb) AS nb_tot, COUNT(DISTINCT ep.uid) AS nb, e.*, SUM(IF(nb > 0, 1, 0)) AS user_count, IF(e.deadline_inscription, e.deadline_inscription >= LEFT(NOW(), 10), 1) AS inscr_open, LEFT(e.debut, 10) AS first_day, LEFT(e.fin, 10) AS last_day, LEFT(NOW(), 10) AS now, ei.titre, e.subscription_notification FROM group_events AS e INNER JOIN group_event_items AS ei ON (e.eid = ei.eid) LEFT JOIN group_event_participants AS ep ON(e.eid = ep.eid AND ei.item_id = ep.item_id) WHERE (e.eid = {?} OR e.short_name = {?}) AND e.asso_id = {?}' . $where . ' GROUP BY ' . $group_by, $eid, $eid, $asso_id); if (!$evt) { return null; } if ($GLOBALS['IS_XNET_SITE'] && $evt['accept_nonmembre'] == 0 && !is_member() && !may_update()) { return false; } if (!$item_id) { /* Don't try to be to smart here, in case we're getting the global summary, we cannot have * a general formula to estimate the total number of comers since 'moments' may (or may not be) * disjuncted. As a consequence, we can only provides the number of user having fullfiled the * registration procedure. */ $evt['user_count'] = $evt['nb_tot'] = $evt['nb']; $evt['titre'] = ''; $evt['item_id'] = 0; $evt['csv_name'] = urlencode($evt['intitule']); } else { $evt['csv_name'] = urlencode($evt['intitule'] . '.' . $evt['titre']); } $evt['moments'] = XDB::fetchAllAssoc('SELECT titre, details, montant, ei.item_id, nb, ep.paid, FIND_IN_SET(\'notify_payment\', ep.flags) AS notify_payment FROM group_event_items AS ei LEFT JOIN group_event_participants AS ep ON (ep.eid = ei.eid AND ep.item_id = ei.item_id AND uid = {?}) WHERE ei.eid = {?}', S::i('uid'), $evt['eid']); $evt['topay'] = 0; $evt['paid'] = 0; $evt['notify_payment'] = false; foreach ($evt['moments'] as $m) { $evt['topay'] += $m['nb'] * $m['montant']; if ($m['montant']) { $evt['money'] = true; } $evt['paid'] += $m['paid']; $evt['notify_payment'] = $evt['notify_payment'] || $m['notify_payment']; } $montant = XDB::fetchOneCell('SELECT SUM(amount) AS sum_amount FROM payment_transactions AS t WHERE status = "confirmed" AND ref = {?} AND uid = {?}', $evt['paiement_id'], S::v('uid')); $evt['telepaid'] = $montant; $evt['paid'] += $montant; $evt['organizer'] = User::getSilent($evt['uid']); $evt['date'] = make_event_date($evt['debut'], $evt['fin']); $evt['show_participants'] = $evt['show_participants'] && $GLOBALS['IS_XNET_SITE'] && (is_member() || may_update()); return $evt; }
/** * Returns true if the user is allowed to see the content of the caste * taking into account the level of AUTH * @param $caste the rights of the caste must be already fetched */ public function canSee(Caste $caste) { // If we are inside the platal & the caste is of type everybody if (S::i('auth') >= AUTH_INTERNAL && $caste->rights()->isMe(Rights::everybody())) { return true; } // If we are here, it means we are outside or that the caste is restricted // In either case, in order to see the content, the user must be part of the caste if (S::user()->castes()->get($caste) != false) { return true; } return false; }
public function __construct(PlSet $set, array $params) { $this->entriesPerPage = 10; $this->addSort(new PlViewOrder('rand', array(new PFO_Random(S::i('uid'))), 'aléatoirement')); $this->addSort(new PlViewOrder('name', array(new UFO_Name()), 'nom')); $this->addSort(new PlViewOrder('promo', array(new UFO_Promo(UserFilter::DISPLAY, true), new UFO_Name()), 'promotion')); $this->addSort(new PlViewOrder('date_mod', array(new UFO_ProfileUpdate(true), new UFO_Promo(UserFilter::DISPLAY, true), new UFO_Name()), 'dernière modification')); parent::__construct($set, $params); }
function handler_xnet($page) { $page->changeTpl('profile/groupesx.tpl'); $page->setTitle('Promo, Groupes X, Binets'); $req = XDB::query(' SELECT m.asso_id, a.nom, diminutif, a.logo IS NOT NULL AS has_logo, COUNT(e.eid) AS events, mail_domain AS lists FROM group_members AS m INNER JOIN groups AS a ON(m.asso_id = a.id) LEFT JOIN group_events AS e ON(e.asso_id = m.asso_id AND e.archive = 0) WHERE m.uid = {?} GROUP BY m.asso_id ORDER BY a.nom', S::i('uid')); $page->assign('assos', $req->fetchAllAssoc()); }