function smarty_function_test_email($params, $smarty) { $label = isset($params['title']) ? $params['title'] : 'Envoyer un email de test'; $token = "'" . S::v('xsrf_token') . (isset($params['hruid']) ? "', " : "'"); $hruid = isset($params['hruid']) ? "'" . $params['hruid'] . "'" : ''; return '<div class="center">' . ' <div id="mail_sent" style="position: absolute;"></div><br />' . ' <div><input type="submit" name="send" value="' . $label . '" onclick="sendTestEmail(' . $token . $hruid . ')" /></div>' . '</div>'; }
public function run() { global $platal, $globals; $nom = S::v('prenom') . ' ' . S::v('nom'); $mail = $this->user->bestEmail(); $sig = $nom . ' (' . S::v('promo') . ')'; Banana::$msgedit_headers['X-Org-Mail'] = $this->user->forlifeEmail(); // Tree color $req = XDB::query('SELECT tree_unread, tree_read FROM forum_profiles WHERE uid= {?}', $this->user->id()); if (!(list($unread, $read) = $req->fetchOneRow())) { $unread = 'o'; $read = 'dg'; } Banana::$tree_unread = $unread; Banana::$tree_read = $read; // Build user profile Banana::$profile['headers']['From'] = "{$nom} <{$mail}>"; Banana::$profile['headers']['Organization'] = make_Organization(); Banana::$profile['signature'] = $sig; // Page design Banana::$page->killPage('forums'); Banana::$page->killPage('subscribe'); // Run Banana return parent::run(); }
public static function IsCandidate(User $user, $candidate) { if (!$user->checkPerms(User::PERM_MAIL)) { return false; } return S::v('no_redirect'); }
public static function IsCandidate(User $user, $candidate) { if (!$user->checkPerms(User::PERM_MAIL)) { return false; } return count(S::v('mx_failures', array())) > 0; }
public function force_login(PlPage $page) { $redirect = S::v('loginX'); if (!$redirect) { $page->trigError('Impossible de s\'authentifier. Problème de configuration de plat/al.'); return; } http_redirect($redirect); }
function smarty_insert_getUsername() { $id = Cookie::i('uid', -1); $id = S::v('uid', $id); if ($id < 0) { return ''; } $user = User::getSilentWithUID($id); return $user->bestEmail(); }
function handler_admin($page) { $page->changeTpl('xnet/admin.tpl'); if (Get::has('del')) { $res = XDB::query('SELECT id, nom, mail_domain FROM groups WHERE diminutif={?}', Get::v('del')); list($id, $nom, $domain) = $res->fetchOneRow(); $page->assign('nom', $nom); if ($id && Post::has('del')) { S::assert_xsrf_token(); XDB::query('DELETE FROM group_members WHERE asso_id={?}', $id); $page->trigSuccess('membres supprimés'); if ($domain) { XDB::execute('DELETE v FROM email_virtual AS v INNER JOIN email_virtual_domains AS d ON (v.domain = d.id) WHERE d.name = {?}', $domain); XDB::execute('DELETE FROM email_virtual_domains WHERE name = {?}', $domain); $page->trigSuccess('suppression des alias mails'); $mmlist = new MMList(S::v('uid'), S::v('password'), $domain); if ($listes = $mmlist->get_lists()) { foreach ($listes as $l) { $mmlist->delete_list($l['list'], true); } $page->trigSuccess('mail lists surpprimées'); } } XDB::query('DELETE FROM groups WHERE id={?}', $id); $page->trigSuccess("Groupe {$nom} supprimé"); Get::kill('del'); } if (!$id) { Get::kill('del'); } } if (Post::has('diminutif') && Post::v('diminutif') != "") { S::assert_xsrf_token(); $res = XDB::query('SELECT COUNT(*) FROM groups WHERE diminutif = {?}', Post::v('diminutif')); if ($res->fetchOneCell() == 0) { XDB::execute('INSERT INTO groups (id, diminutif) VALUES (NULL, {?})', Post::v('diminutif')); pl_redirect(Post::v('diminutif') . '/edit'); } else { $page->trigError('Le diminutif demandé est déjà pris.'); } } $res = XDB::query('SELECT nom, diminutif FROM groups ORDER BY nom'); $page->assign('assos', $res->fetchAllAssoc()); }
function smarty_function_print_eleve_name($params, &$smarty) { $user = $params['eleve']; $name = $user->displayName(); if (isset($params['show_promo'])) { $name .= " (" . $user->promo() . ")"; } if (S::v('auth', AUTH_PUBLIC) >= AUTH_INTERNE) { $name = "<a href='tol/" . $user->login() . "'>" . $name . "</a>"; } return $name; }
private static function init($type) { if (Platal::globals()->cacheEnabled() && S::has('__DE_' . $type)) { self::$enumerations[$type] = S::v('__DE_' . $type); } else { $cls = "DE_" . ucfirst($type); $obj = new $cls(); self::$enumerations[$type] = $obj; if (Platal::globals()->cacheEnabled() && $obj->capabilities & DirEnumeration::SAVE_IN_SESSION) { S::set('__DE_' . $type, $obj); } } }
public function run() { global $globals, $platal; if ($this->forced_skin !== null) { $skin = $this->forced_skin . '.tpl'; } else { if ($this->default_skin === null) { $default_skin = $globals->skin; } else { $default_skin = $this->default_skin; } $skin = S::v('skin', $default_skin . '.tpl'); } $this->_run('skin/' . $skin); }
function prepareform($pay, $user) { global $globals, $platal; $log = S::v('log'); // Transaction's reference computation. $prefix = rand_url_id(); $fullref = substr("{$prefix}-{$pay->id}", -12); // FIXME : check for duplicates $ts = time(); $trans_date = gmdate("YmdHis", $ts); $trans_id = gmdate("His", $ts); // FIXME : check for duplicates // Form's content. $this->urlform = "https://systempay.cyberpluspaiement.com/vads-payment/"; $this->infos['commercant'] = array('vads_site_id' => $globals->money->cyperplus_account, 'vads_return_mode' => 'NONE', 'vads_url_return' => $pay->url ? $pay->url : $globals->baseurl . '/' . $platal->ns); $this->infos['client'] = array('vads_cust_email' => $user->bestEmail(), 'vads_cust_id' => $user->id(), 'vads_cust_name' => substr(self::replaceNonAlpha(replace_accent($user->shortName())), 0, 127)); $this->infos['commande'] = array('vads_amount' => $this->val, 'vads_currency' => '978', 'vads_payment_config' => 'SINGLE', 'vads_trans_date' => $trans_date, 'vads_trans_id' => $trans_id, 'vads_order_id' => $fullref, 'vads_order_info' => substr(self::replaceNonAlpha(replace_accent(Env::v('comment'))), 0, 255), 'vads_order_info2' => Post::i('display')); $this->infos['divers'] = array('vads_version' => 'V2', 'vads_ctx_mode' => $globals->money->cyperplus_prod, 'vads_page_action' => 'PAYMENT', 'vads_action_mode' => 'INTERACTIVE'); // Entry key computation. $all_params = array_merge($this->infos['commercant'], $this->infos['client'], $this->infos['commande'], $this->infos['divers']); ksort($all_params); $this->infos['divers']['signature'] = sha1(join('+', $all_params) . '+' . $globals->money->cyperplus_key); }
function init_igoogle_html($template, $auth = AUTH_PUBLIC) { $page =& Platal::page(); $page->changeTpl('gadgets/ig-skin.tpl', NO_SKIN); $page->register_modifier('escape_html', 'escape_html'); $page->default_modifiers = array('@escape_html'); header('Accept-Charset: utf-8'); // Adds external JavaScript libraries provided by iGoogle to the page. if (Env::has('libs')) { $libs = preg_split('/,/', Env::s('libs'), -1, PREG_SPLIT_NO_EMPTY); foreach ($libs as $lib) { if (preg_match('@^[a-z0-9/._-]+$@i', $lib) && !preg_match('@([.][.])|([.]/)|(//)@', $lib)) { $page->append('gadget_js', 'https://www.google.com/ig/f/' . $lib); } } } // Redirects the user to the login pagin if required. if ($auth > S::v('auth', AUTH_PUBLIC)) { $page->assign('gadget_tpl', 'gadgets/ig-login.tpl'); return false; } $page->assign('gadget_tpl', $template); return true; }
function get_banana_params(array &$get, $group = null, $action = null, $artid = null) { if ($group == 'forums') { $group = null; } else { if ($group == 'thread') { $group = S::v('banana_group'); } else { if ($group == 'message') { $action = 'read'; $group = S::v('banana_group'); $artid = S::i('banana_artid'); } else { if ($action == 'message') { $action = 'read'; $artid = S::i('banana_artid'); } else { if ($group == 'subscribe' || $group == 'subscription') { $group = null; $action = null; $get['action'] = 'subscribe'; } else { if ($group == 'profile') { $group = null; $action = null; $get['action'] = 'profile'; } } } } } } if (!is_null($group)) { $get['group'] = $group; } if (!is_null($action)) { if ($action == 'new') { $get['action'] = 'new'; } elseif (!is_null($artid)) { $get['artid'] = $artid; if ($action == 'reply') { $get['action'] = 'new'; } elseif ($action == 'cancel') { $get['action'] = $action; } elseif ($action == 'from') { $get['first'] = $artid; unset($get['artid']); } elseif ($action == 'read') { $get['part'] = @$_GET['part']; } elseif ($action == 'source') { $get['part'] = 'source'; } elseif ($action == 'xface') { $get['part'] = 'xface'; } elseif ($action) { $get['part'] = str_replace('.', '/', $action); } if (Get::v('action') == 'showext') { $get['action'] = 'showext'; } } } }
protected function startSessionAs($user, $level) { if (!is_null(S::user()) && S::user()->id() != $user->id() || S::has('uid') && S::i('uid') != $user->id()) { return false; } else { if (S::has('uid')) { return true; } } if ($level == AUTH_SUID) { S::set('auth', AUTH_PASSWD); } // Loads uid and hruid into the session for developement conveniance. $_SESSION = array_merge($_SESSION, array('uid' => $user->id(), 'hruid' => $user->hruid, 'token' => $user->token, 'user' => $user)); // Starts the session's logger, and sets up the permanent cookie. if (S::suid()) { S::logger()->log("suid_start", S::v('hruid') . ' by ' . S::suid('hruid')); } else { S::logger()->saveLastSession(); Cookie::set('uid', $user->id(), 300); if (S::i('auth_by_cookie') == $user->id() || Post::v('remember', 'false') == 'true') { $this->setAccessCookie(false, S::i('auth_by_cookie') != $user->id()); } else { $this->killAccessCookie(); // If login for an external website and not activating cookie, // mark that we want to disconnect once external auth checks // have been performed. if (Post::b('external_auth')) { S::set('external_auth_exit', true); } } } // Finalizes the session setup. $this->makePerms($user->perms, $user->is_admin); $this->securityChecks(); $this->setSkin(); $this->updateNbNotifs(); // Only check email redirection for 'internal' users. if ($user->checkPerms(PERMS_USER)) { check_redirect(); } // We should not have to use this private data anymore S::kill('auth_by_cookie'); return true; }
function handler_ev($page, $action = 'list', $eid = null, $pound = null) { $page->changeTpl('events/index.tpl'); $user = S::user(); /** XXX: Tips and reminder only for user with 'email' permission. * We can do better in the future by storing a userfilter * with the tip/reminder. */ if ($user->checkPerms(User::PERM_MAIL)) { $page->assign('tips', $this->get_tips()); } // Adds a reminder onebox to the page. require_once 'reminder.inc.php'; if ($reminder = Reminder::GetCandidateReminder($user)) { $reminder->Prepare($page); } // Wishes "Happy birthday" when required $profile = $user->profile(); if (!is_null($profile)) { if ($profile->next_birthday == date('Y-m-d')) { $birthyear = (int) date('Y', strtotime($profile->birthdate)); $curyear = (int) date('Y'); $page->assign('birthday', $curyear - $birthyear); } } // Direct link to the RSS feed, when available. if (S::hasAuthToken()) { $page->setRssLink('Polytechnique.org :: News', '/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml'); } // Hide the read event, and reload the page to get to the next event. if ($action == 'read' && $eid) { XDB::execute('DELETE ev.* FROM announce_read AS ev INNER JOIN announces AS e ON e.id = ev.evt_id WHERE expiration < NOW()'); XDB::execute('INSERT IGNORE INTO announce_read (evt_id, uid) VALUES ({?}, {?})', $eid, S::v('uid')); pl_redirect('events#' . $pound); } // Unhide the requested event, and reload the page to display it. if ($action == 'unread' && $eid) { XDB::execute('DELETE FROM announce_read WHERE evt_id = {?} AND uid = {?}', $eid, S::v('uid')); pl_redirect('events#newsid' . $eid); } // Fetch the events to display, along with their metadata. $array = array(); $it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, e.uid,\n p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,\n FIND_IN_SET('important', e.flags) AS important,\n e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,\n e.expiration < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,\n ev.uid IS NULL AS nonlu, e.promo_min, e.promo_max\n FROM announces AS e\n LEFT JOIN announce_photos AS p ON (e.id = p.eid)\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY important DESC, news DESC, end DESC, e.expiration, e.creation_date DESC", S::i('uid')); $cats = array('important', 'news', 'end', 'body'); $this->load('feed.inc.php'); $user = S::user(); $body = EventFeed::nextEvent($it, $user); foreach ($cats as $cat) { $data = array(); if (!$body) { continue; } do { if ($cat == 'body' || $body[$cat]) { $data[] = $body; } else { break; } $body = EventFeed::nextEvent($it, $user); } while ($body); if (!empty($data)) { $array[$cat] = $data; } } $page->assign_by_ref('events', $array); }
private function useMenu() { global $globals; $menu = array(); $sub = array(); $sub['tous les groupes'] = 'plan'; $sub['documentation'] = 'Xnet'; if (S::user()->type == 'xnet') { $sub['mon compte'] = 'edit'; $sub['mes préférences'] = $globals->xnet->xorg_baseurl . 'prefs'; } $sub['signaler un bug'] = array('href' => 'send_bug/' . $_SERVER['REQUEST_URI'], 'class' => 'popup_840x600'); $menu["no_title"] = $sub; $perms = S::v('perms'); $dim = $globals->asso('diminutif'); if (S::logged() && $globals->asso()) { $sub = array(); $sub['présentation'] = "login/{$dim}/"; if ($perms->hasFlag('groupannu')) { $sub['annuaire du groupe'] = "{$dim}/annuaire"; $sub['trombinoscope'] = "{$dim}/trombi"; } if ($globals->asso('forum')) { $sub['forum'] = "{$dim}/forum"; } if ($perms->hasFlag('groupmember')) { if ($globals->asso('mail_domain')) { $sub['listes de diffusion'] = "{$dim}/lists"; } if ($globals->asso('has_nl')) { $sub['newsletter'] = "{$dim}/nl"; } } $sub['événement'] = "{$dim}/events"; if ($perms->hasFlag('groupadmin')) { $sub['télépaiement'] = "{$dim}/payment"; } $menu[$globals->asso('nom')] = $sub; } if ($globals->asso() && is_object($perms) && $perms->hasFlag('groupadmin')) { $sub = array(); $sub['modifier l\'accueil'] = "{$dim}/edit"; $sub['gérer les annonces'] = "{$dim}/admin/announces"; if ($globals->asso('mail_domain')) { if (!$globals->asso('disable_mails')) { $sub['envoyer un mail'] = "{$dim}/mail"; } $sub['créer une liste'] = "{$dim}/lists/create"; $sub['créer un alias'] = "{$dim}/alias/create"; } if (!$globals->asso('has_nl')) { $sub['créer la newsletter'] = "{$dim}/admin/nl/enable"; } if (S::admin()) { $sub['gérer les groupes'] = array('href' => 'admin', 'style' => 'color: gray;'); $sub['clear cache'] = array('href' => 'purge_cache?token=' . S::v('xsrf_token'), 'style' => 'color: gray;'); } $menu['Administrer'] = $sub; } elseif (S::admin()) { $sub = array(); $sub['gérer les groupes'] = 'admin'; $sub['clear cache'] = 'purge_cache?token=' . S::v('xsrf_token'); $menu['Administrer'] = $sub; } $this->assign('menu', $menu); }
function handler_batch($page) { $page->changeTpl('carnet/batch.tpl'); $errors = false; $incomplete = array(); if (Post::has('add')) { S::assert_xsrf_token(); require_once 'userset.inc.php'; require_once 'emails.inc.php'; require_once 'marketing.inc.php'; $list = explode("\n", Post::v('list')); $origin = Post::v('origin'); foreach ($list as $item) { if ($item = trim($item)) { $elements = preg_split("/\\s/", $item); $email = array_pop($elements); if (!isvalid_email($email)) { $page->trigError('Email invalide : ' . $email); $incomplete[] = $item; $errors = true; continue; } $user = User::getSilent($email); if (is_null($user)) { $details = implode(' ', $elements); $promo = trim(array_pop($elements)); $cond = new PFC_And(); if (preg_match('/^[MDX]\\d{4}$/', $promo)) { $cond->addChild(new UFC_Promo('=', UserFilter::DISPLAY, $promo)); } else { $cond->addChild(new UFC_NameTokens($promo)); } foreach ($elements as $element) { $cond->addChild(new UFC_NameTokens($element)); } $uf = new UserFilter($cond); $count = $uf->getTotalCount(); if ($count == 0) { $page->trigError('Les informations : « ' . $item . ' » ne correspondent à aucun camarade.'); $incomplete[] = $item; $errors = true; continue; } elseif ($count > 1) { $page->trigError('Les informations : « ' . $item . ' » sont ambigues et correspondent à plusieurs camarades.'); $incomplete[] = $item; $errors = true; continue; } else { $user = $uf->getUser(); } } if ($user->state == 'active') { $this->addRegistered($page, $user->profile()); } else { if (!User::isForeignEmailAddress($email)) { $page->trigError('Email pas encore attribué : ' . $email); $incomplete[] = $item; $errors = true; } else { $this->addNonRegistered($page, $user); if (!Marketing::get($user->id(), $email, true)) { check_email($email, "Une adresse surveillée est proposée au marketing par " . S::user()->login()); $market = new Marketing($user->id(), $email, 'default', null, $origin, S::v('uid'), null); $market->add(); } } } } } } $page->assign('errors', $errors); $page->assign('incomplete', $incomplete); }
function handler_admin($page, $liste = null) { global $globals; if (is_null($liste)) { return PL_NOT_FOUND; } $mlist = $this->prepare_list($liste); $this->is_group_admin($page); if (!$this->is_group_admin($page)) { $this->verify_list_owner($page, $mlist); } $page->changeTpl('lists/admin.tpl'); if (Env::has('send_mark')) { S::assert_xsrf_token(); $actions = Env::v('mk_action'); $uids = Env::v('mk_uid'); $mails = Env::v('mk_email'); foreach ($actions as $key => $action) { switch ($action) { case 'none': break; case 'marketu': case 'markets': require_once 'emails.inc.php'; $user = User::get($uids[$key]); $mail = valide_email($mails[$key]); if (isvalid_email_redirection($mail, $user)) { $from = $action == 'marketu' ? 'user' : 'staff'; $market = Marketing::get($uids[$key], $mail); if (!$market) { $market = new Marketing($uids[$key], $mail, 'list', $mlist->address, $from, S::v('uid')); $market->add(); break; } } default: XDB::execute('INSERT IGNORE INTO register_subs (uid, type, sub, domain) VALUES ({?}, \'list\', {?}, {?})', $uids[$key], $mlist->mbox, $mlist->domain); } } } if (Env::has('add_member') || isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { S::assert_xsrf_token(); if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); if (!$upload) { $page->trigError("Une erreur s'est produite lors du téléchargement du fichier."); } else { $logins = $upload->getContents(); } } else { $logins = Env::v('add_member'); } $logins = preg_split("/[; ,\r\n\\|]+/", $logins); $members = User::getBulkForlifeEmailsFromEmail($logins); $unfound = array_diff_key($logins, $members); // Make sure we send a list (array_values) of unique (array_unique) // emails. $members = array_values(array_unique($members)); $arr = $mlist->subscribeBulk($members); $successes = array(); if (is_array($arr)) { foreach ($arr as $addr) { $successes[] = $addr[1]; $page->trigSuccess("{$addr[0]} inscrit."); } } $already = array_diff($members, $successes); if (is_array($already)) { foreach ($already as $item) { $page->trigWarning($item . ' est déjà inscrit.'); } } if (is_array($unfound)) { foreach ($unfound as $item) { if (trim($item) != '') { $page->trigError($item . " ne correspond pas à un compte existant et n'est pas une adresse email."); } } } } if (Env::has('del_member')) { S::assert_xsrf_token(); if (strpos(Env::v('del_member'), '@') === false) { if ($del_member = User::getSilent(Env::t('del_member'))) { $mlist->unsubscribeBulk(array($del_member->forlifeEmail())); } } else { $mlist->unsubscribeBulk(array(Env::v('del_member'))); } pl_redirect('lists/admin/' . $liste); } if (Env::has('add_owner')) { S::assert_xsrf_token(); $owners = User::getBulkForlifeEmailsFromEmail(Env::v('add_owner')); if ($owners) { foreach ($owners as $forlife_email) { if ($mlist->addOwner($forlife_email)) { $page->trigSuccess($login . " ajouté aux modérateurs."); } } } } if (Env::has('del_owner')) { S::assert_xsrf_token(); if (strpos(Env::v('del_owner'), '@') === false) { if ($del_owner = User::getSilent(Env::t('del_owner'))) { $mlist->removeOwner($del_owner->forlifeEmail()); } else { // Shit happens, and a non-email could be set as the owner $mlist->removeOwner(Env::v('del_owner')); } } else { $mlist->removeOwner(Env::v('del_owner')); } pl_redirect('lists/admin/' . $liste); } if (list($det, $mem, $own) = $mlist->getMembers()) { global $list_unregistered; if ($list_unregistered) { $page->assign_by_ref('unregistered', $list_unregistered); } $membres = list_sort_members($mem, @$tri_promo); $moderos = list_sort_owners($own, @$tri_promo); $page->assign_by_ref('details', $det); $page->assign_by_ref('members', $membres); $page->assign_by_ref('owners', $moderos); $page->assign('np_m', count($mem)); } else { $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.<br />" . " Si tu penses qu'il s'agit d'une erreur, " . "<a href='mailto:support@polytechnique.org'>contact le support</a>."); } }
function hook_checkcancel($_headers) { return $_headers['x-org-id'] == S::v('hruid') or S::admin(); }
function handler_skin($page) { global $globals; $page->changeTpl('platal/skins.tpl'); $page->setTitle('Skins'); if (Env::has('newskin')) { // formulaire soumis, traitons les données envoyées XDB::execute('UPDATE accounts SET skin = {?} WHERE uid = {?}', Env::i('newskin'), S::i('uid')); S::kill('skin'); Platal::session()->setSkin(); } $res = XDB::query('SELECT id FROM skins WHERE skin_tpl = {?}', S::v('skin')); $page->assign('skin_id', $res->fetchOneCell()); $sql = 'SELECT s.*, auteur, COUNT(*) AS nb FROM skins AS s LEFT JOIN accounts AS a ON (a.skin = s.id) WHERE skin_tpl != \'\' AND ext != \'\' GROUP BY id ORDER BY s.date DESC'; $page->assign('skins', XDB::iterator($sql)); }
function handler_public($page, $hruid = null) { $page->changeTpl('marketing/public.tpl'); // Retrieves the user info, and checks the user is not yet registered. $user = User::getSilent($hruid); if (!$user || !$user->hasProfile()) { return PL_NOT_FOUND; } if ($user->state != 'pending') { $page->kill('Cet utilisateur est déjà inscrit'); } // Displays the page, and handles the eventual user actions. $page->assign('full_name', $user->fullName()); $page->assign('promo', $user->promo()); if (Post::has('valide')) { S::assert_xsrf_token(); $email = trim(Post::v('mail')); require_once 'emails.inc.php'; if (!isvalid_email_redirection($email, $user)) { $page->trigError('Email invalide !'); } else { // On cherche les marketings précédents sur cette adresse // email, en se restreignant au dernier mois if (Marketing::get($user->id(), $email, true)) { $page->assign('already', true); } else { $page->assign('ok', true); check_email($email, "Une adresse surveillée est proposée au marketing par " . S::user()->login()); $market = new Marketing($user->id(), $email, 'default', null, Post::v('origine'), S::v('uid'), Post::v('origine') == 'user' ? Post::v('personal_notes') : null); $market->add(); } } } else { global $globals; require_once 'marketing.inc.php'; $sender = User::getSilent(S::v('uid')); $perso_signature = 'Cordialement,<br />-- <br />' . $sender->fullName(); $market = new AnnuaireMarketing(null, true); $text = $market->getText(array('sexe' => $user->isFemale(), 'forlife_email' => $user->hruid . "@" . $user->mainEmailDomain(), 'forlife_email2' => $user->hruid . "@" . $user->alternateEmailDomain())); $text = str_replace('%%hash%%', '', $text); $text = str_replace('%%personal_notes%%', '<em id="personal_notes_display"></em>', $text); $text = str_replace('%%sender%%', '<span id="sender">' . $perso_signature . '</span>', $text); $page->assign('text', nl2br($text)); $page->assign('perso_signature', $perso_signature); $page->assign('mail_part', 'escaped_html'); } }
function get_event_detail($eid, $item_id = false, $asso_id = null) { global $globals; if (is_null($asso_id)) { $asso_id = $globals->asso('id'); } if (!$item_id) { $where = ''; $group_by = 'e.eid'; } else { $where = XDB::format(' AND ei.item_id = {?}', $item_id); $group_by = 'ei.item_id'; } $evt = XDB::fetchOneAssoc('SELECT SUM(nb) AS nb_tot, COUNT(DISTINCT ep.uid) AS nb, e.*, SUM(IF(nb > 0, 1, 0)) AS user_count, IF(e.deadline_inscription, e.deadline_inscription >= LEFT(NOW(), 10), 1) AS inscr_open, LEFT(e.debut, 10) AS first_day, LEFT(e.fin, 10) AS last_day, LEFT(NOW(), 10) AS now, ei.titre, e.subscription_notification FROM group_events AS e INNER JOIN group_event_items AS ei ON (e.eid = ei.eid) LEFT JOIN group_event_participants AS ep ON(e.eid = ep.eid AND ei.item_id = ep.item_id) WHERE (e.eid = {?} OR e.short_name = {?}) AND e.asso_id = {?}' . $where . ' GROUP BY ' . $group_by, $eid, $eid, $asso_id); if (!$evt) { return null; } if ($GLOBALS['IS_XNET_SITE'] && $evt['accept_nonmembre'] == 0 && !is_member() && !may_update()) { return false; } if (!$item_id) { /* Don't try to be to smart here, in case we're getting the global summary, we cannot have * a general formula to estimate the total number of comers since 'moments' may (or may not be) * disjuncted. As a consequence, we can only provides the number of user having fullfiled the * registration procedure. */ $evt['user_count'] = $evt['nb_tot'] = $evt['nb']; $evt['titre'] = ''; $evt['item_id'] = 0; $evt['csv_name'] = urlencode($evt['intitule']); } else { $evt['csv_name'] = urlencode($evt['intitule'] . '.' . $evt['titre']); } $evt['moments'] = XDB::fetchAllAssoc('SELECT titre, details, montant, ei.item_id, nb, ep.paid, FIND_IN_SET(\'notify_payment\', ep.flags) AS notify_payment FROM group_event_items AS ei LEFT JOIN group_event_participants AS ep ON (ep.eid = ei.eid AND ep.item_id = ei.item_id AND uid = {?}) WHERE ei.eid = {?}', S::i('uid'), $evt['eid']); $evt['topay'] = 0; $evt['paid'] = 0; $evt['notify_payment'] = false; foreach ($evt['moments'] as $m) { $evt['topay'] += $m['nb'] * $m['montant']; if ($m['montant']) { $evt['money'] = true; } $evt['paid'] += $m['paid']; $evt['notify_payment'] = $evt['notify_payment'] || $m['notify_payment']; } $montant = XDB::fetchOneCell('SELECT SUM(amount) AS sum_amount FROM payment_transactions AS t WHERE status = "confirmed" AND ref = {?} AND uid = {?}', $evt['paiement_id'], S::v('uid')); $evt['telepaid'] = $montant; $evt['paid'] += $montant; $evt['organizer'] = User::getSilent($evt['uid']); $evt['date'] = make_event_date($evt['debut'], $evt['fin']); $evt['show_participants'] = $evt['show_participants'] && $GLOBALS['IS_XNET_SITE'] && (is_member() || may_update()); return $evt; }
public function run() { $skin = $this->load_skin(); $this->assign('skin', S::v('skin')); $user = S::user(); $this->assign('user', $user); $this->assign('logged', !is_null($user) && S::logged()); // Remote IP $this->assign('remip', IPAddress::getInstance()); $this->assign('MiniModules_COL_FLOAT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_FLOAT))); $this->addCssLink(FrankizMiniModule::batchCss()); // Enable JSON loading of the module only if (Env::has('solo')) { $this->jsonAssign('content', $this->raw()); $this->jsonAssign('title', $this->get_template_vars('title')); $this->jsonAssign('pl_css', $this->get_template_vars('pl_css')); $this->jsonAssign('pl_js', $this->get_template_vars('pl_js')); $this->runJSon(); } else { $this->assign('quick_validate', array()); if (S::user()->castes(Rights::admin())->count() > 0) { $validate_filter = new ValidateFilter(new VFC_User(S::user())); $validates = $validate_filter->get()->select(ValidateSelect::quick()); $quick_validate = $validates->split('group'); $this->assign('quick_validate', $quick_validate); } $request_filter = new ValidateFilter(new VFC_Writer(S::user())); $requests = $request_filter->get()->select(ValidateSelect::quick()); $this->assign('self_url', pl_self()); $this->assign('quick_requests', $requests); $this->_run(self::getTplPath('frankiz.tpl')); } }
function handler_admin_user($page, $user = null) { require_once 'emails.inc.php'; require_once 'googleapps.inc.php'; $page->changeTpl('googleapps/admin.user.tpl'); $page->setTitle('Administration Google Apps'); $page->assign('googleapps_admin', GoogleAppsAccount::is_administrator(S::v('uid'))); if (!$user && Post::has('login')) { $user = Post::v('login'); } $user = User::get($user); if ($user) { $account = new GoogleAppsAccount($user); // Apply requested actions. if (Post::has('suspend') && $account->active() && !$account->pending_update_suspension) { S::assert_xsrf_token(); $account->suspend(); $page->trigSuccess('Le compte est en cours de suspension.'); } else { if (Post::has('unsuspend') && $account->suspended() && !$account->pending_update_suspension) { S::assert_xsrf_token(); $account->do_unsuspend(); $page->trigSuccess('Le compte est en cours de réactivation.'); } else { if (Post::has('forcesync') && $account->active() && $account->sync_password) { $account->set_password($user->password()); $page->trigSuccess('Le mot de passe est en cours de synchronisation.'); } else { if (Post::has('sync') && $account->active()) { $account->set_password($user->password()); $account->set_password_sync(true); } else { if (Post::has('nosync') && $account->active()) { $account->set_password_sync(false); } } } } } // Displays basic account information. $page->assign('account', $account); $page->assign('admin_account', GoogleAppsAccount::is_administrator($user->id())); $page->assign('googleapps_storage', Email::is_active_storage($user, 'googleapps')); $page->assign('user', $user->id()); // Retrieves user's pending requests. $res = XDB::iterator("SELECT q_id, q_recipient_id, p_status, j_type, UNIX_TIMESTAMP(p_entry_date) AS p_entry_date\n FROM gapps_queue\n WHERE q_recipient_id = {?}\n ORDER BY p_entry_date DESC", $user->id()); $page->assign('requests', $res); } }
public function add_email($email) { $email_stripped = strtolower(trim($email)); if (!isvalid_email($email_stripped)) { return ERROR_INVALID_EMAIL; } if (!isvalid_email_redirection($email_stripped, $this->user)) { return ERROR_LOOP_EMAIL; } // We first need to retrieve the value for the antispam filter: it is // either the user's redirections common value, or if they differ, our // default value. $bogo = new Bogo($this->user); $filter = $bogo->single_state ? Bogo::$states[$bogo->state] : Bogo::MAIN_DEFAULT; // If the email was already present for this user, we reset it to the default values, we thus use REPLACE INTO. XDB::execute('REPLACE INTO email_redirect_account (uid, redirect, flags, action) VALUES ({?}, {?}, \'active\', {?})', $this->user->id(), $email, $filter); // Replace this email by forlife email, if present in aliases and MLs. $listClient = new MMList(S::user()); $listClient->change_user_email($email, $this->user->forlifeEmail()); update_alias_user($email, $this->user->forlifeEmail()); if ($logger = S::v('log', null)) { // may be absent --> step4.php S::logger()->log('email_add', $email . ($this->user->id() != S::v('uid') ? " (admin on {$this->user->login()})" : "")); } foreach ($this->emails as $mail) { if ($mail->email == $email_stripped) { return SUCCESS; } } $this->emails[] = new Email($this->user, array('redirect' => $email, 'rewrite' => '', 'type' => 'smtp', 'action' => $filter, 'broken_date' => '0000-00-00', 'broken_level' => 0, 'last' => '0000-00-00', 'flags' => 'active', 'hash' => null, 'allow_rewrite' => 0)); // security stuff check_email($email, "Ajout d'une adresse surveillée aux redirections de " . $this->user->login()); check_redirect($this); $this->update_imap(); return SUCCESS; }
function handler_wiki($page, $action = 'list', $wikipage = null, $wikipage2 = null) { if (S::hasAuthToken()) { $page->setRssLink('Changement Récents', '/Site/AllRecentChanges?action=rss&user='******'hruid') . '&hash=' . S::user()->token); } // update wiki perms if ($action == 'update') { S::assert_xsrf_token(); $perms_read = Post::v('read'); $perms_edit = Post::v('edit'); if ($perms_read || $perms_edit) { foreach ($_POST as $wiki_page => $val) { if ($val == 'on') { $wp = new PlWikiPage(str_replace(array('_', '/'), '.', $wiki_page)); if ($wp->setPerms($perms_read ? $perms_read : $wp->readPerms(), $perms_edit ? $perms_edit : $wp->writePerms())) { $page->trigSuccess("Permission de la page {$wiki_page} mises à jour"); } else { $page->trigError("Impossible de mettre les permissions de la page {$wiki_page} à jour"); } } } } } else { if ($action != 'list' && !empty($wikipage)) { $wp = new PlWikiPage($wikipage); S::assert_xsrf_token(); if ($action == 'delete') { if ($wp->delete()) { $page->trigSuccess("La page " . $wikipage . " a été supprimée."); } else { $page->trigError("Impossible de supprimer la page " . $wikipage . "."); } } else { if ($action == 'rename' && !empty($wikipage2) && $wikipage != $wikipage2) { if ($changedLinks = $wp->rename($wikipage2)) { $s = 'La page <em>' . $wikipage . '</em> a été déplacée en <em>' . $wikipage2 . '</em>.'; if (is_numeric($changedLinks)) { $s .= $changedLinks . ' lien' . ($changedLinks > 1 ? 's ont été modifiés.' : ' a été modifié.'); } $page->trigSuccess($s); } else { $page->trigError("Impossible de déplacer la page " . $wikipage); } } } } } $perms = PlWikiPage::permOptions(); // list wiki pages and their perms $wiki_pages = PlWikiPage::listPages(); ksort($wiki_pages); $wiki_tree = array(); foreach ($wiki_pages as $file => $desc) { list($cat, $name) = explode('.', $file); if (!isset($wiki_tree[$cat])) { $wiki_tree[$cat] = array(); } $wiki_tree[$cat][$name] = $desc; } $page->changeTpl('admin/wiki.tpl'); $page->assign('wiki_pages', $wiki_tree); $page->assign('perms_opts', $perms); }
private function create_queue_job($type, $parameters) { $parameters["username"] = $this->g_account_name; XDB::execute("INSERT INTO gapps_queue\n SET q_owner_id = {?}, q_recipient_id = {?},\n p_entry_date = NOW(), p_notbefore_date = NOW(),\n p_priority = 'immediate',\n j_type = {?}, j_parameters = {?}", S::v('uid'), $this->user->id(), $type, json_encode($parameters)); }
public static function getSilentWithValues($login, $values) { global $globals; if ($login == 0) { // If the anonymous_user is already in session if (S::has('anonymous_user')) { return S::v('anonymous_user'); } $uid = IPAddress::getInstance()->is_x_internal() ? $globals->anonymous->internal : $globals->anonymous->external; S::set('newuid', $uid); try { $u = new User($uid); $u->select(UserSelect::login()); } catch (Exception $e) { S::kill('newuid'); throw $e; } S::kill('newuid'); S::set('anonymous_user', $u); return $u; } throw new Exception('DEPRECATED call to getSilentWithValues()'); }
protected function doAuth($level) { if (S::identified()) { // Nothing to do there return User::getSilentWithValues(null, array('uid' => S::i('uid'))); } if (!Get::has('auth')) { return null; } global $globals; if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) { return null; } Get::kill('auth'); S::set('auth', AUTH_PASSWD); return User::getSilentWithValues(null, array('uid' => Get::i('uid'))); }
function handler_edit($page, $action = 'show', $qid = 'root') { $this->load('survey.inc.php'); $action = Post::v('survey_action', $action); $qid = Post::v('survey_qid', $qid); if (Post::has('survey_cancel')) { // after cancelling changes, shows the survey if (S::has('survey')) { $action = 'show'; } else { // unless no editing has been done at all (shows to the surveys index page) return $this->handler_index($page); } } $page->assign('survey_editmode', true); if (S::has('survey_id')) { // if 'survey_id' is in session, it means we are modifying a survey in admin mode $page->assign('survey_updatemode', true); } if ($action == 'show' && !S::has('survey')) { $action = 'new'; } if ($action == 'question') { // {{{ modifies an existing question if (Post::has('survey_submit')) { // if the form has been submitted, makes the modifications $survey = unserialize(S::v('survey')); $args = Post::v('survey_question'); if (!$survey->editQuestion($qid, $args)) { // update the survey object structure return $this->show_error($page, '', 'survey/edit'); } $this->show_survey($page, $survey); $this->store_session($survey); } else { // if a form has not been submitted, shows modification form $survey = unserialize(S::v('survey')); $current = $survey->toArray($qid); // gets the current parameters of the question if ($current == null) { return $this->show_error($page, '', 'survey/edit'); } $this->show_form($page, $action, $qid, $current['type'], $current); } // }}} } elseif ($action == 'new') { // {{{ create a new survey : actually store the root question if (Post::has('survey_submit')) { // if the form has been submitted, creates the survey $this->clear_session(); $survey = new Survey(Post::v('survey_question')); // creates the object structure $this->show_survey($page, $survey); $this->store_session($survey); } else { $this->clear_session(); $this->show_form($page, $action, 'root', 'newsurvey'); } // }}} } elseif ($action == 'add') { // {{{ adds a new question if (Post::has('survey_submit')) { // if the form has been submitted, adds the question $survey = unserialize(S::v('survey')); if (!$survey->addQuestion($qid, $survey->factory(Post::v('survey_type'), Post::v('survey_question')))) { return $this->show_error($page, '', 'survey/edit'); } $this->show_survey($page, $survey); $this->store_session($survey); } else { $this->show_form($page, $action, $qid); } // }}} } elseif ($action == 'del') { // {{{ deletes a question if (Post::has('survey_submit')) { // if a confirmation has been sent, deletes the question $survey = unserialize(S::v('survey')); if (!$survey->delQuestion(Post::v('survey_qid'))) { // deletes the node in the survey object structure return $this->show_error($page, '', 'survey/edit'); } $this->show_survey($page, $survey); $this->store_session($survey); } else { // if user has not confirmed, shows a confirmation form $survey = unserialize(S::v('survey')); $current = $survey->toArray($qid); // needed to get the title of the question to delete (more user-friendly than an id) if ($current == null) { return $this->show_error($page, '', 'survey/edit'); } $this->show_confirm($page, 'Êtes-vous certain de vouloir supprimer la question intitulé "' . $current['question'] . '" ? ' . 'Attention, cela supprimera en même temps toutes les questions qui dépendent de celle-ci.', 'edit', array('action' => 'del', 'qid' => $qid)); } // }}} } elseif ($action == 'show') { // {{{ simply shows the survey in its current state $this->show_survey($page, unserialize(S::v('survey'))); // }}} } elseif ($action == 'valid') { // {{{ validates the proposition, i.e stores the proposition in the database // but an admin will still need to validate the survey before it is activated if (Post::has('survey_submit')) { // needs a confirmation before storing the proposition $survey = unserialize(S::v('survey')); if (S::has('survey_id')) { // if 'survey_id' is in session, we are modifying an existing survey (in admin mode) instead of proposing a new one $link = S::has('survey_validate') ? 'admin/validate' : 'survey/admin'; if ($survey->updateSurvey()) { // updates the database according the new survey object structure $this->show_success($page, "Les modifications sur le sondage ont bien été enregistrées.", $link); } else { $this->show_error($page, '', $link); } } else { // if no 'survey_id' is in session, we are indeed proposing a new survey if ($survey->proposeSurvey()) { // stores the survey object structure in database $this->show_success($page, "Votre proposition de sondage a bien été enregistrée,\n elle est en attente de validation par un administrateur du site.", 'survey'); } else { $this->show_error($page, '', 'survey'); } } $this->clear_session(); } else { // asks for a confirmation if it has not been sent $survey = unserialize(S::v('survey')); $errors = $survey->checkSyntax(); if (!is_null($errors)) { $this->show_error($page, "", 'survey/edit', $errors); } else { if (S::has('survey_id')) { $this->show_confirm($page, "Veuillez confirmer l'enregistrement des modifications apportées à ce sondage.", 'edit', array('action' => 'valid')); } else { $this->show_confirm($page, "Veuillez confirmer l'envoi de cette proposition de sondage.", 'edit', array('action' => 'valid')); } } } // }}} } elseif ($action == 'cancel') { // {{{ cancels the creation/modification of a survey if (Post::has('survey_submit')) { // needs a confirmation if (S::has('survey_id')) { // only possible when modifying a survey in admin mode if (S::has('survey_validate')) { // if a link has been supplied, uses it $this->clear_session(); return $this->show_success($page, "Les modifications effectuées ont été annulées", 'admin/validate'); } else { // else shows the admin index $this->clear_session(); return $this->handler_admin($page); } } else { $this->clear_session(); return $this->handler_index($page); // else shows the 'normal' index } } else { // asks for a confirmation if it has not been sent $this->show_confirm($page, "Êtes-vous certain de vouloir annuler totalement l'édition de ce sondage ? Attention, " . "toutes les données éditées jusque là seront définitivement perdues.", 'edit', array('action' => $action)); } } // }}} }