public function HandleAction($action) { switch ($action) { case 'dismiss': $this->UpdateOnDismiss(); break; case 'profile': $this->UpdateOnDismiss(); pl_redirect('profile/edit/' . $this->user->profile()->hrpid); break; case 'photo': $this->UpdateOnDismiss(); pl_redirect('photo/change'); break; case 'geoloc': $this->UpdateOnDismiss(); pl_redirect('profile/edit/' . $this->user->profile()->hrpid . '/adresses'); break; case 'merge': $this->UpdateOnDismiss(); $flags = self::ListMergeIssues($this->user->profile()); if ($flags->hasFlag('job')) { pl_redirect('profile/edit/' . $this->user->profile()->hrpid . '/emploi'); } else { if ($flags->hasFlag('address')) { pl_redirect('profile/edit/' . $this->user->profile()->hrpid . '/adresses'); } else { pl_redirect('profile/edit/' . $this->user->profile()->hrpid); } } break; } }
function handler_exit($page, $level = null) { global $globals; if (S::has('suid')) { Platal::session()->stopSUID(); pl_redirect('/'); } Platal::session()->destroy(); http_redirect($globals->baseurl_http); $page->changeTpl('exit.tpl'); }
public function HandleAction($action) { switch ($action) { case 'yes': $this->UpdateOnDismiss(); pl_redirect('googleapps'); break; case 'dismiss': $this->UpdateOnDismiss(); break; case 'no': $this->UpdateOnNo(); break; } }
function handler_remove($page, $id = null) { S::assert_xsrf_token(); $val = ValidateFilter::fromId($id, false); if ($val === false) { $page->trigError("This item doesn't exist"); return; } $val->select(ValidateSelect::validate()); if ($val->writer()->id() != S::user()->id()) { throw new Exception("Invalid crendentials"); } S::logger()->log('proposal/remove', array('type' => $val->type(), 'writer' => $val->writer()->id(), 'group' => $val->group()->id(), 'created' => $val->created()->toDb(), 'item' => $val->itemToDb())); $val->item()->sendmailcancel(S::user()); $val->clean(); pl_redirect(Env::v('url')); }
function handler_take($page, $sid = null) { $survey = SurveyFilter::fromId($sid, false); if ($survey) { $survey->select(Survey::SELECT_BASE | Survey::SELECT_DESCRIPTION); if ($survey->alreadyTaken()) { pl_redirect('surveys/see/' . $sid); exit; } $survey->select(array(Survey::SELECT_DATAS => SurveyQuestion::SELECT_BASE)); } else { throw new Exception("This survey doesn't exist"); } $page->assign('survey', $survey); $page->assign('title', "Sondage"); $page->addCssLink('surveys.css'); $page->changeTpl('surveys/take.tpl'); }
function handler_panel($page) { $page->changeTpl('carnet/panel.tpl'); if (Get::has('read')) { XDB::execute('UPDATE watch SET last = FROM_UNIXTIME({?}) WHERE uid = {?}', Get::i('read'), S::i('uid')); S::user()->invalidWatchCache(); Platal::session()->updateNbNotifs(); pl_redirect('carnet/panel'); } require_once 'notifs.inc.php'; $page->assign('now', time()); $user = S::user(); $notifs = Watch::getEvents($user, time() - 7 * 86400); $page->assign('notifs', $notifs); $page->assign('today', date('Y-m-d')); $this->_add_rss_link($page); }
function handler_su($page, $uid = null) { if (S::has('suid')) { $page->kill("Déjà en SUID !!!"); } if ($uid === null) { throw new Exception("You forgot to pass the uid you want to impersonate"); } $user = new UserFilter(new UFC_Uid($uid)); $user = $user->get(true); if ($user !== false) { $user->select(UserSelect::login()); if (!Platal::session()->startSUID($user)) { $page->trigError('Impossible d\'effectuer un SUID sur ' . $uid); } else { S::logger()->log('admin/su', array('uid' => $user->id())); pl_redirect('home'); } } else { throw new Exception("Impossible de faire un SUID sur " . $uid); } }
function handler_links_new($page) { if (!S::user()->perms()->hasFlag('admin')) { return PL_FORBIDDEN; } $label = Env::t('label', ''); $link = Env::t('link', ''); $description = Env::t('description', ''); $comment = Env::t('comment', ''); $type = Env::t('type', ''); trace($type); if (Env::has('create') && $label != '' && $link != '' && ($type == 'partners' || $type == 'usefuls')) { $l = new Link(); $l->insert($type); if (FrankizUpload::has('image') && $type == 'partners') { try { $group = Group::from('partnership'); $group->select(GroupSelect::castes()); $image = new FrankizImage(); $image->insert(); $image->label($label); $image->caste($group->caste(new Rights('everybody'))); $image->image(FrankizUpload::v('image')); $l->image($image); } catch (Exception $e) { $page->assign('err', $e->getMessage()); } } $l->label($label); $l->link($link); $l->description($description); $l->comment($comment); pl_redirect('links/' . $type); } $page->assign('title', 'Nouveau lien'); $page->addCssLink('links.css'); $page->changeTpl('links/new_link.tpl'); }
public function HandleAction($action) { switch ($action) { case 'suscribe': S::assert_xsrf_token(); $subs = array_keys(Post::v('sub_ml')); $res = XDB::iterRow("SELECT sub, domain\n FROM register_subs\n WHERE uid = {?} AND type = 'list'\n ORDER BY domain", S::i('uid')); while (list($sub, $domain) = $res->next()) { if (array_shift($subs) == "{$sub}@{$domain}") { MailingList::subscribeTo($sub, $domain); } } $this->UpdateOnYes(); pl_redirect('lists'); break; case 'dismiss': $this->UpdateOnDismiss(); break; case 'no': $this->UpdateOnNo(); break; } }
function handler_admin_nl_edit($page, $nid = 'last', $aid = null, $action = 'edit') { $page->changeTpl('newsletter/edit.tpl'); $page->addCssLink('nl.Polytechnique.org.css'); $page->setTitle('Administration - Newsletter : Édition'); $nl = $this->getNl(); if (!$nl) { return PL_NOT_FOUND; } try { $issue = $nl->getIssue($nid, false); } catch (MailNotFound $e) { return PL_NOT_FOUND; } $ufb = $nl->getSubscribersUFB(); $ufb_keepenv = false; // Will be set to True if there were invalid modification to the UFB. // Convert NLIssue error messages to human-readable errors $error_msgs = array(NLIssue::ERROR_INVALID_REPLY_TO => "L'adresse de réponse est invalide.", NLIssue::ERROR_INVALID_SHORTNAME => "Le nom court est invalide ou vide.", NLIssue::ERROR_INVALID_UFC => "Le filtre des destinataires est invalide.", NLIssue::ERROR_TOO_LONG_UFC => "Le nombre de matricules AX renseigné est trop élevé.", NLIssue::ERROR_SQL_SAVE => "Une erreur est survenue en tentant de sauvegarder la lettre, merci de réessayer."); // Update the current issue if ($aid == 'update' && Post::has('submit')) { // Save common fields $issue->title = Post::s('title'); $issue->title_mail = Post::s('title_mail'); $issue->head = Post::s('head'); $issue->signature = Post::s('signature'); $issue->reply_to = Post::s('reply_to'); if ($issue->isEditable()) { // Date and shortname may only be modified for pending NLs, otherwise all links get broken. $issue->date = Post::s('date'); $issue->shortname = strlen(Post::blank('shortname')) ? null : Post::s('shortname'); $issue->sufb->updateFromEnv($ufb->getEnv()); if ($nl->automaticMailingEnabled()) { $issue->send_before = preg_replace('/^(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)$/', '\\1-\\2-\\3', Post::v('send_before_date')) . ' ' . Post::i('send_before_time_Hour') . ':00:00'; } } $errors = $issue->save(); if (count($errors)) { foreach ($errors as $error_code) { $page->trigError($error_msgs[$error_code]); } } } // Delete an article if ($action == 'delete') { $issue->delArticle($aid); pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}"); } // Save an article if (Post::v('save')) { $art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $aid, Post::v('cid'), Post::v('pos')); $issue->saveArticle($art); pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}"); } // Edit an article if ($action == 'edit' && $aid != 'update') { $eaid = $aid; if (Post::has('title')) { $art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $eaid, Post::v('cid'), Post::v('pos')); } else { $art = $eaid == 'new' ? new NLArticle() : $issue->getArt($eaid); } if ($art && !$art->check()) { $page->trigError("Cet article est trop long."); } $page->assign('art', $art); } // Check blacklisted IPs if ($aid == 'blacklist_check') { global $globals; $ips_to_check = array(); $blacklist_host_resolution_count = 0; foreach ($issue->arts as $key => $articles) { foreach ($articles as $article) { $article_ips = $article->getLinkIps($blacklist_host_resolution_count); if (!empty($article_ips)) { $ips_to_check[$article->title()] = $article_ips; } } } $page->assign('ips_to_check', $ips_to_check); if ($blacklist_host_resolution_count >= $globals->mail->blacklist_host_resolution_limit) { $page->trigError("Toutes les url et adresses emails de la lettre" . " n'ont pas été prises en compte car la" . " limite du nombre de résolutions DNS" . " autorisée a été atteinte."); } } if ($issue->state == NLIssue::STATE_SENT) { $page->trigWarning("Cette lettre a déjà été envoyée ; il est recommandé de limiter les modifications au maximum (orthographe, adresses web et mail)."); } $ufb->setEnv($issue->sufb->getEnv()); $page->assign_by_ref('nl', $nl); $page->assign_by_ref('issue', $issue); }
function handler_aaliases($page, $alias = null) { global $globals; require_once 'emails.inc.php'; $page->setTitle('Administration - Aliases'); if (Post::has('new_alias')) { pl_redirect('admin/aliases/' . Post::t('new_alias') . '@' . $globals->mail->domain); } // If no alias, list them all. if (is_null($alias)) { $page->changeTpl('lists/admin_aliases.tpl'); $page->assign('aliases', array_merge(iterate_list_alias($globals->mail->domain), iterate_list_alias($globals->mail->domain2))); return; } list($local_part, $domain) = explode('@', $alias); if (!($globals->mail->domain == $domain || $globals->mail->domain2 == $domain) || !preg_match("/^[a-zA-Z0-9\\-\\.]*\$/", $local_part)) { $page->trigErrorRedirect('Le nom de l\'alias est erroné.', $globals->asso('diminutif') . 'admin/aliases'); } // Now we can perform the action. if (Post::has('del_alias')) { S::assert_xsrf_token(); delete_list_alias($local_part, $domain); $page->trigSuccessRedirect($alias . ' supprimé.', 'admin/aliases'); } if (Post::has('add_member')) { S::assert_xsrf_token(); if (add_to_list_alias(Post::t('add_member'), $local_part, $domain)) { $page->trigSuccess('Ajout réussit.'); } else { $page->trigError('Ajout infructueux.'); } } if (Get::has('del_member')) { S::assert_xsrf_token(); if (delete_from_list_alias(Get::t('del_member'), $local_part, $domain)) { $page->trigSuccess('Suppression réussie.'); } else { $page->trigError('Suppression infructueuse.'); } } $page->changeTpl('lists/admin_edit_alias.tpl'); $page->assign('members', list_alias_members($local_part, $domain)); $page->assign('alias', $alias); }
function handler_edit($page) { global $globals; $user = S::user(); if (empty($user)) { return PL_NOT_FOUND; } if ($user->type != 'xnet') { pl_redirect('index'); } $page->changeTpl('xnet/edit.tpl'); if (Post::has('change')) { S::assert_xsrf_token(); // Convert user status to X if (!Post::blank('login_X')) { $forlife = $this->changeLogin($page, $user, Post::t('login_X')); if ($forlife) { pl_redirect('index'); } } require_once 'emails.inc.php'; require_once 'name.func.inc.php'; // Update user info $lastname = capitalize_name(Post::t('lastname')); $firstname = capitalize_name(Post::t('firstname')); $full_name = build_full_name($firstname, $lastname); $directory_name = build_directory_name($firstname, $lastname); $sort_name = build_sort_name($firstname, $lastname); XDB::query('UPDATE accounts SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?}, firstname = {?}, lastname = {?}, sex = {?} WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), Post::t('firstname'), Post::t('lastname'), Post::t('sex') == 'male' ? 'male' : 'female', $user->id()); // Updates email. $new_email = strtolower(Post::t('email')); if (require_email_update($user, $new_email)) { XDB::query('UPDATE accounts SET email = {?} WHERE uid = {?}', $new_email, $user->id()); $listClient = new MMList(S::user()); $listClient->change_user_email($user->forlifeEmail(), $new_email); update_alias_user($user->forlifeEmail(), $new_email); } $user = User::getWithUID($user->id()); S::set('user', $user); $page->trigSuccess('Données mises à jour.'); } $page->addJsLink('password.js'); $page->assign('user', $user); }
function handler_exit($page, $level = null) { if (S::suid()) { $old = S::user()->login(); S::logger()->log('suid_stop', $old . " by " . S::suid('hruid')); Platal::session()->stopSUID(); $target = S::s('suid_startpage'); S::kill('suid_startpage'); if (!empty($target)) { http_redirect($target); } pl_redirect('admin/user/' . $old); } if ($level == 'forget' || $level == 'forgetall') { Platal::session()->killAccessCookie(); } if ($level == 'forgetuid' || $level == 'forgetall') { Platal::session()->killLoginFormCookies(); } if (S::logged()) { S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']); Platal::session()->destroy(); } if (Get::has('redirect')) { http_redirect(rawurldecode(Get::v('redirect'))); } else { $page->changeTpl('platal/exit.tpl'); } }
function handler_broken($page, $uid = null) { $page->changeTpl('marketing/broken.tpl'); if (is_null($uid)) { return PL_NOT_FOUND; } $user = User::get($uid); if (!$user) { return PL_NOT_FOUND; } elseif ($user->login() == S::user()->login()) { pl_redirect('emails/redirect'); } $res = XDB::query('SELECT p.deathdate IS NULL AS alive, r.last, IF(r.type = \'googleapps\', \'googleapps\', r.redirect) AS active_email FROM accounts AS a LEFT JOIN email_redirect_account AS r ON (a.uid = r.uid AND r.type IN (\'smtp\', \'googleapps\') AND r.flags = \'active\') LEFT JOIN account_profiles AS ap ON (ap.uid = r.uid AND FIND_IN_SET(\'owner\', ap.perms)) LEFT JOIN profiles AS p ON (p.pid = ap.pid) WHERE a.uid = {?} ORDER BY r.broken_level, r.last', $user->id()); if (!$res->numRows()) { return PL_NOT_FOUND; } $user->addProperties($res->fetchOneAssoc()); $page->assign('user', $user); $email = null; require_once 'emails.inc.php'; if (Post::has('mail')) { $email = valide_email(Post::v('mail')); } if (Post::has('valide') && isvalid_email_redirection($email, $user)) { S::assert_xsrf_token(); // security stuff check_email($email, "Proposition d'une adresse surveillee pour " . $user->login() . " par " . S::user()->login()); $state = XDB::fetchOneCell('SELECT flags FROM email_redirect_account WHERE redirect = {?} AND uid = {?}', $email, $user->id()); if ($state == 'broken') { $page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user->fullName()} et est en panne."); } elseif ($state == 'active') { $page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user->fullName()}"); } elseif ($user->email && !Post::t('comment')) { $page->trigError("Il faut que tu ajoutes un commentaire à ta proposition pour justifier le " . "besoin de changer la redirection de {$user->fullName()}."); } else { $valid = new BrokenReq(S::user(), $user, $email, trim(Post::v('comment'))); $valid->submit(); $page->assign('sent', true); } } elseif ($email) { $page->trigError("L'adresse proposée n'est pas une adresse acceptable pour une redirection."); } }
function handler_group_insert($page) { $group = new Group(); $group->insert(); $group->caste(Rights::admin())->addUser(S::user()); S::logger()->log("groups/insert", array('gid' => $group->id())); pl_redirect('groups/admin/' . $group->id()); }
function handler_edit($page, $eid = null) { global $globals; // get eid if the the given one is a short name if (!is_null($eid) && !is_numeric($eid)) { $res = XDB::query("SELECT eid\n FROM group_events\n WHERE asso_id = {?} AND short_name = {?}", $globals->asso('id'), $eid); if ($res->numRows()) { $eid = (int) $res->fetchOneCell(); } } // check the event is in our group if (!is_null($eid)) { $res = XDB::query("SELECT short_name\n FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id')); if ($res->numRows()) { $infos = $res->fetchOneAssoc(); } else { return PL_FORBIDDEN; } } $page->changeTpl('xnetevents/edit.tpl'); $moments = range(1, 4); $error = false; $page->assign('moments', $moments); if (Post::v('intitule')) { S::assert_xsrf_token(); $this->load('xnetevents.inc.php'); $short_name = event_change_shortname($page, $eid, $infos['short_name'], Env::v('short_name', '')); if ($short_name != Env::v('short_name')) { $error = true; } $evt = array('eid' => $eid, 'asso_id' => $globals->asso('id'), 'paiement_id' => Post::v('paiement_id') > 0 ? Post::v('paiement_id') : null, 'debut' => Post::v('deb_Year') . '-' . Post::v('deb_Month') . '-' . Post::v('deb_Day') . ' ' . Post::v('deb_Hour') . ':' . Post::v('deb_Minute') . ':00', 'fin' => Post::v('fin_Year') . '-' . Post::v('fin_Month') . '-' . Post::v('fin_Day') . ' ' . Post::v('fin_Hour') . ':' . Post::v('fin_Minute') . ':00', 'short_name' => $short_name); $trivial = array('intitule', 'descriptif', 'noinvite', 'subscription_notification', 'show_participants', 'accept_nonmembre', 'uid'); foreach ($trivial as $k) { $evt[$k] = Post::v($k); } if (!$eid) { $evt['uid'] = S::v('uid'); } if (Post::v('deadline')) { $evt['deadline_inscription'] = Post::v('inscr_Year') . '-' . Post::v('inscr_Month') . '-' . Post::v('inscr_Day'); } else { $evt['deadline_inscription'] = null; } // Store the modifications in the database XDB::execute('INSERT INTO group_events (eid, asso_id, uid, intitule, paiement_id, descriptif, debut, fin, show_participants, short_name, deadline_inscription, noinvite, accept_nonmembre, subscription_notification) VALUES ({?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE asso_id = VALUES(asso_id), uid = VALUES(uid), intitule = VALUES(intitule), paiement_id = VALUES(paiement_id), descriptif = VALUES(descriptif), debut = VALUES(debut), fin = VALUES(fin), show_participants = VALUES(show_participants), short_name = VALUES(short_name), deadline_inscription = VALUES(deadline_inscription), noinvite = VALUES(noinvite), accept_nonmembre = VALUES(accept_nonmembre), subscription_notification = VALUES(subscription_notification)', $evt['eid'], $evt['asso_id'], $evt['uid'], $evt['intitule'], $evt['paiement_id'], $evt['descriptif'], $evt['debut'], $evt['fin'], $evt['show_participants'], $evt['short_name'], $evt['deadline_inscription'], $evt['noinvite'], $evt['accept_nonmembre'], $evt['subscription_notification']); // if new event, get its id if (!$eid) { $eid = XDB::insertId(); } foreach ($moments as $i) { if (Post::v('titre' . $i)) { $nb_moments++; $montant = strtr(Post::v('montant' . $i), ',', '.'); $money_defaut += (double) $montant; XDB::execute('INSERT INTO group_event_items (eid, item_id, titre, details, montant) VALUES ({?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE titre = VALUES(titre), details = VALUES(details), montant = VALUES(montant)', $eid, $i, Post::v('titre' . $i), Post::v('details' . $i), $montant); } else { XDB::execute('DELETE FROM group_event_items WHERE eid = {?} AND item_id = {?}', $eid, $i); } } // request for a new payment if (Post::v('paiement_id') == -1 && $money_defaut >= 0) { $p = new PayReq(S::user(), $globals->asso('nom') . " - " . Post::v('intitule'), Post::v('site'), $money_defaut, Post::v('confirmation'), 0, 999, $globals->asso('id'), $eid, Post::v('payment_public') == 'yes'); if ($p->accept()) { $p->submit(); } else { $page->assign('payment_message', Post::v('confirmation')); $page->assign('payment_site', Post::v('site')); $page->assign('payment_public', Post::v('payment_public') == 'yes'); $page->assign('error', true); $error = true; } } // events with no sub-event: add a sub-event with default name if ($nb_moments == 0) { XDB::execute("INSERT INTO group_event_items\n VALUES ({?}, {?}, 'Événement', '', 0)", $eid, 1); } if (!$error) { pl_redirect('events'); } } // get a list of all the payment for this asso $res = XDB::iterator("SELECT id, text\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)", $globals->asso('id')); $paiements = array(); while ($a = $res->next()) { $paiements[$a['id']] = $a['text']; } $page->assign('paiements', $paiements); // when modifying an old event retreive the old datas if ($eid) { $res = XDB::query("SELECT eid, intitule, descriptif, debut, fin, uid,\n show_participants, paiement_id, short_name,\n deadline_inscription, noinvite, accept_nonmembre, subscription_notification\n FROM group_events\n WHERE eid = {?}", $eid); $evt = $res->fetchOneAssoc(); // find out if there is already a request for a payment for this event $res = XDB::query("SELECT stamp\n FROM requests\n WHERE type = 'paiements' AND data LIKE {?}", PayReq::same_event($eid, $globals->asso('id'))); $stamp = $res->fetchOneCell(); if ($stamp) { $evt['paiement_id'] = -2; $evt['paiement_req'] = $stamp; } $page->assign('evt', $evt); // get all the different moments infos $res = XDB::iterator("SELECT item_id, titre, details, montant\n FROM group_event_items AS ei\n INNER JOIN group_events AS e ON(e.eid = ei.eid)\n WHERE e.eid = {?}\n ORDER BY item_id", $eid); $items = array(); while ($item = $res->next()) { $items[$item['item_id']] = $item; } $page->assign('items', $items); } $page->assign('url_ref', $eid); }
function handler_admin_name($page, $hruid = null) { $page->changeTpl('admin/admin_name.tpl'); if (Post::has('id')) { $user = User::get(Post::t('id')); if (is_null($user)) { $page->trigError("L'identifiant donné ne correspond à personne ou est ambigu."); exit; } pl_redirect('admin/name/' . $user->hruid); } $user = User::getSilent($hruid); if (!is_null($user)) { require_once 'name.func.inc.php'; if ($user->hasProfile()) { $name_types = array('lastname_main' => 'Nom patronymique', 'lastname_marital' => 'Nom marital', 'lastname_ordinary' => 'Nom usuel', 'firstname_main' => 'Prénom', 'firstname_ordinary' => 'Prénom usuel', 'pseudonym' => 'Pseudonyme'); $names = XDB::fetchOneAssoc('SELECT lastname_main, lastname_marital, lastname_ordinary, firstname_main, firstname_ordinary, pseudonym FROM profile_public_names WHERE pid = {?}', $user->profile()->id()); } else { $name_types = array('lastname' => 'Nom', 'firstname' => 'Prénom'); $names = XDB::fetchOneAssoc('SELECT lastname, firstname FROM accounts WHERE uid = {?}', $user->id()); } if (Post::has('correct')) { $new_names = array(); $update = true; foreach ($name_types as $key => $fullname) { $new_names[$key] = Post::t($key); if (mb_strtolower($new_names[$key]) != mb_strtolower($names[$key])) { $update = false; } } if ($update) { if ($user->hasProfile()) { update_public_names($user->profile()->id(), $new_names); update_display_names($user->profile(), $new_names); } else { $new_names['full_name'] = build_full_name($new_names['firstname'], $new_names['lastname']); $new_names['directory_name'] = build_directory_name($new_names['firstname'], $new_names['lastname']); $new_names['sort_name'] = build_sort_name($new_names['firstname'], $new_names['lastname']); XDB::execute('UPDATE accounts SET lastname = {?}, firstname = {?}, full_name = {?}, directory_name = {?}, sort_name = {?} WHERE uid = {?}', $new_names['lastname'], $new_names['firstname'], $new_names['full_name'], $new_names['directory_name'], $new_names['sort_name'], $user->id()); } $page->trigSuccess('Mise à jour réussie.'); } else { $page->trigError('Seuls des changements de casse sont autorisés ici.'); } } if ($user->hasProfile()) { $names = XDB::fetchOneAssoc('SELECT lastname_main, lastname_marital, lastname_ordinary, firstname_main, firstname_ordinary, pseudonym FROM profile_public_names WHERE pid = {?}', $user->profile()->id()); } else { $names = XDB::fetchOneAssoc('SELECT lastname, firstname FROM accounts WHERE uid = {?}', $user->id()); } foreach ($names as $key => $name) { $names[$key] = array('value' => $name, 'standard' => capitalize_name($name)); $names[$key]['different'] = $names[$key]['value'] != $names[$key]['standard']; } $page->assign('uid', $user->id()); $page->assign('hruid', $user->hruid); $page->assign('names', $names); $page->assign('name_types', $name_types); } }
function handler_melix($page, $login = null) { $this->load('openid.inc.php'); global $globals; $melix = $login ? $login . '@' . $globals->mail->alias_dom : null; if ($melix && ($requested_user = User::getSilent($melix))) { $server = new OpenId(); $server->RenderDiscoveryPage($page, $requested_user); } else { pl_redirect('Xorg/OpenId'); } }
function handler_skin_resmartphone($page, $url) { global $globals; S::set('skin', $globals->smartphone_skin); pl_redirect($url); exit; }
function handler_adm_transfers($page, $action = null, $id = null) { // list/log all bank transfers and link them to individual transactions if (Post::has('generate')) { $recon_ids = array_keys(Post::v('recon_id')); // generate a new reconcilation group ID $res = XDB::query("SELECT MAX(recongroup_id)+1 FROM payment_reconcilations"); $recongp_id = $res->fetchOneCell(); if ($recongp_id == null) { $recongp_id = 1; } // add reconcilations to group // FIXME: should check if reconcilations are in good status XDB::execute("UPDATE payment_reconcilations\n SET recongroup_id = {?}, status = 'closed'\n WHERE id IN {?}", $recongp_id, $recon_ids); // create transfers XDB::execute('INSERT INTO payment_transfers SELECT NULL, {?}, t.ref, SUM(t.amount+t.commission), NULL, p.text, NULL FROM payment_transactions AS t LEFT JOIN payments AS p ON (t.ref = p.id) LEFT JOIN groups AS g ON (p.asso_id = g.id) WHERE t.recon_id IN {?} AND t.status = "confirmed" GROUP BY t.ref', $recongp_id, $recon_ids); //$res = XDB::query("SELECT * FROM payment_reconcilations WHERE id IN {?}", $recon_ids); //$recons = $res->fetchAllAssoc(); $page->trigSuccess('Les virements ont été générés pour ' . count($recon_ids) . ' réconciliations.'); $this->handler_adm_reconcile($page); } elseif ($action == 'delgroup') { S::assert_xsrf_token(); XDB::execute("UPDATE payment_reconcilations\n SET status = 'transfering', recongroup_id = NULL\n WHERE recongroup_id = {?}", $id); XDB::execute("DELETE FROM payment_transfers\n WHERE recongroup_id = {?} AND date IS NULL", $id); $page->trigSuccess("Les virements non réalisés ont été supprimé du groupe " . $id . "."); $this->handler_adm_reconcile($page); } elseif ($action == "confirm") { S::assert_xsrf_token(); $account_id = XDB::fetchOneCell('SELECT rib_id FROM payments AS p LEFT JOIN payment_transfers AS t ON (t.payment_id = p.id) WHERE t.id = {?}', $id); XDB::execute('UPDATE payment_transfers SET date = NOW(), account_id = {?} WHERE id = {?}', $account_id, $id); $page->trigSuccess('Virement ' . $id . ' confirmé.'); $this->handler_adm_reconcile($page); } else { pl_redirect('admin/reconcile'); } }
function handler_p_edit($page, $hrpid = null, $opened_tab = null, $mode = null, $success = null) { global $globals; if (in_array($hrpid, array('general', 'adresses', 'emploi', 'poly', 'deco', 'mentor', 'deltaten'))) { $aux = $opened_tab; $opened_tab = $hrpid; $hrpid = $aux; $url_error = true; } else { $url_error = false; } $profile = $this->findProfile($hrpid); if (!$profile instanceof Profile && ($profile == PL_NOT_FOUND || $profile == PL_FORBIDDEN)) { return $profile; } if (is_null($hrpid) || $url_error) { pl_redirect('profile/edit/' . $profile->hrid() . (is_null($opened_tab) ? '' : '/' . $opened_tab)); } // Build the page $page->addJsLink('jquery.ui.xorg.js'); $page->addJsLink('education.js', true, false); /* dynamic content */ $page->addJsLink('grades.js', true, false); /* dynamic content */ $page->addJsLink('profile.js'); $wiz = new PlWizard('Profil', PlPage::getCoreTpl('plwizard.tpl'), true, true, false); $wiz->addUserData('profile', $profile); $wiz->addUserData('owner', $profile->owner()); $this->load('page.inc.php'); $wiz->addPage('ProfilePageGeneral', 'Général', 'general'); $wiz->addPage('ProfilePageAddresses', 'Adresses personnelles', 'adresses'); $wiz->addPage('ProfilePageJobs', 'Informations professionnelles', 'emploi'); $viewPrivate = S::user()->checkPerms(User::PERM_DIRECTORY_PRIVATE); if ($viewPrivate) { $wiz->addPage('ProfilePageGroups', 'Groupes X - Binets', 'poly'); } $wiz->addPage('ProfilePageDecos', 'Décorations - Medailles', 'deco'); if ($viewPrivate) { $wiz->addPage('ProfilePageMentor', 'Mentoring', 'mentor'); } if ($viewPrivate && $profile->isDeltatenEnabled(Profile::DELTATEN_OLD)) { $wiz->addPage('ProfilePageDeltaten', 'Opération N N-10', 'deltaten'); } $wiz->apply($page, 'profile/edit/' . $profile->hrid(), $opened_tab, $mode); if (!$profile->birthdate) { $page->trigWarning("Ta date de naissance n'est pas renseignée, ce qui t'empêcheras de réaliser" . " la procédure de récupération de mot de passe si un jour tu le perdais."); } $page->setTitle('Mon Profil'); $page->assign('hrpid', $profile->hrid()); $page->assign('viewPrivate', $viewPrivate); $page->assign('isMe', S::user()->isMyProfile($profile)); if (isset($success) && $success) { $page->trigSuccess('Ton profil a bien été mis à jour.'); } }
function handler_ev($page, $action = 'list', $eid = null, $pound = null) { $page->changeTpl('events/index.tpl'); $user = S::user(); /** XXX: Tips and reminder only for user with 'email' permission. * We can do better in the future by storing a userfilter * with the tip/reminder. */ if ($user->checkPerms(User::PERM_MAIL)) { $page->assign('tips', $this->get_tips()); } // Adds a reminder onebox to the page. require_once 'reminder.inc.php'; if ($reminder = Reminder::GetCandidateReminder($user)) { $reminder->Prepare($page); } // Wishes "Happy birthday" when required $profile = $user->profile(); if (!is_null($profile)) { if ($profile->next_birthday == date('Y-m-d')) { $birthyear = (int) date('Y', strtotime($profile->birthdate)); $curyear = (int) date('Y'); $page->assign('birthday', $curyear - $birthyear); } } // Direct link to the RSS feed, when available. if (S::hasAuthToken()) { $page->setRssLink('Polytechnique.org :: News', '/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml'); } // Hide the read event, and reload the page to get to the next event. if ($action == 'read' && $eid) { XDB::execute('DELETE ev.* FROM announce_read AS ev INNER JOIN announces AS e ON e.id = ev.evt_id WHERE expiration < NOW()'); XDB::execute('INSERT IGNORE INTO announce_read (evt_id, uid) VALUES ({?}, {?})', $eid, S::v('uid')); pl_redirect('events#' . $pound); } // Unhide the requested event, and reload the page to display it. if ($action == 'unread' && $eid) { XDB::execute('DELETE FROM announce_read WHERE evt_id = {?} AND uid = {?}', $eid, S::v('uid')); pl_redirect('events#newsid' . $eid); } // Fetch the events to display, along with their metadata. $array = array(); $it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, e.uid,\n p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,\n FIND_IN_SET('important', e.flags) AS important,\n e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,\n e.expiration < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,\n ev.uid IS NULL AS nonlu, e.promo_min, e.promo_max\n FROM announces AS e\n LEFT JOIN announce_photos AS p ON (e.id = p.eid)\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY important DESC, news DESC, end DESC, e.expiration, e.creation_date DESC", S::i('uid')); $cats = array('important', 'news', 'end', 'body'); $this->load('feed.inc.php'); $user = S::user(); $body = EventFeed::nextEvent($it, $user); foreach ($cats as $cat) { $data = array(); if (!$body) { continue; } do { if ($cat == 'body' || $body[$cat]) { $data[] = $body; } else { break; } $body = EventFeed::nextEvent($it, $user); } while ($body); if (!empty($data)) { $array[$cat] = $data; } } $page->assign_by_ref('events', $array); }
function handler_end($page, $hash = null) { global $globals; $_SESSION['subState'] = array('step' => 5); // Reject registration requests from unsafe IP addresses (and remove the // registration information from the database, to prevent IP changes). if (check_ip('unsafe')) { send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.'); XDB::execute("DELETE FROM register_pending\n WHERE hash = {?} AND hash != 'INSCRIT'", $hash); return PL_FORBIDDEN; } // Retrieve the pre-registration information using the url-provided // authentication token. $res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,\n r.password, r.email, r.services, r.naissance,\n ppn.lastname_initial, ppn.firstname_initial, pe.promo_year,\n pd.promo, p.sex, p.birthdate_ref, a.type, a.email AS old_account_email\n FROM register_pending AS r\n INNER JOIN accounts AS a ON (r.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'", $hash); if (!$hash || $res->numRows() == 0) { $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>\n <p>Causes probables :</p>\n <ol>\n <li>Vérifie que tu visites l'adresse du dernier\n email reçu s'il y en a eu plusieurs.</li>\n <li>Tu as peut-être mal copié l'adresse reçue par\n email, vérifie-la à la main.</li>\n <li>Tu as peut-être attendu trop longtemps pour\n confirmer. Les pré-inscriptions sont annulées\n tous les 30 jours.</li>\n <li>Tu es en fait déjà inscrit.</li>\n </ol>"); } list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services, $birthdate, $lastname, $firstname, $yearpromo, $promo, $sex, $birthdate_ref, $type, $old_account_email) = $res->fetchOneRow(); $isX = $type == 'x'; $mail_domain = User::$sub_mail_domains[$type] . $globals->mail->domain; // Prepare the template for display. $page->changeTpl('register/end.tpl'); $page->assign('forlife', $forlife); $page->assign('firstname', $firstname); // Check if the user did enter a valid password; if not (or if none is found), // get her an information page. if (Post::has('response')) { $expected_response = sha1("{$forlife}:{$password}:" . S::v('challenge')); if (Post::v('response') != $expected_response) { $page->trigError("Mot de passe invalide."); S::logger($uid)->log('auth_fail', 'bad password (register/end)'); return; } } else { return; } // // Create the user account. // XDB::startTransaction(); XDB::execute("UPDATE accounts\n SET password = {?}, state = 'active',\n registration_date = NOW(), email = NULL\n WHERE uid = {?}", $password, $uid); XDB::execute("UPDATE profiles\n SET birthdate = {?}, last_change = NOW()\n WHERE pid = {?}", $birthdate, $pid); XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'forlife\', \'\', id FROM email_virtual_domains WHERE name = {?}', $forlife, $uid, $mail_domain); XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'alias\', \'bestalias\', id FROM email_virtual_domains WHERE name = {?}', $bestalias, $uid, $mail_domain); if ($emailXorg2) { XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'alias\', \'\', id FROM email_virtual_domains WHERE name = {?}', $emailXorg2, $uid, $mail_domain); } XDB::commit(); // Try to start a session (so the user don't have to log in); we will use // the password available in Post:: to authenticate the user. Platal::session()->start(AUTH_PASSWD); // Add the registration email address as first and only redirection. require_once 'emails.inc.php'; $user = User::getSilentWithUID($uid); $redirect = new Redirect($user); $redirect->add_email($email); fix_bestalias($user); // If the user was registered to some aliases and MLs, we must change // the subscription to her forlife email. if ($old_account_email) { $listClient = new MMList($user); $listClient->change_user_email($old_account_email, $user->forlifeEmail()); update_alias_user($old_account_email, $user->forlifeEmail()); } // Subscribe the user to the services she did request at registration time. require_once 'newsletter.inc.php'; foreach (explode(',', $services) as $service) { switch ($service) { case 'ax_letter': /* This option is deprecated by 'com_letters' */ NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user); break; case 'com_letters': NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user); NewsLetter::forGroup(NewsLetter::GROUP_EP)->subscribe($user); NewsLetter::forGroup(NewsLetter::GROUP_FX)->subscribe($user); break; case 'nl': NewsLetter::forGroup(NewsLetter::GROUP_XORG)->subscribe($user); break; case 'imap': Email::activate_storage($user, 'imap', Bogo::IMAP_DEFAULT); break; case 'ml_promo': if ($isX) { $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo); if ($r->numRows()) { $asso_id = $r->fetchOneCell(); XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id) VALUES ({?}, {?})', $uid, $asso_id); try { MailingList::subscribePromo($yearpromo, $user); } catch (Exception $e) { PlErrorReport::report($e); $page->trigError("L'inscription à la liste promo" . $yearpromo . " a échouée."); } } } break; } } // Log the registration in the user session. S::logger($uid)->log('inscription', $email); XDB::execute("UPDATE register_pending\n SET hash = 'INSCRIT'\n WHERE uid = {?}", $uid); // Congratulate our newly registered user by email. $mymail = new PlMailer('register/success.mail.tpl'); $mymail->addTo("\"{$user->fullName()}\" <{$user->forlifeEmail()}>"); if ($isX) { $mymail->setSubject('Bienvenue parmi les X sur le web !'); } else { $mymail->setSubject('Bienvenue sur Polytechnique.org !'); } $mymail->assign('forlife', $forlife); $mymail->assign('firstname', $firstname); $mymail->send(); // Index the user, to allow her to appear in searches. Profile::rebuildSearchTokens($pid); // Notify other users which were watching for her arrival. XDB::execute('INSERT INTO contacts (uid, contact) SELECT uid, {?} FROM watch_nonins WHERE ni_id = {?}', $pid, $uid); XDB::execute('DELETE FROM watch_nonins WHERE ni_id = {?}', $uid); Platal::session()->updateNbNotifs(); // Forcibly register the new user on default forums. $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements'); if ($isX) { $promoForum = 'xorg.promo.' . strtolower($promo); $exists = XDB::fetchOneCell('SELECT COUNT(*) FROM forums WHERE name = {?}', $promoForum); if ($exists == 0) { // Notify the newsgroup admin of the promotion forum needs be created. $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo)); $promoRegistered = new UserFilter(new PFC_And(new UFC_Promo('=', UserFilter::DISPLAY, $promo), new UFC_Registered(true), new PFC_Not(new UFC_Dead()))); if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) { $mymail = new PlMailer('admin/forums-promo.mail.tpl'); $mymail->assign('promo', $promo); $mymail->send(); } } else { $registeredForums[] = $promoForum; } } foreach ($registeredForums as $forum) { XDB::execute("INSERT INTO forum_subs (fid, uid)\n SELECT fid, {?}\n FROM forums\n WHERE name = {?}", $uid, $val); } // Update the global registration count stats. $globals->updateNbIns(); // // Update collateral data sources, and inform watchers by email. // // Email the referrer(s) of this new user. $res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate\n FROM register_marketing\n WHERE uid = {?}\n GROUP BY sender\n ORDER BY lastDate DESC", $uid); XDB::execute("UPDATE register_mstats\n SET success = NOW()\n WHERE uid = {?}", $uid); $market = array(); while (list($senderid, $maketingEmails, $lastDate) = $res->next()) { $sender = User::getWithUID($senderid); $market[] = " - par {$sender->fullName()} sur {$maketingEmails} (le plus récemment le {$lastDate})"; $mymail = new PlMailer('register/marketer.mail.tpl'); $mymail->setSubject("{$firstname} {$lastname} s'est inscrit à Polytechnique.org !"); $mymail->setTo($sender); $mymail->assign('sender', $sender); $mymail->assign('firstname', $firstname); $mymail->assign('lastname', $lastname); $mymail->assign('promo', $promo); $mymail->assign('sex', $sex); $mymail->setTxtBody(wordwrap($msg, 72)); $mymail->send(); } // Email the plat/al administrators about the registration. if ($globals->register->notif) { $mymail = new PlMailer('register/registration.mail.tpl'); $mymail->setSubject("Inscription de {$firstname} {$lastname} ({$promo})"); $mymail->assign('firstname', $firstname); $mymail->assign('lastname', $lastname); $mymail->assign('promo', $promo); $mymail->assign('sex', $sex); $mymail->assign('birthdate', $birthdate); $mymail->assign('birthdate_ref', $birthdate_ref); $mymail->assign('forlife', $forlife); $mymail->assign('email', $email); $mymail->assign('logger', S::logger()); if (count($market) > 0) { $mymail->assign('market', implode("\n", $market)); } $mymail->setTxtBody($msg); $mymail->send(); } // Remove old pending marketing requests for the new user. Marketing::clear($uid); pl_redirect('profile/edit'); }
function handler_acreate($page) { if (!$this->get_lists_domain()) { return PL_NOT_FOUND; } $page->changeTpl('xnetlists/alias-create.tpl'); if (!Post::has('submit')) { return; } else { S::assert_xsrf_token(); } if (!Post::has('liste')) { $page->trigError('Le champs « adresse souhaitée » est vide.'); return; } $list = Post::v('liste'); if (!preg_match("/^[a-zA-Z0-9\\-\\.]*\$/", $list)) { $page->trigError('Le nom de l\'alias ne doit contenir que des lettres,' . ' chiffres, tirets et points.'); return; } require_once 'emails.inc.php'; $lists_domain = $this->get_lists_domain(); if (list_exist($list, $lists_domain)) { $page->trigError('Cet alias est déjà pris.'); return; } add_to_list_alias(S::i('uid'), $list, $lists_domain); pl_redirect('alias/admin/' . $list . '@' . $lists_domain); }
function handler_issues($page, $action = '') { static $issueList = array('name' => 'noms', 'phone' => 'téléphones', 'education' => 'formations', 'address' => 'adresses', 'job' => 'emplois'); static $typeList = array('name' => 'general', 'phone' => 'general', 'education' => 'general', 'address' => 'adresses', 'job' => 'emploi'); if (!array_key_exists($action, $issueList)) { pl_redirect('fusionax'); } else { $total = XDB::fetchOneCell('SELECT COUNT(*) FROM profile_merge_issues WHERE FIND_IN_SET({?}, issues)', $action); if ($total == 0) { pl_redirect('fusionax'); } $issues = XDB::fetchAllAssoc('SELECT p.hrpid, pd.directory_name, pd.promo FROM profile_merge_issues AS pm INNER JOIN profiles AS p ON (pm.pid = p.pid) INNER JOIN profile_display AS pd ON (pd.pid = p.pid) WHERE FIND_IN_SET({?}, pm.issues) ORDER BY pd.directory_name LIMIT 100', $action); $page->changeTpl('fusionax/other_issues.tpl'); $page->assign('issues', $issues); $page->assign('issue', $issueList[$action]); $page->assign('type', $typeList[$action]); $page->assign('total', $total); } }
/** * $model: The way of presenting the results: minifiche, trombi, geoloc. * $byletter: Show only names beginning with this letter */ function handler_quick($page, $model = null, $byletter = null) { global $globals; if (Env::has('quick') || $model == 'geoloc') { $quick = Env::t('quick'); if (S::logged() && !Env::has('page')) { S::logger()->log('search', 'quick=' . $quick); } if ($quick == '') { $page->trigWarning('Aucun critère de recherche n\'est spécifié.'); $page->changeTpl('search/index.tpl'); $page->setTitle('Annuaire'); $page->assign('formulaire', 1); return; } $list = 'profile|prf|fiche|fic|referent|ref|mentor'; if (S::admin()) { $list .= '|admin|adm|ax'; } $suffixes = array_keys(DirEnum::getOptions(DirEnum::ACCOUNTTYPES)); $suffixes = implode('|', $suffixes); if (preg_match('/^(' . $list . '):([-a-z]+(\\.[-a-z]+(\\.(?:[md]?\\d{2,4}|' . $suffixes . '))?)?)$/', replace_accent($quick), $matches)) { $login = $matches[2]; switch ($matches[1]) { case 'admin': case 'adm': $base = 'admin/user/'; break; case 'ax': $base = 'profile/ax/'; break; case 'profile': case 'prf': case 'fiche': case 'fic': $base = 'profile/'; break; case 'referent': case 'ref': case 'mentor': $base = 'referent/'; break; } $user = User::getSilent($login); if ($user) { pl_redirect($base . $user->login()); } Get::set('quick', $login); } elseif (strpos($quick, 'doc:') === 0) { $url = 'Docs/Recherche?'; $url .= 'action=search&q=' . urlencode(substr($quick, 4)); $url .= '&group=' . urlencode('-Equipe,-Main,-PmWiki,-Site,-Review'); pl_redirect($url); } elseif (strpos($quick, 'trombi:') === 0) { $promo = substr($quick, 7); $res = XDB::query("SELECT diminutif\n FROM groups\n WHERE cat = 'Promotions' AND diminutif = {?}", $promo); if ($res->numRows() == 0) { $page->trigWarning("La promotion demandée n'est pas valide: {$promo}"); } else { http_redirect('http://www.polytechnique.net/login/' . $promo . '/annuaire/trombi'); } } $page->assign('formulaire', 0); require_once 'userset.inc.php'; $view = new QuickSearchSet(); $view->addMod('minifiche', 'Mini-fiches', true, array('with_score' => true, 'starts_with' => $byletter)); $view->addMod('map', 'Planisphère'); if (S::logged() && !Env::i('nonins')) { $view->addMod('trombi', 'Trombinoscope', false, array('with_promo' => true, 'with_score' => true)); } $view->apply('search', $page, $model); $nb_tot = $view->count(); $page->assign('search_results_nb', $nb_tot); if (!S::logged() && $nb_tot > $globals->search->public_max) { $page->trigError('Votre recherche a généré trop de résultats pour un affichage public.'); } elseif ($nb_tot > $globals->search->private_max) { $page->trigError('Recherche trop générale. Une <a href="search/adv">recherche avancée</a> permet de préciser la recherche.'); } elseif (empty($nb_tot)) { $page->trigError('Il n\'existe personne correspondant à ces critères dans la base !'); } } else { $page->assign('formulaire', 1); } $page->changeTpl('search/index.tpl'); $page->setTitle('Annuaire'); }
function handler_edit_announce($page, $aid = null) { global $globals, $platal; $page->changeTpl('xnetgrp/announce-edit.tpl'); $page->assign('new', is_null($aid)); $art = array(); if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') { S::assert_xsrf_token(); if (!is_null($aid)) { $art['id'] = $aid; } $art['titre'] = Post::v('titre'); $art['texte'] = Post::v('texte'); $art['contacts'] = Post::v('contacts'); $art['promo_min'] = Post::i('promo_min'); $art['promo_max'] = Post::i('promo_max'); $art['nom'] = S::v('nom'); $art['prenom'] = S::v('prenom'); $art['promo'] = S::v('promo'); $art['hruid'] = S::user()->login(); $art['uid'] = S::user()->id(); $art['expiration'] = Post::v('expiration'); $art['public'] = Post::has('public'); $art['xorg'] = Post::has('xorg'); $art['nl'] = Post::has('nl'); $art['event'] = Post::v('event'); $upload = new PlUpload(S::user()->login(), 'xnetannounce'); $this->upload_image($page, $upload); $art['contact_html'] = $art['contacts']; if ($art['event']) { $art['contact_html'] .= "\n{$globals->baseurl}/{$platal->ns}events/sub/{$art['event']}"; } if (!$art['public'] && ($art['promo_min'] > $art['promo_max'] && $art['promo_max'] != 0 || $art['promo_min'] != 0 && ($art['promo_min'] <= 1900 || $art['promo_min'] >= 2020) || $art['promo_max'] != 0 && ($art['promo_max'] <= 1900 || $art['promo_max'] >= 2020))) { $page->trigError("L'intervalle de promotions est invalide."); Post::kill('valid'); } if (!trim($art['titre']) || !trim($art['texte'])) { $page->trigError("L'article doit avoir un titre et un contenu."); Post::kill('valid'); } if (Post::v('valid') == 'Supprimer l\'image') { $upload->rm(); Post::kill('valid'); } $art['photo'] = $upload->exists() || Post::i('photo'); if (Post::v('valid') == 'Pas d\'image' && !is_null($aid)) { XDB::query('DELETE FROM group_announces_photo WHERE eid = {?}', $aid); $upload->rm(); Post::kill('valid'); $art['photo'] = false; } } if (Post::v('valid') == 'Enregistrer') { $promo_min = $art['public'] ? 0 : $art['promo_min']; $promo_max = $art['public'] ? 0 : $art['promo_max']; $flags = new PlFlagSet(); if ($art['public']) { $flags->addFlag('public'); } if ($art['photo']) { $flags->addFlag('photo'); } if (is_null($aid)) { $fulltext = $art['texte']; if (!empty($art['contact_html'])) { $fulltext .= "\n\n'''Contacts :'''\\\\\n" . $art['contact_html']; } $post = null; if ($globals->asso('forum')) { require_once 'banana/forum.inc.php'; $banana = new ForumsBanana(S::user()); $post = $banana->post($globals->asso('forum'), null, $art['titre'], MiniWiki::wikiToText($fulltext, false, 0, 80)); } XDB::query('INSERT INTO group_announces (uid, asso_id, create_date, titre, texte, contacts, expiration, promo_min, promo_max, flags, post_id) VALUES ({?}, {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', S::i('uid'), $globals->asso('id'), $art['titre'], $art['texte'], $art['contact_html'], $art['expiration'], $promo_min, $promo_max, $flags, $post); $aid = XDB::insertId(); if ($art['photo']) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', $aid, $imgtype, $imgx, $imgy, $upload->getContents()); } if ($art['xorg']) { $article = new EvtReq("[{$globals->asso('nom')}] " . $art['titre'], $fulltext, $art['promo_min'], $art['promo_max'], $art['expiration'], "", S::user(), $upload); $article->submit(); $page->trigWarning("L'affichage sur la page d'accueil de Polytechnique.org est en attente de validation."); } else { if ($upload && $upload->exists()) { $upload->rm(); } } if ($art['nl']) { $article = new NLReq(S::user(), $globals->asso('nom') . " : " . $art['titre'], $art['texte'], $art['contact_html']); $article->submit(); $page->trigWarning("La parution dans la Lettre Mensuelle est en attente de validation."); } } else { XDB::query('UPDATE group_announces SET titre = {?}, texte = {?}, contacts = {?}, expiration = {?}, promo_min = {?}, promo_max = {?}, flags = {?} WHERE id = {?} AND asso_id = {?}', $art['titre'], $art['texte'], $art['contacts'], $art['expiration'], $promo_min, $promo_max, $flags, $art['id'], $globals->asso('id')); if ($art['photo'] && $upload->exists()) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo (eid, attachmime, attach, x, y) VALUES ({?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $aid, $imgtype, $upload->getContents(), $imgx, $imgy); $upload->rm(); } } } if (Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Annuler') { pl_redirect(""); } if (empty($art) && !is_null($aid)) { $res = XDB::query("SELECT *, FIND_IN_SET('public', flags) AS public,\n FIND_IN_SET('photo', flags) AS photo\n FROM group_announces\n WHERE asso_id = {?} AND id = {?}", $globals->asso('id'), $aid); if ($res->numRows()) { $art = $res->fetchOneAssoc(); $art['contact_html'] = $art['contacts']; } else { $page->kill("Aucun article correspond à l'identifiant indiqué."); } } if (is_null($aid)) { $events = XDB::iterator("SELECT *\n FROM group_events\n WHERE asso_id = {?} AND archive = 0", $globals->asso('id')); if ($events->total()) { $page->assign('events', $events); } } $art['contact_html'] = @MiniWiki::WikiToHTML($art['contact_html']); $page->assign('art', $art); $page->assign_by_ref('upload', $upload); }