function handler_panel($page)
{
$page->changeTpl('carnet/panel.tpl');
if (Get::has('read')) {
XDB::execute('UPDATE watch
SET last = FROM_UNIXTIME({?})
WHERE uid = {?}', Get::i('read'), S::i('uid'));
S::user()->invalidWatchCache();
Platal::session()->updateNbNotifs();
pl_redirect('carnet/panel');
}
require_once 'notifs.inc.php';
$page->assign('now', time());
$user = S::user();
$notifs = Watch::getEvents($user, time() - 7 * 86400);
$page->assign('notifs', $notifs);
$page->assign('today', date('Y-m-d'));
$this->_add_rss_link($page);
}
protected function doAuth($level)
{
if (S::identified()) {
// Nothing to do there
return User::getSilentWithValues(null, array('uid' => S::i('uid')));
}
if (!Get::has('auth')) {
return null;
}
global $globals;
if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
return null;
}
Get::kill('auth');
S::set('auth', AUTH_PASSWD);
return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
}
function handler_register($page, $hash = null)
{
$page->forceSkin('register');
$alert = array();
$alert_details = '';
$subState = new PlDict(S::v('subState', array()));
if (!$subState->has('step')) {
$subState->set('step', 0);
}
if (!$subState->has('backs')) {
$subState->set('backs', new PlDict());
}
if (Get::has('back') && Get::i('back') < $subState->i('step')) {
$subState->set('step', max(0, Get::i('back')));
$subState->v('backs')->set($subState->v('backs')->count() + 1, $subState->dict());
$subState->v('backs')->kill('backs');
if ($subState->v('backs')->count() == 3) {
$alert[] = "Tentative d'inscription très hésitante";
$alert_details .= "\n * Retours en arrières : 3.";
}
}
if ($hash) {
$res = XDB::query("SELECT a.uid, a.hruid, ppn.lastname_initial AS lastname, ppn.firstname_initial AS firstname, p.xorg_id AS xorgid,\n pd.promo, pe.promo_year AS yearpromo, pde.degree AS edu_type,\n p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash, a.type, a.comment\n FROM register_marketing AS m\n INNER JOIN accounts AS a ON (m.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n INNER JOIN profile_education_degree_enum AS pde ON (pde.id = pe.degreeid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n WHERE m.hash = {?} AND a.state = 'pending'", $hash);
if ($res->numRows() == 1) {
$subState->merge($res->fetchOneRow());
$subState->set('main_mail_domain', User::$sub_mail_domains[$subState->v('type')]);
XDB::execute('INSERT INTO register_mstats (uid, sender, success)
SELECT m.uid, m.sender, 0
FROM register_marketing AS m
WHERE m.hash
ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)', $subState->s('hash'));
}
}
switch ($subState->i('step')) {
case 0:
$wp = new PlWikiPage('Reference.Charte');
$wp->buildCache();
if (Post::has('step1')) {
$subState->set('step', 1);
if ($subState->has('hash')) {
$subState->set('step', 3);
$this->load('register.inc.php');
createAliases($subState);
}
}
break;
case 1:
if (Post::has('yearpromo')) {
$edu_type = Post::t('edu_type');
$yearpromo = Post::i('yearpromo');
$promo = Profile::$cycle_prefixes[$edu_type] . $yearpromo;
$res = XDB::query("SELECT COUNT(*)\n FROM accounts AS a\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE a.state = 'pending' AND p.deathdate IS NULL AND pe.promo_year = {?}", $yearpromo);
if (!$res->fetchOneCell()) {
$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
} else {
$subState->set('step', 2);
$subState->set('promo', $promo);
$subState->set('yearpromo', $yearpromo);
$subState->set('edu_type', $edu_type);
if ($edu_type == Profile::DEGREE_X) {
if ($yearpromo >= 1996 && $yearpromo < 2000) {
$subState->set('schoolid', $yearpromo % 100 * 10 . '???');
$subState->set('schoolid_exemple', $yearpromo % 100 * 10000 + 532);
$subState->set('schoolid_exemple_ev2', ($yearpromo + 1) % 100 * 10000 + 532);
} elseif ($yearpromo >= 2000) {
$subState->set('schoolid', 100 + $yearpromo % 100 . '???');
$subState->set('schoolid_exemple', (100 + $yearpromo % 100) * 1000 + 532);
$subState->set('schoolid_exemple_ev2', (100 + ($yearpromo + 1) % 100) * 1000 + 532);
}
}
}
}
break;
case 2:
if (count($_POST)) {
$this->load('register.inc.php');
$subState->set('firstname', Post::t('firstname'));
$subState->set('lastname', Post::t('lastname'));
if (Post::has('schoolid')) {
$subState->set('schoolid', Post::i('schoolid'));
}
$error = checkNewUser($subState);
if ($error !== true) {
break;
}
$error = createAliases($subState);
if ($error === true) {
unset($error);
$subState->set('step', 3);
}
}
break;
case 3:
if (count($_POST)) {
$this->load('register.inc.php');
// Validate the email address format and domain.
require_once 'emails.inc.php';
$user = User::get($subState->s('uid'));
if (!isvalid_email(Post::v('email'))) {
$error[] = "Le champ 'Email' n'est pas valide.";
} elseif (!isvalid_email_redirection(Post::v('email'), $user)) {
$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant ' . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
}
// Validate the birthday format and range.
$birth = Post::t('birthdate');
if (!preg_match('@^[0-3]?\\d/[01]?\\d/(19|20)?\\d{2}$@', $birth)) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
} else {
$birth = explode('/', $birth, 3);
for ($i = 0; $i < 3; ++$i) {
$birth[$i] = intval($birth[$i]);
}
if ($birth[2] < 100) {
$birth[2] += 1900;
}
$year = $birth[2];
$ref_year = substr($subState->v('birthdateRef'), 0, 4);
if (abs($ref_year - $year) > 2) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
$subState->set('wrong_birthdate', $birth);
}
}
// Register the optional services requested by the user.
$services = array();
foreach (array('com_letters', 'imap', 'ml_promo', 'nl') as $service) {
if (Post::b($service)) {
$services[] = $service;
}
}
$subState->set('services', $services);
// Validate the password.
if (!Post::v('pwhash', false)) {
$error[] = "Le mot de passe n'est pas valide.";
}
// Check if the given email is known as dangerous.
$res = XDB::query("SELECT state, description\n FROM email_watch\n WHERE email = {?} AND state != 'safe'", Post::v('email'));
$bannedEmail = false;
if ($res->numRows()) {
list($state, $description) = $res->fetchOneRow();
$alert[] = "Email surveillé proposé à l'inscription";
$alert_details .= "\n * Email surveillé : " . Post::v('email');
$subState->set('email_desc', $description);
if ($state == 'dangerous') {
$bannedEmail = true;
}
}
if ($subState->i('watch') != 0) {
$alert[] = "Inscription d'un utilisateur surveillé";
$alert_details .= "\n * Commentaire pour la surveillance : " . $subState->v('comment');
}
if ($bannedIp = check_ip('unsafe')) {
unset($error);
}
if (isset($error)) {
$error = join('<br />', $error);
} else {
$subState->set('birthdate', sprintf("%04d-%02d-%02d", intval($birth[2]), intval($birth[1]), intval($birth[0])));
$subState->set('email', Post::t('email'));
$subState->set('password', Post::t('pwhash'));
// Update the current alert if the birthdate is incorrect,
// or if the IP address of the user has been banned.
if ($subState->s('birthdateRef') != '0000-00-00' && $subState->s('birthdateRef') != $subState->s('birthdate')) {
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
}
if ($bannedIp) {
$alert[] = "Tentative d'inscription depuis une IP surveillée";
$alert_details .= "\n * IP surveillée : " . $_SESSION['check_ip'];
}
// Prevent banned user from actually registering; save the current state for others.
if ($bannedEmail || $bannedIp) {
global $globals;
$error = "Une erreur s'est produite lors de l'inscription." . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>" . " register@{$globals->mail->domain}</a>" . " pour nous faire part de cette erreur.";
} else {
$subState->set('step', 4);
if ($subState->v('backs')->count() >= 3) {
$alert[] = "Fin d'une inscription hésitante";
$alert_details .= "\n * Nombre de retours en arrière : " . $subState->v('backs')->count();
}
finishRegistration($subState);
}
}
}
break;
}
$_SESSION['subState'] = $subState->dict();
if (count($alert)) {
$alert_details = "Détails des alertes :" . $alert_details . "\n\n";
$alert_details .= 'Compte concerné : ' . $subState->s('forlife') . ' (redirection vers : ' . ($subState->s('email') == '' ? Post::t('email') : $subState->s('email')) . ")\n\n\n";
send_warning_mail(implode(' - ', $alert), $alert_details);
}
$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
if (isset($error)) {
$page->trigError($error);
}
}
function handler_moderate($page, $liste = null)
{
if (is_null($liste)) {
return PL_NOT_FOUND;
}
$mlist = $this->prepare_list($liste);
if (!$this->is_group_admin($page)) {
$this->verify_list_owner($page, $mlist);
}
$page->changeTpl('lists/moderate.tpl');
$page->register_modifier('hdc', 'list_header_decode');
if (Env::has('sadd') || Env::has('sdel')) {
S::assert_xsrf_token();
if (Env::has('sadd')) {
// Ensure the moderated request is still active
$sub = $mlist->getPendingSubscription(Env::v('sadd'));
$mlist->handleRequest(MailingList::REQ_SUBSCRIBE, Env::v('sadd'));
$info = "validée";
}
if (Post::has('sdel')) {
// Ensure the moderated request is still active
$sub = $mlist->getPendingSubscription(Env::v('sdel'));
$mlist->handleRequest(MailingList::REQ_REJECT, Post::v('sdel'), Post::v('reason'));
$info = "refusée";
}
if ($sub) {
$mailer = new PlMailer();
$mailer->setFrom($mlist->getAddress(MailingList::KIND_BOUNCE));
$mailer->addTo($mlist->getAddress(MailingList::KIND_OWNER));
$mailer->addHeader('Reply-To', $mlist->getAddress(MailingList::KIND_OWNER));
$mailer->setSubject("L'inscription de {$sub['name']} a été {$info}");
$text = "L'inscription de {$sub['name']} à la liste " . $mlist->address . " a été {$info} par " . S::user()->fullName(true) . ".\n";
if (trim(Post::v('reason'))) {
$text .= "\nLa raison invoquée est :\n" . Post::v('reason');
}
$mailer->setTxtBody(wordwrap($text, 72));
$mailer->send();
}
if (Env::has('sadd')) {
pl_redirect('lists/moderate/' . $liste);
}
}
if (Post::has('moderate_mails') && Post::has('select_mails')) {
S::assert_xsrf_token();
$mails = array_keys(Post::v('select_mails'));
foreach ($mails as $mail) {
$this->moderate_mail($mlist, $mail);
}
} elseif (Env::has('mid')) {
if (Get::has('mid') && !Env::has('mok') && !Env::has('mdel')) {
require_once 'banana/moderate.inc.php';
$page->changeTpl('lists/moderate_mail.tpl');
$params = array('listname' => $mlist->mbox, 'domain' => $mlist->domain, 'artid' => Get::i('mid'), 'part' => Get::v('part'), 'action' => Get::v('action'));
$params['client'] = $this->prepare_client();
run_banana($page, 'ModerationBanana', $params);
$msg = file_get_contents('/etc/mailman/fr/refuse.txt');
$msg = str_replace("%(adminaddr)s", $mlist->getAddress(MailingList::KIND_OWNER), $msg);
$msg = str_replace("%(request)s", "<< SUJET DU MAIL >>", $msg);
$msg = str_replace("%(reason)s", "<< TON EXPLICATION >>", $msg);
$msg = str_replace("%(listname)s", $liste, $msg);
$page->assign('msg', $msg);
return;
}
$this->moderate_mail($mlist, Env::i('mid'));
} elseif (Env::has('sid')) {
if (list($subs, $mails) = $this->get_pending_ops($mlist)) {
foreach ($subs as $user) {
if ($user['id'] == Env::v('sid')) {
$page->changeTpl('lists/moderate_sub.tpl');
$page->assign('del_user', $user);
return;
}
}
}
}
if (list($subs, $mails) = $this->get_pending_ops($mlist)) {
foreach ($mails as $key => $mail) {
$mails[$key]['stamp'] = strftime("%Y%m%d%H%M%S", $mail['stamp']);
if ($mail['fromx']) {
$page->assign('with_fromx', true);
} else {
$page->assign('with_nonfromx', true);
}
}
$page->assign_by_ref('subs', $subs);
$page->assign_by_ref('mails', $mails);
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de la modérer.");
}
}
function handler_xnet_payment($page, $pid = null)
{
global $globals;
$perms = S::v('perms');
if (is_null($pid)) {
if (!(S::identified() && $perms->hasFlag('groupadmin'))) {
return PL_FORBIDDEN;
}
} else {
if (!(S::identified() && $perms->hasFlag('groupmember'))) {
$res = XDB::query("SELECT 1\n FROM group_events AS e\n INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id'));
$public = XDB::query("SELECT 1\n FROM payments AS p\n INNER JOIN group_events AS g ON (g.paiement_id = p.id)\n WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", $globals->asso('id'), $pid);
if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
}
if (!is_null($pid)) {
return $this->handler_payment($page, $pid);
}
$page->changeTpl('payment/xnet.tpl');
$res = XDB::query("SELECT id, text, url\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)\n ORDER BY id DESC", $globals->asso('id'));
$tit = $res->fetchAllAssoc();
$page->assign('titles', $tit);
$trans = array();
$event = array();
if (may_update()) {
static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) {
$order_id = Get::i('order_id');
$order = Get::v('order');
$ordering = ' ORDER BY ' . $orders[$order] . '.' . $order;
if (Get::has('order_inv') && Get::i('order_inv') == 1) {
$ordering .= ' DESC';
$page->assign('order_inv', 0);
} else {
$page->assign('order_inv', 1);
}
$page->assign('order_id', $order_id);
$page->assign('order', $order);
$page->assign('anchor', 'legend_' . $order_id);
} else {
$order_id = false;
$ordering = '';
$page->assign('order', false);
}
} else {
$ordering = '';
$page->assign('order', false);
}
foreach ($tit as $foo) {
$pid = $foo['id'];
if (may_update()) {
$res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount
FROM payment_transactions AS p
INNER JOIN accounts AS a ON (a.uid = p.uid)
LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms))
LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid)
WHERE p.ref = {?}' . ($order_id == $pid ? $ordering : ''), $pid);
$trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
$sum = 0;
foreach ($trans[$pid] as $i => $t) {
$sum += $t['amount'];
$trans[$pid][$i]['amount'] = $t['amount'];
}
$trans[$pid][] = array('limit' => true, 'amount' => $sum);
}
$res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid\n FROM group_events AS e\n LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)\n WHERE e.paiement_id = {?}", S::v('uid'), $pid);
$event[$pid] = array();
$event[$pid]['paid'] = 0;
if ($res->total()) {
$event[$pid]['topay'] = 0;
while (list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
$event[$pid]['topay'] += $nb * $montant;
$event[$pid]['eid'] = $eid;
$event[$pid]['shortname'] = $shortname;
$event[$pid]['title'] = $title;
$event[$pid]['ins'] = !is_null($nb);
$event[$pid]['paid'] = $paid;
}
}
$res = XDB::query('SELECT SUM(amount) AS sum_amount
FROM payment_transactions
WHERE ref = {?} AND uid = {?}', $pid, S::v('uid'));
$event[$pid]['paid'] = $res->fetchOneCell();
}
$page->register_modifier('decode_comment', 'decode_comment');
$page->assign('trans', $trans);
$page->assign('event', $event);
}