function handler_issues_promo($page, $action = '') { $page->changeTpl('fusionax/promo_issues.tpl'); if ($action == 'edit') { S::assert_xsrf_token(); $issues = XDB::rawIterRow('SELECT p.pid, pd.directory_name, pd.promo, pm.entry_year_ax, pe.entry_year, pe.grad_year FROM profile_merge_issues AS pm INNER JOIN profiles AS p ON (pm.pid = p.pid) INNER JOIN profile_display AS pd ON (pd.pid = p.pid) INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET(\'primary\', pe.flags)) WHERE FIND_IN_SET(\'promo\', pm.issues) ORDER BY pd.directory_name'); while (list($pid, $name, $promo, $deathAX, $deathXorgEntry, $deathXorgGrad) = $issues->next()) { $choiceXorg = Post::has('XORG_' . $pid); if (!(Post::has('display_' . $pid) && Post::has('entry_' . $pid) && Post::has('grad_' . $pid))) { continue; } $display = Post::i('display_' . $pid); $entry = Post::i('entry_' . $pid); $grad = Post::i('grad_' . $pid); if (!($grad <= $entry + 5 && $grad >= $entry + 3 && ($display >= $entry && $display <= $grad - 3))) { $page->trigError("La promotion de {$name} n'a pas été corrigée."); continue; } XDB::execute('UPDATE profile_display SET promo = {?} WHERE pid = {?}', 'X' . $display, $pid); XDB::execute('UPDATE profile_education SET entry_year = {?}, grad_year = {?} WHERE pid = {?} AND FIND_IN_SET(\'primary\', flags)', $entry, $grad, $pid); $page->trigSuccess("La promotion de {$name} a bien été corrigée."); } } $issues = XDB::rawFetchAllAssoc('SELECT p.pid, p.hrpid, pd.directory_name, pd.promo, pm.entry_year_ax, pe.entry_year, pe.grad_year FROM profile_merge_issues AS pm INNER JOIN profiles AS p ON (pm.pid = p.pid) INNER JOIN profile_display AS pd ON (pd.pid = p.pid) INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET(\'primary\', pe.flags)) WHERE FIND_IN_SET(\'promo\', pm.issues) ORDER BY pd.directory_name'); $page->assign('issues', $issues); $page->assign('total', count($issues)); }
function prepareform($pay, $user) { // Documentation: // https://www.paypal.com/developer // Warning: the automatic return only works if we force the // users to create a paypal account. We do not use it; thus // the user must come back on the site. global $globals, $platal; $this->urlform = 'https://' . $globals->money->paypal_site . '/cgi-bin/webscr'; $roboturl = str_replace("https://", "http://", $globals->baseurl) . '/' . $platal->ns . "payment/paypal_return/" . $user->id() . "?comment=" . urlencode(Env::v('comment')) . '&display=' . Post::i('display'); $this->infos = array('commercant' => array('business' => $globals->money->paypal_compte, 'rm' => 2, 'return' => $roboturl, 'cn' => 'Commentaires', 'no_shipping' => 1, 'cbt' => empty($GLOBALS['IS_XNET_SITE']) ? 'Revenir sur polytechnique.org.' : 'Revenir sur polytechnique.net.')); $info_client = array('first_name' => $user->firstName(), 'last_name' => $user->lastName(), 'email' => $user->bestEmail()); if ($user->hasProfile()) { $res = XDB::query("SELECT pa.text, GROUP_CONCAT(pace2.short_name) AS city,\n GROUP_CONCAT(pace3.short_name) AS zip, GROUP_CONCAT(pace1.short_name) AS country,\n IF(pp1.display_tel != '', pp1.display_tel, pp2.display_tel) AS night_phone_b\n FROM profile_addresses AS pa\n LEFT JOIN profile_phones AS pp1 ON (pp1.pid = pa.pid AND pp1.link_type = 'address' AND pp1.link_id = pa.id)\n LEFT JOIN profile_phones AS pp2 ON (pp2.pid = pa.pid AND pp2.link_type = 'user' AND pp2.link_id = 0)\n LEFT JOIN profile_addresses_components AS pc ON (pa.pid = pc.pid AND pa.jobid = pc.jobid AND pa.groupid = pc.groupid\n AND pa.type = pc.type AND pa.id = pc.id)\n LEFT JOIN profile_addresses_components_enum AS pace1 ON (FIND_IN_SET('country', pace1.types) AND pace1.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace2 ON (FIND_IN_SET('locality', pace2.types) AND pace2.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace3 ON (FIND_IN_SET('postal_code', pace3.types) AND pace3.id = pc.component_id)\n WHERE pa.pid = {?} AND FIND_IN_SET('current', pa.flags)\n GROUP BY pa.pid, pa.jobid, pa.groupid, pa.id, pa.type\n LIMIT 1", $user->profile()->id()); if (is_array($res)) { $this->infos['client'] = array_map('replace_accent', array_merge($info_client, $res->fetchOneAssoc())); list($this->infos['client']['address1'], $this->infos['client']['address2']) = explode("\n", Geocoder::getFirstLines($this->infos['client']['text'], $this->infos['client']['zip'], 2)); unset($this->infos['client']['text']); } else { $this->infos['client'] = array_map('replace_accent', $info_client); } } else { $this->infos['client'] = array_map('replace_accent', $info_client); } // We build the transaction's reference $prefix = rand_url_id(); $fullref = substr("{$prefix}-xorg-{$pay->id}", -15); $this->infos['commande'] = array('item_name' => replace_accent($pay->text), 'amount' => $this->val_number, 'currency_code' => 'EUR', 'custom' => $fullref); $this->infos['divers'] = array('cmd' => '_xclick'); }
public function handler_licenses_final($page, $no_reason = false) { $softwares = License::getSoftwares(); $keys = array(); if (Post::has('disagree') || !$no_reason && !Post::has('resend') && (!Post::has('reason') || Post::v('reason') == "") || !Post::has('software') || !in_array(Post::v('software'), array_keys($softwares))) { $this->handler_licenses($page); } else { $page->changeTpl('licenses/licenses_final.tpl'); $page->assign('title', "Demande de licence pour {$softwares[Post::v('software')]}"); $page->assign('software', Post::s('software')); $page->assign('software_name', $softwares[Post::s('software')]); if (($key = License::adminKey(Post::s('software'))) && License::hasRights(S::user())) { $key->give(S::user()); $page->assign('direct', true); } elseif (Post::has('resend')) { $l = License::fetch(array('id' => Post::i('id'))); if ($l[0]->uid() == S::user()->id()) { License::send($l); } else { die("La license n'appartient pas à l'utilisateur courant"); } $page->assign('direct', true); } else { $lv = new LicensesValidate(Post::s('software'), Post::s('reason')); $v = new Validate(array('writer' => S::user(), 'group' => Group::from('licenses'), 'item' => $lv, 'type' => 'licenses')); $v->insert(); $page->assign('direct', false); } } }
function prepareform($pay, $user) { global $globals, $platal; $log = S::v('log'); // Transaction's reference computation. $prefix = rand_url_id(); $fullref = substr("{$prefix}-{$pay->id}", -12); // FIXME : check for duplicates $ts = time(); $trans_date = gmdate("YmdHis", $ts); $trans_id = gmdate("His", $ts); // FIXME : check for duplicates // Form's content. $this->urlform = "https://systempay.cyberpluspaiement.com/vads-payment/"; $this->infos['commercant'] = array('vads_site_id' => $globals->money->cyperplus_account, 'vads_return_mode' => 'NONE', 'vads_url_return' => $pay->url ? $pay->url : $globals->baseurl . '/' . $platal->ns); $this->infos['client'] = array('vads_cust_email' => $user->bestEmail(), 'vads_cust_id' => $user->id(), 'vads_cust_name' => substr(self::replaceNonAlpha(replace_accent($user->shortName())), 0, 127)); $this->infos['commande'] = array('vads_amount' => $this->val, 'vads_currency' => '978', 'vads_payment_config' => 'SINGLE', 'vads_trans_date' => $trans_date, 'vads_trans_id' => $trans_id, 'vads_order_id' => $fullref, 'vads_order_info' => substr(self::replaceNonAlpha(replace_accent(Env::v('comment'))), 0, 255), 'vads_order_info2' => Post::i('display')); $this->infos['divers'] = array('vads_version' => 'V2', 'vads_ctx_mode' => $globals->money->cyperplus_prod, 'vads_page_action' => 'PAYMENT', 'vads_action_mode' => 'INTERACTIVE'); // Entry key computation. $all_params = array_merge($this->infos['commercant'], $this->infos['client'], $this->infos['commande'], $this->infos['divers']); ksort($all_params); $this->infos['divers']['signature'] = sha1(join('+', $all_params) . '+' . $globals->money->cyperplus_key); }
function handler_admin_nl_edit($page, $nid = 'last', $aid = null, $action = 'edit') { $page->changeTpl('newsletter/edit.tpl'); $page->addCssLink('nl.Polytechnique.org.css'); $page->setTitle('Administration - Newsletter : Édition'); $nl = $this->getNl(); if (!$nl) { return PL_NOT_FOUND; } try { $issue = $nl->getIssue($nid, false); } catch (MailNotFound $e) { return PL_NOT_FOUND; } $ufb = $nl->getSubscribersUFB(); $ufb_keepenv = false; // Will be set to True if there were invalid modification to the UFB. // Convert NLIssue error messages to human-readable errors $error_msgs = array(NLIssue::ERROR_INVALID_REPLY_TO => "L'adresse de réponse est invalide.", NLIssue::ERROR_INVALID_SHORTNAME => "Le nom court est invalide ou vide.", NLIssue::ERROR_INVALID_UFC => "Le filtre des destinataires est invalide.", NLIssue::ERROR_TOO_LONG_UFC => "Le nombre de matricules AX renseigné est trop élevé.", NLIssue::ERROR_SQL_SAVE => "Une erreur est survenue en tentant de sauvegarder la lettre, merci de réessayer."); // Update the current issue if ($aid == 'update' && Post::has('submit')) { // Save common fields $issue->title = Post::s('title'); $issue->title_mail = Post::s('title_mail'); $issue->head = Post::s('head'); $issue->signature = Post::s('signature'); $issue->reply_to = Post::s('reply_to'); if ($issue->isEditable()) { // Date and shortname may only be modified for pending NLs, otherwise all links get broken. $issue->date = Post::s('date'); $issue->shortname = strlen(Post::blank('shortname')) ? null : Post::s('shortname'); $issue->sufb->updateFromEnv($ufb->getEnv()); if ($nl->automaticMailingEnabled()) { $issue->send_before = preg_replace('/^(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)$/', '\\1-\\2-\\3', Post::v('send_before_date')) . ' ' . Post::i('send_before_time_Hour') . ':00:00'; } } $errors = $issue->save(); if (count($errors)) { foreach ($errors as $error_code) { $page->trigError($error_msgs[$error_code]); } } } // Delete an article if ($action == 'delete') { $issue->delArticle($aid); pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}"); } // Save an article if (Post::v('save')) { $art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $aid, Post::v('cid'), Post::v('pos')); $issue->saveArticle($art); pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}"); } // Edit an article if ($action == 'edit' && $aid != 'update') { $eaid = $aid; if (Post::has('title')) { $art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $eaid, Post::v('cid'), Post::v('pos')); } else { $art = $eaid == 'new' ? new NLArticle() : $issue->getArt($eaid); } if ($art && !$art->check()) { $page->trigError("Cet article est trop long."); } $page->assign('art', $art); } // Check blacklisted IPs if ($aid == 'blacklist_check') { global $globals; $ips_to_check = array(); $blacklist_host_resolution_count = 0; foreach ($issue->arts as $key => $articles) { foreach ($articles as $article) { $article_ips = $article->getLinkIps($blacklist_host_resolution_count); if (!empty($article_ips)) { $ips_to_check[$article->title()] = $article_ips; } } } $page->assign('ips_to_check', $ips_to_check); if ($blacklist_host_resolution_count >= $globals->mail->blacklist_host_resolution_limit) { $page->trigError("Toutes les url et adresses emails de la lettre" . " n'ont pas été prises en compte car la" . " limite du nombre de résolutions DNS" . " autorisée a été atteinte."); } } if ($issue->state == NLIssue::STATE_SENT) { $page->trigWarning("Cette lettre a déjà été envoyée ; il est recommandé de limiter les modifications au maximum (orthographe, adresses web et mail)."); } $ufb->setEnv($issue->sufb->getEnv()); $page->assign_by_ref('nl', $nl); $page->assign_by_ref('issue', $issue); }
function handler_create($page) { global $globals; $page->changeTpl('lists/create.tpl'); $user_promo = S::user()->profile()->yearPromo(); $year = date('Y'); $month = date('m'); // scolar year starts in september $scolarmonth = ($year - $user_promo) * 12 + ($month - 8); $young_promo = $very_young_promo = 0; // binet are accessible only in april in the first year and until // march of the 5th year if ($scolarmonth >= 8 && $scolarmonth < 56) { $young_promo = 1; } // PSC aliases are accesible only between september and june of the second // year of scolarity if ($scolarmonth >= 12 && $scolarmonth < 22) { $very_young_promo = 1; } $page->assign('young_promo', $young_promo); $page->assign('very_young_promo', $very_young_promo); $owners = preg_split("/[\\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY); $members = preg_split("/[\\s]+/", Post::v('members'), -1, PREG_SPLIT_NO_EMPTY); // click on validate button 'add_owner_sub' or type <enter> if (Post::has('add_owner_sub') && Post::has('add_owner')) { // if we want to add an owner and then type <enter>, then both // add_owner_sub and add_owner are filled. $oforlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_owner')); $mforlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_member')); if (!is_null($oforlifes)) { $owners = array_merge($owners, $oforlifes); } // if we want to add a member and then type <enter>, then // add_owner_sub is filled, whereas add_owner is empty. if (!is_null($mforlifes)) { $members = array_merge($members, $mforlifes); } } // click on validate button 'add_member_sub' if (Post::has('add_member_sub') && Post::has('add_member')) { $forlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_member')); if (!is_null($forlifes)) { $members = array_merge($members, $forlifes); } } if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); if (!$upload) { $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier'); } else { $forlifes = User::getBulkForlifeEmailsFromEmail($upload->getContents()); if (!is_null($forlifes)) { $members = array_merge($members, $forlifes); } } } ksort($owners); $owners = array_unique($owners); ksort($members); $members = array_unique($members); $page->assign('owners', join("\n", $owners)); $page->assign('members', join("\n", $members)); if (!Post::has('submit')) { return; } else { S::assert_xsrf_token(); } $asso = Post::t('asso'); $list = strtolower(Post::t('liste')); if (empty($list)) { $page->trigError('Le champ « adresse souhaitée » est vide.'); } if (!preg_match("/^[a-zA-Z0-9\\-]*\$/", $list)) { $page->trigError('Le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets.'); } if ($asso == 'binet' || $asso == 'alias') { $promo = Post::i('promo'); $domain = $promo . '.' . $globals->mail->domain; if ($promo < 1921 || $promo > date('Y')) { $page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.'); } } elseif ($asso == 'groupex') { $domain = XDB::fetchOneCell('SELECT mail_domain FROM groups WHERE nom = {?}', Post::t('groupex_name')); if (!$domain) { $page->trigError('Il n\'y a aucun groupe de ce nom sur Polytechnique.net.'); } } else { $domain = $globals->mail->domain; } require_once 'emails.inc.php'; if (list_exist($list, $domain)) { $page->trigError("L'« adresse souhaitée » est déjà prise."); } if (!Post::t('desc')) { $page->trigError('Le sujet est vide.'); } if (!count($owners)) { $page->trigError('Il n\'y a pas de gestionnaire.'); } if (count($members) < 4) { $page->trigError('Il n\'y a pas assez de membres.'); } if (!$page->nb_errs()) { $page->trigSuccess('Demande de création envoyée !'); $page->assign('created', true); $req = new ListeReq(S::user(), $asso, $list, $domain, Post::t('desc'), Post::i('advertise'), Post::i('modlevel'), Post::i('inslevel'), $owners, $members); $req->submit(); } }
function handler_adminDelete($page, $id = -1) { $id = Post::i('survey_id', $id); if (Post::has('survey_cancel')) { // if the admin cancels the suppression, returns to the admin index return $this->handler_admin($page, $id); } if ($id == -1) { return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey/admin'); } $id = intval($id); $this->load('survey.inc.php'); $surveyInfo = Survey::retrieveSurveyInfo($id); // retrieves information about the survey (does not retrieve and unserialize the object structure) if ($surveyInfo == null) { return $this->show_error($page, "Sondage " . $id . " introuvable.", 'survey/admin'); } if (Post::has('survey_submit')) { // needs a confirmation before suppression if (Survey::deleteSurvey($id)) { // deletes survey in database $this->show_success($page, "Le sondage \"" . $surveyInfo['title'] . "\" a bien été supprimé, ainsi que tous les votes le concernant.", 'survey/admin'); } else { $this->show_error($page, '', 'survey/admin'); } } else { // asks for a confirmation $this->show_confirm($page, "Êtes-vous certain de vouloir supprimer le sondage \"" . $surveyInfo['title'] . "\" ?", 'admin/del', array('id' => $id)); } }
function handler_add_secondary_edu($page) { $page->changeTpl('admin/add_secondary_edu.tpl'); if (!(Post::has('verify') || Post::has('add'))) { return; } elseif (!Post::has('people')) { $page->trigWarning("Aucune information n'a été fournie."); return; } require_once 'name.func.inc.php'; $lines = explode("\n", Post::t('people')); $separator = Post::t('separator'); $degree = Post::v('degree'); $promotion = Post::i('promotion'); $schoolsList = array_flip(DirEnum::getOptions(DirEnum::EDUSCHOOLS)); $degreesList = array_flip(DirEnum::getOptions(DirEnum::EDUDEGREES)); $edu_id = $schoolsList[Profile::EDU_X]; $degree_id = $degreesList[$degree]; $res = array('incomplete' => array(), 'empty' => array(), 'multiple' => array(), 'already' => array(), 'new' => array()); $old_pids = array(); $new_pids = array(); foreach ($lines as $line) { $line = trim($line); $line_array = explode($separator, $line); array_walk($line_array, 'trim'); if (count($line_array) != 3) { $page->trigError("La ligne « {$line} » est incomplète."); $res['incomplete'][] = $line; continue; } $cond = new PFC_And(new UFC_NameTokens(split_name_for_search($line_array[0]), array(), false, false, Profile::LASTNAME)); $cond->addChild(new UFC_NameTokens(split_name_for_search($line_array[1]), array(), false, false, Profile::FIRSTNAME)); $cond->addChild(new UFC_Promo('=', UserFilter::DISPLAY, $line_array[2])); $uf = new UserFilter($cond); $pid = $uf->getPIDs(); $count = count($pid); if ($count == 0) { $page->trigError("La ligne « {$line} » ne correspond à aucun profil existant."); $res['empty'][] = $line; continue; } elseif ($count > 1) { $page->trigError("La ligne « {$line} » correspond à plusieurs profils existant."); $res['multiple'][] = $line; continue; } else { $count = XDB::fetchOneCell('SELECT COUNT(*) AS count FROM profile_education WHERE pid = {?} AND eduid = {?} AND degreeid = {?}', $pid, $edu_id, $degree_id); if ($count == 1) { $res['already'][] = $line; $old_pids[] = $pid[0]; } else { $res['new'][] = $line; $new_pids[] = $pid[0]; } } } $display = array(); foreach ($res as $type => $res_type) { if (count($res_type) > 0) { $display = array_merge($display, array('--------------------' . $type . ':'), $res_type); } } $page->assign('people', implode("\n", $display)); $page->assign('promotion', $promotion); $page->assign('degree', $degree); if (Post::has('add')) { $entry_year = $promotion - Profile::educationDuration($degree); if (Post::b('force_addition')) { $pids = array_unique(array_merge($old_pids, $new_pids)); } else { $pids = array_unique($new_pids); // Updates years. if (count($old_pids)) { XDB::execute('UPDATE profile_education SET entry_year = {?}, grad_year = {?}, promo_year = {?} WHERE pid IN {?} AND eduid = {?} AND degreeid = {?}', $entry_year, $promotion, $promotion, $old_pids, $edu_id, $degree_id); } } // Precomputes values common to all users. $select = XDB::format('MAX(id) + 1, pid, {?}, {?}, {?}, {?}, {?}, \'secondary\'', $edu_id, $degree_id, $entry_year, $promotion, $promotion); XDB::startTransaction(); foreach ($pids as $pid) { XDB::execute('INSERT INTO profile_education (id, pid, eduid, degreeid, entry_year, grad_year, promo_year, flags) SELECT ' . $select . ' FROM profile_education WHERE pid = {?} GROUP BY pid', $pid); } XDB::commit(); } }
function handler_admin_events($page, $action = 'list', $eid = null) { $page->changeTpl('events/admin.tpl'); $page->setTitle('Administration - Evenements'); $page->register_modifier('hde', 'html_entity_decode'); $arch = $action == 'archives'; $page->assign('action', $action); $upload = new PlUpload(S::user()->login(), 'event'); if ((Env::has('preview') || Post::v('action') == "Proposer") && $eid) { $action = 'edit'; $this->upload_image($page, $upload); } if (Post::v('action') == 'Pas d\'image' && $eid) { S::assert_xsrf_token(); $upload->rm(); XDB::execute("DELETE FROM announce_photos WHERE eid = {?}", $eid); $action = 'edit'; } elseif (Post::v('action') == 'Supprimer l\'image' && $eid) { S::assert_xsrf_token(); $upload->rm(); $action = 'edit'; } elseif (Post::v('action') == "Proposer" && $eid) { S::assert_xsrf_token(); $promo_min = Post::i('promo_min'); $promo_max = Post::i('promo_max'); if ($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020) || $promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020 || $promo_max < $promo_min)) { $page->trigError("L'intervalle de promotions {$promo_min} -> {$promo_max} n'est pas valide"); $action = 'edit'; } else { $res = XDB::query('SELECT flags FROM announces WHERE id = {?}', $eid); $flags = new PlFlagSet($res->fetchOneCell()); $flags->addFlag('wiki'); if (Post::v('important')) { $flags->addFlag('important'); } else { $flags->rmFlag('important'); } XDB::execute('UPDATE announces SET creation_date = creation_date, titre={?}, texte={?}, expiration={?}, promo_min={?}, promo_max={?}, flags = {?} WHERE id = {?}', Post::v('titre'), Post::v('texte'), Post::v('expiration'), Post::v('promo_min'), Post::v('promo_max'), $flags, $eid); if ($upload->exists() && (list($x, $y, $type) = $upload->imageInfo())) { XDB::execute('INSERT INTO announce_photos (eid, attachmime, attach, x, y) VALUES ({?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $eid, $type, $upload->getContents(), $x, $y); $upload->rm(); } } } if ($action == 'edit') { $res = XDB::query('SELECT titre, texte, expiration, promo_min, promo_max, FIND_IN_SET(\'important\', flags), attach IS NOT NULL FROM announces AS e LEFT JOIN announce_photos AS p ON(e.id = p.eid) WHERE id={?}', $eid); list($titre, $texte, $expiration, $promo_min, $promo_max, $important, $img) = $res->fetchOneRow(); $page->assign('titre', $titre); $page->assign('texte', $texte); $page->assign('promo_min', $promo_min); $page->assign('promo_max', $promo_max); $page->assign('expiration', $expiration); $page->assign('important', $important); $page->assign('eid', $eid); $page->assign('img', $img); $page->assign_by_ref('upload', $upload); $select = ""; for ($i = 1; $i < 30; $i++) { $p_stamp = date("Ymd", time() + 3600 * 24 * $i); $year = substr($p_stamp, 0, 4); $month = substr($p_stamp, 4, 2); $day = substr($p_stamp, 6, 2); $select .= "<option value=\"{$p_stamp}\"" . ($p_stamp == strtr($expiration, array("-" => "")) ? " selected" : "") . "> {$day} / {$month} / {$year}</option>\n"; } $page->assign('select', $select); } else { switch ($action) { case 'delete': S::assert_xsrf_token(); XDB::execute('DELETE from announces WHERE id = {?}', $eid); break; case "archive": S::assert_xsrf_token(); XDB::execute('UPDATE announces SET creation_date = creation_date, flags = CONCAT(flags,",archive") WHERE id = {?}', $eid); break; case "unarchive": S::assert_xsrf_token(); XDB::execute('UPDATE announces SET creation_date = creation_date, flags = REPLACE(flags,"archive","") WHERE id = {?}', $eid); $action = 'archives'; $arch = true; break; case "valid": S::assert_xsrf_token(); XDB::execute('UPDATE announces SET creation_date = creation_date, flags = CONCAT(flags,",valide") WHERE id = {?}', $eid); break; case "unvalid": S::assert_xsrf_token(); XDB::execute('UPDATE announces SET creation_date = creation_date, flags = REPLACE(flags,"valide", "") WHERE id = {?}', $eid); break; } $pid = $eid && $action == 'preview' ? $eid : -1; $sql = "SELECT e.id, e.titre, e.texte,e.id = {$pid} AS preview, e.uid,\n DATE_FORMAT(e.creation_date,'%d/%m/%Y %T') AS creation_date,\n DATE_FORMAT(e.expiration,'%d/%m/%Y') AS expiration,\n e.promo_min, e.promo_max,\n FIND_IN_SET('valide', e.flags) AS fvalide,\n FIND_IN_SET('archive', e.flags) AS farch,\n FIND_IN_SET('wiki', e.flags) AS wiki\n FROM announces AS e\n WHERE " . ($arch ? "" : "!") . "FIND_IN_SET('archive',e.flags)\n ORDER BY FIND_IN_SET('valide',e.flags), e.expiration DESC"; $page->assign('evs', XDB::iterator($sql)); } $page->assign('arch', $arch); $page->assign('admin_evts', true); }
function handler_register($page, $hash = null) { $page->forceSkin('register'); $alert = array(); $alert_details = ''; $subState = new PlDict(S::v('subState', array())); if (!$subState->has('step')) { $subState->set('step', 0); } if (!$subState->has('backs')) { $subState->set('backs', new PlDict()); } if (Get::has('back') && Get::i('back') < $subState->i('step')) { $subState->set('step', max(0, Get::i('back'))); $subState->v('backs')->set($subState->v('backs')->count() + 1, $subState->dict()); $subState->v('backs')->kill('backs'); if ($subState->v('backs')->count() == 3) { $alert[] = "Tentative d'inscription très hésitante"; $alert_details .= "\n * Retours en arrières : 3."; } } if ($hash) { $res = XDB::query("SELECT a.uid, a.hruid, ppn.lastname_initial AS lastname, ppn.firstname_initial AS firstname, p.xorg_id AS xorgid,\n pd.promo, pe.promo_year AS yearpromo, pde.degree AS edu_type,\n p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash, a.type, a.comment\n FROM register_marketing AS m\n INNER JOIN accounts AS a ON (m.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n INNER JOIN profile_education_degree_enum AS pde ON (pde.id = pe.degreeid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n WHERE m.hash = {?} AND a.state = 'pending'", $hash); if ($res->numRows() == 1) { $subState->merge($res->fetchOneRow()); $subState->set('main_mail_domain', User::$sub_mail_domains[$subState->v('type')]); XDB::execute('INSERT INTO register_mstats (uid, sender, success) SELECT m.uid, m.sender, 0 FROM register_marketing AS m WHERE m.hash ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)', $subState->s('hash')); } } switch ($subState->i('step')) { case 0: $wp = new PlWikiPage('Reference.Charte'); $wp->buildCache(); if (Post::has('step1')) { $subState->set('step', 1); if ($subState->has('hash')) { $subState->set('step', 3); $this->load('register.inc.php'); createAliases($subState); } } break; case 1: if (Post::has('yearpromo')) { $edu_type = Post::t('edu_type'); $yearpromo = Post::i('yearpromo'); $promo = Profile::$cycle_prefixes[$edu_type] . $yearpromo; $res = XDB::query("SELECT COUNT(*)\n FROM accounts AS a\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE a.state = 'pending' AND p.deathdate IS NULL AND pe.promo_year = {?}", $yearpromo); if (!$res->fetchOneCell()) { $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !'; } else { $subState->set('step', 2); $subState->set('promo', $promo); $subState->set('yearpromo', $yearpromo); $subState->set('edu_type', $edu_type); if ($edu_type == Profile::DEGREE_X) { if ($yearpromo >= 1996 && $yearpromo < 2000) { $subState->set('schoolid', $yearpromo % 100 * 10 . '???'); $subState->set('schoolid_exemple', $yearpromo % 100 * 10000 + 532); $subState->set('schoolid_exemple_ev2', ($yearpromo + 1) % 100 * 10000 + 532); } elseif ($yearpromo >= 2000) { $subState->set('schoolid', 100 + $yearpromo % 100 . '???'); $subState->set('schoolid_exemple', (100 + $yearpromo % 100) * 1000 + 532); $subState->set('schoolid_exemple_ev2', (100 + ($yearpromo + 1) % 100) * 1000 + 532); } } } } break; case 2: if (count($_POST)) { $this->load('register.inc.php'); $subState->set('firstname', Post::t('firstname')); $subState->set('lastname', Post::t('lastname')); if (Post::has('schoolid')) { $subState->set('schoolid', Post::i('schoolid')); } $error = checkNewUser($subState); if ($error !== true) { break; } $error = createAliases($subState); if ($error === true) { unset($error); $subState->set('step', 3); } } break; case 3: if (count($_POST)) { $this->load('register.inc.php'); // Validate the email address format and domain. require_once 'emails.inc.php'; $user = User::get($subState->s('uid')); if (!isvalid_email(Post::v('email'))) { $error[] = "Le champ 'Email' n'est pas valide."; } elseif (!isvalid_email_redirection(Post::v('email'), $user)) { $error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant ' . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.'; } // Validate the birthday format and range. $birth = Post::t('birthdate'); if (!preg_match('@^[0-3]?\\d/[01]?\\d/(19|20)?\\d{2}$@', $birth)) { $error[] = "La 'Date de naissance' n'est pas correcte."; } else { $birth = explode('/', $birth, 3); for ($i = 0; $i < 3; ++$i) { $birth[$i] = intval($birth[$i]); } if ($birth[2] < 100) { $birth[2] += 1900; } $year = $birth[2]; $ref_year = substr($subState->v('birthdateRef'), 0, 4); if (abs($ref_year - $year) > 2) { $error[] = "La 'Date de naissance' n'est pas correcte."; $alert[] = "Date de naissance incorrecte à l'inscription"; $alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate'); if ($subState->v('birthdateRef') == '0000-00-00') { $alert_details .= ' (date inconnue)'; } else { $alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')'; } $subState->set('wrong_birthdate', $birth); } } // Register the optional services requested by the user. $services = array(); foreach (array('com_letters', 'imap', 'ml_promo', 'nl') as $service) { if (Post::b($service)) { $services[] = $service; } } $subState->set('services', $services); // Validate the password. if (!Post::v('pwhash', false)) { $error[] = "Le mot de passe n'est pas valide."; } // Check if the given email is known as dangerous. $res = XDB::query("SELECT state, description\n FROM email_watch\n WHERE email = {?} AND state != 'safe'", Post::v('email')); $bannedEmail = false; if ($res->numRows()) { list($state, $description) = $res->fetchOneRow(); $alert[] = "Email surveillé proposé à l'inscription"; $alert_details .= "\n * Email surveillé : " . Post::v('email'); $subState->set('email_desc', $description); if ($state == 'dangerous') { $bannedEmail = true; } } if ($subState->i('watch') != 0) { $alert[] = "Inscription d'un utilisateur surveillé"; $alert_details .= "\n * Commentaire pour la surveillance : " . $subState->v('comment'); } if ($bannedIp = check_ip('unsafe')) { unset($error); } if (isset($error)) { $error = join('<br />', $error); } else { $subState->set('birthdate', sprintf("%04d-%02d-%02d", intval($birth[2]), intval($birth[1]), intval($birth[0]))); $subState->set('email', Post::t('email')); $subState->set('password', Post::t('pwhash')); // Update the current alert if the birthdate is incorrect, // or if the IP address of the user has been banned. if ($subState->s('birthdateRef') != '0000-00-00' && $subState->s('birthdateRef') != $subState->s('birthdate')) { $alert[] = "Date de naissance incorrecte à l'inscription"; $alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate'); if ($subState->v('birthdateRef') == '0000-00-00') { $alert_details .= ' (date inconnue)'; } else { $alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')'; } } if ($bannedIp) { $alert[] = "Tentative d'inscription depuis une IP surveillée"; $alert_details .= "\n * IP surveillée : " . $_SESSION['check_ip']; } // Prevent banned user from actually registering; save the current state for others. if ($bannedEmail || $bannedIp) { global $globals; $error = "Une erreur s'est produite lors de l'inscription." . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>" . " register@{$globals->mail->domain}</a>" . " pour nous faire part de cette erreur."; } else { $subState->set('step', 4); if ($subState->v('backs')->count() >= 3) { $alert[] = "Fin d'une inscription hésitante"; $alert_details .= "\n * Nombre de retours en arrière : " . $subState->v('backs')->count(); } finishRegistration($subState); } } } break; } $_SESSION['subState'] = $subState->dict(); if (count($alert)) { $alert_details = "Détails des alertes :" . $alert_details . "\n\n"; $alert_details .= 'Compte concerné : ' . $subState->s('forlife') . ' (redirection vers : ' . ($subState->s('email') == '' ? Post::t('email') : $subState->s('email')) . ")\n\n\n"; send_warning_mail(implode(' - ', $alert), $alert_details); } $page->changeTpl('register/step' . $subState->i('step') . '.tpl'); if (isset($error)) { $page->trigError($error); } }
public function process(&$global_success) { $global_success = true; $this->fetchData(); foreach ($this->settings as $field => &$setting) { $success = false; if (!is_null($setting)) { $this->values[$field] = $setting->value($this, $field, Post::v($field, ''), $success); } else { $success = true; $this->values[$field] = Post::v($field, ''); } $this->errors[$field] = !$success; $global_success = $global_success && $success; } if ($global_success) { if ($this->checkChanges()) { /* Save changes atomically to avoid inconsistent state * in case of error. */ if (!XDB::runTransaction(array($this, 'saveData'))) { $global_success = false; return PlWizard::CURRENT_PAGE; } $this->markChange(); } // XXX: removes this code once all merge related issues have been fixed. static $issues = array(0 => array('name', 'promo', 'phone', 'education'), 1 => array('address'), 2 => array('job')); if (isset($issues[Post::i('valid_page')])) { foreach ($issues[Post::i('valid_page')] as $issue) { XDB::execute("UPDATE profile_merge_issues\n SET issues = REPLACE(issues, {?}, '')\n WHERE pid = {?}", $issue, $this->pid()); } } return Post::has('next_page') ? PlWizard::NEXT_PAGE : PlWizard::CURRENT_PAGE; } $text = "Certains champs n'ont pas pu être validés, merci de corriger les informations " . (S::user()->isMe($this->owner) ? "de ton profil et de revalider ta demande." : "du profil et de revalider ta demande."); Platal::page()->trigError($text); return PlWizard::CURRENT_PAGE; }
function handler_edit_announce($page, $aid = null) { global $globals, $platal; $page->changeTpl('xnetgrp/announce-edit.tpl'); $page->assign('new', is_null($aid)); $art = array(); if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') { S::assert_xsrf_token(); if (!is_null($aid)) { $art['id'] = $aid; } $art['titre'] = Post::v('titre'); $art['texte'] = Post::v('texte'); $art['contacts'] = Post::v('contacts'); $art['promo_min'] = Post::i('promo_min'); $art['promo_max'] = Post::i('promo_max'); $art['nom'] = S::v('nom'); $art['prenom'] = S::v('prenom'); $art['promo'] = S::v('promo'); $art['hruid'] = S::user()->login(); $art['uid'] = S::user()->id(); $art['expiration'] = Post::v('expiration'); $art['public'] = Post::has('public'); $art['xorg'] = Post::has('xorg'); $art['nl'] = Post::has('nl'); $art['event'] = Post::v('event'); $upload = new PlUpload(S::user()->login(), 'xnetannounce'); $this->upload_image($page, $upload); $art['contact_html'] = $art['contacts']; if ($art['event']) { $art['contact_html'] .= "\n{$globals->baseurl}/{$platal->ns}events/sub/{$art['event']}"; } if (!$art['public'] && ($art['promo_min'] > $art['promo_max'] && $art['promo_max'] != 0 || $art['promo_min'] != 0 && ($art['promo_min'] <= 1900 || $art['promo_min'] >= 2020) || $art['promo_max'] != 0 && ($art['promo_max'] <= 1900 || $art['promo_max'] >= 2020))) { $page->trigError("L'intervalle de promotions est invalide."); Post::kill('valid'); } if (!trim($art['titre']) || !trim($art['texte'])) { $page->trigError("L'article doit avoir un titre et un contenu."); Post::kill('valid'); } if (Post::v('valid') == 'Supprimer l\'image') { $upload->rm(); Post::kill('valid'); } $art['photo'] = $upload->exists() || Post::i('photo'); if (Post::v('valid') == 'Pas d\'image' && !is_null($aid)) { XDB::query('DELETE FROM group_announces_photo WHERE eid = {?}', $aid); $upload->rm(); Post::kill('valid'); $art['photo'] = false; } } if (Post::v('valid') == 'Enregistrer') { $promo_min = $art['public'] ? 0 : $art['promo_min']; $promo_max = $art['public'] ? 0 : $art['promo_max']; $flags = new PlFlagSet(); if ($art['public']) { $flags->addFlag('public'); } if ($art['photo']) { $flags->addFlag('photo'); } if (is_null($aid)) { $fulltext = $art['texte']; if (!empty($art['contact_html'])) { $fulltext .= "\n\n'''Contacts :'''\\\\\n" . $art['contact_html']; } $post = null; if ($globals->asso('forum')) { require_once 'banana/forum.inc.php'; $banana = new ForumsBanana(S::user()); $post = $banana->post($globals->asso('forum'), null, $art['titre'], MiniWiki::wikiToText($fulltext, false, 0, 80)); } XDB::query('INSERT INTO group_announces (uid, asso_id, create_date, titre, texte, contacts, expiration, promo_min, promo_max, flags, post_id) VALUES ({?}, {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', S::i('uid'), $globals->asso('id'), $art['titre'], $art['texte'], $art['contact_html'], $art['expiration'], $promo_min, $promo_max, $flags, $post); $aid = XDB::insertId(); if ($art['photo']) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', $aid, $imgtype, $imgx, $imgy, $upload->getContents()); } if ($art['xorg']) { $article = new EvtReq("[{$globals->asso('nom')}] " . $art['titre'], $fulltext, $art['promo_min'], $art['promo_max'], $art['expiration'], "", S::user(), $upload); $article->submit(); $page->trigWarning("L'affichage sur la page d'accueil de Polytechnique.org est en attente de validation."); } else { if ($upload && $upload->exists()) { $upload->rm(); } } if ($art['nl']) { $article = new NLReq(S::user(), $globals->asso('nom') . " : " . $art['titre'], $art['texte'], $art['contact_html']); $article->submit(); $page->trigWarning("La parution dans la Lettre Mensuelle est en attente de validation."); } } else { XDB::query('UPDATE group_announces SET titre = {?}, texte = {?}, contacts = {?}, expiration = {?}, promo_min = {?}, promo_max = {?}, flags = {?} WHERE id = {?} AND asso_id = {?}', $art['titre'], $art['texte'], $art['contacts'], $art['expiration'], $promo_min, $promo_max, $flags, $art['id'], $globals->asso('id')); if ($art['photo'] && $upload->exists()) { list($imgx, $imgy, $imgtype) = $upload->imageInfo(); XDB::execute('INSERT INTO group_announces_photo (eid, attachmime, attach, x, y) VALUES ({?}, {?}, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $aid, $imgtype, $upload->getContents(), $imgx, $imgy); $upload->rm(); } } } if (Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Annuler') { pl_redirect(""); } if (empty($art) && !is_null($aid)) { $res = XDB::query("SELECT *, FIND_IN_SET('public', flags) AS public,\n FIND_IN_SET('photo', flags) AS photo\n FROM group_announces\n WHERE asso_id = {?} AND id = {?}", $globals->asso('id'), $aid); if ($res->numRows()) { $art = $res->fetchOneAssoc(); $art['contact_html'] = $art['contacts']; } else { $page->kill("Aucun article correspond à l'identifiant indiqué."); } } if (is_null($aid)) { $events = XDB::iterator("SELECT *\n FROM group_events\n WHERE asso_id = {?} AND archive = 0", $globals->asso('id')); if ($events->total()) { $page->assign('events', $events); } } $art['contact_html'] = @MiniWiki::WikiToHTML($art['contact_html']); $page->assign('art', $art); $page->assign_by_ref('upload', $upload); }
function handler_admin_medals($page, $action = 'list', $id = null) { $page->setTitle('Administration - Distinctions'); $page->assign('title', 'Gestion des Distinctions'); $table_editor = new PLTableEditor('admin/medals', 'profile_medal_enum', 'id'); $table_editor->describe('text', 'intitulé', true); $table_editor->describe('img', 'nom de l\'image', false, true); $table_editor->describe('flags', 'valider', true); $table_editor->apply($page, $action, $id); if ($id && $action == 'edit') { $page->changeTpl('profile/admin_decos.tpl'); $mid = $id; if (Post::v('act') == 'del') { XDB::execute('DELETE FROM profile_medal_grade_enum WHERE mid={?} AND gid={?}', $mid, Post::i('gid')); } else { foreach (Post::v('grades', array()) as $gid => $text) { if ($gid === 0) { if (!empty($text)) { $res = XDB::query('SELECT MAX(gid) FROM profile_medal_grade_enum WHERE mid = {?}', $mid); $gid = $res->fetchOneCell() + 1; XDB::execute('INSERT INTO profile_medal_grade_enum (mid, gid, text, pos) VALUES ({?}, {?}, {?}, {?})', $mid, $gid, $text, $_POST['pos']['0']); } } else { XDB::execute('UPDATE profile_medal_grade_enum SET pos={?}, text={?} WHERE gid={?} AND mid={?}', $_POST['pos'][$gid], $text, $gid, $mid); } } } $res = XDB::iterator('SELECT gid, text, pos FROM profile_medal_grade_enum WHERE mid={?} ORDER BY pos', $mid); $page->assign('grades', $res); } }