function callback($ctx)
{
$jump = htmlspecialchars(trim($_GET['jump']));
self::validate_url($jump);
if (!$this->appid || !$this->secret) {
_redirect($jump);
}
$code = urlencode(htmlspecialchars(trim($_GET['code'])));
if (!$code) {
_redirect($jump);
}
$wx_url = 'https://api.weixin.qq.com/sns/oauth2/access_token';
$wx_url = "{$wx_url}?appid={$this->appid}&secret={$this->secret}&code={$code}&grant_type=authorization_code";
$resp = Http::get($wx_url);
$ret = @json_decode($resp, true);
if (is_array($ret) && $ret['openid']) {
$connect = WxConnect::get_by('wx_openid', $ret['openid']);
if ($connect) {
Logger::info("wx_openid[{$ret['openid']}] oauth login, uid: {$connect->user_id}");
$profile = Profile::get($connect->user_id);
if ($profile && $profile->status != Profile::STATUS_LOCK) {
UC::force_login($profile);
}
} else {
// 兼容 /weixin/bind, 因为它依赖 session 中的 openid, 所以这里设置
session_start();
$_SESSION['wx_openid'] = $ret['openid'];
}
} else {
Logger::info("weixin oauth, code: {$code}, resp: {$resp}, " . Http::$error);
}
_redirect($jump);
}
public function addProfile($profile)
{
$profile = Profile::get($profile, Profile::FETCH_ALL, $this->visibility);
if ($profile) {
$this->profile_list[] = $profile;
$this->count++;
}
}
function handler_photo($page, $x = null)
{
if (!$x || !($profile = Profile::get($x))) {
return PL_NOT_FOUND;
}
// Retrieve the photo and its mime type.
$photo = $profile->getPhoto(true, true);
// Display the photo, or a default one when not available.
$photo->send();
}
function doPlatalLink($link, $text)
{
if (strlen(trim($text)) == 0) {
$profile = Profile::get($link);
if (!$profile) {
return '##Utilisateur inconnu##' . $text . '##';
}
$text = $profile->fullName();
}
return '<a href="profile/' . $link . '" class="popup2">' . $text . '</a>';
}
public function __construct(User $_user, array $_address, $_pid, $_jobid, $_groupid, $_type, $_id, $_stamp = 0)
{
$_profile = Profile::get($_pid);
parent::__construct($_user, $_profile, false, 'address', $_stamp);
$this->key_pid = $_pid;
$this->key_jobid = $_jobid;
$this->key_groupid = $_groupid;
$this->key_type = $_type;
$this->key_id = $_id;
$this->given_text = $_address['text'];
$this->address = $_address;
}
public function testProfile()
{
$p = new Profile();
$p->start('foo');
$p->start('bar');
$p->start('foo');
$p->stop();
// stop foo 2
$p->stop();
// stop bar
$p->start('che');
$p->stop();
// stop che 1
$p->stop();
// stop foo 1
$map = $p->get();
$this->assertTrue(isset($map['foo']['children']['bar']['children']['foo']));
$this->assertTrue(isset($map['foo']['children']['che']));
}
function index($ctx)
{
$jump = htmlspecialchars(trim($_GET['jump']));
$host = Html::host();
if (!preg_match("/http(s)?:\\/\\/[^\\/]*{$host}\\//", $jump)) {
$jump = '';
}
// 验证 token
$token = htmlspecialchars(trim($_GET['token']));
if (strlen($token) == 32) {
$sess = WxTmpLogin::get_session($token);
if ($sess) {
WxTmpLogin::del_session($token);
}
}
if (!$sess) {
#if($token && !$_SESSION['wx_openid']){
# _throw("链接已经过期, 请重新获取微信消息!", 200);
#}
_redirect($jump);
}
session_start();
$_SESSION['wx_openid'] = $sess['openid'];
$connect = WxConnect::get_by('wx_openid', $sess['openid']);
if (!$connect) {
setcookie(WxTmpLogin::COOKIE_KEY_AUTO_BIND_WX, 1, time() + 3600 * 24, '/');
Logger::info("not connected wx_openid: {$sess['openid']}");
UC::logout();
} else {
$uid = $connect->user_id;
$profile = Profile::get($uid);
setcookie('ltz_wx_binded', 1, time() + 3600 * 24 * 365, "/");
// 已经绑定了,直接删除该cookie
if (isset($_COOKIE[WxTmpLogin::COOKIE_KEY_AUTO_BIND_WX])) {
setcookie(WxTmpLogin::COOKIE_KEY_AUTO_BIND_WX, '', time() - 1, '/');
}
Logger::info("wx_openid[{$sess['openid']}] login, uid: {$uid}, {$profile->name}");
UC::force_login($profile);
}
_redirect($jump);
}
$posts->post();
print $posts->printOutput();
} else {
if (isset($_POST["deleteid"])) {
$utils = new Utils($auth);
if (isset($_POST["deleteid"]) && $_POST["deleteid"] != "" && is_numeric($_POST["deleteid"])) {
$id = $_POST["deleteid"];
$utils->deleteComment($id);
print $utils->printOutput();
} else {
$utils->setOutput(self::$FAIL, "id is missing or invalid");
}
} else {
if (isset($_GET["get"]) && $_GET["get"] == "profile") {
$profile = new Profile($auth);
$profile->get();
print $profile->printOutput();
} else {
if (isset($_POST["userdesc"])) {
$profile = new Profile($auth);
$profile->post();
print $profile->printOutput();
} else {
if (isset($_POST["skilletRequest"])) {
$skillet = new Skillet($auth);
$skillet->skilletRequest();
print $skillet->printOutput();
} else {
if (isset($_POST["deletefile"])) {
$utils = new Utils($auth);
if (isset($_POST["id"]) && $_POST["id"] != "" && is_numeric($_POST["id"])) {
// Retrieves all the names to convert.
$conversions = 0;
$names = XDB::iterator('SELECT pid, lastname_initial, lastname_main, lastname_marital, lastname_ordinary,
firstname_initial, firstname_main, firstname_ordinary, pseudonym
FROM profile_public_names');
$name_list = array('lastname_initial', 'lastname_main', 'lastname_marital', 'lastname_ordinary', 'firstname_initial', 'firstname_main', 'firstname_ordinary', 'pseudonym');
$total = $names->total();
while ($item = $names->next()) {
foreach ($name_list as $type) {
$item[$type] = capitalize_name_checked($item[$type]);
}
XDB::execute('UPDATE profile_public_names
SET lastname_initial = {?}, lastname_main = {?}, lastname_marital = {?}, lastname_ordinary = {?},
firstname_initial = {?}, firstname_main = {?}, firstname_ordinary = {?}, pseudonym = {?}
WHERE pid = {?}', $item['lastname_initial'], $item['lastname_main'], $item['lastname_marital'], $item['lastname_ordinary'], $item['firstname_initial'], $item['firstname_main'], $item['firstname_ordinary'], $item['pseudonym'], $item['pid']);
$profile = Profile::get($item['pid']);
update_display_names($profile, $item);
printf("\r%u / %u", $conversions, $total);
$conversions++;
unset($item, $profile);
}
printf("\r%u / %u", $conversions, $total);
echo "\n{$conversions} names from profiles properly recapitalized.\n";
$conversions = 0;
$names = XDB::iterator('SELECT uid, firstname, lastname
FROM accounts
WHERE NOT EXISTS (SELECT 1
FROM account_profiles
WHERE account_profiles.uid = accounts.uid)');
$total = $names->total();
while ($item = $names->next()) {
function handler_contacts($page, $action = null, $subaction = null, $ssaction = null)
{
$page->setTitle('Mes contacts');
$this->_add_rss_link($page);
// For XSRF protection, checks both the normal xsrf token, and the special RSS token.
// It allows direct linking to contact adding in the RSS feed.
if (Env::v('action') && Env::v('token') !== S::user()->token) {
S::assert_xsrf_token();
}
switch (Env::v('action')) {
case 'retirer':
if ($contact = Profile::get(Env::v('user'))) {
$this->delRegistered($page, $contact);
}
break;
case 'ajouter':
if ($contact = Profile::get(Env::v('user'))) {
$this->addRegistered($page, $contact);
}
break;
}
$search = false;
$user = S::user();
require_once 'userset.inc.php';
if ($action == 'search') {
$action = $subaction;
$subaction = $ssaction;
$search = true;
}
if ($search && trim(Env::v('quick'))) {
$base = 'carnet/contacts/search';
$view = new QuickSearchSet(new UFC_Contact($user));
} else {
$base = 'carnet/contacts';
$view = new ProfileSet(new UFC_Contact($user));
}
$view->addMod('minifiche', 'Mini-fiches', true);
$view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
$view->addMod('map', 'Planisphère');
$view->apply('carnet/contacts', $page, $action, $subaction);
$page->changeTpl('carnet/mescontacts.tpl');
}
function handler_recovery($page)
{
global $globals;
$page->changeTpl('platal/recovery.tpl');
if (!Env::has('login') || !Env::has('birth')) {
return;
}
if (!preg_match('/^[0-3][0-9][0-1][0-9][1][9]([0-9]{2})$/', Env::v('birth'))) {
$page->trigError('Date de naissance incorrecte ou incohérente');
return;
}
$birth = sprintf('%s-%s-%s', substr(Env::v('birth'), 4, 4), substr(Env::v('birth'), 2, 2), substr(Env::v('birth'), 0, 2));
$mailorg = strtok(Env::v('login'), '@');
$profile = Profile::get(Env::t('login'));
if (is_null($profile) || $profile->birthdate != $birth) {
$page->trigError('Les informations que tu as rentrées ne permettent pas de récupérer ton mot de passe.<br />' . 'Si tu as un homonyme, utilise prenom.nom.promo comme login');
return;
}
$user = $profile->owner();
if ($user->state != 'active') {
$page->trigError('Ton compte n\'est pas activé.');
return;
}
if ($user->lost) {
$page->assign('no_addr', true);
return;
}
$page->assign('ok', true);
$url = rand_url_id();
XDB::execute('INSERT INTO account_lost_passwords (certificat,uid,created)
VALUES ({?},{?},NOW())', $url, $user->id());
$to = XDB::fetchOneCell('SELECT redirect
FROM email_redirect_account
WHERE uid = {?} AND redirect = {?}', $user->id(), Post::t('email'));
if (is_null($to)) {
$emails = XDB::fetchColumn('SELECT redirect
FROM email_redirect_account
WHERE uid = {?} AND flags = \'inactive\' AND type = \'smtp\'', $user->id());
$inactives_to = implode(', ', $emails);
}
$mymail = new PlMailer();
$mymail->setFrom('"Gestion des mots de passe" <support+password@' . $globals->mail->domain . '>');
if (is_null($to)) {
$mymail->addTo($user);
$log_to = $user->bestEmail();
if (!is_null($inactives_to)) {
$log_to = $inactives_to . ', ' . $log_to;
$mymail->addTo($inactives_to);
}
} else {
$mymail->addTo($to);
$log_to = $to;
}
$mymail->setSubject("Ton certificat d'authentification");
$mymail->setTxtBody("Visite la page suivante qui expire dans six heures :\n{$globals->baseurl}/tmpPWD/{$url}\n\nSi en cliquant dessus tu n'y arrives pas, copie intégralement l'adresse dans la barre de ton navigateur. Si tu n'as pas utilisé ce lien dans six heures, tu peux tout simplement recommencer cette procédure.\n\n--\nPolytechnique.org\n\"Le portail des élèves & anciens élèves de l'École polytechnique\"\n\nEmail envoyé à " . Env::v('login') . (is_null($to) ? '' : '
Adresse de secours : ' . $to));
$mymail->send();
S::logger($user->id())->log('recovery', $log_to);
}
public function getProfile($pos = 0, $fields = 0x0, $visibility = null)
{
$pid = $this->getPID($pos);
if ($pid == null) {
return null;
} else {
return Profile::get($pid, $fields, $visibility);
}
}
/** Return the main profile attached with this account if any.
*/
public function profile($forceFetch = false, $fields = 0x0, $visibility = null)
{
if (!$this->_profile_fetched || $forceFetch) {
$this->_profile_fetched = true;
$this->_profile = Profile::get($this, $fields, $visibility);
} else {
if ($this->_profile !== null && $visibility !== null && !$this->_profile->visibility->equals($visibility)) {
return Profile::get($this, $fields, $visibility);
}
}
return $this->_profile;
}
private function unbind($xml)
{
$from = $xml->FromUserName;
$to = $xml->ToUserName;
$connect = WxConnect::get_by('wx_openid', $from);
if ($connect) {
$profile = Profile::get($connect->user_id);
$name = $profile->name;
WxConnect::delete($connect->id);
$this->wx_reply->imm_reply_text($to, $from, "尊敬的" . $name . ",您已经成功取消微信账号和懒投资账号绑定。");
} else {
$this->wx_reply->imm_reply_text($to, $from, "尊敬的用户,您未绑定微信账号和懒投资账号。");
}
}
function handler_deaths($page, $promo = 0, $validate = false)
{
$page->changeTpl('admin/deces_promo.tpl');
$page->setTitle('Administration - Deces');
if (!$promo) {
$promo = Env::t('promo', 'X1923');
}
$page->assign('promo', $promo);
if (!$promo) {
return;
}
if ($validate) {
S::assert_xsrf_token();
$res = XDB::iterRow('SELECT p.pid, pd.directory_name, p.deathdate
FROM profiles AS p
INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
WHERE pd.promo = {?}', $promo);
while (list($pid, $name, $death) = $res->next()) {
$val = Env::v('death_' . $pid);
if ($val == $death) {
continue;
}
if (empty($val)) {
$val = null;
}
XDB::execute('UPDATE profiles
SET deathdate = {?}, deathdate_rec = NOW()
WHERE pid = {?}', $val, $pid);
$page->trigSuccess('Édition du décès de ' . $name . ' (' . ($val ? $val : 'ressuscité') . ').');
if ($val && ($death == '0000-00-00' || empty($death))) {
$profile = Profile::get($pid);
$profile->clear();
$profile->owner()->clear(false);
}
}
}
$res = XDB::iterator('SELECT p.pid, pd.directory_name, p.deathdate
FROM profiles AS p
INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
WHERE pd.promo = {?}
ORDER BY pd.sort_name', $promo);
$page->assign('profileList', $res);
}
/**
* @return Profile object for the current user
*/
public function getProfile()
{
return Profile::get($this->id);
}
function handler_vcard($page, $x = null)
{
if (is_null($x)) {
return PL_NOT_FOUND;
}
global $globals;
if (substr($x, -4) == '.vcf') {
$x = substr($x, 0, strlen($x) - 4);
}
$vcard = new VCard();
$vcard->addProfile(Profile::get($x, Profile::FETCH_ALL));
$vcard->show();
}
while ($row = $pids->next()) {
$pid = $row[0];
// Find the address which would be selected as "AX mail"
// But don't update anything
$best_mail = Address::updateBestMail($pid, true);
if (is_null($best_mail)) {
continue;
}
// Just continue if the returned address is already selected
$flags = new PlFlagSet($best_mail['flags']);
if ($flags->hasFlag('dn_best_mail')) {
continue;
}
// The current profile is buggy.
// Let's fetch more data to print detailed information
$profile = Profile::get($pid);
$addresses = ProfileField::getForPID('ProfileAddresses', array($pid), $admin_visibility);
$addresses = $addresses->get(Profile::ADDRESS_POSTAL);
$old_mail = null;
$new_mail = null;
foreach ($addresses as $addr) {
if ($addr->flags->hasFlag('dn_best_mail')) {
$old_mail = $addr;
} else {
if ($addr->id == $best_mail['id']) {
$new_mail = $addr;
}
}
}
echo "Profile " . $profile->hrid() . " ({$pid}) has a wrongly selected best mail.\n";
if (is_null($old_mail)) {
private function fillProfile(array $vals)
{
$pf = Profile::get($vals[0], 0x0, $this->visibility);
$pf->setFetchedFields($this->fields);
if ($this->hasData(Profile::FETCH_PHONES, $vals)) {
$pf->setPhones($vals[Profile::FETCH_PHONES]);
}
if ($this->hasData(Profile::FETCH_ADDRESSES, $vals)) {
$pf->setAddresses($vals[Profile::FETCH_ADDRESSES]);
}
if ($this->hasData(Profile::FETCH_JOBS, $vals)) {
$pf->setJobs($vals[Profile::FETCH_JOBS]);
}
if ($this->hasData(Profile::FETCH_JOB_TERMS, $vals)) {
$pf->setJobTerms($vals[Profile::FETCH_JOB_TERMS]);
}
if ($this->hasData(Profile::FETCH_CORPS, $vals)) {
$pf->setCorps($vals[Profile::FETCH_CORPS]);
}
if ($this->hasData(Profile::FETCH_EDU, $vals)) {
$pf->setEducations($vals[Profile::FETCH_EDU]);
}
if ($this->hasData(Profile::FETCH_MEDALS, $vals)) {
$pf->setMedals($vals[Profile::FETCH_MEDALS]);
}
if ($this->hasData(Profile::FETCH_NETWORKING, $vals)) {
$pf->setNetworking($vals[Profile::FETCH_NETWORKING]);
}
return $pf;
}
