function event()
{
if ($this->asso_id) {
$res = XDB::query("SELECT e.eid, a.diminutif\n FROM group_events AS e\n INNER JOIN groups AS a ON (e.asso_id = a.id)\n LEFT JOIN group_event_participants AS p ON (p.eid = e.eid AND p.uid = {?})\n WHERE e.paiement_id = {?} AND p.uid IS NULL", S::i('uid'), $this->id);
if ($res->numRows()) {
return $res->fetchOneAssoc();
}
}
return null;
}
public function Prepare($page)
{
parent::Prepare($page);
$res = XDB::iterRow("SELECT sub, domain\n FROM register_subs\n WHERE uid = {?} AND type = 'list'\n ORDER BY domain", S::i('uid'));
$lists = array();
while (list($sub, $domain) = $res->next()) {
$mlist = new MailingList($sub, $domain);
list($details, ) = $mlist->getMembers();
$lists["{$sub}@{$domain}"] = $details;
}
$page->assign_by_ref('lists', $lists);
}
protected function doAuth($level)
{
if (S::identified()) {
// Nothing to do there
return User::getSilentWithValues(null, array('uid' => S::i('uid')));
}
if (!Get::has('auth')) {
return null;
}
global $globals;
if (md5('1' . S::v('challenge') . $globals->xnet->secret . Get::i('uid') . '1') != Get::v('auth')) {
return null;
}
Get::kill('auth');
S::set('auth', AUTH_PASSWD);
return User::getSilentWithValues(null, array('uid' => Get::i('uid')));
}
function handler_ig_events($page)
{
require_once 'gadgets/gadgets.inc.php';
init_igoogle_html('gadgets/ig-events.tpl', AUTH_COOKIE);
$events = XDB::iterator("SELECT SQL_CALC_FOUND_ROWS\n e.id, e.titre, UNIX_TIMESTAMP(e.creation_date) AS creation_date,\n ev.uid IS NULL AS nonlu, e.uid\n FROM announces AS e\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY e.creation_date DESC", S::i('uid'));
$page->assign('event_count', XDB::query("SELECT FOUND_ROWS()")->fetchOneCell());
Platal::load('events', 'feed.inc.php');
$user = S::user();
$data = array();
while ($e = PlFeed::nextEvent($events, $user)) {
$data[] = $e;
if (count($data) == 5) {
break;
}
}
$page->assign('events', $data);
}
function handler_sso($page)
{
$this->load('sso.inc.php');
// First, perform security checks.
if (!wats4u_sso_check()) {
return PL_BAD_REQUEST;
}
global $globals;
if (!S::logged()) {
// Request auth.
$page->assign('external_auth', true);
$page->assign('ext_url', $globals->wats4u->public_url);
$page->setTitle('Authentification');
$page->setDefaultSkin('group_login');
$page->assign('group', null);
return PL_DO_AUTH;
}
if (!S::user()->checkPerms(PERMS_USER)) {
// External (X.net) account
return PL_FORBIDDEN;
}
// Update the last login information (unless the user is in SUID).
$uid = S::i('uid');
if (!S::suid()) {
global $platal;
S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url']));
}
// If we logged in specifically for this 'external_auth' request
// and didn't want to "keep access to services", we kill the session
// just before returning.
// See classes/xorgsession.php:startSessionAs
if (S::b('external_auth_exit')) {
S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->killAccessCookie();
Platal::session()->destroy();
}
// Compute return URL
$full_return = wats4u_sso_build_return_url(S::user());
if ($full_return === "") {
// Something went wrong
$page->kill("Erreur dans le traitement de la requête Wats4U.");
}
http_redirect($full_return);
}
function handler_skin($page)
{
global $globals;
$page->changeTpl('platal/skins.tpl');
$page->setTitle('Skins');
if (Env::has('newskin')) {
// formulaire soumis, traitons les données envoyées
XDB::execute('UPDATE accounts
SET skin = {?}
WHERE uid = {?}', Env::i('newskin'), S::i('uid'));
S::kill('skin');
Platal::session()->setSkin();
}
$res = XDB::query('SELECT id
FROM skins
WHERE skin_tpl = {?}', S::v('skin'));
$page->assign('skin_id', $res->fetchOneCell());
$sql = 'SELECT s.*, auteur, COUNT(*) AS nb
FROM skins AS s
LEFT JOIN accounts AS a ON (a.skin = s.id)
WHERE skin_tpl != \'\' AND ext != \'\'
GROUP BY id ORDER BY s.date DESC';
$page->assign('skins', XDB::iterator($sql));
}
function handler_ipwatch($page, $action = 'list', $ip = null)
{
$page->changeTpl('admin/ipwatcher.tpl');
$states = array('safe' => 'Ne pas surveiller', 'unsafe' => 'Surveiller les inscriptions', 'dangerous' => 'Surveiller tous les accès', 'ban' => 'Bannir cette adresse');
$page->assign('states', $states);
switch (Post::v('action')) {
case 'create':
if (trim(Post::v('ipN')) != '') {
S::assert_xsrf_token();
Xdb::execute('INSERT IGNORE INTO ip_watch (ip, mask, state, detection, last, uid, description)
VALUES ({?}, {?}, {?}, CURDATE(), NOW(), {?}, {?})', ip_to_uint(trim(Post::v('ipN'))), ip_to_uint(trim(Post::v('maskN'))), Post::v('stateN'), S::i('uid'), Post::v('descriptionN'));
}
break;
case 'edit':
S::assert_xsrf_token();
Xdb::execute('UPDATE ip_watch
SET state = {?}, last = NOW(), uid = {?}, description = {?}, mask = {?}
WHERE ip = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), ip_to_uint(Post::v('maskN')), ip_to_uint(Post::v('ipN')));
break;
default:
if ($action == 'delete' && !is_null($ip)) {
S::assert_xsrf_token();
Xdb::execute('DELETE FROM ip_watch WHERE ip = {?}', ip_to_uint($ip));
}
}
if ($action != 'create' && $action != 'edit') {
$action = 'list';
}
$page->assign('action', $action);
if ($action == 'list') {
$sql = "SELECT w.ip, IF(s.ip IS NULL,\n IF(w.ip = s2.ip, s2.host, s2.forward_host),\n IF(w.ip = s.ip, s.host, s.forward_host)),\n w.mask, w.detection, w.state, a.hruid\n FROM ip_watch AS w\n LEFT JOIN log_sessions AS s ON (s.ip = w.ip)\n LEFT JOIN log_sessions AS s2 ON (s2.forward_ip = w.ip)\n LEFT JOIN accounts AS a ON (a.uid = s.uid)\n GROUP BY w.ip, a.hruid\n ORDER BY w.state, w.ip, a.hruid";
$it = Xdb::iterRow($sql);
$table = array();
$props = array();
while (list($ip, $host, $mask, $date, $state, $hruid) = $it->next()) {
$ip = uint_to_ip($ip);
$mask = uint_to_ip($mask);
if (count($props) == 0 || $props['ip'] != $ip) {
if (count($props) > 0) {
$table[] = $props;
}
$props = array('ip' => $ip, 'mask' => $mask, 'host' => $host, 'detection' => $date, 'state' => $state, 'users' => array($hruid));
} else {
$props['users'][] = $hruid;
}
}
if (count($props) > 0) {
$table[] = $props;
}
$page->assign('table', $table);
} elseif ($action == 'edit') {
$sql = "SELECT w.detection, w.state, w.last, w.description, w.mask,\n a1.hruid AS edit, a2.hruid AS hruid, s.host\n FROM ip_watch AS w\n LEFT JOIN accounts AS a1 ON (a1.uid = w.uid)\n LEFT JOIN log_sessions AS s ON (w.ip = s.ip)\n LEFT JOIN accounts AS a2 ON (a2.uid = s.uid)\n WHERE w.ip = {?}\n GROUP BY a2.hruid\n ORDER BY a2.hruid";
$it = Xdb::iterRow($sql, ip_to_uint($ip));
$props = array();
while (list($detection, $state, $last, $description, $mask, $edit, $hruid, $host) = $it->next()) {
if (count($props) == 0) {
$props = array('ip' => $ip, 'mask' => uint_to_ip($mask), 'host' => $host, 'detection' => $detection, 'state' => $state, 'last' => $last, 'description' => $description, 'edit' => $edit, 'users' => array($hruid));
} else {
$props['users'][] = $hruid;
}
}
$page->assign('ip', $props);
}
}
function handler_duplicated($page, $action = 'list', $email = null)
{
$page->changeTpl('emails/duplicated.tpl');
$states = array('pending' => 'En attente...', 'safe' => 'Pas d\'inquiétude', 'unsafe' => 'Recherches en cours', 'dangerous' => 'Usurpations par cette adresse');
$page->assign('states', $states);
if (Post::has('action')) {
S::assert_xsrf_token();
}
switch (Post::v('action')) {
case 'create':
if (trim(Post::v('emailN')) != '') {
Xdb::execute('INSERT IGNORE INTO email_watch (email, state, detection, last, uid, description)
VALUES ({?}, {?}, CURDATE(), NOW(), {?}, {?})', trim(Post::v('emailN')), Post::v('stateN'), S::i('uid'), Post::v('descriptionN'));
}
break;
case 'edit':
Xdb::execute('UPDATE email_watch
SET state = {?}, last = NOW(), uid = {?}, description = {?}
WHERE email = {?}', Post::v('stateN'), S::i('uid'), Post::v('descriptionN'), Post::v('emailN'));
break;
default:
if ($action == 'delete' && !is_null($email)) {
Xdb::execute('DELETE FROM email_watch WHERE email = {?}', $email);
}
}
if ($action != 'create' && $action != 'edit') {
$action = 'list';
}
$page->assign('action', $action);
if ($action == 'list') {
$it = XDB::iterRow('SELECT w.email, w.detection, w.state, s.email AS forlife
FROM email_watch AS w
INNER JOIN email_redirect_account AS r ON (w.email = r.redirect)
INNER JOIN email_source_account AS s ON (s.uid = r.uid AND s.type = \'forlife\')
ORDER BY w.state, w.email, s.email');
$table = array();
$props = array();
while (list($email, $date, $state, $forlife) = $it->next()) {
if (count($props) == 0 || $props['mail'] != $email) {
if (count($props) > 0) {
$table[] = $props;
}
$props = array('mail' => $email, 'detection' => $date, 'state' => $state, 'users' => array($forlife));
} else {
$props['users'][] = $forlife;
}
}
if (count($props) > 0) {
$table[] = $props;
}
$page->assign('table', $table);
} elseif ($action == 'edit') {
$it = XDB::iterRow('SELECT w.detection, w.state, w.last, w.description,
a.hruid AS edit, s.email AS forlife
FROM email_watch AS w
INNER JOIN email_redirect_account AS r ON (w.email = r.redirect)
INNER JOIN email_source_account AS s ON (s.uid = r.uid AND s.type = \'forlife\')
LEFT JOIN accounts AS a ON (w.uid = a.uid)
WHERE w.email = {?}
ORDER BY s.email', $email);
$props = array();
while (list($detection, $state, $last, $description, $edit, $forlife) = $it->next()) {
if (count($props) == 0) {
$props = array('mail' => $email, 'detection' => $detection, 'state' => $state, 'last' => $last, 'description' => $description, 'edit' => $edit, 'users' => array($forlife));
} else {
$props['users'][] = $forlife;
}
}
$page->assign('doublon', $props);
}
}
public function handler_notifs($page, $action = null, $arg = null)
{
$page->changeTpl('carnet/notifs.tpl');
if ($action) {
S::assert_xsrf_token();
switch ($action) {
case 'add_promo':
$this->addPromo($page, $arg);
break;
case 'del_promo':
$this->delPromo($page, $arg);
break;
case 'add_group':
$this->addGroup($page, $arg);
break;
case 'del_group':
$this->delGroup($page, $arg);
break;
case 'del_nonins':
$user = User::get($arg);
if ($user) {
$this->delNonRegistered($page, $user);
}
break;
case 'add_nonins':
$user = User::get($arg);
if ($user) {
$this->addNonRegistered($page, $user);
}
break;
}
}
if (Env::has('subs')) {
S::assert_xsrf_token();
$flags = new PlFlagSet();
foreach (Env::v('sub') as $key => $value) {
$flags->addFlag($key, $value);
}
XDB::execute('UPDATE watch
SET actions = {?}
WHERE uid = {?}', $flags, S::i('uid'));
S::user()->invalidWatchCache();
Platal::session()->updateNbNotifs();
}
if (Env::has('flags_contacts')) {
S::assert_xsrf_token();
XDB::execute('UPDATE watch
SET ' . XDB::changeFlag('flags', 'contacts', Env::b('contacts')) . '
WHERE uid = {?}', S::i('uid'));
S::user()->invalidWatchCache();
Platal::session()->updateNbNotifs();
}
if (Env::has('flags_mail')) {
S::assert_xsrf_token();
XDB::execute('UPDATE watch
SET ' . XDB::changeFlag('flags', 'mail', Env::b('mail')) . '
WHERE uid = {?}', S::i('uid'));
S::user()->invalidWatchCache();
Platal::session()->updateNbNotifs();
}
$user = S::user();
$nonins = new UserFilter(new UFC_WatchRegistration($user));
$promo = XDB::fetchColumn('SELECT promo
FROM watch_promo
WHERE uid = {?}
ORDER BY promo', S::i('uid'));
$page->assign('promo_count', count($promo));
$ranges = array();
$range_start = null;
$range_end = null;
foreach ($promo as $p) {
if (is_null($range_start)) {
$range_start = $range_end = $p;
} else {
if ($p != $range_end + 1) {
$ranges[] = array($range_start, $range_end);
$range_start = $range_end = $p;
} else {
$range_end = $p;
}
}
}
$ranges[] = array($range_start, $range_end);
$page->assign('promo_ranges', $ranges);
$page->assign('nonins', $nonins->getUsers());
$groups = XDB::fetchColumn('SELECT g.nom
FROM watch_group AS w
INNER JOIN groups AS g ON (g.id = w.groupid)
WHERE w.uid = {?}
ORDER BY g.nom', S::i('uid'));
$page->assign('groups', $groups);
$page->assign('groups_count', count($groups));
list($flags, $actions) = XDB::fetchOneRow('SELECT flags, actions
FROM watch
WHERE uid = {?}', S::i('uid'));
$flags = new PlFlagSet($flags);
$actions = new PlFlagSet($actions);
$page->assign('flags', $flags);
$page->assign('actions', $actions);
}
function handler_xnet_payment($page, $pid = null)
{
global $globals;
$perms = S::v('perms');
if (is_null($pid)) {
if (!(S::identified() && $perms->hasFlag('groupadmin'))) {
return PL_FORBIDDEN;
}
} else {
if (!(S::identified() && $perms->hasFlag('groupmember'))) {
$res = XDB::query("SELECT 1\n FROM group_events AS e\n INNER JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n WHERE e.paiement_id = {?} AND e.asso_id = {?}", S::i('uid'), $pid, $globals->asso('id'));
$public = XDB::query("SELECT 1\n FROM payments AS p\n INNER JOIN group_events AS g ON (g.paiement_id = p.id)\n WHERE g.asso_id = {?} AND p.id = {?} AND FIND_IN_SET('public', p.flags)", $globals->asso('id'), $pid);
if ($res->numRows() == 0 && $public->numRows() == 0) {
return PL_FORBIDDEN;
}
}
}
if (!is_null($pid)) {
return $this->handler_payment($page, $pid);
}
$page->changeTpl('payment/xnet.tpl');
$res = XDB::query("SELECT id, text, url\n FROM payments\n WHERE asso_id = {?} AND NOT FIND_IN_SET('old', flags)\n ORDER BY id DESC", $globals->asso('id'));
$tit = $res->fetchAllAssoc();
$page->assign('titles', $tit);
$trans = array();
$event = array();
if (may_update()) {
static $orders = array('ts_confirmed' => 'p', 'directory_name' => 'a', 'promo' => 'pd', 'comment' => 'p', 'amount' => 'p');
if (Get::has('order_id') && Get::has('order') && array_key_exists(Get::v('order'), $orders)) {
$order_id = Get::i('order_id');
$order = Get::v('order');
$ordering = ' ORDER BY ' . $orders[$order] . '.' . $order;
if (Get::has('order_inv') && Get::i('order_inv') == 1) {
$ordering .= ' DESC';
$page->assign('order_inv', 0);
} else {
$page->assign('order_inv', 1);
}
$page->assign('order_id', $order_id);
$page->assign('order', $order);
$page->assign('anchor', 'legend_' . $order_id);
} else {
$order_id = false;
$ordering = '';
$page->assign('order', false);
}
} else {
$ordering = '';
$page->assign('order', false);
}
foreach ($tit as $foo) {
$pid = $foo['id'];
if (may_update()) {
$res = XDB::query('SELECT p.uid, IF(p.ts_confirmed = \'0000-00-00\', 0, p.ts_confirmed) AS date, p.comment, p.amount
FROM payment_transactions AS p
INNER JOIN accounts AS a ON (a.uid = p.uid)
LEFT JOIN account_profiles AS ap ON (ap.uid = p.uid AND FIND_IN_SET(\'owner\', ap.perms))
LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid)
WHERE p.ref = {?}' . ($order_id == $pid ? $ordering : ''), $pid);
$trans[$pid] = User::getBulkUsersWithUIDs($res->fetchAllAssoc(), 'uid', 'user');
$sum = 0;
foreach ($trans[$pid] as $i => $t) {
$sum += $t['amount'];
$trans[$pid][$i]['amount'] = $t['amount'];
}
$trans[$pid][] = array('limit' => true, 'amount' => $sum);
}
$res = XDB::iterRow("SELECT e.eid, e.short_name, e.intitule, ep.nb, ei.montant, ep.paid\n FROM group_events AS e\n LEFT JOIN group_event_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})\n INNER JOIN group_event_items AS ei ON (ep.eid = ei.eid AND ep.item_id = ei.item_id)\n WHERE e.paiement_id = {?}", S::v('uid'), $pid);
$event[$pid] = array();
$event[$pid]['paid'] = 0;
if ($res->total()) {
$event[$pid]['topay'] = 0;
while (list($eid, $shortname, $title, $nb, $montant, $paid) = $res->next()) {
$event[$pid]['topay'] += $nb * $montant;
$event[$pid]['eid'] = $eid;
$event[$pid]['shortname'] = $shortname;
$event[$pid]['title'] = $title;
$event[$pid]['ins'] = !is_null($nb);
$event[$pid]['paid'] = $paid;
}
}
$res = XDB::query('SELECT SUM(amount) AS sum_amount
FROM payment_transactions
WHERE ref = {?} AND uid = {?}', $pid, S::v('uid'));
$event[$pid]['paid'] = $res->fetchOneCell();
}
$page->register_modifier('decode_comment', 'decode_comment');
$page->assign('trans', $trans);
$page->assign('event', $event);
}
function handler_ev($page, $action = 'list', $eid = null, $pound = null)
{
$page->changeTpl('events/index.tpl');
$user = S::user();
/** XXX: Tips and reminder only for user with 'email' permission.
* We can do better in the future by storing a userfilter
* with the tip/reminder.
*/
if ($user->checkPerms(User::PERM_MAIL)) {
$page->assign('tips', $this->get_tips());
}
// Adds a reminder onebox to the page.
require_once 'reminder.inc.php';
if ($reminder = Reminder::GetCandidateReminder($user)) {
$reminder->Prepare($page);
}
// Wishes "Happy birthday" when required
$profile = $user->profile();
if (!is_null($profile)) {
if ($profile->next_birthday == date('Y-m-d')) {
$birthyear = (int) date('Y', strtotime($profile->birthdate));
$curyear = (int) date('Y');
$page->assign('birthday', $curyear - $birthyear);
}
}
// Direct link to the RSS feed, when available.
if (S::hasAuthToken()) {
$page->setRssLink('Polytechnique.org :: News', '/rss/' . S::v('hruid') . '/' . S::user()->token . '/rss.xml');
}
// Hide the read event, and reload the page to get to the next event.
if ($action == 'read' && $eid) {
XDB::execute('DELETE ev.*
FROM announce_read AS ev
INNER JOIN announces AS e ON e.id = ev.evt_id
WHERE expiration < NOW()');
XDB::execute('INSERT IGNORE INTO announce_read (evt_id, uid)
VALUES ({?}, {?})', $eid, S::v('uid'));
pl_redirect('events#' . $pound);
}
// Unhide the requested event, and reload the page to display it.
if ($action == 'unread' && $eid) {
XDB::execute('DELETE FROM announce_read
WHERE evt_id = {?} AND uid = {?}', $eid, S::v('uid'));
pl_redirect('events#newsid' . $eid);
}
// Fetch the events to display, along with their metadata.
$array = array();
$it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, e.uid,\n p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,\n FIND_IN_SET('important', e.flags) AS important,\n e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,\n e.expiration < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,\n ev.uid IS NULL AS nonlu, e.promo_min, e.promo_max\n FROM announces AS e\n LEFT JOIN announce_photos AS p ON (e.id = p.eid)\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY important DESC, news DESC, end DESC, e.expiration, e.creation_date DESC", S::i('uid'));
$cats = array('important', 'news', 'end', 'body');
$this->load('feed.inc.php');
$user = S::user();
$body = EventFeed::nextEvent($it, $user);
foreach ($cats as $cat) {
$data = array();
if (!$body) {
continue;
}
do {
if ($cat == 'body' || $body[$cat]) {
$data[] = $body;
} else {
break;
}
$body = EventFeed::nextEvent($it, $user);
} while ($body);
if (!empty($data)) {
$array[$cat] = $data;
}
}
$page->assign_by_ref('events', $array);
}
function get_banana_params(array &$get, $group = null, $action = null, $artid = null)
{
if ($group == 'forums') {
$group = null;
} else {
if ($group == 'thread') {
$group = S::v('banana_group');
} else {
if ($group == 'message') {
$action = 'read';
$group = S::v('banana_group');
$artid = S::i('banana_artid');
} else {
if ($action == 'message') {
$action = 'read';
$artid = S::i('banana_artid');
} else {
if ($group == 'subscribe' || $group == 'subscription') {
$group = null;
$action = null;
$get['action'] = 'subscribe';
} else {
if ($group == 'profile') {
$group = null;
$action = null;
$get['action'] = 'profile';
}
}
}
}
}
}
if (!is_null($group)) {
$get['group'] = $group;
}
if (!is_null($action)) {
if ($action == 'new') {
$get['action'] = 'new';
} elseif (!is_null($artid)) {
$get['artid'] = $artid;
if ($action == 'reply') {
$get['action'] = 'new';
} elseif ($action == 'cancel') {
$get['action'] = $action;
} elseif ($action == 'from') {
$get['first'] = $artid;
unset($get['artid']);
} elseif ($action == 'read') {
$get['part'] = @$_GET['part'];
} elseif ($action == 'source') {
$get['part'] = 'source';
} elseif ($action == 'xface') {
$get['part'] = 'xface';
} elseif ($action) {
$get['part'] = str_replace('.', '/', $action);
}
if (Get::v('action') == 'showext') {
$get['action'] = 'showext';
}
}
}
}
function handler_group_see($page, $group = null)
{
global $platal;
$page->addCssLink('groups.css');
$group = Group::fromId($group);
if (!$group) {
$page->assign('title', "Ce groupe n'existe pas");
$page->changeTpl('groups/no_group.tpl');
return;
}
// Fetch the group
$group->select(GroupSelect::base());
$page->assign('group', $group);
// Check rights
if (S::i('auth') <= AUTH_PUBLIC && !$group->external()) {
$platal->force_login($page);
return;
}
$group->select(GroupSelect::see());
$page->assign('roomMaster', $group->isRoomMaster());
$promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO);
$page->assign('promos', $promos);
// Relation between the user & the group
$page->assign('user', S::user());
if ($group->ns() != 'user') {
$caste = $group->caste(Rights::member());
if (!is_null($caste)) {
$page->assign('member_allowed', $caste->userfilter());
}
}
$page->assign('title', $group->label());
$page->changeTpl('groups/group.tpl');
}
public function filteredFetch($skin, array &$infos = null)
{
global $globals, $platal;
$this->register_prefilter('trimwhitespace');
$this->register_prefilter('form_force_encodings');
$this->register_prefilter('wiki_include');
$this->register_prefilter('core_include');
$this->register_prefilter('if_rewrites');
$this->assign_by_ref('platal', $platal);
$this->assign_by_ref('globals', $globals);
$this->register_modifier('escape_html', 'escape_html');
$this->default_modifiers = array('@escape_html');
if (S::i('auth') <= AUTH_PUBLIC) {
$this->register_outputfilter('hide_emails');
}
if ($infos !== null) {
$START_SMARTY = microtime(true);
}
$result = $this->fetch($skin);
if ($infos !== null) {
$infos['time'] = microtime(true) - $START_SMARTY;
}
return $result;
}
function gpex_make($chlg, $privkey, $datafields, $charset)
{
$tohash = "1{$chlg}{$privkey}";
$params = "";
$fieldarr = explode(',', $datafields);
$user =& S::user();
if ($user->hasProfile()) {
/* Transition table for authentification. */
$personnal_data = $user->profile()->data();
$personnal_data['full_promo'] = $personnal_data['promo'];
$personnal_data['promo'] = $personnal_data['entry_year'];
$personnal_data['matricule'] = $personnal_data['xorg_id'];
$personnal_data['matricule_ax'] = $personnal_data['ax_id'];
$personnal_data['promo_sortie'] = $personnal_data['grad_year'];
$personnal_data['nationalite'] = $personnal_data['nationality1'];
$personnal_data['naissance'] = $personnal_data['birthdate'];
$personnal_data['deces'] = $personnal_data['deathdate'];
$personnal_data['nom'] = $personnal_data['lastname'];
$personnal_data['prenom'] = $personnal_data['firstname'];
$personnal_data['flags'] = $user->profile()->isFemale() ? 'femme' : '';
} else {
// Missing fields: promo, entry_year, grad_year, ax_id, xorg_id, forlife
$personnal_data = array('lastname' => $user->lastname, 'firstname' => $user->firstname, 'sex' => $user->gender);
}
foreach ($fieldarr as $val) {
// Determine the requested value, and add it to the answer.
if ($val == 'perms') {
$params .= gpex_prepare_param($val, S::admin() ? 'admin' : 'user', $tohash, $charset);
} else {
if ($val == 'forlife') {
$params .= gpex_prepare_param($val, S::v('hruid'), $tohash, $charset);
} else {
if (S::has($val)) {
$params .= gpex_prepare_param($val, S::v($val), $tohash, $charset);
} else {
if (isset($personnal_data[$val])) {
$params .= gpex_prepare_param($val, $personnal_data[$val], $tohash, $charset);
} else {
if ($val == 'username') {
$min_username = XDB::fetchOneCell('SELECT email
FROM email_source_account
WHERE uid = {?} AND FIND_IN_SET(\'bestalias\', flags)', S::i('uid'));
$params .= gpex_prepare_param($val, is_null($min_username) ? '' : $min_username, $tohash, $charset);
} else {
if ($val == 'grpauth') {
if (isset($_GET['group'])) {
$res = XDB::query("SELECT perms\n FROM group_members\n INNER JOIN groups ON(id = asso_id)\n WHERE uid = {?} AND diminutif = {?}", S::v('uid'), $_GET['group']);
$perms = $res->fetchOneCell();
} else {
// if no group asked, return main rights
$perms = S::admin() ? 'admin' : 'membre';
}
$params .= gpex_prepare_param($val, $perms, $tohash, $charset);
} else {
$params .= gpex_prepare_param($val, '', $tohash, $charset);
}
}
}
}
}
}
}
$tohash .= "1";
$auth = md5($tohash);
return array($auth, "&auth=" . $auth . $params);
}
function handler_edit_announce($page, $aid = null)
{
global $globals, $platal;
$page->changeTpl('xnetgrp/announce-edit.tpl');
$page->assign('new', is_null($aid));
$art = array();
if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') {
S::assert_xsrf_token();
if (!is_null($aid)) {
$art['id'] = $aid;
}
$art['titre'] = Post::v('titre');
$art['texte'] = Post::v('texte');
$art['contacts'] = Post::v('contacts');
$art['promo_min'] = Post::i('promo_min');
$art['promo_max'] = Post::i('promo_max');
$art['nom'] = S::v('nom');
$art['prenom'] = S::v('prenom');
$art['promo'] = S::v('promo');
$art['hruid'] = S::user()->login();
$art['uid'] = S::user()->id();
$art['expiration'] = Post::v('expiration');
$art['public'] = Post::has('public');
$art['xorg'] = Post::has('xorg');
$art['nl'] = Post::has('nl');
$art['event'] = Post::v('event');
$upload = new PlUpload(S::user()->login(), 'xnetannounce');
$this->upload_image($page, $upload);
$art['contact_html'] = $art['contacts'];
if ($art['event']) {
$art['contact_html'] .= "\n{$globals->baseurl}/{$platal->ns}events/sub/{$art['event']}";
}
if (!$art['public'] && ($art['promo_min'] > $art['promo_max'] && $art['promo_max'] != 0 || $art['promo_min'] != 0 && ($art['promo_min'] <= 1900 || $art['promo_min'] >= 2020) || $art['promo_max'] != 0 && ($art['promo_max'] <= 1900 || $art['promo_max'] >= 2020))) {
$page->trigError("L'intervalle de promotions est invalide.");
Post::kill('valid');
}
if (!trim($art['titre']) || !trim($art['texte'])) {
$page->trigError("L'article doit avoir un titre et un contenu.");
Post::kill('valid');
}
if (Post::v('valid') == 'Supprimer l\'image') {
$upload->rm();
Post::kill('valid');
}
$art['photo'] = $upload->exists() || Post::i('photo');
if (Post::v('valid') == 'Pas d\'image' && !is_null($aid)) {
XDB::query('DELETE FROM group_announces_photo
WHERE eid = {?}', $aid);
$upload->rm();
Post::kill('valid');
$art['photo'] = false;
}
}
if (Post::v('valid') == 'Enregistrer') {
$promo_min = $art['public'] ? 0 : $art['promo_min'];
$promo_max = $art['public'] ? 0 : $art['promo_max'];
$flags = new PlFlagSet();
if ($art['public']) {
$flags->addFlag('public');
}
if ($art['photo']) {
$flags->addFlag('photo');
}
if (is_null($aid)) {
$fulltext = $art['texte'];
if (!empty($art['contact_html'])) {
$fulltext .= "\n\n'''Contacts :'''\\\\\n" . $art['contact_html'];
}
$post = null;
if ($globals->asso('forum')) {
require_once 'banana/forum.inc.php';
$banana = new ForumsBanana(S::user());
$post = $banana->post($globals->asso('forum'), null, $art['titre'], MiniWiki::wikiToText($fulltext, false, 0, 80));
}
XDB::query('INSERT INTO group_announces (uid, asso_id, create_date, titre, texte, contacts,
expiration, promo_min, promo_max, flags, post_id)
VALUES ({?}, {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', S::i('uid'), $globals->asso('id'), $art['titre'], $art['texte'], $art['contact_html'], $art['expiration'], $promo_min, $promo_max, $flags, $post);
$aid = XDB::insertId();
if ($art['photo']) {
list($imgx, $imgy, $imgtype) = $upload->imageInfo();
XDB::execute('INSERT INTO group_announces_photo
SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', $aid, $imgtype, $imgx, $imgy, $upload->getContents());
}
if ($art['xorg']) {
$article = new EvtReq("[{$globals->asso('nom')}] " . $art['titre'], $fulltext, $art['promo_min'], $art['promo_max'], $art['expiration'], "", S::user(), $upload);
$article->submit();
$page->trigWarning("L'affichage sur la page d'accueil de Polytechnique.org est en attente de validation.");
} else {
if ($upload && $upload->exists()) {
$upload->rm();
}
}
if ($art['nl']) {
$article = new NLReq(S::user(), $globals->asso('nom') . " : " . $art['titre'], $art['texte'], $art['contact_html']);
$article->submit();
$page->trigWarning("La parution dans la Lettre Mensuelle est en attente de validation.");
}
} else {
XDB::query('UPDATE group_announces
SET titre = {?}, texte = {?}, contacts = {?}, expiration = {?},
promo_min = {?}, promo_max = {?}, flags = {?}
WHERE id = {?} AND asso_id = {?}', $art['titre'], $art['texte'], $art['contacts'], $art['expiration'], $promo_min, $promo_max, $flags, $art['id'], $globals->asso('id'));
if ($art['photo'] && $upload->exists()) {
list($imgx, $imgy, $imgtype) = $upload->imageInfo();
XDB::execute('INSERT INTO group_announces_photo (eid, attachmime, attach, x, y)
VALUES ({?}, {?}, {?}, {?}, {?})
ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $aid, $imgtype, $upload->getContents(), $imgx, $imgy);
$upload->rm();
}
}
}
if (Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Annuler') {
pl_redirect("");
}
if (empty($art) && !is_null($aid)) {
$res = XDB::query("SELECT *, FIND_IN_SET('public', flags) AS public,\n FIND_IN_SET('photo', flags) AS photo\n FROM group_announces\n WHERE asso_id = {?} AND id = {?}", $globals->asso('id'), $aid);
if ($res->numRows()) {
$art = $res->fetchOneAssoc();
$art['contact_html'] = $art['contacts'];
} else {
$page->kill("Aucun article correspond à l'identifiant indiqué.");
}
}
if (is_null($aid)) {
$events = XDB::iterator("SELECT *\n FROM group_events\n WHERE asso_id = {?} AND archive = 0", $globals->asso('id'));
if ($events->total()) {
$page->assign('events', $events);
}
}
$art['contact_html'] = @MiniWiki::WikiToHTML($art['contact_html']);
$page->assign('art', $art);
$page->assign_by_ref('upload', $upload);
}
function handler_ajax_hruid($page)
{
if (S::i('auth') < AUTH_COOKIE) {
$page->jsonAssign('error', "Utilisateur inconnu");
} else {
$page->jsonAssign('hruid', S::user()->login());
}
return PL_JSON;
}
/** Register a moderation decision.
* @param $mlist MailingList: the mailing list being moderated
* @param $mid int: the message being moderated
*/
protected function moderate_mail($mlist, $mid)
{
if (Env::has('mok')) {
$action = 'accept';
} elseif (Env::has('mno')) {
$action = 'refuse';
} elseif (Env::has('mdel')) {
$action = 'delete';
} else {
return false;
}
Get::kill('mid');
return XDB::execute("INSERT IGNORE INTO email_list_moderate\n VALUES ({?}, {?}, {?}, {?}, {?}, NOW(), {?}, NULL)", $mlist->mbox, $mlist->domain, $mid, S::i('uid'), $action, Post::v('reason'));
}
/** Start a session as user $user
*/
protected function startSessionAs($user, $level)
{
/* Session data and required data mismatch */
if (!is_null(S::v('user')) && S::v('user')->id() != $user->id() || S::has('uid') && S::i('uid') != $user->id()) {
return false;
} else {
if (S::has('uid')) {
return true;
}
}
/* If we want to do a SUID */
if ($level == AUTH_SUID) {
S::set('auth', AUTH_MDP);
}
S::set('user', $user);
S::set('uid', $user->id());
if (!isSmartphone()) {
S::set('skin', $user->skin());
}
if (!S::suid()) {
if (Post::v('remember', 'false') == 'on') {
$this->setAccessCookie(false);
}
S::logger()->saveLastSession();
} else {
S::logger()->log("suid_start", S::v('hruid') . ' by ' . S::suid('hruid'));
}
// Set session perms from User perms
S::set('perms', $user->perms());
/* Clean temp var 'cookie_uid' */
S::kill('cookie_uid');
return true;
}
function list_all_my_groups($params)
{
if (!S::logged()) {
return;
}
$res = XDB::iterRow('SELECT a.nom, a.diminutif
FROM groups AS a
INNER JOIN group_members AS m ON m.asso_id = a.id
WHERE m.uid = {?}', S::i('uid'));
$links = '<a href="exit">déconnexion</a>';
$html = '<div>Mes groupes (' . $links . ') :</div>';
while (list($nom, $mini) = $res->next()) {
$html .= "<span class='gp'>• <a href='login/{$mini}'>{$nom}</a></span>";
}
return $html;
}
function handler_acreate($page)
{
if (!$this->get_lists_domain()) {
return PL_NOT_FOUND;
}
$page->changeTpl('xnetlists/alias-create.tpl');
if (!Post::has('submit')) {
return;
} else {
S::assert_xsrf_token();
}
if (!Post::has('liste')) {
$page->trigError('Le champs « adresse souhaitée » est vide.');
return;
}
$list = Post::v('liste');
if (!preg_match("/^[a-zA-Z0-9\\-\\.]*\$/", $list)) {
$page->trigError('Le nom de l\'alias ne doit contenir que des lettres,' . ' chiffres, tirets et points.');
return;
}
require_once 'emails.inc.php';
$lists_domain = $this->get_lists_domain();
if (list_exist($list, $lists_domain)) {
$page->trigError('Cet alias est déjà pris.');
return;
}
add_to_list_alias(S::i('uid'), $list, $lists_domain);
pl_redirect('alias/admin/' . $list . '@' . $lists_domain);
}
public function setSkin()
{
if (S::logged() && (!S::has('skin') || S::suid())) {
$res = XDB::query('SELECT skin_tpl
FROM accounts AS a
INNER JOIN skins AS s on (a.skin = s.id)
WHERE a.uid = {?} AND skin_tpl != \'\'', S::i('uid'));
S::set('skin', $res->fetchOneCell());
}
}
function handler_events($page, $archive = null)
{
global $globals;
$page->changeTpl('xnetevents/index.tpl');
$this->load('xnetevents.inc.php');
$action = null;
$archive = $archive == 'archive' && may_update();
if (Post::has('del')) {
$action = 'del';
$eid = Post::v('del');
} elseif (Post::has('archive')) {
$action = 'archive';
$eid = Post::v('archive');
} elseif (Post::has('unarchive')) {
$action = 'unarchive';
$eid = Post::v('unarchive');
}
if (!is_null($action)) {
if (!may_update()) {
return PL_FORBIDDEN;
}
S::assert_xsrf_token();
$res = XDB::query("SELECT asso_id, short_name FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
$tmp = $res->fetchOneRow();
if (!$tmp) {
return PL_FORBIDDEN;
}
}
if ($action == 'del') {
// deletes the event mailing aliases
if ($tmp[1]) {
require_once 'emails.inc.php';
foreach (explode(',', $globals->xnet->event_lists) as $suffix) {
delete_list_alias($tmp[1] . $suffix, $globals->xnet->evts_domain, 'event');
}
}
// archive le paiement associé si il existe
$pay_id = XDB::fetchOneCell("SELECT paiement_id\n FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
if (!$pay_id == '') {
XDB::execute("UPDATE payments\n SET flags = 'old'\n WHERE id = {?}", $pay_id);
}
// deletes the event items
XDB::execute('DELETE FROM group_event_items
WHERE eid = {?}', $eid);
// deletes the event participants
XDB::execute('DELETE FROM group_event_participants
WHERE eid = {?}', $eid);
// deletes the event
XDB::execute('DELETE FROM group_events
WHERE eid = {?} AND asso_id = {?}', $eid, $globals->asso('id'));
// delete the requests for payments
XDB::execute("DELETE FROM requests\n WHERE type = 'paiements' AND data LIKE {?}", PayReq::same_event($eid, $globals->asso('id')));
$globals->updateNbValid();
}
if ($action == 'archive') {
$pay_id = XDB::fetchOneCell("SELECT paiement_id \n FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
if (!$pay_id == '') {
XDB::execute("UPDATE payments\n SET flags = 'old'\n WHERE id = {?}", $pay_id);
}
XDB::execute("UPDATE group_events\n SET archive = 1\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
}
if ($action == 'unarchive') {
$pay_id = XDB::fetchOneCell("SELECT paiement_id FROM group_events\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
if (!$pay_id == '') {
XDB::execute("UPDATE payments\n SET flags = ''\n WHERE id = {?}", $pay_id);
}
XDB::execute("UPDATE group_events\n SET archive = 0\n WHERE eid = {?} AND asso_id = {?}", $eid, $globals->asso('id'));
}
$page->assign('archive', $archive);
if (Post::has('order')) {
$order = Post::v('order');
XDB::execute("UPDATE groups\n SET event_order = {?}\n WHERE id = {?}", $order, $globals->asso('id'));
}
$order = get_event_order($globals->asso('id'));
$evts = get_events($globals->asso('id'), $order, $archive);
$page->assign('order', $order);
$undisplayed_events = 0;
foreach ($evts as $eid => &$e) {
if (!is_member() && !may_update() && !$e['accept_nonmembre']) {
$undisplayed_events++;
continue;
}
$e['show_participants'] = $e['show_participants'] && (is_member() || may_update());
$e['items'] = get_event_items($eid);
$e['topay'] = 0;
$e['paid'] = 0;
$sub = get_event_subscription($eid, S::i('uid'));
if (empty($sub)) {
$e['inscrit'] = false;
} else {
$e['inscrit'] = true;
foreach ($e['items'] as $item_id => $m) {
if (isset($sub[$item_id])) {
$e['topay'] += $sub[$item_id]['nb'] * $m['montant'];
$e['paid'] += $sub[$item_id]['paid'];
}
}
}
$e['sub'] = $sub;
$telepaid = get_event_telepaid($eid, S::i('uid'));
$e['paid'] += $telepaid;
$e['date'] = make_event_date($e['debut'], $e['fin']);
if ($e['deadline_inscription'] == null || strtotime($e['deadline_inscription']) >= time()) {
$e['inscr_open'] = true;
} else {
$e['inscr_open'] = false;
}
if (Env::has('updated') && $e['eid'] == Env::i('updated')) {
$page->assign('updated', $e);
}
}
$page->assign('evenements', $evts);
$page->assign('undisplayed_events', $undisplayed_events);
}
function get_event_detail($eid, $item_id = false, $asso_id = null)
{
global $globals;
if (is_null($asso_id)) {
$asso_id = $globals->asso('id');
}
if (!$item_id) {
$where = '';
$group_by = 'e.eid';
} else {
$where = XDB::format(' AND ei.item_id = {?}', $item_id);
$group_by = 'ei.item_id';
}
$evt = XDB::fetchOneAssoc('SELECT SUM(nb) AS nb_tot, COUNT(DISTINCT ep.uid) AS nb, e.*, SUM(IF(nb > 0, 1, 0)) AS user_count,
IF(e.deadline_inscription,
e.deadline_inscription >= LEFT(NOW(), 10),
1) AS inscr_open,
LEFT(e.debut, 10) AS first_day, LEFT(e.fin, 10) AS last_day,
LEFT(NOW(), 10) AS now,
ei.titre, e.subscription_notification
FROM group_events AS e
INNER JOIN group_event_items AS ei ON (e.eid = ei.eid)
LEFT JOIN group_event_participants AS ep ON(e.eid = ep.eid AND ei.item_id = ep.item_id)
WHERE (e.eid = {?} OR e.short_name = {?}) AND e.asso_id = {?}' . $where . '
GROUP BY ' . $group_by, $eid, $eid, $asso_id);
if (!$evt) {
return null;
}
if ($GLOBALS['IS_XNET_SITE'] && $evt['accept_nonmembre'] == 0 && !is_member() && !may_update()) {
return false;
}
if (!$item_id) {
/* Don't try to be to smart here, in case we're getting the global summary, we cannot have
* a general formula to estimate the total number of comers since 'moments' may (or may not be)
* disjuncted. As a consequence, we can only provides the number of user having fullfiled the
* registration procedure.
*/
$evt['user_count'] = $evt['nb_tot'] = $evt['nb'];
$evt['titre'] = '';
$evt['item_id'] = 0;
$evt['csv_name'] = urlencode($evt['intitule']);
} else {
$evt['csv_name'] = urlencode($evt['intitule'] . '.' . $evt['titre']);
}
$evt['moments'] = XDB::fetchAllAssoc('SELECT titre, details, montant, ei.item_id, nb,
ep.paid, FIND_IN_SET(\'notify_payment\', ep.flags) AS notify_payment
FROM group_event_items AS ei
LEFT JOIN group_event_participants AS ep ON (ep.eid = ei.eid AND ep.item_id = ei.item_id
AND uid = {?})
WHERE ei.eid = {?}', S::i('uid'), $evt['eid']);
$evt['topay'] = 0;
$evt['paid'] = 0;
$evt['notify_payment'] = false;
foreach ($evt['moments'] as $m) {
$evt['topay'] += $m['nb'] * $m['montant'];
if ($m['montant']) {
$evt['money'] = true;
}
$evt['paid'] += $m['paid'];
$evt['notify_payment'] = $evt['notify_payment'] || $m['notify_payment'];
}
$montant = XDB::fetchOneCell('SELECT SUM(amount) AS sum_amount
FROM payment_transactions AS t
WHERE status = "confirmed" AND ref = {?} AND uid = {?}', $evt['paiement_id'], S::v('uid'));
$evt['telepaid'] = $montant;
$evt['paid'] += $montant;
$evt['organizer'] = User::getSilent($evt['uid']);
$evt['date'] = make_event_date($evt['debut'], $evt['fin']);
$evt['show_participants'] = $evt['show_participants'] && $GLOBALS['IS_XNET_SITE'] && (is_member() || may_update());
return $evt;
}
/**
* Returns true if the user is allowed to see the content of the caste
* taking into account the level of AUTH
* @param $caste the rights of the caste must be already fetched
*/
public function canSee(Caste $caste)
{
// If we are inside the platal & the caste is of type everybody
if (S::i('auth') >= AUTH_INTERNAL && $caste->rights()->isMe(Rights::everybody())) {
return true;
}
// If we are here, it means we are outside or that the caste is restricted
// In either case, in order to see the content, the user must be part of the caste
if (S::user()->castes()->get($caste) != false) {
return true;
}
return false;
}
public function __construct(PlSet $set, array $params)
{
$this->entriesPerPage = 10;
$this->addSort(new PlViewOrder('rand', array(new PFO_Random(S::i('uid'))), 'aléatoirement'));
$this->addSort(new PlViewOrder('name', array(new UFO_Name()), 'nom'));
$this->addSort(new PlViewOrder('promo', array(new UFO_Promo(UserFilter::DISPLAY, true), new UFO_Name()), 'promotion'));
$this->addSort(new PlViewOrder('date_mod', array(new UFO_ProfileUpdate(true), new UFO_Promo(UserFilter::DISPLAY, true), new UFO_Name()), 'dernière modification'));
parent::__construct($set, $params);
}
function handler_xnet($page)
{
$page->changeTpl('profile/groupesx.tpl');
$page->setTitle('Promo, Groupes X, Binets');
$req = XDB::query('
SELECT m.asso_id, a.nom, diminutif, a.logo IS NOT NULL AS has_logo,
COUNT(e.eid) AS events, mail_domain AS lists
FROM group_members AS m
INNER JOIN groups AS a ON(m.asso_id = a.id)
LEFT JOIN group_events AS e ON(e.asso_id = m.asso_id AND e.archive = 0)
WHERE m.uid = {?} GROUP BY m.asso_id ORDER BY a.nom', S::i('uid'));
$page->assign('assos', $req->fetchAllAssoc());
}
