function smarty_block_canEdit($params, $content, &$smarty, &$repeat)
{
$group = $params['target']->group();
if (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb()) {
return $content;
}
}
function smarty_function_grpvisibility($params, &$smarty)
{
$user = $params['user'];
$group = $params['group'];
$grpcoll = $user->groupVisibility($group);
$visigroup = $grpcoll->count() == 1 ? $grpcoll->first() : null;
// if $user is session user, see which visibility option is enabled
$flagselect = '';
if (S::user()->isMe($user)) {
$possib = $user->getAvailVisibilities($group);
$flagoptions = array();
foreach ($possib as $gid => $title) {
$flagoption = '<option value="' . $gid . '"';
if ($visigroup != null && $visigroup->id() == $gid) {
$flagoption .= ' selected';
}
$flagoption .= '>visible par ' . $title . '</option>';
$flagoptions[] = $flagoption;
}
$flagselect = '<select class="visiselect" name="visibility-' . $user->id() . '-' . $group->id() . '">' . implode($flagoptions) . '</select>';
}
// Get color & title
list($color, $title) = User::visibilitiesColInfo($grpcoll);
return '<form class="visicontainer" id="visiflag-' . $user->id() . '-' . $group->id() . '">' . '<div class="visiflag ' . $color . ' click" title="' . $title . '"></div>' . $flagselect . '</form>';
}
public function __construct($question, $answer1, $answer2)
{
$this->question = $question;
$this->answer1 = $answer1;
$this->answer2 = $answer2;
$this->writer = S::user();
}
public static function assign_json_to_map(PlPage $page, $pids = null)
{
if (!is_null($pids)) {
$where = XDB::format(' AND pa.pid IN {?}', $pids);
} else {
$where = '';
}
if (!S::logged() || !S::user()->checkPerms('directory_ax')) {
$where .= " AND pa.pub = 'public'";
$name_publicity = 'public';
} else {
if (!S::user()->checkPerms('directory_private')) {
$where .= " AND pa.pub = 'ax'";
$name_publicity = 'public';
} else {
$name_publicity = 'private';
}
}
$data = XDB::rawFetchAllAssoc('SELECT pa.latitude, pa.longitude, GROUP_CONCAT(DISTINCT p.hrpid SEPARATOR \',\') AS hrpid,
GROUP_CONCAT(pd.promo SEPARATOR \',\') AS promo,
GROUP_CONCAT(DISTINCT pd.' . $name_publicity . '_name, \' (\', pd.promo, \')\' SEPARATOR \', \') AS name,
GROUP_CONCAT(DISTINCT pa.pid SEPARATOR \',\') AS pid
FROM profile_addresses AS pa
INNER JOIN profiles AS p ON (pa.pid = p.pid)
INNER JOIN profile_display AS pd ON (pd.pid = pa.pid)
WHERE pa.type = \'home\' AND p.deathdate IS NULL AND pa.latitude IS NOT NULL AND pa.longitude IS NOT NULL' . $where . '
GROUP BY pa.latitude, pa.longitude');
$page->jsonAssign('data', $data);
}
public function __construct()
{
global $globals;
parent::__construct();
// Set the default page
$this->changeTpl('platal/index.tpl');
if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) {
$this->addJsLink('json2.js');
}
$this->addJsLink('jquery.xorg.js');
$this->addJsLink('overlib.js');
$this->addJsLink('core.js');
$this->addJsLink('xorg.js');
if ($globals->core->sentry_js_dsn) {
$this->addJsLink('raven.min.js');
}
$this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique');
if (S::logged() && S::user()->checkPerms('admin')) {
$types = array(S::user()->type);
$perms = DirEnum::getOptions(DirEnum::ACCOUNTTYPES);
ksort($perms);
foreach ($perms as $type => $perm) {
if (!empty($perm) && $type != $types[0]) {
$types[] = $type;
}
}
$this->assign('account_types_list', $types);
$skins = DirEnum::getOptions(DirEnum::SKINS);
asort($skins);
$this->assign('skin_list', $skins);
}
}
public function run()
{
$res = XDB::query('SELECT todo_id, sent, checked, tobedone
FROM todo
WHERE uid = {?}
ORDER BY sent DESC', S::user()->id());
$array_todo = $res->fetchAllAssoc();
$this->assign('list', $array_todo);
}
public function run()
{
$binets = S::user()->castes()->groups()->filter('ns', Group::NS_BINET);
$frees = S::user()->castes()->groups()->filter('ns', Group::NS_FREE);
$binets->select(GroupSelect::premises());
$binets->select(GroupSelect::nb_news());
$this->assign('binets', $binets);
$this->assign('frees', $frees);
$this->assign('user', S::user());
}
public function __construct($mbox, $domain, $user = null)
{
$this->mbox = $mbox;
$this->domain = $domain;
$this->address = "{$mbox}@{$domain}";
if (is_null($user)) {
$user = S::user();
}
$this->mmclient = new MMList($user, $this->domain);
}
function handler_ajax_todo_clear($page)
{
S::assert_xsrf_token();
XDB::execute('DELETE FROM todo
WHERE uid = {?} AND checked = 1', S::user()->id());
if (XDB::affectedRows() != 1) {
$page->jsonAssign('error', "Impossible de nettoyer la liste des tâches");
}
return PL_JSON;
}
public function save(ProfilePage $page, $field, $value)
{
$deletePrivate = S::user()->isMe($page->owner) || S::admin();
Phone::deletePhones($page->pid(), Phone::LINK_ADDRESS, null, $deletePrivate);
Address::deleteAddresses($page->pid(), Address::LINK_PROFILE, null, null, $deletePrivate);
AddressReq::purge_requests($page->pid(), 0, 0, Address::LINK_PROFILE);
Address::saveFromArray($value, $page->pid(), Address::LINK_PROFILE, null, $deletePrivate);
if (S::user()->isMe($page->owner) && count($value) > 1) {
Platal::page()->trigWarning('Attention, tu as plusieurs adresses sur ton profil. Pense à supprimer celles qui sont obsolètes.');
}
}
function handler_chat($page, $group = 'platal')
{
$page->assign('jabber_hruid', S::user()->login());
$page->assign('jabber_nick', S::user()->displayName());
$page->assign('jabber_cookie', $_SERVER['HTTP_COOKIE']);
if ($group) {
$page->assign('jabber_room', $group);
} else {
$page->assign('jabber_room', 'br');
}
$page->changeTpl('chat/chat.tpl');
}
public static function defaultForEdit($max_level = null)
{
if (!S::logged()) {
$vis = self::get(self::VIEW_NONE);
} else {
$vis = S::user()->editVisibility();
}
if ($max_level != null) {
return $vis->restrict($max_level);
} else {
return $vis;
}
}
protected function handle_editor()
{
if (isset($_FILES['userfile'])) {
$upload =& PlUpload::get($_FILES['userfile'], S::user()->login(), 'photo');
if (!$upload) {
$this->trigError('Une erreur est survenue lors du téléchargement du fichier.');
return false;
}
$this->read($upload);
return $this->valid;
}
return false;
}
public function run()
{
$date = new FrankizDateTime();
$date->setTime(0, 0);
$date_n = new FrankizDateTime();
date_add($date_n, date_interval_create_from_date_string('1 day'));
$date_n->setTime(0, 0);
$activities = new ActivityInstanceFilter(new PFC_AND(new PFC_Or(new AIFC_User(S::user(), 'restricted'), new AIFC_User(S::user(), 'everybody')), new AIFC_Period($date, $date_n)));
$c = $activities->get();
$c->select(ActivityInstanceSelect::all());
$c->order('hour_begin', false);
$this->assign('day', new FrankizDateTime());
$this->assign('date', date("Y-m-d"));
$this->assign('activities', $c);
}
function smarty_function_origin_picker($params, &$smarty)
{
$gf = new GroupFilter(new PFC_And(new PFC_Not(new GFC_Namespace(Group::NS_USER)), new GFC_User(S::user(), Rights::admin())), new GFO_Score());
$gs = $gf->get();
if ($params['not_only_admin']) {
$gfo = new GroupFilter(new PFC_And(new GFC_Namespace(array(Group::NS_BINET, Group::NS_FREE)), new GFC_User(S::user(), Rights::restricted())), new GFO_Score());
$gso = $gfo->get()->diff($gs);
$temp = new Collection();
$temp->merge($gs)->merge($gso);
$temp->select(GroupSelect::base());
$smarty->assign('not_admin', $gso);
} else {
$gs = $gf->get()->select(GroupSelect::base());
}
$smarty->assign($params['out'], $gs);
}
function handler_home($page)
{
$page->assign('MiniModules_COL_LEFT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_LEFT)));
$page->assign('MiniModules_COL_MIDDLE', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_MIDDLE)));
$page->assign('MiniModules_COL_RIGHT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_RIGHT)));
$postit = Group::from('postit');
// /!\ : Everybody can read the post-it, you don't have to be member of the group
$nf = new NewsFilter(new PFC_And(new NFC_Current(), new NFC_TargetGroup($postit)), new NFO_Begin(true));
$postit_news = $nf->get(true);
if ($postit_news) {
$postit_news->select(NewsSelect::news());
}
$page->assign('postit_news', $postit_news);
$page->assign('title', 'Accueil');
$page->changeTpl('frankiz/home.tpl');
}
function handler_ig_events($page)
{
require_once 'gadgets/gadgets.inc.php';
init_igoogle_html('gadgets/ig-events.tpl', AUTH_COOKIE);
$events = XDB::iterator("SELECT SQL_CALC_FOUND_ROWS\n e.id, e.titre, UNIX_TIMESTAMP(e.creation_date) AS creation_date,\n ev.uid IS NULL AS nonlu, e.uid\n FROM announces AS e\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY e.creation_date DESC", S::i('uid'));
$page->assign('event_count', XDB::query("SELECT FOUND_ROWS()")->fetchOneCell());
Platal::load('events', 'feed.inc.php');
$user = S::user();
$data = array();
while ($e = PlFeed::nextEvent($events, $user)) {
$data[] = $e;
if (count($data) == 5) {
break;
}
}
$page->assign('events', $data);
}
function handler_index($page, $action = '', $subaction = '')
{
global $globals;
if (!$this->isDeltaTenEnabled(S::user(), Profile::DELTATEN_YOUNG)) {
$page->killError("Ta promotion ne participe pas à l'opération N N-10.");
}
if ($this->isDeltaTenEnabled(S::user(), Profile::DELTATEN_OLD)) {
$profile = S::user()->profile();
if ($profile->getDeltatenMessage()) {
$page->trigSuccess("Tu participes bien à l'opération N N-10 en tant qu'ancien.");
} else {
$page->trigWarning("Tu ne participes pas encore à l'opération N N-10 en tant qu'ancien.");
}
}
$page->setTitle("Opération N N-10");
$page->assign('deltaten_promo_old', S::user()->profile()->yearpromo() - 10);
$wp = new PlWikiPage('Docs.Deltaten');
$wp->buildCache();
require_once 'ufbuilder.inc.php';
$ufb = new UFB_DeltaTenSearch();
$page->addJsLink('search.js');
if (!$ufb->isEmpty()) {
require_once 'userset.inc.php';
$ufc = $ufb->getUFC();
if (!$ufc instanceof PFC_And) {
$ufc = new PFC_And($ufc);
}
$ufc->addChild(new UFC_DeltaTen());
$ufc->addChild(new UFC_Promo('=', UserFilter::GRADE_ING, S::user()->profile()->yearpromo() - 10));
$set = new ProfileSet($ufc);
$set->addMod('minifiche', 'Opération N N-10');
$set->apply('deltaten/search', $page, $action, $subaction);
$nb_tot = $set->count();
if ($nb_tot > $globals->search->private_max) {
$page->assign('formulaire', 1);
$page->trigError('Recherche trop générale.');
$page->assign('plset_count', 0);
} else {
if ($nb_tot == 0) {
$page->assign('formulaire', 1);
$page->trigError("Il n'existe personne correspondant à ces critères dans la base.");
}
}
}
$page->changeTpl('deltaten/index.tpl');
}
public function run()
{
$promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO);
$promos->add(Group::from('on_platal'));
$uf = new UserFilter(new PFC_And(new UFC_Birthday('=', new FrankizDateTime()), new UFC_Group($promos)));
$us = $uf->get();
$us->select(UserSelect::birthday());
$formations = array();
$users = array();
foreach ($us as $u) {
$study = $u->studies();
$first = array_shift($study);
$formations[$first->formation()->abbrev()] = $first->formation();
$users[$first->formation()->abbrev()][$first->promo()][] = $u;
}
$this->assign('formations', $formations);
$this->assign('users', $users);
}
static function checkAuth()
{
S::$user = php_Session::get("PHP_AUTH_USER");
haxe_Log::trace(S::$user, _hx_anonymous(array("fileName" => "S.hx", "lineNumber" => 98, "className" => "S", "methodName" => "checkAuth")));
if (S::$user === null) {
return false;
}
$pass = php_Session::get("PHP_AUTH_PW");
if ($pass === null) {
return false;
}
$res = php_Lib::hashOfAssociativeArray(_hx_deref(new Model(null))->query("SELECT use_non_latin,webroot_writable,pass_hash_enabled,pass_key,pass_cost,hosted_settings FROM system_settings"));
if (S_0($pass, $res) === "1") {
S::hexit("ENCRYPTED PASSWORDS NOT IMPLEMENTED");
}
$res = php_Lib::hashOfAssociativeArray(_hx_deref(new Model(null))->query("SELECT count(*) AS cnt FROM vicidial_users WHERE user=\"" . _hx_string_or_null(S::$user) . "\" and pass=\"" . _hx_string_or_null($pass) . "\" and user_level > 7 and active=\"Y\""));
return $res->exists("0") && S_1($pass, $res) === "1";
}
function handler_sso($page)
{
$this->load('sso.inc.php');
// First, perform security checks.
if (!wats4u_sso_check()) {
return PL_BAD_REQUEST;
}
global $globals;
if (!S::logged()) {
// Request auth.
$page->assign('external_auth', true);
$page->assign('ext_url', $globals->wats4u->public_url);
$page->setTitle('Authentification');
$page->setDefaultSkin('group_login');
$page->assign('group', null);
return PL_DO_AUTH;
}
if (!S::user()->checkPerms(PERMS_USER)) {
// External (X.net) account
return PL_FORBIDDEN;
}
// Update the last login information (unless the user is in SUID).
$uid = S::i('uid');
if (!S::suid()) {
global $platal;
S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url']));
}
// If we logged in specifically for this 'external_auth' request
// and didn't want to "keep access to services", we kill the session
// just before returning.
// See classes/xorgsession.php:startSessionAs
if (S::b('external_auth_exit')) {
S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->killAccessCookie();
Platal::session()->destroy();
}
// Compute return URL
$full_return = wats4u_sso_build_return_url(S::user());
if ($full_return === "") {
// Something went wrong
$page->kill("Erreur dans le traitement de la requête Wats4U.");
}
http_redirect($full_return);
}
function handler_reminder($page, $reminder_name = null, $action = null)
{
require_once 'reminder.inc.php';
$user = S::user();
// If no reminder name was passed, or if we don't know that reminder name,
// just drop the request.
if (!$reminder_name || !($reminder = Reminder::GetByName($user, $reminder_name))) {
return PL_NOT_FOUND;
}
// Otherwise, the request is dispatched, and a new reminder, if any, is
// displayed.
$reminder->HandleAction($action);
$previous_reminder = $reminder->title();
if ($new_reminder = Reminder::GetCandidateReminder($user)) {
$new_reminder->DisplayStandalone($page, $previous_reminder);
} else {
$reminder->NotifiesAction($page);
}
}
public function HandleAction($action)
{
$user = S::user();
switch ($action) {
case 'yes':
XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id)
SELECT {?}, id
FROM groups
WHERE diminutif = {?}', $user->id(), $user->profile()->yearPromo());
MailingList::subscribePromo($user->profile()->yearPromo());
$this->UpdateOnYes();
break;
case 'dismiss':
$this->UpdateOnDismiss();
break;
case 'no':
$this->UpdateOnNo();
break;
}
}
function handler_links_admin($page)
{
if (!S::user()->perms()->hasFlag('admin')) {
return PL_FORBIDDEN;
}
$collec = Link::all();
$collec->select(LinkSelect::all());
$results = $collec->split('ns');
if (Env::has('modify')) {
$id = Env::i('id');
$link = $collec->get($id);
if ($link !== false) {
if (Env::has('image')) {
try {
$group = Group::from('partnership');
$group->select();
$image = new FrankizImage();
$image->insert();
$image->label($link->label());
$image->caste($group->caste('everybody'));
$image->image(FrankizUpload::v('image'));
$link->image($image);
} catch (Exception $e) {
$page->assign('err', $e->getMessage());
}
}
$link->label(Env::t('label'));
$link->link(Env::t('link'));
$link->description(Env::t('description'));
$link->comment(Env::t('comment'));
} else {
$err = 'Le lien modifié n\'existe plus.';
$page->assign('err', $err);
}
}
$page->addCssLink('links.css');
$page->assign('links', $results);
$page->assign('title', 'Administrer les liens');
$page->changeTpl('links/admin_links.tpl');
}
function handler_coml_submit($page)
{
$page->changeTpl('comletter/submit.tpl');
$nl = $this->getNl();
if (!$nl) {
return PL_NOT_FOUND;
}
$wp = new PlWikiPage('Xorg.LettreCommunaute');
$wp->buildCache();
if (Post::has('see') || Post::has('valid') && (!trim(Post::v('title')) || !trim(Post::v('body')))) {
if (!Post::has('see')) {
$page->trigError("L'article doit avoir un titre et un contenu");
}
$art = new ComLArticle(Post::v('title'), Post::v('body'), Post::v('append'));
$page->assign('art', $art);
} elseif (Post::has('valid')) {
$art = new ComLReq(S::user(), Post::v('title'), Post::v('body'), Post::v('append'));
$art->submit();
$page->assign('submited', true);
}
$page->addCssLink($nl->cssFile());
}
public function handler_admin_nl_enable($page)
{
global $globals;
$nl = $this->getNl();
if ($nl) {
return PL_FORBIDDEN;
}
if (Post::has('title')) {
if (!S::has_xsrf_token()) {
return PL_FORBIDDEN;
}
XDB::execute('INSERT INTO newsletters
SET group_id = {?}, name = {?}', $globals->asso('id'), Post::s('title'));
$mailer = new PlMailer();
$mailer->assign('group', $globals->asso('nom'));
$mailer->assign('user', S::user());
$mailer->send();
$page->trigSuccessRedirect("La lettre d'informations du groupe " . $globals->asso('nom') . " a bien été créée", $globals->asso('shortname') . '/admin/nl');
}
$page->setTitle('Activation de la newsletter');
$page->changeTpl('newsletter/enable.tpl');
}
protected function handle_editor()
{
$this->titre = Env::v('titre');
$this->texte = Env::v('texte');
$this->pmin = Env::i('promo_min');
$this->pmax = Env::i('promo_max');
$this->expiration = Env::v('expiration');
if (@$_FILES['image']['tmp_name']) {
$upload = PlUpload::get($_FILES['image'], S::user()->login(), 'event');
if (!$upload) {
$this->trigError("Impossible de télécharger le fichier");
} elseif (!$upload->isType('image')) {
$page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG');
$upload->rm();
} elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) {
$page->trigError('Impossible de retraiter l\'image');
} else {
$this->readImage($upload);
}
}
return true;
}
function smarty_function_target_picker($params, &$smarty)
{
// Get user groups
$everybody_groups = S::user()->castes(Rights::everybody())->groups();
// Get Frankiz special groups
$fkz = new Collection('Group');
$fkz->add(array('everybody', 'public'));
$fkz->select(new GroupSelect(array('description')));
// BDE, study and promo groups
$study_groups = $everybody_groups->filter('ns', Group::NS_BDE);
$study_groups->merge($everybody_groups->filter('ns', Group::NS_PROMO));
$study_groups->merge($everybody_groups->filter('ns', Group::NS_STUDY));
// Get all groups user is admin, without the user one
$gs = S::user()->castes(Rights::admin())->groups();
$gs->diff($fkz);
$gs->filter(function ($g) {
return $g->ns() != Group::NS_USER;
});
if ($params['even_only_friend']) {
$gfo = new GroupFilter(new PFC_And(new GFC_Namespace(array(Group::NS_BINET, Group::NS_FREE)), new GFC_User(S::user(), Rights::everybody())), new GFO_Score());
$gso = $gfo->get()->diff($gs)->diff($fkz);
$temp = new Collection();
$temp->merge($gs)->merge($gso);
$temp->select(GroupSelect::base());
$smarty->assign('only_friend', $gso);
$temp = new Collection();
$temp->merge($gs)->merge($fkz)->merge($gso);
$temp->select(GroupSelect::base());
} else {
$temp = new Collection();
$temp->merge($gs)->merge($fkz);
$temp->select(GroupSelect::base());
}
$smarty->assign($params['user_groups'], $gs);
$smarty->assign($params['fkz_groups'], $fkz);
$smarty->assign($params['study_groups'], $study_groups);
$smarty->assign($params['own_group'], S::user()->group());
}
public function run()
{
// Total Users
$f = new UserFilter(null);
$users = $f->getTotalCount();
$this->assign('users', $users);
// Total Groups
$f = new GroupFilter(null);
$groups = $f->getTotalCount();
$this->assign('groups', $groups);
// Total Castes
$f = new CasteFilter(null);
$castes = $f->getTotalCount();
$this->assign('castes', $castes);
// Total News
$f = new NewsFilter(null);
$news = $f->getTotalCount();
$this->assign('news', $news);
// Total Images
$f = new ImageFilter(null);
$images = $f->getTotalCount();
$this->assign('images', $images);
$this->assign('user', S::user());
}
protected function userJoins()
{
$joins = array();
if ($this->with_user) {
$joins['cu'] = PlSqlJoin::left('castes_users', '$ME.cid = c.cid AND ($ME.visibility IN {?} OR $ME.uid = {?})', S::user()->visibleGids(), S::user()->id());
}
return $joins;
}
