function smarty_block_canEdit($params, $content, &$smarty, &$repeat) { $group = $params['target']->group(); if (S::user()->hasRights($group, Rights::admin()) || S::user()->isWeb()) { return $content; } }
function smarty_function_grpvisibility($params, &$smarty) { $user = $params['user']; $group = $params['group']; $grpcoll = $user->groupVisibility($group); $visigroup = $grpcoll->count() == 1 ? $grpcoll->first() : null; // if $user is session user, see which visibility option is enabled $flagselect = ''; if (S::user()->isMe($user)) { $possib = $user->getAvailVisibilities($group); $flagoptions = array(); foreach ($possib as $gid => $title) { $flagoption = '<option value="' . $gid . '"'; if ($visigroup != null && $visigroup->id() == $gid) { $flagoption .= ' selected'; } $flagoption .= '>visible par ' . $title . '</option>'; $flagoptions[] = $flagoption; } $flagselect = '<select class="visiselect" name="visibility-' . $user->id() . '-' . $group->id() . '">' . implode($flagoptions) . '</select>'; } // Get color & title list($color, $title) = User::visibilitiesColInfo($grpcoll); return '<form class="visicontainer" id="visiflag-' . $user->id() . '-' . $group->id() . '">' . '<div class="visiflag ' . $color . ' click" title="' . $title . '"></div>' . $flagselect . '</form>'; }
public function __construct($question, $answer1, $answer2) { $this->question = $question; $this->answer1 = $answer1; $this->answer2 = $answer2; $this->writer = S::user(); }
public static function assign_json_to_map(PlPage $page, $pids = null) { if (!is_null($pids)) { $where = XDB::format(' AND pa.pid IN {?}', $pids); } else { $where = ''; } if (!S::logged() || !S::user()->checkPerms('directory_ax')) { $where .= " AND pa.pub = 'public'"; $name_publicity = 'public'; } else { if (!S::user()->checkPerms('directory_private')) { $where .= " AND pa.pub = 'ax'"; $name_publicity = 'public'; } else { $name_publicity = 'private'; } } $data = XDB::rawFetchAllAssoc('SELECT pa.latitude, pa.longitude, GROUP_CONCAT(DISTINCT p.hrpid SEPARATOR \',\') AS hrpid, GROUP_CONCAT(pd.promo SEPARATOR \',\') AS promo, GROUP_CONCAT(DISTINCT pd.' . $name_publicity . '_name, \' (\', pd.promo, \')\' SEPARATOR \', \') AS name, GROUP_CONCAT(DISTINCT pa.pid SEPARATOR \',\') AS pid FROM profile_addresses AS pa INNER JOIN profiles AS p ON (pa.pid = p.pid) INNER JOIN profile_display AS pd ON (pd.pid = pa.pid) WHERE pa.type = \'home\' AND p.deathdate IS NULL AND pa.latitude IS NOT NULL AND pa.longitude IS NOT NULL' . $where . ' GROUP BY pa.latitude, pa.longitude'); $page->jsonAssign('data', $data); }
public function __construct() { global $globals; parent::__construct(); // Set the default page $this->changeTpl('platal/index.tpl'); if (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false) { $this->addJsLink('json2.js'); } $this->addJsLink('jquery.xorg.js'); $this->addJsLink('overlib.js'); $this->addJsLink('core.js'); $this->addJsLink('xorg.js'); if ($globals->core->sentry_js_dsn) { $this->addJsLink('raven.min.js'); } $this->setTitle('le site des élèves et anciens élèves de l\'École polytechnique'); if (S::logged() && S::user()->checkPerms('admin')) { $types = array(S::user()->type); $perms = DirEnum::getOptions(DirEnum::ACCOUNTTYPES); ksort($perms); foreach ($perms as $type => $perm) { if (!empty($perm) && $type != $types[0]) { $types[] = $type; } } $this->assign('account_types_list', $types); $skins = DirEnum::getOptions(DirEnum::SKINS); asort($skins); $this->assign('skin_list', $skins); } }
public function run() { $res = XDB::query('SELECT todo_id, sent, checked, tobedone FROM todo WHERE uid = {?} ORDER BY sent DESC', S::user()->id()); $array_todo = $res->fetchAllAssoc(); $this->assign('list', $array_todo); }
public function run() { $binets = S::user()->castes()->groups()->filter('ns', Group::NS_BINET); $frees = S::user()->castes()->groups()->filter('ns', Group::NS_FREE); $binets->select(GroupSelect::premises()); $binets->select(GroupSelect::nb_news()); $this->assign('binets', $binets); $this->assign('frees', $frees); $this->assign('user', S::user()); }
public function __construct($mbox, $domain, $user = null) { $this->mbox = $mbox; $this->domain = $domain; $this->address = "{$mbox}@{$domain}"; if (is_null($user)) { $user = S::user(); } $this->mmclient = new MMList($user, $this->domain); }
function handler_ajax_todo_clear($page) { S::assert_xsrf_token(); XDB::execute('DELETE FROM todo WHERE uid = {?} AND checked = 1', S::user()->id()); if (XDB::affectedRows() != 1) { $page->jsonAssign('error', "Impossible de nettoyer la liste des tâches"); } return PL_JSON; }
public function save(ProfilePage $page, $field, $value) { $deletePrivate = S::user()->isMe($page->owner) || S::admin(); Phone::deletePhones($page->pid(), Phone::LINK_ADDRESS, null, $deletePrivate); Address::deleteAddresses($page->pid(), Address::LINK_PROFILE, null, null, $deletePrivate); AddressReq::purge_requests($page->pid(), 0, 0, Address::LINK_PROFILE); Address::saveFromArray($value, $page->pid(), Address::LINK_PROFILE, null, $deletePrivate); if (S::user()->isMe($page->owner) && count($value) > 1) { Platal::page()->trigWarning('Attention, tu as plusieurs adresses sur ton profil. Pense à supprimer celles qui sont obsolètes.'); } }
function handler_chat($page, $group = 'platal') { $page->assign('jabber_hruid', S::user()->login()); $page->assign('jabber_nick', S::user()->displayName()); $page->assign('jabber_cookie', $_SERVER['HTTP_COOKIE']); if ($group) { $page->assign('jabber_room', $group); } else { $page->assign('jabber_room', 'br'); } $page->changeTpl('chat/chat.tpl'); }
public static function defaultForEdit($max_level = null) { if (!S::logged()) { $vis = self::get(self::VIEW_NONE); } else { $vis = S::user()->editVisibility(); } if ($max_level != null) { return $vis->restrict($max_level); } else { return $vis; } }
protected function handle_editor() { if (isset($_FILES['userfile'])) { $upload =& PlUpload::get($_FILES['userfile'], S::user()->login(), 'photo'); if (!$upload) { $this->trigError('Une erreur est survenue lors du téléchargement du fichier.'); return false; } $this->read($upload); return $this->valid; } return false; }
public function run() { $date = new FrankizDateTime(); $date->setTime(0, 0); $date_n = new FrankizDateTime(); date_add($date_n, date_interval_create_from_date_string('1 day')); $date_n->setTime(0, 0); $activities = new ActivityInstanceFilter(new PFC_AND(new PFC_Or(new AIFC_User(S::user(), 'restricted'), new AIFC_User(S::user(), 'everybody')), new AIFC_Period($date, $date_n))); $c = $activities->get(); $c->select(ActivityInstanceSelect::all()); $c->order('hour_begin', false); $this->assign('day', new FrankizDateTime()); $this->assign('date', date("Y-m-d")); $this->assign('activities', $c); }
function smarty_function_origin_picker($params, &$smarty) { $gf = new GroupFilter(new PFC_And(new PFC_Not(new GFC_Namespace(Group::NS_USER)), new GFC_User(S::user(), Rights::admin())), new GFO_Score()); $gs = $gf->get(); if ($params['not_only_admin']) { $gfo = new GroupFilter(new PFC_And(new GFC_Namespace(array(Group::NS_BINET, Group::NS_FREE)), new GFC_User(S::user(), Rights::restricted())), new GFO_Score()); $gso = $gfo->get()->diff($gs); $temp = new Collection(); $temp->merge($gs)->merge($gso); $temp->select(GroupSelect::base()); $smarty->assign('not_admin', $gso); } else { $gs = $gf->get()->select(GroupSelect::base()); } $smarty->assign($params['out'], $gs); }
function handler_home($page) { $page->assign('MiniModules_COL_LEFT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_LEFT))); $page->assign('MiniModules_COL_MIDDLE', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_MIDDLE))); $page->assign('MiniModules_COL_RIGHT', FrankizMiniModule::get(S::user()->minimodules(FrankizMiniModule::COL_RIGHT))); $postit = Group::from('postit'); // /!\ : Everybody can read the post-it, you don't have to be member of the group $nf = new NewsFilter(new PFC_And(new NFC_Current(), new NFC_TargetGroup($postit)), new NFO_Begin(true)); $postit_news = $nf->get(true); if ($postit_news) { $postit_news->select(NewsSelect::news()); } $page->assign('postit_news', $postit_news); $page->assign('title', 'Accueil'); $page->changeTpl('frankiz/home.tpl'); }
function handler_ig_events($page) { require_once 'gadgets/gadgets.inc.php'; init_igoogle_html('gadgets/ig-events.tpl', AUTH_COOKIE); $events = XDB::iterator("SELECT SQL_CALC_FOUND_ROWS\n e.id, e.titre, UNIX_TIMESTAMP(e.creation_date) AS creation_date,\n ev.uid IS NULL AS nonlu, e.uid\n FROM announces AS e\n LEFT JOIN announce_read AS ev ON (e.id = ev.evt_id AND ev.uid = {?})\n WHERE FIND_IN_SET('valide', e.flags) AND expiration >= NOW()\n ORDER BY e.creation_date DESC", S::i('uid')); $page->assign('event_count', XDB::query("SELECT FOUND_ROWS()")->fetchOneCell()); Platal::load('events', 'feed.inc.php'); $user = S::user(); $data = array(); while ($e = PlFeed::nextEvent($events, $user)) { $data[] = $e; if (count($data) == 5) { break; } } $page->assign('events', $data); }
function handler_index($page, $action = '', $subaction = '') { global $globals; if (!$this->isDeltaTenEnabled(S::user(), Profile::DELTATEN_YOUNG)) { $page->killError("Ta promotion ne participe pas à l'opération N N-10."); } if ($this->isDeltaTenEnabled(S::user(), Profile::DELTATEN_OLD)) { $profile = S::user()->profile(); if ($profile->getDeltatenMessage()) { $page->trigSuccess("Tu participes bien à l'opération N N-10 en tant qu'ancien."); } else { $page->trigWarning("Tu ne participes pas encore à l'opération N N-10 en tant qu'ancien."); } } $page->setTitle("Opération N N-10"); $page->assign('deltaten_promo_old', S::user()->profile()->yearpromo() - 10); $wp = new PlWikiPage('Docs.Deltaten'); $wp->buildCache(); require_once 'ufbuilder.inc.php'; $ufb = new UFB_DeltaTenSearch(); $page->addJsLink('search.js'); if (!$ufb->isEmpty()) { require_once 'userset.inc.php'; $ufc = $ufb->getUFC(); if (!$ufc instanceof PFC_And) { $ufc = new PFC_And($ufc); } $ufc->addChild(new UFC_DeltaTen()); $ufc->addChild(new UFC_Promo('=', UserFilter::GRADE_ING, S::user()->profile()->yearpromo() - 10)); $set = new ProfileSet($ufc); $set->addMod('minifiche', 'Opération N N-10'); $set->apply('deltaten/search', $page, $action, $subaction); $nb_tot = $set->count(); if ($nb_tot > $globals->search->private_max) { $page->assign('formulaire', 1); $page->trigError('Recherche trop générale.'); $page->assign('plset_count', 0); } else { if ($nb_tot == 0) { $page->assign('formulaire', 1); $page->trigError("Il n'existe personne correspondant à ces critères dans la base."); } } } $page->changeTpl('deltaten/index.tpl'); }
public function run() { $promos = S::user()->castes()->groups()->filter('ns', Group::NS_PROMO); $promos->add(Group::from('on_platal')); $uf = new UserFilter(new PFC_And(new UFC_Birthday('=', new FrankizDateTime()), new UFC_Group($promos))); $us = $uf->get(); $us->select(UserSelect::birthday()); $formations = array(); $users = array(); foreach ($us as $u) { $study = $u->studies(); $first = array_shift($study); $formations[$first->formation()->abbrev()] = $first->formation(); $users[$first->formation()->abbrev()][$first->promo()][] = $u; } $this->assign('formations', $formations); $this->assign('users', $users); }
static function checkAuth() { S::$user = php_Session::get("PHP_AUTH_USER"); haxe_Log::trace(S::$user, _hx_anonymous(array("fileName" => "S.hx", "lineNumber" => 98, "className" => "S", "methodName" => "checkAuth"))); if (S::$user === null) { return false; } $pass = php_Session::get("PHP_AUTH_PW"); if ($pass === null) { return false; } $res = php_Lib::hashOfAssociativeArray(_hx_deref(new Model(null))->query("SELECT use_non_latin,webroot_writable,pass_hash_enabled,pass_key,pass_cost,hosted_settings FROM system_settings")); if (S_0($pass, $res) === "1") { S::hexit("ENCRYPTED PASSWORDS NOT IMPLEMENTED"); } $res = php_Lib::hashOfAssociativeArray(_hx_deref(new Model(null))->query("SELECT count(*) AS cnt FROM vicidial_users WHERE user=\"" . _hx_string_or_null(S::$user) . "\" and pass=\"" . _hx_string_or_null($pass) . "\" and user_level > 7 and active=\"Y\"")); return $res->exists("0") && S_1($pass, $res) === "1"; }
function handler_sso($page) { $this->load('sso.inc.php'); // First, perform security checks. if (!wats4u_sso_check()) { return PL_BAD_REQUEST; } global $globals; if (!S::logged()) { // Request auth. $page->assign('external_auth', true); $page->assign('ext_url', $globals->wats4u->public_url); $page->setTitle('Authentification'); $page->setDefaultSkin('group_login'); $page->assign('group', null); return PL_DO_AUTH; } if (!S::user()->checkPerms(PERMS_USER)) { // External (X.net) account return PL_FORBIDDEN; } // Update the last login information (unless the user is in SUID). $uid = S::i('uid'); if (!S::suid()) { global $platal; S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url'])); } // If we logged in specifically for this 'external_auth' request // and didn't want to "keep access to services", we kill the session // just before returning. // See classes/xorgsession.php:startSessionAs if (S::b('external_auth_exit')) { S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']); Platal::session()->killAccessCookie(); Platal::session()->destroy(); } // Compute return URL $full_return = wats4u_sso_build_return_url(S::user()); if ($full_return === "") { // Something went wrong $page->kill("Erreur dans le traitement de la requête Wats4U."); } http_redirect($full_return); }
function handler_reminder($page, $reminder_name = null, $action = null) { require_once 'reminder.inc.php'; $user = S::user(); // If no reminder name was passed, or if we don't know that reminder name, // just drop the request. if (!$reminder_name || !($reminder = Reminder::GetByName($user, $reminder_name))) { return PL_NOT_FOUND; } // Otherwise, the request is dispatched, and a new reminder, if any, is // displayed. $reminder->HandleAction($action); $previous_reminder = $reminder->title(); if ($new_reminder = Reminder::GetCandidateReminder($user)) { $new_reminder->DisplayStandalone($page, $previous_reminder); } else { $reminder->NotifiesAction($page); } }
public function HandleAction($action) { $user = S::user(); switch ($action) { case 'yes': XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id) SELECT {?}, id FROM groups WHERE diminutif = {?}', $user->id(), $user->profile()->yearPromo()); MailingList::subscribePromo($user->profile()->yearPromo()); $this->UpdateOnYes(); break; case 'dismiss': $this->UpdateOnDismiss(); break; case 'no': $this->UpdateOnNo(); break; } }
function handler_links_admin($page) { if (!S::user()->perms()->hasFlag('admin')) { return PL_FORBIDDEN; } $collec = Link::all(); $collec->select(LinkSelect::all()); $results = $collec->split('ns'); if (Env::has('modify')) { $id = Env::i('id'); $link = $collec->get($id); if ($link !== false) { if (Env::has('image')) { try { $group = Group::from('partnership'); $group->select(); $image = new FrankizImage(); $image->insert(); $image->label($link->label()); $image->caste($group->caste('everybody')); $image->image(FrankizUpload::v('image')); $link->image($image); } catch (Exception $e) { $page->assign('err', $e->getMessage()); } } $link->label(Env::t('label')); $link->link(Env::t('link')); $link->description(Env::t('description')); $link->comment(Env::t('comment')); } else { $err = 'Le lien modifié n\'existe plus.'; $page->assign('err', $err); } } $page->addCssLink('links.css'); $page->assign('links', $results); $page->assign('title', 'Administrer les liens'); $page->changeTpl('links/admin_links.tpl'); }
function handler_coml_submit($page) { $page->changeTpl('comletter/submit.tpl'); $nl = $this->getNl(); if (!$nl) { return PL_NOT_FOUND; } $wp = new PlWikiPage('Xorg.LettreCommunaute'); $wp->buildCache(); if (Post::has('see') || Post::has('valid') && (!trim(Post::v('title')) || !trim(Post::v('body')))) { if (!Post::has('see')) { $page->trigError("L'article doit avoir un titre et un contenu"); } $art = new ComLArticle(Post::v('title'), Post::v('body'), Post::v('append')); $page->assign('art', $art); } elseif (Post::has('valid')) { $art = new ComLReq(S::user(), Post::v('title'), Post::v('body'), Post::v('append')); $art->submit(); $page->assign('submited', true); } $page->addCssLink($nl->cssFile()); }
public function handler_admin_nl_enable($page) { global $globals; $nl = $this->getNl(); if ($nl) { return PL_FORBIDDEN; } if (Post::has('title')) { if (!S::has_xsrf_token()) { return PL_FORBIDDEN; } XDB::execute('INSERT INTO newsletters SET group_id = {?}, name = {?}', $globals->asso('id'), Post::s('title')); $mailer = new PlMailer(); $mailer->assign('group', $globals->asso('nom')); $mailer->assign('user', S::user()); $mailer->send(); $page->trigSuccessRedirect("La lettre d'informations du groupe " . $globals->asso('nom') . " a bien été créée", $globals->asso('shortname') . '/admin/nl'); } $page->setTitle('Activation de la newsletter'); $page->changeTpl('newsletter/enable.tpl'); }
protected function handle_editor() { $this->titre = Env::v('titre'); $this->texte = Env::v('texte'); $this->pmin = Env::i('promo_min'); $this->pmax = Env::i('promo_max'); $this->expiration = Env::v('expiration'); if (@$_FILES['image']['tmp_name']) { $upload = PlUpload::get($_FILES['image'], S::user()->login(), 'event'); if (!$upload) { $this->trigError("Impossible de télécharger le fichier"); } elseif (!$upload->isType('image')) { $page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG'); $upload->rm(); } elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) { $page->trigError('Impossible de retraiter l\'image'); } else { $this->readImage($upload); } } return true; }
function smarty_function_target_picker($params, &$smarty) { // Get user groups $everybody_groups = S::user()->castes(Rights::everybody())->groups(); // Get Frankiz special groups $fkz = new Collection('Group'); $fkz->add(array('everybody', 'public')); $fkz->select(new GroupSelect(array('description'))); // BDE, study and promo groups $study_groups = $everybody_groups->filter('ns', Group::NS_BDE); $study_groups->merge($everybody_groups->filter('ns', Group::NS_PROMO)); $study_groups->merge($everybody_groups->filter('ns', Group::NS_STUDY)); // Get all groups user is admin, without the user one $gs = S::user()->castes(Rights::admin())->groups(); $gs->diff($fkz); $gs->filter(function ($g) { return $g->ns() != Group::NS_USER; }); if ($params['even_only_friend']) { $gfo = new GroupFilter(new PFC_And(new GFC_Namespace(array(Group::NS_BINET, Group::NS_FREE)), new GFC_User(S::user(), Rights::everybody())), new GFO_Score()); $gso = $gfo->get()->diff($gs)->diff($fkz); $temp = new Collection(); $temp->merge($gs)->merge($gso); $temp->select(GroupSelect::base()); $smarty->assign('only_friend', $gso); $temp = new Collection(); $temp->merge($gs)->merge($fkz)->merge($gso); $temp->select(GroupSelect::base()); } else { $temp = new Collection(); $temp->merge($gs)->merge($fkz); $temp->select(GroupSelect::base()); } $smarty->assign($params['user_groups'], $gs); $smarty->assign($params['fkz_groups'], $fkz); $smarty->assign($params['study_groups'], $study_groups); $smarty->assign($params['own_group'], S::user()->group()); }
public function run() { // Total Users $f = new UserFilter(null); $users = $f->getTotalCount(); $this->assign('users', $users); // Total Groups $f = new GroupFilter(null); $groups = $f->getTotalCount(); $this->assign('groups', $groups); // Total Castes $f = new CasteFilter(null); $castes = $f->getTotalCount(); $this->assign('castes', $castes); // Total News $f = new NewsFilter(null); $news = $f->getTotalCount(); $this->assign('news', $news); // Total Images $f = new ImageFilter(null); $images = $f->getTotalCount(); $this->assign('images', $images); $this->assign('user', S::user()); }
protected function userJoins() { $joins = array(); if ($this->with_user) { $joins['cu'] = PlSqlJoin::left('castes_users', '$ME.cid = c.cid AND ($ME.visibility IN {?} OR $ME.uid = {?})', S::user()->visibleGids(), S::user()->id()); } return $joins; }