protected function handle_editor() { if (isset($_FILES['userfile'])) { $upload =& PlUpload::get($_FILES['userfile'], S::user()->login(), 'photo'); if (!$upload) { $this->trigError('Une erreur est survenue lors du téléchargement du fichier.'); return false; } $this->read($upload); return $this->valid; } return false; }
protected function handle_editor() { $this->titre = Env::v('titre'); $this->texte = Env::v('texte'); $this->pmin = Env::i('promo_min'); $this->pmax = Env::i('promo_max'); $this->expiration = Env::v('expiration'); if (@$_FILES['image']['tmp_name']) { $upload = PlUpload::get($_FILES['image'], S::user()->login(), 'event'); if (!$upload) { $this->trigError("Impossible de télécharger le fichier"); } elseif (!$upload->isType('image')) { $page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG'); $upload->rm(); } elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) { $page->trigError('Impossible de retraiter l\'image'); } else { $this->readImage($upload); } } return true; }
function handler_admin($page, $liste = null) { global $globals; if (is_null($liste)) { return PL_NOT_FOUND; } $mlist = $this->prepare_list($liste); $this->is_group_admin($page); if (!$this->is_group_admin($page)) { $this->verify_list_owner($page, $mlist); } $page->changeTpl('lists/admin.tpl'); if (Env::has('send_mark')) { S::assert_xsrf_token(); $actions = Env::v('mk_action'); $uids = Env::v('mk_uid'); $mails = Env::v('mk_email'); foreach ($actions as $key => $action) { switch ($action) { case 'none': break; case 'marketu': case 'markets': require_once 'emails.inc.php'; $user = User::get($uids[$key]); $mail = valide_email($mails[$key]); if (isvalid_email_redirection($mail, $user)) { $from = $action == 'marketu' ? 'user' : 'staff'; $market = Marketing::get($uids[$key], $mail); if (!$market) { $market = new Marketing($uids[$key], $mail, 'list', $mlist->address, $from, S::v('uid')); $market->add(); break; } } default: XDB::execute('INSERT IGNORE INTO register_subs (uid, type, sub, domain) VALUES ({?}, \'list\', {?}, {?})', $uids[$key], $mlist->mbox, $mlist->domain); } } } if (Env::has('add_member') || isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { S::assert_xsrf_token(); if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) { $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true); if (!$upload) { $page->trigError("Une erreur s'est produite lors du téléchargement du fichier."); } else { $logins = $upload->getContents(); } } else { $logins = Env::v('add_member'); } $logins = preg_split("/[; ,\r\n\\|]+/", $logins); $members = User::getBulkForlifeEmailsFromEmail($logins); $unfound = array_diff_key($logins, $members); // Make sure we send a list (array_values) of unique (array_unique) // emails. $members = array_values(array_unique($members)); $arr = $mlist->subscribeBulk($members); $successes = array(); if (is_array($arr)) { foreach ($arr as $addr) { $successes[] = $addr[1]; $page->trigSuccess("{$addr[0]} inscrit."); } } $already = array_diff($members, $successes); if (is_array($already)) { foreach ($already as $item) { $page->trigWarning($item . ' est déjà inscrit.'); } } if (is_array($unfound)) { foreach ($unfound as $item) { if (trim($item) != '') { $page->trigError($item . " ne correspond pas à un compte existant et n'est pas une adresse email."); } } } } if (Env::has('del_member')) { S::assert_xsrf_token(); if (strpos(Env::v('del_member'), '@') === false) { if ($del_member = User::getSilent(Env::t('del_member'))) { $mlist->unsubscribeBulk(array($del_member->forlifeEmail())); } } else { $mlist->unsubscribeBulk(array(Env::v('del_member'))); } pl_redirect('lists/admin/' . $liste); } if (Env::has('add_owner')) { S::assert_xsrf_token(); $owners = User::getBulkForlifeEmailsFromEmail(Env::v('add_owner')); if ($owners) { foreach ($owners as $forlife_email) { if ($mlist->addOwner($forlife_email)) { $page->trigSuccess($login . " ajouté aux modérateurs."); } } } } if (Env::has('del_owner')) { S::assert_xsrf_token(); if (strpos(Env::v('del_owner'), '@') === false) { if ($del_owner = User::getSilent(Env::t('del_owner'))) { $mlist->removeOwner($del_owner->forlifeEmail()); } else { // Shit happens, and a non-email could be set as the owner $mlist->removeOwner(Env::v('del_owner')); } } else { $mlist->removeOwner(Env::v('del_owner')); } pl_redirect('lists/admin/' . $liste); } if (list($det, $mem, $own) = $mlist->getMembers()) { global $list_unregistered; if ($list_unregistered) { $page->assign_by_ref('unregistered', $list_unregistered); } $membres = list_sort_members($mem, @$tri_promo); $moderos = list_sort_owners($own, @$tri_promo); $page->assign_by_ref('details', $det); $page->assign_by_ref('members', $membres); $page->assign_by_ref('owners', $moderos); $page->assign('np_m', count($mem)); } else { $page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.<br />" . " Si tu penses qu'il s'agit d'une erreur, " . "<a href='mailto:support@polytechnique.org'>contact le support</a>."); } }
function handler_send($page) { $page->changeTpl('emails/send.tpl'); $page->setTitle('Envoyer un email'); // action si on recoit un formulaire if (Post::has('save')) { if (!S::has_xsrf_token()) { return PL_FORBIDDEN; } unset($_POST['save']); if (trim(preg_replace('/-- .*/', '', Post::v('contenu'))) != "") { Post::set('to_contacts', explode(';', Post::s('to_contacts'))); Post::set('cc_contacts', explode(';', Post::s('cc_contacts'))); $data = serialize($_POST); XDB::execute('INSERT INTO email_send_save (uid, data) VALUES ({?}, {?}) ON DUPLICATE KEY UPDATE data = VALUES(data)', S::user()->id('uid'), $data); } exit; } else { if (Env::v('submit') == 'Envoyer') { S::assert_xsrf_token(); function getEmails($aliases) { if (!is_array($aliases)) { return null; } $uf = new UserFilter(new UFC_Hrpid($aliases)); $users = $uf->iterUsers(); $ret = array(); while ($user = $users->next()) { $ret[] = $user->forlife; } return join(', ', $ret); } $error = false; foreach ($_FILES as &$file) { if ($file['name'] && !PlUpload::get($file, S::user()->login(), 'emails.send', false)) { $page->trigError(PlUpload::$lastError); $error = true; break; } } if (!$error) { XDB::execute("DELETE FROM email_send_save\n WHERE uid = {?}", S::user()->id()); $to2 = getEmails(Env::v('to_contacts')); $cc2 = getEmails(Env::v('cc_contacts')); $txt = str_replace('^M', '', Env::v('contenu')); $to = str_replace(';', ',', Env::t('to')); $subj = Env::t('sujet'); $from = Env::t('from'); $cc = str_replace(';', ',', Env::t('cc')); $bcc = str_replace(';', ',', Env::t('bcc')); $email_regex = '/^[a-z0-9.\\-+_\\$]+@([\\-.+_]?[a-z0-9])+$/i'; foreach (explode(',', $to . ',' . $cc . ',' . $bcc) as $email) { $email = trim($email); if ($email != '' && !preg_match($email_regex, $email)) { $page->trigError("L'adresse email " . $email . ' est erronée.'); $error = true; } } if (empty($to) && empty($cc) && empty($to2) && empty($bcc) && empty($cc2)) { $page->trigError("Indique au moins un destinataire."); $error = true; } if ($error) { $page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send')); } else { $mymail = new PlMailer(); $mymail->setFrom($from); $mymail->setSubject($subj); if (!empty($to)) { $mymail->addTo($to); } if (!empty($cc)) { $mymail->addCc($cc); } if (!empty($bcc)) { $mymail->addBcc($bcc); } if (!empty($to2)) { $mymail->addTo($to2); } if (!empty($cc2)) { $mymail->addCc($cc2); } $files =& PlUpload::listFiles(S::user()->login(), 'emails.send'); foreach ($files as $name => &$upload) { $mymail->addUploadAttachment($upload, $name); } if (Env::v('wiki') == 'text') { $mymail->setTxtBody(wordwrap($txt, 78, "\n")); } else { $mymail->setWikiBody($txt); } if ($mymail->send()) { $page->trigSuccess("Ton email a bien été envoyé."); $_REQUEST = array('bcc' => S::user()->bestEmail()); PlUpload::clear(S::user()->login(), 'emails.send'); } else { $page->trigError("Erreur lors de l'envoi du courriel, réessaye."); $page->assign('uploaded_f', PlUpload::listFilenames(S::user()->login(), 'emails.send')); } } } } else { $res = XDB::query("SELECT data\n FROM email_send_save\n WHERE uid = {?}", S::i('uid')); if ($res->numRows() == 0) { PlUpload::clear(S::user()->login(), 'emails.send'); $_REQUEST['bcc'] = S::user()->bestEmail(); } else { $data = unserialize($res->fetchOneCell()); $_REQUEST = array_merge($_REQUEST, $data); } } } $uf = new UserFilter(new PFC_And(new UFC_Contact(S::user()), new UFC_Registered()), UserFilter::sortByName()); $contacts = $uf->getProfiles(); $page->assign('contacts', $contacts); $page->assign('maxsize', ini_get('upload_max_filesize') . 'o'); $page->assign('user', S::user()); $preferences = XDB::fetchOneAssoc('SELECT from_email, from_format FROM accounts WHERE uid = {?}', S::user()->id()); if ($preferences['from_email'] == '') { $preferences['from_email'] = '"' . S::user()->fullName() . '" <' . S::user()->bestEmail() . '>'; } $page->assign('preferences', $preferences); }
function handler_photo($page, $eid = null, $valid = null) { if ($eid && $eid != 'valid') { $res = XDB::query("SELECT * FROM announce_photos WHERE eid = {?}", $eid); if ($res->numRows()) { $photo = $res->fetchOneAssoc(); pl_cached_dynamic_content_headers("image/" . $photo['attachmime']); echo $photo['attach']; exit; } } elseif ($eid == 'valid') { $valid = Validate::get_request_by_id($valid); if ($valid && $valid->img) { pl_cached_dynamic_content_headers("image/" . $valid->imgtype); echo $valid->img; exit; } } else { $upload = new PlUpload(S::user()->login(), 'event'); if ($upload->exists() && $upload->isType('image')) { pl_cached_dynamic_content_headers($upload->contentType()); echo $upload->getContents(); exit; } } global $globals; pl_cached_dynamic_content_headers("image/png"); echo file_get_contents($globals->spoolroot . '/htdocs/images/logo.png'); exit; }
function handler_photo_announce($page, $eid = null) { if ($eid) { $res = XDB::query('SELECT * FROM group_announces_photo WHERE eid = {?}', $eid); if ($res->numRows()) { $photo = $res->fetchOneAssoc(); pl_cached_dynamic_content_headers("image/" . $photo['attachmime']); echo $photo['attach']; exit; } } else { $upload = new PlUpload(S::user()->login(), 'xnetannounce'); if ($upload->exists() && $upload->isType('image')) { pl_cached_dynamic_content_headers($upload->contentType()); echo $upload->getContents(); exit; } } global $globals; pl_cached_dynamic_content_headers("image/png"); echo file_get_contents($globals->spoolroot . '/htdocs/images/logo.png'); exit; }
function handler_photo_change($page, $hrpid = null) { global $globals; $profile = $this->findProfile($hrpid); if (!$profile instanceof Profile && ($profile == PL_NOT_FOUND || $profile == PL_FORBIDDEN)) { return $profile; } if (is_null($hrpid)) { pl_redirect('photo/change/' . $profile->hrid()); } $page->changeTpl('profile/trombino.tpl'); $page->assign('hrpid', $profile->hrid()); $trombi_x = '/home/web/trombino/photos' . $profile->promo() . '/' . $profile->hrid() . '.jpg'; if (Env::has('upload')) { S::assert_xsrf_token(); $upload = new PlUpload($profile->hrid(), 'photo'); if (!$upload->upload($_FILES['userfile']) && !$upload->download(Env::v('photo'))) { $page->trigError('Une erreur est survenue lors du téléchargement du fichier'); } else { $myphoto = new PhotoReq(S::user(), $profile, $upload); if ($myphoto->isValid()) { $myphoto->submit(); } } } elseif (Env::has('trombi')) { S::assert_xsrf_token(); $upload = new PlUpload($profile->hrid(), 'photo'); if ($upload->copyFrom($trombi_x)) { $myphoto = new PhotoReq(S::user(), $profile, $upload); if ($myphoto->isValid()) { $myphoto->commit(); $myphoto->clean(); } } } elseif (Env::v('suppr')) { S::assert_xsrf_token(); XDB::execute('DELETE FROM profile_photos WHERE pid = {?}', $profile->id()); XDB::execute("DELETE FROM requests\n WHERE pid = {?} AND type = 'photo'", $profile->id()); $globals->updateNbValid(); $page->trigSuccess("Ta photo a bien été supprimée. Elle ne sera plus visible sur le site dans au plus une heure."); } elseif (Env::v('cancel')) { S::assert_xsrf_token(); $sql = XDB::query("DELETE FROM requests\n WHERE pid = {?} AND type = 'photo'", $profile->id()); $globals->updateNbValid(); } $sql = XDB::query("SELECT COUNT(*)\n FROM requests\n WHERE pid = {?} AND type = 'photo'", $profile->id()); $page->assign('submited', $sql->fetchOneCell()); $page->assign('has_trombi_x', file_exists($trombi_x)); }