function handler_issues_promo($page, $action = '')
{
$page->changeTpl('fusionax/promo_issues.tpl');
if ($action == 'edit') {
S::assert_xsrf_token();
$issues = XDB::rawIterRow('SELECT p.pid, pd.directory_name, pd.promo, pm.entry_year_ax, pe.entry_year, pe.grad_year
FROM profile_merge_issues AS pm
INNER JOIN profiles AS p ON (pm.pid = p.pid)
INNER JOIN profile_display AS pd ON (pd.pid = p.pid)
INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET(\'primary\', pe.flags))
WHERE FIND_IN_SET(\'promo\', pm.issues)
ORDER BY pd.directory_name');
while (list($pid, $name, $promo, $deathAX, $deathXorgEntry, $deathXorgGrad) = $issues->next()) {
$choiceXorg = Post::has('XORG_' . $pid);
if (!(Post::has('display_' . $pid) && Post::has('entry_' . $pid) && Post::has('grad_' . $pid))) {
continue;
}
$display = Post::i('display_' . $pid);
$entry = Post::i('entry_' . $pid);
$grad = Post::i('grad_' . $pid);
if (!($grad <= $entry + 5 && $grad >= $entry + 3 && ($display >= $entry && $display <= $grad - 3))) {
$page->trigError("La promotion de {$name} n'a pas été corrigée.");
continue;
}
XDB::execute('UPDATE profile_display
SET promo = {?}
WHERE pid = {?}', 'X' . $display, $pid);
XDB::execute('UPDATE profile_education
SET entry_year = {?}, grad_year = {?}
WHERE pid = {?} AND FIND_IN_SET(\'primary\', flags)', $entry, $grad, $pid);
$page->trigSuccess("La promotion de {$name} a bien été corrigée.");
}
}
$issues = XDB::rawFetchAllAssoc('SELECT p.pid, p.hrpid, pd.directory_name, pd.promo, pm.entry_year_ax, pe.entry_year, pe.grad_year
FROM profile_merge_issues AS pm
INNER JOIN profiles AS p ON (pm.pid = p.pid)
INNER JOIN profile_display AS pd ON (pd.pid = p.pid)
INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET(\'primary\', pe.flags))
WHERE FIND_IN_SET(\'promo\', pm.issues)
ORDER BY pd.directory_name');
$page->assign('issues', $issues);
$page->assign('total', count($issues));
}
function prepareform($pay, $user)
{
// Documentation:
// https://www.paypal.com/developer
// Warning: the automatic return only works if we force the
// users to create a paypal account. We do not use it; thus
// the user must come back on the site.
global $globals, $platal;
$this->urlform = 'https://' . $globals->money->paypal_site . '/cgi-bin/webscr';
$roboturl = str_replace("https://", "http://", $globals->baseurl) . '/' . $platal->ns . "payment/paypal_return/" . $user->id() . "?comment=" . urlencode(Env::v('comment')) . '&display=' . Post::i('display');
$this->infos = array('commercant' => array('business' => $globals->money->paypal_compte, 'rm' => 2, 'return' => $roboturl, 'cn' => 'Commentaires', 'no_shipping' => 1, 'cbt' => empty($GLOBALS['IS_XNET_SITE']) ? 'Revenir sur polytechnique.org.' : 'Revenir sur polytechnique.net.'));
$info_client = array('first_name' => $user->firstName(), 'last_name' => $user->lastName(), 'email' => $user->bestEmail());
if ($user->hasProfile()) {
$res = XDB::query("SELECT pa.text, GROUP_CONCAT(pace2.short_name) AS city,\n GROUP_CONCAT(pace3.short_name) AS zip, GROUP_CONCAT(pace1.short_name) AS country,\n IF(pp1.display_tel != '', pp1.display_tel, pp2.display_tel) AS night_phone_b\n FROM profile_addresses AS pa\n LEFT JOIN profile_phones AS pp1 ON (pp1.pid = pa.pid AND pp1.link_type = 'address' AND pp1.link_id = pa.id)\n LEFT JOIN profile_phones AS pp2 ON (pp2.pid = pa.pid AND pp2.link_type = 'user' AND pp2.link_id = 0)\n LEFT JOIN profile_addresses_components AS pc ON (pa.pid = pc.pid AND pa.jobid = pc.jobid AND pa.groupid = pc.groupid\n AND pa.type = pc.type AND pa.id = pc.id)\n LEFT JOIN profile_addresses_components_enum AS pace1 ON (FIND_IN_SET('country', pace1.types) AND pace1.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace2 ON (FIND_IN_SET('locality', pace2.types) AND pace2.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace3 ON (FIND_IN_SET('postal_code', pace3.types) AND pace3.id = pc.component_id)\n WHERE pa.pid = {?} AND FIND_IN_SET('current', pa.flags)\n GROUP BY pa.pid, pa.jobid, pa.groupid, pa.id, pa.type\n LIMIT 1", $user->profile()->id());
if (is_array($res)) {
$this->infos['client'] = array_map('replace_accent', array_merge($info_client, $res->fetchOneAssoc()));
list($this->infos['client']['address1'], $this->infos['client']['address2']) = explode("\n", Geocoder::getFirstLines($this->infos['client']['text'], $this->infos['client']['zip'], 2));
unset($this->infos['client']['text']);
} else {
$this->infos['client'] = array_map('replace_accent', $info_client);
}
} else {
$this->infos['client'] = array_map('replace_accent', $info_client);
}
// We build the transaction's reference
$prefix = rand_url_id();
$fullref = substr("{$prefix}-xorg-{$pay->id}", -15);
$this->infos['commande'] = array('item_name' => replace_accent($pay->text), 'amount' => $this->val_number, 'currency_code' => 'EUR', 'custom' => $fullref);
$this->infos['divers'] = array('cmd' => '_xclick');
}
public function handler_licenses_final($page, $no_reason = false)
{
$softwares = License::getSoftwares();
$keys = array();
if (Post::has('disagree') || !$no_reason && !Post::has('resend') && (!Post::has('reason') || Post::v('reason') == "") || !Post::has('software') || !in_array(Post::v('software'), array_keys($softwares))) {
$this->handler_licenses($page);
} else {
$page->changeTpl('licenses/licenses_final.tpl');
$page->assign('title', "Demande de licence pour {$softwares[Post::v('software')]}");
$page->assign('software', Post::s('software'));
$page->assign('software_name', $softwares[Post::s('software')]);
if (($key = License::adminKey(Post::s('software'))) && License::hasRights(S::user())) {
$key->give(S::user());
$page->assign('direct', true);
} elseif (Post::has('resend')) {
$l = License::fetch(array('id' => Post::i('id')));
if ($l[0]->uid() == S::user()->id()) {
License::send($l);
} else {
die("La license n'appartient pas à l'utilisateur courant");
}
$page->assign('direct', true);
} else {
$lv = new LicensesValidate(Post::s('software'), Post::s('reason'));
$v = new Validate(array('writer' => S::user(), 'group' => Group::from('licenses'), 'item' => $lv, 'type' => 'licenses'));
$v->insert();
$page->assign('direct', false);
}
}
}
function prepareform($pay, $user)
{
global $globals, $platal;
$log = S::v('log');
// Transaction's reference computation.
$prefix = rand_url_id();
$fullref = substr("{$prefix}-{$pay->id}", -12);
// FIXME : check for duplicates
$ts = time();
$trans_date = gmdate("YmdHis", $ts);
$trans_id = gmdate("His", $ts);
// FIXME : check for duplicates
// Form's content.
$this->urlform = "https://systempay.cyberpluspaiement.com/vads-payment/";
$this->infos['commercant'] = array('vads_site_id' => $globals->money->cyperplus_account, 'vads_return_mode' => 'NONE', 'vads_url_return' => $pay->url ? $pay->url : $globals->baseurl . '/' . $platal->ns);
$this->infos['client'] = array('vads_cust_email' => $user->bestEmail(), 'vads_cust_id' => $user->id(), 'vads_cust_name' => substr(self::replaceNonAlpha(replace_accent($user->shortName())), 0, 127));
$this->infos['commande'] = array('vads_amount' => $this->val, 'vads_currency' => '978', 'vads_payment_config' => 'SINGLE', 'vads_trans_date' => $trans_date, 'vads_trans_id' => $trans_id, 'vads_order_id' => $fullref, 'vads_order_info' => substr(self::replaceNonAlpha(replace_accent(Env::v('comment'))), 0, 255), 'vads_order_info2' => Post::i('display'));
$this->infos['divers'] = array('vads_version' => 'V2', 'vads_ctx_mode' => $globals->money->cyperplus_prod, 'vads_page_action' => 'PAYMENT', 'vads_action_mode' => 'INTERACTIVE');
// Entry key computation.
$all_params = array_merge($this->infos['commercant'], $this->infos['client'], $this->infos['commande'], $this->infos['divers']);
ksort($all_params);
$this->infos['divers']['signature'] = sha1(join('+', $all_params) . '+' . $globals->money->cyperplus_key);
}
function handler_admin_nl_edit($page, $nid = 'last', $aid = null, $action = 'edit')
{
$page->changeTpl('newsletter/edit.tpl');
$page->addCssLink('nl.Polytechnique.org.css');
$page->setTitle('Administration - Newsletter : Édition');
$nl = $this->getNl();
if (!$nl) {
return PL_NOT_FOUND;
}
try {
$issue = $nl->getIssue($nid, false);
} catch (MailNotFound $e) {
return PL_NOT_FOUND;
}
$ufb = $nl->getSubscribersUFB();
$ufb_keepenv = false;
// Will be set to True if there were invalid modification to the UFB.
// Convert NLIssue error messages to human-readable errors
$error_msgs = array(NLIssue::ERROR_INVALID_REPLY_TO => "L'adresse de réponse est invalide.", NLIssue::ERROR_INVALID_SHORTNAME => "Le nom court est invalide ou vide.", NLIssue::ERROR_INVALID_UFC => "Le filtre des destinataires est invalide.", NLIssue::ERROR_TOO_LONG_UFC => "Le nombre de matricules AX renseigné est trop élevé.", NLIssue::ERROR_SQL_SAVE => "Une erreur est survenue en tentant de sauvegarder la lettre, merci de réessayer.");
// Update the current issue
if ($aid == 'update' && Post::has('submit')) {
// Save common fields
$issue->title = Post::s('title');
$issue->title_mail = Post::s('title_mail');
$issue->head = Post::s('head');
$issue->signature = Post::s('signature');
$issue->reply_to = Post::s('reply_to');
if ($issue->isEditable()) {
// Date and shortname may only be modified for pending NLs, otherwise all links get broken.
$issue->date = Post::s('date');
$issue->shortname = strlen(Post::blank('shortname')) ? null : Post::s('shortname');
$issue->sufb->updateFromEnv($ufb->getEnv());
if ($nl->automaticMailingEnabled()) {
$issue->send_before = preg_replace('/^(\\d\\d\\d\\d)(\\d\\d)(\\d\\d)$/', '\\1-\\2-\\3', Post::v('send_before_date')) . ' ' . Post::i('send_before_time_Hour') . ':00:00';
}
}
$errors = $issue->save();
if (count($errors)) {
foreach ($errors as $error_code) {
$page->trigError($error_msgs[$error_code]);
}
}
}
// Delete an article
if ($action == 'delete') {
$issue->delArticle($aid);
pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}");
}
// Save an article
if (Post::v('save')) {
$art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $aid, Post::v('cid'), Post::v('pos'));
$issue->saveArticle($art);
pl_redirect($nl->adminPrefix(true, false) . "/edit/{$nid}");
}
// Edit an article
if ($action == 'edit' && $aid != 'update') {
$eaid = $aid;
if (Post::has('title')) {
$art = new NLArticle(Post::v('title'), Post::v('body'), Post::v('append'), $eaid, Post::v('cid'), Post::v('pos'));
} else {
$art = $eaid == 'new' ? new NLArticle() : $issue->getArt($eaid);
}
if ($art && !$art->check()) {
$page->trigError("Cet article est trop long.");
}
$page->assign('art', $art);
}
// Check blacklisted IPs
if ($aid == 'blacklist_check') {
global $globals;
$ips_to_check = array();
$blacklist_host_resolution_count = 0;
foreach ($issue->arts as $key => $articles) {
foreach ($articles as $article) {
$article_ips = $article->getLinkIps($blacklist_host_resolution_count);
if (!empty($article_ips)) {
$ips_to_check[$article->title()] = $article_ips;
}
}
}
$page->assign('ips_to_check', $ips_to_check);
if ($blacklist_host_resolution_count >= $globals->mail->blacklist_host_resolution_limit) {
$page->trigError("Toutes les url et adresses emails de la lettre" . " n'ont pas été prises en compte car la" . " limite du nombre de résolutions DNS" . " autorisée a été atteinte.");
}
}
if ($issue->state == NLIssue::STATE_SENT) {
$page->trigWarning("Cette lettre a déjà été envoyée ; il est recommandé de limiter les modifications au maximum (orthographe, adresses web et mail).");
}
$ufb->setEnv($issue->sufb->getEnv());
$page->assign_by_ref('nl', $nl);
$page->assign_by_ref('issue', $issue);
}
function handler_create($page)
{
global $globals;
$page->changeTpl('lists/create.tpl');
$user_promo = S::user()->profile()->yearPromo();
$year = date('Y');
$month = date('m');
// scolar year starts in september
$scolarmonth = ($year - $user_promo) * 12 + ($month - 8);
$young_promo = $very_young_promo = 0;
// binet are accessible only in april in the first year and until
// march of the 5th year
if ($scolarmonth >= 8 && $scolarmonth < 56) {
$young_promo = 1;
}
// PSC aliases are accesible only between september and june of the second
// year of scolarity
if ($scolarmonth >= 12 && $scolarmonth < 22) {
$very_young_promo = 1;
}
$page->assign('young_promo', $young_promo);
$page->assign('very_young_promo', $very_young_promo);
$owners = preg_split("/[\\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY);
$members = preg_split("/[\\s]+/", Post::v('members'), -1, PREG_SPLIT_NO_EMPTY);
// click on validate button 'add_owner_sub' or type <enter>
if (Post::has('add_owner_sub') && Post::has('add_owner')) {
// if we want to add an owner and then type <enter>, then both
// add_owner_sub and add_owner are filled.
$oforlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_owner'));
$mforlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_member'));
if (!is_null($oforlifes)) {
$owners = array_merge($owners, $oforlifes);
}
// if we want to add a member and then type <enter>, then
// add_owner_sub is filled, whereas add_owner is empty.
if (!is_null($mforlifes)) {
$members = array_merge($members, $mforlifes);
}
}
// click on validate button 'add_member_sub'
if (Post::has('add_member_sub') && Post::has('add_member')) {
$forlifes = User::getBulkForlifeEmailsFromEmail(Post::v('add_member'));
if (!is_null($forlifes)) {
$members = array_merge($members, $forlifes);
}
}
if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
$upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
if (!$upload) {
$page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
} else {
$forlifes = User::getBulkForlifeEmailsFromEmail($upload->getContents());
if (!is_null($forlifes)) {
$members = array_merge($members, $forlifes);
}
}
}
ksort($owners);
$owners = array_unique($owners);
ksort($members);
$members = array_unique($members);
$page->assign('owners', join("\n", $owners));
$page->assign('members', join("\n", $members));
if (!Post::has('submit')) {
return;
} else {
S::assert_xsrf_token();
}
$asso = Post::t('asso');
$list = strtolower(Post::t('liste'));
if (empty($list)) {
$page->trigError('Le champ « adresse souhaitée » est vide.');
}
if (!preg_match("/^[a-zA-Z0-9\\-]*\$/", $list)) {
$page->trigError('Le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets.');
}
if ($asso == 'binet' || $asso == 'alias') {
$promo = Post::i('promo');
$domain = $promo . '.' . $globals->mail->domain;
if ($promo < 1921 || $promo > date('Y')) {
$page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.');
}
} elseif ($asso == 'groupex') {
$domain = XDB::fetchOneCell('SELECT mail_domain
FROM groups
WHERE nom = {?}', Post::t('groupex_name'));
if (!$domain) {
$page->trigError('Il n\'y a aucun groupe de ce nom sur Polytechnique.net.');
}
} else {
$domain = $globals->mail->domain;
}
require_once 'emails.inc.php';
if (list_exist($list, $domain)) {
$page->trigError("L'« adresse souhaitée » est déjà prise.");
}
if (!Post::t('desc')) {
$page->trigError('Le sujet est vide.');
}
if (!count($owners)) {
$page->trigError('Il n\'y a pas de gestionnaire.');
}
if (count($members) < 4) {
$page->trigError('Il n\'y a pas assez de membres.');
}
if (!$page->nb_errs()) {
$page->trigSuccess('Demande de création envoyée !');
$page->assign('created', true);
$req = new ListeReq(S::user(), $asso, $list, $domain, Post::t('desc'), Post::i('advertise'), Post::i('modlevel'), Post::i('inslevel'), $owners, $members);
$req->submit();
}
}
function handler_adminDelete($page, $id = -1)
{
$id = Post::i('survey_id', $id);
if (Post::has('survey_cancel')) {
// if the admin cancels the suppression, returns to the admin index
return $this->handler_admin($page, $id);
}
if ($id == -1) {
return $this->show_error($page, "Un identifiant de sondage doit être précisé.", 'survey/admin');
}
$id = intval($id);
$this->load('survey.inc.php');
$surveyInfo = Survey::retrieveSurveyInfo($id);
// retrieves information about the survey (does not retrieve and unserialize the object structure)
if ($surveyInfo == null) {
return $this->show_error($page, "Sondage " . $id . " introuvable.", 'survey/admin');
}
if (Post::has('survey_submit')) {
// needs a confirmation before suppression
if (Survey::deleteSurvey($id)) {
// deletes survey in database
$this->show_success($page, "Le sondage \"" . $surveyInfo['title'] . "\" a bien été supprimé, ainsi que tous les votes le concernant.", 'survey/admin');
} else {
$this->show_error($page, '', 'survey/admin');
}
} else {
// asks for a confirmation
$this->show_confirm($page, "Êtes-vous certain de vouloir supprimer le sondage \"" . $surveyInfo['title'] . "\" ?", 'admin/del', array('id' => $id));
}
}
function handler_add_secondary_edu($page)
{
$page->changeTpl('admin/add_secondary_edu.tpl');
if (!(Post::has('verify') || Post::has('add'))) {
return;
} elseif (!Post::has('people')) {
$page->trigWarning("Aucune information n'a été fournie.");
return;
}
require_once 'name.func.inc.php';
$lines = explode("\n", Post::t('people'));
$separator = Post::t('separator');
$degree = Post::v('degree');
$promotion = Post::i('promotion');
$schoolsList = array_flip(DirEnum::getOptions(DirEnum::EDUSCHOOLS));
$degreesList = array_flip(DirEnum::getOptions(DirEnum::EDUDEGREES));
$edu_id = $schoolsList[Profile::EDU_X];
$degree_id = $degreesList[$degree];
$res = array('incomplete' => array(), 'empty' => array(), 'multiple' => array(), 'already' => array(), 'new' => array());
$old_pids = array();
$new_pids = array();
foreach ($lines as $line) {
$line = trim($line);
$line_array = explode($separator, $line);
array_walk($line_array, 'trim');
if (count($line_array) != 3) {
$page->trigError("La ligne « {$line} » est incomplète.");
$res['incomplete'][] = $line;
continue;
}
$cond = new PFC_And(new UFC_NameTokens(split_name_for_search($line_array[0]), array(), false, false, Profile::LASTNAME));
$cond->addChild(new UFC_NameTokens(split_name_for_search($line_array[1]), array(), false, false, Profile::FIRSTNAME));
$cond->addChild(new UFC_Promo('=', UserFilter::DISPLAY, $line_array[2]));
$uf = new UserFilter($cond);
$pid = $uf->getPIDs();
$count = count($pid);
if ($count == 0) {
$page->trigError("La ligne « {$line} » ne correspond à aucun profil existant.");
$res['empty'][] = $line;
continue;
} elseif ($count > 1) {
$page->trigError("La ligne « {$line} » correspond à plusieurs profils existant.");
$res['multiple'][] = $line;
continue;
} else {
$count = XDB::fetchOneCell('SELECT COUNT(*) AS count
FROM profile_education
WHERE pid = {?} AND eduid = {?} AND degreeid = {?}', $pid, $edu_id, $degree_id);
if ($count == 1) {
$res['already'][] = $line;
$old_pids[] = $pid[0];
} else {
$res['new'][] = $line;
$new_pids[] = $pid[0];
}
}
}
$display = array();
foreach ($res as $type => $res_type) {
if (count($res_type) > 0) {
$display = array_merge($display, array('--------------------' . $type . ':'), $res_type);
}
}
$page->assign('people', implode("\n", $display));
$page->assign('promotion', $promotion);
$page->assign('degree', $degree);
if (Post::has('add')) {
$entry_year = $promotion - Profile::educationDuration($degree);
if (Post::b('force_addition')) {
$pids = array_unique(array_merge($old_pids, $new_pids));
} else {
$pids = array_unique($new_pids);
// Updates years.
if (count($old_pids)) {
XDB::execute('UPDATE profile_education
SET entry_year = {?}, grad_year = {?}, promo_year = {?}
WHERE pid IN {?} AND eduid = {?} AND degreeid = {?}', $entry_year, $promotion, $promotion, $old_pids, $edu_id, $degree_id);
}
}
// Precomputes values common to all users.
$select = XDB::format('MAX(id) + 1, pid, {?}, {?}, {?}, {?}, {?}, \'secondary\'', $edu_id, $degree_id, $entry_year, $promotion, $promotion);
XDB::startTransaction();
foreach ($pids as $pid) {
XDB::execute('INSERT INTO profile_education (id, pid, eduid, degreeid, entry_year, grad_year, promo_year, flags)
SELECT ' . $select . '
FROM profile_education
WHERE pid = {?}
GROUP BY pid', $pid);
}
XDB::commit();
}
}
function handler_admin_events($page, $action = 'list', $eid = null)
{
$page->changeTpl('events/admin.tpl');
$page->setTitle('Administration - Evenements');
$page->register_modifier('hde', 'html_entity_decode');
$arch = $action == 'archives';
$page->assign('action', $action);
$upload = new PlUpload(S::user()->login(), 'event');
if ((Env::has('preview') || Post::v('action') == "Proposer") && $eid) {
$action = 'edit';
$this->upload_image($page, $upload);
}
if (Post::v('action') == 'Pas d\'image' && $eid) {
S::assert_xsrf_token();
$upload->rm();
XDB::execute("DELETE FROM announce_photos WHERE eid = {?}", $eid);
$action = 'edit';
} elseif (Post::v('action') == 'Supprimer l\'image' && $eid) {
S::assert_xsrf_token();
$upload->rm();
$action = 'edit';
} elseif (Post::v('action') == "Proposer" && $eid) {
S::assert_xsrf_token();
$promo_min = Post::i('promo_min');
$promo_max = Post::i('promo_max');
if ($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020) || $promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020 || $promo_max < $promo_min)) {
$page->trigError("L'intervalle de promotions {$promo_min} -> {$promo_max} n'est pas valide");
$action = 'edit';
} else {
$res = XDB::query('SELECT flags FROM announces WHERE id = {?}', $eid);
$flags = new PlFlagSet($res->fetchOneCell());
$flags->addFlag('wiki');
if (Post::v('important')) {
$flags->addFlag('important');
} else {
$flags->rmFlag('important');
}
XDB::execute('UPDATE announces
SET creation_date = creation_date,
titre={?}, texte={?}, expiration={?}, promo_min={?}, promo_max={?},
flags = {?}
WHERE id = {?}', Post::v('titre'), Post::v('texte'), Post::v('expiration'), Post::v('promo_min'), Post::v('promo_max'), $flags, $eid);
if ($upload->exists() && (list($x, $y, $type) = $upload->imageInfo())) {
XDB::execute('INSERT INTO announce_photos (eid, attachmime, attach, x, y)
VALUES ({?}, {?}, {?}, {?}, {?})
ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $eid, $type, $upload->getContents(), $x, $y);
$upload->rm();
}
}
}
if ($action == 'edit') {
$res = XDB::query('SELECT titre, texte, expiration, promo_min, promo_max, FIND_IN_SET(\'important\', flags),
attach IS NOT NULL
FROM announces AS e
LEFT JOIN announce_photos AS p ON(e.id = p.eid)
WHERE id={?}', $eid);
list($titre, $texte, $expiration, $promo_min, $promo_max, $important, $img) = $res->fetchOneRow();
$page->assign('titre', $titre);
$page->assign('texte', $texte);
$page->assign('promo_min', $promo_min);
$page->assign('promo_max', $promo_max);
$page->assign('expiration', $expiration);
$page->assign('important', $important);
$page->assign('eid', $eid);
$page->assign('img', $img);
$page->assign_by_ref('upload', $upload);
$select = "";
for ($i = 1; $i < 30; $i++) {
$p_stamp = date("Ymd", time() + 3600 * 24 * $i);
$year = substr($p_stamp, 0, 4);
$month = substr($p_stamp, 4, 2);
$day = substr($p_stamp, 6, 2);
$select .= "<option value=\"{$p_stamp}\"" . ($p_stamp == strtr($expiration, array("-" => "")) ? " selected" : "") . "> {$day} / {$month} / {$year}</option>\n";
}
$page->assign('select', $select);
} else {
switch ($action) {
case 'delete':
S::assert_xsrf_token();
XDB::execute('DELETE from announces
WHERE id = {?}', $eid);
break;
case "archive":
S::assert_xsrf_token();
XDB::execute('UPDATE announces
SET creation_date = creation_date, flags = CONCAT(flags,",archive")
WHERE id = {?}', $eid);
break;
case "unarchive":
S::assert_xsrf_token();
XDB::execute('UPDATE announces
SET creation_date = creation_date, flags = REPLACE(flags,"archive","")
WHERE id = {?}', $eid);
$action = 'archives';
$arch = true;
break;
case "valid":
S::assert_xsrf_token();
XDB::execute('UPDATE announces
SET creation_date = creation_date, flags = CONCAT(flags,",valide")
WHERE id = {?}', $eid);
break;
case "unvalid":
S::assert_xsrf_token();
XDB::execute('UPDATE announces
SET creation_date = creation_date, flags = REPLACE(flags,"valide", "")
WHERE id = {?}', $eid);
break;
}
$pid = $eid && $action == 'preview' ? $eid : -1;
$sql = "SELECT e.id, e.titre, e.texte,e.id = {$pid} AS preview, e.uid,\n DATE_FORMAT(e.creation_date,'%d/%m/%Y %T') AS creation_date,\n DATE_FORMAT(e.expiration,'%d/%m/%Y') AS expiration,\n e.promo_min, e.promo_max,\n FIND_IN_SET('valide', e.flags) AS fvalide,\n FIND_IN_SET('archive', e.flags) AS farch,\n FIND_IN_SET('wiki', e.flags) AS wiki\n FROM announces AS e\n WHERE " . ($arch ? "" : "!") . "FIND_IN_SET('archive',e.flags)\n ORDER BY FIND_IN_SET('valide',e.flags), e.expiration DESC";
$page->assign('evs', XDB::iterator($sql));
}
$page->assign('arch', $arch);
$page->assign('admin_evts', true);
}
function handler_register($page, $hash = null)
{
$page->forceSkin('register');
$alert = array();
$alert_details = '';
$subState = new PlDict(S::v('subState', array()));
if (!$subState->has('step')) {
$subState->set('step', 0);
}
if (!$subState->has('backs')) {
$subState->set('backs', new PlDict());
}
if (Get::has('back') && Get::i('back') < $subState->i('step')) {
$subState->set('step', max(0, Get::i('back')));
$subState->v('backs')->set($subState->v('backs')->count() + 1, $subState->dict());
$subState->v('backs')->kill('backs');
if ($subState->v('backs')->count() == 3) {
$alert[] = "Tentative d'inscription très hésitante";
$alert_details .= "\n * Retours en arrières : 3.";
}
}
if ($hash) {
$res = XDB::query("SELECT a.uid, a.hruid, ppn.lastname_initial AS lastname, ppn.firstname_initial AS firstname, p.xorg_id AS xorgid,\n pd.promo, pe.promo_year AS yearpromo, pde.degree AS edu_type,\n p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash, a.type, a.comment\n FROM register_marketing AS m\n INNER JOIN accounts AS a ON (m.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n INNER JOIN profile_education_degree_enum AS pde ON (pde.id = pe.degreeid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n WHERE m.hash = {?} AND a.state = 'pending'", $hash);
if ($res->numRows() == 1) {
$subState->merge($res->fetchOneRow());
$subState->set('main_mail_domain', User::$sub_mail_domains[$subState->v('type')]);
XDB::execute('INSERT INTO register_mstats (uid, sender, success)
SELECT m.uid, m.sender, 0
FROM register_marketing AS m
WHERE m.hash
ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)', $subState->s('hash'));
}
}
switch ($subState->i('step')) {
case 0:
$wp = new PlWikiPage('Reference.Charte');
$wp->buildCache();
if (Post::has('step1')) {
$subState->set('step', 1);
if ($subState->has('hash')) {
$subState->set('step', 3);
$this->load('register.inc.php');
createAliases($subState);
}
}
break;
case 1:
if (Post::has('yearpromo')) {
$edu_type = Post::t('edu_type');
$yearpromo = Post::i('yearpromo');
$promo = Profile::$cycle_prefixes[$edu_type] . $yearpromo;
$res = XDB::query("SELECT COUNT(*)\n FROM accounts AS a\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE a.state = 'pending' AND p.deathdate IS NULL AND pe.promo_year = {?}", $yearpromo);
if (!$res->fetchOneCell()) {
$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
} else {
$subState->set('step', 2);
$subState->set('promo', $promo);
$subState->set('yearpromo', $yearpromo);
$subState->set('edu_type', $edu_type);
if ($edu_type == Profile::DEGREE_X) {
if ($yearpromo >= 1996 && $yearpromo < 2000) {
$subState->set('schoolid', $yearpromo % 100 * 10 . '???');
$subState->set('schoolid_exemple', $yearpromo % 100 * 10000 + 532);
$subState->set('schoolid_exemple_ev2', ($yearpromo + 1) % 100 * 10000 + 532);
} elseif ($yearpromo >= 2000) {
$subState->set('schoolid', 100 + $yearpromo % 100 . '???');
$subState->set('schoolid_exemple', (100 + $yearpromo % 100) * 1000 + 532);
$subState->set('schoolid_exemple_ev2', (100 + ($yearpromo + 1) % 100) * 1000 + 532);
}
}
}
}
break;
case 2:
if (count($_POST)) {
$this->load('register.inc.php');
$subState->set('firstname', Post::t('firstname'));
$subState->set('lastname', Post::t('lastname'));
if (Post::has('schoolid')) {
$subState->set('schoolid', Post::i('schoolid'));
}
$error = checkNewUser($subState);
if ($error !== true) {
break;
}
$error = createAliases($subState);
if ($error === true) {
unset($error);
$subState->set('step', 3);
}
}
break;
case 3:
if (count($_POST)) {
$this->load('register.inc.php');
// Validate the email address format and domain.
require_once 'emails.inc.php';
$user = User::get($subState->s('uid'));
if (!isvalid_email(Post::v('email'))) {
$error[] = "Le champ 'Email' n'est pas valide.";
} elseif (!isvalid_email_redirection(Post::v('email'), $user)) {
$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant ' . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
}
// Validate the birthday format and range.
$birth = Post::t('birthdate');
if (!preg_match('@^[0-3]?\\d/[01]?\\d/(19|20)?\\d{2}$@', $birth)) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
} else {
$birth = explode('/', $birth, 3);
for ($i = 0; $i < 3; ++$i) {
$birth[$i] = intval($birth[$i]);
}
if ($birth[2] < 100) {
$birth[2] += 1900;
}
$year = $birth[2];
$ref_year = substr($subState->v('birthdateRef'), 0, 4);
if (abs($ref_year - $year) > 2) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
$subState->set('wrong_birthdate', $birth);
}
}
// Register the optional services requested by the user.
$services = array();
foreach (array('com_letters', 'imap', 'ml_promo', 'nl') as $service) {
if (Post::b($service)) {
$services[] = $service;
}
}
$subState->set('services', $services);
// Validate the password.
if (!Post::v('pwhash', false)) {
$error[] = "Le mot de passe n'est pas valide.";
}
// Check if the given email is known as dangerous.
$res = XDB::query("SELECT state, description\n FROM email_watch\n WHERE email = {?} AND state != 'safe'", Post::v('email'));
$bannedEmail = false;
if ($res->numRows()) {
list($state, $description) = $res->fetchOneRow();
$alert[] = "Email surveillé proposé à l'inscription";
$alert_details .= "\n * Email surveillé : " . Post::v('email');
$subState->set('email_desc', $description);
if ($state == 'dangerous') {
$bannedEmail = true;
}
}
if ($subState->i('watch') != 0) {
$alert[] = "Inscription d'un utilisateur surveillé";
$alert_details .= "\n * Commentaire pour la surveillance : " . $subState->v('comment');
}
if ($bannedIp = check_ip('unsafe')) {
unset($error);
}
if (isset($error)) {
$error = join('<br />', $error);
} else {
$subState->set('birthdate', sprintf("%04d-%02d-%02d", intval($birth[2]), intval($birth[1]), intval($birth[0])));
$subState->set('email', Post::t('email'));
$subState->set('password', Post::t('pwhash'));
// Update the current alert if the birthdate is incorrect,
// or if the IP address of the user has been banned.
if ($subState->s('birthdateRef') != '0000-00-00' && $subState->s('birthdateRef') != $subState->s('birthdate')) {
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
}
if ($bannedIp) {
$alert[] = "Tentative d'inscription depuis une IP surveillée";
$alert_details .= "\n * IP surveillée : " . $_SESSION['check_ip'];
}
// Prevent banned user from actually registering; save the current state for others.
if ($bannedEmail || $bannedIp) {
global $globals;
$error = "Une erreur s'est produite lors de l'inscription." . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>" . " register@{$globals->mail->domain}</a>" . " pour nous faire part de cette erreur.";
} else {
$subState->set('step', 4);
if ($subState->v('backs')->count() >= 3) {
$alert[] = "Fin d'une inscription hésitante";
$alert_details .= "\n * Nombre de retours en arrière : " . $subState->v('backs')->count();
}
finishRegistration($subState);
}
}
}
break;
}
$_SESSION['subState'] = $subState->dict();
if (count($alert)) {
$alert_details = "Détails des alertes :" . $alert_details . "\n\n";
$alert_details .= 'Compte concerné : ' . $subState->s('forlife') . ' (redirection vers : ' . ($subState->s('email') == '' ? Post::t('email') : $subState->s('email')) . ")\n\n\n";
send_warning_mail(implode(' - ', $alert), $alert_details);
}
$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
if (isset($error)) {
$page->trigError($error);
}
}
public function process(&$global_success)
{
$global_success = true;
$this->fetchData();
foreach ($this->settings as $field => &$setting) {
$success = false;
if (!is_null($setting)) {
$this->values[$field] = $setting->value($this, $field, Post::v($field, ''), $success);
} else {
$success = true;
$this->values[$field] = Post::v($field, '');
}
$this->errors[$field] = !$success;
$global_success = $global_success && $success;
}
if ($global_success) {
if ($this->checkChanges()) {
/* Save changes atomically to avoid inconsistent state
* in case of error.
*/
if (!XDB::runTransaction(array($this, 'saveData'))) {
$global_success = false;
return PlWizard::CURRENT_PAGE;
}
$this->markChange();
}
// XXX: removes this code once all merge related issues have been fixed.
static $issues = array(0 => array('name', 'promo', 'phone', 'education'), 1 => array('address'), 2 => array('job'));
if (isset($issues[Post::i('valid_page')])) {
foreach ($issues[Post::i('valid_page')] as $issue) {
XDB::execute("UPDATE profile_merge_issues\n SET issues = REPLACE(issues, {?}, '')\n WHERE pid = {?}", $issue, $this->pid());
}
}
return Post::has('next_page') ? PlWizard::NEXT_PAGE : PlWizard::CURRENT_PAGE;
}
$text = "Certains champs n'ont pas pu être validés, merci de corriger les informations " . (S::user()->isMe($this->owner) ? "de ton profil et de revalider ta demande." : "du profil et de revalider ta demande.");
Platal::page()->trigError($text);
return PlWizard::CURRENT_PAGE;
}
function handler_edit_announce($page, $aid = null)
{
global $globals, $platal;
$page->changeTpl('xnetgrp/announce-edit.tpl');
$page->assign('new', is_null($aid));
$art = array();
if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') {
S::assert_xsrf_token();
if (!is_null($aid)) {
$art['id'] = $aid;
}
$art['titre'] = Post::v('titre');
$art['texte'] = Post::v('texte');
$art['contacts'] = Post::v('contacts');
$art['promo_min'] = Post::i('promo_min');
$art['promo_max'] = Post::i('promo_max');
$art['nom'] = S::v('nom');
$art['prenom'] = S::v('prenom');
$art['promo'] = S::v('promo');
$art['hruid'] = S::user()->login();
$art['uid'] = S::user()->id();
$art['expiration'] = Post::v('expiration');
$art['public'] = Post::has('public');
$art['xorg'] = Post::has('xorg');
$art['nl'] = Post::has('nl');
$art['event'] = Post::v('event');
$upload = new PlUpload(S::user()->login(), 'xnetannounce');
$this->upload_image($page, $upload);
$art['contact_html'] = $art['contacts'];
if ($art['event']) {
$art['contact_html'] .= "\n{$globals->baseurl}/{$platal->ns}events/sub/{$art['event']}";
}
if (!$art['public'] && ($art['promo_min'] > $art['promo_max'] && $art['promo_max'] != 0 || $art['promo_min'] != 0 && ($art['promo_min'] <= 1900 || $art['promo_min'] >= 2020) || $art['promo_max'] != 0 && ($art['promo_max'] <= 1900 || $art['promo_max'] >= 2020))) {
$page->trigError("L'intervalle de promotions est invalide.");
Post::kill('valid');
}
if (!trim($art['titre']) || !trim($art['texte'])) {
$page->trigError("L'article doit avoir un titre et un contenu.");
Post::kill('valid');
}
if (Post::v('valid') == 'Supprimer l\'image') {
$upload->rm();
Post::kill('valid');
}
$art['photo'] = $upload->exists() || Post::i('photo');
if (Post::v('valid') == 'Pas d\'image' && !is_null($aid)) {
XDB::query('DELETE FROM group_announces_photo
WHERE eid = {?}', $aid);
$upload->rm();
Post::kill('valid');
$art['photo'] = false;
}
}
if (Post::v('valid') == 'Enregistrer') {
$promo_min = $art['public'] ? 0 : $art['promo_min'];
$promo_max = $art['public'] ? 0 : $art['promo_max'];
$flags = new PlFlagSet();
if ($art['public']) {
$flags->addFlag('public');
}
if ($art['photo']) {
$flags->addFlag('photo');
}
if (is_null($aid)) {
$fulltext = $art['texte'];
if (!empty($art['contact_html'])) {
$fulltext .= "\n\n'''Contacts :'''\\\\\n" . $art['contact_html'];
}
$post = null;
if ($globals->asso('forum')) {
require_once 'banana/forum.inc.php';
$banana = new ForumsBanana(S::user());
$post = $banana->post($globals->asso('forum'), null, $art['titre'], MiniWiki::wikiToText($fulltext, false, 0, 80));
}
XDB::query('INSERT INTO group_announces (uid, asso_id, create_date, titre, texte, contacts,
expiration, promo_min, promo_max, flags, post_id)
VALUES ({?}, {?}, NOW(), {?}, {?}, {?}, {?}, {?}, {?}, {?}, {?})', S::i('uid'), $globals->asso('id'), $art['titre'], $art['texte'], $art['contact_html'], $art['expiration'], $promo_min, $promo_max, $flags, $post);
$aid = XDB::insertId();
if ($art['photo']) {
list($imgx, $imgy, $imgtype) = $upload->imageInfo();
XDB::execute('INSERT INTO group_announces_photo
SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', $aid, $imgtype, $imgx, $imgy, $upload->getContents());
}
if ($art['xorg']) {
$article = new EvtReq("[{$globals->asso('nom')}] " . $art['titre'], $fulltext, $art['promo_min'], $art['promo_max'], $art['expiration'], "", S::user(), $upload);
$article->submit();
$page->trigWarning("L'affichage sur la page d'accueil de Polytechnique.org est en attente de validation.");
} else {
if ($upload && $upload->exists()) {
$upload->rm();
}
}
if ($art['nl']) {
$article = new NLReq(S::user(), $globals->asso('nom') . " : " . $art['titre'], $art['texte'], $art['contact_html']);
$article->submit();
$page->trigWarning("La parution dans la Lettre Mensuelle est en attente de validation.");
}
} else {
XDB::query('UPDATE group_announces
SET titre = {?}, texte = {?}, contacts = {?}, expiration = {?},
promo_min = {?}, promo_max = {?}, flags = {?}
WHERE id = {?} AND asso_id = {?}', $art['titre'], $art['texte'], $art['contacts'], $art['expiration'], $promo_min, $promo_max, $flags, $art['id'], $globals->asso('id'));
if ($art['photo'] && $upload->exists()) {
list($imgx, $imgy, $imgtype) = $upload->imageInfo();
XDB::execute('INSERT INTO group_announces_photo (eid, attachmime, attach, x, y)
VALUES ({?}, {?}, {?}, {?}, {?})
ON DUPLICATE KEY UPDATE attachmime = VALUES(attachmime), attach = VALUES(attach), x = VALUES(x), y = VALUES(y)', $aid, $imgtype, $upload->getContents(), $imgx, $imgy);
$upload->rm();
}
}
}
if (Post::v('valid') == 'Enregistrer' || Post::v('valid') == 'Annuler') {
pl_redirect("");
}
if (empty($art) && !is_null($aid)) {
$res = XDB::query("SELECT *, FIND_IN_SET('public', flags) AS public,\n FIND_IN_SET('photo', flags) AS photo\n FROM group_announces\n WHERE asso_id = {?} AND id = {?}", $globals->asso('id'), $aid);
if ($res->numRows()) {
$art = $res->fetchOneAssoc();
$art['contact_html'] = $art['contacts'];
} else {
$page->kill("Aucun article correspond à l'identifiant indiqué.");
}
}
if (is_null($aid)) {
$events = XDB::iterator("SELECT *\n FROM group_events\n WHERE asso_id = {?} AND archive = 0", $globals->asso('id'));
if ($events->total()) {
$page->assign('events', $events);
}
}
$art['contact_html'] = @MiniWiki::WikiToHTML($art['contact_html']);
$page->assign('art', $art);
$page->assign_by_ref('upload', $upload);
}
function handler_admin_medals($page, $action = 'list', $id = null)
{
$page->setTitle('Administration - Distinctions');
$page->assign('title', 'Gestion des Distinctions');
$table_editor = new PLTableEditor('admin/medals', 'profile_medal_enum', 'id');
$table_editor->describe('text', 'intitulé', true);
$table_editor->describe('img', 'nom de l\'image', false, true);
$table_editor->describe('flags', 'valider', true);
$table_editor->apply($page, $action, $id);
if ($id && $action == 'edit') {
$page->changeTpl('profile/admin_decos.tpl');
$mid = $id;
if (Post::v('act') == 'del') {
XDB::execute('DELETE FROM profile_medal_grade_enum
WHERE mid={?} AND gid={?}', $mid, Post::i('gid'));
} else {
foreach (Post::v('grades', array()) as $gid => $text) {
if ($gid === 0) {
if (!empty($text)) {
$res = XDB::query('SELECT MAX(gid)
FROM profile_medal_grade_enum
WHERE mid = {?}', $mid);
$gid = $res->fetchOneCell() + 1;
XDB::execute('INSERT INTO profile_medal_grade_enum (mid, gid, text, pos)
VALUES ({?}, {?}, {?}, {?})', $mid, $gid, $text, $_POST['pos']['0']);
}
} else {
XDB::execute('UPDATE profile_medal_grade_enum
SET pos={?}, text={?}
WHERE gid={?} AND mid={?}', $_POST['pos'][$gid], $text, $gid, $mid);
}
}
}
$res = XDB::iterator('SELECT gid, text, pos FROM profile_medal_grade_enum WHERE mid={?} ORDER BY pos', $mid);
$page->assign('grades', $res);
}
}
