<?php
/***************************************************************************
- * Copyright (C) 2003-2006 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
function handlers()
{
return array(
- 'carnet' => $this->make_hook('index', AUTH_COOKIE),
- 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
- 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
+ 'carnet' => $this->make_hook('index', AUTH_COOKIE),
+ 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
+ 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
- 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
- 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE),
+ 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
+ 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS),
+ 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS),
+ 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS),
- 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC),
- 'carnet/ical' => $this->make_hook('ical', AUTH_PUBLIC),
+ 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS),
);
}
+ function on_subscribe($forlife, $uid, $promo, $password)
+ {
+ require_once 'notifs.inc.php';
+ register_watch_op($uid, WATCH_INSCR);
+ inscription_notifs_base($uid);
+ }
+
function _add_rss_link(&$page)
{
if (!S::has('core_rss_hash')) {
return;
}
- $page->assign('xorg_rss',
- array('title' => 'Polytechnique.org :: Carnet',
- 'href' => '/carnet/rss/'.S::v('forlife')
- .'/'.S::v('core_rss_hash').'/rss.xml')
- );
+ $page->setRssLink('Polytechnique.org :: Carnet',
+ '/carnet/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml');
}
function handler_index(&$page)
if (Get::has('read')) {
$_SESSION['watch_last'] = Get::v('read');
+ update_NbNotifs();
pl_redirect('carnet/panel');
}
if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) {
$p = intval($matches[1]);
if($p<1900 || $p>2100) {
- $page->trig("la promo entrée est invalide");
+ $page->trigError("la promo entrée est invalide");
} else {
if ($action == 'add_promo') {
$watch->_promos->add($p);
$p1 = intval($matches[1]);
$p2 = intval($matches[2]);
if($p1<1900 || $p1>2100) {
- $page->trig('la première promo de la plage entrée est invalide');
+ $page->trigError('la première promo de la plage entrée est invalide');
} elseif($p2<1900 || $p2>2100) {
- $page->trig('la seconde promo de la plage entrée est invalide');
+ $page->trigError('la seconde promo de la plage entrée est invalide');
} else {
if ($action == 'add_promo') {
$watch->_promos->addRange($p1, $p2);
}
}
} else {
- $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect.");
+ $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect.");
}
}
$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
+ if ($action) {
+ S::assert_xsrf_token();
+ }
switch ($action) {
case 'add_promo':
case 'del_promo':
break;
}
- if (Env::has('subs')) $watch->_subs->update('sub');
+ if (Env::has('subs')) {
+ S::assert_xsrf_token();
+ $watch->_subs->update('sub');
+ }
+
if (Env::has('flags_contacts')) {
+ S::assert_xsrf_token();
$watch->watch_contacts = Env::b('contacts');
$watch->saveFlags();
}
+
if (Env::has('flags_mail')) {
- $watch->watch_mail = Env::b('mail');
+ S::assert_xsrf_token();
+ $watch->watch_mail = Env::b('mail');
$watch->saveFlags();
}
return Array($total, $list);
}
- function handler_contacts(&$page, $action = null)
+ function searchErrorHandler($explain) {
+ global $page;
+ $page->trigError($explain);
+ $this->handler_contacts($page);
+ }
+
+ function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null)
{
- $page->changeTpl('carnet/mescontacts.tpl');
- require_once("applis.func.inc.php");
$page->assign('xorg_title','Polytechnique.org - Mes contacts');
+ $this->_add_rss_link($page);
$uid = S::v('uid');
$user = Env::v('user');
+ // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
+ // It allows direct linking to contact adding in the RSS feed.
+ if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ S::assert_xsrf_token();
+ }
switch (Env::v('action')) {
case 'retirer':
if (is_numeric($user)) {
if (XDB::execute('DELETE FROM contacts
- WHERE uid = {?} AND contact = {?}',
- $uid, $user))
+ WHERE uid = {?} AND contact = {?}',
+ $uid, $user))
{
- $page->trig("Contact retiré !");
+ $page->trigSuccess("Contact retiré !");
}
} else {
if (XDB::execute(
- 'DELETE FROM contacts
+ 'DELETE FROM c
USING contacts AS c
INNER JOIN aliases AS a ON (c.contact=a.id and a.type!="homonyme")
WHERE c.uid = {?} AND a.alias={?}', $uid, $user))
{
- $page->trig("Contact retiré !");
+ $page->trigSuccess("Contact retiré !");
}
}
break;
require_once('user.func.inc.php');
if (($login = get_user_login($user)) !== false) {
if (XDB::execute(
- 'INSERT INTO contacts (uid, contact)
- SELECT {?}, id
- FROM aliases
- WHERE alias = {?}', $uid, $login))
+ 'REPLACE INTO contacts (uid, contact)
+ SELECT {?}, id
+ FROM aliases
+ WHERE alias = {?}', $uid, $login))
{
- $page->trig('Contact ajouté !');
+ $page->trigSuccess('Contact ajouté !');
} else {
- $page->trig('Contact déjà dans la liste !');
+ $page->trigWarning('Contact déjà dans la liste !');
}
}
}
- if ($action == 'trombi') {
- require_once 'trombi.inc.php';
-
- $trombi = new Trombi(array($this, '_get_list'));
- $trombi->setNbRows(4);
- $page->assign_by_ref('trombi',$trombi);
-
- $order = Get::v('order');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
+ $search = false;
+ if ($action == 'search') {
+ $action = $subaction;
+ $subaction = $ssaction;
+ $search = true;
+ }
+ if ($search && trim(Env::v('quick'))) {
+ require_once 'userset.inc.php';
+ $base = 'carnet/contacts/search';
+ require_once(dirname(__FILE__) . '/search/classes.inc.php');
+ ThrowError::$throwHook = array($this, 'searchErrorHandler');
+ $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid");
} else {
-
- $order = Get::v('order');
- $orders = Array(
- 'nom' => 'sortkey DESC, a.prenom, a.promo',
- 'promo' => 'promo DESC, sortkey, a.prenom',
- 'last' => 'a.date DESC, sortkey, a.prenom, promo');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
- $order = $orders[$order];
- if (Get::v('inv') == '')
- $order = str_replace(" DESC,", ",", $order);
-
- $sql = "SELECT contact AS id,
- a.*, l.alias AS forlife,
- 1 AS inscrit,
- a.perms != 'pending' AS wasinscrit,
- a.deces != 0 AS dcd, a.deces, a.matricule_ax,
- FIND_IN_SET('femme', a.flags) AS sexe,
- e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction,
- IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166,
- ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type,
- ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type,
- adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region,
- IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey
- FROM contacts AS c
- INNER JOIN auth_user_md5 AS a ON (a.user_id = c.contact)
- INNER JOIN aliases AS l ON (a.user_id = l.id AND l.type='a_vie')
- LEFT JOIN entreprises AS e ON (e.entrid = 0 AND e.uid = a.user_id)
- LEFT JOIN emploi_secteur AS es ON (e.secteur = es.id)
- LEFT JOIN fonctions_def AS ef ON (e.fonction = ef.id)
- LEFT JOIN geoloc_pays AS n ON (a.nationalite = n.a2)
- LEFT JOIN applis_ins AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0)
- LEFT JOIN applis_def AS ad0 ON (ad0.id = ai0.aid)
- LEFT JOIN applis_ins AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1)
- LEFT JOIN applis_def AS ad1 ON (ad1.id = ai1.aid)
- LEFT JOIN adresses AS adr ON (a.user_id = adr.uid
- AND FIND_IN_SET('active', adr.statut))
- LEFT JOIN geoloc_pays AS gp ON (adr.country = gp.a2)
- LEFT JOIN geoloc_region AS gr ON (adr.country = gr.a2 AND adr.region = gr.region)
- WHERE c.uid = $uid
- ORDER BY ".$order;
-
- $page->assign_by_ref('citer', XDB::iterator($sql));
+ $base = 'carnet/contacts';
+ $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid ");
+ }
+ $view->addMod('minifiche', 'Mini-Fiches', true);
+ $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
+ $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search'));
+ $view->apply($base, $page, $action, $subaction);
+ if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) {
+ $page->changeTpl('carnet/mescontacts.tpl');
}
}
function handler_pdf(&$page, $arg0 = null, $arg1 = null)
{
- require_once 'contacts.pdf.inc.php';
+ require_once dirname(__FILE__).'/carnet/contacts.pdf.inc.php';
require_once 'user.func.inc.php';
session_write_close();
while (list($alias) = $citer->next()) {
$user = get_user_details($alias);
- $pdf->addContact($user, $arg0 == 'photos' || $arg1 == 'photos');
+ foreach ($user as &$value) {
+ if (is_utf8($value)) {
+ $value = utf8_decode($value);
+ }
+ }
+ $pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos');
}
$pdf->Output();
$page->assign('notifs', $notifs);
}
- function handler_ical(&$page)
+ function handler_ical(&$page, $alias = null, $hash = null)
{
+ require_once 'rss.inc.php';
+ $uid = init_rss(null, $alias, $hash, false);
+ if (S::logged()) {
+ if (!$uid) {
+ $uid = S::i('uid');
+ } else if ($uid != S::i('uid')) {
+ require_once 'xorg.misc.inc.php';
+ send_warning_email("Récupération d\'un autre utilisateur ($uid)");
+ }
+ } else if (!$uid) {
+ exit;
+ }
+ require_once 'ical.inc.php';
$page->changeTpl('carnet/calendar.tpl', NO_SKIN);
+ $page->register_function('display_ical', 'display_ical');
$res = XDB::iterRow(
'SELECT u.prenom,
FROM contacts AS c
INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
- WHERE c.uid = {?}', S::v('uid'));
+ WHERE c.uid = {?}', $uid);
$annivs = Array();
while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) {
header('Content-Type: text/calendar; charset=utf-8');
}
+
+ function handler_vcard(&$page, $photos = null)
+ {
+ $res = XDB::query('SELECT contact
+ FROM contacts
+ WHERE uid = {?}', S::v('uid'));
+ $vcard = new VCard($res->fetchColumn(), $photos == 'photos');
+ $vcard->do_page(&$page);
+ }
}
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>