Adds XSRF protection to the Carnet module.

[platal.git] / include / user.func.inc.php

diff --git a/include/user.func.inc.php b/include/user.func.inc.php
index fb7ac34..45666bb 100644 (file)
--- a/include/user.func.inc.php
+++ b/include/user.func.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2006 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -36,36 +36,69 @@ function user_clear_all_subs($user_id, $really_del=true)
     $res   = XDB::query("SELECT alias FROM aliases WHERE type='a_vie' AND id={?}", $uid);
     $alias = $res->fetchOneCell();
 
+    $tables_to_clear = array('uid' => array('competences_ins', 'entreprises', 'langues_ins', 'mentor_pays',
+                                            'mentor_secteurs', 'mentor', 'perte_pass', 'watch_sub'),
+                             'user_id' => array('requests', 'user_changes'));
+
     if ($really_del) {
-       XDB::execute("DELETE FROM emails WHERE uid={?}", $uid);
-       XDB::execute("DELETE FROM newsletter_ins WHERE user_id={?}", $uid);
+        array_push($tables_to_clear['uid'], 'emails', 'groupex.membres', 'contacts', 'adresses', 'tels',
+                                            'photo', 'perte_pass', 'langues_ins', 'forums.abos', 'forums.profils');
+        array_push($tables_to_clear['user_id'], 'newsletter_ins', 'auth_user_quick', 'binets_ins');
+        $tables_to_clear['id'] = array('aliases');
+        $tables_to_clear['contact'] = array('contacts');
+        XDB::execute("UPDATE auth_user_md5
+                         SET date_ins = 0, promo_sortie = 0, nom_usage = '',  password = '', perms = 'pending',
+                             nationalite = '', cv = '', section = 0, date = 0, smtppass = '', mail_storage = ''
+                       WHERE user_id = {?}", $uid);
+        XDB::execute("DELETE virtual.* FROM virtual INNER JOIN virtual_redirect AS r USING(vid) WHERE redirect = {?}",
+                     $alias.'@'.$globals->mail->domain);
+        XDB::execute("DELETE virtual.* FROM virtual INNER JOIN virtual_redirect AS r USING(vid) WHERE redirect = {?}",
+                     $alias.'@'.$globals->mail->domain2);
+    } else {
+        XDB::execute("UPDATE auth_user_md5   SET password='',smtppass='' WHERE user_id={?}", $uid);
+        XDB::execute("UPDATE auth_user_quick SET watch_flags='' WHERE user_id={?}", $uid);
     }
 
     XDB::execute("DELETE FROM virtual_redirect WHERE redirect = {?}", $alias.'@'.$globals->mail->domain);
     XDB::execute("DELETE FROM virtual_redirect WHERE redirect = {?}", $alias.'@'.$globals->mail->domain2);
 
-    XDB::execute("UPDATE auth_user_md5   SET password='',smtppass='' WHERE user_id={?}", $uid);
-    XDB::execute("UPDATE auth_user_quick SET watch_flags='' WHERE user_id={?}", $uid);
-
-    XDB::execute("DELETE FROM competences_ins WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM entreprises     WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM langues_ins     WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM mentor_pays     WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM mentor_secteur  WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM mentor          WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM perte_pass      WHERE uid={?}", $uid);
-    XDB::execute("DELETE FROM requests        WHERE user_id={?}", $uid);
-    XDB::execute("DELETE FROM user_changes    WHERE user_id={?}", $uid);
-    XDB::execute("DELETE FROM watch_sub       WHERE uid={?}", $uid);
-
-    $mmlist = new MMList(S::v('id'), S::v('password'));
+    foreach ($tables_to_clear as $key=>&$tables) {
+        foreach ($tables as $table) {
+            XDB::execute("DELETE FROM $table WHERE $key={?}", $uid);
+        }
+    }
+
+    $mmlist = new MMList(S::v('uid'), S::v('password'));
     $mmlist->kill($alias, $really_del);
+
+    // Deactivates, when available, the Google Apps account of the user.
+    if ($globals->mailstorage->googleapps_domain) {
+        require_once 'googleapps.inc.php';
+        if (GoogleAppsAccount::account_status($uid)) {
+            $account = new GoogleAppsAccount($uid, $alias);
+            $account->suspend();
+        }
+    }
 }
 
 // }}}
 // {{{ function get_user_login()
 
-function get_user_login($data, $get_forlife = false) {
+// Defaut callback to call when a login is not found
+function _default_user_callback($login)
+{
+    global $page;
+    $page->trig("Il n'y a pas d'utilisateur avec l'identifiant : $login");
+    return;
+}
+
+function _silent_user_callback($login)
+{
+    return;
+}
+
+function get_user_login($data, $get_forlife = false, $callback = '_default_user_callback')
+{
     global $globals, $page;
 
     if (is_numeric($data)) {
@@ -73,7 +106,7 @@ function get_user_login($data, $get_forlife = false) {
         if ($res->numRows()) {
             return $res->fetchOneCell();
         } else {
-            $page->trig("il n'y a pas d'utilisateur avec cet id");
+            call_user_func($callback, $data);
             return false;
         }
     }
@@ -83,7 +116,7 @@ function get_user_login($data, $get_forlife = false) {
     if (strstr($data, '@')===false) {
         $data = $data.'@'.$globals->mail->domain;
     }
-    
+
     list($mbox, $fqdn) = explode('@', $data);
     if ($fqdn == $globals->mail->domain || $fqdn == $globals->mail->domain2) {
 
@@ -95,7 +128,7 @@ function get_user_login($data, $get_forlife = false) {
             return $get_forlife ? $res->fetchOneCell() : $mbox;
         }
 
-        if (preg_match('/^(.*)\.([0-9]{4})$/', $mbox, $matches)) {
+        if (preg_match('/^(.*)\.([0-9]{4})$/u', $mbox, $matches)) {
             $res = XDB::query("SELECT  a.alias
                                  FROM  aliases AS a
                            INNER JOIN  aliases AS b ON (a.id = b.id AND b.type IN ('alias', 'a_vie') AND b.alias={?})
@@ -105,11 +138,11 @@ function get_user_login($data, $get_forlife = false) {
                 return $res->fetchOneCell();
             }
         }
-        $page->trig("il n'y a pas d'utilisateur avec ce login");
+        call_user_func($callback, $data);
         return false;
 
     } elseif ($fqdn == $globals->mail->alias_dom || $fqdn == $globals->mail->alias_dom2) {
-    
+
         $res = XDB::query("SELECT  redirect
                              FROM  virtual_redirect
                        INNER JOIN  virtual USING(vid)
@@ -117,11 +150,10 @@ function get_user_login($data, $get_forlife = false) {
         if ($redir = $res->fetchOneCell()) {
             list($alias) = explode('@', $redir);
         } else {
-            $page->trig("il n'y a pas d'utilisateur avec cet alias");
+            call_user_func($callback, $data);
             $alias = false;
         }
         return $alias;
-
     } else {
 
         $res = XDB::query("SELECT  alias
@@ -130,12 +162,12 @@ function get_user_login($data, $get_forlife = false) {
                                       WHERE  e.email={?} AND a.type='a_vie'", $data);
         switch ($i = $res->numRows()) {
             case 0:
-                $page->trig("il n'y a pas d'utilisateur avec cette addresse mail");
+                call_user_func($callback, $data);
                 return false;
-                
+
             case 1:
                 return $res->fetchOneCell();
-                
+
             default:
                 if (S::has_perms()) {
                     $aliases = $res->fetchColumn();
@@ -145,30 +177,33 @@ function get_user_login($data, $get_forlife = false) {
                 }
         }
     }
-    
+
     return false;
 }
 
 // }}}
 // {{{ function get_user_forlife()
 
-function get_user_forlife($data) {
-    return get_user_login($data, true);
+function get_user_forlife($data, $callback = '_default_user_callback')
+{
+    return get_user_login($data, true, $callback);
 }
 
 // }}}
 // {{{ function get_users_forlife_list()
 
-function get_users_forlife_list($members, $strict = false)
+function get_users_forlife_list($members, $strict = false, $callback = '_default_user_callback')
 {
-    if (strlen(trim($members)) == 0) {
-        return null;
+    if (!is_array($members)) {
+        if (strlen(trim($members)) == 0) {
+            return null;
+        }
+        $members = explode(' ', $members);
     }
-    $members = explode(' ', $members);
     if ($members) {
         $list = array();
         foreach ($members as $i => $alias) {
-            if (($login = get_user_forlife($alias)) !== false) {
+            if (($login = get_user_forlife($alias, $callback)) !== false) {
                 $list[$i] = $login;
             } else if(!$strict) {
                 $list[$i] = $alias;
@@ -183,14 +218,46 @@ function get_users_forlife_list($members, $strict = false)
 // {{{ function has_user_right()
 function has_user_right($pub, $view = 'private') {
     if ($pub == $view) return true;
-    // all infos available for private 
+    // all infos available for private
     if ($view == 'private') return true;
-    // public infos available for all 
+    // public infos available for all
     if ($pub == 'public') return true;
     // here we have view = ax or public, and pub = ax or private, and pub != view
-    return false;    
+    return false;
 }
 // }}}
+// {{{ function get_not_registered_user()
+
+function get_not_registered_user($login, $iterator = false)
+{
+    global $globals;
+    @list($login, $domain) = explode('@', $login);
+    if ($domain && $domain != $globals->mail->domain && $domain != $globals->mail->domain2) {
+        return null;
+    }
+    @list($prenom, $nom, $promo) = explode('.', $login);
+    $where = 'REPLACE(REPLACE(REPLACE(nom, " ", ""), "-", ""), "\'", "") LIKE CONCAT("%", {?}, "%")
+          AND  REPLACE(REPLACE(REPLACE(prenom, " ", ""), "-", ""), "\'", "") LIKE CONCAT("%", {?}, "%")';
+    if ($promo) {
+        if (preg_match('/^[0-9]{2}$/', $promo)) {
+            $where .= 'AND MOD(promo, 100) = {?}';
+        } elseif (preg_match('/^[0-9]{4}$/', $promo)) {
+            $where .= 'AND promo = {?}';
+        }
+    }
+    $sql = "SELECT  user_id, nom, prenom, promo
+              FROM  auth_user_md5
+             WHERE  $where
+          ORDER BY  promo, nom, prenom";
+    if ($iterator) {
+        return XDB::iterator($sql, $nom, $prenom, $promo);
+    } else {
+        $res = XDB::query($sql, $nom, $prenom, $promo);
+        return $res->fetchAllAssoc();
+    }
+}
+
+// }}}
 // {{{ function get_user_details_pro()
 
 function get_user_details_pro($uid, $view = 'private')
@@ -234,7 +301,7 @@ function get_user_details_pro($uid, $view = 'private')
             }
             if (!has_user_right($pro['tel_pub'], $view)) {
                 // if no tel was defined, then the viewer will be able to write it
-                if ($pro['tel'] == '' && 
+                if ($pro['tel'] == '' &&
                     $pro['fax'] == '' &&
                     $pro['mobile'] == '') {
                     $all_pro[$i]['tel_pub'] = $view;
@@ -273,6 +340,8 @@ function get_user_details_pro($uid, $view = 'private')
 }
 
 // }}}
+// {{{ function get_user_details_adr()
+
 function get_user_details_adr($uid, $view = 'private') {
     $sql  = "SELECT  a.adrid, a.adr1,a.adr2,a.adr3,a.postcode,a.city,
                      gp.pays AS countrytxt,a.region, a.regiontxt,
@@ -292,7 +361,7 @@ function get_user_details_adr($uid, $view = 'private') {
         else
             $adrid_index[$adr['adrid']] = $i;
     }
-    
+
     $sql = "SELECT  t.adrid, t.tel_pub, t.tel_type, t.tel, t.telid
               FROM  tels AS t
         INNER JOIN  adresses AS a ON (a.uid = t.uid) AND (a.adrid = t.adrid)
@@ -304,7 +373,7 @@ function get_user_details_adr($uid, $view = 'private') {
             $adrid = $nexttel['adrid'];
             unset($nexttel['adrid']);
             if (isset($adrid_index[$adrid])) {
-                if (!isset($all_adr[$adrid_index[$adrid]]['tels'])) 
+                if (!isset($all_adr[$adrid_index[$adrid]]['tels']))
                     $all_adr[$adrid_index[$adrid]]['tels'] = array($nexttel);
                 else
                     $all_adr[$adrid_index[$adrid]]['tels'][] = $nexttel;
@@ -313,6 +382,8 @@ function get_user_details_adr($uid, $view = 'private') {
     }
     return $all_adr;
 }
+
+// }}}
 // {{{ function get_user_details()
 
 function &get_user_details($login, $from_uid = '', $view = 'private')
@@ -328,7 +399,7 @@ function &get_user_details($login, $from_uid = '', $view = 'private')
                        s.text AS section, p.x, p.y, p.pub AS photo_pub,
                        u.matricule_ax,
                        m.expertise != '' AS is_referent,
-                       COUNT(e.email) > 0 AS actif
+                       (COUNT(e.email) > 0 OR FIND_IN_SET('googleapps', u.mail_storage) > 0) AS actif
                  FROM  auth_user_md5   AS u
            INNER JOIN  auth_user_quick AS q  USING(user_id)
            INNER JOIN  aliases         AS a  ON (u.user_id=a.id AND a.type='a_vie')
@@ -336,7 +407,7 @@ function &get_user_details($login, $from_uid = '', $view = 'private')
             LEFT JOIN  contacts        AS c  ON (c.uid = {?} and c.contact = u.user_id)
             LEFT JOIN  geoloc_pays     AS gp ON (gp.a2 = u.nationalite)
            INNER JOIN  sections        AS s  ON (s.id  = u.section)
-            LEFT JOIN  photo           AS p  ON (p.uid = u.user_id) 
+            LEFT JOIN  photo           AS p  ON (p.uid = u.user_id)
             LEFT JOIN  mentor          AS m  ON (m.uid = u.user_id)
             LEFT JOIN  emails          AS e  ON (e.uid = u.user_id AND e.flags='active')
                 WHERE  a.alias = {?}
@@ -384,17 +455,21 @@ function &get_user_details($login, $from_uid = '', $view = 'private')
         $res  = XDB::query($sql, $uid);
         $user['binets']      = $res->fetchColumn();
         $user['binets_join'] = join(', ', $user['binets']);
-    
-        $res  = XDB::iterRow("SELECT  text, url
-                                FROM  groupesx_ins
-                           LEFT JOIN  groupesx_def ON groupesx_ins.gid = groupesx_def.id
-                               WHERE  guid = {?}", $uid);
+
+        $res  = XDB::iterRow("SELECT  a.diminutif, a.nom, a.site
+                                FROM  groupex.asso    AS a
+                           LEFT JOIN  groupex.membres AS m ON (m.asso_id = a.id)
+                               WHERE  m.uid = {?} AND (a.cat = 'GroupesX' OR a.cat = 'Institutions')
+                                      AND pub = 'public'", $uid);
         $user['gpxs'] = Array();
         $user['gpxs_name'] = Array();
-        while (list($gxt, $gxu) = $res->next()) {
-            $user['gpxs'][] = $gxu ? "<a href=\"$gxu\">$gxt</a>" : $gxt;
+        while (list($gxd, $gxt, $gxu) = $res->next()) {
+            if (!$gxu) {
+                $gxu = 'http://www.polytechnique.net/' . $gxd;
+            }
+            $user['gpxs'][] = '<span title="' . pl_entities($gxt) . "\"><a href=\"$gxu\">$gxd</a></span>";
             $user['gpxs_name'][] = $gxt;
-        } 
+        }
         $user['gpxs_join'] = join(', ', $user['gpxs']);
     }
 
@@ -403,7 +478,7 @@ function &get_user_details($login, $from_uid = '', $view = 'private')
                      INNER JOIN  applis_def ON applis_def.id = applis_ins.aid
                           WHERE  uid={?}
                        ORDER BY  ordre", $uid);
-    
+
     $user['applis_fmt'] = Array();
     $user['formation'] = Array();
     while (list($txt, $url, $type) = $res->next()) {
@@ -414,7 +489,7 @@ function &get_user_details($login, $from_uid = '', $view = 'private')
     $user['applis_join'] = join(', ', $user['applis_fmt']);
 
     if (has_user_right($user['medals_pub'], $view)) {
-        $res = XDB::iterator("SELECT  m.id, m.text AS medal, m.type, m.img, s.gid, g.text AS grade
+        $res = XDB::iterator("SELECT  m.id, m.text AS medal, m.type, s.gid, g.text AS grade
                                 FROM  profile_medals_sub    AS s
                           INNER JOIN  profile_medals        AS m ON ( s.mid = m.id )
                            LEFT JOIN  profile_medals_grades AS g ON ( s.mid = g.mid AND s.gid = g.gid )
@@ -451,7 +526,7 @@ function add_user_address($uid, $adrid, $adr) {
 function update_user_address($uid, $adrid, $adr) {
     // update address
     XDB::execute(
-        "UPDATE adresses AS a LEFT JOIN geoloc_pays AS gp ON (gp.pays = {?}) 
+        "UPDATE adresses AS a LEFT JOIN geoloc_pays AS gp ON (gp.pays = {?})
         SET `adr1` = {?}, `adr2` = {?}, `adr3` = {?},
         `postcode` = {?}, `city` = {?}, a.`country` = gp.a2, `datemaj` = NOW(), `pub` = {?}
         WHERE adrid = {?} AND uid = {?}",
@@ -531,7 +606,7 @@ function update_user_pro($uid, $entrid, $pro) {
     $set = "";
     $args_join = array();
     $args_set = array();
-    
+
     $join .= "LEFT JOIN  emploi_secteur AS s ON(s.label LIKE {?})
             LEFT JOIN  emploi_ss_secteur AS ss ON(s.id = ss.secteur AND ss.label LIKE {?})
             LEFT JOIN  fonctions_def AS f ON(f.fonction_fr LIKE {?} OR f.fonction_en LIKE {?})";
@@ -544,7 +619,7 @@ function update_user_pro($uid, $entrid, $pro) {
     $args_set[] = $pro['poste'];
     $args_set[] = $pro['web'];
     $args_set[] = $pro['pub'];
-    
+
     if (isset($pro['adr1'])) {
         $join .= "LEFT JOIN  geoloc_pays AS gp ON (gp.country LIKE {?} OR gp.pays LIKE {?})
                 LEFT JOIN  geoloc_region AS gr ON (gr.a2 = gp.a2 AND gr.name LIKE {?})";
@@ -559,7 +634,7 @@ function update_user_pro($uid, $entrid, $pro) {
         $args_set[] = $pro['city'];
         $args_set[] = $pro['adr_pub'];
     }
-    
+
     if (isset($pro['tel'])) {
         $set .= ", e.`tel` = {?}, e.`fax` = {?}, e.`mobile` = {?}, e.tel_pub = {?}";
         $args_set[] = $pro['tel'];
@@ -571,7 +646,7 @@ function update_user_pro($uid, $entrid, $pro) {
         $set .= ", e.`email` = {?}, e.`email_pub` = {?}";
         $args_set[] = $pro['email'];
         $args_set[] = $pro['email_pub'];
-    }    
+    }
     $query = "UPDATE entreprises AS e ".$join." SET ".substr($set,1)." WHERE e.uid = {?} AND e.entrid = {?}";
     $args_where = array($uid, $entrid);
     $args = array_merge(array($query), $args_join, $args_set, $args_where);
@@ -649,17 +724,17 @@ function set_user_details($uid, $details) {
             XDB::execute(
             "INSERT INTO binets_ins (`user_id`, `binet_id`)
                 SELECT {?}, id FROM binets_def WHERE text = {?} LIMIT 1",
-                $uid, $binet);                
+                $uid, $binet);
     }
     if (isset($details['gpxs']) && is_array($details['gpxs'])) {
         XDB::execute("DELETE FROM groupesx_ins WHERE user_id = {?}", $uid);
         foreach ($details['gpxs'] as $groupex) {
-            if (preg_match('/<a href="[^"]*">([^<]+)</a>/', $groupex, $a)) $groupex = $a[1];
+            if (preg_match('/<a href="[^"]*">([^<]+)</a>/u', $groupex, $a)) $groupex = $a[1];
             XDB::execute(
             "INSERT INTO groupesx_ins (`user_id`, `binet_id`)
                 SELECT {?}, id FROM groupesx_def WHERE text = {?} LIMIT 1",
                 $uid, $groupex);
-        }                
+        }
     }
     // applis
     // medals
@@ -667,7 +742,8 @@ function set_user_details($uid, $details) {
 // }}}
 // {{{ function _user_reindex
 
-function _user_reindex($uid, $keys, $muls) {
+function _user_reindex($uid, $keys, $muls, $pubs)
+{
     foreach ($keys as $i => $key) {
         if ($key == '') {
             continue;
@@ -678,10 +754,29 @@ function _user_reindex($uid, $keys, $muls) {
         while ($toks) {
             $token = strtolower(replace_accent(array_pop($toks) . $token));
             $score = ($toks ? 0 : 10 + $first) * $muls[$i];
-            mysql_query("REPLACE INTO search_name (token, uid, score) VALUES('$token',$uid,$score)");
+            XDB::execute("REPLACE INTO  search_name (token, uid, soundex, score, flags)
+                                VALUES  ({?}, {?}, {?}, {?}, {?})",
+                         $token, $uid, soundex_fr($token), $score, $pubs[$i] ? 'public' : '');
             $first = 0;
         }
     }
+    $res = XDB::query("SELECT  nom_ini, nom, nom_usage, prenom_ini, prenom, promo, matricule
+                         FROM  auth_user_md5
+                        WHERE  user_id = {?}", $uid);
+    if (!$res->numRows()) {
+        unset($res);
+        return;
+    }
+    $array = $res->fetchOneRow();
+    $promo = intval(array_pop($array));
+    $mat   = array_shift($array);
+    array_walk($array, 'soundex_fr');
+    XDB::execute("REPLACE INTO  recherche_soundex
+                           SET  matricule = {?}, nom1_soundex = {?}, nom2_soundex= {?}, nom3_soundex = {?},
+                                prenom1_soundex = {?}, prenom2_soundex= {?}, promo = {?}",
+                 $mat, $array[0], $array[1], $array[2], $array[3], $array[4], $promo);
+    unset($res);
+    unset($array);
 }
 
 // }}}
@@ -690,12 +785,21 @@ function _user_reindex($uid, $keys, $muls) {
 function user_reindex($uid) {
     XDB::execute("DELETE FROM search_name WHERE uid={?}", $uid);
     $res = XDB::query("SELECT prenom, nom, nom_usage, profile_nick FROM auth_user_md5 INNER JOIN auth_user_quick USING(user_id) WHERE auth_user_md5.user_id = {?}", $uid);
-    _user_reindex($uid, $res->fetchOneRow(), array(1,1,1,0.2));
+    if ($res->numRows()) {
+      _user_reindex($uid, $res->fetchOneRow(), array(1,1,1,0.2), array(true, true, true, false));
+    } else { // not in auth_user_quick => still "pending"
+      $res = XDB::query("SELECT prenom, nom, nom_usage FROM auth_user_md5 WHERE auth_user_md5.user_id = {?}", $uid);
+      if ($res->numRows()) {
+          _user_reindex($uid, $res->fetchOneRow(), array(1,1,1), array(true, true, true));
+      }
+    }
 }
 
 // }}}
+// {{{ function set_new_usage()
 
-function set_new_usage($uid, $usage, $alias=false) { 
+function set_new_usage($uid, $usage, $alias=false)
+{
     XDB::execute("UPDATE auth_user_md5 set nom_usage={?} WHERE user_id={?}",$usage ,$uid);
     XDB::execute("DELETE FROM aliases WHERE FIND_IN_SET('usage',flags) AND id={?}", $uid);
     if ($alias && $usage) {
@@ -704,12 +808,38 @@ function set_new_usage($uid, $usage, $alias=false) {
             $alias, $uid);
     }
     $r = XDB::query("SELECT alias FROM aliases WHERE FIND_IN_SET('bestalias', flags) AND id = {?}", $uid);
-    if ($r->fetchOneCell() == "") {
+    if ($r->numRows() == "") {
         XDB::execute("UPDATE aliases SET flags = 1 | flags WHERE id = {?} LIMIT 1", $uid);
+        $r = XDB::query("SELECT alias FROM aliases WHERE FIND_IN_SET('bestalias', flags) AND id = {?}", $uid);
     }
-    require_once 'user.func.inc.php';
     user_reindex($uid);
+    return $r->fetchOneCell();
+}
+
+// }}}
+// {{{ function get_X_mat
+function get_X_mat($ourmat)
+{
+    if (!preg_match('/^[0-9]{8}$/', $ourmat)) {
+        // le matricule de notre base doit comporter 8 chiffres
+        return 0;
+    }
+
+    $year = intval(substr($ourmat, 0, 4));
+    $rang = intval(substr($ourmat, 5, 3));
+    if ($year < 1996) {
+        return;
+    } elseif ($year < 2000) {
+        $year = intval(substr(1900 - $year, 1, 3));
+        return sprintf('%02u0%03u', $year, $rang);
+    } else {
+        $year = intval(substr(1900 - $year, 1, 3));
+        return sprintf('%03u%03u', $year, $rang);
+    }
 }
 
-// vim:set et sw=4 sts=4 sws=4 foldmethod=marker:
+// }}}
+
+
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>