Adds XSRF protection to the Carnet module.

[platal.git] / include / validations.inc.php

diff --git a/include/validations.inc.php b/include/validations.inc.php
index 81c3041..10bfc82 100644 (file)
--- a/include/validations.inc.php
+++ b/include/validations.inc.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -115,6 +115,8 @@ abstract class Validate
         XDB::execute('INSERT INTO requests (user_id, type, data, stamp) VALUES ({?}, {?}, {?}, {?})',
                 $this->uid, $this->type, $this, $this->stamp);
 
+        global $globals;
+        update_NbValid();
         return true;
     }
 
@@ -138,18 +140,20 @@ abstract class Validate
     public function clean()
     {
         if ($this->unique) {
-            return XDB::execute('DELETE FROM requests WHERE user_id={?} AND type={?}',
-                    $this->uid, $this->type);
+            $success = XDB::execute('DELETE FROM requests WHERE user_id={?} AND type={?}',
+                                    $this->uid, $this->type);
         } else {
-            return XDB::execute('DELETE FROM requests WHERE user_id={?} AND type={?} AND stamp={?}',
-                    $this->uid, $this->type, $this->stamp);
+            $success =  XDB::execute('DELETE FROM requests WHERE user_id={?} AND type={?} AND stamp={?}',
+                                      $this->uid, $this->type, $this->stamp);
         }
+        update_NbValid();
+        return $success;
     }
 
     // }}}
     // {{{ function handle_formu()
 
-    /** fonction à réaliser en cas de valistion du formulaire
+    /** fonction à réaliser en cas de validation du formulaire
      */
     public function handle_formu()
     {
@@ -184,10 +188,10 @@ abstract class Validate
 
             // envoi d'un mail à hotliners
             global $globals;
-            $mailer = new PlMailer;
+            $mailer = new PlMailer();
             $mailer->setSubject("Commentaires de validation {$this->type}");
             $mailer->setFrom("validation+{$this->type}@{$globals->mail->domain}");
-            $mailer->addTo($globals->core->admin_emails);
+            $mailer->addTo($globals->core->admin_email);
 
             $body = "Validation {$this->type} pour {$this->prenom} {$this->nom}\n\n"
               . S::v('bestalias')." a ajouté le commentaire :\n\n"
@@ -309,6 +313,17 @@ abstract class Validate
     }
 
     // }}}
+    // {{{ function get_typed_requests_count()
+
+    /** same as get_typed_requests() but return the count of available requests.
+     */
+    static public function get_typed_requests_count($uid, $type)
+    {
+        $res = XDB::query('SELECT COUNT(data) FROM requests WHERE user_id={?} and type={?}', $uid, $type);
+        return $res->fetchOneCell();
+    }
+
+    // }}}
     // {{{ function _mail_body
 
     abstract protected function _mail_body($isok);