prefer use of secure site in bandeau

[platal.git] / modules / admin.php

diff --git a/modules/admin.php b/modules/admin.php
index 0f4b1f1..1b13c58 100644 (file)
--- a/modules/admin.php
+++ b/modules/admin.php
@@ -388,13 +388,15 @@ class AdminModule extends PLModule
 
         if ($login) {
             if (is_numeric($login)) {
-                $r = XDB::query("SELECT *, a.alias AS forlife, u.flags AS sexe,
+                $r = XDB::query("SELECT *, a.alias AS forlife,
+                                        FIND_IN_SET('watch', u.flags) AS watch, FIND_IN_SET('femme', u.flags) AS sexe,
                                         (year(naissance) > promo - 15 or year(naissance) < promo - 25) AS naiss_err
                                    FROM auth_user_md5 AS u
                               LEFT JOIN aliases       AS a ON (a.id = u.user_id AND type= 'a_vie')
                                   WHERE u.user_id = {?}", $login);
             } else {
-                $r  = XDB::query("SELECT  *, a.alias AS forlife, u.flags AS sexe,
+                $r  = XDB::query("SELECT  *, a.alias AS forlife, 
+                                          FIND_IN_SET('watch', u.flags) AS watch, FIND_IN_SET('femme', u.flags) AS sexe,
                                           (year(naissance) > promo - 15 or year(naissance) < promo - 25) AS naiss_err
                                     FROM  auth_user_md5 AS u
                               INNER JOIN  aliases       AS a ON ( a.id = u.user_id AND a.alias={?} AND type!='homonyme' )", $login);
@@ -473,7 +475,23 @@ class AdminModule extends PLModule
                     $nom   = Env::v('nomN');
                     $promo = Env::i('promoN');
                     $sexe  = Env::v('sexeN');
-                    $comm  = Env::v('commentN');
+                    $comm  = trim(Env::v('commentN'));
+                    $watch = Env::v('watchN');
+                    $flags = '';
+                    if ($sexe) {
+                        $flags = 'femme';
+                    }
+                    if ($watch) {
+                        if ($flags) {
+                            $flags .= ',';
+                        }
+                        $flags .= 'watch';
+                    }
+
+                    if ($watch && !$comm) {
+                        $page->trig("Il est nécessaire de mettre un commentaire pour surveiller un compte");
+                        break;
+                    }
 
                     $query = "UPDATE auth_user_md5 SET
                             naissance = '$naiss',
@@ -482,29 +500,29 @@ class AdminModule extends PLModule
                             perms     = '$perms',
                             prenom    = '".addslashes($prenm)."',
                             nom       = '".addslashes($nom)."',
-                            flags     = '$sexe',
+                            flags     = '$flags',
                             promo     = $promo,
                             comment   = '".addslashes($comm)."'
                         WHERE user_id = '{$mr['user_id']}'";
                     if (XDB::execute($query)) {
                             user_reindex($mr['user_id']);
 
-                            $mailer = new PlMailer();
-                            $mailer->setFrom("webmaster@polytechnique.org");
-                            $mailer->addTo("web@polytechnique.org");
-                            $mailer->setSubject("INTERVENTION de ".S::v('forlife'));
-                            $mailer->setTxtBody(preg_replace("/[ \t]+/", ' ', $query));
+                            $mailer = new PlMailer("admin/mail_intervention.tpl");
+                            $mailer->assign("user", S::v('forlife'));
+                            $mailer->assign("query", $query);
                             $mailer->send();
 
                             $page->trig("updaté correctement.");
                         }
                         if (Env::v('nomusageN') != $mr['nom_usage']) {
+                            require_once "xorg.misc.inc.php";
                             set_new_usage($mr['user_id'], Env::v('nomusageN'), make_username(Env::v('prenomN'), Env::v('nomusageN')));
                         }
                         if (Env::v('decesN') != $mr['deces']) {
                             user_clear_all_subs($mr['user_id'], false);
                         }
-                        $r = XDB::query("SELECT *, a.alias AS forlife, u.flags AS sexe
+                        $r = XDB::query("SELECT *, a.alias AS forlife,
+                                                FIND_IN_SET('watch', u.flags) AS watch, FIND_IN_SET('femme', u.flags) AS sexe
                                            FROM auth_user_md5 AS u
                                       LEFT JOIN aliases       AS a ON (a.id = u.user_id AND type= 'a_vie')
                                           WHERE u.user_id = {?}", $mr['user_id']);
@@ -515,11 +533,9 @@ class AdminModule extends PLModule
                     case "u_kill":
                         user_clear_all_subs($mr['user_id']);
                         $page->trig("'{$mr['user_id']}' a été désinscrit !");
-                        $mailer = new PlMailer();
-                        $mailer->setFrom("webmaster@polytechnique.org");
-                        $mailer->addTo("web@polytechnique.org");
-                        $mailer->setSubject("INTERVENTION de ".S::v('forlife'));
-                        $mailer->setTxtBody("\nUtilisateur $login désinscrit");
+                        $mailer = new PlMailer("admin/mail_intervention.tpl");
+                        $mailer->assign("user", S::v('forlife'));
+                        $mailer->assign("query", "\nUtilisateur $login désinscrit");
                         $mailer->send();
                         break;
                 }
@@ -772,11 +788,13 @@ class AdminModule extends PLModule
         }
     }
 
-    function handler_validate(&$page, $action = 'list', $id = null) {
+    function handler_validate(&$page, $action = 'list', $id = null)
+    {
         $page->changeTpl('admin/valider.tpl');
         $page->assign('xorg_title','Polytechnique.org - Administration - Valider une demande');
                $page->addCssLink('nl.css');
-               require_once("validations.inc.php");
+        require_once("validations.inc.php");
+
 
         if ($action == 'edit' and !is_null($id)) {
             $page->assign('preview_id', $id);
@@ -808,6 +826,7 @@ class AdminModule extends PLModule
 
         $page->assign('vit', new ValidateIterator());
     }
+
     function handler_validate_answers(&$page, $action = 'list', $id = null) {
         $page->assign('xorg_title','Polytechnique.org - Administration - Réponses automatiques de validation');
         $page->assign('title', 'Gestion des réponses automatiques');
@@ -925,6 +944,7 @@ class AdminModule extends PLModule
 
 
         $page->changeTpl('admin/wiki.tpl');
+        $page->addJsLink('jquery.js');
         $page->assign('wiki_pages', $wiki_tree);
         $page->assign('perms_opts', $perms);
     }
@@ -934,7 +954,7 @@ class AdminModule extends PLModule
         $page->changeTpl('admin/ipwatcher.tpl');
             
         $states = array('safe'      => 'Ne pas surveiller',
-                        'unsafe'    => 'Surveiller les inscription',
+                        'unsafe'    => 'Surveiller les inscriptions',
                         'dangerous' => 'Surveiller tous les accès',
                         'ban'       => 'Bannir cette adresse');
         $page->assign('states', $states);