<?php
/***************************************************************************
- * Copyright (C) 2003-2006 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
function handlers()
{
return array(
- 'carnet' => $this->make_hook('index', AUTH_COOKIE),
- 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
- 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
+ 'carnet' => $this->make_hook('index', AUTH_COOKIE),
+ 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
+ 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
- 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
- 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE),
+ 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
+ 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS),
+ 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS),
+ 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS),
- 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC),
- 'carnet/ical' => $this->make_hook('ical', AUTH_PUBLIC),
+ 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS),
);
}
+ function on_subscribe($forlife, $uid, $promo, $password)
+ {
+ require_once 'notifs.inc.php';
+ register_watch_op($uid, WATCH_INSCR);
+ inscription_notifs_base($uid);
+ }
+
function _add_rss_link(&$page)
{
if (!S::has('core_rss_hash')) {
return;
}
- $page->assign('xorg_rss',
- array('title' => 'Polytechnique.org :: Carnet',
- 'href' => '/carnet/rss/'.S::v('forlife')
- .'/'.S::v('core_rss_hash').'/rss.xml')
- );
+ $page->setRssLink('Polytechnique.org :: Carnet',
+ '/carnet/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml');
}
function handler_index(&$page)
$page->changeTpl('carnet/panel.tpl');
if (Get::has('read')) {
- $_SESSION['watch_last'] = Get::get('read');
+ $_SESSION['watch_last'] = Get::v('read');
+ update_NbNotifs();
pl_redirect('carnet/panel');
}
if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) {
$p = intval($matches[1]);
if($p<1900 || $p>2100) {
- $page->trig("la promo entrée est invalide");
+ $page->trigError("la promo entrée est invalide");
} else {
if ($action == 'add_promo') {
$watch->_promos->add($p);
$p1 = intval($matches[1]);
$p2 = intval($matches[2]);
if($p1<1900 || $p1>2100) {
- $page->trig('la première promo de la plage entrée est invalide');
+ $page->trigError('la première promo de la plage entrée est invalide');
} elseif($p2<1900 || $p2>2100) {
- $page->trig('la seconde promo de la plage entrée est invalide');
+ $page->trigError('la seconde promo de la plage entrée est invalide');
} else {
if ($action == 'add_promo') {
$watch->_promos->addRange($p1, $p2);
}
}
} else {
- $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect.");
+ $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect.");
}
}
$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
+ if ($action) {
+ S::assert_xsrf_token();
+ }
switch ($action) {
case 'add_promo':
case 'del_promo':
break;
}
- if (Env::has('subs')) $watch->_subs->update('sub');
+ if (Env::has('subs')) {
+ S::assert_xsrf_token();
+ $watch->_subs->update('sub');
+ }
+
if (Env::has('flags_contacts')) {
- $watch->watch_contacts = Env::getBool('contacts');
+ S::assert_xsrf_token();
+ $watch->watch_contacts = Env::b('contacts');
$watch->saveFlags();
}
+
if (Env::has('flags_mail')) {
- $watch->watch_mail = Env::getBool('mail');
+ S::assert_xsrf_token();
+ $watch->watch_mail = Env::b('mail');
$watch->saveFlags();
}
$res = XDB::query("SELECT COUNT(*) FROM contacts WHERE uid = {?}", $uid);
$total = $res->fetchOneCell();
- $order = Get::get('order');
+ $order = Get::v('order');
$orders = Array(
'nom' => 'nom DESC, u.prenom, u.promo',
'promo' => 'promo DESC, nom, u.prenom',
if ($order != 'promo' && $order != 'last')
$order = 'nom';
$order = $orders[$order];
- if (Get::get('inv') == '')
+ if (Get::v('inv') == '')
$order = str_replace(" DESC,", ",", $order);
$res = XDB::query("
return Array($total, $list);
}
- function handler_contacts(&$page, $action = null)
+ function searchErrorHandler($explain) {
+ global $page;
+ $page->trigError($explain);
+ $this->handler_contacts($page);
+ }
+
+ function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null)
{
- $page->changeTpl('carnet/mescontacts.tpl');
- require_once("applis.func.inc.php");
$page->assign('xorg_title','Polytechnique.org - Mes contacts');
+ $this->_add_rss_link($page);
$uid = S::v('uid');
- $user = Env::get('user');
+ $user = Env::v('user');
- switch (Env::get('action')) {
+ // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
+ // It allows direct linking to contact adding in the RSS feed.
+ if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ S::assert_xsrf_token();
+ }
+ switch (Env::v('action')) {
case 'retirer':
- if (is_numeric($user)) {
- if (XDB::execute('DELETE FROM contacts
- WHERE uid = {?} AND contact = {?}',
- $uid, $user))
- {
- $page->trig("Contact retiré !");
- }
- } else {
- if (XDB::execute(
- 'DELETE FROM contacts
- USING contacts AS c
- INNER JOIN aliases AS a ON (c.contact=a.id and a.type!="homonyme")
- WHERE c.uid = {?} AND a.alias={?}', $uid, $user))
- {
- $page->trig("Contact retiré !");
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("DELETE FROM contacts
+ WHERE uid = {?} AND contact = {?}", $uid, $user->id())) {
+ $page->trigSuccess("Contact retiré !");
}
}
break;
case 'ajouter':
- require_once('user.func.inc.php');
- if (($login = get_user_login($user)) !== false) {
- if (XDB::execute(
- 'INSERT INTO contacts (uid, contact)
- SELECT {?}, id
- FROM aliases
- WHERE alias = {?}', $uid, $login))
- {
- $page->trig('Contact ajouté !');
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("REPLACE INTO contacts (uid, contact)
+ VALUES ({?}, {?})", $uid, $user->id())) {
+ $page->trigSuccess('Contact ajouté !');
} else {
- $page->trig('Contact déjà dans la liste !');
+ $page->trigWarning('Contact déjà dans la liste !');
}
}
+ break;
}
- if ($action == 'trombi') {
- require_once 'trombi.inc.php';
-
- $trombi = new Trombi(array($this, '_get_list'));
- $trombi->setNbRows(4);
- $page->assign_by_ref('trombi',$trombi);
-
- $order = Get::get('order');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::get('inv'));
+ $search = false;
+ if ($action == 'search') {
+ $action = $subaction;
+ $subaction = $ssaction;
+ $search = true;
+ }
+ if ($search && trim(Env::v('quick'))) {
+ require_once 'userset.inc.php';
+ $base = 'carnet/contacts/search';
+ require_once(dirname(__FILE__) . '/search/classes.inc.php');
+ ThrowError::$throwHook = array($this, 'searchErrorHandler');
+ $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid");
} else {
-
- $order = Get::get('order');
- $orders = Array(
- 'nom' => 'sortkey DESC, a.prenom, a.promo',
- 'promo' => 'promo DESC, sortkey, a.prenom',
- 'last' => 'a.date DESC, sortkey, a.prenom, promo');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::get('inv'));
- $order = $orders[$order];
- if (Get::get('inv') == '')
- $order = str_replace(" DESC,", ",", $order);
-
- $sql = "SELECT contact AS id,
- a.*, l.alias AS forlife,
- 1 AS inscrit,
- a.perms != 'pending' AS wasinscrit,
- a.deces != 0 AS dcd, a.deces, a.matricule_ax,
- FIND_IN_SET('femme', a.flags) AS sexe,
- e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction,
- IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166,
- ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type,
- ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type,
- adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region,
- IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey
- FROM contacts AS c
- INNER JOIN auth_user_md5 AS a ON (a.user_id = c.contact)
- INNER JOIN aliases AS l ON (a.user_id = l.id AND l.type='a_vie')
- LEFT JOIN entreprises AS e ON (e.entrid = 0 AND e.uid = a.user_id)
- LEFT JOIN emploi_secteur AS es ON (e.secteur = es.id)
- LEFT JOIN fonctions_def AS ef ON (e.fonction = ef.id)
- LEFT JOIN geoloc_pays AS n ON (a.nationalite = n.a2)
- LEFT JOIN applis_ins AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0)
- LEFT JOIN applis_def AS ad0 ON (ad0.id = ai0.aid)
- LEFT JOIN applis_ins AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1)
- LEFT JOIN applis_def AS ad1 ON (ad1.id = ai1.aid)
- LEFT JOIN adresses AS adr ON (a.user_id = adr.uid
- AND FIND_IN_SET('active', adr.statut))
- LEFT JOIN geoloc_pays AS gp ON (adr.country = gp.a2)
- LEFT JOIN geoloc_region AS gr ON (adr.country = gr.a2 AND adr.region = gr.region)
- WHERE c.uid = $uid
- ORDER BY ".$order;
-
- $page->assign_by_ref('citer', XDB::iterator($sql));
+ $base = 'carnet/contacts';
+ $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid ");
+ }
+ $view->addMod('minifiche', 'Mini-Fiches', true);
+ $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
+ $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search'));
+ $view->apply($base, $page, $action, $subaction);
+ if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) {
+ $page->changeTpl('carnet/mescontacts.tpl');
}
}
function handler_pdf(&$page, $arg0 = null, $arg1 = null)
{
- require_once 'contacts.pdf.inc.php';
+ require_once dirname(__FILE__).'/carnet/contacts.pdf.inc.php';
require_once 'user.func.inc.php';
session_write_close();
while (list($alias) = $citer->next()) {
$user = get_user_details($alias);
- $pdf->addContact($user, $arg0 == 'photos' || $arg1 == 'photos');
+ foreach ($user as &$value) {
+ if (is_utf8($value)) {
+ $value = utf8_decode($value);
+ }
+ }
+ $pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos');
}
$pdf->Output();
$page->assign('notifs', $notifs);
}
- function handler_ical(&$page, $user = null, $hash = null, $all = null)
+ function handler_ical(&$page, $alias = null, $hash = null)
{
- $page->changeTpl('carnet/calendar.tpl', NO_SKIN);
-
- if ($alias && $hash) {
- $res = XDB::query(
- 'SELECT a.id
- FROM aliases AS a
- INNER JOIN auth_user_quick AS q ON ( a.id = q.user_id AND q.core_rss_hash = {?} )
- WHERE a.alias = {?} AND a.type != "homonyme"', $hash, $alias);
- $uid = $res->fetchOneCell();
- }
-
- require_once 'notifs.inc.php';
- $notifs = new Notifs($uid, true);
-
- $annivcat = false;
- foreach ($notifs->_cats as $cat) {
- if (preg_match('/anniv/i', $cat['short']))
- $annivcat = $cat['id'];
- }
-
- if ($annivcat !== false) {
- $annivs = array();
- foreach ($notifs->_data[$annivcat] as $promo) {
- foreach ($promo as $notif) {
- if ($all == 'all' || $notif['contact']) {
- $annivs[] = array(
- 'timestamp' => $notif['known'],
- 'date' => strtotime($notif['date']),
- 'tomorrow' => strtotime("+1 day", strtotime($notif['date'])),
- 'bestalias' => $notif['bestalias'],
- 'summary' => 'Anniversaire de '.$notif['prenom']
- .' '.$notif['nom'].' - x '.$notif['promo'],
- );
- }
- }
+ require_once 'rss.inc.php';
+ $uid = init_rss(null, $alias, $hash, false);
+ if (S::logged()) {
+ if (!$uid) {
+ $uid = S::i('uid');
+ } else if ($uid != S::i('uid')) {
+ require_once 'xorg.misc.inc.php';
+ send_warning_email("Récupération d\'un autre utilisateur ($uid)");
}
- $page->assign('events', $annivs);
+ } else if (!$uid) {
+ exit;
}
+ require_once 'ical.inc.php';
+ $page->changeTpl('carnet/calendar.tpl', NO_SKIN);
+ $page->register_function('display_ical', 'display_ical');
+
+ $res = XDB::iterRow(
+ 'SELECT u.prenom,
+ IF(u.nom_usage = \'\',u.nom,u.nom_usage) AS nom,
+ u.promo,
+ u.naissance,
+ DATE_ADD(u.naissance, INTERVAL 1 DAY) AS end,
+ u.date_ins,
+ a.alias AS forlife
+ FROM contacts AS c
+ INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
+ INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
+ WHERE c.uid = {?}', $uid);
+
+ $annivs = Array();
+ while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) {
+ $naissance = str_replace('-', '', $naissance);
+ $end = str_replace('-', '', $end);
+ $annivs[] = array(
+ 'timestamp' => strtotime($ts),
+ 'date' => $naissance,
+ 'tomorrow' => $end,
+ 'forlife' => $forlife,
+ 'summary' => 'Anniversaire de '.$prenom
+ .' '.$nom.' - x '.$promo,
+ );
+ }
+ $page->assign('events', $annivs);
header('Content-Type: text/calendar; charset=utf-8');
}
+
+ function handler_vcard(&$page, $photos = null)
+ {
+ $res = XDB::query('SELECT contact
+ FROM contacts
+ WHERE uid = {?}', S::v('uid'));
+ $vcard = new VCard($res->fetchColumn(), $photos == 'photos');
+ $vcard->do_page(&$page);
+ }
}
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>