<?php
/***************************************************************************
- * Copyright (C) 2003-2007 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
- 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE),
- 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_COOKIE),
- 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE),
+ 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS),
+ 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS),
+ 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS),
- 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC),
+ 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS),
);
}
if (Get::has('read')) {
$_SESSION['watch_last'] = Get::v('read');
+ update_NbNotifs();
pl_redirect('carnet/panel');
}
if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) {
$p = intval($matches[1]);
if($p<1900 || $p>2100) {
- $page->trig("la promo entrée est invalide");
+ $page->trigError("la promo entrée est invalide");
} else {
if ($action == 'add_promo') {
$watch->_promos->add($p);
$p1 = intval($matches[1]);
$p2 = intval($matches[2]);
if($p1<1900 || $p1>2100) {
- $page->trig('la première promo de la plage entrée est invalide');
+ $page->trigError('la première promo de la plage entrée est invalide');
} elseif($p2<1900 || $p2>2100) {
- $page->trig('la seconde promo de la plage entrée est invalide');
+ $page->trigError('la seconde promo de la plage entrée est invalide');
} else {
if ($action == 'add_promo') {
$watch->_promos->addRange($p1, $p2);
}
}
} else {
- $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect.");
+ $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect.");
}
}
$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
+ if ($action) {
+ S::assert_xsrf_token();
+ }
switch ($action) {
case 'add_promo':
case 'del_promo':
break;
}
- if (Env::has('subs')) $watch->_subs->update('sub');
+ if (Env::has('subs')) {
+ S::assert_xsrf_token();
+ $watch->_subs->update('sub');
+ }
+
if (Env::has('flags_contacts')) {
+ S::assert_xsrf_token();
$watch->watch_contacts = Env::b('contacts');
$watch->saveFlags();
}
+
if (Env::has('flags_mail')) {
- $watch->watch_mail = Env::b('mail');
+ S::assert_xsrf_token();
+ $watch->watch_mail = Env::b('mail');
$watch->saveFlags();
}
return Array($total, $list);
}
- function handler_contacts(&$page, $action = null)
+ function searchErrorHandler($explain) {
+ global $page;
+ $page->trigError($explain);
+ $this->handler_contacts($page);
+ }
+
+ function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null)
{
- $page->changeTpl('carnet/mescontacts.tpl');
- require_once("applis.func.inc.php");
$page->assign('xorg_title','Polytechnique.org - Mes contacts');
$this->_add_rss_link($page);
$uid = S::v('uid');
$user = Env::v('user');
+ // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
+ // It allows direct linking to contact adding in the RSS feed.
+ if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ S::assert_xsrf_token();
+ }
switch (Env::v('action')) {
case 'retirer':
- if (is_numeric($user)) {
- if (XDB::execute('DELETE FROM contacts
- WHERE uid = {?} AND contact = {?}',
- $uid, $user))
- {
- $page->trig("Contact retiré !");
- }
- } else {
- if (XDB::execute(
- 'DELETE FROM c
- USING contacts AS c
- INNER JOIN aliases AS a ON (c.contact=a.id and a.type!="homonyme")
- WHERE c.uid = {?} AND a.alias={?}', $uid, $user))
- {
- $page->trig("Contact retiré !");
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("DELETE FROM contacts
+ WHERE uid = {?} AND contact = {?}", $uid, $user->id())) {
+ $page->trigSuccess("Contact retiré !");
}
}
break;
case 'ajouter':
- require_once('user.func.inc.php');
- if (($login = get_user_login($user)) !== false) {
- if (XDB::execute(
- 'INSERT INTO contacts (uid, contact)
- SELECT {?}, id
- FROM aliases
- WHERE alias = {?}', $uid, $login))
- {
- $page->trig('Contact ajouté !');
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("REPLACE INTO contacts (uid, contact)
+ VALUES ({?}, {?})", $uid, $user->id())) {
+ $page->trigSuccess('Contact ajouté !');
} else {
- $page->trig('Contact déjà dans la liste !');
+ $page->trigWarning('Contact déjà dans la liste !');
}
}
+ break;
}
- if ($action == 'trombi') {
- $trombi = new Trombi(array($this, '_get_list'));
- $trombi->setNbRows(4);
- $page->assign_by_ref('trombi',$trombi);
-
- $order = Get::v('order');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
+ $search = false;
+ if ($action == 'search') {
+ $action = $subaction;
+ $subaction = $ssaction;
+ $search = true;
+ }
+ if ($search && trim(Env::v('quick'))) {
+ require_once 'userset.inc.php';
+ $base = 'carnet/contacts/search';
+ require_once(dirname(__FILE__) . '/search/classes.inc.php');
+ ThrowError::$throwHook = array($this, 'searchErrorHandler');
+ $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid");
} else {
-
- $order = Get::v('order');
- $orders = Array(
- 'nom' => 'sortkey DESC, a.prenom, a.promo',
- 'promo' => 'promo DESC, sortkey, a.prenom',
- 'last' => 'a.date DESC, sortkey, a.prenom, promo');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
- $order = $orders[$order];
- if (Get::v('inv') == '')
- $order = str_replace(" DESC,", ",", $order);
-
- $sql = "SELECT contact AS id,
- a.*, l.alias AS forlife,
- 1 AS inscrit,
- a.perms != 'pending' AS wasinscrit,
- a.deces != 0 AS dcd, a.deces, a.matricule_ax,
- FIND_IN_SET('femme', a.flags) AS sexe,
- e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction,
- IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166,
- ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type,
- ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type,
- adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region,
- IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey,
- COUNT(em.email) > 0 AS actif
- FROM contacts AS c
- INNER JOIN auth_user_md5 AS a ON (a.user_id = c.contact)
- INNER JOIN aliases AS l ON (a.user_id = l.id AND l.type='a_vie')
- LEFT JOIN entreprises AS e ON (e.entrid = 0 AND e.uid = a.user_id)
- LEFT JOIN emploi_secteur AS es ON (e.secteur = es.id)
- LEFT JOIN fonctions_def AS ef ON (e.fonction = ef.id)
- LEFT JOIN geoloc_pays AS n ON (a.nationalite = n.a2)
- LEFT JOIN applis_ins AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0)
- LEFT JOIN applis_def AS ad0 ON (ad0.id = ai0.aid)
- LEFT JOIN applis_ins AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1)
- LEFT JOIN applis_def AS ad1 ON (ad1.id = ai1.aid)
- LEFT JOIN adresses AS adr ON (a.user_id = adr.uid
- AND FIND_IN_SET('active', adr.statut))
- LEFT JOIN geoloc_pays AS gp ON (adr.country = gp.a2)
- LEFT JOIN geoloc_region AS gr ON (adr.country = gr.a2 AND adr.region = gr.region)
- LEFT JOIN emails AS em ON (em.uid = a.user_id AND em.flags = 'active')
- WHERE c.uid = $uid
- GROUP BY a.user_id
- ORDER BY ".$order;
-
- $page->assign('citer', XDB::iterator($sql));
+ $base = 'carnet/contacts';
+ $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid ");
+ }
+ $view->addMod('minifiche', 'Mini-Fiches', true);
+ $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
+ $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search'));
+ $view->apply($base, $page, $action, $subaction);
+ if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) {
+ $page->changeTpl('carnet/mescontacts.tpl');
}
}
while (list($alias) = $citer->next()) {
$user = get_user_details($alias);
+ foreach ($user as &$value) {
+ if (is_utf8($value)) {
+ $value = utf8_decode($value);
+ }
+ }
$pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos');
}
$pdf->Output();
$page->assign('notifs', $notifs);
}
- function handler_ical(&$page)
+ function handler_ical(&$page, $alias = null, $hash = null)
{
+ require_once 'rss.inc.php';
+ $uid = init_rss(null, $alias, $hash, false);
+ if (S::logged()) {
+ if (!$uid) {
+ $uid = S::i('uid');
+ } else if ($uid != S::i('uid')) {
+ require_once 'xorg.misc.inc.php';
+ send_warning_email("Récupération d\'un autre utilisateur ($uid)");
+ }
+ } else if (!$uid) {
+ exit;
+ }
require_once 'ical.inc.php';
$page->changeTpl('carnet/calendar.tpl', NO_SKIN);
$page->register_function('display_ical', 'display_ical');
FROM contacts AS c
INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
- WHERE c.uid = {?}', S::v('uid'));
+ WHERE c.uid = {?}', $uid);
$annivs = Array();
while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) {
$res = XDB::query('SELECT contact
FROM contacts
WHERE uid = {?}', S::v('uid'));
-
- require_once('vcard.inc.php');
$vcard = new VCard($res->fetchColumn(), $photos == 'photos');
$vcard->do_page(&$page);
}