<?php
/***************************************************************************
- * Copyright (C) 2003-2006 Polytechnique.org *
+ * Copyright (C) 2003-2008 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
function handlers()
{
return array(
- 'carnet' => $this->make_hook('index', AUTH_COOKIE),
- 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
- 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
+ 'carnet' => $this->make_hook('index', AUTH_COOKIE),
+ 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE),
+ 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE),
- 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
- 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE),
+ 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE),
+ 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS),
+ 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS),
+ 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS),
- 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC),
- 'carnet/ical' => $this->make_hook('ical', AUTH_PUBLIC),
+ 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS),
);
}
if (!S::has('core_rss_hash')) {
return;
}
- $page->assign('xorg_rss',
- array('title' => 'Polytechnique.org :: Carnet',
- 'href' => '/carnet/rss/'.S::v('forlife')
- .'/'.S::v('core_rss_hash').'/rss.xml')
- );
+ $page->setRssLink('Polytechnique.org :: Carnet',
+ '/carnet/rss/'.S::v('hruid').'/'.S::v('core_rss_hash').'/rss.xml');
}
function handler_index(&$page)
{
$page->changeTpl('carnet/index.tpl');
- $page->assign('xorg_title','Polytechnique.org - Mon carnet');
+ $page->setTitle('Mon carnet');
$this->_add_rss_link($page);
}
$page->changeTpl('carnet/panel.tpl');
if (Get::has('read')) {
- $_SESSION['watch_last'] = Get::v('read');
+ S::set('watch_last', Get::v('read'));
+ Platal::session()->updateNbNotifs();
pl_redirect('carnet/panel');
}
if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) {
$p = intval($matches[1]);
if($p<1900 || $p>2100) {
- $page->trig("la promo entrée est invalide");
+ $page->trigError("la promo entrée est invalide");
} else {
if ($action == 'add_promo') {
$watch->_promos->add($p);
$p1 = intval($matches[1]);
$p2 = intval($matches[2]);
if($p1<1900 || $p1>2100) {
- $page->trig('la première promo de la plage entrée est invalide');
+ $page->trigError('la première promo de la plage entrée est invalide');
} elseif($p2<1900 || $p2>2100) {
- $page->trig('la seconde promo de la plage entrée est invalide');
+ $page->trigError('la seconde promo de la plage entrée est invalide');
} else {
if ($action == 'add_promo') {
$watch->_promos->addRange($p1, $p2);
}
}
} else {
- $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect.");
+ $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect.");
}
}
$promo_sortie = $res->fetchOneCell();
$page->assign('promo_sortie', $promo_sortie);
+ if ($action) {
+ S::assert_xsrf_token();
+ }
switch ($action) {
case 'add_promo':
case 'del_promo':
break;
}
- if (Env::has('subs')) $watch->_subs->update('sub');
+ if (Env::has('subs')) {
+ S::assert_xsrf_token();
+ $watch->_subs->update('sub');
+ }
+
if (Env::has('flags_contacts')) {
+ S::assert_xsrf_token();
$watch->watch_contacts = Env::b('contacts');
$watch->saveFlags();
}
+
if (Env::has('flags_mail')) {
- $watch->watch_mail = Env::b('mail');
+ S::assert_xsrf_token();
+ $watch->watch_mail = Env::b('mail');
$watch->saveFlags();
}
$page->assign_by_ref('watch', $watch);
}
- function _get_list($offset, $limit) {
- $uid = S::v('uid');
- $res = XDB::query("SELECT COUNT(*) FROM contacts WHERE uid = {?}", $uid);
- $total = $res->fetchOneCell();
-
- $order = Get::v('order');
- $orders = Array(
- 'nom' => 'nom DESC, u.prenom, u.promo',
- 'promo' => 'promo DESC, nom, u.prenom',
- 'last' => 'u.date DESC, nom, u.prenom, promo');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $order = $orders[$order];
- if (Get::v('inv') == '')
- $order = str_replace(" DESC,", ",", $order);
-
- $res = XDB::query("
- SELECT u.prenom, IF(u.nom_usage='',u.nom,u.nom_usage) AS nom, a.alias AS forlife, u.promo
- FROM contacts AS c
- INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
- INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')
- WHERE c.uid = {?}
- ORDER BY $order
- LIMIT {?}, {?}", $uid, $offset*$limit, $limit);
- $list = $res->fetchAllAssoc();
-
- return Array($total, $list);
- }
-
- function handler_contacts(&$page, $action = null)
+ function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null)
{
- $page->changeTpl('carnet/mescontacts.tpl');
- require_once("applis.func.inc.php");
- $page->assign('xorg_title','Polytechnique.org - Mes contacts');
+ $page->setTitle('Mes contacts');
+ $this->_add_rss_link($page);
$uid = S::v('uid');
$user = Env::v('user');
+ // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
+ // It allows direct linking to contact adding in the RSS feed.
+ if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+ S::assert_xsrf_token();
+ }
switch (Env::v('action')) {
case 'retirer':
- if (is_numeric($user)) {
- if (XDB::execute('DELETE FROM contacts
- WHERE uid = {?} AND contact = {?}',
- $uid, $user))
- {
- $page->trig("Contact retiré !");
- }
- } else {
- if (XDB::execute(
- 'DELETE FROM contacts
- USING contacts AS c
- INNER JOIN aliases AS a ON (c.contact=a.id and a.type!="homonyme")
- WHERE c.uid = {?} AND a.alias={?}', $uid, $user))
- {
- $page->trig("Contact retiré !");
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("DELETE FROM contacts
+ WHERE uid = {?} AND contact = {?}", $uid, $user->id())) {
+ $page->trigSuccess("Contact retiré !");
}
}
break;
case 'ajouter':
- require_once('user.func.inc.php');
- if (($login = get_user_login($user)) !== false) {
- if (XDB::execute(
- 'INSERT INTO contacts (uid, contact)
- SELECT {?}, id
- FROM aliases
- WHERE alias = {?}', $uid, $login))
- {
- $page->trig('Contact ajouté !');
+ if (($user = User::get(Env::v('user')))) {
+ if (XDB::execute("REPLACE INTO contacts (uid, contact)
+ VALUES ({?}, {?})", $uid, $user->id())) {
+ $page->trigSuccess('Contact ajouté !');
} else {
- $page->trig('Contact déjà dans la liste !');
+ $page->trigWarning('Contact déjà dans la liste !');
}
}
+ break;
}
- if ($action == 'trombi') {
- require_once 'trombi.inc.php';
-
- $trombi = new Trombi(array($this, '_get_list'));
- $trombi->setNbRows(4);
- $page->assign_by_ref('trombi',$trombi);
-
- $order = Get::v('order');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
+ $search = false;
+ if ($action == 'search') {
+ $action = $subaction;
+ $subaction = $ssaction;
+ $search = true;
+ }
+ if ($search && trim(Env::v('quick'))) {
+ require_once 'userset.inc.php';
+ $base = 'carnet/contacts/search';
+ Platal::load('search', 'classes.inc.php');
+ ThrowError::$throwHook = array($this, 'searchErrorHandler');
+ $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid");
} else {
-
- $order = Get::v('order');
- $orders = Array(
- 'nom' => 'sortkey DESC, a.prenom, a.promo',
- 'promo' => 'promo DESC, sortkey, a.prenom',
- 'last' => 'a.date DESC, sortkey, a.prenom, promo');
- if ($order != 'promo' && $order != 'last')
- $order = 'nom';
- $page->assign('order', $order);
- $page->assign('inv', Get::v('inv'));
- $order = $orders[$order];
- if (Get::v('inv') == '')
- $order = str_replace(" DESC,", ",", $order);
-
- $sql = "SELECT contact AS id,
- a.*, l.alias AS forlife,
- 1 AS inscrit,
- a.perms != 'pending' AS wasinscrit,
- a.deces != 0 AS dcd, a.deces, a.matricule_ax,
- FIND_IN_SET('femme', a.flags) AS sexe,
- e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction,
- IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166,
- ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type,
- ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type,
- adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region,
- IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey
- FROM contacts AS c
- INNER JOIN auth_user_md5 AS a ON (a.user_id = c.contact)
- INNER JOIN aliases AS l ON (a.user_id = l.id AND l.type='a_vie')
- LEFT JOIN entreprises AS e ON (e.entrid = 0 AND e.uid = a.user_id)
- LEFT JOIN emploi_secteur AS es ON (e.secteur = es.id)
- LEFT JOIN fonctions_def AS ef ON (e.fonction = ef.id)
- LEFT JOIN geoloc_pays AS n ON (a.nationalite = n.a2)
- LEFT JOIN applis_ins AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0)
- LEFT JOIN applis_def AS ad0 ON (ad0.id = ai0.aid)
- LEFT JOIN applis_ins AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1)
- LEFT JOIN applis_def AS ad1 ON (ad1.id = ai1.aid)
- LEFT JOIN adresses AS adr ON (a.user_id = adr.uid
- AND FIND_IN_SET('active', adr.statut))
- LEFT JOIN geoloc_pays AS gp ON (adr.country = gp.a2)
- LEFT JOIN geoloc_region AS gr ON (adr.country = gr.a2 AND adr.region = gr.region)
- WHERE c.uid = $uid
- ORDER BY ".$order;
-
- $page->assign_by_ref('citer', XDB::iterator($sql));
+ $base = 'carnet/contacts';
+ $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid ");
+ }
+ $view->addMod('minifiche', 'Mini-fiches', true);
+ $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
+ $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search'));
+ $view->apply($base, $page, $action, $subaction);
+ if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) {
+ $page->changeTpl('carnet/mescontacts.tpl');
}
}
function handler_pdf(&$page, $arg0 = null, $arg1 = null)
{
- require_once 'contacts.pdf.inc.php';
+ $this->load('contacts.pdf.inc.php');
require_once 'user.func.inc.php';
- session_write_close();
+ Platal::session()->close();
$sql = "SELECT a.alias
FROM aliases AS a
while (list($alias) = $citer->next()) {
$user = get_user_details($alias);
- $pdf->addContact($user, $arg0 == 'photos' || $arg1 == 'photos');
+ foreach ($user as &$value) {
+ if (is_utf8($value)) {
+ $value = utf8_decode($value);
+ }
+ }
+ $pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos');
}
$pdf->Output();
function handler_rss(&$page, $user = null, $hash = null)
{
- require_once 'rss.inc.php';
- require_once 'notifs.inc.php';
-
- $uid = init_rss('carnet/rss.tpl', $user, $hash);
- $notifs = new Notifs($uid, false);
- $page->assign('notifs', $notifs);
+ $this->load('feed.inc.php');
+ $feed = new CarnetFeed();
+ return $feed->run($page, $user, $hash);
}
- function handler_ical(&$page)
+ function handler_ical(&$page, $alias = null, $hash = null)
{
+ require_once 'rss.inc.php';
+ $uid = init_rss(null, $alias, $hash, false);
+ if (S::logged()) {
+ if (!$uid) {
+ $uid = S::i('uid');
+ } else if ($uid != S::i('uid')) {
+ send_warning_email("Récupération d\'un autre utilisateur ($uid)");
+ }
+ } else if (!$uid) {
+ exit;
+ }
+
+ require_once 'ical.inc.php';
$page->changeTpl('carnet/calendar.tpl', NO_SKIN);
+ $page->register_function('display_ical', 'display_ical');
$res = XDB::iterRow(
'SELECT u.prenom,
u.naissance,
DATE_ADD(u.naissance, INTERVAL 1 DAY) AS end,
u.date_ins,
- a.alias AS forlife
+ u.hruid
FROM contacts AS c
INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
- WHERE c.uid = {?}', S::v('uid'));
+ WHERE c.uid = {?}', $uid);
$annivs = Array();
- while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) {
+ while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) {
$naissance = str_replace('-', '', $naissance);
$end = str_replace('-', '', $end);
$annivs[] = array(
'timestamp' => strtotime($ts),
'date' => $naissance,
'tomorrow' => $end,
- 'forlife' => $forlife,
+ 'hruid' => $hruid,
'summary' => 'Anniversaire de '.$prenom
.' '.$nom.' - x '.$promo,
);
header('Content-Type: text/calendar; charset=utf-8');
}
+
+ function handler_vcard(&$page, $photos = null)
+ {
+ $res = XDB::query('SELECT contact
+ FROM contacts
+ WHERE uid = {?}', S::v('uid'));
+ $vcard = new VCard($photos == 'photos');
+ $vcard->addUsers($res->fetchColumn());
+ $vcard->show();
+ }
}
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>