<?php
/***************************************************************************
- * Copyright (C) 2003-2008 Polytechnique.org *
+ * Copyright (C) 2003-2009 Polytechnique.org *
* http://opensource.polytechnique.org/ *
* *
* This program is free software; you can redistribute it and/or modify *
'lists/create' => $this->make_hook('create', AUTH_MDP),
'lists/members' => $this->make_hook('members', AUTH_COOKIE),
+ 'lists/csv' => $this->make_hook('csv', AUTH_COOKIE),
'lists/annu' => $this->make_hook('annu', AUTH_COOKIE),
'lists/archives' => $this->make_hook('archives', AUTH_COOKIE),
'lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS),
);
}
- function on_subscribe($forlife, $uid, $promo, $password)
- {
- $this->prepare_client(null);
- $this->client->subscribe("promo$promo");
- }
-
- function prepare_client(&$page)
+ function prepare_client(&$page, $user = null)
{
global $globals;
- require_once dirname(__FILE__).'/lists/lists.inc.php';
+ $this->load('lists.inc.php');
+ if (is_null($user)) {
+ $user = S::user();
+ }
- $this->client = new MMList(S::v('uid'), S::v('password'));
+ $this->client = new MMList($user);
return $globals->mail->domain;
}
$page->changeTpl('lists/index.tpl');
$page->addJsLink('ajax.js');
- $page->assign('xorg_title','Polytechnique.org - Listes de diffusion');
+ $page->setTitle('Listes de diffusion');
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe(Get::v('del'));
pl_redirect('lists');
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe(Get::v('add'));
pl_redirect('lists');
}
if (Post::has('promo_add')) {
+ S::assert_xsrf_token();
+
$promo = Post::i('promo_add');
if ($promo >= 1900 and $promo < 2100) {
$this->client->subscribe("promo$promo");
} else {
- $page->trig("promo incorrecte, il faut une promo sur 4 chiffres.");
+ $page->trigSuccess("promo incorrecte, il faut une promo sur 4 chiffres.");
}
}
+
$listes = $this->client->get_lists();
$owner = array_filter($listes, 'filter_owner');
$listes = array_diff_key($listes, $owner);
header('Content-Type: text/html; charset="UTF-8"');
$domain = $this->prepare_client($page);
$page->changeTpl('lists/liste.inc.tpl', NO_SKIN);
+ S::assert_xsrf_token();
+
if (Get::has('unsubscribe')) {
$this->client->unsubscribe($list);
}
function handler_create(&$page)
{
+ global $globals;
+
$page->changeTpl('lists/create.tpl');
+ $user_promo = S::i('promo');
+ $year = date('Y');
+ $month = date('m');
+ $young_promo = $very_young_promo = 0;
+ if ((($year > $user_promo) && ($month > 3)) && ($year < $user_promo + 5)) {
+ $young_promo = 1;
+ }
+ if ((($year > $user_promo) && ($month > 7)) && (($year < $user_promo + 1) && ($month < 8))) {
+ $very_young_promo = 1;
+ }
+ $page->assign('young_promo', $young_promo);
+ $page->assign('very_young_promo', $very_young_promo);
+
$owners = preg_split("/[\s]+/", Post::v('owners'), -1, PREG_SPLIT_NO_EMPTY);
$members = preg_split("/[\s]+/", Post::v('members'), -1, PREG_SPLIT_NO_EMPTY);
// click on validate button 'add_owner_sub' or type <enter>
if (Post::has('add_owner_sub') && Post::has('add_owner')) {
- require_once('user.func.inc.php');
// if we want to add an owner and then type <enter>, then both
// add_owner_sub and add_owner are filled.
- $oforlifes = get_users_forlife_list(Post::v('add_owner'), true);
- $mforlifes = get_users_forlife_list(Post::v('add_member'), true);
+ $oforlifes = User::getBulkForlifeEmails(Post::v('add_owner'), true);
+ $mforlifes = User::getBulkForlifeEmails(Post::v('add_member'), true);
if (!is_null($oforlifes)) {
$owners = array_merge($owners, $oforlifes);
}
// click on validate button 'add_member_sub'
if (Post::has('add_member_sub') && Post::has('add_member')) {
- require_once('user.func.inc.php');
- $forlifes = get_users_forlife_list(Post::v('add_member'), true);
+ $forlifes = User::getBulkForlifeEmails(Post::v('add_member'), true);
if (!is_null($forlifes)) {
$members = array_merge($members, $forlifes);
}
}
+ if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $forlifes = User::getBulkForlifeEmails($upload->getContents(), true);
+ if (!is_null($forlifes)) {
+ $members = array_merge($members, $forlifes);
+ }
+ }
+ }
ksort($owners);
$owners = array_unique($owners);
ksort($members);
$members = array_unique($members);
- $page->assign('owners', join(' ', $owners));
- $page->assign('members', join(' ', $members));
+ $page->assign('owners', join("\n", $owners));
+ $page->assign('members', join("\n", $members));
if (!Post::has('submit')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
+ $asso = Post::v('asso');
$liste = Post::v('liste');
if (empty($liste)) {
- $page->trig('champs «addresse souhaitée» vide');
+ $page->trigError('Le champ «adresse souhaitée» est vide.');
}
if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) {
- $page->trig('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets');
+ $page->trigError('Le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets.');
+ }
+
+ if (($asso == "binet") || ($asso == "alias")) {
+ $promo = Post::i('promo');
+ $domain = $promo . '.' . $globals->mail->domain;
+
+ if (($promo < 1921) || ($promo > date('Y'))) {
+ $page->trigError('La promotion est mal renseignée, elle doit être du type : 2004.');
+ }
+
+ $new = $liste . '@' . $domain;
+ $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new);
+
+ } else {
+ if ($asso == "groupex") {
+ $groupex_name = Post::v('groupex_name');
+
+ $res_groupe = XDB::query('SELECT mail_domain FROM groupex.asso WHERE nom={?}', $groupex_name);
+ $domain = $res_groupe->fetchOneCell();
+
+ if (!$domain) {
+ $page->trigError('Il n\'y a aucun groupe de ce nom sur Polytechnique.net.');
+ }
+
+ $new = $liste . '@' . $domain;
+ $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new);
+ } else {
+ $res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste);
+ $domain = $globals->mail->domain;
+ }
}
- $res = XDB::query("SELECT COUNT(*) FROM aliases WHERE alias={?}", $liste);
- $n = $res->fetchOneCell();
+ $n = $res->fetchOneCell();
if ($n) {
- $page->trig('cet alias est déjà pris');
+ $page->trigError('L\'«adresse souhaitée» est déjà prise.');
}
if (!Post::v('desc')) {
- $page->trig('le sujet est vide');
+ $page->trigError('Le sujet est vide.');
}
if (!count($owners)) {
- $page->trig('pas de gestionnaire');
+ $page->trigError('Il n\'y a pas de gestionnaire.');
}
if (count($members)<4) {
- $page->trig('pas assez de membres');
+ $page->trigError('Il n\'y a pas assez de membres.');
}
if (!$page->nb_errs()) {
$page->assign('created', true);
require_once 'validations.inc.php';
- $req = new ListeReq(S::v('uid'), $liste,
+ $req = new ListeReq(S::user(), $asso, $liste, $domain,
Post::v('desc'), Post::i('advertise'),
Post::i('modlevel'), Post::i('inslevel'),
$owners, $members);
$page->changeTpl('lists/members.tpl');
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/members/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/members/'.$liste);
}
}
}
+ function handler_csv(PlPage &$page, $liste = null)
+ {
+ if (is_null($liste)) {
+ return PL_NOT_FOUND;
+ }
+ $this->prepare_client($page);
+ $members = $this->client->get_members($liste);
+ $list = list_fetch_names(list_extract_members($members[1]));
+ header('Content-Type: text/x-csv; charset=utf-8;');
+ header('Pragma: ');
+ header('Cache-Control: ');
+
+ echo "email,nom,prenom,promo\n";
+ foreach ($list as $member) {
+ echo @$member['email'] . ',' . @$member['nom'] . ',' . @$member['prenom'] . ',' . @$member['promo'] . "\n";
+ }
+ exit;
+ }
+
function handler_annu(&$page, $liste = null, $action = null, $subaction = null)
{
if (is_null($liste)) {
$this->prepare_client($page);
if (Get::has('del')) {
+ S::assert_xsrf_token();
$this->client->unsubscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
if (Get::has('add')) {
+ S::assert_xsrf_token();
$this->client->subscribe($liste);
pl_redirect('lists/annu/'.$liste);
}
$view = new ArraySet($users);
$view->addMod('trombi', 'Trombinoscope', true, array('with_promo' => true));
if (empty($GLOBALS['IS_XNET_SITE'])) {
- $view->addMod('minifiche', 'Minifiches', false);
+ $view->addMod('minifiche', 'Mini-fiches', false);
}
$view->addMod('geoloc', 'Planisphère');
$view->apply("lists/annu/$liste", $page, $action, $subaction);
function handler_rss(&$page, $liste = null, $alias = null, $hash = null)
{
- require_once('rss.inc.php');
- $uid = init_rss(null, $alias, $hash);
- if (!$uid || !$liste) {
- exit;
+ if (!$liste) {
+ return PL_NOT_FOUND;
+ }
+ $user = Platal::session()->tokenAuth($alias, $hash);
+ if (is_null($user)) {
+ return PL_FORBIDDEN;
}
- $res = XDB::query("SELECT user_id AS uid, password, alias AS forlife
- FROM auth_user_md5 AS u
- INNER JOIN aliases AS a ON (a.id = u.user_id AND a.type = 'a_vie')
- WHERE u.user_id = {?}", $uid);
- $row = $res->fetchOneAssoc();
- $_SESSION = array_merge($row, $_SESSION);
-
- $domain = $this->prepare_client($page);
+ $domain = $this->prepare_client($page, $user);
if (list($det) = $this->client->get_members($liste)) {
if (substr($liste,0,5) != 'promo' && ($det['ins'] || $det['priv'])
&& !$det['own'] && ($det['sub'] < 2)) {
exit;
}
require_once('banana/ml.inc.php');
- $banana = new MLBanana(S::v('forlife'), Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2'));
+ $banana = new MLBanana($user, Array('listname' => $liste, 'domain' => $domain, 'action' => 'rss2'));
$banana->run();
}
exit;
$page->register_modifier('hdc', 'list_header_decode');
if (Env::has('sadd') || Env::has('sdel')) {
+ S::assert_xsrf_token();
+
if (Env::has('sadd')) { /* 4 = SUBSCRIBE */
$sub = $this->client->get_pending_sub($liste, Env::v('sadd'));
$this->client->handle_request($liste,Env::v('sadd'),4,'');
}
if (Post::has('sdel')) { /* 2 = REJECT */
$sub = $this->client->get_pending_sub($liste, Env::v('sdel'));
- $this->client->handle_request($liste, Post::v('sdel'), 2, Post::v('reason'));
+ $this->client->handle_request($liste, Post::v('sdel'), 2, utf8_decode(Post::v('reason')));
$info = "refusée";
}
if ($sub) {
}
if (Post::has('moderate_mails') && Post::has('select_mails')) {
+ S::assert_xsrf_token();
+
$mails = array_keys(Post::v('select_mails'));
foreach($mails as $mail) {
$this->moderate_mail($domain, $liste, $mail);
if (list($subs,$mails) = $this->get_pending_ops($domain, $liste)) {
foreach ($mails as $key=>$mail) {
$mails[$key]['stamp'] = strftime("%Y%m%d%H%M%S", $mail['stamp']);
+ if ($mail['fromx']) {
+ $page->assign('with_fromx', true);
+ } else {
+ $page->assign('with_nonfromx', true);
+ }
}
$page->assign_by_ref('subs', $subs);
$page->assign_by_ref('mails', $mails);
static public function no_login_callback($login)
{
require_once 'user.func.inc.php';
- global $list_unregistered;
+ global $list_unregistered, $globals;
$users = get_not_registered_user($login, true);
if ($users && $users->total()) {
}
$list_unregistered[$login] = $users;
} else {
- _default_user_callback($login);
+ list($name, $dom) = @explode('@', $login);
+ if ($dom == $globals->mail->domain || $dom == $globals->mail->domain2) {
+ User::_default_user_callback($login);
+ }
}
}
$page->changeTpl('lists/admin.tpl');
if (Env::has('send_mark')) {
+ S::assert_xsrf_token();
+
$actions = Env::v('mk_action');
$uids = Env::v('mk_uid');
$mails = Env::v('mk_email');
}
if (Env::has('add_member')) {
- require_once('user.func.inc.php');
- $members = get_users_forlife_list(Env::v('add_member'), false, array('ListsModule', 'no_login_callback'));
+ S::assert_xsrf_token();
+
+ $members = User::getBulkForlifeEmails(Env::v('add_member'),
+ false,
+ array('ListsModule', 'no_login_callback'));
$arr = $this->client->mass_subscribe($liste, $members);
if (is_array($arr)) {
foreach($arr as $addr) {
- $page->trig("{$addr[0]} inscrit.");
+ $page->trigSuccess("{$addr[0]} inscrit.");
+ }
+ }
+ }
+
+ if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ S::assert_xsrf_token();
+
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $members = User::getBulkForlifeEmails($upload->getContents(),
+ false,
+ array('ListsModule', 'no_login_callback'));
+ $arr = $this->client->mass_subscribe($liste, $members);
+ if (is_array($arr)) {
+ foreach($arr as $addr) {
+ $page->trigSuccess("{$addr[0]} inscrit.");
+ }
}
}
}
if (Env::has('del_member')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_member'), '@') === false) {
$this->client->mass_unsubscribe(
$liste, array(Env::v('del_member').'@'.$globals->mail->domain));
}
if (Env::has('add_owner')) {
- require_once('user.func.inc.php');
- $owners = get_users_forlife_list(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback'));
+ S::assert_xsrf_token();
+
+ $owners = User::getBulkForlifeEmails(Env::v('add_owner'), false, array('ListsModule', 'no_login_callback'));
if ($owners) {
foreach ($owners as $login) {
if ($this->client->add_owner($liste, $login)) {
- $page->trig($alias." ajouté aux modérateurs.");
+ $page->trigSuccess($login ." ajouté aux modérateurs.");
}
}
}
}
if (Env::has('del_owner')) {
+ S::assert_xsrf_token();
+
if (strpos(Env::v('del_owner'), '@') === false) {
$this->client->del_owner($liste, Env::v('del_owner').'@'.$globals->mail->domain);
} else {
$page->changeTpl('lists/options.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
- $this->client->set_bogo_level($liste, intval($values['bogo_level']));
+ $spamlevel = intval($values['bogo_level']);
+ $unsurelevel = intval($values['unsure_level']);
+ if ($spamlevel == 0) {
+ $unsurelevel = 0;
+ }
+ if ($spamlevel > 3 || $spamlevel < 0 || $unsurelevel < 0 || $unsurelevel > 1) {
+ $page->trigError("Réglage de l'antispam non valide");
+ } else {
+ $this->client->set_bogo_level($liste, ($spamlevel << 1) + $unsurelevel);
+ }
switch($values['moderate']) {
case '0':
$values['generic_nonmember_action'] = 0;
}
$this->client->set_owner_options($liste, $values);
} elseif (isvalid_email(Post::v('atn_add'))) {
+ S::assert_xsrf_token();
$this->client->add_to_wl($liste, Post::v('atn_add'));
} elseif (Get::has('atn_del')) {
+ S::assert_xsrf_token();
$this->client->del_from_wl($liste, Get::v('atn_del'));
pl_redirect('lists/options/'.$liste);
}
if (list($details,$options) = $this->client->get_owner_options($liste)) {
$page->assign_by_ref('details', $details);
$page->assign_by_ref('options', $options);
- $page->assign('bogo_level', $this->client->get_bogo_level($liste));
+ $bogo_level = intval($this->client->get_bogo_level($liste));
+ $page->assign('unsure_level', $bogo_level & 1);
+ $page->assign('bogo_level', $bogo_level >> 1);
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer");
}
$page->changeTpl('lists/delete.tpl');
if (Post::v('valid') == 'OUI') {
+ S::assert_xsrf_token();
+
if ($this->client->delete_list($liste, Post::b('del_archive'))) {
foreach (array('', '-owner', '-admin', '-bounces', '-unsubscribe') as $app) {
XDB::execute("DELETE FROM $table
$type, $liste.$app.$domain);
}
$page->assign('deleted', true);
+ $page->trigSuccess('La liste a été détruite !');
} else {
$page->kill('Une erreur est survenue lors de la suppression de la liste.<br />'
. 'Contact les administrateurs du site pour régler le problème : '
. '<a href="mailto:support@polytechnique.org">support@polytechnique.org</a>');
}
} elseif (list($details,$options) = $this->client->get_owner_options($liste)) {
+ if (!$details['own']) {
+ $page->trigWarning('Tu n\'es pas administrateur de la liste, mais du site.');
+ }
$page->assign_by_ref('details', $details);
$page->assign_by_ref('options', $options);
$page->assign('bogo_level', $this->client->get_bogo_level($liste));
$page->changeTpl('lists/soptions.tpl');
if (Post::has('submit')) {
+ S::assert_xsrf_token();
+
$values = $_POST;
$values = array_map('utf8_decode', $values);
unset($values['submit']);
$page->changeTpl('lists/check.tpl');
if (Post::has('correct')) {
+ S::assert_xsrf_token();
$this->client->check_options($liste, true);
}
}
}
- function handler_admin_all(&$page) {
+ function handler_admin_all(&$page)
+ {
$page->changeTpl('lists/admin_all.tpl');
- $page->assign('xorg_title','Polytechnique.org - Administration - Mailing lists');
+ $page->setTitle('Administration - Mailing lists');
- $client = new MMList(S::v('uid'), S::v('password'));
- $listes = $client->get_all_lists();
+ $this->prepare_client($page);
+ $listes = $this->client->get_all_lists();
$page->assign_by_ref('listes', $listes);
}
}
projects / platal.git / blobdiff