function handler_photo(&$page, $x = null, $req = null)
{
- if (is_null($x)) {
+ if (!$x || !($user = User::getSilent($x))) {
return PL_NOT_FOUND;
}
- $res = XDB::query("SELECT id, pub FROM aliases
- LEFT JOIN photo ON(id = uid)
- WHERE alias = {?}", $x);
- list($uid, $photo_pub) = $res->fetchOneRow();
+ // Retrieve the photo and its mime type.
+ $photo_data = null;
+ $photo_type = null;
if ($req && S::logged()) {
include 'validations.inc.php';
- $myphoto = PhotoReq::get_request($uid);
- Header('Content-type: image/'.$myphoto->mimetype);
- echo $myphoto->data;
+ $myphoto = PhotoReq::get_request($user->id());
+ if ($myphoto) {
+ $photo_data = $myphoto->data;
+ $photo_type = $myphoto->mimetype;
+ }
} else {
$res = XDB::query(
- "SELECT attachmime, attach
+ "SELECT attachmime, attach, pub
FROM photo
- WHERE uid={?}", $uid);
-
- if ((list($type, $data) = $res->fetchOneRow())
- && ($photo_pub == 'public' || S::logged())) {
- Header("Content-type: image/$type");
- echo $data;
- } else {
- Header('Content-type: image/png');
- echo file_get_contents(dirname(__FILE__).'/../htdocs/images/none.png');
+ WHERE uid = {?}", $user->id());
+ list($photo_type, $photo_data, $photo_pub) = $res->fetchOneRow();
+ if ($photo_pub != 'public' && !S::logged()) {
+ $photo_type = $photo_data = null;
}
}
+
+ // Display the photo, or a default one when not available.
+ if ($photo_type && $photo_data != null) {
+ header('Content-type: image/' . $photo_type);
+ echo $photo_data;
+ } else {
+ header('Content-type: image/png');
+ echo file_get_contents(dirname(__FILE__).'/../htdocs/images/none.png');
+ }
exit;
}
function handler_photo_change(&$page)
{
+ global $globals;
$page->changeTpl('profile/trombino.tpl');
require_once('validations.inc.php');
.'/'.S::v('forlife').'.jpg';
if (Env::has('upload')) {
- $upload = new PlUpload(S::v('forlife'), 'photo');
+ S::assert_xsrf_token();
+
+ $upload = new PlUpload(S::user()->login(), 'photo');
if (!$upload->upload($_FILES['userfile']) && !$upload->download(Env::v('photo'))) {
$page->trigError('Une erreur est survenue lors du téléchargement du fichier');
} else {
- $myphoto = new PhotoReq(S::v('uid'), $upload);
+ $myphoto = new PhotoReq(S::user(), $upload);
if ($myphoto->isValid()) {
$myphoto->submit();
}
}
} elseif (Env::has('trombi')) {
- $upload = new PlUpload(S::v('forlife'), 'photo');
+ S::assert_xsrf_token();
+
+ $upload = new PlUpload(S::user()->login(), 'photo');
if ($upload->copyFrom($trombi_x)) {
- $myphoto = new PhotoReq(S::v('uid'), $upload);
+ $myphoto = new PhotoReq(S::user(), $upload);
if ($myphoto->isValid()) {
$myphoto->commit();
$myphoto->clean();
}
}
} elseif (Env::v('suppr')) {
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo
WHERE uid = {?}',
S::v('uid'));
XDB::execute('DELETE FROM requests
WHERE user_id = {?} AND type="photo"',
S::v('uid'));
- update_NbValid();
+ $globals->updateNbValid();
} elseif (Env::v('cancel')) {
+ S::assert_xsrf_token();
+
$sql = XDB::query('DELETE FROM requests
WHERE user_id={?} AND type="photo"',
S::v('uid'));
- update_NbValid();
+ $globals->updateNbValid();
}
$sql = XDB::query('SELECT COUNT(*)
if (!S::logged() || Env::v('view') == 'public') $view = 'public';
if (S::logged() && Env::v('view') == 'ax') $view = 'ax';
- if (is_numeric($x)) {
- $res = XDB::query(
- "SELECT alias
- FROM aliases AS a
- INNER JOIN auth_user_md5 AS u ON (a.id=u.user_id AND a.type='a_vie')
- WHERE matricule={?}", $x);
- $login = $res->fetchOneCell();
- } else {
- $login = get_user_forlife($x, S::logged() ? '_default_user_callback'
- : '_silent_user_callback');
+ $login = S::logged() ? User::get($x) : User::getSilent($x);
+ if (!$login) {
+ return PL_NOT_FOUND;
}
- if (empty($login)) {
+ $res = XDB::query("SELECT perms IN ('admin','user','disabled')
+ FROM auth_user_md5
+ WHERE user_id = {?}", $login->id());
+ if (!$res->fetchOneCell()) {
$user = get_not_registered_user($x, true);
if ($user->total() != 1) {
return PL_NOT_FOUND;
$user['forlife'] = $x;
} else {
$new = Env::v('modif') == 'new';
- $user = get_user_details($login, S::v('uid'), $view);
+ $user = get_user_details($login->login(), S::v('uid'), $view);
}
if (S::logged()) {
- S::logger()->log('view_profile', $login);
+ S::logger()->log('view_profile', $login->login());
}
$title = $user['prenom'] . ' ' . ( empty($user['nom_usage']) ? $user['nom'] : $user['nom_usage'] );
- $page->assign('pl_title', $title);
+ $page->setTitle($title);
// photo
function handler_ax(&$page, $user = null)
{
- require_once 'user.func.inc.php';
- $user = get_user_forlife($user);
+ $user = User::get($user);
if (!$user) {
return PL_NOT_FOUND;
}
- $res = XDB::query('SELECT matricule_ax
- FROM auth_user_md5 AS u
- INNER JOIN aliases AS a ON (a.type = "a_vie" AND a.id = u.user_id)
- WHERE a.alias = {?}', $user);
+
+ $res = XDB::query("SELECT matricule_ax
+ FROM auth_user_md5
+ WHERE user_id = {?}", $user->id());
$mat = $res->fetchOneCell();
if (!intval($mat)) {
- $page->kill("Le matricule AX de $user est inconnu");
+ $page->kill("Le matricule AX de {$user->login()} est inconnu");
}
http_redirect("http://www.polytechniciens.com/?page=AX_FICHE_ANCIEN&anc_id=$mat");
}
$page->addJsLink('grades.js');
$page->addJsLink('profile.js');
$page->addJsLink('jquery.autocomplete.js');
- $wiz = new PlWizard('Profil', 'core/plwizard.tpl', true, true);
- require_once dirname(__FILE__) . '/profile/page.inc.php';
+ $wiz = new PlWizard('Profil', PlPage::getCoreTpl('plwizard.tpl'), true, true);
+ $this->load('page.inc.php');
$wiz->addPage('ProfileGeneral', 'Général', 'general');
$wiz->addPage('ProfileAddresses', 'Adresses personnelles', 'adresses');
$wiz->addPage('ProfileGroups', 'Groupes X - Binets', 'poly');
. " la procédure de récupération de mot de passe si un jour tu le perdais");
}
- $page->assign('pl_title', 'Polytechnique.org - Mon Profil');
+ $page->setTitle('Mon Profil');
}
function handler_applis_js(&$page)
$page->changeTpl('profile/orange.tpl');
require_once 'validations.inc.php';
- require_once 'xorg.misc.inc.php';
$res = XDB::query(
"SELECT u.promo, u.promo_sortie
if (!Env::has('promo_sortie')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$promo_sortie = Env::i('promo_sortie');
$page->assign('promo_sortie', $promo_sortie);
if (Env::has('submit')) {
- $myorange = new OrangeReq(S::v('uid'),
- $promo_sortie);
+ $myorange = new OrangeReq(S::user(), $promo_sortie);
$myorange->submit();
$page->assign('myorange', $myorange);
}
function handler_ref_search(&$page, $action = null, $subaction = null)
{
- require_once 'wiki.inc.php';
- wiki_require_page('Docs.Emploi');
- $page->assign('pl_title', 'Polytechnique.org - Conseil Pro');
+ $wp = new PlWikiPage('Docs.Emploi');
+ $wp->buildCache();
+
+ $page->setTitle('Conseil Pro');
//recuperation des noms de secteurs
$res = XDB::iterRow("SELECT id, label FROM emploi_secteur");
$page->changeTpl('profile/nomusage.tpl');
require_once 'validations.inc.php';
- require_once 'xorg.misc.inc.php';
$res = XDB::query(
"SELECT u.nom, u.nom_usage, u.flags, e.alias
$page->assign('usage_req', $nom_usage);
if (Env::has('submit') && ($nom_usage != $usage_old)) {
+ S::assert_xsrf_token();
+
// on vient de recevoir une requete, differente de l'ancien nom d'usage
if ($nom_usage == $nom) {
$page->assign('same', true);
if ($reason == 'other') {
$reason = Env::v('other_reason');
}
- $myusage = new UsageReq(S::v('uid'), $nom_usage, $reason);
+ $myusage = new UsageReq(S::user(), $nom_usage, $reason);
$myusage->submit();
$page->assign('myusage', $myusage);
}
function handler_xnet(&$page)
{
$page->changeTpl('profile/groupesx.tpl');
- $page->assign('pl_title', 'Polytechnique.org - Promo, Groupes X, Binets');
+ $page->setTitle('Promo, Groupes X, Binets');
$req = XDB::query('
SELECT m.asso_id, a.nom, diminutif, a.logo IS NOT NULL AS has_logo,
function handler_admin_trombino(&$page, $uid = null, $action = null) {
$page->changeTpl('profile/admin_trombino.tpl');
- $page->assign('pl_title','Polytechnique.org - Administration - Trombino');
+ $page->setTitle('Administration - Trombino');
$page->assign('uid', $uid);
$q = XDB::query(
list($forlife, $promo) = $q->fetchOneRow();
switch ($action) {
-
case "original":
header("Content-type: image/jpeg");
readfile("/home/web/trombino/photos".$promo."/".$forlife.".jpg");
break;
case "new":
+ S::assert_xsrf_token();
+
$data = file_get_contents($_FILES['userfile']['tmp_name']);
list($x, $y) = getimagesize($_FILES['userfile']['tmp_name']);
$mimetype = substr($_FILES['userfile']['type'], 6);
break;
case "delete":
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo WHERE uid = {?}', $uid);
break;
}
$page->assign('forlife', $forlife);
}
function handler_admin_binets(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title','Polytechnique.org - Administration - Binets');
+ $page->setTitle('Administration - Binets');
$page->assign('title', 'Gestion des binets');
$table_editor = new PLTableEditor('admin/binets', 'binets_def', 'id');
$table_editor->add_join_table('binets_ins','binet_id',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_formations(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title','Polytechnique.org - Administration - Formations');
+ $page->setTitle('Administration - Formations');
$page->assign('title', 'Gestion des formations');
$table_editor = new PLTableEditor('admin/formations','applis_def','id');
$table_editor->add_join_table('applis_ins','aid',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_sections(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title','Polytechnique.org - Administration - Sections');
+ $page->setTitle('Administration - Sections');
$page->assign('title', 'Gestion des sections');
$table_editor = new PLTableEditor('admin/sections','sections','id');
$table_editor->describe('text','intitulé',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_ss_secteurs(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title', 'Polytechnique.org - Administration - Sous-secteurs');
+ $page->setTitle('Administration - Sous-secteurs');
$page->assign('title', 'Gestion des sous-secteurs');
$table_editor = new PLTableEditor('admin/ss_secteurs', 'emploi_ss_secteur', 'id', true);
$table_editor->describe('label', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_fonctions(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title', 'Polytechnique.org - Administration - Fonctions');
+ $page->setTitle('Administration - Fonctions');
$page->assign('title', 'Gestion des fonctions');
$table_editor = new PLTableEditor('admin/fonctions', 'fonctions_def', 'id', true);
$table_editor->describe('fonction_fr', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_secteurs(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title', 'Polytechnique.org - Administration - Secteurs');
+ $page->setTitle('Administration - Secteurs');
$page->assign('title', 'Gestion des secteurs');
$table_editor = new PLTableEditor('admin/secteurs', 'emploi_secteur', 'id', true);
$table_editor->describe('label', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_medals(&$page, $action = 'list', $id = null) {
- $page->assign('pl_title','Polytechnique.org - Administration - Distinctions');
+ $page->setTitle('Administration - Distinctions');
$page->assign('title', 'Gestion des Distinctions');
$table_editor = new PLTableEditor('admin/medals','profile_medals','id');
$table_editor->describe('text', 'intitulé', true);