X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Faxletter.php;h=d08b0bc82dfe902d34e1ef1a5463d3bb90018dc4;hb=a81ee98706ff11231e6d708270e2fb1c97775650;hp=67833e822ebe201eab2589bffe9e0cd99b603b46;hpb=dd9bac8f7903e9924525ad8db3e38650ff5ad1b6;p=platal.git diff --git a/modules/axletter.php b/modules/axletter.php index 67833e8..d08b0bc 100644 --- a/modules/axletter.php +++ b/modules/axletter.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_COOKIE), + 'ax' => $this->make_hook('index', AUTH_COOKIE), 'ax/out' => $this->make_hook('out', AUTH_PUBLIC), 'ax/show' => $this->make_hook('show', AUTH_COOKIE), 'ax/edit' => $this->make_hook('submit', AUTH_MDP), 'ax/edit/cancel' => $this->make_hook('cancel', AUTH_MDP), 'ax/edit/valid' => $this->make_hook('valid', AUTH_MDP), - 'admin/axletter' => $this->make_hook('admin', AUTH_MDP, 'admin'), + 'admin/axletter' => $this->make_hook('admin', AUTH_MDP, 'admin'), ); } @@ -43,17 +43,17 @@ class AXLetterModule extends PLModule return $this->handler_index($page, 'out'); } } - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + $this->load('axletter.inc.php'); $page->changeTpl('axletter/unsubscribe.tpl'); $page->assign('success', AXLetter::unsubscribe($hash, true)); } function handler_index(&$page, $action = null) { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + $this->load('axletter.inc.php'); $page->changeTpl('axletter/index.tpl'); - $page->assign('xorg_title','Polytechnique.org - Envois de l\'AX'); + $page->setTitle('Envois de l\'AX'); switch ($action) { case 'in': AXLetter::subscribe(); break; @@ -73,25 +73,29 @@ class AXLetterModule extends PLModule function handler_submit(&$page, $action = null) { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + $this->load('axletter.inc.php'); if (!AXLetter::hasPerms()) { return PL_FORBIDDEN; } $page->changeTpl('axletter/edit.tpl'); - $saved = Post::i('saved'); - $new = false; - $id = Post::i('id'); - $shortname = trim(Post::v('shortname')); - $subject = trim(Post::v('subject')); - $title = trim(Post::v('title')); - $body = rtrim(Post::v('body')); - $signature = trim(Post::v('signature')); - $promo_min = Post::i('promo_min'); - $promo_max = Post::i('promo_max'); - $echeance = Post::has('echeance_date') ? Post::v('echeance_date') . ' ' . Post::v('echeance_time') - : Post::v('echeance'); + $saved = Post::i('saved'); + $new = false; + $id = Post::i('id'); + $short_name = trim(Post::v('short_name')); + $subject = trim(Post::v('subject')); + $title = trim(Post::v('title')); + $body = rtrim(Post::v('body')); + $signature = trim(Post::v('signature')); + $promo_min = Post::i('promo_min'); + $promo_max = Post::i('promo_max'); + $subset_to = preg_split("/[ ,;\:\n\r]+/", Post::v('subset_to'), -1, PREG_SPLIT_NO_EMPTY); + $subset = (count($subset_to) > 0); + $subset_rm = Post::b('subset_rm'); + $echeance = Post::has('echeance_date') ? + preg_replace('/^(\d\d\d\d)(\d\d)(\d\d)$/', '\1-\2-\3', Post::v('echeance_date')) . ' ' . Post::v('echeance_time') + : Post::v('echeance'); $echeance_date = Post::v('echeance_date'); $echeance_time = Post::v('echeance_time'); @@ -99,6 +103,8 @@ class AXLetterModule extends PLModule $res = XDB::query("SELECT * FROM axletter WHERE FIND_IN_SET('new', bits)"); if ($res->numRows()) { extract($res->fetchOneAssoc(), EXTR_OVERWRITE); + $subset_to = ($subset ? explode("\n", $subset) : array()); + $subset = (count($subset_to) > 0); $saved = true; } else { XDB::execute("INSERT INTO axletter SET id = NULL"); @@ -109,6 +115,8 @@ class AXLetterModule extends PLModule $new = true; } } elseif (Post::has('valid')) { + S::assert_xsrf_token(); + if (!$subject && $title) { $subject = $title; } @@ -116,70 +124,93 @@ class AXLetterModule extends PLModule $title = $subject; } if (!$subject || !$title || !$body) { - $page->trig("L'article doit avoir un sujet et un contenu"); + $page->trigError("L'article doit avoir un sujet et un contenu"); Post::kill('valid'); } if (($promo_min > $promo_max && $promo_max != 0)|| ($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) || ($promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020))) { - $page->trig("L'intervalle de promotions n'est pas valide"); + $page->trigError("L'intervalle de promotions n'est pas valide"); Post::kill('valid'); } - if (empty($shortname)) { - $page->trig("L'annonce doit avoir un nom raccourci pour simplifier la navigation dans les archives"); + if (empty($short_name)) { + $page->trigError("L'annonce doit avoir un nom raccourci pour simplifier la navigation dans les archives"); Post::kill('valid'); - } elseif (!preg_match('/^[a-z][-a-z0-9]*[a-z0-9]$/', $shortname)) { - $page->trig("Le nom raccourci n'est pas valide, il doit comporter au moins 2 caractères et n'être composé " + } elseif (!preg_match('/^[a-z][-a-z0-9]*[a-z0-9]$/', $short_name)) { + $page->trigError("Le nom raccourci n'est pas valide, il doit comporter au moins 2 caractères et n'être composé " . "que de chiffres, lettres et tirets"); Post::kill('valid'); - } elseif ($shortname != Post::v('old_shortname')) { - $res = XDB::query("SELECT id FROM axletter WHERE shortname = {?}", $shortname); + } elseif ($short_name != Post::v('old_short_name')) { + $res = XDB::query("SELECT id FROM axletter WHERE short_name = {?}", $short_name); if ($res->numRows() && $res->fetchOneCell() != $id) { - $page->trig("Le nom $shortname est déjà utilisé, merci d'en choisir un autre"); - $shortname = Post::v('old_shortname'); - if (empty($shortname)) { + $page->trigError("Le nom $short_name est déjà utilisé, merci d'en choisir un autre"); + $short_name = Post::v('old_short_name'); + if (empty($short_name)) { Post::kill('valid'); } } } switch (@Post::v('valid')) { + case 'Vérifier les emails': + // Same as 'preview', but performs a test of all provided emails + if ($subset) { + require_once 'emails.inc.php'; + $ids = ids_from_mails($subset_to); + $nb_error = 0; + foreach ($subset_to as $e) { + if (!array_key_exists($e, $ids)) { + if ($nb_error == 0) { + $page->trigError("Emails inconnus :"); + } + $nb_error++; + $page->trigError($e); + } + } + if ($nb_error == 0) { + if (count($subset_to) == 1) { + $page->trigSuccess("L'email soumis a été reconnu avec succès."); + } else { + $page->trigSuccess("Les " . count($subset_to) . " emails soumis ont été reconnus avec succès."); + } + } else { + $page->trigError("Total : $nb_error erreur" . ($nb_error > 1 ? "s" : "") . " sur " . count($subset_to) . " adresses mail soumises."); + } + $page->trigSuccess("Les adresses soumises correspondent à un total de " . count(array_unique($ids)) . " camarades."); + } + // No break here, since Vérifier is a subcase of Aperçu. case 'Aperçu': - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; - $al = new AXLetter(array($id, $shortname, $subject, $title, $body, $signature, - $promo_min, $promo_max, $echeance, 0, 'new')); - $al->toHtml($page, S::v('prenom'), S::v('nom'), S::v('femme')); + $this->load('axletter.inc.php'); + $al = new AXLetter(array($id, $short_name, $subject, $title, $body, $signature, + $promo_min, $promo_max, $subset, $subset_rm, $echeance, 0, 'new')); + $al->toHtml($page, S::user()); break; case 'Confirmer': XDB::execute("REPLACE INTO axletter - SET id = {?}, shortname = {?}, subject = {?}, title = {?}, body = {?}, - signature = {?}, promo_min = {?}, promo_max = {?}, echeance = {?}", - $id, $shortname, $subject, $title, $body, $signature, $promo_min, $promo_max, $echeance); + SET id = {?}, short_name = {?}, subject = {?}, title = {?}, body = {?}, + signature = {?}, promo_min = {?}, promo_max = {?}, echeance = {?}, subset = {?}, subset_rm = {?}", + $id, $short_name, $subject, $title, $body, $signature, $promo_min, $promo_max, $echeance, $subset ? implode("\n", $subset_to) : null, $subset_rm); if (!$saved) { + global $globals; $mailer = new PlMailer(); $mailer->setFrom("support@" . $globals->mail->domain); - $mailer->setSubject("Un nouveau projet de mail de l'AX vient d'être proposé"); - $mailer->setTxtBody("Un nouveau mail vient d'être rédigé en prévision d'un envoi prochain. Vous pouvez " + $mailer->setSubject("Un nouveau projet d'email de l'AX vient d'être proposé"); + $mailer->setTxtBody("Un nouvel email vient d'être rédigé en prévision d'un envoi prochain. Vous pouvez " . "le modifier jusqu'à ce qu'il soit verrouillé pour l'envoi\n\n" - . "Le sujet du mail : $subject\n" + . "Le sujet de l'email : $subject\n" . "L'échéance d'envoi est fixée à $echeance.\n" - . "Le mail pourra néanmoins partir avant cette échéance si un administrateur de " + . "L'email pourra néanmoins partir avant cette échéance si un administrateur de " . "Polytechnique.org le valide.\n\n" - . "Pour modifier, valider ou annuler le mail :\n" + . "Pour modifier, valider ou annuler l'email :\n" . "https://www.polytechnique.org/ax/edit\n" . "-- \n" . "Association Polytechnique.org\n"); - $res = XDB::iterRow("SELECT IF(u.nom_usage != '', u.nom_usage, u.nom) AS nom, - u.prenom, a.alias AS bestalias - FROM axletter_rights AS ar - INNER JOIN auth_user_md5 AS u USING(user_id) - INNER JOIN aliases AS a ON (u.user_id = a.id - AND FIND_IN_SET('bestalias', a.flags))"); - global $globals; - while (list($nom, $prenom, $alias) = $res->next()) { - $mailer->addTo("$nom $prenom <$alias@{$globals->mail->domain}>"); + $users = User::getBulkUsersWithUIDs(XDB::fetchColumn('SELECT uid + FROM axletter_rights')); + foreach ($users as $user) { + $mailer->addTo($user); } $mailer->send(); } @@ -191,19 +222,22 @@ class AXLetterModule extends PLModule } } $page->assign('id', $id); - $page->assign('shortname', $shortname); + $page->assign('short_name', $short_name); $page->assign('subject', $subject); $page->assign('title', $title); $page->assign('body', $body); $page->assign('signature', $signature); $page->assign('promo_min', $promo_min); $page->assign('promo_max', $promo_max); + $page->assign('subset_to', implode("\n", $subset_to)); + $page->assign('subset', $subset); + $page->assign('subset_rm', $subset_rm); $page->assign('echeance', $echeance); $page->assign('echeance_date', $echeance_date); $page->assign('echeance_time', $echeance_time); $page->assign('saved', $saved); $page->assign('new', $new); - $page->assign('is_xorg', S::has_perms()); + $page->assign('is_xorg', S::admin()); if (!$saved) { $select = ''; @@ -222,18 +256,13 @@ class AXLetterModule extends PLModule function handler_cancel(&$page, $force = null) { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; - if (!AXLetter::hasPerms()) { - return PL_FORBIDDEN; - } - - $url = parse_url($_SERVER['HTTP_REFERER']); - if ($force != 'force' && trim($url['path'], '/') != 'ax/edit') { + $this->load('axletter.inc.php'); + if (!AXLetter::hasPerms() || !S::has_xsrf_token()) { return PL_FORBIDDEN; } $al = AXLetter::awaiting(); - if (!$alg) { + if (!$al) { $page->kill("Aucune lettre en attente"); return; } @@ -242,18 +271,13 @@ class AXLetterModule extends PLModule return; } - $page->kill("L'envoi de l'annonce {$al->title()} est annulé"); + $page->killSuccess("L'envoi de l'annonce {$al->title()} est annulé."); } function handler_valid(&$page, $force = null) { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; - if (!AXLetter::hasPerms()) { - return PL_FORBIDDEN; - } - - $url = parse_url($_SERVER['HTTP_REFERER']); - if ($force != 'force' && trim($url['path'], '/') != 'ax/edit') { + $this->load('axletter.inc.php'); + if (!AXLetter::hasPerms() || !S::has_xsrf_token()) { return PL_FORBIDDEN; } @@ -267,35 +291,40 @@ class AXLetterModule extends PLModule return; } - $page->kill("L'envoi de l'annonce aura lieu dans l'heure qui vient."); + $page->killSuccess("L'envoi de l'annonce aura lieu dans l'heure qui vient."); } function handler_show(&$page, $nid = 'last') { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + $this->load('axletter.inc.php'); $page->changeTpl('axletter/show.tpl'); - $nl = new AXLetter($nid); - if (Get::has('text')) { - $nl->toText($page, S::v('prenom'), S::v('nom'), S::v('femme')); - } else { - $nl->toHtml($page, S::v('prenom'), S::v('nom'), S::v('femme')); - } - if (Post::has('send')) { - $nl->sendTo(S::v('prenom'), S::v('nom'), - S::v('bestalias'), S::v('femme'), - S::v('mail_fmt') != 'texte'); + try { + $nl = new AXLetter($nid); + $user =& S::user(); + if (Get::has('text')) { + $nl->toText($page, $user); + } else { + $nl->toHtml($page, $user); + } + if (Post::has('send')) { + $nl->sendTo($user); + } + } catch (MailNotFound $e) { + return PL_NOT_FOUND; } } function handler_admin(&$page, $action = null, $uid = null) { - require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + $this->load('axletter.inc.php'); if (Post::has('action')) { $action = Post::v('action'); $uid = Post::v('uid'); } if ($uid) { + S::assert_xsrf_token(); + $uids = preg_split('/ *[,;\: ] */', $uid); foreach ($uids as $uid) { switch ($action) { @@ -307,26 +336,22 @@ class AXLetterModule extends PLModule break; } if (!$res) { - $page->trig("Personne ne oorrespond à l'identifiant '$uid'"); + $page->trigError("Personne ne correspond à l'identifiant '$uid'"); } } } $page->changeTpl('axletter/admin.tpl'); - $res = XDB::iterator("SELECT IF(u.nom_usage != '', u.nom_usage, u.nom) AS nom, - u.prenom, u.promo, a.alias AS forlife - FROM axletter_rights AS ar - INNER JOIN auth_user_md5 AS u USING(user_id) - INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = 'a_vie')"); - $page->assign('admins', $res); + $page->assign('admins', User::getBulkUsersWithUIDs(XDB::fetchColumn('SELECT uid + FROM axletter_rights'))); $importer = new CSVImporter('axletter_ins'); - $importer->registerFunction('user_id', 'email vers Id X.org', array($this, 'idFromMail')); + $importer->registerFunction('uid', 'email vers Id X.org', array($this, 'idFromMail')); $importer->forceValue('hash', array($this, 'createHash')); - $importer->apply($page, "admin/axletter", array('user_id', 'email', 'prenom', 'nom', 'promo', 'flag', 'hash')); + $importer->apply($page, "admin/axletter", array('uid', 'email', 'prenom', 'nom', 'promo', 'flag', 'hash')); } - function idFromMail($line, $key) + function idFromMail($line, $key, $relation = null) { static $field; global $globals; @@ -339,39 +364,12 @@ class AXLetterModule extends PLModule } } } - $email = $line[$field]; - if (strpos($email, '@') === false) { - $user = $email; - $domain = $globals->mail->domain2; - } else { - list($user, $domain) = explode('@', $email); - } - if ($domain != $globals->mail->domain && $domain != $globals->mail->domain2 - && $domain != $globals->mail->alias_dom && $domain != $globals->mail->alias_dom2) { - $res = XDB::query("SELECT uid FROM emails WHERE email = {?}", $email); - if ($res->numRows() == 1) { - return $res->fetchOneCell(); - } - return '0'; - } - list($user) = explode('+', $user); - list($user) = explode('_', $user); - if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) { - $res = XDB::query("SELECT a.id - FROM virtual AS v - INNER JOIN virtual_redirect AS r USING(vid) - INNER JOIN aliases AS a ON (a.type = 'a_vie' - AND r.redirect = CONCAT(a.alias, '@{$globals->mail->domain2}')) - WHERE v.alias = CONCAT({?}, '@{$globals->mail->alias_dom}')", $user); - $id = $res->fetchOneCell(); - return $id ? $id : '0'; - } - $res = XDB::query("SELECT id FROM aliases WHERE alias = {?}", $user); - $id = $res->fetchOneCell(); - return $id ? $id : '0'; + $uf = new UserFilter(new UFC_Email($line[$field])); + $id = $uf->getUIDs(); + return count($id) == 1 ? $id[0] : 0; } - function createHash($line, $key) + function createHash($line, $key, $relation) { $hash = implode(time(), $line) . rand(); $hash = md5($hash);