X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcarnet.php;h=2b64a5f8b3ae3c0638bfa6bb1d5d3694228e6642;hb=5660032ac785d410f90e3f5b0d6948dc90b0cfea;hp=3080c917a2216a8893e33e7b26b2c0b0dcfb8b9e;hpb=8d84c630f353ef0534e02325507ed35cc2f0d28f;p=platal.git diff --git a/modules/carnet.php b/modules/carnet.php index 3080c91..2b64a5f 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -29,9 +29,9 @@ class CarnetModule extends PLModule 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE), 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE), - 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS), + 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE), + 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE), 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS), - 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS), 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS), ); @@ -39,11 +39,11 @@ class CarnetModule extends PLModule function _add_rss_link(&$page) { - if (!S::has('core_rss_hash')) { + if (!S::hasAuthToken()) { return; } $page->setRssLink('Polytechnique.org :: Carnet', - '/carnet/rss/'.S::v('hruid').'/'.S::v('core_rss_hash').'/rss.xml'); + '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml'); } function handler_index(&$page) @@ -58,104 +58,195 @@ class CarnetModule extends PLModule $page->changeTpl('carnet/panel.tpl'); if (Get::has('read')) { - S::set('watch_last', Get::v('read')); + XDB::execute('UPDATE watch + SET last = FROM_UNIXTIME({?}) + WHERE uid = {?}', + Get::i('read'), S::i('uid')); + S::set('watch_last', Get::i('read')); Platal::session()->updateNbNotifs(); pl_redirect('carnet/panel'); } require_once 'notifs.inc.php'; + $page->assign('now', time()); - $page->assign('now',date('YmdHis')); - $notifs = new Notifs(S::v('uid'), true); - + $user = S::user(); + $notifs = Watch::getEvents($user, time() - (7 * 86400)); $page->assign('notifs', $notifs); $page->assign('today', date('Y-m-d')); $this->_add_rss_link($page); } - function _handler_notifs_promos(&$page, &$watch, $action, $arg) + private function getSinglePromotion(PlPage &$page, $promo) { - if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) { - $p = intval($matches[1]); - if($p<1900 || $p>2100) { - $page->trigError("la promo entrée est invalide"); - } else { - if ($action == 'add_promo') { - $watch->_promos->add($p); - } else { - $watch->_promos->del($p); - } - } - } elseif (preg_match('!^ *(\d{4}) *- *(\d{4}) *$!', $arg, $matches)) { - $p1 = intval($matches[1]); - $p2 = intval($matches[2]); - if($p1<1900 || $p1>2100) { - $page->trigError('la première promo de la plage entrée est invalide'); - } elseif($p2<1900 || $p2>2100) { - $page->trigError('la seconde promo de la plage entrée est invalide'); + if (!ctype_digit($promo) || $promo < 1920 || $promo > date('Y')) { + $page->trigError('Promotion invalide : ' . $promo . '.'); + return null; + } + return (int)$promo; + } + + private function getPromo(PlPage &$page, $promo) + { + if (strpos($promo, '-') === false) { + $promo = $this->getSinglePromotion($page, $promo); + if (!$promo) { + return null; } else { - if ($action == 'add_promo') { - $watch->_promos->addRange($p1, $p2); - } else { - $watch->_promos->delRange($p1, $p2); - } + return array($promo); } - } else { - $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect."); } + + list($promo1, $promo2) = explode('-', $promo); + $promo1 = $this->getSinglePromotion($page, $promo1); + if (!$promo1) { + return null; + } + $promo2 = $this->getSinglePromotion($page, $promo2); + if (!$promo2) { + return null; + } + if ($promo1 > $promo2) { + $page->trigError('Intervalle non valide : ' . $promo . '.'); + return null; + } + $array = array(); + for ($i = $promo1 ; $i <= $promo2 ; ++$i) { + $array[] = $i; + } + return $array; } - function handler_notifs(&$page, $action = null, $arg = null) + private function addPromo(PlPage &$page, $promo) { - $page->changeTpl('carnet/notifs.tpl'); + $promos = $this->getPromo($page, $promo); + if (!$promos || count($promos) == 0) { + return; + } + $to_add = array(); + foreach ($promos as $promo) { + $to_add[] = XDB::format('({?}, {?})', S::i('uid'), $promo); + } + XDB::execute('INSERT IGNORE INTO watch_promo (uid, promo) + VALUES ' . implode(', ', $to_add)); + } - require_once 'notifs.inc.php'; + private function delPromo(PlPage &$page, $promo) + { + $promos = $this->getPromo($page, $promo); + if (!$promos || count($promos) == 0) { + return; + } + $to_delete = array(); + foreach ($promos as $promo) { + $to_delete[] = XDB::format('{?}', $promo); + } + XDB::execute('DELETE FROM watch_promo + WHERE ' . XDB::format('uid = {?}', S::i('uid')) . ' + AND promo IN (' . implode(', ', $to_delete) . ')'); + } - $watch = new Watch(S::v('uid')); + public function addNonRegistered(PlPage &$page, PlUser &$user) + { + XDB::execute('INSERT IGNORE INTO watch_nonins (uid, ni_id) + VALUES ({?}, {?})', S::i('uid'), $user->id()); + } - $res = XDB::query("SELECT promo_sortie - FROM auth_user_md5 - WHERE user_id = {?}", - S::v('uid', -1)); - $promo_sortie = $res->fetchOneCell(); - $page->assign('promo_sortie', $promo_sortie); + public function delNonRegistered(PlPage &$page, PlUser &$user) + { + XDB::execute('DELETE FROM watch_nonins + WHERE uid = {?} AND ni_id = {?}', + S::i('uid'), $user->id()); + } + + public function handler_notifs(&$page, $action = null, $arg = null) + { + $page->changeTpl('carnet/notifs.tpl'); if ($action) { S::assert_xsrf_token(); - } - switch ($action) { - case 'add_promo': - case 'del_promo': - $this->_handler_notifs_promos($page, $watch, $action, $arg); - break; - - case 'del_nonins': - $watch->_nonins->del($arg); - break; - - case 'add_nonins': - $watch->_nonins->add($arg); - break; + switch ($action) { + case 'add_promo': + $this->addPromo($page, $arg); + break; + + case 'del_promo': + $this->delPromo($page, $arg); + break; + + case 'del_nonins': + $user = User::get($arg); + if ($user) { + $this->delNonRegistered($page, $user); + } + break; + + case 'add_nonins': + $user = User::get($arg); + if ($user) { + $this->addNonRegistered($page, $user); + } + break; + } } if (Env::has('subs')) { S::assert_xsrf_token(); - $watch->_subs->update('sub'); + $flags = new PlFlagSet(); + foreach (Env::v('sub') as $key=>$value) { + $flags->addFlag($key, $value); + } + XDB::execute('UPDATE watch + SET actions = {?} + WHERE uid = {?}', $flags, S::i('uid')); } if (Env::has('flags_contacts')) { S::assert_xsrf_token(); - $watch->watch_contacts = Env::b('contacts'); - $watch->saveFlags(); + XDB::execute('UPDATE watch + SET ' . XDB::changeFlag('flags', 'contacts', Env::b('contacts')) . ' + WHERE uid = {?}', S::i('uid')); } if (Env::has('flags_mail')) { S::assert_xsrf_token(); - $watch->watch_mail = Env::b('mail'); - $watch->saveFlags(); + XDB::execute('UPDATE watch + SET ' . XDB::changeFlag('flags', 'mail', Env::b('mail')) . ' + WHERE uid = {?}', S::i('uid')); } - $page->assign_by_ref('watch', $watch); + $user = S::user(); + $nonins = new UserFilter(new UFC_WatchRegistration($user)); + + $promo = XDB::fetchColumn('SELECT promo + FROM watch_promo + WHERE uid = {?} + ORDER BY promo', S::i('uid')); + $page->assign('promo_count', count($promo)); + $ranges = array(); + $range_start = null; + $range_end = null; + foreach ($promo as $p) { + if (is_null($range_start)) { + $range_start = $range_end = $p; + } else if ($p != $range_end + 1) { + $ranges[] = array($range_start, $range_end); + $range_start = $range_end = $p; + } else { + $range_end = $p; + } + } + $ranges[] = array($range_start, $range_end); + $page->assign('promo_ranges', $ranges); + $page->assign('nonins', $nonins->getUsers()); + + list($flags, $actions) = XDB::fetchOneRow('SELECT flags, actions + FROM watch + WHERE uid = {?}', S::i('uid')); + $flags = new PlFlagSet($flags); + $actions = new PlFlagSet($actions); + $page->assign('flags', $flags); + $page->assign('actions', $actions); } function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null) @@ -163,12 +254,12 @@ class CarnetModule extends PLModule $page->setTitle('Mes contacts'); $this->_add_rss_link($page); - $uid = S::v('uid'); + $uid = S::i('uid'); $user = Env::v('user'); // For XSRF protection, checks both the normal xsrf token, and the special RSS token. // It allows direct linking to contact adding in the RSS feed. - if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) { + if (Env::v('action') && Env::v('token') !== S::v('token')) { S::assert_xsrf_token(); } switch (Env::v('action')) { @@ -176,7 +267,7 @@ class CarnetModule extends PLModule if (($user = User::get(Env::v('user')))) { if (XDB::execute("DELETE FROM contacts WHERE uid = {?} AND contact = {?}", $uid, $user->id())) { - $page->trigSuccess("Contact retiré !"); + $page->trigSuccess("Contact retiré !"); } } break; @@ -185,22 +276,21 @@ class CarnetModule extends PLModule if (($user = User::get(Env::v('user')))) { if (XDB::execute("REPLACE INTO contacts (uid, contact) VALUES ({?}, {?})", $uid, $user->id())) { - $page->trigSuccess('Contact ajouté !'); + $page->trigSuccess('Contact ajouté !'); } else { - $page->trigWarning('Contact déjà dans la liste !'); + $page->trigWarning('Contact déjà dans la liste !'); } } break; } - $search = false; +/* $search = false; if ($action == 'search') { $action = $subaction; $subaction = $ssaction; $search = true; } if ($search && trim(Env::v('quick'))) { - require_once 'userset.inc.php'; $base = 'carnet/contacts/search'; Platal::load('search', 'classes.inc.php'); @@ -209,14 +299,18 @@ class CarnetModule extends PLModule } else { $base = 'carnet/contacts'; $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid "); - } + }*/ + + require_once 'userset.inc.php'; + $user = S::user(); + $view = new UserSet(new UFC_Contact($user)); $view->addMod('minifiche', 'Mini-fiches', true); $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true)); $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search')); - $view->apply($base, $page, $action, $subaction); - if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) { - $page->changeTpl('carnet/mescontacts.tpl'); - } + $view->apply('carnet/contacts', $page, $action, $subaction); + //if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) { + $page->changeTpl('carnet/mescontacts.tpl'); + //} } function handler_pdf(&$page, $arg0 = null, $arg1 = null) @@ -263,16 +357,13 @@ class CarnetModule extends PLModule function handler_ical(&$page, $alias = null, $hash = null) { - require_once 'rss.inc.php'; - $uid = init_rss(null, $alias, $hash, false); - if (S::logged()) { - if (!$uid) { - $uid = S::i('uid'); - } else if ($uid != S::i('uid')) { - send_warning_email("Récupération d\'un autre utilisateur ($uid)"); + $user = Platal::session()->tokenAuth($alias, $hash); + if (is_null($user)) { + if (S::logged()) { + $user == S::user(); + } else { + return PL_FORBIDDEN; } - } else if (!$uid) { - exit; } require_once 'ical.inc.php'; @@ -290,7 +381,7 @@ class CarnetModule extends PLModule FROM contacts AS c INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact) INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\') - WHERE c.uid = {?}', $uid); + WHERE c.uid = {?}', $user->id()); $annivs = Array(); while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) { @@ -307,7 +398,7 @@ class CarnetModule extends PLModule } $page->assign('events', $annivs); - header('Content-Type: text/calendar; charset=utf-8'); + pl_content_headers("text/calendar"); } function handler_vcard(&$page, $photos = null)