X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcarnet.php;h=78b0b6943036ad93df5bbd2cbeeea31ce1d36315;hb=732e5855cffcd5e2eaaf5bd66760c4432d437244;hp=97269462c6f4b394f7fc6bf099f0623c9cea7f0c;hpb=801fcad813666310da1ca5b6f07f91cfed1abbee;p=platal.git diff --git a/modules/carnet.php b/modules/carnet.php index 9726946..78b0b69 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -1,6 +1,6 @@ $this->make_hook('index', AUTH_COOKIE), - 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE), - 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE), + 'carnet' => $this->make_hook('index', AUTH_COOKIE), + 'carnet/panel' => $this->make_hook('panel', AUTH_COOKIE), + 'carnet/notifs' => $this->make_hook('notifs', AUTH_COOKIE), - 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE), - 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE), + 'carnet/contacts' => $this->make_hook('contacts', AUTH_COOKIE), + 'carnet/contacts/pdf' => $this->make_hook('pdf', AUTH_COOKIE, 'user', NO_HTTPS), + 'carnet/contacts/ical' => $this->make_hook('ical', AUTH_PUBLIC, 'user', NO_HTTPS), + 'carnet/contacts/vcard' => $this->make_hook('vcard', AUTH_COOKIE, 'user', NO_HTTPS), - 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC), - 'carnet/ical' => $this->make_hook('ical', AUTH_PUBLIC), + 'carnet/rss' => $this->make_hook('rss', AUTH_PUBLIC, 'user', NO_HTTPS), ); } + function on_subscribe($forlife, $uid, $promo, $password) + { + require_once 'notifs.inc.php'; + register_watch_op($uid, WATCH_INSCR); + inscription_notifs_base($uid); + } + function _add_rss_link(&$page) { if (!S::has('core_rss_hash')) { return; } - $page->assign('xorg_rss', - array('title' => 'Polytechnique.org :: Carnet', - 'href' => '/carnet/rss/'.S::v('forlife') - .'/'.S::v('core_rss_hash').'/rss.xml') - ); + $page->setRssLink('Polytechnique.org :: Carnet', + '/carnet/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml'); } function handler_index(&$page) @@ -60,10 +65,9 @@ class CarnetModule extends PLModule $page->changeTpl('carnet/panel.tpl'); if (Get::has('read')) { - global $globals; - - $_SESSION['watch_last'] = Get::get('read'); - redirect($globals->baseurl.'/carnet/panel'); + $_SESSION['watch_last'] = Get::v('read'); + update_NbNotifs(); + pl_redirect('carnet/panel'); } require_once 'notifs.inc.php'; @@ -81,7 +85,7 @@ class CarnetModule extends PLModule if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) { $p = intval($matches[1]); if($p<1900 || $p>2100) { - $page->trig("la promo entrée est invalide"); + $page->trigError("la promo entrée est invalide"); } else { if ($action == 'add_promo') { $watch->_promos->add($p); @@ -93,9 +97,9 @@ class CarnetModule extends PLModule $p1 = intval($matches[1]); $p2 = intval($matches[2]); if($p1<1900 || $p1>2100) { - $page->trig('la première promo de la plage entrée est invalide'); + $page->trigError('la première promo de la plage entrée est invalide'); } elseif($p2<1900 || $p2>2100) { - $page->trig('la seconde promo de la plage entrée est invalide'); + $page->trigError('la seconde promo de la plage entrée est invalide'); } else { if ($action == 'add_promo') { $watch->_promos->addRange($p1, $p2); @@ -104,7 +108,7 @@ class CarnetModule extends PLModule } } } else { - $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect."); + $page->trigError("La promo (ou la plage de promo) entrée est dans un format incorrect."); } } @@ -123,6 +127,9 @@ class CarnetModule extends PLModule $promo_sortie = $res->fetchOneCell(); $page->assign('promo_sortie', $promo_sortie); + if ($action) { + S::assert_xsrf_token(); + } switch ($action) { case 'add_promo': case 'del_promo': @@ -138,13 +145,20 @@ class CarnetModule extends PLModule break; } - if (Env::has('subs')) $watch->_subs->update('sub'); + if (Env::has('subs')) { + S::assert_xsrf_token(); + $watch->_subs->update('sub'); + } + if (Env::has('flags_contacts')) { - $watch->watch_contacts = Env::getBool('contacts'); + S::assert_xsrf_token(); + $watch->watch_contacts = Env::b('contacts'); $watch->saveFlags(); } + if (Env::has('flags_mail')) { - $watch->watch_mail = Env::getBool('mail'); + S::assert_xsrf_token(); + $watch->watch_mail = Env::b('mail'); $watch->saveFlags(); } @@ -156,7 +170,7 @@ class CarnetModule extends PLModule $res = XDB::query("SELECT COUNT(*) FROM contacts WHERE uid = {?}", $uid); $total = $res->fetchOneCell(); - $order = Get::get('order'); + $order = Get::v('order'); $orders = Array( 'nom' => 'nom DESC, u.prenom, u.promo', 'promo' => 'promo DESC, nom, u.prenom', @@ -164,7 +178,7 @@ class CarnetModule extends PLModule if ($order != 'promo' && $order != 'last') $order = 'nom'; $order = $orders[$order]; - if (Get::get('inv') == '') + if (Get::v('inv') == '') $order = str_replace(" DESC,", ",", $order); $res = XDB::query(" @@ -180,32 +194,42 @@ class CarnetModule extends PLModule return Array($total, $list); } - function handler_contacts(&$page, $action = null) + function searchErrorHandler($explain) { + global $page; + $page->trigError($explain); + $this->handler_contacts($page); + } + + function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null) { - $page->changeTpl('carnet/mescontacts.tpl'); - require_once("applis.func.inc.php"); $page->assign('xorg_title','Polytechnique.org - Mes contacts'); + $this->_add_rss_link($page); $uid = S::v('uid'); - $user = Env::get('user'); + $user = Env::v('user'); - switch (Env::get('action')) { + // For XSRF protection, checks both the normal xsrf token, and the special RSS token. + // It allows direct linking to contact adding in the RSS feed. + if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) { + S::assert_xsrf_token(); + } + switch (Env::v('action')) { case 'retirer': if (is_numeric($user)) { if (XDB::execute('DELETE FROM contacts - WHERE uid = {?} AND contact = {?}', - $uid, $user)) + WHERE uid = {?} AND contact = {?}', + $uid, $user)) { - $page->trig("Contact retiré !"); + $page->trigSuccess("Contact retiré !"); } } else { if (XDB::execute( - 'DELETE FROM contacts + 'DELETE FROM c USING contacts AS c INNER JOIN aliases AS a ON (c.contact=a.id and a.type!="homonyme") WHERE c.uid = {?} AND a.alias={?}', $uid, $user)) { - $page->trig("Contact retiré !"); + $page->trigSuccess("Contact retiré !"); } } break; @@ -214,86 +238,50 @@ class CarnetModule extends PLModule require_once('user.func.inc.php'); if (($login = get_user_login($user)) !== false) { if (XDB::execute( - 'INSERT INTO contacts (uid, contact) - SELECT {?}, id - FROM aliases - WHERE alias = {?}', $uid, $login)) + 'REPLACE INTO contacts (uid, contact) + SELECT {?}, id + FROM aliases + WHERE alias = {?}', $uid, $login)) { - $page->trig('Contact ajouté !'); + $page->trigSuccess('Contact ajouté !'); } else { - $page->trig('Contact déjà dans la liste !'); + $page->trigWarning('Contact déjà dans la liste !'); } } } - if ($action == 'trombi') { - require_once 'trombi.inc.php'; - - $trombi = new Trombi(array($this, '_get_list')); - $trombi->setNbRows(4); - $page->assign_by_ref('trombi',$trombi); - - $order = Get::get('order'); - if ($order != 'promo' && $order != 'last') - $order = 'nom'; - $page->assign('order', $order); - $page->assign('inv', Get::get('inv')); + $search = false; + if ($action == 'search') { + $action = $subaction; + $subaction = $ssaction; + $search = true; + } + if ($search && trim(Env::v('quick'))) { + require_once 'userset.inc.php'; + $base = 'carnet/contacts/search'; + require_once(dirname(__FILE__) . '/search/classes.inc.php'); + ThrowError::$throwHook = array($this, 'searchErrorHandler'); + $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid"); } else { - - $order = Get::get('order'); - $orders = Array( - 'nom' => 'sortkey DESC, a.prenom, a.promo', - 'promo' => 'promo DESC, sortkey, a.prenom', - 'last' => 'a.date DESC, sortkey, a.prenom, promo'); - if ($order != 'promo' && $order != 'last') - $order = 'nom'; - $page->assign('order', $order); - $page->assign('inv', Get::get('inv')); - $order = $orders[$order]; - if (Get::get('inv') == '') - $order = str_replace(" DESC,", ",", $order); - - $sql = "SELECT contact AS id, - a.*, l.alias AS forlife, - 1 AS inscrit, - a.perms != 'pending' AS wasinscrit, - a.deces != 0 AS dcd, a.deces, a.matricule_ax, - FIND_IN_SET('femme', a.flags) AS sexe, - e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction, - IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166, - ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type, - ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type, - adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region, - IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey - FROM contacts AS c - INNER JOIN auth_user_md5 AS a ON (a.user_id = c.contact) - INNER JOIN aliases AS l ON (a.user_id = l.id AND l.type='a_vie') - LEFT JOIN entreprises AS e ON (e.entrid = 0 AND e.uid = a.user_id) - LEFT JOIN emploi_secteur AS es ON (e.secteur = es.id) - LEFT JOIN fonctions_def AS ef ON (e.fonction = ef.id) - LEFT JOIN geoloc_pays AS n ON (a.nationalite = n.a2) - LEFT JOIN applis_ins AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0) - LEFT JOIN applis_def AS ad0 ON (ad0.id = ai0.aid) - LEFT JOIN applis_ins AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1) - LEFT JOIN applis_def AS ad1 ON (ad1.id = ai1.aid) - LEFT JOIN adresses AS adr ON (a.user_id = adr.uid - AND FIND_IN_SET('active', adr.statut)) - LEFT JOIN geoloc_pays AS gp ON (adr.country = gp.a2) - LEFT JOIN geoloc_region AS gr ON (adr.country = gr.a2 AND adr.region = gr.region) - WHERE c.uid = $uid - ORDER BY ".$order; - - $page->assign_by_ref('citer', XDB::iterator($sql)); + $base = 'carnet/contacts'; + $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid "); + } + $view->addMod('minifiche', 'Mini-Fiches', true); + $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true)); + $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search')); + $view->apply($base, $page, $action, $subaction); + if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) { + $page->changeTpl('carnet/mescontacts.tpl'); } } function handler_pdf(&$page, $arg0 = null, $arg1 = null) { - require_once 'contacts.pdf.inc.php'; + require_once dirname(__FILE__).'/carnet/contacts.pdf.inc.php'; require_once 'user.func.inc.php'; - session_write_close(); + Platal::session()->close(); $sql = "SELECT a.alias FROM aliases AS a @@ -311,7 +299,12 @@ class CarnetModule extends PLModule while (list($alias) = $citer->next()) { $user = get_user_details($alias); - $pdf->addContact($user, $arg0 == 'photos' || $arg1 == 'photos'); + foreach ($user as &$value) { + if (is_utf8($value)) { + $value = utf8_decode($value); + } + } + $pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos'); } $pdf->Output(); @@ -328,49 +321,64 @@ class CarnetModule extends PLModule $page->assign('notifs', $notifs); } - function handler_ical(&$page, $user = null, $hash = null, $all = null) + function handler_ical(&$page, $alias = null, $hash = null) { - $page->changeTpl('carnet/calendar.tpl', NO_SKIN); - - if ($alias && $hash) { - $res = XDB::query( - 'SELECT a.id - FROM aliases AS a - INNER JOIN auth_user_quick AS q ON ( a.id = q.user_id AND q.core_rss_hash = {?} ) - WHERE a.alias = {?} AND a.type != "homonyme"', $hash, $alias); - $uid = $res->fetchOneCell(); - } - - require_once 'notifs.inc.php'; - $notifs = new Notifs($uid, true); - - $annivcat = false; - foreach ($notifs->_cats as $cat) { - if (preg_match('/anniv/i', $cat['short'])) - $annivcat = $cat['id']; - } - - if ($annivcat !== false) { - $annivs = array(); - foreach ($notifs->_data[$annivcat] as $promo) { - foreach ($promo as $notif) { - if ($all == 'all' || $notif['contact']) { - $annivs[] = array( - 'timestamp' => $notif['known'], - 'date' => strtotime($notif['date']), - 'tomorrow' => strtotime("+1 day", strtotime($notif['date'])), - 'bestalias' => $notif['bestalias'], - 'summary' => 'Anniversaire de '.$notif['prenom'] - .' '.$notif['nom'].' - x '.$notif['promo'], - ); - } - } + require_once 'rss.inc.php'; + $uid = init_rss(null, $alias, $hash, false); + if (S::logged()) { + if (!$uid) { + $uid = S::i('uid'); + } else if ($uid != S::i('uid')) { + require_once 'xorg.misc.inc.php'; + send_warning_email("Récupération d\'un autre utilisateur ($uid)"); } - $page->assign('events', $annivs); + } else if (!$uid) { + exit; } + require_once 'ical.inc.php'; + $page->changeTpl('carnet/calendar.tpl', NO_SKIN); + $page->register_function('display_ical', 'display_ical'); + + $res = XDB::iterRow( + 'SELECT u.prenom, + IF(u.nom_usage = \'\',u.nom,u.nom_usage) AS nom, + u.promo, + u.naissance, + DATE_ADD(u.naissance, INTERVAL 1 DAY) AS end, + u.date_ins, + a.alias AS forlife + FROM contacts AS c + INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact) + INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\') + WHERE c.uid = {?}', $uid); + + $annivs = Array(); + while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) { + $naissance = str_replace('-', '', $naissance); + $end = str_replace('-', '', $end); + $annivs[] = array( + 'timestamp' => strtotime($ts), + 'date' => $naissance, + 'tomorrow' => $end, + 'forlife' => $forlife, + 'summary' => 'Anniversaire de '.$prenom + .' '.$nom.' - x '.$promo, + ); + } + $page->assign('events', $annivs); header('Content-Type: text/calendar; charset=utf-8'); } + + function handler_vcard(&$page, $photos = null) + { + $res = XDB::query('SELECT contact + FROM contacts + WHERE uid = {?}', S::v('uid')); + $vcard = new VCard($res->fetchColumn(), $photos == 'photos'); + $vcard->do_page(&$page); + } } +// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?>