X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcarnet.php;h=b5a2c4d409a83bca064a4fb43c7378b314f4b766;hb=efe597c5795234724bc3df508bd628f9860a9c32;hp=2bd196c61f4f2a68c439e4434a912bbcdc4fb68e;hpb=21c7c593d7100a887f984c49a82c03eb32169fc4;p=platal.git diff --git a/modules/carnet.php b/modules/carnet.php index 2bd196c..b5a2c4d 100644 --- a/modules/carnet.php +++ b/modules/carnet.php @@ -39,11 +39,11 @@ class CarnetModule extends PLModule function _add_rss_link(&$page) { - if (!S::has('core_rss_hash')) { + if (!S::hasAuthToken()) { return; } $page->setRssLink('Polytechnique.org :: Carnet', - '/carnet/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml'); + '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml'); } function handler_index(&$page) @@ -158,41 +158,6 @@ class CarnetModule extends PLModule $page->assign_by_ref('watch', $watch); } - function _get_list($offset, $limit) { - $uid = S::v('uid'); - $res = XDB::query("SELECT COUNT(*) FROM contacts WHERE uid = {?}", $uid); - $total = $res->fetchOneCell(); - - $order = Get::v('order'); - $orders = Array( - 'nom' => 'nom DESC, u.prenom, u.promo', - 'promo' => 'promo DESC, nom, u.prenom', - 'last' => 'u.date DESC, nom, u.prenom, promo'); - if ($order != 'promo' && $order != 'last') - $order = 'nom'; - $order = $orders[$order]; - if (Get::v('inv') == '') - $order = str_replace(" DESC,", ",", $order); - - $res = XDB::query(" - SELECT u.prenom, IF(u.nom_usage='',u.nom,u.nom_usage) AS nom, a.alias AS forlife, u.promo - FROM contacts AS c - INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact) - INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') - WHERE c.uid = {?} - ORDER BY $order - LIMIT {?}, {?}", $uid, $offset*$limit, $limit); - $list = $res->fetchAllAssoc(); - - return Array($total, $list); - } - - function searchErrorHandler($explain) { - $page =& Platal::page(); - $page->trigError($explain); - $this->handler_contacts($page); - } - function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null) { $page->setTitle('Mes contacts'); @@ -203,7 +168,7 @@ class CarnetModule extends PLModule // For XSRF protection, checks both the normal xsrf token, and the special RSS token. // It allows direct linking to contact adding in the RSS feed. - if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) { + if (Env::v('action') && Env::v('token') !== S::v('token')) { S::assert_xsrf_token(); } switch (Env::v('action')) { @@ -298,17 +263,15 @@ class CarnetModule extends PLModule function handler_ical(&$page, $alias = null, $hash = null) { - require_once 'rss.inc.php'; - $uid = init_rss(null, $alias, $hash, false); - if (S::logged()) { - if (!$uid) { - $uid = S::i('uid'); - } else if ($uid != S::i('uid')) { - send_warning_email("Récupération d\'un autre utilisateur ($uid)"); + $user = Platal::session()->tokenAuth($alias, $hash); + if (is_null($user)) { + if (S::logged()) { + $user == S::user(); + } else { + return PL_FORBIDDEN; } - } else if (!$uid) { - exit; } + require_once 'ical.inc.php'; $page->changeTpl('carnet/calendar.tpl', NO_SKIN); $page->register_function('display_ical', 'display_ical'); @@ -320,21 +283,21 @@ class CarnetModule extends PLModule u.naissance, DATE_ADD(u.naissance, INTERVAL 1 DAY) AS end, u.date_ins, - a.alias AS forlife + u.hruid FROM contacts AS c INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact) INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type = \'a_vie\') - WHERE c.uid = {?}', $uid); + WHERE c.uid = {?}', $user->id()); $annivs = Array(); - while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) { + while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) { $naissance = str_replace('-', '', $naissance); $end = str_replace('-', '', $end); $annivs[] = array( 'timestamp' => strtotime($ts), 'date' => $naissance, 'tomorrow' => $end, - 'forlife' => $forlife, + 'hruid' => $hruid, 'summary' => 'Anniversaire de '.$prenom .' '.$nom.' - x '.$promo, );