X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcarnet.php;h=b5a2c4d409a83bca064a4fb43c7378b314f4b766;hb=efe597c5795234724bc3df508bd628f9860a9c32;hp=b57f994661269e60af14d132561f1e5f3bfa8bd6;hpb=acc9be56f2cc773f7e684f9cd3201141bc126ee2;p=platal.git

diff --git a/modules/carnet.php b/modules/carnet.php
index b57f994..b5a2c4d 100644
--- a/modules/carnet.php
+++ b/modules/carnet.php
@@ -39,11 +39,11 @@ class CarnetModule extends PLModule
 
     function _add_rss_link(&$page)
     {
-        if (!S::has('core_rss_hash')) {
+        if (!S::hasAuthToken()) {
             return;
         }
         $page->setRssLink('Polytechnique.org :: Carnet',
-                          '/carnet/rss/'.S::v('hruid').'/'.S::v('core_rss_hash').'/rss.xml');
+                          '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml');
     }
 
     function handler_index(&$page)
@@ -168,7 +168,7 @@ class CarnetModule extends PLModule
 
         // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
         // It allows direct linking to contact adding in the RSS feed.
-        if (Env::v('action') && Env::v('token') !== S::v('core_rss_hash')) {
+        if (Env::v('action') && Env::v('token') !== S::v('token')) {
             S::assert_xsrf_token();
         }
         switch (Env::v('action')) {
@@ -263,16 +263,13 @@ class CarnetModule extends PLModule
 
     function handler_ical(&$page, $alias = null, $hash = null)
     {
-        require_once 'rss.inc.php';
-        $uid = init_rss(null, $alias, $hash, false);
-        if (S::logged()) {
-            if (!$uid) {
-                $uid = S::i('uid');
-            } else if ($uid != S::i('uid')) {
-                send_warning_email("Récupération d\'un autre utilisateur ($uid)");
+        $user = Platal::session()->tokenAuth($alias, $hash);
+        if (is_null($user)) {
+            if (S::logged()) {
+                $user == S::user();
+            } else {
+                return PL_FORBIDDEN;
             }
-        } else if (!$uid) {
-            exit;
         }
 
         require_once 'ical.inc.php';
@@ -290,7 +287,7 @@ class CarnetModule extends PLModule
                    FROM contacts      AS c
              INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
              INNER JOIN aliases       AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
-                  WHERE c.uid = {?}', $uid);
+                  WHERE c.uid = {?}', $user->id());
 
         $annivs = Array();
         while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) {