X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fcarnet.php;h=e64350592a511f7f20f9d08a4f36b950f2f59bfd;hb=0001ba7a34dc3b535407cb1b961781c3c69c0ccd;hp=407655c18d2ed0a14222e61c4ae1b7e9ba1c92ad;hpb=62e6d10026e3700bc54b558870663acc981d4a80;p=platal.git

diff --git a/modules/carnet.php b/modules/carnet.php
index 407655c..e643505 100644
--- a/modules/carnet.php
+++ b/modules/carnet.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2006 Polytechnique.org                              *
+ *  Copyright (C) 2003-2009 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -24,34 +24,32 @@ class CarnetModule extends PLModule
     function handlers()
     {
         return array(
-            'carnet'              => $this->make_hook('index',    AUTH_COOKIE),
-            'carnet/panel'        => $this->make_hook('panel',    AUTH_COOKIE),
-            'carnet/notifs'       => $this->make_hook('notifs',   AUTH_COOKIE),
+            'carnet'                => $this->make_hook('index',    AUTH_COOKIE),
+            'carnet/panel'          => $this->make_hook('panel',    AUTH_COOKIE),
+            'carnet/notifs'         => $this->make_hook('notifs',   AUTH_COOKIE),
 
-            'carnet/contacts'     => $this->make_hook('contacts', AUTH_COOKIE),
-            'carnet/contacts/pdf' => $this->make_hook('pdf',      AUTH_COOKIE),
+            'carnet/contacts'       => $this->make_hook('contacts', AUTH_COOKIE),
+            'carnet/contacts/pdf'   => $this->make_hook('pdf',      AUTH_COOKIE, 'user', NO_HTTPS),
+            'carnet/contacts/ical'  => $this->make_hook('ical',     AUTH_PUBLIC, 'user', NO_HTTPS),
+            'carnet/contacts/vcard' => $this->make_hook('vcard',    AUTH_COOKIE, 'user', NO_HTTPS),
 
-            'carnet/rss'          => $this->make_hook('rss',      AUTH_PUBLIC),
-            'carnet/ical'         => $this->make_hook('ical',     AUTH_PUBLIC),
+            'carnet/rss'            => $this->make_hook('rss',      AUTH_PUBLIC, 'user', NO_HTTPS),
         );
     }
 
     function _add_rss_link(&$page)
     {
-        if (!S::has('core_rss_hash')) {
+        if (!S::hasAuthToken()) {
             return;
         }
-        $page->assign('xorg_rss',
-                      array('title' => 'Polytechnique.org :: Carnet',
-                            'href'  => '/carnet/rss/'.S::v('forlife')
-                                      .'/'.S::v('core_rss_hash').'/rss.xml')
-                      );
+        $page->setRssLink('Polytechnique.org :: Carnet',
+                          '/carnet/rss/'.S::v('hruid').'/'.S::v('token').'/rss.xml');
     }
 
     function handler_index(&$page)
     {
         $page->changeTpl('carnet/index.tpl');
-        $page->assign('xorg_title','Polytechnique.org - Mon carnet');
+        $page->setTitle('Mon carnet');
         $this->_add_rss_link($page);
     }
 
@@ -60,238 +58,264 @@ class CarnetModule extends PLModule
         $page->changeTpl('carnet/panel.tpl');
 
         if (Get::has('read')) {
-            $_SESSION['watch_last'] = Get::v('read');
+            XDB::execute('UPDATE  watch
+                             SET  last = FROM_UNIXTIME({?})
+                           WHERE  uid = {?}',
+                         Get::i('read'), S::i('uid'));
+            S::set('watch_last', Get::i('read'));
+            Platal::session()->updateNbNotifs();
             pl_redirect('carnet/panel');
         }
 
         require_once 'notifs.inc.php';
+        $page->assign('now', time());
 
-        $page->assign('now',date('YmdHis'));
-        $notifs = new Notifs(S::v('uid'), true);
-
+        $user = S::user();
+        $notifs = Watch::getEvents($user, time() - (7 * 86400));
         $page->assign('notifs', $notifs);
         $page->assign('today', date('Y-m-d'));
         $this->_add_rss_link($page);
     }
 
-    function _handler_notifs_promos(&$page, &$watch, $action, $arg)
+    private function getSinglePromotion(PlPage &$page, $promo)
     {
-        if(preg_match('!^ *(\d{4}) *$!', $arg, $matches)) {
-            $p = intval($matches[1]);
-            if($p<1900 || $p>2100) {
-                $page->trig("la promo entrée est invalide");
-            } else {
-                if ($action == 'add_promo') {
-                    $watch->_promos->add($p);
-                } else {
-                    $watch->_promos->del($p);
-                }
-            }
-        } elseif (preg_match('!^ *(\d{4}) *- *(\d{4}) *$!', $arg, $matches)) {
-            $p1 = intval($matches[1]);
-            $p2 = intval($matches[2]);
-            if($p1<1900 || $p1>2100) {
-                $page->trig('la première promo de la plage entrée est invalide');
-            } elseif($p2<1900 || $p2>2100) {
-                $page->trig('la seconde promo de la plage entrée est invalide');
+        if (!ctype_digit($promo) || $promo < 1920 || $promo > date('Y')) {
+            $page->trigError('Promotion invalide : ' . $promo);
+            return null;
+        }
+        return (int)$promo;
+    }
+
+    private function getPromo(PlPage &$page, $promo)
+    {
+        if (strpos($promo, '-') === false) {
+            $promo = $this->getSinglePromotion($page, $promo);
+            if (!$promo) {
+                return null;
             } else {
-                if ($action == 'add_promo') {
-                    $watch->_promos->addRange($p1, $p2);
-                } else {
-                    $watch->_promos->delRange($p1, $p2);
-                }
+                return array($promo);
             }
-        } else {
-            $page->trig("La promo (ou la plage de promo) entrée est dans un format incorrect.");
         }
+
+        list($promo1, $promo2) = explode('-', $promo);
+        $promo1 = $this->getSinglePromotion($page, $promo1);
+        if (!$promo1) {
+            return null;
+        }
+        $promo2 = $this->getSinglePromotion($page, $promo2);
+        if (!$promo2) {
+            return null;
+        }
+        if ($promo1 > $promo2) {
+            $page->trigError("Intervale non valide : " . $promo);
+            return null;
+        }
+        $array = array();
+        for ($i = $promo1 ; $i <= $promo2 ; ++$i) {
+            $array[] = $i;
+        }
+        return $array;
     }
 
-    function handler_notifs(&$page, $action = null, $arg = null)
+    private function addPromo(PlPage &$page, $promo)
     {
-        $page->changeTpl('carnet/notifs.tpl');
+        $promos = $this->getPromo($page, $promo);
+        if (!$promos || count($promos) == 0) {
+            return;
+        }
+        $to_add = array();
+        foreach ($promos as $promo) {
+            $to_add[] = XDB::format('({?}, {?})', S::i('uid'), $promo);
+        }
+        XDB::execute('INSERT IGNORE INTO  watch_promo (uid, promo)
+                                  VALUES  ' . implode(', ', $to_add));
+    }
 
-        require_once 'notifs.inc.php';
+    private function delPromo(PlPage &$page, $promo)
+    {
+        $promos = $this->getPromo($page, $promo);
+        if (!$promos || count($promos) == 0) {
+            return;
+        }
+        $to_delete = array();
+        foreach ($promos as $promo) {
+            $to_delete[] = XDB::format('{?}', $promo);
+        }
+        XDB::execute('DELETE FROM  watch_promo
+                            WHERE  ' . XDB::format('uid = {?}', S::i('uid')) . '
+                                   AND promo IN (' . implode(', ', $to_delete) . ')');
+    }
+
+    public function addNonRegistered(PlPage &$page, PlUser &$user)
+    {
+        XDB::execute('INSERT IGNORE INTO  watch_nonins (uid, ni_id)
+                                  VALUES  ({?}, {?})', S::i('uid'), $user->id());
+    }
 
-        $watch = new Watch(S::v('uid'));
+    public function delNonRegistered(PlPage &$page, PlUser &$user)
+    {
+        XDB::execute('DELETE FROM  watch_nonins
+                            WHERE  uid = {?} AND ni_id = {?}',
+                    S::i('uid'), $user->id());
+    }
 
-        $res = XDB::query("SELECT promo_sortie
-                                       FROM auth_user_md5
-                                      WHERE user_id = {?}",
-                                    S::v('uid', -1));
-        $promo_sortie = $res->fetchOneCell();
-        $page->assign('promo_sortie', $promo_sortie);
+    public function handler_notifs(&$page, $action = null, $arg = null)
+    {
+        $page->changeTpl('carnet/notifs.tpl');
 
-        switch ($action) {
-          case 'add_promo':
-          case 'del_promo':
-            $this->_handler_notifs_promos($page, $watch, $action, $arg);
-            break;
+        if ($action) {
+            S::assert_xsrf_token();
+            switch ($action) {
+              case 'add_promo':
+                $this->addPromo($page, $arg);
+                break;
 
-          case 'del_nonins':
-            $watch->_nonins->del($arg);
-            break;
+              case 'del_promo':
+                $this->delPromo($page, $arg);
+                break;
 
-          case 'add_nonins':
-            $watch->_nonins->add($arg);
-            break;
+              case 'del_nonins':
+                $user = User::get($arg);
+                if ($user) {
+                    $this->delNonRegistered($page, $user);
+                }
+                break;
+
+              case 'add_nonins':
+                $user = User::get($arg);
+                if ($user) {
+                    $this->addNonRegistered($page, $user);
+                }
+                break;
+            }
+        }
+
+        if (Env::has('subs')) {
+            S::assert_xsrf_token();
+            $flags = new PlFlagSet();
+            foreach (Env::v('sub') as $key=>$value) {
+                $flags->addFlag($key, $value);
+            }
+            XDB::execute('UPDATE  watch
+                             SET  actions = {?}
+                           WHERE  uid = {?}', $flags, S::i('uid'));
         }
 
-        if (Env::has('subs'))       $watch->_subs->update('sub');
         if (Env::has('flags_contacts')) {
-            $watch->watch_contacts = Env::b('contacts');
-            $watch->saveFlags();
+            S::assert_xsrf_token();
+            XDB::execute('UPDATE  watch
+                             SET  ' . XDB::changeFlag('flags', 'contacts', Env::b('contacts')) . '
+                           WHERE  uid = {?}', S::i('uid'));
         }
+
         if (Env::has('flags_mail')) {
-            $watch->watch_mail     = Env::b('mail');
-            $watch->saveFlags();
+            S::assert_xsrf_token();
+            XDB::execute('UPDATE  watch
+                             SET  ' . XDB::changeFlag('flags', 'mail', Env::b('mail')) . '
+                           WHERE  uid = {?}', S::i('uid'));
         }
 
-        $page->assign_by_ref('watch', $watch);
-    }
-
-    function _get_list($offset, $limit) {
-        $uid   = S::v('uid');
-        $res   = XDB::query("SELECT COUNT(*) FROM contacts WHERE uid = {?}", $uid);
-        $total = $res->fetchOneCell();
-
-        $order = Get::v('order');
-        $orders = Array(
-            'nom'     => 'nom DESC, u.prenom, u.promo',
-            'promo'   => 'promo DESC, nom, u.prenom',
-            'last'    => 'u.date DESC, nom, u.prenom, promo');
-        if ($order != 'promo' && $order != 'last')
-            $order = 'nom';
-        $order = $orders[$order];
-        if (Get::v('inv') == '')
-            $order = str_replace(" DESC,", ",", $order);
-
-        $res   = XDB::query("
-                SELECT  u.prenom, IF(u.nom_usage='',u.nom,u.nom_usage) AS nom, a.alias AS forlife, u.promo
-                  FROM  contacts       AS c
-            INNER JOIN  auth_user_md5  AS u   ON (u.user_id = c.contact)
-            INNER JOIN  aliases        AS a   ON (u.user_id = a.id AND a.type='a_vie')
-                 WHERE  c.uid = {?}
-              ORDER BY  $order
-                 LIMIT  {?}, {?}", $uid, $offset*$limit, $limit);
-        $list  = $res->fetchAllAssoc();
-
-        return Array($total, $list);
+        $user = S::user();
+        $nonins = new UserFilter(new UFC_WatchRegistration($user));
+
+        $promo = XDB::fetchColumn('SELECT  promo
+                                     FROM  watch_promo
+                                    WHERE  uid = {?}
+                                 ORDER BY  promo', S::i('uid'));
+        $page->assign('promo_count', count($promo));
+        $ranges = array();
+        $range_start  = null;
+        $range_end    = null;
+        foreach ($promo as $p) {
+            if (is_null($range_start)) {
+                $range_start = $range_end = $p;
+            } else if ($p != $range_end + 1) {
+                $ranges[] = array($range_start, $range_end);
+                $range_start = $range_end = $p;
+            } else {
+                $range_end = $p;
+            }
+        }
+        $ranges[] = array($range_start, $range_end);
+        $page->assign('promo_ranges', $ranges);
+        $page->assign('nonins', $nonins->getUsers());
+
+        list($flags, $actions) = XDB::fetchOneRow('SELECT  flags, actions
+                                                     FROM  watch
+                                                    WHERE  uid = {?}', S::i('uid'));
+        $flags = new PlFlagSet($flags);
+        $actions = new PlFlagSet($actions);
+        $page->assign('flags', $flags);
+        $page->assign('actions', $actions);
     }
 
-    function handler_contacts(&$page, $action = null)
+    function handler_contacts(&$page, $action = null, $subaction = null, $ssaction = null)
     {
-        $page->changeTpl('carnet/mescontacts.tpl');
-        require_once("applis.func.inc.php");
-        $page->assign('xorg_title','Polytechnique.org - Mes contacts');
+        $page->setTitle('Mes contacts');
+        $this->_add_rss_link($page);
 
         $uid  = S::v('uid');
         $user = Env::v('user');
 
+        // For XSRF protection, checks both the normal xsrf token, and the special RSS token.
+        // It allows direct linking to contact adding in the RSS feed.
+        if (Env::v('action') && Env::v('token') !== S::v('token')) {
+            S::assert_xsrf_token();
+        }
         switch (Env::v('action')) {
             case 'retirer':
-                if (is_numeric($user)) {
-                    if (XDB::execute('DELETE FROM contacts
-                                                      WHERE uid = {?} AND contact = {?}',
-                                               $uid, $user))
-                    {
-                        $page->trig("Contact retiré !");
-                    }
-                } else {
-                    if (XDB::execute(
-                                'DELETE FROM  contacts
-                                       USING  contacts AS c
-                                  INNER JOIN  aliases  AS a ON (c.contact=a.id and a.type!="homonyme")
-                                       WHERE  c.uid = {?} AND a.alias={?}', $uid, $user))
-                    {
-                        $page->trig("Contact retiré !");
+                if (($user = User::get(Env::v('user')))) {
+                    if (XDB::execute("DELETE FROM  contacts
+                                            WHERE  uid = {?} AND contact = {?}", $uid, $user->id())) {
+                        $page->trigSuccess("Contact retiré !");
                     }
                 }
                 break;
 
             case 'ajouter':
-                require_once('user.func.inc.php');
-                if (($login = get_user_login($user)) !== false) {
-                    if (XDB::execute(
-                                'INSERT INTO  contacts (uid, contact)
-                                      SELECT  {?}, id
-                                        FROM  aliases
-                                       WHERE  alias = {?}', $uid, $login))
-                    {
-                        $page->trig('Contact ajouté !');
+                if (($user = User::get(Env::v('user')))) {
+                    if (XDB::execute("REPLACE INTO  contacts (uid, contact)
+                                            VALUES  ({?}, {?})", $uid, $user->id())) {
+                        $page->trigSuccess('Contact ajouté !');
                     } else {
-                        $page->trig('Contact déjà dans la liste !');
+                        $page->trigWarning('Contact déjà dans la liste !');
                     }
                 }
+                break;
         }
 
-        if ($action == 'trombi') {
-            require_once 'trombi.inc.php';
-
-            $trombi = new Trombi(array($this, '_get_list'));
-            $trombi->setNbRows(4);
-            $page->assign_by_ref('trombi',$trombi);
-
-            $order = Get::v('order');
-            if ($order != 'promo' && $order != 'last')
-                $order = 'nom';
-            $page->assign('order', $order);
-            $page->assign('inv', Get::v('inv'));
+        $search = false;
+        if ($action == 'search') {
+            $action = $subaction;
+            $subaction = $ssaction;
+            $search = true;
+        }
+        if ($search && trim(Env::v('quick'))) {
+            require_once 'userset.inc.php';
+            $base = 'carnet/contacts/search';
 
+            Platal::load('search', 'classes.inc.php');
+            ThrowError::$throwHook = array($this, 'searchErrorHandler');
+            $view = new SearchSet(true, false, "INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", "c2.uid = $uid");
         } else {
-
-            $order = Get::v('order');
-            $orders = Array(
-                'nom'     => 'sortkey DESC, a.prenom, a.promo',
-                'promo'   => 'promo DESC, sortkey, a.prenom',
-                'last'    => 'a.date DESC, sortkey, a.prenom, promo');
-            if ($order != 'promo' && $order != 'last')
-                $order = 'nom';
-            $page->assign('order', $order);
-            $page->assign('inv', Get::v('inv'));
-            $order = $orders[$order];
-            if (Get::v('inv') == '')
-                $order = str_replace(" DESC,", ",", $order);
-
-            $sql = "SELECT  contact AS id,
-                            a.*, l.alias AS forlife,
-                            1 AS inscrit,
-                            a.perms != 'pending' AS wasinscrit,
-                            a.deces != 0 AS dcd, a.deces, a.matricule_ax,
-                            FIND_IN_SET('femme', a.flags) AS sexe,
-                            e.entreprise, es.label AS secteur, ef.fonction_fr AS fonction,
-                            IF(n.nat='',n.pays,n.nat) AS nat, n.a2 AS iso3166,
-                            ad0.text AS app0text, ad0.url AS app0url, ai0.type AS app0type,
-                            ad1.text AS app1text, ad1.url AS app1url, ai1.type AS app1type,
-                            adr.city, gp.a2, gp.pays AS countrytxt, gr.name AS region,
-                            IF(a.nom_usage<>'',a.nom_usage,a.nom) AS sortkey
-                      FROM  contacts       AS c
-                INNER JOIN  auth_user_md5  AS a   ON (a.user_id = c.contact)
-                INNER JOIN  aliases        AS l   ON (a.user_id = l.id AND l.type='a_vie')
-                 LEFT JOIN  entreprises    AS e   ON (e.entrid = 0 AND e.uid = a.user_id)
-                 LEFT JOIN  emploi_secteur AS es  ON (e.secteur = es.id)
-                 LEFT JOIN  fonctions_def  AS ef  ON (e.fonction = ef.id)
-                 LEFT JOIN  geoloc_pays    AS n   ON (a.nationalite = n.a2)
-                 LEFT JOIN  applis_ins     AS ai0 ON (a.user_id = ai0.uid AND ai0.ordre = 0)
-                 LEFT JOIN  applis_def     AS ad0 ON (ad0.id = ai0.aid)
-                 LEFT JOIN  applis_ins     AS ai1 ON (a.user_id = ai1.uid AND ai1.ordre = 1)
-                 LEFT JOIN  applis_def     AS ad1 ON (ad1.id = ai1.aid)
-                 LEFT JOIN  adresses       AS adr ON (a.user_id = adr.uid
-                                                      AND FIND_IN_SET('active', adr.statut))
-                 LEFT JOIN  geoloc_pays    AS gp  ON (adr.country = gp.a2)
-                 LEFT JOIN  geoloc_region  AS gr  ON (adr.country = gr.a2 AND adr.region = gr.region)
-                     WHERE  c.uid = $uid
-                  ORDER BY  ".$order;
-
-            $page->assign_by_ref('citer', XDB::iterator($sql));
+            $base = 'carnet/contacts';
+            $view = new UserSet("INNER JOIN contacts AS c2 ON (u.user_id = c2.contact)", " c2.uid = $uid ");
+        }
+        $view->addMod('minifiche', 'Mini-fiches', true);
+        $view->addMod('trombi', 'Trombinoscope', false, array('with_admin' => false, 'with_promo' => true));
+        $view->addMod('geoloc', 'Planisphère', false, array('with_annu' => 'carnet/contacts/search'));
+        $view->apply($base, $page, $action, $subaction);
+        if ($action != 'geoloc' || ($search && !$ssaction) || (!$search && !$subaction)) {
+            $page->changeTpl('carnet/mescontacts.tpl');
         }
     }
 
     function handler_pdf(&$page, $arg0 = null, $arg1 = null)
     {
-        require_once 'contacts.pdf.inc.php';
+        $this->load('contacts.pdf.inc.php');
         require_once 'user.func.inc.php';
 
-        session_write_close();
+        Platal::session()->close();
 
         $sql = "SELECT  a.alias
                   FROM  aliases       AS a
@@ -309,7 +333,12 @@ class CarnetModule extends PLModule
 
         while (list($alias) = $citer->next()) {
             $user = get_user_details($alias);
-            $pdf->addContact($user, $arg0 == 'photos' || $arg1 == 'photos');
+            foreach ($user as &$value) {
+                if (is_utf8($value)) {
+                    $value = utf8_decode($value);
+                }
+            }
+            $pdf = ContactsPDF::addContact($pdf, $user, $arg0 == 'photos' || $arg1 == 'photos');
         }
         $pdf->Output();
 
@@ -318,17 +347,25 @@ class CarnetModule extends PLModule
 
     function handler_rss(&$page, $user = null, $hash = null)
     {
-        require_once 'rss.inc.php';
-        require_once 'notifs.inc.php';
-
-        $uid    = init_rss('carnet/rss.tpl', $user, $hash);
-        $notifs = new Notifs($uid, false);
-        $page->assign('notifs', $notifs);
+        $this->load('feed.inc.php');
+        $feed = new CarnetFeed();
+        return $feed->run($page, $user, $hash);
     }
 
-    function handler_ical(&$page)
+    function handler_ical(&$page, $alias = null, $hash = null)
     {
+        $user = Platal::session()->tokenAuth($alias, $hash);
+        if (is_null($user)) {
+            if (S::logged()) {
+                $user == S::user();
+            } else {
+                return PL_FORBIDDEN;
+            }
+        }
+
+        require_once 'ical.inc.php';
         $page->changeTpl('carnet/calendar.tpl', NO_SKIN);
+        $page->register_function('display_ical', 'display_ical');
 
         $res = XDB::iterRow(
                 'SELECT u.prenom,
@@ -337,21 +374,21 @@ class CarnetModule extends PLModule
                         u.naissance,
                         DATE_ADD(u.naissance, INTERVAL 1 DAY) AS end,
                         u.date_ins,
-                        a.alias AS forlife
+                        u.hruid
                    FROM contacts      AS c
              INNER JOIN auth_user_md5 AS u ON (u.user_id = c.contact)
              INNER JOIN aliases       AS a ON (u.user_id = a.id AND a.type = \'a_vie\')
-                  WHERE c.uid = {?}', S::v('uid'));
+                  WHERE c.uid = {?}', $user->id());
 
         $annivs = Array();
-        while (list($prenom, $nom, $promo, $naissance, $end, $ts, $forlife) = $res->next()) {
+        while (list($prenom, $nom, $promo, $naissance, $end, $ts, $hruid) = $res->next()) {
             $naissance = str_replace('-', '', $naissance);
             $end       = str_replace('-', '', $end);
             $annivs[] = array(
                 'timestamp' => strtotime($ts),
                 'date'      => $naissance,
                 'tomorrow'  => $end,
-                'forlife'   => $forlife,
+                'hruid'     => $hruid,
                 'summary'   => 'Anniversaire de '.$prenom
                                 .' '.$nom.' - x '.$promo,
             );
@@ -360,6 +397,17 @@ class CarnetModule extends PLModule
 
         header('Content-Type: text/calendar; charset=utf-8');
     }
+
+    function handler_vcard(&$page, $photos = null)
+    {
+        $res = XDB::query('SELECT contact
+                             FROM contacts
+                            WHERE uid = {?}', S::v('uid'));
+        $vcard = new VCard($photos == 'photos');
+        $vcard->addUsers($res->fetchColumn());
+        $vcard->show();
+    }
 }
 
+// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
 ?>