X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fevents.php;h=19ca0fde2522db40674b66757e85740402e11e72;hb=6e909db8e8f8a25a0d44e3ff74bcc5f76eb2ea92;hp=b4a36812d7dfed99711979bfe798c210ab24a332;hpb=214d92b0cef6c4298a2769242ebae5c31e27955a;p=platal.git diff --git a/modules/events.php b/modules/events.php index b4a3681..19ca0fd 100644 --- a/modules/events.php +++ b/modules/events.php @@ -59,7 +59,7 @@ class EventsModule extends PLModule 'special' => true); } - $exclude = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' '; + $exclude = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' '; $priority = rand(0, 510); do { $priority = (int)($priority/2); @@ -81,20 +81,20 @@ class EventsModule extends PLModule return $res->fetchOneAssoc(); } - private function upload_image(PlatalPage &$page, PlUpload &$upload) + private function upload_image(PlPage &$page, PlUpload &$upload) { if (@!$_FILES['image']['tmp_name'] && !Env::v('image_url')) { return true; } if (!$upload->upload($_FILES['image']) && !$upload->download(Env::v('image_url'))) { - $page->trig('Impossible de télécharger l\'image'); + $page->trigError('Impossible de télécharger l\'image'); return false; } elseif (!$upload->isType('image')) { - $page->trig('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG.'); + $page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG.'); $upload->rm(); return false; } elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) { - $page->trig('Impossible de retraiter l\'image'); + $page->trigError('Impossible de retraiter l\'image'); return false; } return true; @@ -106,45 +106,41 @@ class EventsModule extends PLModule $page->addJsLink('ajax.js'); $page->assign('tips', $this->get_tips()); - $res = XDB::query('SELECT date, naissance FROM auth_user_md5 - WHERE user_id={?}', S::v('uid')); - list($date, $naissance) = $res->fetchOneRow(); - - // incitation à mettre à jour la fiche - - $d2 = mktime(0, 0, 0, substr($date, 5, 2), substr($date, 8, 2), - substr($date, 0, 4)); - if( (time() - $d2) > 60 * 60 * 24 * 400 ) { - // si fiche date de + de 400j; - $page->assign('fiche_incitation', $date); + // Profile update (appears when profile is > 400d old), and birthday + // oneboxes. + $res = XDB::query( + "SELECT date < DATE_SUB(NOW(), INTERVAL 400 DAY) AS is_profile_old, + MONTH(naissance) = MONTH(NOW()) AND DAYOFMONTH(naissance) = DAYOFMONTH(NOW()) AS is_birthday, + date AS profile_date, YEAR(NOW()) - YEAR(naissance) AS age + FROM auth_user_md5 + WHERE user_id = {?}", S::user()->id()); + list($is_profile_old, $is_birthday, $profile_date, $age) = $res->fetchOneRow(); + + if ($is_profile_old) { + $page->assign('fiche_incitation', $profile_date); } - - // Souhaite bon anniversaire - - if (substr($naissance, 5) == date('m-d')) { - $page->assign('birthday', date('Y') - substr($naissance, 0, 4)); + if ($is_birthday) { + $page->assign('birthday', $age); } - // incitation à mettre une photo - - $res = XDB::query('SELECT COUNT(*) FROM photo - WHERE uid={?}', S::v('uid')); + // No-photo onebox. + $res = XDB::query("SELECT COUNT(*) FROM photo WHERE uid = {?}", S::user()->id()); $page->assign('photo_incitation', $res->fetchOneCell() == 0); - // Incitation à se géolocaliser + // Geo-location onebox. require_once 'geoloc.inc.php'; - $res = localize_addresses(S::v('uid', -1)); + $res = localize_addresses(S::user()->id()); $page->assign('geoloc_incitation', count($res)); - // ajout du lien RSS - if (S::has('core_rss_hash')) { + // Direct link to the RSS feed, when available. + if (S::hasAuthToken()) { $page->setRssLink('Polytechnique.org :: News', - '/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml'); + '/rss/'.S::v('hruid') .'/'.S::v('token').'/rss.xml'); } - // cache les evenements lus et raffiche les evenements a relire + // Hide the read event, and reload the page to get to the next event. if ($action == 'read' && $eid) { - XDB::execute('DELETE evenements_vus.* + XDB::execute('DELETE ev.* FROM evenements_vus AS ev INNER JOIN evenements AS e ON e.id = ev.evt_id WHERE peremption < NOW()'); @@ -153,6 +149,7 @@ class EventsModule extends PLModule pl_redirect('events#'.$pound); } + // Unhide the requested event, and reload the page to display it. if ($action == 'unread' && $eid) { XDB::execute('DELETE FROM evenements_vus WHERE evt_id = {?} AND user_id = {?}', @@ -160,18 +157,19 @@ class EventsModule extends PLModule pl_redirect('events#newsid'.$eid); } + // Fetch the events to display, along with their metadata. $array = array(); - $it = XDB::iterator("SELECT e.id,e.titre,e.texte,e.post_id,a.user_id,a.nom,a.prenom,a.promo,l.alias AS forlife, + $it = XDB::iterator("SELECT e.id, e.titre, e.texte, e.post_id, a.user_id, a.nom, a.prenom, d.promo AS promo_display ,a.hruid, p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki, FIND_IN_SET('important', e.flags) AS important, e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news, e.peremption < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end, ev.user_id IS NULL AS nonlu FROM evenements AS e - LEFT JOIN evenements_photo AS p ON (e.id = p.eid) - INNER JOIN auth_user_md5 AS a ON e.user_id=a.user_id - INNER JOIN aliases AS l ON ( a.user_id=l.id AND l.type='a_vie' ) - LEFT JOIN evenements_vus AS ev ON (e.id = ev.evt_id AND ev.user_id = {?}) + LEFT JOIN evenements_photo AS p ON (e.id = p.eid) + INNER JOIN auth_user_md5 AS a ON (e.user_id = a.user_id) + INNER JOIN profile_display AS d ON (d.pid = a.user_id) + LEFT JOIN evenements_vus AS ev ON (e.id = ev.evt_id AND ev.user_id = {?}) WHERE FIND_IN_SET('valide', e.flags) AND peremption >= NOW() AND (e.promo_min = 0 || e.promo_min <= {?}) AND (e.promo_max = 0 || e.promo_max >= {?}) @@ -218,7 +216,7 @@ class EventsModule extends PLModule exit; } } else { - $upload = new PlUpload(S::v('forlife'), 'event'); + $upload = new PlUpload(S::user()->login(), 'event'); if ($upload->exists() && $upload->isType('image')) { header('Content-Type: ' . $upload->contentType()); echo $upload->getContents(); @@ -233,22 +231,9 @@ class EventsModule extends PLModule function handler_rss(&$page, $user = null, $hash = null) { - require_once 'rss.inc.php'; - - $uid = init_rss('events/rss.tpl', $user, $hash); - - $rss = XDB::iterator( - 'SELECT e.id, e.titre, e.texte, e.creation_date, e.post_id, p.attachmime IS NOT NULL AS photo, - IF(u2.nom_usage = "", u2.nom, u2.nom_usage) AS nom, u2.prenom, u2.promo, - FIND_IN_SET(\'wiki\', e.flags) AS wiki - FROM auth_user_md5 AS u - INNER JOIN evenements AS e ON ( (e.promo_min = 0 || e.promo_min <= u.promo) - AND (e.promo_max = 0 || e.promo_max >= u.promo) ) - LEFT JOIN evenements_photo AS p ON (p.eid = e.id) - INNER JOIN auth_user_md5 AS u2 ON (u2.user_id = e.user_id) - WHERE u.user_id = {?} AND FIND_IN_SET("valide", e.flags) - AND peremption >= NOW()', $uid); - $page->assign('rss', $rss); + $this->load('feed.inc.php'); + $feed = new EventFeed(); + return $feed->run($page, $user, $hash); } function handler_preview(&$page) @@ -272,8 +257,8 @@ class EventsModule extends PLModule $page->changeTpl('events/submit.tpl'); $page->addJsLink('ajax.js'); - require_once('wiki.inc.php'); - wiki_require_page('Xorg.Annonce'); + $wp = new PlWikiPage('Xorg.Annonce'); + $wp->buildCache(); $titre = Post::v('titre'); $texte = Post::v('texte'); @@ -282,14 +267,14 @@ class EventsModule extends PLModule $peremption = Post::i('peremption'); $valid_mesg = Post::v('valid_mesg'); $action = Post::v('action'); - $upload = new PlUpload(S::v('forlife'), 'event'); + $upload = new PlUpload(S::user()->login(), 'event'); $this->upload_image($page, $upload); if (($promo_min > $promo_max && $promo_max != 0)|| ($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) || ($promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020))) { - $page->trig("L'intervalle de promotions n'est pas valide"); + $page->trigError("L'intervalle de promotions n'est pas valide"); $action = null; } @@ -306,11 +291,13 @@ class EventsModule extends PLModule $upload->rm(); $page->assign('action', false); } elseif ($action && (!trim($texte) || !trim($titre))) { - $page->trig("L'article doit avoir un titre et un contenu"); + $page->trigError("L'article doit avoir un titre et un contenu"); } elseif ($action) { + S::assert_xsrf_token(); + require_once 'validations.inc.php'; $evtreq = new EvtReq($titre, $texte, $promo_min, $promo_max, - $peremption, $valid_mesg, S::v('uid'), $upload); + $peremption, $valid_mesg, S::user(), $upload); $evtreq->submit(); $page->assign('ok', true); } elseif (!Env::v('preview')) { @@ -327,7 +314,7 @@ class EventsModule extends PLModule function handler_admin_tips(&$page, $action = 'list', $id = null) { - $page->assign('xorg_title', 'Polytechnique.org - Administration - Astuces'); + $page->setTitle('Administration - Astuces'); $page->assign('title', 'Gestion des Astuces'); $table_editor = new PLTableEditor('admin/tips', 'tips', 'id'); $table_editor->describe('peremption', 'date de péremption', true); @@ -348,36 +335,39 @@ class EventsModule extends PLModule { $page->changeTpl('events/admin.tpl'); $page->addJsLink('ajax.js'); - $page->assign('xorg_title','Polytechnique.org - Administration - Evenements'); + $page->setTitle('Administration - Evenements'); $page->register_modifier('hde', 'html_entity_decode'); $arch = $action == 'archives'; $page->assign('action', $action); - $upload = new PlUpload(S::v('forlife'), 'event'); + $upload = new PlUpload(S::user()->login(), 'event'); if ((Env::has('preview') || Post::v('action') == "Proposer") && $eid) { $action = 'edit'; $this->upload_image($page, $upload); } if (Post::v('action') == 'Pas d\'image' && $eid) { + S::assert_xsrf_token(); $upload->rm(); XDB::execute("DELETE FROM evenements_photo WHERE eid = {?}", $eid); $action = 'edit'; } elseif (Post::v('action') == 'Supprimer l\'image' && $eid) { + S::assert_xsrf_token(); $upload->rm(); $action = 'edit'; } elseif (Post::v('action') == "Proposer" && $eid) { + S::assert_xsrf_token(); $promo_min = Post::i('promo_min'); $promo_max = Post::i('promo_max'); if (($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) || ($promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020 || $promo_max < $promo_min))) { - $page->trig("L'intervalle de promotions $promo_min -> $promo_max n'est pas valide"); + $page->trigError("L'intervalle de promotions $promo_min -> $promo_max n'est pas valide"); $action = 'edit'; } else { $res = XDB::query('SELECT flags FROM evenements WHERE id = {?}', $eid); - $flags = new FlagSet($res->fetchOneCell()); + $flags = new PlFlagSet($res->fetchOneCell()); $flags->addFlag('wiki'); if (Post::v('important')) { $flags->addFlag('important'); @@ -392,7 +382,7 @@ class EventsModule extends PLModule WHERE id = {?}', Post::v('titre'), Post::v('texte'), Post::v('peremption'), Post::v('promo_min'), Post::v('promo_max'), - $flags->flags(), $eid); + $flags, $eid); if ($upload->exists() && list($x, $y, $type) = $upload->imageInfo()) { XDB::execute('REPLACE INTO evenements_photo SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}', @@ -434,17 +424,20 @@ class EventsModule extends PLModule } else { switch ($action) { case 'delete': + S::assert_xsrf_token(); XDB::execute('DELETE from evenements WHERE id = {?}', $eid); break; case "archive": + S::assert_xsrf_token(); XDB::execute('UPDATE evenements SET creation_date = creation_date, flags = CONCAT(flags,",archive") WHERE id = {?}', $eid); break; case "unarchive": + S::assert_xsrf_token(); XDB::execute('UPDATE evenements SET creation_date = creation_date, flags = REPLACE(flags,"archive","") WHERE id = {?}', $eid); @@ -453,12 +446,14 @@ class EventsModule extends PLModule break; case "valid": + S::assert_xsrf_token(); XDB::execute('UPDATE evenements SET creation_date = creation_date, flags = CONCAT(flags,",valide") WHERE id = {?}', $eid); break; case "unvalid": + S::assert_xsrf_token(); XDB::execute('UPDATE evenements SET creation_date = creation_date, flags = REPLACE(flags,"valide", "") WHERE id = {?}', $eid); @@ -472,11 +467,10 @@ class EventsModule extends PLModule e.promo_min, e.promo_max, FIND_IN_SET('valide', e.flags) AS fvalide, FIND_IN_SET('archive', e.flags) AS farch, - u.promo, u.nom, u.prenom, a.alias AS forlife, + u.promo, u.nom, u.prenom, u.hruid, FIND_IN_SET('wiki', e.flags) AS wiki FROM evenements AS e INNER JOIN auth_user_md5 AS u ON(e.user_id = u.user_id) - INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie') WHERE ".($arch ? "" : "!")."FIND_IN_SET('archive',e.flags) ORDER BY FIND_IN_SET('valide',e.flags), e.peremption DESC"; $page->assign('evs', XDB::iterator($sql));