X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fevents.php;h=36c501ebb4ddb6c8cbe1af6ada4af33c4b95f6d9;hb=d0c3e04d0ef9d627bafcb396b970e28309985d8a;hp=67e6abd2fc3769b6f7ba9307bcf7555bf6d7d721;hpb=eaf30d86cc99df2414cf4f171a9b0f11b0561e3b;p=platal.git
diff --git a/modules/events.php b/modules/events.php
index 67e6abd..36c501e 100644
--- a/modules/events.php
+++ b/modules/events.php
@@ -1,6 +1,6 @@
0,
'titre' => 'Bienvenue sur la nouvelle version du site !',
'text' => 'Le site a été mis à jour depuis ta dernière visite vers la version ' . $globals->version
- . '. Nous t\'invitons à en découvrir les nouveautés en te rendant sur '
- . 'nos forums ou en consultant '
- . 'la liste exhaustive des modifications',
+ . '.
Nous t\'invitons à faire un tour d\'horizon des '
+ . 'nouveautés.
'
+ . 'Tu peux également retrouver ces informations sur '
+ . 'les forums, ou sur la liste exhaustive des modifications.',
'priorite' => 255,
'promo_min' => 0,
'promo_max' => 0,
@@ -58,7 +59,7 @@ class EventsModule extends PLModule
'special' => true);
}
- $exclude = is_null($exclude) ? '' : ' AND id != ' . $exclude . ' ';
+ $exclude = is_null($exclude) ? '' : ' AND id != ' . intval($exclude) . ' ';
$priority = rand(0, 510);
do {
$priority = (int)($priority/2);
@@ -80,57 +81,20 @@ class EventsModule extends PLModule
return $res->fetchOneAssoc();
}
- private function get_events($where, $order, array &$array, $name)
- {
- // affichage des evenements
- // annonces promos triées par présence d'une limite sur les promos
- // puis par dates croissantes d'expiration
- $promo = S::v('promo');
- $uid = S::i('uid');
- $sql = "SELECT e.id,e.titre, ev.user_id IS NULL AS nonlu
- FROM evenements AS e
- LEFT JOIN evenements_vus AS ev ON (e.id = ev.evt_id AND ev.user_id = {?})
- WHERE FIND_IN_SET('valide', e.flags) AND peremption >= NOW()
- AND (e.promo_min = 0 || e.promo_min <= {?})
- AND (e.promo_max = 0 || e.promo_max >= {?})
- AND $where
- ORDER BY $order";
- $sum = XDB::iterator($sql, $uid, $promo, $promo);
- if (!$sum->total()) {
- return false;
- }
- $sql = "SELECT e.id,e.titre,e.texte,e.post_id,a.user_id,a.nom,a.prenom,a.promo,l.alias AS forlife,
- p.x, p.y, p.attach IS NOT NULL AS img
- FROM evenements AS e
- LEFT JOIN evenements_photo AS p ON (e.id = p.eid)
- INNER JOIN auth_user_md5 AS a ON e.user_id=a.user_id
- INNER JOIN aliases AS l ON ( a.user_id=l.id AND l.type='a_vie' )
- LEFT JOIN evenements_vus AS ev ON (e.id = ev.evt_id AND ev.user_id = {?})
- WHERE FIND_IN_SET('valide', e.flags) AND peremption >= NOW()
- AND (e.promo_min = 0 || e.promo_min <= {?})
- AND (e.promo_max = 0 || e.promo_max >= {?})
- AND ev.user_id IS NULL
- AND $where
- ORDER BY $order";
- $evt = XDB::iterator($sql, $uid, $promo, $promo);
- $array[$name] = array('events' => $evt, 'summary' => $sum);
- return true;
- }
-
- private function upload_image(PlatalPage &$page, PlUpload &$upload)
+ private function upload_image(PlPage &$page, PlUpload &$upload)
{
if (@!$_FILES['image']['tmp_name'] && !Env::v('image_url')) {
return true;
}
if (!$upload->upload($_FILES['image']) && !$upload->download(Env::v('image_url'))) {
- $page->trig('Impossible de télécharger l\'image');
+ $page->trigError('Impossible de télécharger l\'image');
return false;
} elseif (!$upload->isType('image')) {
- $page->trig('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG');
+ $page->trigError('Le fichier n\'est pas une image valide au format JPEG, GIF ou PNG.');
$upload->rm();
return false;
} elseif (!$upload->resizeImage(200, 300, 100, 100, 32284)) {
- $page->trig('Impossible de retraiter l\'image');
+ $page->trigError('Impossible de retraiter l\'image');
return false;
}
return true;
@@ -173,14 +137,14 @@ class EventsModule extends PLModule
$page->assign('geoloc_incitation', count($res));
// ajout du lien RSS
- if (S::has('core_rss_hash')) {
+ if (S::rssActivated()) {
$page->setRssLink('Polytechnique.org :: News',
'/rss/'.S::v('forlife') .'/'.S::v('core_rss_hash').'/rss.xml');
}
// cache les evenements lus et raffiche les evenements a relire
if ($action == 'read' && $eid) {
- XDB::execute('DELETE evenements_vus.*
+ XDB::execute('DELETE ev.*
FROM evenements_vus AS ev
INNER JOIN evenements AS e ON e.id = ev.evt_id
WHERE peremption < NOW()');
@@ -197,18 +161,41 @@ class EventsModule extends PLModule
}
$array = array();
- $this->get_events('FIND_IN_SET(\'important\', e.flags)', 'e.creation_date DESC', $array, 'important');
- $this->get_events('e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY)
- AND NOT FIND_IN_SET(\'important\', e.flags)',
- 'e.creation_date DESC', $array, 'news');
- $this->get_events('e.peremption < DATE_ADD(CURDATE(), INTERVAL 2 DAY)
- AND e.creation_date <= DATE_SUB(CURDATE(), INTERVAL 2 DAY)
- AND NOT FIND_IN_SET(\'important\', e.flags)',
- 'e.peremption, e.creation_date DESC', $array, 'end');
- $this->get_events('e.peremption >= DATE_ADD(CURDATE(), INTERVAL 2 DAY)
- AND e.creation_date <= DATE_SUB(CURDATE(), INTERVAL 2 DAY)
- AND NOT FIND_IN_SET(\'important\', e.flags)',
- 'e.peremption, e.creation_date DESC', $array, 'body');
+ $it = XDB::iterator("SELECT e.id,e.titre,e.texte,e.post_id,a.user_id,a.nom,a.prenom,a.promo,l.alias AS forlife,
+ p.x, p.y, p.attach IS NOT NULL AS img, FIND_IN_SET('wiki', e.flags) AS wiki,
+ FIND_IN_SET('important', e.flags) AS important,
+ e.creation_date > DATE_SUB(CURDATE(), INTERVAL 2 DAY) AS news,
+ e.peremption < DATE_ADD(CURDATE(), INTERVAL 2 DAY) AS end,
+ ev.user_id IS NULL AS nonlu
+ FROM evenements AS e
+ LEFT JOIN evenements_photo AS p ON (e.id = p.eid)
+ INNER JOIN auth_user_md5 AS a ON e.user_id=a.user_id
+ INNER JOIN aliases AS l ON ( a.user_id=l.id AND l.type='a_vie' )
+ LEFT JOIN evenements_vus AS ev ON (e.id = ev.evt_id AND ev.user_id = {?})
+ WHERE FIND_IN_SET('valide', e.flags) AND peremption >= NOW()
+ AND (e.promo_min = 0 || e.promo_min <= {?})
+ AND (e.promo_max = 0 || e.promo_max >= {?})
+ ORDER BY important DESC, news DESC, end DESC, e.peremption, e.creation_date DESC",
+ S::i('uid'), S::i('promo'), S::i('promo'));
+ $cats = array('important', 'news', 'end', 'body');
+ $body = $it->next();
+ foreach ($cats as $cat) {
+ $data = array();
+ if (!$body) {
+ continue;
+ }
+ do {
+ if ($cat == 'body' || $body[$cat]) {
+ $data[] = $body;
+ } else {
+ break;
+ }
+ $body = $it->next();
+ } while ($body);
+ if (!empty($data)) {
+ $array[$cat] = $data;
+ }
+ }
$page->assign_by_ref('events', $array);
}
@@ -246,21 +233,9 @@ class EventsModule extends PLModule
function handler_rss(&$page, $user = null, $hash = null)
{
- require_once 'rss.inc.php';
-
- $uid = init_rss('events/rss.tpl', $user, $hash);
-
- $rss = XDB::iterator(
- 'SELECT e.id, e.titre, e.texte, e.creation_date, e.post_id, p.attachmime IS NOT NULL AS photo,
- IF(u2.nom_usage = "", u2.nom, u2.nom_usage) AS nom, u2.prenom, u2.promo
- FROM auth_user_md5 AS u
- INNER JOIN evenements AS e ON ( (e.promo_min = 0 || e.promo_min <= u.promo)
- AND (e.promo_max = 0 || e.promo_max >= u.promo) )
- LEFT JOIN evenements_photo AS p ON (p.eid = e.id)
- INNER JOIN auth_user_md5 AS u2 ON (u2.user_id = e.user_id)
- WHERE u.user_id = {?} AND FIND_IN_SET("valide", e.flags)
- AND peremption >= NOW()', $uid);
- $page->assign('rss', $rss);
+ $this->load('feed.inc.php');
+ $feed = new EventFeed();
+ return $feed->run($page, $user, $hash);
}
function handler_preview(&$page)
@@ -270,14 +245,11 @@ class EventsModule extends PLModule
if (!is_utf8($texte)) {
$texte = utf8_encode($texte);
}
- if (strpos($_SERVER['HTTP_REFERER'], 'admin') === false) {
- $texte = MiniWiki::WikiToHTML($texte);
- }
$titre = Get::v('titre');
if (!is_utf8($titre)) {
$titre = utf8_encode($titre);
}
- $page->assign('texte_html', $texte);
+ $page->assign('texte', $texte);
$page->assign('titre', $titre);
header('Content-Type: text/html; charset=utf-8');
}
@@ -287,8 +259,8 @@ class EventsModule extends PLModule
$page->changeTpl('events/submit.tpl');
$page->addJsLink('ajax.js');
- require_once('wiki.inc.php');
- wiki_require_page('Xorg.Annonce');
+ $wp = new PlWikiPage('Xorg.Annonce');
+ $wp->buildCache();
$titre = Post::v('titre');
$texte = Post::v('texte');
@@ -304,15 +276,12 @@ class EventsModule extends PLModule
($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) ||
($promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020)))
{
- $page->trig("L'intervalle de promotions n'est pas valide");
+ $page->trigError("L'intervalle de promotions n'est pas valide");
$action = null;
}
- $texte_catch_url = MiniWiki::WikiToHTML($texte);
-
$page->assign('titre', $titre);
$page->assign('texte', $texte);
- $page->assign('texte_html', $texte_catch_url);
$page->assign('promo_min', $promo_min);
$page->assign('promo_max', $promo_max);
$page->assign('peremption', $peremption);
@@ -324,9 +293,10 @@ class EventsModule extends PLModule
$upload->rm();
$page->assign('action', false);
} elseif ($action && (!trim($texte) || !trim($titre))) {
- $page->trig("L'article doit avoir un titre et un contenu");
+ $page->trigError("L'article doit avoir un titre et un contenu");
} elseif ($action) {
- $texte = $texte_catch_url;
+ S::assert_xsrf_token();
+
require_once 'validations.inc.php';
$evtreq = new EvtReq($titre, $texte, $promo_min, $promo_max,
$peremption, $valid_mesg, S::v('uid'), $upload);
@@ -346,7 +316,7 @@ class EventsModule extends PLModule
function handler_admin_tips(&$page, $action = 'list', $id = null)
{
- $page->assign('xorg_title', 'Polytechnique.org - Administration - Astuces');
+ $page->setTitle('Administration - Astuces');
$page->assign('title', 'Gestion des Astuces');
$table_editor = new PLTableEditor('admin/tips', 'tips', 'id');
$table_editor->describe('peremption', 'date de péremption', true);
@@ -367,7 +337,7 @@ class EventsModule extends PLModule
{
$page->changeTpl('events/admin.tpl');
$page->addJsLink('ajax.js');
- $page->assign('xorg_title','Polytechnique.org - Administration - Evenements');
+ $page->setTitle('Administration - Evenements');
$page->register_modifier('hde', 'html_entity_decode');
$arch = $action == 'archives';
@@ -380,28 +350,33 @@ class EventsModule extends PLModule
}
if (Post::v('action') == 'Pas d\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
XDB::execute("DELETE FROM evenements_photo WHERE eid = {?}", $eid);
$action = 'edit';
} elseif (Post::v('action') == 'Supprimer l\'image' && $eid) {
+ S::assert_xsrf_token();
$upload->rm();
$action = 'edit';
} elseif (Post::v('action') == "Proposer" && $eid) {
+ S::assert_xsrf_token();
$promo_min = Post::i('promo_min');
$promo_max = Post::i('promo_max');
if (($promo_min != 0 && ($promo_min <= 1900 || $promo_min >= 2020)) ||
($promo_max != 0 && ($promo_max <= 1900 || $promo_max >= 2020 || $promo_max < $promo_min)))
{
- $page->trig("L'intervalle de promotions $promo_min -> $promo_max n'est pas valide");
+ $page->trigError("L'intervalle de promotions $promo_min -> $promo_max n'est pas valide");
$action = 'edit';
} else {
$res = XDB::query('SELECT flags FROM evenements WHERE id = {?}', $eid);
- $flags = new FlagSet($res->fetchOneCell());
+ $flags = new PlFlagSet($res->fetchOneCell());
+ $flags->addFlag('wiki');
if (Post::v('important')) {
$flags->addFlag('important');
} else {
$flags->rmFlag('important');
}
+
XDB::execute('UPDATE evenements
SET creation_date = creation_date,
titre={?}, texte={?}, peremption={?}, promo_min={?}, promo_max={?},
@@ -409,7 +384,7 @@ class EventsModule extends PLModule
WHERE id = {?}',
Post::v('titre'), Post::v('texte'), Post::v('peremption'),
Post::v('promo_min'), Post::v('promo_max'),
- $flags->flags(), $eid);
+ $flags, $eid);
if ($upload->exists() && list($x, $y, $type) = $upload->imageInfo()) {
XDB::execute('REPLACE INTO evenements_photo
SET eid = {?}, attachmime = {?}, x = {?}, y = {?}, attach = {?}',
@@ -428,7 +403,6 @@ class EventsModule extends PLModule
list($titre, $texte, $peremption, $promo_min, $promo_max, $important, $img) = $res->fetchOneRow();
$page->assign('titre',$titre);
$page->assign('texte',$texte);
- $page->assign('texte_html', pl_entity_decode($texte));
$page->assign('promo_min',$promo_min);
$page->assign('promo_max',$promo_max);
$page->assign('peremption',$peremption);
@@ -452,17 +426,20 @@ class EventsModule extends PLModule
} else {
switch ($action) {
case 'delete':
+ S::assert_xsrf_token();
XDB::execute('DELETE from evenements
WHERE id = {?}', $eid);
break;
case "archive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",archive")
WHERE id = {?}', $eid);
break;
case "unarchive":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"archive","")
WHERE id = {?}', $eid);
@@ -471,12 +448,14 @@ class EventsModule extends PLModule
break;
case "valid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = CONCAT(flags,",valide")
WHERE id = {?}', $eid);
break;
case "unvalid":
+ S::assert_xsrf_token();
XDB::execute('UPDATE evenements
SET creation_date = creation_date, flags = REPLACE(flags,"valide", "")
WHERE id = {?}', $eid);
@@ -490,7 +469,8 @@ class EventsModule extends PLModule
e.promo_min, e.promo_max,
FIND_IN_SET('valide', e.flags) AS fvalide,
FIND_IN_SET('archive', e.flags) AS farch,
- u.promo, u.nom, u.prenom, a.alias AS forlife
+ u.promo, u.nom, u.prenom, a.alias AS forlife,
+ FIND_IN_SET('wiki', e.flags) AS wiki
FROM evenements AS e
INNER JOIN auth_user_md5 AS u ON(e.user_id = u.user_id)
INNER JOIN aliases AS a ON (u.user_id = a.id AND a.type='a_vie')