X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fmarketing.php;h=41219afe3aca3dd63519dc59ad5c4a1a27263153;hb=dbbfabe9138005367547465c13e50b98f121bc36;hp=997865ed8087ef90efb2e3f0c19ee4feed72e7ac;hpb=179afa7fa79902e11498314d37fe4dbf452b3617;p=platal.git diff --git a/modules/marketing.php b/modules/marketing.php index 997865e..41219af 100644 --- a/modules/marketing.php +++ b/modules/marketing.php @@ -40,7 +40,7 @@ class MarketingModule extends PLModule { $page->changeTpl('marketing/index.tpl'); - $page->assign('xorg_title','Polytechnique.org - Marketing'); + $page->setTitle('Marketing'); // Quelques statistiques @@ -79,6 +79,7 @@ class MarketingModule extends PLModule function handler_private(&$page, $uid = null, $action = null, $value = null) { + global $globals; $page->changeTpl('marketing/private.tpl'); if (is_null($uid)) { @@ -104,13 +105,14 @@ class MarketingModule extends PLModule } if ($action == 'del') { + S::assert_xsrf_token(); Marketing::clear($uid, $value); } if ($action == 'rel') { $market = Marketing::get($uid, $value); if ($market == null) { - $page->trig("Aucun marketing n'a été effectué vers $value"); + $page->trigWarning("Aucun marketing n'a été effectué vers $value"); } else { $to = $market->user['to']; $title = $market->getTitle(); @@ -127,17 +129,20 @@ class MarketingModule extends PLModule } if ($action == 'relforce') { + S::assert_xsrf_token(); + $market = Marketing::get($uid, Post::v('to')); if (is_null($market)) { $market = new Marketing($uid, Post::v('to'), 'default', null, 'staff'); } $market->send(Post::v('title'), Post::v('message')); - $page->trig("Mail envoyé"); + $page->trigSuccess("Email envoyé"); } if ($action == 'insrel') { + S::assert_xsrf_token(); if (Marketing::relance($uid)) { - $page->trig('relance faite'); + $page->trigSuccess('relance faite'); } } @@ -164,62 +169,63 @@ class MarketingModule extends PLModule function handler_broken(&$page, $uid = null) { - require_once('user.func.inc.php'); $page->changeTpl('marketing/broken.tpl'); if (is_null($uid)) { return PL_NOT_FOUND; } - $forlife = get_user_forlife($uid); - if (!$forlife) { + + $user = User::get($uid); + if (!$user) { return PL_NOT_FOUND; - } elseif ($forlife == S::v('forlife')) { + } elseif ($user->login() == S::user()->login()) { pl_redirect('emails/redirect'); } $res = Xdb::query("SELECT u.nom, u.prenom, u.promo, FIND_IN_SET('femme', u.flags) AS sexe, - u.deces = '0000-00-00' AS alive, a.alias AS forlife, b.alias AS bestalias, - e.email, e.last + u.deces = '0000-00-00' AS alive, u.hruid, a.alias AS forlife, b.alias AS bestalias, + IF(e.email IS NOT NULL, e.email, IF(FIND_IN_SET('googleapps', u.mail_storage), 'googleapps', NULL)) AS email, e.last FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (a.id = u.user_id AND a.type = 'a_vie') INNER JOIN aliases AS b ON (b.id = u.user_id AND FIND_IN_SET('bestalias', b.flags)) LEFT JOIN emails AS e ON (e.flags = 'active' AND e.uid = u.user_id) - WHERE a.alias = {?} - ORDER BY e.panne_level, e.last", $forlife); + WHERE u.hruid = {?} + ORDER BY e.panne_level, e.last", $user->login()); if (!$res->numRows()) { return PL_NOT_FOUND; } - $user = $res->fetchOneAssoc(); - $page->assign('user', $user); + $user_data = $res->fetchOneAssoc(); + $page->assign('user', $user_data); $email = null; + require_once 'emails.inc.php'; if (Post::has('mail')) { - require_once 'emails.inc.php'; $email = valide_email(Post::v('mail')); } if (Post::has('valide') && isvalid_email_redirection($email)) { + S::assert_xsrf_token(); + // security stuff - check_email($email, "Proposition d'une adresse surveillee pour " . $user['forlife'] . " par " . S::v('forlife')); - $res = XDB::query("SELECT state - FROM emails AS e - INNER JOIN aliases AS a ON (a.id = e.uid) - WHERE e.email = {?} AND a.alias = {?}", $email, $user['forlife']); + check_email($email, "Proposition d'une adresse surveillee pour " . $user->login() . " par " . S::user()->login()); + $res = XDB::query("SELECT flags + FROM emails + WHERE email = {?} AND uid = {?}", $email, $user->id()); $state = $res->numRows() ? $res->fetchOneCell() : null; if ($state == 'panne') { - $page->trig("L'adresse que tu as fournie est l'adresse actuelle de {$user['prenom']} et est en panne."); + $page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user_data['prenom']} et est en panne."); } elseif ($state == 'active') { - $page->trig("L'adresse que tu as fournie est l'adresse actuelle de {$user['prenom']}"); - } elseif ($user['email'] && !trim(Post::v('comment'))) { - $page->trig("Il faut que tu ajoutes un commentaire à ta proposition pour justifier le " - ."besoin de changer la redirection de " . $user['prenom']); + $page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user_data['prenom']}"); + } elseif ($user_data['email'] && !trim(Post::v('comment'))) { + $page->trigError("Il faut que tu ajoutes un commentaire à ta proposition pour justifier le " + . "besoin de changer la redirection de " . $user_data['prenom']); } else { require_once 'validations.inc.php'; - $valid = new BrokenReq(S::i('uid'), $user, $email, trim(Post::v('comment'))); + $valid = new BrokenReq(S::i('uid'), $user_data, $email, trim(Post::v('comment'))); $valid->submit(); $page->assign('sent', true); } } elseif ($email) { - $page->trig("L'adresse proposée n'est pas une adresse acceptable pour une redirection"); + $page->trigError("L'adresse proposée n'est pas une adresse acceptable pour une redirection"); } } @@ -260,11 +266,12 @@ class MarketingModule extends PLModule $page->assign('promo', $promo); if (Post::has('valide')) { - require_once('xorg.misc.inc.php'); + S::assert_xsrf_token(); $email = trim(Post::v('mail')); + require_once 'emails.inc.php'; if (!isvalid_email_redirection($email)) { - $page->trig("Email invalide !"); + $page->trigError("Email invalide !"); } else { // On cherche les marketings précédents sur cette adresse // email, en se restreignant au dernier mois