X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnetevents.php;h=6ee5456e72d2ccd45244b200f7d9ee83d1b38357;hb=2925df1bd6cb08c1f29822019fcb82e59f63f8a3;hp=d90b44de9581995f58ee5c81dcd4f10480c4854f;hpb=8bac35d8a8062f623c09853232422107f4c4621b;p=platal.git

diff --git a/modules/xnetevents.php b/modules/xnetevents.php
index d90b44d..6ee5456 100644
--- a/modules/xnetevents.php
+++ b/modules/xnetevents.php
@@ -1,6 +1,6 @@
 <?php
 /***************************************************************************
- *  Copyright (C) 2003-2007 Polytechnique.org                              *
+ *  Copyright (C) 2003-2008 Polytechnique.org                              *
  *  http://opensource.polytechnique.org/                                   *
  *                                                                         *
  *  This program is free software; you can redistribute it and/or modify   *
@@ -58,6 +58,7 @@ class XnetEventsModule extends PLModule
             if (!may_update()) {
                 return PL_FORBIDDEN;
             }
+            S::assert_xsrf_token();
 
             $res = XDB::query("SELECT asso_id, short_name FROM groupex.evenements
                                 WHERE eid = {?} AND asso_id = {?}",
@@ -97,7 +98,7 @@ class XnetEventsModule extends PLModule
             XDB::execute("DELETE FROM requests
                                     WHERE type = 'paiements' AND data LIKE {?}",
                                    PayReq::same_event($eid, $globals->asso('id')));
-            update_NbValid();
+            $globals->updateNbValid();
         }
 
         if ($action == 'archive') {
@@ -127,13 +128,18 @@ class XnetEventsModule extends PLModule
              LEFT JOIN  groupex.evenements_participants AS ep ON (ep.eid = e.eid AND ep.uid = {?})
                  WHERE  asso_id = {?}
                    AND  archive = " . ($archive ? "1 " : "0 ")
-            . (is_member() || may_update() ? "" : " AND accept_nonmembre != 0 ")
               . "GROUP BY  e.eid
                  ORDER BY  inscr_open DESC, debut DESC", S::v('uid'), $globals->asso('id'));
 
         $evts = array();
+        $undisplayed_events = 0;
 
         while ($e = $evenements->next()) {
+            if (!is_member() && !may_update() && !$e['accept_nonmembre']) {
+                $undisplayed_events ++;
+                continue;
+            }
+
             $e['show_participants'] = ($e['show_participants'] && (is_member() || may_update()));
             $res = XDB::query(
                 "SELECT titre, details, montant, ei.item_id, nb, ep.paid
@@ -168,6 +174,7 @@ class XnetEventsModule extends PLModule
         }
 
         $page->assign('evenements', $evts);
+        $page->assign('undisplayed_events', $undisplayed_events);
     }
 
     function handler_sub(&$page, $eid = null)
@@ -196,6 +203,8 @@ class XnetEventsModule extends PLModule
 
         if (!Post::has('submit')) {
             return;
+        } else {
+            S::assert_xsrf_token();
         }
 
         $moments = Post::v('moment',    array());
@@ -210,7 +219,7 @@ class XnetEventsModule extends PLModule
                 if (!isset($pers[$j]) || !is_numeric($pers[$j])
                 ||  $pers[$j] < 0)
                 {
-                    $page->trig('Tu dois choisir un nombre d\'invitÃ©s correct !');
+                    $page->trigError('Tu dois choisir un nombre d\'invitÃ©s correct !');
                     return;
                 }
                 $subs[$j] = 1 + $pers[$j];
@@ -219,11 +228,11 @@ class XnetEventsModule extends PLModule
 
         // impossible to unsubscribe if you already paid sthing
         if (!array_sum($subs) && $evt['paid'] != 0) {
-            $page->trig("Impossible de te dÃ©sinscrire complÃ¨tement ".
-                        "parce que tu as fait un paiement par ".
-                        "chÃ¨que ou par liquide. Contacte un ".
-                        "administrateur du groupe si tu es sÃ»r de ".
-                        "ne pas venir");
+            $page->trigError("Impossible de te dÃ©sinscrire complÃ¨tement ".
+                            "parce que tu as fait un paiement par ".
+                            "chÃ¨que ou par liquide. Contacte un ".
+                            "administrateur du groupe si tu es sÃ»r de ".
+                            "ne pas venir");
             return;
         }
 
@@ -244,7 +253,7 @@ class XnetEventsModule extends PLModule
                 XDB::execute(
                     "DELETE FROM  groupex.evenements_participants
                            WHERE  eid = {?} AND uid = {?} AND item_id = {?}",
-                    $eid, S::v("uid"), $j);		
+                    $eid, S::v("uid"), $j);
                 $updated = $eid;
             }
             $total += $nb;
@@ -284,6 +293,7 @@ class XnetEventsModule extends PLModule
         $page->assign('admin', $admin);
         $page->assign('moments', $evt['moments']);
         $page->assign('money', $evt['money']);
+        $page->assign('telepayment', $evt['paiement_id']);
         $page->assign('tout', !Env::v('item_id', false));
     }
 
@@ -354,8 +364,11 @@ class XnetEventsModule extends PLModule
         $page->assign('moments', $moments);
 
         if (Post::v('intitule')) {
+            S::assert_xsrf_token();
+
             require_once dirname(__FILE__).'/xnetevents/xnetevents.inc.php';
-            $short_name = event_change_shortname($page, $infos['short_name'],
+            $short_name = event_change_shortname($page, $eid,
+                                                 $infos['short_name'],
                                                  Env::v('short_name', ''));
             if ($short_name != Env::v('short_name')) {
                 $error = true;
@@ -517,9 +530,11 @@ class XnetEventsModule extends PLModule
         }
 
         if (may_update() && Post::v('adm')) {
+            S::assert_xsrf_token();
+
             $member = get_infos(Post::v('mail'));
             if (!$member) {
-                $page->trig("Membre introuvable");
+                $page->trigError("Membre introuvable");
             }
 
             // change the price paid by a participant
@@ -546,7 +561,7 @@ class XnetEventsModule extends PLModule
                     $nb = max(intval($nb), 0);
                     XDB::execute("REPLACE INTO groupex.evenements_participants
                                         VALUES ({?}, {?}, {?}, {?}, {?}, {?})",
-                                  $evt['eid'], $member['uid'], $id, $nb, '', $paid);
+                                  $evt['eid'], $member['uid'], $id, $nb, '', $id == 1 ? $paid : 0);
                 }
 
                 $res = XDB::query("SELECT COUNT(uid) AS cnt, SUM(nb) AS nb
@@ -555,14 +570,14 @@ class XnetEventsModule extends PLModule
                                  GROUP BY uid",
                                             $member['uid'], $evt['eid']);
                 $u = $res->fetchOneAssoc();
-                $u = $u['cnt'] ? null : $u['nb'];
+                $u = $u['cnt'] ? $u['nb'] : null;
                 subscribe_lists_event($u, $member['uid'], $evt);
             }
 
             $evt = get_event_detail($eid, $item_id);
         }
 
-        $page->assign('evt', $evt);
+        $page->assign_by_ref('evt', $evt);
         $page->assign('tout', is_null($item_id));
 
         if (count($evt['moments'])) {