X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fxnetlists.php;h=1c59e10d5487a36f9c9f5c259f40f1e6e1c56b48;hb=6d1747b3dbcf944c995dc2d87e8561c7a66f3aa6;hp=ab86ee6fad54930e0db2345ff295d152d9afd34e;hpb=08fa70684fd1332178cddb6b318151335fb4506c;p=platal.git diff --git a/modules/xnetlists.php b/modules/xnetlists.php index ab86ee6..1c59e10 100644 --- a/modules/xnetlists.php +++ b/modules/xnetlists.php @@ -19,7 +19,7 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once dirname(__FILE__).'/lists.php'; +Platal::load('lists'); class XnetListsModule extends ListsModule { @@ -32,6 +32,7 @@ class XnetListsModule extends ListsModule '%grp/lists/create' => $this->make_hook('create', AUTH_MDP, 'groupmember'), '%grp/lists/members' => $this->make_hook('members', AUTH_COOKIE), + '%grp/lists/csv' => $this->make_hook('csv', AUTH_COOKIE), '%grp/lists/annu' => $this->make_hook('annu', AUTH_COOKIE), '%grp/lists/archives' => $this->make_hook('archives', AUTH_COOKIE), '%grp/lists/archives/rss' => $this->make_hook('rss', AUTH_PUBLIC), @@ -53,14 +54,15 @@ class XnetListsModule extends ListsModule ); } - function prepare_client(&$page) + function prepare_client(&$page, $user = null) { global $globals; + Platal::load('lists', 'lists.inc.php'); - require_once dirname(__FILE__).'/lists/lists.inc.php'; - - $this->client = new MMList(S::v('uid'), S::v('password'), - $globals->asso('mail_domain')); + if (is_null($user)) { + $user =& S::user(); + } + $this->client = new MMList($user, $globals->asso('mail_domain')); $page->assign('asso', $globals->asso()); $page->setType($globals->asso('cat')); @@ -79,15 +81,19 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/index.tpl'); if (Get::has('del')) { + S::assert_xsrf_token(); $this->client->unsubscribe(Get::v('del')); pl_redirect('lists'); } if (Get::has('add')) { + S::assert_xsrf_token(); $this->client->subscribe(Get::v('add')); pl_redirect('lists'); } if (Post::has('del_alias') && may_update()) { + S::assert_xsrf_token(); + $alias = Post::v('del_alias'); // prevent group admin from erasing aliases from other groups $alias = substr($alias, 0, strpos($alias, '@')).'@'.$globals->asso('mail_domain'); @@ -96,7 +102,7 @@ class XnetListsModule extends ListsModule USING x4dat.virtual AS v LEFT JOIN x4dat.virtual_redirect AS r USING(vid) WHERE v.alias={?}', $alias); - $page->trig(Post::v('del_alias')." supprimé !"); + $page->trigSuccess(Post::v('del_alias')." supprimé !"); } $listes = $this->client->get_lists(); @@ -125,17 +131,19 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) { - $page->trig('champs «addresse souhaitée» vide'); + $page->trigError('champs «adresse souhaitée» vide'); return; } $liste = strtolower(Post::v('liste')); if (!preg_match("/^[a-zA-Z0-9\-]*$/", $liste)) { - $page->trig('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); + $page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets'); return; } @@ -143,18 +151,18 @@ class XnetListsModule extends ListsModule $res = XDB::query('SELECT alias FROM x4dat.virtual WHERE alias={?}', $new); if ($res->numRows()) { - $page->trig('cet alias est déjà pris'); + $page->trigError('cet alias est déjà pris'); return; } if (!Post::v('desc')) { - $page->trig('le sujet est vide'); + $page->trigError('le sujet est vide'); return; } $ret = $this->client->create_list( $liste, utf8_decode(Post::v('desc')), Post::v('advertise'), Post::v('modlevel'), Post::v('inslevel'), - array(S::v('forlife')), array(S::v('forlife'))); + array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail())); $dom = strtolower($globals->asso("mail_domain")); $red = $dom.'_'.$liste; @@ -166,7 +174,9 @@ class XnetListsModule extends ListsModule } foreach (array('', 'owner', 'admin', 'bounces', 'unsubscribe') as $app) { $mdir = $app == '' ? '+post' : '+' . $app; - $app = '-' . $app; + if (!empty($app)) { + $app = '-' . $app; + } XDB::execute('INSERT INTO x4dat.virtual (alias,type) VALUES({?},{?})', $liste. $app . '@'.$dom, 'list'); XDB::execute('INSERT INTO x4dat.virtual_redirect (vid,redirect) @@ -187,6 +197,7 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/sync.tpl'); if (Env::has('add')) { + S::assert_xsrf_token(); $this->client->mass_subscribe($liste, array_keys(Env::v('add'))); } @@ -197,25 +208,14 @@ class XnetListsModule extends ListsModule $not_in_group_x = array(); $not_in_group_ext = array(); - $ann = XDB::iterator( - "SELECT if (m.origine='X',if (u.nom_usage<>'', u.nom_usage, u.nom) ,m.nom) AS nom, - if (m.origine='X',u.prenom,m.prenom) AS prenom, - if (m.origine='X',u.promo,'extérieur') AS promo, - if (m.origine='X',CONCAT(a.alias, '@{$globals->mail->domain}'),m.email) AS email, - if (m.origine='X',FIND_IN_SET('femme', u.flags),0) AS femme, - m.perms='admin' AS admin, - m.origine='X' AS x - FROM groupex.membres AS m - LEFT JOIN auth_user_md5 AS u ON ( u.user_id = m.uid ) - LEFT JOIN aliases AS a ON ( a.id = m.uid AND a.type='a_vie' ) - WHERE m.asso_id = {?} - ORDER BY promo, nom, prenom", $globals->asso('id')); - + $ann = XDB::fetchColumn('SELECT uid + FROM groupex.membres + WHERE asso_id = {?}', $globals->asso('id')); + $users = User::getBuildUsersWithUIDs($ann, 'promo,full_name'); $not_in_list = array(); - - while ($tmp = $ann->next()) { - if (!in_array(strtolower($tmp['email']), $subscribers)) { - $not_in_list[] = $tmp; + foreach ($users as $user) { + if (!in_array(strtolower($user->forlifeEmail()), $subscribers)) { + $not_in_list[] = $user; } } @@ -232,41 +232,28 @@ class XnetListsModule extends ListsModule $page->changeTpl('xnetlists/alias-admin.tpl'); if (Env::has('add_member')) { - $add = Env::v('add_member'); - if (strstr($add, '@')) { - list($mbox,$dom) = explode('@', strtolower($add)); - } else { - $mbox = $add; - $dom = 'm4x.org'; + S::assert_xsrf_token(); + + $add = Env::t('add_member'); + $user = User::getSilent($add); + if ($user) { + $add = $user->forlifeEmail(); + } else if (!User::isForeignEmailAddress($add)) { + $add = null; } - if ($dom == 'polytechnique.org' || $dom == 'm4x.org') { - $res = XDB::query( - "SELECT a.alias, b.alias - FROM x4dat.aliases AS a - LEFT JOIN x4dat.aliases AS b ON (a.id=b.id AND b.type = 'a_vie') - WHERE a.alias={?} AND a.type!='homonyme'", $mbox); - if (list($alias, $blias) = $res->fetchOneRow()) { - $alias = empty($blias) ? $alias : $blias; - XDB::query( - "INSERT INTO x4dat.virtual_redirect (vid,redirect) - SELECT vid, {?} - FROM x4dat.virtual - WHERE alias={?}", "$alias@m4x.org", $lfull); - $page->trig("$alias@m4x.org ajouté"); - } else { - $page->trig("$mbox@{$globals->mail->domain} n'existe pas."); - } + if (!empty($add)) { + XDB::execute('INSERT INTO x4dat.virtual_redirect (vid, redirect) + SELECT vid, {?}, + FROM x4dat.virtual + WHERE alias = {?}', strtolower($add), $lfull); + $page->trigSuccess($add . ' ajouté.'); } else { - XDB::query( - "INSERT INTO x4dat.virtual_redirect (vid,redirect) - SELECT vid,{?} - FROM x4dat.virtual - WHERE alias={?}", "$mbox@$dom", $lfull); - $page->trig("$mbox@$dom ajouté"); + $page->trigError($add . ' n\'existe pas.'); } } if (Env::has('del_member')) { + S::assert_xsrf_token(); XDB::query( "DELETE FROM x4dat.virtual_redirect USING x4dat.virtual_redirect @@ -276,23 +263,21 @@ class XnetListsModule extends ListsModule } global $globals; - $res = XDB::iterator("SELECT IF(r.login IS NULL, m.nom, IF(u.nom_usage != '', u.nom_usage, u.nom)) AS nom, - IF(r.login IS NULL, m.prenom, u.prenom) AS prenom, - IF(r.login IS NULL, 'extérieur', u.promo) AS promo, - m.perms = 'admin' AS admin, r.redirect, r.login AS alias - FROM (SELECT redirect AS redirect, - IF(SUBSTRING_INDEX(redirect, '@', -1) IN ({?}, {?}), - SUBSTRING_INDEX(redirect, '@', 1), NULL) AS login - FROM x4dat.virtual_redirect AS vr - INNER JOIN x4dat.virtual AS v USING(vid) - WHERE v.alias = {?} - ORDER BY redirect) AS r - LEFT JOIN aliases AS a ON (r.login IS NOT NULL AND r.login = a.alias) - LEFT JOIN auth_user_md5 AS u ON (u.user_id = a.id) - LEFT JOIN groupex.membres AS m ON (m.asso_id = {?} AND IF(r.login IS NULL, m.email = r.redirect, m.uid = u.user_id))", - $globals->mail->domain, $globals->mail->domain2, - $lfull, $globals->asso('id')); - $page->assign('mem', $res); + $emails = XDB::fetchColumn('SELECT redirect + FROM virtual_redirect AS vr + INNER JOIN virtual AS v USING(vid) + WHERE v.alias = {?} + ORDER BY redirect', $lfull); + $mem = array(); + foreach ($emails as $email) { + $user = User::getSilent($email); + if ($user) { + $mem[] = array('user' => $user, 'email' => $email); + } else { + $mem[] = array('email' => $email); + } + } + $page->assign('mem', $mem); } function handler_acreate(&$page) @@ -306,16 +291,18 @@ class XnetListsModule extends ListsModule if (!Post::has('submit')) { return; + } else { + S::assert_xsrf_token(); } if (!Post::has('liste')) { - $page->trig('champs «addresse souhaitée» vide'); + $page->trigError('champs «adresse souhaitée» vide'); return; } $liste = Post::v('liste'); if (!preg_match("/^[a-zA-Z0-9\-\.]*$/", $liste)) { - $page->trig('le nom de l\'alias ne doit contenir que des lettres,' - .' chiffres, tirets et points'); + $page->trigError('le nom de l\'alias ne doit contenir que des lettres,' + .' chiffres, tirets et points'); return; } @@ -323,7 +310,7 @@ class XnetListsModule extends ListsModule $res = XDB::query('SELECT COUNT(*) FROM x4dat.virtual WHERE alias={?}', $new); $n = $res->fetchOneCell(); if ($n) { - $page->trig('cet alias est déjà pris'); + $page->trigError('cet alias est déjà pris'); return; }