* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
***************************************************************************/
-class XnetPage extends PlatalPage
+class XnetPage extends PlPage
{
public $nomenu = false;
// {{{ function XnetPage()
- public function __construct($tpl, $type=SKINNED)
+ public function __construct()
{
- parent::__construct($tpl, $type);
+ parent::__construct();
$this->register_function('list_all_my_groups', 'list_all_my_groups');
$this->register_modifier('cat_pp', 'cat_pp');
$this->assign('it_is_xnet', true);
- if (!S::logged() && Get::has('auth')) {
- XnetSession::doAuthX();
+ global $globals;
+ $this->assign('is_logged', S::logged());
+ if ($globals->asso('id')) {
+ $this->assign('asso', $globals->asso());
+ $this->setType($globals->asso('cat'));
+ $this->assign('is_admin', may_update());
+ $this->assign('is_member', is_member());
}
}
}
// }}}
- // {{{ function changeTpl()
-
- public function changeTpl($tpl, $type = SKINNED)
- {
- global $globals;
- parent::changeTpl($tpl, $type);
- $this->assign('is_logged', S::logged());
- if ($globals->asso('id')) {
- $this->assign('asso', $globals->asso());
- $this->setType($globals->asso('cat'));
- $this->assign('is_admin', may_update());
- $this->assign('is_member', is_member());
- }
- }
-
- // }}}
// {{{ function setType
public function setType($type)
}
if (S::has_perms()) {
$sub['gérer les groupes'] = array('href' => 'admin', 'style' => 'color: gray;');
- $sub['clear cache'] = array('href' => 'purge_cache', 'style' => 'color: gray;');
+ $sub['clear cache'] = array('href' => 'purge_cache?token=' . S::v('xsrf_token'), 'style' => 'color: gray;');
}
$menu['Administrer'] = $sub;
} elseif (S::has_perms()) {
$sub = array();
$sub['gérer les groupes'] = 'admin';
- $sub['clear cache'] = 'purge_cache';
+ $sub['clear cache'] = 'purge_cache?token=' . S::v('xsrf_token');
$menu['Administrer'] = $sub;
}
// Defaut callback to call when a login is not found
function _default_user_callback($login)
{
- global $page;
- $page->trigError("Il n'y a pas d'utilisateur avec l'identifiant : $login");
+ Platal::page()->trigError("Il n'y a pas d'utilisateur avec l'identifiant : $login");
return;
}
function get_user_login($data, $get_forlife = false, $callback = '_default_user_callback')
{
- global $globals, $page;
+ global $globals;
if (is_numeric($data)) {
$res = XDB::query("SELECT alias FROM aliases WHERE type='a_vie' AND id={?}", $data);
default:
if (S::has_perms()) {
$aliases = $res->fetchColumn();
- $page->trigError("Il y a $i utilisateurs avec cette adresse mail : ".join(', ', $aliases));
+ Platal::page()->trigError("Il y a $i utilisateurs avec cette adresse mail : ".join(', ', $aliases));
} else {
$res->free();
}
if (strlen(trim($members)) == 0) {
return null;
}
- $members = explode(' ', $members);
+ $members = split("[; ,\r\n\|]+", $members);
}
if ($members) {
$list = array();
foreach ($members as $i => $alias) {
+ $alias = trim($alias);
+ if (empty($alias)) {
+ continue;
+ }
if (($login = get_user_forlife($alias, $callback)) !== false) {
$list[$i] = $login;
- } else if(!$strict) {
+ } else if (!$strict) {
$list[$i] = $alias;
+ } else {
+ global $globals;
+ if (strpos($alias, '@') !== false) {
+ list($user, $dom) = explode('@', $alias);
+ if ($dom != $globals->mail->domain && $dom != $globals->mail->domain2) {
+ $list[$i] = $alias;
+ }
+ }
}
}
return $list;
}
$sql = "SELECT user_id, nom, prenom, promo
FROM auth_user_md5
- WHERE $where
+ WHERE $where AND perms = 'pending'
ORDER BY promo, nom, prenom";
if ($iterator) {
return XDB::iterator($sql, $nom, $prenom, $promo);
$page->changeTpl('lists/index.tpl');
$page->addJsLink('ajax.js');
- $page->assign('xorg_title','Polytechnique.org - Listes de diffusion');
+ $page->setTitle('Polytechnique.org - Listes de diffusion');
if (Get::has('del')) {
}
// click on validate button 'add_member_sub'
+ require_once('user.func.inc.php');
if (Post::has('add_member_sub') && Post::has('add_member')) {
- require_once('user.func.inc.php');
$forlifes = get_users_forlife_list(Post::v('add_member'), true);
if (!is_null($forlifes)) {
$members = array_merge($members, $forlifes);
}
}
+ if (Post::has('add_member_sub') && isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $forlifes = get_users_forlife_list($upload->getContents(), true);
+ if (!is_null($forlifes)) {
+ $members = array_merge($members, $forlifes);
+ }
+ }
+ }
ksort($owners);
$owners = array_unique($owners);
ksort($members);
$members = array_unique($members);
- $page->assign('owners', join(' ', $owners));
- $page->assign('members', join(' ', $members));
+ $page->assign('owners', join("\n", $owners));
+ $page->assign('members', join("\n", $members));
if (!Post::has('submit')) {
return;
}
}
+ if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
+ $upload =& PlUpload::get($_FILES['add_member_file'], S::v('forlife'), 'list.addmember', true);
+ if (!$upload) {
+ $page->trigError('Une erreur s\'est produite lors du téléchargement du fichier');
+ } else {
+ $members = get_users_forlife_list($upload->getContents(),
+ false,
+ array('ListsModule', 'no_login_callback'));
+ $arr = $this->client->mass_subscribe($liste, $members);
+ if (is_array($arr)) {
+ foreach($arr as $addr) {
+ $page->trigSuccess("{$addr[0]} inscrit.");
+ }
+ }
+ }
+ }
+
if (Env::has('del_member')) {
if (strpos(Env::v('del_member'), '@') === false) {
$this->client->mass_unsubscribe(
function handler_admin_all(&$page) {
$page->changeTpl('lists/admin_all.tpl');
- $page->assign('xorg_title','Polytechnique.org - Administration - Mailing lists');
+ $page->setTitle('Polytechnique.org - Administration - Mailing lists');
$client = new MMList(S::v('uid'), S::v('password'));
$listes = $client->get_all_lists();
function handler_photo_change(&$page)
{
+ global $globals;
$page->changeTpl('profile/trombino.tpl');
require_once('validations.inc.php');
.'/'.S::v('forlife').'.jpg';
if (Env::has('upload')) {
+ S::assert_xsrf_token();
+
$upload = new PlUpload(S::v('forlife'), 'photo');
if (!$upload->upload($_FILES['userfile']) && !$upload->download(Env::v('photo'))) {
$page->trigError('Une erreur est survenue lors du téléchargement du fichier');
}
}
} elseif (Env::has('trombi')) {
+ S::assert_xsrf_token();
+
$upload = new PlUpload(S::v('forlife'), 'photo');
if ($upload->copyFrom($trombi_x)) {
$myphoto = new PhotoReq(S::v('uid'), $upload);
}
}
} elseif (Env::v('suppr')) {
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo
WHERE uid = {?}',
S::v('uid'));
XDB::execute('DELETE FROM requests
WHERE user_id = {?} AND type="photo"',
S::v('uid'));
- update_NbValid();
+ $globals->updateNbValid();
} elseif (Env::v('cancel')) {
+ S::assert_xsrf_token();
+
$sql = XDB::query('DELETE FROM requests
WHERE user_id={?} AND type="photo"',
S::v('uid'));
- update_NbValid();
+ $globals->updateNbValid();
}
$sql = XDB::query('SELECT COUNT(*)
}
if (S::logged()) {
- $_SESSION['log']->log('view_profile', $login);
+ S::logger()->log('view_profile', $login);
}
$title = $user['prenom'] . ' ' . ( empty($user['nom_usage']) ? $user['nom'] : $user['nom_usage'] );
- $page->assign('xorg_title', $title);
+ $page->setTitle($title);
// photo
. " la procédure de récupération de mot de passe si un jour tu le perdais");
}
- $page->assign('xorg_title', 'Polytechnique.org - Mon Profil');
+ $page->setTitle('Polytechnique.org - Mon Profil');
}
function handler_applis_js(&$page)
$page->changeTpl('profile/orange.tpl');
require_once 'validations.inc.php';
- require_once 'xorg.misc.inc.php';
$res = XDB::query(
"SELECT u.promo, u.promo_sortie
if (!Env::has('promo_sortie')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
$promo_sortie = Env::i('promo_sortie');
{
require_once 'wiki.inc.php';
wiki_require_page('Docs.Emploi');
- $page->assign('xorg_title', 'Polytechnique.org - Conseil Pro');
+ $page->setTitle('Polytechnique.org - Conseil Pro');
//recuperation des noms de secteurs
$res = XDB::iterRow("SELECT id, label FROM emploi_secteur");
$page->changeTpl('profile/nomusage.tpl');
require_once 'validations.inc.php';
- require_once 'xorg.misc.inc.php';
$res = XDB::query(
"SELECT u.nom, u.nom_usage, u.flags, e.alias
WHERE user_id={?}", S::v('uid'));
list($nom, $usage_old, $flags, $alias_old) = $res->fetchOneRow();
- $flags = new flagset($flags);
+ $flags = new PlFlagSet($flags);
$page->assign('usage_old', $usage_old);
$page->assign('alias_old', $alias_old);
$page->assign('usage_req', $nom_usage);
if (Env::has('submit') && ($nom_usage != $usage_old)) {
+ S::assert_xsrf_token();
+
// on vient de recevoir une requete, differente de l'ancien nom d'usage
if ($nom_usage == $nom) {
$page->assign('same', true);
function handler_xnet(&$page)
{
$page->changeTpl('profile/groupesx.tpl');
- $page->assign('xorg_title', 'Polytechnique.org - Promo, Groupes X, Binets');
+ $page->setTitle('Polytechnique.org - Promo, Groupes X, Binets');
$req = XDB::query('
SELECT m.asso_id, a.nom, diminutif, a.logo IS NOT NULL AS has_logo,
function handler_admin_trombino(&$page, $uid = null, $action = null) {
$page->changeTpl('profile/admin_trombino.tpl');
- $page->assign('xorg_title','Polytechnique.org - Administration - Trombino');
+ $page->setTitle('Polytechnique.org - Administration - Trombino');
$page->assign('uid', $uid);
$q = XDB::query(
list($forlife, $promo) = $q->fetchOneRow();
switch ($action) {
-
case "original":
header("Content-type: image/jpeg");
readfile("/home/web/trombino/photos".$promo."/".$forlife.".jpg");
break;
case "new":
+ S::assert_xsrf_token();
+
$data = file_get_contents($_FILES['userfile']['tmp_name']);
list($x, $y) = getimagesize($_FILES['userfile']['tmp_name']);
$mimetype = substr($_FILES['userfile']['type'], 6);
break;
case "delete":
+ S::assert_xsrf_token();
+
XDB::execute('DELETE FROM photo WHERE uid = {?}', $uid);
break;
}
$page->assign('forlife', $forlife);
}
function handler_admin_binets(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title','Polytechnique.org - Administration - Binets');
+ $page->setTitle('Polytechnique.org - Administration - Binets');
$page->assign('title', 'Gestion des binets');
$table_editor = new PLTableEditor('admin/binets', 'binets_def', 'id');
$table_editor->add_join_table('binets_ins','binet_id',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_formations(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title','Polytechnique.org - Administration - Formations');
+ $page->setTitle('Polytechnique.org - Administration - Formations');
$page->assign('title', 'Gestion des formations');
$table_editor = new PLTableEditor('admin/formations','applis_def','id');
$table_editor->add_join_table('applis_ins','aid',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_sections(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title','Polytechnique.org - Administration - Sections');
+ $page->setTitle('Polytechnique.org - Administration - Sections');
$page->assign('title', 'Gestion des sections');
$table_editor = new PLTableEditor('admin/sections','sections','id');
$table_editor->describe('text','intitulé',true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_ss_secteurs(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title', 'Polytechnique.org - Administration - Sous-secteurs');
+ $page->setTitle('Polytechnique.org - Administration - Sous-secteurs');
$page->assign('title', 'Gestion des sous-secteurs');
$table_editor = new PLTableEditor('admin/ss_secteurs', 'emploi_ss_secteur', 'id', true);
$table_editor->describe('label', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_fonctions(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title', 'Polytechnique.org - Administration - Fonctions');
+ $page->setTitle('Polytechnique.org - Administration - Fonctions');
$page->assign('title', 'Gestion des fonctions');
$table_editor = new PLTableEditor('admin/fonctions', 'fonctions_def', 'id', true);
$table_editor->describe('fonction_fr', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_secteurs(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title', 'Polytechnique.org - Administration - Secteurs');
+ $page->setTitle('Polytechnique.org - Administration - Secteurs');
$page->assign('title', 'Gestion des secteurs');
$table_editor = new PLTableEditor('admin/secteurs', 'emploi_secteur', 'id', true);
$table_editor->describe('label', 'intitulé', true);
$table_editor->apply($page, $action, $id);
}
function handler_admin_medals(&$page, $action = 'list', $id = null) {
- $page->assign('xorg_title','Polytechnique.org - Administration - Distinctions');
+ $page->setTitle('Polytechnique.org - Administration - Distinctions');
$page->assign('title', 'Gestion des Distinctions');
$table_editor = new PLTableEditor('admin/medals','profile_medals','id');
$table_editor->describe('text', 'intitulé', true);
'%grp/trombi' => $this->make_hook('trombi', AUTH_MDP, 'groupannu'),
'%grp/geoloc' => $this->make_hook('geoloc', AUTH_MDP, 'groupannu'),
'%grp/subscribe' => $this->make_hook('subscribe', AUTH_MDP),
+ '%grp/subscribe/valid' => $this->make_hook('subscribe_valid', AUTH_MDP, 'groupadmin'),
'%grp/unsubscribe' => $this->make_hook('unsubscribe', AUTH_MDP, 'groupmember'),
'%grp/change_rights' => $this->make_hook('change_rights', AUTH_MDP),
AND FIND_IN_SET('public', u.flags)",
$globals->asso('id'));
}
+ if (may_update()) {
+ $subs_valid = XDB::query("SELECT uid
+ FROM groupex.membres_sub_requests
+ WHERE asso_id = {?}",
+ $globals->asso('id'));
+ $page->assign('requests', $subs_valid->numRows());
+ }
if (!S::has('core_rss_hash')) {
$page->setRssLink("Polytechnique.net :: {$globals->asso("nom")} :: News publiques",
if (Post::has('submit')) {
S::assert_xsrf_token();
- $flags = new FlagSet('wiki_desc');
+ $flags = new PlFlagSet('wiki_desc');
if (Post::has('notif_unsub') && Post::i('notif_unsub') == 1) {
$flags->addFlag('notif_unsub');
}
$page->addJsLink('ajax.js');
if (Post::has('send')) {
+ S::assert_xsrf_token();
$from = Post::v('from');
$sujet = Post::v('sujet');
$body = Post::v('body');
$page->assign('ann', $ann);
}
+ private function removeSubscriptionRequest($uid)
+ {
+ global $globals;
+ XDB::execute("DELETE FROM groupex.membres_sub_requests
+ WHERE asso_id = {?} AND uid = {?}",
+ $globals->asso('id'), $uid);
+ }
+
+ private function validSubscription($nom, $prenom, $sexe, $uid, $forlife)
+ {
+ global $globals;
+ $this->removeSubscriptionRequest($uid);
+ XDB::execute("INSERT INTO groupex.membres (asso_id, uid)
+ VALUES ({?}, {?})",
+ $globals->asso('id'), $uid);
+ $mailer = new PlMailer();
+ $mailer->addTo("$forlife@polytechnique.org");
+ $mailer->setFrom('"' . S::v('prenom') . ' ' . S::v('nom')
+ . '" <' . S::v('forlife') . '@polytechnique.org>');
+ $mailer->setSubject('[' . $globals->asso('nom') . '] Demande d\'inscription');
+ $message = ($sexe ? 'Chère' : 'Cher') . " Camarade,\n"
+ . "\n"
+ . " Suite à ta demande d'adhésion à " . $globals->asso('nom') . ",\n"
+ . "j'ai le plaisir de t'annoncer que ton inscription a été validée !\n"
+ . "\n"
+ . "Bien cordialement,\n"
+ . "-- \n"
+ . S::s('prenom') . ' ' . S::s('nom') . '.';
+ $mailer->setTxtBody($message);
+ $mailer->send();
+ }
+
function handler_subscribe(&$page, $u = null)
{
global $globals;
if (!is_null($u) && may_update()) {
$page->assign('u', $u);
- $res = XDB::query("SELECT u.nom, u.prenom, u.promo, u.user_id, FIND_IN_SET('femme', u.flags)
+ $res = XDB::query("SELECT u.nom, u.prenom, u.promo, u.user_id, FIND_IN_SET('femme', u.flags), s.reason
FROM auth_user_md5 AS u
INNER JOIN aliases AS al ON (al.id = u.user_id AND al.type != 'liste')
- WHERE al.alias = {?}", $u);
+ LEFT JOIN groupex.membres_sub_requests AS s ON (u.user_id = s.uid AND s.asso_id = {?})
+ WHERE al.alias = {?}", $globals->asso('id'), $u);
- if (list($nom, $prenom, $promo, $uid, $sexe) = $res->fetchOneRow()) {
+ if (list($nom, $prenom, $promo, $uid, $sexe, $reason) = $res->fetchOneRow()) {
$res = XDB::query("SELECT COUNT(*)
FROM groupex.membres AS m
INNER JOIN aliases AS a ON (m.uid = a.id AND a.type != 'homonyme')
$u, $globals->asso('id'));
$n = $res->fetchOneCell();
if ($n) {
+ $this->removeSubscriptionRequest($uid);
$page->kill("$prenom $nom est déjà membre du groupe !");
return;
- }
- elseif (Env::has('accept'))
- {
- XDB::execute("INSERT INTO groupex.membres (asso_id, uid)
- VALUES ({?}, {?})",
- $globals->asso('id'), $uid);
- $mailer = new PlMailer();
- $mailer->addTo("$u@polytechnique.org");
- $mailer->setFrom('"'.S::v('prenom').' '.S::v('nom')
- .'" <'.S::v('forlife').'@polytechnique.org>');
- $mailer->setSubject('['.$globals->asso('nom').'] Demande d\'inscription');
- $message = ($sexe ? 'Chère' : 'Cher') . " Camarade,\n"
- . "\n"
- . " Suite à ta demande d'adhésion à ".$globals->asso('nom').",\n"
- . "j'ai le plaisir de t'annoncer que ton inscription a été validée !\n"
- . "\n"
- . "Bien cordialement,\n"
- . "-- \n"
- . "{$_SESSION["prenom"]} {$_SESSION["nom"]}.";
- $mailer->setTxtBody($message);
- $mailer->send();
+ } elseif (Env::has('accept')) {
+ S::assert_xsrf_token();
+
+ $this->validSubscription($nom, $prenom, $sexe, $uid, $u);
pl_redirect("member/$u");
- }
- elseif (Env::has('refuse'))
- {
+ } elseif (Env::has('refuse')) {
+ S::assert_xsrf_token();
+
+ $this->removeSubscriptionRequest($uid);
$mailer = new PlMailer();
$mailer->addTo("$u@polytechnique.org");
$mailer->setFrom('"'.S::v('prenom').' '.S::v('nom')
$page->assign('nom', $nom);
$page->assign('promo', $promo);
$page->assign('uid', $uid);
+ $page->assign('reason', $reason);
}
return;
}
return;
}
+ $res = XDB::query("SELECT uid
+ FROM groupex.membres_sub_requests
+ WHERE uid = {?} AND asso_id = {?}",
+ S::i('uid'), $globals->asso('id'));
+ if ($res->numRows() != 0) {
+ $page->kill("Tu as déjà demandé ton inscription à ce groupe. Cette demande est actuellement en attente de validation.");
+ return;
+ }
+
if (Post::has('inscrire')) {
+ S::assert_xsrf_token();
+
+ XDB::execute("INSERT INTO groupex.membres_sub_requests (asso_id, uid, ts, reason)
+ VALUES ({?}, {?}, NOW(), {?})",
+ $globals->asso('id'), S::i('uid'), Post::v('message'));
$res = XDB::query('SELECT IF(m.email IS NULL,
- CONCAT(al.alias,"@polytechnique.org"),
- m.email)
- FROM groupex.membres AS m
- INNER JOIN aliases AS al ON (al.type = "a_vie"
- AND al.id = m.uid)
- WHERE perms="admin" AND m.asso_id = {?}',
- $globals->asso('id'));
+ CONCAT(al.alias,"@polytechnique.org"),
+ m.email)
+ FROM groupex.membres AS m
+ INNER JOIN aliases AS al ON (al.type = "a_vie"
+ AND al.id = m.uid)
+ WHERE perms="admin" AND m.asso_id = {?}',
+ $globals->asso('id'));
$emails = $res->fetchColumn();
$to = implode(',', $emails);
}
}
+ function handler_subscribe_valid(&$page)
+ {
+ global $globals;
+
+ if (Post::has('valid')) {
+ S::assert_xsrf_token();
+ $subs = Post::v('subs');
+ if (is_array($subs)) {
+ $users = array();
+ foreach ($subs as $forlife => $val) {
+ if ($val == '1') {
+ $res = XDB::query("SELECT IF(u.nom_usage != '', u.nom_usage, u.nom) AS u,
+ u.prenom, FIND_IN_SET('femme', u.flags) AS sexe,
+ u.user_id
+ FROM auth_user_md5 AS u
+ INNER JOIN aliases AS a ON (a.id = u.user_id)
+ WHERE a.alias = {?}", $forlife);
+ if ($res->numRows() == 1) {
+ list($nom, $prenom, $sexe, $uid) = $res->fetchOneRow();
+ $this->validSubscription($nom, $prenom, $sexe, $uid, $forlife);
+ }
+ }
+ }
+ }
+ }
+
+ $it = XDB::iterator("SELECT IF(u.nom_usage != '', u.nom_usage, u.nom) AS nom,
+ u.prenom, u.promo, a.alias AS forlife, s.ts AS date
+ FROM groupex.membres_sub_requests AS s
+ INNER JOIN auth_user_md5 AS u ON (s.uid = u.user_id)
+ INNER JOIN aliases AS a ON (a.id = s.uid AND a.type = 'a_vie')
+ WHERE asso_id = {?}
+ ORDER BY nom, prenom",
+ $globals->asso('id'));
+
+ $page->changeTpl('xnetgrp/subscribe-valid.tpl');
+ $page->assign('valid', $it);
+ }
+
function handler_change_rights(&$page)
{
if (Env::has('right') && (may_update() || S::has('suid'))) {
switch (Env::v('right')) {
case 'admin':
- XnetSession::killSuid();
+ Platal::session()->stopSUID();
break;
case 'anim':
- XnetSession::doSelfSuid();
+ Platal::session()->doSelfSuid();
may_update(true);
is_member(true);
break;
case 'member':
- XnetSession::doSelfSuid();
+ Platal::session()->doSelfSuid();
may_update(false, true);
is_member(true);
break;
case 'logged':
- XnetSession::doSelfSuid();
+ Platal::session()->doSelfSuid();
may_update(false, true);
is_member(false, true);
break;
}
}
+// var_dump($_SESSION);
http_redirect($_SERVER['HTTP_REFERER']);
}
if (is_null($email)) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if (strpos($email, '@') === false) {
$page->trigError($email." n'est pas un alias polytechnique.org valide.");
}
} else {
- require_once 'xorg.misc.inc.php';
if (isvalid_email($email)) {
if (Env::v('x') && Env::has('userid') && Env::i('userid')) {
$uid = Env::i('userid');
XDB::execute('INSERT INTO groupex.membres (uid, asso_id, origine, email)
VALUES ({?}, {?}, "X", {?})',
$uid, $globals->asso('id'), $email);
+ $this->removeSubscriptionRequest($uid);
pl_redirect("member/$email");
}
$page->trigError("Utilisateur invalide");
function unsubscribe(&$user)
{
- global $globals, $page;
+ global $globals;
XDB::execute(
"DELETE FROM groupex.membres WHERE uid={?} AND asso_id={?}",
$user['uid'], $globals->asso('id'));
$mmlist->unsubscribe($liste['list']);
}
} elseif ($liste['sub']) {
- $page->trigWarning("{$user['prenom']} {$user['nom']} a une"
- ." demande d'inscription en cours sur la"
- ." liste {$liste['list']}@ !");
+ Platal::page()->trigWarning("{$user['prenom']} {$user['nom']} a une"
+ ." demande d'inscription en cours sur la"
+ ." liste {$liste['list']}@ !");
$warning = true;
}
}
if (!Post::has('confirm')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if ($this->unsubscribe($user)) {
if (!Post::has('confirm')) {
return;
+ } else {
+ S::assert_xsrf_token();
}
if ($this->unsubscribe($user)) {
}
}
- private function changeLogin(PlatalPage &$page, array &$user, MMList &$mmlist, $login)
+ private function changeLogin(PlPage &$page, array &$user, MMList &$mmlist, $login)
{
require_once 'user.func.inc.php';
// Search the uid of the user...
$globals->asso('mail_domain'));
if (Post::has('change')) {
+ S::assert_xsrf_token();
+
// Convert user status to X
if ($user['origine'] == 'ext' && trim(Post::v('login_X'))) {
$forlife = $this->changeLogin($page, $user, $mmlist, trim(Post::v('login_X')));
$page->assign('rss', $rss);
}
- private function upload_image(PlatalPage &$page, PlUpload &$upload)
+ private function upload_image(PlPage &$page, PlUpload &$upload)
{
if (@!$_FILES['image']['tmp_name'] && !Env::v('image_url')) {
return true;
if (Post::v('valid') == 'Visualiser' || Post::v('valid') == 'Enregistrer'
|| Post::v('valid') == 'Supprimer l\'image' || Post::v('valid') == 'Pas d\'image') {
+ S::assert_xsrf_token();
+
if (!is_null($aid)) {
$art['id'] = $aid;
}
if (Post::v('valid') == 'Enregistrer') {
$promo_min = ($art['public'] ? 0 : $art['promo_min']);
$promo_max = ($art['public'] ? 0 : $art['promo_max']);
- $flags = new FlagSet();
+ $flags = new PlFlagSet();
if ($art['public']) {
$flags->addFlag('public');
}
$page->changeTpl('xnetgrp/announce-admin.tpl');
if (Env::has('del')) {
+ S::assert_xsrf_token();
XDB::execute("DELETE FROM groupex.announces
WHERE id = {?} AND asso_id = {?}",
Env::i('del'), $globals->asso('id'));
projects / platal.git / commitdiff