From: Pierre Habouzit (MadCoder Date: Wed, 15 Dec 2004 16:23:33 +0000 (+0000) Subject: htdocs/admin/ refactor X-Git-Tag: xorg/old~649 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=7f72f0b2388592930257907de28be6ff5efe8aac;p=platal.git htdocs/admin/ refactor git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-99 --- diff --git a/htdocs/admin/admin_trombino.php b/htdocs/admin/admin_trombino.php index 52fef85..0ff8f25 100644 --- a/htdocs/admin/admin_trombino.php +++ b/htdocs/admin/admin_trombino.php @@ -22,14 +22,14 @@ require_once("xorg.inc.php"); new_admin_page('admin/admin_trombino.tpl'); -$q = $globals->db->query("SELECT a.alias,promo - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON ( u.user_id = a.id AND type='a_vie' ) - WHERE user_id = '{$_REQUEST['uid']}'"); +$uid = Env::getInt('uid'); +$q = $globals->db->query("SELECT a.alias,promo + FROM auth_user_md5 AS u + INNER JOIN aliases AS a ON ( u.user_id = a.id AND type='a_vie' ) + WHERE user_id = $uid"); list($forlife, $promo) = mysql_fetch_row($q); -if (isset($_REQUEST["action"])) { - switch ($_REQUEST["action"]) { +switch (Env::get('action')) { case "ecole": header("Content-type: image/jpeg"); @@ -38,24 +38,18 @@ if (isset($_REQUEST["action"])) { break; case "valider": - $handle = fopen ($_FILES['userfile']['tmp_name'], "r"); - $data = fread ($handle, filesize ($_FILES['userfile']['tmp_name'])); - fclose ($handle); + $data = file_get_contents($_FILES['userfile']['tmp_name']); list($x, $y) = getimagesize($_FILES['userfile']['tmp_name']); $mimetype = substr($_FILES['userfile']['type'], 6); unlink($_FILES['userfile']['tmp_name']); - $globals->db->query( - "REPLACE INTO photo - SET uid='".$_REQUEST["uid"]."', - attachmime = '".$mimetype."', - attach='".addslashes($data)."', - x='".$x."', y='".$y."'"); + $globals->db->query("REPLACE INTO photo + SET uid=$uid, attachmime = '$mimetype', + attach='".addslashes($data)."', x=$x, y=$y"); break; case "supprimer": - $globals->db->query("DELETE FROM photo WHERE uid = '".$_REQUEST["uid"]."'"); + $globals->db->query("DELETE FROM photo WHERE uid = $uid"); break; - } } $page->assign('forlife', $forlife); diff --git a/htdocs/admin/deces_promo.php b/htdocs/admin/deces_promo.php index 17268cd..c1ec4d2 100644 --- a/htdocs/admin/deces_promo.php +++ b/htdocs/admin/deces_promo.php @@ -22,22 +22,23 @@ require_once("xorg.inc.php"); new_admin_page('admin/deces_promo.tpl'); -$promo = ( isset($_REQUEST["promo"]) ? $_REQUEST["promo"] : 0 ); -if(isset($_REQUEST['sub10'])) $promo -= 10; -if(isset($_REQUEST['sub01'])) $promo --; -if(isset($_REQUEST['add01'])) $promo ++; -if(isset($_REQUEST['add10'])) $promo += 10; +$promo = Env::getInt('promo'); +if (Env::has('sub10')) $promo -= 10; +if (Env::has('sub01')) $promo -= 1; +if (Env::has('add01')) $promo += 1; +if (Env::has('add10')) $promo += 10; $page->assign('promo',$promo); -if (isset($_REQUEST["valider"]) && $_REQUEST["valider"] == "Valider") { +if (Env::get('valider') == "Valider") { $res = $globals->db->query("SELECT user_id,matricule,deces FROM auth_user_md5 WHERE promo = $promo"); while (list($uid,$mat,$deces) = mysql_fetch_row($res)) { - if($_REQUEST[$mat] == $deces) continue; - $globals->db->query("UPDATE auth_user_md5 SET deces='{$_REQUEST[$mat]}' WHERE matricule = '$mat'"); + $val = Env::get($mat); + if($val == $deces) continue; + $globals->db->query("UPDATE auth_user_md5 SET deces='$val' WHERE matricule = '$mat'"); if($deces=='0000-00-00' or empty($deces)) { require_once('notifs.inc.php'); - register_watch_op($uid,WATCH_DEATH,$_REQUEST[$mat]); + register_watch_op($uid, WATCH_DEATH, $val); require_once('user.func.inc.php'); user_clear_all_subs($uid, false); // by default, dead ppl do not loose their email } diff --git a/htdocs/admin/evenements.php b/htdocs/admin/evenements.php index abcebda..e4a2452 100644 --- a/htdocs/admin/evenements.php +++ b/htdocs/admin/evenements.php @@ -22,18 +22,16 @@ require_once("xorg.inc.php"); new_admin_page('admin/evenements.tpl'); -$arch = isset($_REQUEST['arch']) ? $_REQUEST['arch'] : 0; - +$arch = Env::get('arch', 0); +$evid = Post::getInt('evt_id'); $page->assign('arch', $arch); -$action = isset($_POST['action']) ? $_POST['action'] : ""; - -switch($action) { +switch(Post::get('action')) { case "Proposer": $req = "UPDATE evenements - SET titre='{$_POST['titre']}', texte='{$_POST['texte']}', peremption='{$_POST['peremption']}', - promo_min = {$_POST['promo_min']}, promo_max = {$_POST['promo_max']} - WHERE id = {$_POST['evt_id']} + SET titre='".Post::get('titre')."', texte='".Post::get('texte')."', peremption='".Post::get('peremption')."', + promo_min = ".Post::get('promo_min').", promo_max = ".Post::get('promo_max')." + WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; @@ -42,9 +40,9 @@ switch($action) { // le 'creation_date = creation_date' est indispensable pour que // creation_date conserve sa valeur. $req="UPDATE evenements - SET creation_date = creation_date, validation_user_id ='{$_SESSION['uid']}', + SET creation_date = creation_date, validation_user_id = ".Session::getInt('uid').", validation_date = NULL, flags = CONCAT(flags,',valide') - WHERE id ='{$_POST['evt_id']}' + WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; @@ -53,30 +51,30 @@ switch($action) { // le 'creation_date = creation_date' est indispensable pour que // creation_date conserve sa valeur. $req="UPDATE evenements - SET creation_date = creation_date, validation_user_id = ".$_SESSION['uid'].", + SET creation_date = creation_date, validation_user_id = ".Session::getInt('uid').", validation_date = NULL, flags = REPLACE(flags, 'valide','') - WHERE id = ".$_POST['evt_id']." + WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; case "Supprimer": - $req="DELETE from evenements WHERE id = ".$_POST['evt_id']." LIMIT 1"; + $req="DELETE from evenements WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; case "Archiver": - $req="UPDATE evenements SET flags = CONCAT(flags,',archive')WHERE id = ".$_POST['evt_id']." LIMIT 1"; + $req="UPDATE evenements SET flags = CONCAT(flags,',archive') WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; case "Desarchiver": - $req="UPDATE evenements SET flags = REPLACE(flags,'archive','')WHERE id = ".$_POST['evt_id']." LIMIT 1"; + $req="UPDATE evenements SET flags = REPLACE(flags,'archive','') WHERE id = $evid LIMIT 1"; $result = $globals->db->query ($req); break; case "Editer": - $evt_req = $globals->db->query("SELECT titre, texte, peremption, promo_min, promo_max, validation_message FROM evenements WHERE id=".$_POST["evt_id"]); + $evt_req = $globals->db->query("SELECT titre, texte, peremption, promo_min, promo_max, validation_message FROM evenements WHERE id= $evid"); list($titre, $texte, $peremption, $promo_min, $promo_max, $validation_message) = mysql_fetch_row($evt_req) ; $page->assign('mode', 'edit'); $page->assign('titre',$titre); diff --git a/htdocs/admin/homonymes.php b/htdocs/admin/homonymes.php index f612bb9..bc34720 100644 --- a/htdocs/admin/homonymes.php +++ b/htdocs/admin/homonymes.php @@ -23,16 +23,15 @@ require_once("xorg.inc.php"); new_admin_page('admin/homonymes.tpl'); require_once("diogenes.hermes.inc.php"); -$op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'list'; +$op = Env::get('op', 'list'); +$target = Env::getInt('target'); - -$target = isset($_REQUEST['target']) ? $_REQUEST['target'] : 0; if ($target) { $res = $globals->db->query("SELECT prenom,nom,a.alias AS forlife,h.alias AS loginbis FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (a.id=u.user_id AND a.type='a_vie') INNER JOIN aliases AS h ON (h.id=u.user_id AND h.expire!='') - WHERE user_id='$target'"); + WHERE user_id = $target"); if (! list($prenom,$nom,$forlife,$loginbis) = mysql_fetch_row($res)) { $target=0; } else { @@ -61,7 +60,7 @@ if ($target) { $mymail->setSubject("Dans 2 semaines, suppression de $loginbis@polytechnique.org"); $mymail->addTo("$prenom $nom <$forlife@polytechnique.org>"); $mymail->addCc($cc); - $mymail->setTxtBody(stripslashes($_REQUEST['mailbody'])); + $mymail->setTxtBody(stripslashes(Env::get('mailbody'))); $mymail->send(); $op = 'list'; break; @@ -73,7 +72,7 @@ if ($target) { $mymail->setSubject("Mise en place du robot $loginbis@polytechnique.org"); $mymail->addTo("$prenom $nom <$forlife@polytechnique.org>"); $mymail->addCc($cc); - $mymail->setTxtBody(stripslashes($_REQUEST['mailbody'])); + $mymail->setTxtBody(stripslashes(Env::get('mailbody'))); $mymail->send(); $op = 'list'; break; diff --git a/htdocs/admin/lists.php b/htdocs/admin/lists.php index f095b29..4730519 100644 --- a/htdocs/admin/lists.php +++ b/htdocs/admin/lists.php @@ -22,12 +22,9 @@ require_once("xorg.inc.php"); new_admin_page('admin/lists.tpl'); require_once('xml-rpc-client.inc.php'); +require_once('lists.inc.php'); -$res = $globals->db->query("SELECT password FROM auth_user_md5 WHERE user_id={$_SESSION['uid']}"); -list($pass) = mysql_fetch_row($res); -mysql_free_result($res); - -$client = new xmlrpc_client("http://{$_SESSION['uid']}:$pass@localhost:4949/polytechnique.org"); +$client =& lists_xmlrpc(Session::getInt('uid'), Session::get('password')); $listes = $client->get_all_lists(); $page->assign_by_ref('listes',$listes); $page->run(); diff --git a/htdocs/admin/logger.php b/htdocs/admin/logger.php index 3987db5..a44addf 100644 --- a/htdocs/admin/logger.php +++ b/htdocs/admin/logger.php @@ -23,7 +23,9 @@ require_once("xorg.inc.php"); new_admin_page('logger-view.tpl'); require_once('diogenes.logger-view.inc.php'); -if(empty($_REQUEST['logauth'])) $_REQUEST['logauth']='native'; +if (!Env::has('logauth')) { + $_REQUEST['logauth'] = 'native'; +} $logview = new DiogenesLoggerView; $logview->run($page); diff --git a/htdocs/admin/newsletter.php b/htdocs/admin/newsletter.php index cef90f7..dad2f2e 100644 --- a/htdocs/admin/newsletter.php +++ b/htdocs/admin/newsletter.php @@ -23,11 +23,11 @@ require_once("xorg.inc.php"); new_admin_page('admin/newsletter.tpl'); require_once("newsletter.inc.php"); -if(isset($_GET['new'])) { +if(Get::has('new')) { insert_new_nl(); header("Location: newsletter.php"); } -$page->assign_by_ref('nl_list',get_nl_slist()); +$page->assign_by_ref('nl_list', get_nl_slist()); $page->run(); ?> diff --git a/htdocs/admin/newsletter_edit.php b/htdocs/admin/newsletter_edit.php index 8e4bfd4..9ba916f 100644 --- a/htdocs/admin/newsletter_edit.php +++ b/htdocs/admin/newsletter_edit.php @@ -23,36 +23,35 @@ require_once("xorg.inc.php"); new_admin_page('admin/newsletter_edit.tpl', 'newsletter/head.tpl'); require_once("newsletter.inc.php"); -$nid = empty($_GET['nid']) ? 'last' : $_GET['nid']; -$nl = new NewsLetter($nid); -if(isset($_GET['del_aid'])) { - $nl->delArticle($_GET['del_aid']); +$nid = Get::get('nid', 'last'); +$nl = new NewsLetter($nid); + +if(Get::has('del_aid')) { + $nl->delArticle(Get::get('del_aid')); header("Location: ?nid=$nid"); } -if(isset($_POST['update'])) { - $nl->_title = $_POST['title']; - $nl->_date = $_POST['date']; - $nl->_head = $_POST['head']; +if(Post::get('update')) { + $nl->_title = Post::get('title'); + $nl->_date = Post::get('date'); + $nl->_head = Post::get('head'); $nl->save(); } -if(isset($_POST['save'])) { - $eaid = $_GET['edit_aid']; - $art = new NLArticle($_POST['title'], $_POST['body'], $_POST['append'], $eaid, $_POST['cid'], $_POST['pos']); +if(Post::get('save')) { + $art = new NLArticle(Post::get('title'), Post::get('body'), Post::get('append'), + Get::get('edit_aid'), Post::get('cid'), Post::get('pos')); $nl->saveArticle($art); header("Location: ?nid=$nid"); } -if(isset($_GET['edit_aid'])) { - $eaid = $_GET['edit_aid']; - if(isset($_POST['aid'])) { - $art = new NLArticle($_POST['title'], $_POST['body'], $_POST['append'], - $eaid, $_POST['cid'], $_POST['pos']); - } elseif($eaid<0) { - $art = new NLArticle(); +if(Get::has('edit_aid')) { + $eaid = Get::get('edit_aid'); + if(Post::has('aid')) { + $art = new NLArticle(Post::get('title'), Post::get('body'), Post::get('append'), + $eaid, Post::get('cid'), Post::get('pos')); } else { - $art = $nl->getArt($_GET['edit_aid']); + $art = $eaid<0 ? new NLArticle() : $nl->getArt($eaid); } $page->assign('art', $art); } diff --git a/htdocs/admin/postfix_delayed.php b/htdocs/admin/postfix_delayed.php index f7d790f..b39059e 100644 --- a/htdocs/admin/postfix_delayed.php +++ b/htdocs/admin/postfix_delayed.php @@ -23,12 +23,14 @@ require_once('xorg.inc.php'); new_admin_page('admin/postfix_delayed.tpl'); -if (isset($_REQUEST["del"])) { - mysql_query("UPDATE postfix_mailseen SET release = 'del' WHERE crc = '".$_REQUEST["crc"]."'"); - $page->assign('res', $_REQUEST["crc"]." verra tous ses mails supprimés !"); -} else if (isset($_REQUEST["ok"])) { - mysql_query("UPDATE postfix_mailseen SET release = 'ok' WHERE crc = '".$_REQUEST["crc"]."'"); - $page->assign('res', $_REQUEST["crc"]." a le droit de passer !"); +if (Env::has('del')) { + $crc = Env::get('crc'); + mysql_query("UPDATE postfix_mailseen SET release = 'del' WHERE crc = '$crc'"); + $page->assign('res', $crc." verra tous ses mails supprimés !"); +} elseif (Env::has('ok')) { + $crc = Env::get('crc'); + mysql_query("UPDATE postfix_mailseen SET release = 'ok' WHERE crc = '$crc'"); + $page->assign('res', $crc." a le droit de passer !"); } $sql = "SELECT crc, nb, update_time, create_time, diff --git a/htdocs/admin/utilisateurs.php b/htdocs/admin/utilisateurs.php index c76b76e..d198b1f 100644 --- a/htdocs/admin/utilisateurs.php +++ b/htdocs/admin/utilisateurs.php @@ -24,24 +24,24 @@ new_admin_page('admin/utilisateurs.tpl'); require_once("emails.inc.php"); require_once("user.func.inc.php"); -if (isset($_SESSION['suid'])) { +if (Session::has('suid')) { $page->kill("déjà en SUID !!!"); } -if (!empty($_REQUEST['user_id'])) { - $login = get_user_login($_REQUEST['user_id']); -} elseif (isset($_REQUEST['login'])) { - $login = get_user_login($_REQUEST['login']); +if (Env::has('user_id')) { + $login = get_user_login(Env::getInt('user_id')); +} elseif (Env::has('login')) { + $login = get_user_login(Env::get('login')); } else { $login = false; } -if(isset($_REQUEST['logs_button']) && $login) { +if(Env::has('logs_button') && $login) { header("Location: logger.php?loguser=$login&year=".date('Y')."&month=".date('m')); } -if(isset($_REQUEST['suid_button']) and $login and !isset($_SESSION['suid'])) { - $_SESSION['log']->log("suid_start", "login by ".$_SESSION['forlife']); +if(Env::has('suid_button') && $login) { + $_SESSION['log']->log("suid_start", "login by ".Session::get('forlife')); $_SESSION['suid'] = $_SESSION; $r = $globals->db->query("SELECT id FROM aliases WHERE alias='$login'"); if(list($uid) = mysql_fetch_row($r)) { @@ -64,7 +64,7 @@ if ($login) { foreach($_POST as $key => $val) { switch ($key) { case "add_fwd": - $email = trim($_REQUEST['email']); + $email = trim(Env::get('email')); if (!isvalid_email_redirection($email)) { $page->trig("invalid email $email"); } else { @@ -81,40 +81,47 @@ if ($login) { case "del_alias": if (!empty($val)) { - $globals->db->query("DELETE FROM aliases WHERE id='{$_REQUEST['user_id']}' AND alias='$val' + $globals->db->query("DELETE FROM aliases WHERE id='{$mr['user_id']}' AND alias='$val' AND type!='a_vie' AND type!='homonyme'"); - fix_bestalias($_REQUEST['user_id']); + fix_bestalias($nr['user_id']); $page->trig($val." a été supprimé"); } break; case "add_alias": $globals->db->query("INSERT INTO aliases (id,alias,type) - VALUES ('{$_REQUEST['user_id']}','{$_REQUEST['email']}','alias')"); + VALUES ('{$mr['user_id']}','".Env::get('email')."','alias')"); break; case "best": - $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id='{$_REQUEST['user_id']}'"); - $globals->db->query("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id='{$_REQUEST['user_id']}'"); + $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id='{$mr['user_id']}'"); + $globals->db->query("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id='{$mr['user_id']}'"); $globals->db->query("UPDATE aliases SET flags=CONCAT(flags,',','bestalias') - WHERE id='{$_REQUEST['user_id']}' AND alias='$val'"); + WHERE id='{$mr['user_id']}' AND alias='$val'"); break; // Editer un profil case "u_edit": - $pass_md5B = $_REQUEST['newpass_clair'] != "********" ? md5($_REQUEST['newpass_clair']) : $_REQUEST['passw']; + $pass_md5B = Env::get('newpass_clair') != "********" ? md5(Env::get('newpass_clair')) : Env::get('passw'); + $naiss = Env::get('naissanceN'); + $perms = Env::get('permsN'); + $prenm = Env::get('prenomN'); + $nom = Env::get('nomN'); + $promo = Env::getInt('promo'); + $nom = Env::get('nomN'); + $comm = Env::get('commentN'); $query = "UPDATE auth_user_md5 SET - naissance='{$_REQUEST['naissanceN']}', - password='$pass_md5B', - perms='{$_REQUEST['permsN']}', - prenom='{$_REQUEST['prenomN']}', - nom='{$_REQUEST['nomN']}', - promo='{$_REQUEST['promoN']}', - comment='{$_REQUEST['commentN']}' - WHERE user_id='{$_REQUEST['user_id']}'"; + naissance = '$naiss', + password = '$pass_md5B', + perms = '$perms', + prenom = '$prenm', + nom = '$nom', + promo = $promo, + comment = '$comm' + WHERE user_id = '{$mr['user_id']}'"; if ($globals->db->query($query)) { // FIXME: recherche system('echo 1 > /tmp/flag_recherche'); @@ -123,7 +130,7 @@ if ($login) { $mailer = new HermesMailer(); $mailer->setFrom("webmaster@polytechnique.org"); $mailer->addTo("web@polytechnique.org"); - $mailer->setSubject("INTERVENTION ADMIN ({$_SESSION['forlife']})"); + $mailer->setSubject("INTERVENTION ADMIN (".Session::get('forlife']).")"); $mailer->setTxtBody(preg_replace("/[ \t]+/", ' ', $query)); $mailer->send(); @@ -132,20 +139,20 @@ if ($login) { $r = $globals->db->query("SELECT *, a.alias AS forlife FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (u.user_id=a.id) - WHERE user_id = {$_REQUEST['user_id']}"); + WHERE user_id = {$mr['user_id']}"); $mr = mysql_fetch_assoc($r); mysql_free_result($r); break; // DELETE FROM auth_user_md5 case "u_kill": - user_clear_all_subs($_REQUEST['user_id']); - $page->trig("'{$_REQUEST['user_id']}' a été désinscrit !"); + user_clear_all_subs($mr['user_id']); + $page->trig("'{$mr['user_id']}' a été désinscrit !"); require_once("diogenes.hermes.inc.php"); $mailer = new HermesMailer(); $mailer->setFrom("webmaster@polytechnique.org"); $mailer->addTo("web@polytechnique.org"); - $mailer->setSubject("INTERVENTION ADMIN ({$_SESSION['forlife']})"); + $mailer->setSubject("INTERVENTION ADMIN (".Session::get('forlife']).")"); $mailer->setTxtBody("\nUtilisateur $login effacé"); $mailer->send(); break; diff --git a/htdocs/admin/valider.php b/htdocs/admin/valider.php index 490ba8d..f891549 100644 --- a/htdocs/admin/valider.php +++ b/htdocs/admin/valider.php @@ -23,11 +23,11 @@ require_once("xorg.inc.php"); require_once("validations.inc.php"); new_admin_page('admin/valider.tpl'); -if(isset($_REQUEST["uid"]) and isset($_REQUEST["type"]) - and isset($_REQUEST["stamp"])) { - $req = Validate::get_request($_REQUEST["uid"],$_REQUEST['type'],$_REQUEST["stamp"]); - if($req) +if(Env::has('uid') && Env::has('type') && Env::has('stamp')) { + $req = Validate::get_request(Env::get('uid'), Env::get('type'), Env::get('stamp')); + if($req) { $page->assign('mail', $req->handle_formu()); + } } $it = new ValidateIterator ();