From 90a563aa082db42ad1c384261723d762e717c8fb Mon Sep 17 00:00:00 2001 From: "Pierre Habouzit (MadCoder" Date: Sun, 26 Dec 2004 14:13:09 +0000 Subject: [PATCH] refactor git-archimport-id: opensource@polytechnique.org--2005/platal--mainline--0.9--patch-137 --- htdocs/confbanana.php | 36 ++++++++++++++++-------------------- htdocs/emails.php | 19 +++++++++++-------- htdocs/emails/broken.php | 4 ++-- htdocs/evenements.php | 42 +++++++++++++----------------------------- htdocs/fiche_referent.php | 4 ++-- htdocs/getphoto.php | 38 ++++++++++---------------------------- htdocs/motdepassemd5.php | 3 ++- htdocs/profil.php | 40 +++++++++++++++++++++------------------- htdocs/recovery.php | 30 +++++++++++++++--------------- 9 files changed, 92 insertions(+), 124 deletions(-) diff --git a/htdocs/confbanana.php b/htdocs/confbanana.php index 2cf5d9a..cb0dc1e 100644 --- a/htdocs/confbanana.php +++ b/htdocs/confbanana.php @@ -22,35 +22,31 @@ require_once("xorg.inc.php"); new_skinned_page('confbanana.tpl', AUTH_MDP); -if (!(isset($_POST["action"]) && isset($_POST["banananame"]) && - isset($_POST["bananasig"]) && isset($_POST["bananadisplay"]) && - isset($_POST["bananamail"]) && isset($_POST["bananaupdate"]) - && $_POST["action"]=="OK" )) +if (!(Post::has('action') && Post::has('banananame') && Post::has('bananasig') && Post::has('bananadisplay') + && Post::has('bananamail') && Post::has('bananaupdate') && Post::get('action')=="OK" )) { - $req = $globals->db->query(" SELECT nom,mail,sig,if(FIND_IN_SET('threads',flags),'1','0'), IF(FIND_IN_SET('automaj',flags),'1','0') FROM forums.profils - WHERE uid='{$_SESSION['uid']}'"); - if (!(list($nom,$mail,$sig,$disp,$maj)=mysql_fetch_row($req))) { - $nom = $_SESSION["prenom"]." ".$_SESSION["nom"]; - $mail = $_SESSION["forlife"]."@polytechnique.org"; - $sig = $nom." ({$_SESSION['promo']})"; - $disp=0; - $maj=0; + WHERE uid=".Session::getInt('uid')); + if (!(list($nom,$mail,$sig,$disp,$maj) = mysql_fetch_row($req))) { + $nom = Session::get('prenom').' '.Session::get('nom'); + $mail = Session::get('forlife').'@'.$globals->mail->domain; + $sig = $nom.' ('.Session::getInt('promo').')'; + $disp = 0; + $maj = 0; } - $page->assign('nom', $nom); + $page->assign('nom' , $nom); $page->assign('mail', $mail); - $page->assign('sig', $sig); + $page->assign('sig' , $sig); $page->assign('disp', $disp); - $page->assign('maj', $maj); + $page->assign('maj' , $maj); } else { - mysql_query("REPLACE INTO forums.profils (uid,sig,mail,nom,flags) - VALUES ('{$_SESSION['uid']}','{$_POST['bananasig']}', - '{$_POST['bananamail']}','{$_POST['banananame']}', - '".($_POST['bananadisplay']?"threads":"")."," - .($_POST['bananaupdate']?"automaj":"")."')"); + mysql_query("REPLACE INTO forums.profils (uid,sig,mail,nom,flags) + VALUES (".Session::getInt('uid').", '".Post::get('bananasig')."', '".Post::get('bananamail')."', + '".Post::get('banananame')."', '".(Post::getBool('bananadisplay') ? 'threads' : ''). + ",".(Post::getBool('bananaupdate') ? 'automaj' : '')."')"); } $page->run(); diff --git a/htdocs/emails.php b/htdocs/emails.php index 4fb953e..361f169 100644 --- a/htdocs/emails.php +++ b/htdocs/emails.php @@ -22,33 +22,36 @@ require_once("xorg.inc.php"); new_skinned_page('emails.tpl',AUTH_COOKIE); -if(isset($_POST['best'])) { - $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id='{$_SESSION["uid"]}'"); - $globals->db->query("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id='{$_SESSION["uid"]}'"); +$uid = Session::getInt('uid'); + +if (Post::has('best')) { + $globals->db->query("UPDATE aliases SET flags='' WHERE flags='bestalias' AND id=$uid"); + $globals->db->query("UPDATE aliases SET flags='epouse' WHERE flags='epouse,bestalias' AND id=$uid"); $globals->db->query("UPDATE aliases SET flags=CONCAT(flags,',','bestalias') - WHERE id='{$_SESSION["uid"]}' AND alias='{$_POST['best']}'"); + WHERE id=$uid AND alias='".Post::get('best')."'"); } // on regarde si on a affaire à un homonyme $sql = "SELECT alias, (type='a_vie') AS a_vie, FIND_IN_SET('bestalias',flags) AS best, expire FROM aliases - WHERE id='{$_SESSION['uid']}' AND type!='homonyme' + WHERE id=$uid AND type!='homonyme' ORDER BY LENGTH(alias)"; $page->mysql_assign($sql, 'aliases'); $sql = "SELECT email FROM emails - WHERE uid = {$_SESSION["uid"]} AND FIND_IN_SET('active', flags)"; + WHERE uid = $uid AND FIND_IN_SET('active', flags)"; $page->mysql_assign($sql, 'mails', 'nb_mails'); // on regarde si l'utilisateur a un alias et si oui on l'affiche ! +$forlife = Session::get('forlife'); $sql = "SELECT alias FROM virtual AS v INNER JOIN virtual_redirect AS vr USING(vid) - WHERE ( redirect='{$_SESSION['forlife']}@{$globals->mail->domain}' - OR redirect='{$_SESSION['forlife']}@{$globals->mail->domain2}' ) + WHERE ( redirect='$forlife@{$globals->mail->domain}' + OR redirect='$forlife@{$globals->mail->domain2}' ) AND alias LIKE '%@{$globals->mail->alias_dom}'"; $result = $globals->db->query($sql); if ($result && list($aliases) = mysql_fetch_row($result)) { diff --git a/htdocs/emails/broken.php b/htdocs/emails/broken.php index fc14d9d..b3bcce5 100644 --- a/htdocs/emails/broken.php +++ b/htdocs/emails/broken.php @@ -38,7 +38,7 @@ if (Get::has('email') && Get::has('action')) { $message = "Bonjour ! Ce mail a été généré automatiquement par le service de patte cassée de -Polytechnique.org car un autre utilisateur, {$_SESSION['prenom']} {$_SESSION['nom']}, +Polytechnique.org car un autre utilisateur, ".Session::get('prenom').' '.Session::get('nom').", nous a signalé qu'en t'envoyant un mail, il avait reçu un message d'erreur indiquant que ton adresse de redirection $email ne fonctionnait plus ! @@ -76,7 +76,7 @@ L' if ($x = mysql_fetch_assoc($sel)) { // on écrit dans la base que l'adresse est cassée if (!$x['panne']) { - $globals->db->query("UPDATE emails SET panne='".date("Y-m-d")."' WHERE email = '".$email."'"); + $globals->db->query("UPDATE emails SET panne='".date('Y-m-d')."' WHERE email = '$email'"); } $page->assign_by_ref('x', $x); } diff --git a/htdocs/evenements.php b/htdocs/evenements.php index 3d60b4a..381fb66 100644 --- a/htdocs/evenements.php +++ b/htdocs/evenements.php @@ -22,25 +22,13 @@ require_once("xorg.inc.php"); new_skinned_page('evenements.tpl', AUTH_MDP); -if (isset($_POST['titre'])) {$titre = stripslashes($_POST['titre']);} -else {$titre = "";} - -if (isset($_POST['texte'])) {$texte = stripslashes($_POST['texte']);} -else {$texte = "";} - -if (isset($_POST['promo_min'])) {$promo_min = $_POST['promo_min'];} -else {$promo_min = 0;} - -if (isset($_POST['promo_max'])) {$promo_max = $_POST['promo_max'];} -else {$promo_max = 0;} - -if (isset($_POST['peremption'])) {$peremption = $_POST['peremption'];} -else {$peremption = 0;} - -if (isset($_POST['validation_message'])) {$validation_message = stripslashes($_POST['validation_message']);} -else {$validation_message = "";} - -if (isset($_POST['action'])) { $action = $_POST['action']; } else $action = "" ; +$titre = stripslashes(Post::get('titre')); +$texte = stripslashes(Post::get('texte')); +$promo_min = Post::getInt('promo_min'); +$promo_max = Post::getInt('promo_max'); +$peremption = Post::getInt('peremption'); +$validation_message = Post::get('validation_message'); +$action = Post::get('action'); $page->assign('titre', $titre); $page->assign('texte', $texte); @@ -51,19 +39,15 @@ $page->assign('validation_message', $validation_message); $page->assign('action', strtolower($action)); if ($action=="Confirmer") { - $sql = "INSERT INTO evenements set user_id = {$_SESSION['uid']}" - .", creation_date = NULL" - .", titre = '".addslashes($titre)."'" - .", texte = '".addslashes($texte)."'" - .", peremption = '".$peremption."'" - .", promo_min = '$promo_min', promo_max = '$promo_max'" - .", validation_message = '".addslashes($validation_message)."'" - .", validation_date = 0"; + $sql = "INSERT INTO evenements + SET user_id = ".Session::getInt('uid').", creation_date = NULL, titre = '".addslashes($titre)."', + texte = '".addslashes($texte)."', peremption = '".$peremption."', promo_min = '$promo_min', + promo_max = '$promo_max', validation_message = '".addslashes($validation_message)."', validation_date = 0"; if ($res = $globals->db->query($sql)) { require_once("validations.inc.php"); - $evtreq = new evtreq(mysql_insert_id(),$titre,$texte,$promo_min, - $promo_max,$peremption,$validation_message,$_SESSION['uid']); + $evtreq = new evtreq(mysql_insert_id(), $titre, $texte, $promo_min, + $promo_max, $peremption, $validation_message, Session::getInt('uid')); $evtreq->submit(); $page->assign('ok', true); } diff --git a/htdocs/fiche_referent.php b/htdocs/fiche_referent.php index 3003171..04f3c4c 100644 --- a/htdocs/fiche_referent.php +++ b/htdocs/fiche_referent.php @@ -23,14 +23,14 @@ require_once("xorg.inc.php"); new_simple_page('fiche_referent.tpl',AUTH_COOKIE); -if (!isset($_REQUEST['user'])) { +if (!Env::has('user')) { exit; } $reqsql = "SELECT prenom, nom, user_id, promo, cv, a.alias AS bestalias FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (u.user_id=a.id AND FIND_IN_SET('bestalias',a.flags)) - INNER JOIN aliases AS a1 ON (u.user_id=a1.id AND a1.alias = '{$_REQUEST['user']}' AND a1.type!='homonyme')"; + INNER JOIN aliases AS a1 ON (u.user_id=a1.id AND a1.alias = '".Env::get('user')."' AND a1.type!='homonyme')"; $result = $globals->db->query($reqsql); if (mysql_num_rows($result)!=1) { exit; diff --git a/htdocs/getphoto.php b/htdocs/getphoto.php index 8ab5116..9e37c8c 100644 --- a/htdocs/getphoto.php +++ b/htdocs/getphoto.php @@ -23,38 +23,20 @@ require_once('xorg.inc.php'); new_skinned_page('login.tpl', AUTH_COOKIE); -//require_once("db_connect.inc.php"); -//require_once("controlpermanent.inc.php"); -//require_once("appel.inc.php"); -//require_once("validations.inc.php"); - -// getdata.php3 - by Florian Dittmer -// Example php script to demonstrate the direct passing of binary data -// to the user. More infos at http://www.phpbuilder.com -// Syntax: getdata.php3?id= - -function url($url) { - $chemins = Array('.', '..', '/'); - foreach ($chemins as $ch) - if (file_exists("$ch/login.php") || file_exists("$ch/public/login.php")) - return "$ch/$url"; - return ""; -} - -if(isset($_REQUEST['x'])) { - if(isset($_REQUEST['req']) && $_REQUEST['req']="true") { - include 'validations.inc.php'; - $myphoto = PhotoReq::get_unique_request($_REQUEST['x']); - Header("Content-type: image/".$myphoto->mimetype); +if (Env::has('x')) { + if (Env::get('req') == "true") { + include 'validations.inc.php'; + $myphoto = PhotoReq::get_unique_request(Env::get('x')); + Header('Content-type: image/'.$myphoto->mimetype); echo $myphoto->data; } else { - if(preg_match('/^\d*$/',$_REQUEST['x'])) { - $result = $globals->db->query("SELECT attachmime, attach FROM photo WHERE uid = '{$_REQUEST['x']}'"); + if(preg_match('/^\d*$/', Env::get('x'))) { + $result = $globals->db->query('SELECT attachmime, attach FROM photo WHERE uid = '.Env::getInt('x')); } else { $sql = "SELECT attachmime, attach FROM photo AS p INNER JOIN aliases AS a ON p.uid=a.id - WHERE alias='{$_REQUEST['x']}'"; + WHERE alias='".Env::get('x')."'"; $result = $globals->db->query($sql); } @@ -62,8 +44,8 @@ if(isset($_REQUEST['x'])) { Header( "Content-type: image/$type"); echo $data; } else { - Header( "Content-type: image/png"); - echo file_get_contents(dirname(__FILE__)."/images/none.png"); + Header( 'Content-type: image/png'); + echo file_get_contents(dirname(__FILE__).'/images/none.png'); } } } diff --git a/htdocs/motdepassemd5.php b/htdocs/motdepassemd5.php index 588d115..fe28399 100644 --- a/htdocs/motdepassemd5.php +++ b/htdocs/motdepassemd5.php @@ -25,8 +25,9 @@ if (Env::has('response2')) { // la variable $response existe-t-elle // OUI, alors changeons le mot de passe $password = Post::get('response2'); $sql = "UPDATE auth_user_md5 SET password='$password' WHERE user_id=".Session::getInt('uid'); + $log =& Session::getMixed('log'); $globals->db->query($sql); - $_SESSION['log']->log('passwd', ''); + $log->log('passwd', ''); new_skinned_page('motdepassemd5.success.tpl', AUTH_MDP); $page->run(); } diff --git a/htdocs/profil.php b/htdocs/profil.php index 4a7be40..0751c31 100644 --- a/htdocs/profil.php +++ b/htdocs/profil.php @@ -28,9 +28,11 @@ require_once('profil.func.inc.php'); //on met a jour $opened_tab et $new_tab qui sont le tab du POST et le tab demande // Tout d'abord, quel est le tab actuel ? // si on vient d'un POST, old_tab etait le tab courant -if(isset($_REQUEST['old_tab']) && isset($tabname_array[$_REQUEST['old_tab']])) // on verifie que la valeur postee existe bien - $opened_tab = $_REQUEST['old_tab']; -$new_tab = isset($_REQUEST['suivant']) ? get_next_tab($opened_tab) : $opened_tab; +if (Env::has('old_tab') && isset($tabname_array[Env::get('old_tab')])) { + // on verifie que la valeur postee existe bien + $opened_tab = Env::get('old_tab'); +} +$new_tab = Env::has('suivant') ? get_next_tab($opened_tab) : $opened_tab; // pour tous les tabs, on recupere les bits car on a besoin de tous les bits pour en mettre a jour un, la date d naissance pour verifier // quelle est bien rentree et la date. @@ -38,24 +40,23 @@ $sql = "SELECT FIND_IN_SET('mobile_public', bits), FIND_IN_SET('mobile_ax', bit FIND_IN_SET('web_public', bits), FIND_IN_SET('libre_public', bits), naissance, DATE_FORMAT(date,'%d.%m.%Y') FROM auth_user_md5 - WHERE user_id=".$_SESSION['uid']; + WHERE user_id=".Session::getInt('uid'); $result = $globals->db->query($sql); list($mobile_public, $mobile_ax,$web_public, $libre_public, $naissance, $date_modif_profil) = mysql_fetch_row($result); // lorsqu'on n'a pas la date de naissance en base de données if (!$naissance) { // la date de naissance n'existait pas et vient d'être soumise dans la variable - // $_REQUEST['birth'] - if (isset($_REQUEST['birth'])) { + if (Env::has('birth')) { //en cas d'erreur : - if (!ereg("[0-3][0-9][0-1][0-9][1][9]([0-9]{2})", $_REQUEST['birth'])) { - $page->assign('etat_naissance','query'); - $page->trig_run("Date de naissance incorrecte ou incohérente."); + if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) { + $page->assign('etat_naissance', 'query'); + $page->trig_run('Date de naissance incorrecte ou incohérente.'); } //sinon - $birth = sprintf("%s-%s-%s", substr($_REQUEST["birth"],4,4), substr($_REQUEST["birth"],2,2), substr($_REQUEST["birth"],0,2)); - $globals->db->query("UPDATE auth_user_md5 SET naissance='$birth' WHERE user_id=".$_SESSION['uid']); + $birth = sprintf("%s-%s-%s", substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2)); + $globals->db->query("UPDATE auth_user_md5 SET naissance='$birth' WHERE user_id=".Session::getInt('uid')); $page->assign('etat_naissance','ok'); $page->run(); } else { @@ -65,7 +66,7 @@ if (!$naissance) { } //doit-on faire un update ? -if (isset($_REQUEST['modifier']) || isset($_REQUEST['suivant'])) { +if (Env::has('modifier') || Env::has('suivant')) { require_once("profil/get_{$opened_tab}.inc.php"); require_once("profil/verif_{$opened_tab}.inc.php"); @@ -83,7 +84,7 @@ if (isset($_REQUEST['modifier']) || isset($_REQUEST['suivant'])) { /* on sauvegarde les changements dans user_changes : * on a juste besoin d'insérer le user_id de la personne dans la table */ - $globals->db->query("replace into user_changes set user_id='{$_SESSION['uid']}'"); + $globals->db->query('REPLACE INTO user_changes SET user_id='.Session::getInt('uid')); //Mise a jour des bits // bits : set('mobile_public','mobile_ax','web_public','libre_public') @@ -93,19 +94,20 @@ if (isset($_REQUEST['modifier']) || isset($_REQUEST['suivant'])) { if ($web_public) $bits_reply .= 'web_public,'; if ($libre_public) $bits_reply .= 'libre_public,'; if (!empty($bits_reply)) $bits_reply = substr($bits_reply, 0, -1); - $sql = "UPDATE auth_user_md5 set bits = '$bits_reply' WHERE user_id={$_SESSION['uid']}"; + $sql = "UPDATE auth_user_md5 set bits = '$bits_reply' WHERE user_id=".Session::getInt('uid')); $globals->db->query($sql); - if(empty($_SESSION['suid'])) { + if (!Session::has('suid')) { require_once('notifs.inc.php'); - register_watch_op($_SESSION['uid'],WATCH_FICHE); + register_watch_op(Session::getInt('uid'), WATCH_FICHE); } // mise a jour des champs relatifs au tab ouvert require_once("profil/update_{$opened_tab}.inc.php"); - - $_SESSION['log']->log("profil",$opened_tab); - $page->assign('etat_update','ok'); + + $log =& Session::getMixed('log'); + $log->log('profil', $opened_tab); + $page->assign('etat_update', 'ok'); } require_once("profil/get_{$new_tab}.inc.php"); diff --git a/htdocs/recovery.php b/htdocs/recovery.php index b2ac06e..d5e30c1 100644 --- a/htdocs/recovery.php +++ b/htdocs/recovery.php @@ -19,16 +19,16 @@ * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * ***************************************************************************/ -require_once("xorg.inc.php"); +require_once('xorg.inc.php'); new_skinned_page('recovery.tpl', AUTH_PUBLIC); -if (isset($_REQUEST['login']) and isset($_REQUEST['birth'])) { - if (!ereg("[0-3][0-9][0-1][0-9][1][9]([0-9]{2})", $_REQUEST['birth'])) { - $page->trig_run("Date de naissance incorrecte ou incohérente"); +if (Env::has('login') and Env::has('birth')) { + if (!ereg('[0-3][0-9][0-1][0-9][1][9]([0-9]{2})', Env::get('birth'))) { + $page->trig_run('Date de naissance incorrecte ou incohérente'); } - $birth = sprintf("%s-%s-%s", substr($_REQUEST["birth"],4,4), substr($_REQUEST["birth"],2,2), substr($_REQUEST["birth"],0,2)); + $birth = sprintf('%s-%s-%s', substr(Env::get('birth'),4,4), substr(Env::get('birth'),2,2), substr(Env::get('birth'),0,2)); - $mailorg=strtok($_REQUEST['login'],"@"); + $mailorg = strtok(Env::get('login', '@'); // paragraphe rajouté : si la date de naissance dans la base n'existe pas, on l'update // avec celle fournie ici en espérant que c'est la bonne @@ -48,9 +48,9 @@ if (isset($_REQUEST['login']) and isset($_REQUEST['birth'])) { if ($naissance == $birth) { $page->assign('ok', true); - $url=rand_url_id(); - $stamp=date("Y-m-d H:i:s"); - $sql="INSERT INTO perte_pass (certificat,uid,created) VALUES ('$url',$uid,'$stamp')"; + $url = rand_url_id(); + $stamp = date('Y-m-d H:i:s'); + $sql = "INSERT INTO perte_pass (certificat,uid,created) VALUES ('$url',$uid,'$stamp')"; $globals->db->query($sql); @@ -78,19 +78,19 @@ Si en cliquant dessus tu n'y arrives pas, copie int -- Polytechnique.org -\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"".((!empty($_POST["email"])) ? " +\"Le portail des élèves & anciens élèves de l'Ecole polytechnique\"".(Post::has('email')) ? " -Adresse de secours : {$_POST['email']}" : "")." +Adresse de secours : ".Post::get('email') : "")." -Mail envoyé à {$_REQUEST['login']}"); +Mail envoyé à ".Env::get('login')); $mymail->send(); // on cree un objet logger et on log l'evenement - $logger = $_SESSION['log'] = (isset($logger) ? $logger : new DiogenesCoreLogger($uid)); - $logger->log("recovery",$emails); + $logger = $_SESSION['log'] = new DiogenesCoreLogger($uid); + $logger->log('recovery', $emails); } else { - $page->trig("Pas de résultat correspondant aux champs entrés dans notre base de données."); + $page->trig('Pas de résultat correspondant aux champs entrés dans notre base de données.'); } } -- 2.1.4