4 |
david |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
if (!defined("_ECRIRE_INC_VERSION")) return; #securite
|
|
|
4 |
|
|
|
5 |
//
|
|
|
6 |
// Formulaire de signature d'une petition
|
|
|
7 |
//
|
|
|
8 |
|
|
|
9 |
|
|
|
10 |
// Contexte necessaire lors de la compilation
|
|
|
11 |
|
|
|
12 |
// Il *faut* demander petition, meme si on ne s'en sert pas dans l'affichage,
|
|
|
13 |
// car on doit obtenir la jointure avec sql_petitions pour verifier si
|
|
|
14 |
// une petition est attachee a l'article
|
|
|
15 |
global $balise_FORMULAIRE_SIGNATURE_collecte;
|
|
|
16 |
$balise_FORMULAIRE_SIGNATURE_collecte = array('id_article', 'petition');
|
|
|
17 |
|
|
|
18 |
|
|
|
19 |
// Verification des arguments (contexte + filtres)
|
|
|
20 |
function balise_FORMULAIRE_SIGNATURE_stat($args, $filtres) {
|
|
|
21 |
|
|
|
22 |
// pas d'id_article => erreur de squelette
|
|
|
23 |
if (!$args[0])
|
|
|
24 |
return erreur_squelette(
|
|
|
25 |
_T('zbug_champ_hors_motif',
|
|
|
26 |
array ('champ' => '#FORMULAIRE_SIGNATURE',
|
|
|
27 |
'motif' => 'ARTICLES')), '');
|
|
|
28 |
|
|
|
29 |
// article sans petition => pas de balise
|
|
|
30 |
else if (!$args[1])
|
|
|
31 |
return '';
|
|
|
32 |
|
|
|
33 |
else {
|
|
|
34 |
// aller chercher dans la base la petition associee
|
|
|
35 |
$s = spip_query("SELECT texte, site_obli, message
|
|
|
36 |
FROM spip_petitions WHERE id_article = ".intval($args[0]));
|
|
|
37 |
if ($r = spip_fetch_array($s)) {
|
|
|
38 |
$args[2] = $r['texte'];
|
|
|
39 |
// le signataire doit-il donner un site ?
|
|
|
40 |
$args[3] = ($r['site_obli'] == 'oui') ? '':' ';
|
|
|
41 |
// le signataire peut-il proposer un commentaire
|
|
|
42 |
$args[4] = ($r['message'] == 'oui') ? ' ':'';
|
|
|
43 |
}
|
|
|
44 |
return $args;
|
|
|
45 |
}
|
|
|
46 |
}
|
|
|
47 |
|
|
|
48 |
// Executer la balise
|
|
|
49 |
function balise_FORMULAIRE_SIGNATURE_dyn($id_article, $petition, $texte, $site_obli, $message) {
|
|
|
50 |
|
|
|
51 |
if (_request('var_confirm')) # _GET
|
|
|
52 |
return reponse_confirmation($id_article);
|
|
|
53 |
|
|
|
54 |
else if (_request('nom_email') AND _request('adresse_email')) # _POST
|
|
|
55 |
return reponse_signature($id_article,
|
|
|
56 |
_request('nom_email'), _request('adresse_email'),
|
|
|
57 |
_request('message'), _request('signature_nom_site'),
|
|
|
58 |
_request('signature_url_site'), _request('url_page')
|
|
|
59 |
);
|
|
|
60 |
|
|
|
61 |
else {
|
|
|
62 |
return array('formulaire_signature', $GLOBALS['delais'],
|
|
|
63 |
array(
|
|
|
64 |
'id_article' => $id_article,
|
|
|
65 |
'petition' => $petition,
|
|
|
66 |
'texte' => $texte,
|
|
|
67 |
'site_obli' => $site_obli,
|
|
|
68 |
'message' => $message
|
|
|
69 |
));
|
|
|
70 |
}
|
|
|
71 |
}
|
|
|
72 |
|
|
|
73 |
|
|
|
74 |
// Retour a l'ecran du lien de confirmation d'une signature de petition.
|
|
|
75 |
// Si var_confirm est non vide, c'est l'appel en debut de inc-public
|
|
|
76 |
// pour vider le cache au demarrage afin que la nouvelle signature apparaisse.
|
|
|
77 |
// Sinon, c'est l'execution du formulaire et on retourne le message
|
|
|
78 |
// de confirmation ou d'erreur construit lors de l'appel par inc-public.
|
|
|
79 |
|
|
|
80 |
function reponse_confirmation($id_article, $var_confirm = '') {
|
|
|
81 |
static $confirm = '';
|
|
|
82 |
|
|
|
83 |
if (!$var_confirm) return $confirm;
|
|
|
84 |
include_local(_FILE_CONNECT);
|
|
|
85 |
if ($GLOBALS['db_ok']) {
|
|
|
86 |
include_ecrire("inc_texte.php3");
|
|
|
87 |
include_ecrire("inc_filtres.php3");
|
|
|
88 |
|
|
|
89 |
// Eviter les doublons
|
|
|
90 |
$lock = "petition $id_article $var_confirm";
|
|
|
91 |
if (!spip_get_lock($lock, 5)) {
|
|
|
92 |
$confirm= _T('form_pet_probleme_technique');
|
|
|
93 |
}
|
|
|
94 |
else {
|
|
|
95 |
$query_sign = "SELECT * FROM spip_signatures WHERE statut='".addslashes($var_confirm)."'";
|
|
|
96 |
$result_sign = spip_query($query_sign);
|
|
|
97 |
if (spip_num_rows($result_sign) > 0) {
|
|
|
98 |
while($row = spip_fetch_array($result_sign)) {
|
|
|
99 |
$id_signature = $row['id_signature'];
|
|
|
100 |
$id_article = $row['id_article'];
|
|
|
101 |
$date_time = $row['date_time'];
|
|
|
102 |
$nom_email = $row['nom_email'];
|
|
|
103 |
$adresse_email = $row['ad_email'];
|
|
|
104 |
$nom_site = $row['nom_site'];
|
|
|
105 |
$url_site = $row['url_site'];
|
|
|
106 |
$message = $row['message'];
|
|
|
107 |
$statut = $row['statut'];
|
|
|
108 |
}
|
|
|
109 |
|
|
|
110 |
$query_petition = "SELECT * FROM spip_petitions WHERE id_article=$id_article";
|
|
|
111 |
$result_petition = spip_query($query_petition);
|
|
|
112 |
|
|
|
113 |
while ($row = spip_fetch_array($result_petition)) {
|
|
|
114 |
$id_article = $row['id_article'];
|
|
|
115 |
$email_unique = $row['email_unique'];
|
|
|
116 |
$site_obli = $row['site_obli'];
|
|
|
117 |
$site_unique = $row['site_unique'];
|
|
|
118 |
$message_petition = $row['message'];
|
|
|
119 |
$texte_petition = $row['texte'];
|
|
|
120 |
}
|
|
|
121 |
|
|
|
122 |
if ($email_unique == "oui") {
|
|
|
123 |
$email = addslashes($adresse_email);
|
|
|
124 |
$query = "SELECT * FROM spip_signatures WHERE id_article=$id_article AND ad_email='$email' AND statut='publie'";
|
|
|
125 |
$result = spip_query($query);
|
|
|
126 |
if (spip_num_rows($result) > 0) {
|
|
|
127 |
$confirm= (_T('form_pet_deja_signe'));
|
|
|
128 |
$refus = "oui";
|
|
|
129 |
}
|
|
|
130 |
}
|
|
|
131 |
|
|
|
132 |
if ($site_unique == "oui") {
|
|
|
133 |
$site = addslashes($url_site);
|
|
|
134 |
$query = "SELECT * FROM spip_signatures WHERE id_article=$id_article AND url_site='$site' AND statut='publie'";
|
|
|
135 |
$result = spip_query($query);
|
|
|
136 |
if (spip_num_rows($result) > 0) {
|
|
|
137 |
$confirm= (_T('form_pet_deja_enregistre'));
|
|
|
138 |
$refus = "oui";
|
|
|
139 |
}
|
|
|
140 |
}
|
|
|
141 |
|
|
|
142 |
if ($refus == "oui") {
|
|
|
143 |
$confirm= (_T('form_deja_inscrit'));
|
|
|
144 |
}
|
|
|
145 |
else {
|
|
|
146 |
$query = "UPDATE spip_signatures
|
|
|
147 |
SET statut='publie', date_time=NOW()
|
|
|
148 |
WHERE id_signature='$id_signature'";
|
|
|
149 |
$result = spip_query($query);
|
|
|
150 |
// invalider les pages ayant des boucles signatures
|
|
|
151 |
include_ecrire('inc_invalideur.php3');
|
|
|
152 |
include_ecrire('inc_meta.php3');
|
|
|
153 |
suivre_invalideur("id='varia/pet$id_article'");
|
|
|
154 |
|
|
|
155 |
$confirm= (_T('form_pet_signature_validee'));
|
|
|
156 |
}
|
|
|
157 |
}
|
|
|
158 |
else {
|
|
|
159 |
$confirm= (_T('form_pet_aucune_signature'));
|
|
|
160 |
}
|
|
|
161 |
spip_release_lock($lock);
|
|
|
162 |
}
|
|
|
163 |
}
|
|
|
164 |
else {
|
|
|
165 |
$confirm= _T('form_pet_probleme_technique');
|
|
|
166 |
}
|
|
|
167 |
}
|
|
|
168 |
|
|
|
169 |
//
|
|
|
170 |
// Retour a l'ecran de la signature d'une petition
|
|
|
171 |
//
|
|
|
172 |
|
|
|
173 |
function reponse_signature($id_article, $nom_email, $adresse_email, $message, $nom_site, $url_site, $url_page) {
|
|
|
174 |
|
|
|
175 |
if ($GLOBALS['db_ok']) {
|
|
|
176 |
include_ecrire("inc_texte.php3");
|
|
|
177 |
include_ecrire("inc_filtres.php3");
|
|
|
178 |
include_ecrire("inc_mail.php3");
|
|
|
179 |
|
|
|
180 |
// Eviter les doublons
|
|
|
181 |
$lock = "petition $id_article $adresse_email";
|
|
|
182 |
if (!spip_get_lock($lock, 5)) {
|
|
|
183 |
return _T('form_pet_probleme_technique');
|
|
|
184 |
} else {
|
|
|
185 |
$query_petition = "SELECT * FROM spip_petitions WHERE id_article=$id_article";
|
|
|
186 |
$result_petition = spip_query($query_petition);
|
|
|
187 |
|
|
|
188 |
while ($row = spip_fetch_array($result_petition)) {
|
|
|
189 |
$id_article = $row['id_article'];
|
|
|
190 |
$email_unique = $row['email_unique'];
|
|
|
191 |
$site_obli = $row['site_obli'];
|
|
|
192 |
$site_unique = $row['site_unique'];
|
|
|
193 |
$message_petition = $row['message'];
|
|
|
194 |
$texte_petition = $row['texte'];
|
|
|
195 |
}
|
|
|
196 |
|
|
|
197 |
if (strlen($nom_email) < 2) {
|
|
|
198 |
return _T('form_indiquer_nom');
|
|
|
199 |
}
|
|
|
200 |
|
|
|
201 |
if ($adresse_email == _T('info_mail_fournisseur')) {
|
|
|
202 |
return _T('form_indiquer_email');
|
|
|
203 |
}
|
|
|
204 |
|
|
|
205 |
if ($email_unique == "oui") {
|
|
|
206 |
$email = addslashes($adresse_email);
|
|
|
207 |
$query = "SELECT * FROM spip_signatures WHERE id_article=$id_article AND ad_email='$email' AND statut='publie'";
|
|
|
208 |
$result = spip_query($query);
|
|
|
209 |
if (spip_num_rows($result) > 0) {
|
|
|
210 |
return _T('form_pet_deja_signe');
|
|
|
211 |
}
|
|
|
212 |
}
|
|
|
213 |
|
|
|
214 |
if (!email_valide($adresse_email)) {
|
|
|
215 |
return _T('form_email_non_valide');
|
|
|
216 |
}
|
|
|
217 |
|
|
|
218 |
if ($site_obli == "oui") {
|
|
|
219 |
if (!$nom_site) {
|
|
|
220 |
return _T('form_indiquer_nom_site');
|
|
|
221 |
}
|
|
|
222 |
include_ecrire("inc_sites.php3");
|
|
|
223 |
|
|
|
224 |
if (!recuperer_page($url_site)) {
|
|
|
225 |
return _T('form_pet_url_invalide');
|
|
|
226 |
}
|
|
|
227 |
}
|
|
|
228 |
if ($site_unique == "oui") {
|
|
|
229 |
$site = addslashes($url_site);
|
|
|
230 |
$query = "SELECT * FROM spip_signatures WHERE id_article=$id_article AND url_site='$site' AND (statut='publie' OR statut='poubelle')";
|
|
|
231 |
$result = spip_query($query);
|
|
|
232 |
if (spip_num_rows($result) > 0) {
|
|
|
233 |
return _T('form_pet_site_deja_enregistre');
|
|
|
234 |
}
|
|
|
235 |
}
|
|
|
236 |
|
|
|
237 |
$passw = test_pass();
|
|
|
238 |
|
|
|
239 |
if ($refus == "oui") {
|
|
|
240 |
return _T('form_pet_signature_pasprise');
|
|
|
241 |
}
|
|
|
242 |
else {
|
|
|
243 |
$query_site = "SELECT titre FROM spip_articles WHERE id_article=$id_article";
|
|
|
244 |
$result_site = spip_query($query_site);
|
|
|
245 |
while ($row = spip_fetch_array($result_site)) {
|
|
|
246 |
$titre = $row['titre'];
|
|
|
247 |
}
|
|
|
248 |
|
|
|
249 |
$link = new Link($url_page);
|
|
|
250 |
$link->addVar('var_confirm', $passw);
|
|
|
251 |
$url = $link->getUrl("sp$id_article");
|
|
|
252 |
|
|
|
253 |
$messagex = _T('form_pet_mail_confirmation', array('titre' => $titre, 'nom_email' => $nom_email, 'nom_site' => $nom_site, 'url_site' => $url_site, 'url' => $url));
|
|
|
254 |
|
|
|
255 |
if (envoyer_mail($adresse_email, _T('form_pet_confirmation')." ".$titre, $messagex)) {
|
|
|
256 |
|
|
|
257 |
$nom_email = addslashes($nom_email);
|
|
|
258 |
$adresse_email = addslashes($adresse_email);
|
|
|
259 |
$nom_site = addslashes($nom_site);
|
|
|
260 |
$url_site = addslashes($url_site);
|
|
|
261 |
$message = addslashes($message);
|
|
|
262 |
|
|
|
263 |
spip_query("INSERT INTO spip_signatures (id_article, date_time, nom_email, ad_email, nom_site, url_site, message, statut) VALUES ($id_article, NOW(), '$nom_email', '$adresse_email', '$nom_site', '$url_site', '$message', '$passw')");
|
|
|
264 |
return _T('form_pet_envoi_mail_confirmation');
|
|
|
265 |
}
|
|
|
266 |
else {
|
|
|
267 |
return _T('form_pet_probleme_technique');
|
|
|
268 |
}
|
|
|
269 |
}
|
|
|
270 |
spip_release_lock($lock);
|
|
|
271 |
}
|
|
|
272 |
}
|
|
|
273 |
else {
|
|
|
274 |
return _T('form_pet_probleme_technique');
|
|
|
275 |
}
|
|
|
276 |
|
|
|
277 |
}
|
|
|
278 |
|
|
|
279 |
|
|
|
280 |
function test_pass() {
|
|
|
281 |
include_ecrire("inc_acces.php3");
|
|
|
282 |
for (;;) {
|
|
|
283 |
$passw = creer_pass_aleatoire();
|
|
|
284 |
$query = "SELECT statut FROM spip_signatures WHERE statut='$passw'";
|
|
|
285 |
$result = spip_query($query);
|
|
|
286 |
if (!spip_num_rows($result)) break;
|
|
|
287 |
}
|
|
|
288 |
return $passw;
|
|
|
289 |
}
|
|
|
290 |
|
|
|
291 |
?>
|