[platal.git] / modules / register.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2010 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class RegisterModule extends PLModule
{
    function handlers()
    {
        return array(
            'register'         => $this->make_hook('register', AUTH_PUBLIC),
            'register/end'     => $this->make_hook('end',      AUTH_PUBLIC),
        );
    }

    function handler_register(&$page, $hash = null)
    {
        $alert     = null;
        $sub_state = S::v('sub_state', array());
        if (!isset($sub_state['step'])) {
            $sub_state['step'] = 0;
        }
        if (!isset($sub_state['backs'])) {
            $sub_state['backs'] = array();
        }
        if (Get::has('back') && Get::i('back') < $sub_state['step']) {
            $sub_state['step'] = max(0, Get::i('back'));
            $state = $sub_state;
            unset($state['backs']);
            $sub_state['backs'][] = $state;
            if (count($sub_state['backs']) == 3) {
                $alert .= "Tentative d'inscription très hésitante - ";
            }
        }

        if ($hash) {
            require_once 'directory.enums.inc.php';

            $nameTypes = DirEnum::getOptionsArray(DirEnum::NAMETYPES);
            $nameTypes = array_flip($nameTypes);
            $res = XDB::query("SELECT  a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id,
                                       p.birthdate_ref, FIND_IN_SET('watch', a.flags)
                                 FROM  register_marketing AS m
                           INNER JOIN  accounts           AS a   ON (m.uid = a.uid)
                           INNER JOIN  account_profiles   AS ap  ON (a.uid = ap.id AND FIND_IN_SET('owner', ap.perms))
                           INNER JOIN  profiles           AS p   ON (p.pid = ap.id)
                           INNER JOIN  profile_display    AS pd  ON (p.pid = pd.pid)
                           INNER JOIN  profile_name       AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                           INNER JOIN  profile_name       AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                                WHERE  m.hash = {?}",
                              $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);

            if (list($uid, $promo, $lastname, $firstname, $xorgid, $birthdate, $watch) = $res->fetchOneRow()) {
                $sub_state['uid']           = $uid;
                $sub_state['hash']          = $hash;
                $sub_state['yearpromo']     = substr($promo, 1, 4);
                $sub_state['promo']         = $promo;
                $sub_state['lastname']      = $lastname;
                $sub_state['firstname']     = $firstname;
                $sub_state['xorgid']        = $xorgid;
                $sub_state['birthdate_ref'] = $birthdate;
                $sub_state['watch']         = $watch;

                XDB::execute('REPLACE INTO  register_mstats (uid,sender,success)
                                    SELECT  m.uid, m.sender, 0
                                      FROM  register_marketing AS m
                                     WHERE  m.hash',
                             $sub_state['hash']);
            }
        }

        switch ($sub_state['step']) {
            case 0:
                $wp = new PlWikiPage('Reference.Charte');
                $wp->buildCache();
                if (Post::has('step1')) {
                    $sub_state['step'] = 1;
                    if (isset($sub_state['hash'])) {
                        $sub_state['step'] = 3;
                        $this->load('register.inc.php');
                        create_aliases($sub_state);
                    }
                }
                break;

            case 1:
                if (Post::has('promo')) {
                    $promo = Post::t('edu_type') . Post::t('promo');
                    $yearpromo = Post::i('promo');
                    $res = XDB::query("SELECT  COUNT(*)
                                         FROM  accounts        AS a
                                   INNER JOIN  account_profile AS pa ON (a.uid = pa.uid AND FIND_IN_SET('owner', ap.perms))
                                   INNER JOIN  profile         AS p  ON (p.pid = pa.pid)
                                   INNER JOIN  profile_display AS pd  ON (p.pid = pd.pid)
                                        WHERE  a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
                                      $promo);

                    if (!$res->fetchOneCell()) {
                        $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
                    } else {
                        $sub_state['step']  = 2;
                        $sub_state['promo'] = $promo;
                        $sub_state['yearpromo'] = $yearpromo;
                        if ($yearpromo >= 1996 && $yearpromo < 2000) {
                            $sub_state['schoolid'] = ($yearpromo % 100) * 10 . '???';
                        } elseif($yearpromo >= 2000) {
                            $sub_state['schoolid'] = 100 + ($yearpromo % 100) . '???';
                        }
                    }
                }
                break;

            case 2:
                if (count($_POST)) {
                    $this->load('register.inc.php');
                    $sub_state['firstname'] = Post::v('firstname');
                    $sub_state['lastname']  = Post::v('lastname');
                    $sub_state['schoolid']  = Post::v('schoolid');
                    $error = check_new_user($sub_state);

                    if ($error !== true) {
                        break;
                    }
                    $error = create_aliases($sub_state);
                    if ($error === true) {
                        unset($error);
                        $sub_state['step'] = 3;
                    }
                }
                break;

            case 3:
                if (count($_POST)) {
                    $this->load('register.inc.php');

                    // Validate the email address format and domain.
                    require_once 'emails.inc.php';

                    if (!isvalid_email(Post::v('email'))) {
                        $error[] = "Le champ 'Email' n'est pas valide.";
                    } elseif (!isvalid_email_redirection(Post::v('email'))) {
                        $error[] = $sub_state['forlife'] . ' doit renvoyer vers un email existant '
                                 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
                    }

                    // Validate the birthday format and range.
                    $birth = trim(Env::v('birthdate'));
                    if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
                        $error[] = "La 'Date de naissance' n'est pas correcte.";
                    } else {
                        $birth = explode('/', $birth, 3);
                        for ($i = 0; $i < 3; ++$i)
                            $birth[$i] = intval($birth[$i]);
                        if ($birth[2] < 100) {
                            $birth[2] += 1900;
                        }
                        $year  = $birth[2];
                        $promo = (int) $sub_state['promo'];
                        if ($year > $promo - 15 || $year < $promo - 30) {
                            $error[] = "La 'Date de naissance' n'est pas correcte.";
                            $alert = "Date de naissance incorrecte à l'inscription - ";
                            $sub_state['wrong_naissance'] = $birth;
                        }
                    }

                    // Register the optional services requested by the user.
                    $services = array();
                    foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
                        if (Post::b($service)) {
                            $services[] = $service;
                        }
                    }
                    $sub_state['services'] = $services;

                    // Validate the password.
                    if (!Post::v('response2', false)) {
                        $error[] = "Le mot de passe n'est pas valide.";
                    }

                    // Check if the given email is known as dangerous.
                    $res = XDB::query("SELECT  w.state, w.description
                                         FROM  email_watch AS w
                                        WHERE  w.email = {?} AND w.state != 'safe'",
                                      Post::v('email'));
                    $email_banned = false;
                    if ($res->numRows()) {
                        list($state, $description) = $res->fetchOneRow();
                        $alert .= "Email surveillé proposé à l'inscription - ";
                        $sub_state['email_desc'] = $description;
                        if ($state == 'dangerous') {
                            $email_banned = true;
                        }
                    }
                    if ($sub_state['watch']) {
                        $alert .= "Inscription d'un utilisateur surveillé - ";
                    }

                    if (($ip_banned = check_ip('unsafe'))) {
                        unset($error);
                    }

                    if (isset($error)) {
                        $error = join('<br />', $error);
                    } else {
                        $sub_state['birthdate'] = sprintf("%04d-%02d-%02d",
                                                          intval($birth[2]), intval($birth[1]), intval($birth[0]));
                        $sub_state['email']     = Post::v('email');
                        $sub_state['password']  = Post::v('response2');

                        // Update the current alert if the birthdate is incorrect,
                        // or if the IP address of the user has been banned.
                        if ($sub_state['birthdate_ref'] != '0000-00-00'
                            && $sub_state['birthdate_ref'] != $sub_state['birthdate']) {
                            $alert .= "Date de naissance incorrecte à l'inscription - ";
                        }
                        if ($ip_banned) {
                            $alert .= "Tentative d'inscription depuis une IP surveillée";
                        }

                        // Prevent banned user from actually registering; save the current state for others.
                        if ($email_banned || $ip_banned) {
                            global $globals;
                            $error = "Une erreur s'est produite lors de l'inscription."
                                 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
                                 . " register@{$globals->mail->domain}</a>"
                                 . " pour nous faire part de cette erreur.";
                        } else {
                            $sub_state['step'] = 4;
                            if (count($sub_state['backs']) >= 3) {
                                $alert .= "Fin d'une inscription hésitante.";
                            }
                            finish_ins($sub_state);
                        }
                    }
                }
                break;
        }

        $_SESSION['sub_state'] = $sub_state;
        if (!empty($alert)) {
            send_warning_mail($alert);
        }

        $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
        $page->addJsLink('motdepasse.js');
        if (isset($error)) {
            $page->trigError($error);
        }
    }

    function handler_end(&$page, $hash = null)
    {
        global $globals;
        $_SESSION['sub_state'] = array('step' => 5);

        // Reject registration requests from unsafe IP addresses (and remove the
        // registration information from the database, to prevent IP changes).
        if (check_ip('unsafe')) {
            send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
            XDB::execute("DELETE FROM  register_pending
                                WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
            return PL_FORBIDDEN;
        }

        // /* TODO */
        // Retrieve the pre-registration information using the url-provided
        // authentication token.
        if ($hash) {
            $res = XDB::query(
                    "SELECT  r.uid, r.forlife, r.bestalias, r.mailorg2,
                             r.password, r.email, r.services, r.naissance, u.nom, u.prenom,
                             u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini
                       FROM  register_pending AS r
                 INNER JOIN  auth_user_md5    AS u ON r.uid = u.user_id
                      WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
        }
        if (!$hash || $res->numRows() == 0) {
            $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
                         <p>Causes probables&nbsp;:</p>
                         <ol>
                           <li>Vérifie que tu visites l'adresse du dernier
                               email reçu s'il y en a eu plusieurs.</li>
                           <li>Tu as peut-être mal copié l'adresse reçue par
                               email, vérifie-la à la main.</li>
                           <li>Tu as peut-être attendu trop longtemps pour
                               confirmer.  Les pré-inscriptions sont annulées
                               tous les 30 jours.</li>
                           <li>Tu es en fait déjà inscrit.</li>
                        </ol>");
        }

        list($uid, $forlife, $bestalias, $mailorg2, $password, $email, $services,
             $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow();

        // Prepare the template for display.
        $page->changeTpl('register/end.tpl');
        $page->addJsLink('do_challenge_response_logged.js');
        $page->assign('forlife', $forlife);
        $page->assign('prenom', $prenom);
        $page->assign('femme', $femme);

        // Check if the user did enter a valid password; if not (or if none is found),
        // get her an information page.
        if (Env::has('response')) {
            require_once 'secure_hash.inc.php';
            $expected_response = hash_encrypt("$forlife:$password:" . S::v('challenge'));
            if (Env::v('response') != $expected_response) {
                $page->trigError("Mot de passe invalide.");
                S::logger($uid)->log('auth_fail', 'bad password (register/end)');
                return;
            }
        } else {
            return;
        }

        //
        // Create the user account.
        //
        XDB::execute("UPDATE  auth_user_md5
                         SET  password = {?}, perms = 'user',
                              date = NOW(), naissance = {?}, date_ins = NOW()
                       WHERE  user_id = {?}", $password, $naissance, $uid);
        XDB::execute("REPLACE INTO auth_user_quick (user_id) VALUES ({?})", $uid);
        XDB::execute("INSERT INTO  aliases (uid, alias, type)
                           VALUES  ({?}, {?}, 'a_vie')", $uid, $forlife);
        XDB::execute("INSERT INTO  aliases (uid, alias, type, flags)
                           VALUES  ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
        if ($mailorg2) {
            XDB::execute("INSERT INTO  aliases (uid, alias, type)
                               VALUES  ({?}, {?}, 'alias')", $uid, $mailorg2);
        }

        // Add the registration email address as first and only redirection.
        require_once 'emails.inc.php';
        $user = User::getSilent($uid);
        $redirect = new Redirect($user);
        $redirect->add_email($email);

        // Try to start a session (so the user don't have to log in); we will use
        // the password available in Post:: to authenticate the user.
        Platal::session()->start(AUTH_MDP);

        // Subscribe the user to the services she did request at registration time.
        foreach (explode(',', $services) as $service) {
            switch ($service) {
                case 'ax_letter':
                    Platal::load('axletter', 'axletter.inc.php');
                    AXLetter::subscribe(S::user()->id());
                    break;
                case 'imap':
                    $user = S::user();
                    $storage = new EmailStorage($user, 'imap');
                    $storage->activate();
                    break;
                case 'ml_promo':
                    $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', S::user()->promo());
                    if ($r->numRows()) {
                        $asso_id = $r->fetchOneCell();
                        XDB::execute('REPLACE INTO  group_members (uid, asso_id)
                                            VALUES  ({?}, {?})',
                                     S::user()->id(), $asso_id);
                        $mmlist = new MMList(S::user()->id(), S::v('password'));
                        $mmlist->subscribe("promo" . S::v('promo'));
                    }
                    break;
                case 'nl':
                    require_once 'newsletter.inc.php';
                    NewsLetter::subscribe();
                    break;
            }
        }

        // Log the registration in the user session.
        S::logger($uid)->log('inscription', $email);
        XDB::execute("UPDATE  register_pending
                         SET  hash = 'INSCRIT'
                       WHERE  uid = {?}", $uid);

        // Congratulate our newly registered user by email.
        $mymail = new PlMailer('register/inscription.reussie.tpl');
        $mymail->assign('forlife', $forlife);
        $mymail->assign('prenom', $prenom);
        $mymail->send();

        // Index the user, to allow her to appear in searches.
        Profile::rebuildSearchTokens($uid);

        // Notify other users which were watching for her arrival.
        require_once 'notifs.inc.php';
        register_watch_op($uid, WATCH_INSCR);
        inscription_notifs_base($uid);

        // Forcibly register the new user on default forums.
        $promo_forum = 'xorg.promo.x' . $promo;
        $registered_forums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promo_forum);
        foreach ($registered_forums as $forum) {
            XDB::execute("INSERT INTO  #forums#.abos (fid,uid)
                               SELECT  fid, {?}
                                 FROM  #forums#.list
                                WHERE  nom = {?}",
                                $uid, $val);

            // Notify the newsgroup admin of the promotion forum needs be created.
            if (XDB::affectedRows() == 0 && $forum == $promo_forum) {
                $res = XDB::query("SELECT  SUM(perms IN ('admin','user') AND deces = 0), COUNT(*)
                                     FROM  auth_user_md5
                                    WHERE  promo = {?}", $promo);
                list($promo_registered_count, $promo_count) = $res->fetchOneRow();
                if ($promo_registered_count > 0.2 * $promo_count) {
                    $mymail = new PlMailer('admin/forums-promo.mail.tpl');
                    $mymail->assign('promo', $promo);
                    $mymail->send();
                }
            }
        }

        // Update the global registration count stats.
        $globals->updateNbIns();

        //
        // Update collateral data sources, and inform watchers by email.
        //

        // Email the referrer(s) of this new user.
        $res = XDB::iterRow(
                "SELECT  sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom,
                         s.prenom, FIND_IN_SET('femme', s.flags) AS femme,
                         GROUP_CONCAT(m.email SEPARATOR ', ') AS mails, MAX(m.last) AS dateDernier
                   FROM  register_marketing AS m
             INNER JOIN  auth_user_md5      AS s  ON (m.sender = s.user_id)
             INNER JOIN  aliases            AS sa ON (sa.uid = m.sender
                                                      AND FIND_IN_SET('bestalias', sa.flags))
                  WHERE  m.uid = {?}
               GROUP BY  m.sender
               ORDER BY  dateDernier DESC", $uid);
        XDB::execute("UPDATE  register_mstats
                         SET  success = NOW()
                       WHERE  uid = {?}", $uid);

        $market = array();
        while (list($salias, $snom, $sprenom, $sfemme, $mails, $dateDernier) = $res->next()) {
            $market[] = " - par $snom $sprenom sur $mails (le plus récemment le $dateDernier)";
            $mymail = new PlMailer();
            $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !");
            $mymail->setFrom('"Marketing Polytechnique.org" <register@' . $globals->mail->domain . '>');
            $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>");
            $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n"
                 . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), "
                 . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, "
                 . "vient à l'instant de terminer son inscription.\n\n"
                 . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n"
                 . "Bien cordialement,\n"
                 . "-- \n"
                 . "L'équipe Polytechnique.org";
            $mymail->setTxtBody(wordwrap($msg, 72));
            $mymail->send();
        }

        // Email the plat/al administrators about the registration.
        if ($globals->register->notif) {
            $mymail = new PlMailer();
            $mymail->setSubject("Inscription de $prenom $nom (X$promo)");
            $mymail->setFrom('"Webmaster Polytechnique.org" <web@' . $globals->mail->domain . '>');
            $mymail->addTo($globals->register->notif);
            $mymail->addHeader('Reply-To', $globals->register->notif);
            $msg = "$prenom $nom (X$promo) a terminé son inscription avec les données suivantes :\n"
                 . " - nom       : $nom\n"
                 . " - prenom    : $prenom\n"
                 . " - promo     : $promo\n"
                 . " - naissance : $naissance (date connue : $naiss_ini)\n"
                 . " - forlife   : $forlife\n"
                 . " - email     : $email\n"
                 . " - sexe      : $femme\n"
                 . " - ip        : " . S::logger()->ip . " (" . S::logger()->host . ")\n"
                 . (S::logger()->proxy_ip ? " - proxy     : " . S::logger()->proxy_ip . " (" . S::logger()->proxy_host . ")\n" : "")
                 . "\n\n";
            if (count($market) > 0) {
                $msg .= "Les marketings suivants avaient été effectués :\n"
                     . implode("\n", $market);
            } else {
                $msg .= "$prenom $nom n'a jamais reçu d'email de marketing.";
            }
            $mymail->setTxtBody($msg);
            $mymail->send();
        }

        // Remove old pending marketing requests for the new user.
        Marketing::clear($uid);

        pl_redirect('profile/edit');
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
f59bc2fb	1	<?php
f59bc2fb	2	/***************************************************************************
9f5bd98e	3	* Copyright (C) 2003-2010 Polytechnique.org *
f59bc2fb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class RegisterModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
20d90835	27	'register' => $this->make_hook('register', AUTH_PUBLIC),
20d90835	28	'register/end' => $this->make_hook('end', AUTH_PUBLIC),
f59bc2fb	29	);
	30	}
	31
20d90835	32	function handler_register(&$page, $hash = null)
f59bc2fb	33	{
5480a216	34	$alert = null;
94660e07	35	$sub_state = S::v('sub_state', array());
f59bc2fb	36	if (!isset($sub_state['step'])) {
	37	$sub_state['step'] = 0;
	38	}
2efe5355	39	if (!isset($sub_state['backs'])) {
	40	$sub_state['backs'] = array();
	41	}
5e2307dc	42	if (Get::has('back') && Get::i('back') < $sub_state['step']) {
94660e07	43	$sub_state['step'] = max(0, Get::i('back'));
2efe5355	44	$state = $sub_state;
	45	unset($state['backs']);
	46	$sub_state['backs'][] = $state;
	47	if (count($sub_state['backs']) == 3) {
97a82cd2	48	$alert .= "Tentative d'inscription très hésitante - ";
eaf30d86	49	}
f59bc2fb	50	}
f59bc2fb	51
20d90835	52	if ($hash) {
94660e07	53	require_once 'directory.enums.inc.php';
f59bc2fb	54
94660e07 SJ	55	$nameTypes = DirEnum::getOptionsArray(DirEnum::NAMETYPES);
	56	$nameTypes = array_flip($nameTypes);
	57	$res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id,
	58	p.birthdate_ref, FIND_IN_SET('watch', a.flags)
f59bc2fb	59	FROM register_marketing AS m
94660e07 SJ	60	INNER JOIN accounts AS a ON (m.uid = a.uid)
	61	INNER JOIN account_profiles AS ap ON (a.uid = ap.id AND FIND_IN_SET('owner', ap.perms))
	62	INNER JOIN profiles AS p ON (p.pid = ap.id)
	63	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	64	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	65	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
	66	WHERE m.hash = {?}",
	67	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
	68
	69	if (list($uid, $promo, $lastname, $firstname, $xorgid, $birthdate, $watch) = $res->fetchOneRow()) {
	70	$sub_state['uid'] = $uid;
	71	$sub_state['hash'] = $hash;
	72	$sub_state['yearpromo'] = substr($promo, 1, 4);
	73	$sub_state['promo'] = $promo;
	74	$sub_state['lastname'] = $lastname;
	75	$sub_state['firstname'] = $firstname;
	76	$sub_state['xorgid'] = $xorgid;
	77	$sub_state['birthdate_ref'] = $birthdate;
	78	$sub_state['watch'] = $watch;
	79
	80	XDB::execute('REPLACE INTO register_mstats (uid,sender,success)
	81	SELECT m.uid, m.sender, 0
	82	FROM register_marketing AS m
	83	WHERE m.hash',
	84	$sub_state['hash']);
f59bc2fb	85	}
	86	}
	87
	88	switch ($sub_state['step']) {
	89	case 0:
8f201b69 FB	90	$wp = new PlWikiPage('Reference.Charte');
8f201b69 FB	91	$wp->buildCache();
f59bc2fb	92	if (Post::has('step1')) {
	93	$sub_state['step'] = 1;
	94	if (isset($sub_state['hash'])) {
	95	$sub_state['step'] = 3;
460d8f55	96	$this->load('register.inc.php');
f59bc2fb	97	create_aliases($sub_state);
	98	}
	99	}
	100	break;
	101
	102	case 1:
	103	if (Post::has('promo')) {
94660e07 SJ	104	$promo = Post::t('edu_type') . Post::t('promo');
	105	$yearpromo = Post::i('promo');
	106	$res = XDB::query("SELECT COUNT(*)
	107	FROM accounts AS a
	108	INNER JOIN account_profile AS pa ON (a.uid = pa.uid AND FIND_IN_SET('owner', ap.perms))
	109	INNER JOIN profile AS p ON (p.pid = pa.pid)
	110	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	111	WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
a41bf2f8	112	$promo);
94660e07	113
a41bf2f8	114	if (!$res->fetchOneCell()) {
94660e07	115	$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
f59bc2fb	116	} else {
	117	$sub_state['step'] = 2;
	118	$sub_state['promo'] = $promo;
94660e07 SJ	119	$sub_state['yearpromo'] = $yearpromo;
	120	if ($yearpromo >= 1996 && $yearpromo < 2000) {
	121	$sub_state['schoolid'] = ($yearpromo % 100) * 10 . '???';
	122	} elseif($yearpromo >= 2000) {
	123	$sub_state['schoolid'] = 100 + ($yearpromo % 100) . '???';
f59bc2fb	124	}
	125	}
	126	}
	127	break;
	128
	129	case 2:
	130	if (count($_POST)) {
460d8f55	131	$this->load('register.inc.php');
94660e07 SJ	132	$sub_state['firstname'] = Post::v('firstname');
	133	$sub_state['lastname'] = Post::v('lastname');
	134	$sub_state['schoolid'] = Post::v('schoolid');
	135	$error = check_new_user($sub_state);
f59bc2fb	136
94660e07 SJ	137	if ($error !== true) {
	138	break;
	139	}
	140	$error = create_aliases($sub_state);
	141	if ($error === true) {
	142	unset($error);
f59bc2fb	143	$sub_state['step'] = 3;
	144	}
	145	}
	146	break;
	147
	148	case 3:
	149	if (count($_POST)) {
460d8f55	150	$this->load('register.inc.php');
97a82cd2 VZ	151
97a82cd2 VZ	152	// Validate the email address format and domain.
c6310567	153	require_once 'emails.inc.php';
94660e07	154
5e2307dc	155	if (!isvalid_email(Post::v('email'))) {
94660e07	156	$error[] = "Le champ 'Email' n'est pas valide.";
5e2307dc	157	} elseif (!isvalid_email_redirection(Post::v('email'))) {
94660e07 SJ	158	$error[] = $sub_state['forlife'] . ' doit renvoyer vers un email existant '
94660e07 SJ	159	. 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
f59bc2fb	160	}
97a82cd2 VZ	161
97a82cd2 VZ	162	// Validate the birthday format and range.
94660e07	163	$birth = trim(Env::v('birthdate'));
12e5d7a6	164	if (!preg_match('@^[0-3]?\d/[01]?\d/(19\|20)?\d{2}$@', $birth)) {
94660e07	165	$error[] = "La 'Date de naissance' n'est pas correcte.";
35cd1be1	166	} else {
12e5d7a6	167	$birth = explode('/', $birth, 3);
94660e07	168	for ($i = 0; $i < 3; ++$i)
7caaaf6d	169	$birth[$i] = intval($birth[$i]);
94660e07 SJ	170	if ($birth[2] < 100) {
	171	$birth[2] += 1900;
	172	}
7caaaf6d	173	$year = $birth[2];
94660e07	174	$promo = (int) $sub_state['promo'];
35cd1be1	175	if ($year > $promo - 15 \|\| $year < $promo - 30) {
94660e07	176	$error[] = "La 'Date de naissance' n'est pas correcte.";
97a82cd2	177	$alert = "Date de naissance incorrecte à l'inscription - ";
fb5d164e	178	$sub_state['wrong_naissance'] = $birth;
35cd1be1	179	}
f59bc2fb	180	}
f59bc2fb	181
3546b253 VZ	182	// Register the optional services requested by the user.
	183	$services = array();
	184	foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
	185	if (Post::b($service)) {
	186	$services[] = $service;
	187	}
	188	}
	189	$sub_state['services'] = $services;
	190
97a82cd2 VZ	191	// Validate the password.
97a82cd2 VZ	192	if (!Post::v('response2', false)) {
94660e07	193	$error[] = "Le mot de passe n'est pas valide.";
97a82cd2 VZ	194	}
	195
	196	// Check if the given email is known as dangerous.
15836cdd	197	$res = XDB::query("SELECT w.state, w.description
06f4daf9	198	FROM email_watch AS w
15836cdd	199	WHERE w.email = {?} AND w.state != 'safe'",
94660e07	200	Post::v('email'));
706ed3ef	201	$email_banned = false;
15836cdd FB	202	if ($res->numRows()) {
15836cdd FB	203	list($state, $description) = $res->fetchOneRow();
97a82cd2	204	$alert .= "Email surveillé proposé à l'inscription - ";
15836cdd	205	$sub_state['email_desc'] = $description;
706ed3ef FB	206	if ($state == 'dangerous') {
	207	$email_banned = true;
	208	}
5480a216	209	}
0be07aa6	210	if ($sub_state['watch']) {
4653799f	211	$alert .= "Inscription d'un utilisateur surveillé - ";
0be07aa6	212	}
5480a216	213
97a82cd2	214	if (($ip_banned = check_ip('unsafe'))) {
94660e07	215	unset($error);
bf273d6a	216	}
bf273d6a	217
94660e07 SJ	218	if (isset($error)) {
94660e07 SJ	219	$error = join('<br />', $error);
f59bc2fb	220	} else {
94660e07	221	$sub_state['birthdate'] = sprintf("%04d-%02d-%02d",
12e5d7a6	222	intval($birth[2]), intval($birth[1]), intval($birth[0]));
97a82cd2 VZ	223	$sub_state['email'] = Post::v('email');
	224	$sub_state['password'] = Post::v('response2');
	225
	226	// Update the current alert if the birthdate is incorrect,
	227	// or if the IP address of the user has been banned.
94660e07 SJ	228	if ($sub_state['birthdate_ref'] != '0000-00-00'
94660e07 SJ	229	&& $sub_state['birthdate_ref'] != $sub_state['birthdate']) {
ecc734a5	230	$alert .= "Date de naissance incorrecte à l'inscription - ";
ecc734a5	231	}
706ed3ef	232	if ($ip_banned) {
97a82cd2	233	$alert .= "Tentative d'inscription depuis une IP surveillée";
706ed3ef	234	}
97a82cd2 VZ	235
97a82cd2 VZ	236	// Prevent banned user from actually registering; save the current state for others.
706ed3ef	237	if ($email_banned \|\| $ip_banned) {
115c90db	238	global $globals;
94660e07	239	$error = "Une erreur s'est produite lors de l'inscription."
1d55fe45	240	. " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
1d55fe45	241	. " register@{$globals->mail->domain}</a>"
94660e07	242	. " pour nous faire part de cette erreur.";
5480a216	243	} else {
5480a216	244	$sub_state['step'] = 4;
9fc2d0d2	245	if (count($sub_state['backs']) >= 3) {
94660e07	246	$alert .= "Fin d'une inscription hésitante.";
2efe5355	247	}
5480a216	248	finish_ins($sub_state);
5480a216	249	}
bf273d6a	250	}
f59bc2fb	251	}
	252	break;
	253	}
	254
	255	$_SESSION['sub_state'] = $sub_state;
4653799f	256	if (!empty($alert)) {
5480a216	257	send_warning_mail($alert);
5480a216	258	}
97a82cd2	259
a41bf2f8	260	$page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
97a82cd2	261	$page->addJsLink('motdepasse.js');
94660e07 SJ	262	if (isset($error)) {
94660e07 SJ	263	$page->trigError($error);
f59bc2fb	264	}
f59bc2fb	265	}
	266
	267	function handler_end(&$page, $hash = null)
	268	{
	269	global $globals;
a41bf2f8	270	$_SESSION['sub_state'] = array('step' => 5);
ecc734a5	271
97a82cd2 VZ	272	// Reject registration requests from unsafe IP addresses (and remove the
97a82cd2 VZ	273	// registration information from the database, to prevent IP changes).
ecc734a5	274	if (check_ip('unsafe')) {
94660e07	275	send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
97a82cd2 VZ	276	XDB::execute("DELETE FROM register_pending
97a82cd2 VZ	277	WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
ecc734a5	278	return PL_FORBIDDEN;
	279	}
	280
94660e07	281	// /* TODO */
97a82cd2 VZ	282	// Retrieve the pre-registration information using the url-provided
97a82cd2 VZ	283	// authentication token.
f59bc2fb	284	if ($hash) {
08cce2ff	285	$res = XDB::query(
f59bc2fb	286	"SELECT r.uid, r.forlife, r.bestalias, r.mailorg2,
3546b253	287	r.password, r.email, r.services, r.naissance, u.nom, u.prenom,
ecc734a5	288	u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini
f59bc2fb	289	FROM register_pending AS r
f59bc2fb	290	INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id
97a82cd2	291	WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
f59bc2fb	292	}
97a82cd2	293	if (!$hash \|\| $res->numRows() == 0) {
f59bc2fb	294	$page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
97a82cd2	295	<p>Causes probables :</p>
f59bc2fb	296	<ol>
a7de4ef7	297	<li>Vérifie que tu visites l'adresse du dernier
97a82cd2	298	email reçu s'il y en a eu plusieurs.</li>
a7de4ef7	299	<li>Tu as peut-être mal copié l'adresse reçue par
97a82cd2	300	email, vérifie-la à la main.</li>
a7de4ef7	301	<li>Tu as peut-être attendu trop longtemps pour
a7de4ef7	302	confirmer. Les pré-inscriptions sont annulées
f59bc2fb	303	tous les 30 jours.</li>
a7de4ef7	304	<li>Tu es en fait déjà inscrit.</li>
f59bc2fb	305	</ol>");
	306	}
	307
3546b253	308	list($uid, $forlife, $bestalias, $mailorg2, $password, $email, $services,
97a82cd2	309	$naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow();
f59bc2fb	310
97a82cd2 VZ	311	// Prepare the template for display.
	312	$page->changeTpl('register/end.tpl');
	313	$page->addJsLink('do_challenge_response_logged.js');
	314	$page->assign('forlife', $forlife);
	315	$page->assign('prenom', $prenom);
	316	$page->assign('femme', $femme);
	317
	318	// Check if the user did enter a valid password; if not (or if none is found),
	319	// get her an information page.
	320	if (Env::has('response')) {
	321	require_once 'secure_hash.inc.php';
	322	$expected_response = hash_encrypt("$forlife:$password:" . S::v('challenge'));
	323	if (Env::v('response') != $expected_response) {
	324	$page->trigError("Mot de passe invalide.");
	325	S::logger($uid)->log('auth_fail', 'bad password (register/end)');
	326	return;
	327	}
	328	} else {
	329	return;
	330	}
f59bc2fb	331
97a82cd2 VZ	332	//
	333	// Create the user account.
	334	//
	335	XDB::execute("UPDATE auth_user_md5
	336	SET password = {?}, perms = 'user',
	337	date = NOW(), naissance = {?}, date_ins = NOW()
	338	WHERE user_id = {?}", $password, $naissance, $uid);
	339	XDB::execute("REPLACE INTO auth_user_quick (user_id) VALUES ({?})", $uid);
fe13bc1d	340	XDB::execute("INSERT INTO aliases (uid, alias, type)
97a82cd2	341	VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
fe13bc1d	342	XDB::execute("INSERT INTO aliases (uid, alias, type, flags)
97a82cd2	343	VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
f59bc2fb	344	if ($mailorg2) {
fe13bc1d	345	XDB::execute("INSERT INTO aliases (uid, alias, type)
97a82cd2	346	VALUES ({?}, {?}, 'alias')", $uid, $mailorg2);
f59bc2fb	347	}
f59bc2fb	348
97a82cd2	349	// Add the registration email address as first and only redirection.
726eaf7a	350	require_once 'emails.inc.php';
12a587df VZ	351	$user = User::getSilent($uid);
12a587df VZ	352	$redirect = new Redirect($user);
f59bc2fb	353	$redirect->add_email($email);
f59bc2fb	354
3546b253 VZ	355	// Try to start a session (so the user don't have to log in); we will use
	356	// the password available in Post:: to authenticate the user.
	357	Platal::session()->start(AUTH_MDP);
	358
	359	// Subscribe the user to the services she did request at registration time.
	360	foreach (explode(',', $services) as $service) {
	361	switch ($service) {
	362	case 'ax_letter':
	363	Platal::load('axletter', 'axletter.inc.php');
bf1525f7	364	AXLetter::subscribe(S::user()->id());
3546b253 VZ	365	break;
3546b253 VZ	366	case 'imap':
3546b253 VZ	367	$user = S::user();
	368	$storage = new EmailStorage($user, 'imap');
	369	$storage->activate();
	370	break;
	371	case 'ml_promo':
eb41eda9	372	$r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', S::user()->promo());
3546b253 VZ	373	if ($r->numRows()) {
3546b253 VZ	374	$asso_id = $r->fetchOneCell();
eb41eda9	375	XDB::execute('REPLACE INTO group_members (uid, asso_id)
3546b253 VZ	376	VALUES ({?}, {?})',
	377	S::user()->id(), $asso_id);
	378	$mmlist = new MMList(S::user()->id(), S::v('password'));
	379	$mmlist->subscribe("promo" . S::v('promo'));
	380	}
	381	break;
	382	case 'nl':
	383	require_once 'newsletter.inc.php';
	384	NewsLetter::subscribe();
	385	break;
	386	}
	387	}
	388
97a82cd2	389	// Log the registration in the user session.
03c0a3a7	390	S::logger($uid)->log('inscription', $email);
97a82cd2 VZ	391	XDB::execute("UPDATE register_pending
	392	SET hash = 'INSCRIT'
	393	WHERE uid = {?}", $uid);
f59bc2fb	394
97a82cd2	395	// Congratulate our newly registered user by email.
1e33266a	396	$mymail = new PlMailer('register/inscription.reussie.tpl');
f59bc2fb	397	$mymail->assign('forlife', $forlife);
	398	$mymail->assign('prenom', $prenom);
	399	$mymail->send();
	400
97a82cd2	401	// Index the user, to allow her to appear in searches.
726eaf7a	402	Profile::rebuildSearchTokens($uid);
2a54eb4d	403
97a82cd2	404	// Notify other users which were watching for her arrival.
03c0a3a7 FB	405	require_once 'notifs.inc.php';
	406	register_watch_op($uid, WATCH_INSCR);
	407	inscription_notifs_base($uid);
	408
97a82cd2 VZ	409	// Forcibly register the new user on default forums.
	410	$promo_forum = 'xorg.promo.x' . $promo;
	411	$registered_forums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promo_forum);
	412	foreach ($registered_forums as $forum) {
00112b2e	413	XDB::execute("INSERT INTO #forums#.abos (fid,uid)
97a82cd2	414	SELECT fid, {?}
00112b2e	415	FROM #forums#.list
97a82cd2 VZ	416	WHERE nom = {?}",
	417	$uid, $val);
	418
	419	// Notify the newsgroup admin of the promotion forum needs be created.
	420	if (XDB::affectedRows() == 0 && $forum == $promo_forum) {
03c0a3a7 FB	421	$res = XDB::query("SELECT SUM(perms IN ('admin','user') AND deces = 0), COUNT(*)
	422	FROM auth_user_md5
	423	WHERE promo = {?}", $promo);
97a82cd2 VZ	424	list($promo_registered_count, $promo_count) = $res->fetchOneRow();
97a82cd2 VZ	425	if ($promo_registered_count > 0.2 * $promo_count) {
03c0a3a7 FB	426	$mymail = new PlMailer('admin/forums-promo.mail.tpl');
	427	$mymail->assign('promo', $promo);
	428	$mymail->send();
	429	}
	430	}
	431	}
	432
97a82cd2	433	// Update the global registration count stats.
ebfdf077	434	$globals->updateNbIns();
b5dd6f2f	435
97a82cd2 VZ	436	//
	437	// Update collateral data sources, and inform watchers by email.
	438	//
f59bc2fb	439
97a82cd2	440	// Email the referrer(s) of this new user.
08cce2ff	441	$res = XDB::iterRow(
ebb129a4 FB	442	"SELECT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom,
ebb129a4 FB	443	s.prenom, FIND_IN_SET('femme', s.flags) AS femme,
e4705641	444	GROUP_CONCAT(m.email SEPARATOR ', ') AS mails, MAX(m.last) AS dateDernier
f59bc2fb	445	FROM register_marketing AS m
97a82cd2	446	INNER JOIN auth_user_md5 AS s ON (m.sender = s.user_id)
fe13bc1d	447	INNER JOIN aliases AS sa ON (sa.uid = m.sender
97a82cd2	448	AND FIND_IN_SET('bestalias', sa.flags))
ebb129a4	449	WHERE m.uid = {?}
38acbdf3 BFPC	450	GROUP BY m.sender
38acbdf3 BFPC	451	ORDER BY dateDernier DESC", $uid);
97a82cd2 VZ	452	XDB::execute("UPDATE register_mstats
	453	SET success = NOW()
	454	WHERE uid = {?}", $uid);
f59bc2fb	455
ebb129a4	456	$market = array();
381a3df0 OLF	457	while (list($salias, $snom, $sprenom, $sfemme, $mails, $dateDernier) = $res->next()) {
381a3df0 OLF	458	$market[] = " - par $snom $sprenom sur $mails (le plus récemment le $dateDernier)";
1e33266a	459	$mymail = new PlMailer();
a7de4ef7	460	$mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !");
1d55fe45	461	$mymail->setFrom('"Marketing Polytechnique.org" <register@' . $globals->mail->domain . '>');
f59bc2fb	462	$mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>");
a7de4ef7	463	$msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n"
ecc734a5	464	. "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), "
a7de4ef7	465	. "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, "
	466	. "vient à l'instant de terminer son inscription.\n\n"
	467	. "Merci de ta participation active à la reconnaissance de ce site !!!\n\n"
f59bc2fb	468	. "Bien cordialement,\n"
97a82cd2	469	. "-- \n"
a7de4ef7	470	. "L'équipe Polytechnique.org";
f59bc2fb	471	$mymail->setTxtBody(wordwrap($msg, 72));
	472	$mymail->send();
	473	}
5f5f0eb5	474
97a82cd2	475	// Email the plat/al administrators about the registration.
9812efa0	476	if ($globals->register->notif) {
	477	$mymail = new PlMailer();
	478	$mymail->setSubject("Inscription de $prenom $nom (X$promo)");
1d55fe45	479	$mymail->setFrom('"Webmaster Polytechnique.org" <web@' . $globals->mail->domain . '>');
9812efa0	480	$mymail->addTo($globals->register->notif);
280c6e4d	481	$mymail->addHeader('Reply-To', $globals->register->notif);
a7de4ef7	482	$msg = "$prenom $nom (X$promo) a terminé son inscription avec les données suivantes :\n"
9812efa0	483	. " - nom : $nom\n"
	484	. " - prenom : $prenom\n"
	485	. " - promo : $promo\n"
ecc734a5	486	. " - naissance : $naissance (date connue : $naiss_ini)\n"
9812efa0	487	. " - forlife : $forlife\n"
9812efa0	488	. " - email : $email\n"
5f5f0eb5	489	. " - sexe : $femme\n"
edc55095 FB	490	. " - ip : " . S::logger()->ip . " (" . S::logger()->host . ")\n"
edc55095 FB	491	. (S::logger()->proxy_ip ? " - proxy : " . S::logger()->proxy_ip . " (" . S::logger()->proxy_host . ")\n" : "")
defff1aa SJ	492	. "\n\n";
	493	if (count($market) > 0) {
	494	$msg .= "Les marketings suivants avaient été effectués :\n"
	495	. implode("\n", $market);
	496	} else {
8f794f88	497	$msg .= "$prenom $nom n'a jamais reçu d'email de marketing.";
defff1aa	498	}
9812efa0	499	$mymail->setTxtBody($msg);
eaf30d86	500	$mymail->send();
9812efa0	501	}
f59bc2fb	502
97a82cd2	503	// Remove old pending marketing requests for the new user.
e654517d	504	Marketing::clear($uid);
f59bc2fb	505
97a0a459 FB	506	pl_redirect('profile/edit');
97a0a459 FB	507	}
f59bc2fb	508	}
f59bc2fb	509
a7de4ef7	510	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
f59bc2fb	511	?>