[platal.git] / modules / register.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2010 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class RegisterModule extends PLModule
{
    function handlers()
    {
        return array(
            'register'     => $this->make_hook('register', AUTH_PUBLIC),
            'register/end' => $this->make_hook('end',      AUTH_PUBLIC),
        );
    }

    function handler_register(&$page, $hash = null)
    {
        $alert = null;
        $subState = new PlDict(S::v('subState', array()));
        if (!$subState->has('step')) {
            $subState->set('step', 0);
        }
        if (!$subState->has('backs')) {
            $subState->set('backs', new PlDict());
        }
        if (Get::has('back') && Get::i('back') < $subState->i('step')) {
            $subState->set('step', max(0, Get::i('back')));
            $subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
            $subState->v('back')->kill('back');
            if ($subState->v('backs')->count() == 3) {
                $alert .= "Tentative d'inscription très hésitante - ";
            }
        }

        if ($hash) {
            require_once 'directory.enums.inc.php';

            $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
            $nameTypes = array_flip($nameTypes);
            $res = XDB::query("SELECT  a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
                                       p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
                                 FROM  register_marketing AS m
                           INNER JOIN  accounts           AS a   ON (m.uid = a.uid)
                           INNER JOIN  account_profiles   AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                           INNER JOIN  profiles           AS p   ON (p.pid = ap.uid)
                           INNER JOIN  profile_display    AS pd  ON (p.pid = pd.pid)
                           INNER JOIN  profile_name       AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                           INNER JOIN  profile_name       AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                                WHERE  m.hash = {?}",
                              $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);

            if ($res->numRows() == 1) {
                $subState->merge($res->fetchOneRow());
                $subState->set('yearpromo', substr($subState->s('promo'), 1, 4));

                XDB::execute('REPLACE INTO  register_mstats (uid,sender,success)
                                    SELECT  m.uid, m.sender, 0
                                      FROM  register_marketing AS m
                                     WHERE  m.hash',
                             $subState->s('hash'));
            }
        }

        switch ($subState->i('step')) {
            case 0:
                $wp = new PlWikiPage('Reference.Charte');
                $wp->buildCache();
                if (Post::has('step1')) {
                    $subState->set('step', 1);
                    if ($subState->has('hash')) {
                        $subState->set('step', 3);
                        $this->load('register.inc.php');
                        createAliases($subState);
                    }
                }
                break;

            case 1:
                if (Post::has('yearpromo')) {
                    $promo = Post::t('edu_type') . Post::t('yearpromo');
                    $yearpromo = Post::i('yearpromo');
                    $res = XDB::query("SELECT  COUNT(*)
                                         FROM  accounts         AS a
                                   INNER JOIN  account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                                   INNER JOIN  profiles         AS p  ON (p.pid = ap.pid)
                                   INNER JOIN  profile_display  AS pd ON (p.pid = pd.pid)
                                        WHERE  a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
                                      $promo);

                    if (!$res->fetchOneCell()) {
                        $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
                    } else {
                        $subState->set('step', 2);
                        $subState->set('promo', $promo);
                        $subState->set('yearpromo', $yearpromo);
                        if ($yearpromo >= 1996 && $yearpromo < 2000) {
                            $subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
                        } elseif($yearpromo >= 2000) {
                            $subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
                        }
                    }
                }
                break;

            case 2:
                if (count($_POST)) {
                    $this->load('register.inc.php');
                    $subState->set('firstname', Post::t('firstname'));
                    $subState->set('lastname', Post::t('lastname'));
                    $subState->set('schoolid', Post::i('schoolid'));
                    $error = checkNewUser($subState);

                    if ($error !== true) {
                        break;
                    }
                    $error = createAliases($subState);
                    if ($error === true) {
                        unset($error);
                        $subState->set('step', 3);
                    }
                }
                break;

            case 3:
                if (count($_POST)) {
                    $this->load('register.inc.php');

                    // Validate the email address format and domain.
                    require_once 'emails.inc.php';

                    if (!isvalid_email(Post::v('email'))) {
                        $error[] = "Le champ 'Email' n'est pas valide.";
                    } elseif (!isvalid_email_redirection(Post::v('email'))) {
                        $error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
                                 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
                    }

                    // Validate the birthday format and range.
                    $birth = Post::t('birthdate');
                    if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
                        $error[] = "La 'Date de naissance' n'est pas correcte.";
                    } else {
                        $birth = explode('/', $birth, 3);
                        for ($i = 0; $i < 3; ++$i)
                            $birth[$i] = intval($birth[$i]);
                        if ($birth[2] < 100) {
                            $birth[2] += 1900;
                        }
                        $year  = $birth[2];
                        $promo = $subState->i('yearpromo');
                        if ($year > $promo - 15 || $year < $promo - 30) {
                            $error[] = "La 'Date de naissance' n'est pas correcte.";
                            $alert = "Date de naissance incorrecte à l'inscription - ";
                            $subState->set('wrong_birthdate', $birth);
                        }
                    }

                    // Register the optional services requested by the user.
                    $services = array();
                    foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
                        if (Post::b($service)) {
                            $services[] = $service;
                        }
                    }
                    $subState->set('services', $services);

                    // Validate the password.
                    if (!Post::v('response2', false)) {
                        $error[] = "Le mot de passe n'est pas valide.";
                    }

                    // Check if the given email is known as dangerous.
                    $res = XDB::query("SELECT  state, description
                                         FROM  email_watch
                                        WHERE  email = {?} AND state != 'safe'",
                                      Post::v('email'));
                    $bannedEmail = false;
                    if ($res->numRows()) {
                        list($state, $description) = $res->fetchOneRow();
                        $alert .= "Email surveillé proposé à l'inscription - ";
                        $subState->set('email_desc', $description);
                        if ($state == 'dangerous') {
                            $bannedEmail = true;
                        }
                    }
                    if ($subState->i('watch') != 0) {
                        $alert .= "Inscription d'un utilisateur surveillé - ";
                    }

                    if (($bannedIp = check_ip('unsafe'))) {
                        unset($error);
                    }

                    if (isset($error)) {
                        $error = join('<br />', $error);
                    } else {
                        $subState->set('birthdate', sprintf("%04d-%02d-%02d",
                                                            intval($birth[2]), intval($birth[1]), intval($birth[0])));
                        $subState->set('email', Post::t('email'));
                        $subState->set('password', Post::t('response2'));

                        // Update the current alert if the birthdate is incorrect,
                        // or if the IP address of the user has been banned.
                        if ($subState->s('birthdateRef') != '0000-00-00'
                            && $subState->s('birthdateRef') != $subState->s('birthdate')) {
                            $alert .= "Date de naissance incorrecte à l'inscription - ";
                        }
                        if ($bannedIp) {
                            $alert .= "Tentative d'inscription depuis une IP surveillée";
                        }

                        // Prevent banned user from actually registering; save the current state for others.
                        if ($bannedEmail || $bannedIp) {
                            global $globals;
                            $error = "Une erreur s'est produite lors de l'inscription."
                                 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
                                 . " register@{$globals->mail->domain}</a>"
                                 . " pour nous faire part de cette erreur.";
                        } else {
                            $subState->set('step', 4);
                            if ($subState->v('backs')->count() >= 3) {
                                $alert .= "Fin d'une inscription hésitante.";
                            }
                            finishRegistration($subState);
                        }
                    }
                }
                break;
        }

        $_SESSION['subState'] = $subState->dict();
        if (!empty($alert)) {
            send_warning_mail($alert);
        }

        $page->changeTpl('register/step' . $subState->i('step') . '.tpl');
        $page->addJsLink('motdepasse.js');
        if (isset($error)) {
            $page->trigError($error);
        }
    }

    function handler_end(&$page, $hash = null)
    {
        global $globals;
        $_SESSION['subState'] = array('step' => 5);

        // Reject registration requests from unsafe IP addresses (and remove the
        // registration information from the database, to prevent IP changes).
        if (check_ip('unsafe')) {
            send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
            XDB::execute("DELETE FROM  register_pending
                                WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
            return PL_FORBIDDEN;
        }

        require_once 'directory.enums.inc.php';
        $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
        $nameTypes = array_flip($nameTypes);

        // Retrieve the pre-registration information using the url-provided
        // authentication token.
        $res = XDB::query("SELECT  r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
                                   r.password, r.email, r.services, r.naissance,
                                   pnl.name AS lastname, pnf.name AS firstname,
                                   pd.promo, p.sex, p.birthdate_ref
                             FROM  register_pending AS r
                       INNER JOIN  accounts         AS a   ON (r.uid = a.uid)
                       INNER JOIN  account_profiles AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                       INNER JOIN  profiles         AS p   ON (p.pid = ap.uid)
                       INNER JOIN  profile_name     AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                       INNER JOIN  profile_name     AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                       INNER JOIN  profile_display  AS pd  ON (p.pid = pd.pid)
                            WHERE  hash = {?} AND hash != 'INSCRIT'",
                          $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
        if (!$hash || $res->numRows() == 0) {
            $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
                         <p>Causes probables&nbsp;:</p>
                         <ol>
                           <li>Vérifie que tu visites l'adresse du dernier
                               email reçu s'il y en a eu plusieurs.</li>
                           <li>Tu as peut-être mal copié l'adresse reçue par
                               email, vérifie-la à la main.</li>
                           <li>Tu as peut-être attendu trop longtemps pour
                               confirmer. Les pré-inscriptions sont annulées
                               tous les 30 jours.</li>
                           <li>Tu es en fait déjà inscrit.</li>
                        </ol>");
        }

        list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
             $birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
        $yearpromo = substr($promo, 1, 4);

        // Prepare the template for display.
        $page->changeTpl('register/end.tpl');
        $page->addJsLink('do_challenge_response_logged.js');
        $page->assign('forlife', $forlife);
        $page->assign('firstname', $firstname);

        // Check if the user did enter a valid password; if not (or if none is found),
        // get her an information page.
        if (Post::has('response')) {
            $expected_response = sha1("$forlife:$password:" . S::v('challenge'));
            if (Post::v('response') != $expected_response) {
                $page->trigError("Mot de passe invalide.");
                S::logger($uid)->log('auth_fail', 'bad password (register/end)');
                return;
            }
        } else {
            return;
        }

        //
        // Create the user account.
        //
        XDB::execute("UPDATE  accounts
                         SET  password = {?}, state = 'active',
                              registration_date = NOW()
                       WHERE  uid = {?}", $password, $uid);
        XDB::execute("UPDATE  profiles
                         SET  birthdate = {?}, last_change = NOW()
                       WHERE  pid = {?}", $birthdate, $pid);
        XDB::execute("INSERT INTO  aliases (uid, alias, type)
                           VALUES  ({?}, {?}, 'a_vie')", $uid, $forlife);
        XDB::execute("INSERT INTO  aliases (uid, alias, type, flags)
                           VALUES  ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
        if ($emailXorg2) {
            XDB::execute("INSERT INTO  aliases (uid, alias, type)
                               VALUES  ({?}, {?}, 'alias')", $uid, $emailXorg2);
        }

        // Add the registration email address as first and only redirection.
        require_once 'emails.inc.php';
        $user = User::getSilentWithUID($uid);
        $redirect = new Redirect($user);
        $redirect->add_email($email);

        // Try to start a session (so the user don't have to log in); we will use
        // the password available in Post:: to authenticate the user.
        $success = Platal::session()->start(AUTH_MDP);

        // Subscribe the user to the services she did request at registration time.
        foreach (explode(',', $services) as $service) {
            switch ($service) {
                case 'ax_letter':
                    Platal::load('axletter', 'axletter.inc.php');
                    AXLetter::subscribe($uid);
                    break;
                case 'imap':
                    $storage = new EmailStorage($user, 'imap');
                    $storage->activate();
                    break;
                case 'ml_promo':
                    $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
                    if ($r->numRows()) {
                        $asso_id = $r->fetchOneCell();
                        XDB::execute('REPLACE INTO  group_members (uid, asso_id)
                                            VALUES  ({?}, {?})',
                                     $uid, $asso_id);
                        $mmlist = new MMList($uid, S::v('password'));
                        $mmlist->subscribe("promo" . S::v('promo'));
                    }
                    break;
                case 'nl':
                    require_once 'newsletter.inc.php';
                    NewsLetter::subscribe($uid);
                    break;
            }
        }

        // Log the registration in the user session.
        S::logger($uid)->log('inscription', $email);
        XDB::execute("UPDATE  register_pending
                         SET  hash = 'INSCRIT'
                       WHERE  uid = {?}", $uid);

        // Congratulate our newly registered user by email.
        $mymail = new PlMailer('register/success.mail.tpl');
        $mymail->assign('forlife', $forlife);
        $mymail->assign('firstname', $firstname);
        $mymail->send();

        // Index the user, to allow her to appear in searches.
        Profile::rebuildSearchTokens($uid);

        // Notify other users which were watching for her arrival.
        XDB::execute('REPLACE INTO  contacts (uid, contact)
                            SELECT  uid, ni_id
                              FROM  watch_nonins
                             WHERE  ni_id = {?}', $uid);
        XDB::execute('DELETE FROM  watch_nonins
                            WHERE  ni_id = {?}', $uid);
        Platal::session()->updateNbNotifs();

        // Forcibly register the new user on default forums.
        $promoForum = 'xorg.promo.' . strtolower($promo);
        $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
        foreach ($registeredForums as $forum) {
            XDB::execute("INSERT INTO  forum_subs (fid, uid)
                               SELECT  fid, {?}
                                 FROM  forums
                                WHERE  name = {?}",
                         $uid, $val);

            // Notify the newsgroup admin of the promotion forum needs be created.
            if (XDB::affectedRows() == 0 && $forum == $promoForum) {
                $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
                $promoRegistered = new UserFilter(new PFC_And(
                        new UFC_Promo('=', UserFilter::DISPLAY, $promo),
                        new UFC_Registered(true),
                        new PFC_Not(new UFC_Dead())
                ));
                if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
                    $mymail = new PlMailer('admin/forums-promo.mail.tpl');
                    $mymail->assign('promo', $promo);
                    $mymail->send();
                }
            }
        }

        // Update the global registration count stats.
        $globals->updateNbIns();

        //
        // Update collateral data sources, and inform watchers by email.
        //

        // Email the referrer(s) of this new user.
        $res = XDB::iterRow("SELECT  sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
                               FROM  register_marketing
                              WHERE  uid = {?}
                           GROUP BY  sender
                           ORDER BY  lastDate DESC", $uid);
        XDB::execute("UPDATE  register_mstats
                         SET  success = NOW()
                       WHERE  uid = {?}", $uid);

        while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
            $sender = User::getWithUID($senderid);
            $market[] = " - par $sender->fullName() sur $maketingEmails (le plus récemment le $lastDate)";
            $mymail = new PlMailer('register/marketer.mail.tpl');
            $mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
            $mymail->addTo("\"$sender->fullName()\" <$sender->bestEmail()@{$globals->mail->domain}>");
            $mymail->assign('sender', $sender);
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->setTxtBody(wordwrap($msg, 72));
            $mymail->send();
        }

        // Email the plat/al administrators about the registration.
        if ($globals->register->notif) {
            $mymail = new PlMailer('register/registration.mail.tpl');
            $mymail->setSubject("Inscription de $firstname $lastname ($promo)");
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->assign('birthdate', $birthdate);
            $mymail->assign('birthdate_ref', $birthdate_ref);
            $mymail->assign('forlife', $forlife);
            $mymail->assign('email', $email);
            $mymail->assign('logger', S::logger());
            if (count($market) > 0) {
                $mymail->assign('market', implode("\n", $market));
            }
            $mymail->setTxtBody($msg);
            $mymail->send();
        }

        // Remove old pending marketing requests for the new user.
        Marketing::clear($uid);

        pl_redirect('profile/edit');
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
f59bc2fb	1	<?php
f59bc2fb	2	/***************************************************************************
9f5bd98e	3	* Copyright (C) 2003-2010 Polytechnique.org *
f59bc2fb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class RegisterModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
94590511 SJ	27	'register' => $this->make_hook('register', AUTH_PUBLIC),
94590511 SJ	28	'register/end' => $this->make_hook('end', AUTH_PUBLIC),
f59bc2fb	29	);
	30	}
	31
20d90835	32	function handler_register(&$page, $hash = null)
f59bc2fb	33	{
94590511 SJ	34	$alert = null;
	35	$subState = new PlDict(S::v('subState', array()));
	36	if (!$subState->has('step')) {
	37	$subState->set('step', 0);
f59bc2fb	38	}
94590511 SJ	39	if (!$subState->has('backs')) {
94590511 SJ	40	$subState->set('backs', new PlDict());
2efe5355	41	}
94590511 SJ	42	if (Get::has('back') && Get::i('back') < $subState->i('step')) {
	43	$subState->set('step', max(0, Get::i('back')));
	44	$subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
	45	$subState->v('back')->kill('back');
	46	if ($subState->v('backs')->count() == 3) {
97a82cd2	47	$alert .= "Tentative d'inscription très hésitante - ";
eaf30d86	48	}
f59bc2fb	49	}
f59bc2fb	50
20d90835	51	if ($hash) {
94660e07	52	require_once 'directory.enums.inc.php';
f59bc2fb	53
94590511	54	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
94660e07	55	$nameTypes = array_flip($nameTypes);
94590511 SJ	56	$res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
94590511 SJ	57	p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
f59bc2fb	58	FROM register_marketing AS m
94660e07	59	INNER JOIN accounts AS a ON (m.uid = a.uid)
4b0cf4e4 SJ	60	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
4b0cf4e4 SJ	61	INNER JOIN profiles AS p ON (p.pid = ap.uid)
94660e07 SJ	62	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	63	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	64	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
	65	WHERE m.hash = {?}",
	66	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
	67
94590511 SJ	68	if ($res->numRows() == 1) {
	69	$subState->merge($res->fetchOneRow());
	70	$subState->set('yearpromo', substr($subState->s('promo'), 1, 4));
94660e07 SJ	71
	72	XDB::execute('REPLACE INTO register_mstats (uid,sender,success)
	73	SELECT m.uid, m.sender, 0
	74	FROM register_marketing AS m
	75	WHERE m.hash',
94590511	76	$subState->s('hash'));
f59bc2fb	77	}
	78	}
	79
94590511	80	switch ($subState->i('step')) {
f59bc2fb	81	case 0:
8f201b69 FB	82	$wp = new PlWikiPage('Reference.Charte');
8f201b69 FB	83	$wp->buildCache();
f59bc2fb	84	if (Post::has('step1')) {
94590511 SJ	85	$subState->set('step', 1);
	86	if ($subState->has('hash')) {
	87	$subState->set('step', 3);
460d8f55	88	$this->load('register.inc.php');
94590511	89	createAliases($subState);
f59bc2fb	90	}
	91	}
	92	break;
	93
	94	case 1:
94590511 SJ	95	if (Post::has('yearpromo')) {
	96	$promo = Post::t('edu_type') . Post::t('yearpromo');
	97	$yearpromo = Post::i('yearpromo');
94660e07	98	$res = XDB::query("SELECT COUNT(*)
94590511 SJ	99	FROM accounts AS a
	100	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
	101	INNER JOIN profiles AS p ON (p.pid = ap.pid)
	102	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
94660e07	103	WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
a41bf2f8	104	$promo);
94660e07	105
a41bf2f8	106	if (!$res->fetchOneCell()) {
94660e07	107	$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
f59bc2fb	108	} else {
94590511 SJ	109	$subState->set('step', 2);
	110	$subState->set('promo', $promo);
	111	$subState->set('yearpromo', $yearpromo);
94660e07	112	if ($yearpromo >= 1996 && $yearpromo < 2000) {
94590511	113	$subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
94660e07	114	} elseif($yearpromo >= 2000) {
94590511	115	$subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
f59bc2fb	116	}
	117	}
	118	}
	119	break;
	120
	121	case 2:
	122	if (count($_POST)) {
460d8f55	123	$this->load('register.inc.php');
94590511 SJ	124	$subState->set('firstname', Post::t('firstname'));
	125	$subState->set('lastname', Post::t('lastname'));
	126	$subState->set('schoolid', Post::i('schoolid'));
	127	$error = checkNewUser($subState);
f59bc2fb	128
94660e07 SJ	129	if ($error !== true) {
	130	break;
	131	}
94590511	132	$error = createAliases($subState);
94660e07 SJ	133	if ($error === true) {
94660e07 SJ	134	unset($error);
94590511	135	$subState->set('step', 3);
f59bc2fb	136	}
	137	}
	138	break;
	139
	140	case 3:
	141	if (count($_POST)) {
460d8f55	142	$this->load('register.inc.php');
97a82cd2 VZ	143
97a82cd2 VZ	144	// Validate the email address format and domain.
c6310567	145	require_once 'emails.inc.php';
94660e07	146
5e2307dc	147	if (!isvalid_email(Post::v('email'))) {
94660e07	148	$error[] = "Le champ 'Email' n'est pas valide.";
5e2307dc	149	} elseif (!isvalid_email_redirection(Post::v('email'))) {
94590511	150	$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
94660e07	151	. 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
f59bc2fb	152	}
97a82cd2 VZ	153
97a82cd2 VZ	154	// Validate the birthday format and range.
94590511	155	$birth = Post::t('birthdate');
12e5d7a6	156	if (!preg_match('@^[0-3]?\d/[01]?\d/(19\|20)?\d{2}$@', $birth)) {
94660e07	157	$error[] = "La 'Date de naissance' n'est pas correcte.";
35cd1be1	158	} else {
12e5d7a6	159	$birth = explode('/', $birth, 3);
94660e07	160	for ($i = 0; $i < 3; ++$i)
7caaaf6d	161	$birth[$i] = intval($birth[$i]);
94660e07 SJ	162	if ($birth[2] < 100) {
	163	$birth[2] += 1900;
	164	}
7caaaf6d	165	$year = $birth[2];
94590511	166	$promo = $subState->i('yearpromo');
35cd1be1	167	if ($year > $promo - 15 \|\| $year < $promo - 30) {
94660e07	168	$error[] = "La 'Date de naissance' n'est pas correcte.";
97a82cd2	169	$alert = "Date de naissance incorrecte à l'inscription - ";
94590511	170	$subState->set('wrong_birthdate', $birth);
35cd1be1	171	}
f59bc2fb	172	}
f59bc2fb	173
3546b253 VZ	174	// Register the optional services requested by the user.
	175	$services = array();
	176	foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
	177	if (Post::b($service)) {
	178	$services[] = $service;
	179	}
	180	}
94590511	181	$subState->set('services', $services);
3546b253	182
97a82cd2 VZ	183	// Validate the password.
97a82cd2 VZ	184	if (!Post::v('response2', false)) {
94660e07	185	$error[] = "Le mot de passe n'est pas valide.";
97a82cd2 VZ	186	}
	187
	188	// Check if the given email is known as dangerous.
94590511 SJ	189	$res = XDB::query("SELECT state, description
	190	FROM email_watch
	191	WHERE email = {?} AND state != 'safe'",
94660e07	192	Post::v('email'));
94590511	193	$bannedEmail = false;
15836cdd FB	194	if ($res->numRows()) {
15836cdd FB	195	list($state, $description) = $res->fetchOneRow();
97a82cd2	196	$alert .= "Email surveillé proposé à l'inscription - ";
94590511	197	$subState->set('email_desc', $description);
706ed3ef	198	if ($state == 'dangerous') {
94590511	199	$bannedEmail = true;
706ed3ef	200	}
5480a216	201	}
4b0cf4e4	202	if ($subState->i('watch') != 0) {
4653799f	203	$alert .= "Inscription d'un utilisateur surveillé - ";
0be07aa6	204	}
5480a216	205
94590511	206	if (($bannedIp = check_ip('unsafe'))) {
94660e07	207	unset($error);
bf273d6a	208	}
bf273d6a	209
94660e07 SJ	210	if (isset($error)) {
94660e07 SJ	211	$error = join('<br />', $error);
f59bc2fb	212	} else {
94590511 SJ	213	$subState->set('birthdate', sprintf("%04d-%02d-%02d",
	214	intval($birth[2]), intval($birth[1]), intval($birth[0])));
	215	$subState->set('email', Post::t('email'));
	216	$subState->set('password', Post::t('response2'));
97a82cd2 VZ	217
	218	// Update the current alert if the birthdate is incorrect,
	219	// or if the IP address of the user has been banned.
94590511 SJ	220	if ($subState->s('birthdateRef') != '0000-00-00'
94590511 SJ	221	&& $subState->s('birthdateRef') != $subState->s('birthdate')) {
ecc734a5	222	$alert .= "Date de naissance incorrecte à l'inscription - ";
ecc734a5	223	}
94590511	224	if ($bannedIp) {
97a82cd2	225	$alert .= "Tentative d'inscription depuis une IP surveillée";
706ed3ef	226	}
97a82cd2 VZ	227
97a82cd2 VZ	228	// Prevent banned user from actually registering; save the current state for others.
94590511	229	if ($bannedEmail \|\| $bannedIp) {
115c90db	230	global $globals;
94660e07	231	$error = "Une erreur s'est produite lors de l'inscription."
1d55fe45	232	. " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
1d55fe45	233	. " register@{$globals->mail->domain}</a>"
94660e07	234	. " pour nous faire part de cette erreur.";
5480a216	235	} else {
94590511	236	$subState->set('step', 4);
4b0cf4e4	237	if ($subState->v('backs')->count() >= 3) {
94660e07	238	$alert .= "Fin d'une inscription hésitante.";
2efe5355	239	}
94590511	240	finishRegistration($subState);
5480a216	241	}
bf273d6a	242	}
f59bc2fb	243	}
	244	break;
	245	}
	246
94590511	247	$_SESSION['subState'] = $subState->dict();
4653799f	248	if (!empty($alert)) {
5480a216	249	send_warning_mail($alert);
5480a216	250	}
97a82cd2	251
94590511	252	$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
97a82cd2	253	$page->addJsLink('motdepasse.js');
94660e07 SJ	254	if (isset($error)) {
94660e07 SJ	255	$page->trigError($error);
f59bc2fb	256	}
f59bc2fb	257	}
	258
	259	function handler_end(&$page, $hash = null)
	260	{
	261	global $globals;
94590511	262	$_SESSION['subState'] = array('step' => 5);
ecc734a5	263
97a82cd2 VZ	264	// Reject registration requests from unsafe IP addresses (and remove the
97a82cd2 VZ	265	// registration information from the database, to prevent IP changes).
ecc734a5	266	if (check_ip('unsafe')) {
94660e07	267	send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
97a82cd2 VZ	268	XDB::execute("DELETE FROM register_pending
97a82cd2 VZ	269	WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
ecc734a5	270	return PL_FORBIDDEN;
	271	}
	272
94590511 SJ	273	require_once 'directory.enums.inc.php';
	274	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
	275	$nameTypes = array_flip($nameTypes);
	276
97a82cd2 VZ	277	// Retrieve the pre-registration information using the url-provided
97a82cd2 VZ	278	// authentication token.
94590511 SJ	279	$res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
	280	r.password, r.email, r.services, r.naissance,
	281	pnl.name AS lastname, pnf.name AS firstname,
	282	pd.promo, p.sex, p.birthdate_ref
	283	FROM register_pending AS r
	284	INNER JOIN accounts AS a ON (r.uid = a.uid)
	285	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
	286	INNER JOIN profiles AS p ON (p.pid = ap.uid)
	287	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	288	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
	289	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	290	WHERE hash = {?} AND hash != 'INSCRIT'",
	291	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
97a82cd2	292	if (!$hash \|\| $res->numRows() == 0) {
f59bc2fb	293	$page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
97a82cd2	294	<p>Causes probables :</p>
f59bc2fb	295	<ol>
a7de4ef7	296	<li>Vérifie que tu visites l'adresse du dernier
97a82cd2	297	email reçu s'il y en a eu plusieurs.</li>
a7de4ef7	298	<li>Tu as peut-être mal copié l'adresse reçue par
97a82cd2	299	email, vérifie-la à la main.</li>
a7de4ef7	300	<li>Tu as peut-être attendu trop longtemps pour
94590511	301	confirmer. Les pré-inscriptions sont annulées
f59bc2fb	302	tous les 30 jours.</li>
a7de4ef7	303	<li>Tu es en fait déjà inscrit.</li>
f59bc2fb	304	</ol>");
	305	}
	306
94590511 SJ	307	list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
	308	$birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
	309	$yearpromo = substr($promo, 1, 4);
f59bc2fb	310
97a82cd2 VZ	311	// Prepare the template for display.
	312	$page->changeTpl('register/end.tpl');
	313	$page->addJsLink('do_challenge_response_logged.js');
	314	$page->assign('forlife', $forlife);
94590511	315	$page->assign('firstname', $firstname);
97a82cd2 VZ	316
	317	// Check if the user did enter a valid password; if not (or if none is found),
	318	// get her an information page.
94590511 SJ	319	if (Post::has('response')) {
	320	$expected_response = sha1("$forlife:$password:" . S::v('challenge'));
	321	if (Post::v('response') != $expected_response) {
97a82cd2 VZ	322	$page->trigError("Mot de passe invalide.");
	323	S::logger($uid)->log('auth_fail', 'bad password (register/end)');
	324	return;
	325	}
	326	} else {
	327	return;
	328	}
f59bc2fb	329
97a82cd2 VZ	330	//
	331	// Create the user account.
	332	//
94590511 SJ	333	XDB::execute("UPDATE accounts
	334	SET password = {?}, state = 'active',
	335	registration_date = NOW()
	336	WHERE uid = {?}", $password, $uid);
	337	XDB::execute("UPDATE profiles
	338	SET birthdate = {?}, last_change = NOW()
	339	WHERE pid = {?}", $birthdate, $pid);
fe13bc1d	340	XDB::execute("INSERT INTO aliases (uid, alias, type)
97a82cd2	341	VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
fe13bc1d	342	XDB::execute("INSERT INTO aliases (uid, alias, type, flags)
97a82cd2	343	VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
94590511	344	if ($emailXorg2) {
fe13bc1d	345	XDB::execute("INSERT INTO aliases (uid, alias, type)
94590511	346	VALUES ({?}, {?}, 'alias')", $uid, $emailXorg2);
f59bc2fb	347	}
f59bc2fb	348
97a82cd2	349	// Add the registration email address as first and only redirection.
726eaf7a	350	require_once 'emails.inc.php';
94590511	351	$user = User::getSilentWithUID($uid);
12a587df	352	$redirect = new Redirect($user);
f59bc2fb	353	$redirect->add_email($email);
f59bc2fb	354
3546b253 VZ	355	// Try to start a session (so the user don't have to log in); we will use
3546b253 VZ	356	// the password available in Post:: to authenticate the user.
94590511	357	$success = Platal::session()->start(AUTH_MDP);
3546b253 VZ	358
	359	// Subscribe the user to the services she did request at registration time.
	360	foreach (explode(',', $services) as $service) {
	361	switch ($service) {
	362	case 'ax_letter':
	363	Platal::load('axletter', 'axletter.inc.php');
94590511	364	AXLetter::subscribe($uid);
3546b253 VZ	365	break;
3546b253 VZ	366	case 'imap':
3546b253 VZ	367	$storage = new EmailStorage($user, 'imap');
	368	$storage->activate();
	369	break;
	370	case 'ml_promo':
94590511	371	$r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
3546b253 VZ	372	if ($r->numRows()) {
3546b253 VZ	373	$asso_id = $r->fetchOneCell();
eb41eda9	374	XDB::execute('REPLACE INTO group_members (uid, asso_id)
3546b253	375	VALUES ({?}, {?})',
94590511 SJ	376	$uid, $asso_id);
94590511 SJ	377	$mmlist = new MMList($uid, S::v('password'));
3546b253 VZ	378	$mmlist->subscribe("promo" . S::v('promo'));
	379	}
	380	break;
	381	case 'nl':
	382	require_once 'newsletter.inc.php';
94590511	383	NewsLetter::subscribe($uid);
3546b253 VZ	384	break;
	385	}
	386	}
	387
97a82cd2	388	// Log the registration in the user session.
03c0a3a7	389	S::logger($uid)->log('inscription', $email);
97a82cd2 VZ	390	XDB::execute("UPDATE register_pending
	391	SET hash = 'INSCRIT'
	392	WHERE uid = {?}", $uid);
f59bc2fb	393
97a82cd2	394	// Congratulate our newly registered user by email.
94590511	395	$mymail = new PlMailer('register/success.mail.tpl');
f59bc2fb	396	$mymail->assign('forlife', $forlife);
94590511	397	$mymail->assign('firstname', $firstname);
f59bc2fb	398	$mymail->send();
f59bc2fb	399
97a82cd2	400	// Index the user, to allow her to appear in searches.
726eaf7a	401	Profile::rebuildSearchTokens($uid);
2a54eb4d	402
97a82cd2	403	// Notify other users which were watching for her arrival.
94590511 SJ	404	XDB::execute('REPLACE INTO contacts (uid, contact)
	405	SELECT uid, ni_id
	406	FROM watch_nonins
	407	WHERE ni_id = {?}', $uid);
	408	XDB::execute('DELETE FROM watch_nonins
	409	WHERE ni_id = {?}', $uid);
	410	Platal::session()->updateNbNotifs();
03c0a3a7	411
97a82cd2	412	// Forcibly register the new user on default forums.
94590511 SJ	413	$promoForum = 'xorg.promo.' . strtolower($promo);
	414	$registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
	415	foreach ($registeredForums as $forum) {
	416	XDB::execute("INSERT INTO forum_subs (fid, uid)
97a82cd2	417	SELECT fid, {?}
94590511 SJ	418	FROM forums
	419	WHERE name = {?}",
	420	$uid, $val);
97a82cd2 VZ	421
97a82cd2 VZ	422	// Notify the newsgroup admin of the promotion forum needs be created.
94590511 SJ	423	if (XDB::affectedRows() == 0 && $forum == $promoForum) {
	424	$promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
	425	$promoRegistered = new UserFilter(new PFC_And(
	426	new UFC_Promo('=', UserFilter::DISPLAY, $promo),
	427	new UFC_Registered(true),
	428	new PFC_Not(new UFC_Dead())
	429	));
	430	if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
03c0a3a7 FB	431	$mymail = new PlMailer('admin/forums-promo.mail.tpl');
	432	$mymail->assign('promo', $promo);
	433	$mymail->send();
	434	}
	435	}
	436	}
	437
97a82cd2	438	// Update the global registration count stats.
ebfdf077	439	$globals->updateNbIns();
b5dd6f2f	440
97a82cd2 VZ	441	//
	442	// Update collateral data sources, and inform watchers by email.
	443	//
f59bc2fb	444
97a82cd2	445	// Email the referrer(s) of this new user.
94590511 SJ	446	$res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
	447	FROM register_marketing
	448	WHERE uid = {?}
	449	GROUP BY sender
	450	ORDER BY lastDate DESC", $uid);
97a82cd2 VZ	451	XDB::execute("UPDATE register_mstats
	452	SET success = NOW()
	453	WHERE uid = {?}", $uid);
f59bc2fb	454
94590511 SJ	455	while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
	456	$sender = User::getWithUID($senderid);
	457	$market[] = " - par $sender->fullName() sur $maketingEmails (le plus récemment le $lastDate)";
	458	$mymail = new PlMailer('register/marketer.mail.tpl');
	459	$mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
	460	$mymail->addTo("\"$sender->fullName()\" <$sender->bestEmail()@{$globals->mail->domain}>");
	461	$mymail->assign('sender', $sender);
	462	$mymail->assign('firstname', $firstname);
	463	$mymail->assign('lastname', $lastname);
	464	$mymail->assign('promo', $promo);
	465	$mymail->assign('sex', $sex);
f59bc2fb	466	$mymail->setTxtBody(wordwrap($msg, 72));
	467	$mymail->send();
	468	}
5f5f0eb5	469
97a82cd2	470	// Email the plat/al administrators about the registration.
9812efa0	471	if ($globals->register->notif) {
94590511 SJ	472	$mymail = new PlMailer('register/registration.mail.tpl');
	473	$mymail->setSubject("Inscription de $firstname $lastname ($promo)");
	474	$mymail->assign('firstname', $firstname);
	475	$mymail->assign('lastname', $lastname);
	476	$mymail->assign('promo', $promo);
	477	$mymail->assign('sex', $sex);
	478	$mymail->assign('birthdate', $birthdate);
	479	$mymail->assign('birthdate_ref', $birthdate_ref);
	480	$mymail->assign('forlife', $forlife);
	481	$mymail->assign('email', $email);
4b0cf4e4	482	$mymail->assign('logger', S::logger());
defff1aa	483	if (count($market) > 0) {
94590511	484	$mymail->assign('market', implode("\n", $market));
defff1aa	485	}
9812efa0	486	$mymail->setTxtBody($msg);
eaf30d86	487	$mymail->send();
9812efa0	488	}
f59bc2fb	489
97a82cd2	490	// Remove old pending marketing requests for the new user.
e654517d	491	Marketing::clear($uid);
f59bc2fb	492
97a0a459 FB	493	pl_redirect('profile/edit');
97a0a459 FB	494	}
f59bc2fb	495	}
f59bc2fb	496
a7de4ef7	497	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
f59bc2fb	498	?>