[platal.git] / modules / register.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2010 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class RegisterModule extends PLModule
{
    function handlers()
    {
        return array(
            'register'     => $this->make_hook('register', AUTH_PUBLIC),
            'register/end' => $this->make_hook('end',      AUTH_PUBLIC),
        );
    }

    function handler_register(&$page, $hash = null)
    {
        $alert = null;
        $subState = new PlDict(S::v('subState', array()));
        if (!$subState->has('step')) {
            $subState->set('step', 0);
        }
        if (!$subState->has('backs')) {
            $subState->set('backs', new PlDict());
        }
        if (Get::has('back') && Get::i('back') < $subState->i('step')) {
            $subState->set('step', max(0, Get::i('back')));
            $subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
            $subState->v('back')->kill('back');
            if ($subState->v('backs')->count() == 3) {
                $alert .= "Tentative d'inscription très hésitante - ";
            }
        }

        if ($hash) {
            $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
            $nameTypes = array_flip($nameTypes);
            $res = XDB::query("SELECT  a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
                                       p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
                                 FROM  register_marketing AS m
                           INNER JOIN  accounts           AS a   ON (m.uid = a.uid)
                           INNER JOIN  account_profiles   AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                           INNER JOIN  profiles           AS p   ON (p.pid = ap.pid)
                           INNER JOIN  profile_display    AS pd  ON (p.pid = pd.pid)
                           INNER JOIN  profile_name       AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                           INNER JOIN  profile_name       AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                                WHERE  m.hash = {?} AND a.state = 'pending'",
                              $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);

            if ($res->numRows() == 1) {
                $subState->merge($res->fetchOneRow());
                $subState->set('yearpromo', substr($subState->s('promo'), 1, 4));

                XDB::execute('INSERT INTO  register_mstats (uid, sender, success)
                                   SELECT  m.uid, m.sender, 0
                                     FROM  register_marketing AS m
                                    WHERE  m.hash
                  ON DUPLICATE KEY UPDATE  sender = VALUES(sender), success = VALUES(success)',
                             $subState->s('hash'));
            }
        }

        switch ($subState->i('step')) {
            case 0:
                $wp = new PlWikiPage('Reference.Charte');
                $wp->buildCache();
                if (Post::has('step1')) {
                    $subState->set('step', 1);
                    if ($subState->has('hash')) {
                        $subState->set('step', 3);
                        $this->load('register.inc.php');
                        createAliases($subState);
                    }
                }
                break;

            case 1:
                if (Post::has('yearpromo')) {
                    $promo = Post::t('edu_type') . Post::t('yearpromo');
                    $yearpromo = Post::i('yearpromo');
                    $res = XDB::query("SELECT  COUNT(*)
                                         FROM  accounts         AS a
                                   INNER JOIN  account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                                   INNER JOIN  profiles         AS p  ON (p.pid = ap.pid)
                                   INNER JOIN  profile_display  AS pd ON (p.pid = pd.pid)
                                        WHERE  a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
                                      $promo);

                    if (!$res->fetchOneCell()) {
                        $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
                    } else {
                        $subState->set('step', 2);
                        $subState->set('promo', $promo);
                        $subState->set('yearpromo', $yearpromo);
                        if ($yearpromo >= 1996 && $yearpromo < 2000) {
                            $subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
                        } elseif($yearpromo >= 2000) {
                            $subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
                        }
                    }
                }
                break;

            case 2:
                if (count($_POST)) {
                    $this->load('register.inc.php');
                    $subState->set('firstname', Post::t('firstname'));
                    $subState->set('lastname', Post::t('lastname'));
                    $subState->set('schoolid', Post::i('schoolid'));
                    $error = checkNewUser($subState);

                    if ($error !== true) {
                        break;
                    }
                    $error = createAliases($subState);
                    if ($error === true) {
                        unset($error);
                        $subState->set('step', 3);
                    }
                }
                break;

            case 3:
                if (count($_POST)) {
                    $this->load('register.inc.php');

                    // Validate the email address format and domain.
                    require_once 'emails.inc.php';

                    if (!isvalid_email(Post::v('email'))) {
                        $error[] = "Le champ 'Email' n'est pas valide.";
                    } elseif (!isvalid_email_redirection(Post::v('email'))) {
                        $error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
                                 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
                    }

                    // Validate the birthday format and range.
                    $birth = Post::t('birthdate');
                    if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
                        $error[] = "La 'Date de naissance' n'est pas correcte.";
                    } else {
                        $birth = explode('/', $birth, 3);
                        for ($i = 0; $i < 3; ++$i)
                            $birth[$i] = intval($birth[$i]);
                        if ($birth[2] < 100) {
                            $birth[2] += 1900;
                        }
                        $year  = $birth[2];
                        $promo = $subState->i('yearpromo');
                        if ($year > $promo - 15 || $year < $promo - 30) {
                            $error[] = "La 'Date de naissance' n'est pas correcte.";
                            $alert = "Date de naissance incorrecte à l'inscription - ";
                            $subState->set('wrong_birthdate', $birth);
                        }
                    }

                    // Register the optional services requested by the user.
                    $services = array();
                    foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
                        if (Post::b($service)) {
                            $services[] = $service;
                        }
                    }
                    $subState->set('services', $services);

                    // Validate the password.
                    if (!Post::v('pwhash', false)) {
                        $error[] = "Le mot de passe n'est pas valide.";
                    }

                    // Check if the given email is known as dangerous.
                    $res = XDB::query("SELECT  state, description
                                         FROM  email_watch
                                        WHERE  email = {?} AND state != 'safe'",
                                      Post::v('email'));
                    $bannedEmail = false;
                    if ($res->numRows()) {
                        list($state, $description) = $res->fetchOneRow();
                        $alert .= "Email surveillé proposé à l'inscription - ";
                        $subState->set('email_desc', $description);
                        if ($state == 'dangerous') {
                            $bannedEmail = true;
                        }
                    }
                    if ($subState->i('watch') != 0) {
                        $alert .= "Inscription d'un utilisateur surveillé - ";
                    }

                    if (($bannedIp = check_ip('unsafe'))) {
                        unset($error);
                    }

                    if (isset($error)) {
                        $error = join('<br />', $error);
                    } else {
                        $subState->set('birthdate', sprintf("%04d-%02d-%02d",
                                                            intval($birth[2]), intval($birth[1]), intval($birth[0])));
                        $subState->set('email', Post::t('email'));
                        $subState->set('password', Post::t('pwhash'));

                        // Update the current alert if the birthdate is incorrect,
                        // or if the IP address of the user has been banned.
                        if ($subState->s('birthdateRef') != '0000-00-00'
                            && $subState->s('birthdateRef') != $subState->s('birthdate')) {
                            $alert .= "Date de naissance incorrecte à l'inscription - ";
                        }
                        if ($bannedIp) {
                            $alert .= "Tentative d'inscription depuis une IP surveillée";
                        }

                        // Prevent banned user from actually registering; save the current state for others.
                        if ($bannedEmail || $bannedIp) {
                            global $globals;
                            $error = "Une erreur s'est produite lors de l'inscription."
                                 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
                                 . " register@{$globals->mail->domain}</a>"
                                 . " pour nous faire part de cette erreur.";
                        } else {
                            $subState->set('step', 4);
                            if ($subState->v('backs')->count() >= 3) {
                                $alert .= "Fin d'une inscription hésitante.";
                            }
                            finishRegistration($subState);
                        }
                    }
                }
                break;
        }

        $_SESSION['subState'] = $subState->dict();
        if (!empty($alert)) {
            send_warning_mail($alert);
        }

        $page->changeTpl('register/step' . $subState->i('step') . '.tpl');
        $page->addJsLink('password.js');
        if (isset($error)) {
            $page->trigError($error);
        }
    }

    function handler_end(&$page, $hash = null)
    {
        global $globals;
        $_SESSION['subState'] = array('step' => 5);

        // Reject registration requests from unsafe IP addresses (and remove the
        // registration information from the database, to prevent IP changes).
        if (check_ip('unsafe')) {
            send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
            XDB::execute("DELETE FROM  register_pending
                                WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
            return PL_FORBIDDEN;
        }

        $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
        $nameTypes = array_flip($nameTypes);

        // Retrieve the pre-registration information using the url-provided
        // authentication token.
        $res = XDB::query("SELECT  r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
                                   r.password, r.email, r.services, r.naissance,
                                   pnl.name AS lastname, pnf.name AS firstname,
                                   pd.promo, p.sex, p.birthdate_ref
                             FROM  register_pending AS r
                       INNER JOIN  accounts         AS a   ON (r.uid = a.uid)
                       INNER JOIN  account_profiles AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                       INNER JOIN  profiles         AS p   ON (p.pid = ap.pid)
                       INNER JOIN  profile_name     AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                       INNER JOIN  profile_name     AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                       INNER JOIN  profile_display  AS pd  ON (p.pid = pd.pid)
                            WHERE  hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'",
                          $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
        if (!$hash || $res->numRows() == 0) {
            $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
                         <p>Causes probables&nbsp;:</p>
                         <ol>
                           <li>Vérifie que tu visites l'adresse du dernier
                               email reçu s'il y en a eu plusieurs.</li>
                           <li>Tu as peut-être mal copié l'adresse reçue par
                               email, vérifie-la à la main.</li>
                           <li>Tu as peut-être attendu trop longtemps pour
                               confirmer. Les pré-inscriptions sont annulées
                               tous les 30 jours.</li>
                           <li>Tu es en fait déjà inscrit.</li>
                        </ol>");
        }

        list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
             $birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
        $yearpromo = substr($promo, 1, 4);

        // Prepare the template for display.
        $page->changeTpl('register/end.tpl');
        $page->addJsLink('do_challenge_response_logged.js');
        $page->assign('forlife', $forlife);
        $page->assign('firstname', $firstname);

        // Check if the user did enter a valid password; if not (or if none is found),
        // get her an information page.
        if (Post::has('response')) {
            $expected_response = sha1("$forlife:$password:" . S::v('challenge'));
            if (Post::v('response') != $expected_response) {
                $page->trigError("Mot de passe invalide.");
                S::logger($uid)->log('auth_fail', 'bad password (register/end)');
                return;
            }
        } else {
            return;
        }

        //
        // Create the user account.
        //
        XDB::execute("UPDATE  accounts
                         SET  password = {?}, state = 'active',
                              registration_date = NOW(), email = NULL
                       WHERE  uid = {?}", $password, $uid);
        XDB::execute("UPDATE  profiles
                         SET  birthdate = {?}, last_change = NOW()
                       WHERE  pid = {?}", $birthdate, $pid);
        XDB::execute("INSERT INTO  aliases (uid, alias, type)
                           VALUES  ({?}, {?}, 'a_vie')", $uid, $forlife);
        XDB::execute("INSERT INTO  aliases (uid, alias, type, flags)
                           VALUES  ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
        if ($emailXorg2) {
            XDB::execute("INSERT INTO  aliases (uid, alias, type)
                               VALUES  ({?}, {?}, 'alias')", $uid, $emailXorg2);
        }

        // Add the registration email address as first and only redirection.
        require_once 'emails.inc.php';
        $user = User::getSilentWithUID($uid);
        $redirect = new Redirect($user);
        $redirect->add_email($email);

        // Try to start a session (so the user don't have to log in); we will use
        // the password available in Post:: to authenticate the user.
        $success = Platal::session()->start(AUTH_MDP);

        // Subscribe the user to the services she did request at registration time.
        foreach (explode(',', $services) as $service) {
            switch ($service) {
                case 'ax_letter':
                    Platal::load('axletter', 'axletter.inc.php');
                    AXLetter::subscribe($uid);
                    break;
                case 'imap':
                    $storage = new EmailStorage($user, 'imap');
                    $storage->activate();
                    break;
                case 'ml_promo':
                    $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
                    if ($r->numRows()) {
                        $asso_id = $r->fetchOneCell();
                        XDB::execute('INSERT IGNORE INTO  group_members (uid, asso_id)
                                                  VALUES  ({?}, {?})',
                                     $uid, $asso_id);
                        $mmlist = new MMList($user);
                        $mmlist->subscribe("promo" . S::v('promo'));
                    }
                    break;
                case 'nl':
                    require_once 'newsletter.inc.php';
                    NewsLetter::subscribe($uid);
                    break;
            }
        }

        // Log the registration in the user session.
        S::logger($uid)->log('inscription', $email);
        XDB::execute("UPDATE  register_pending
                         SET  hash = 'INSCRIT'
                       WHERE  uid = {?}", $uid);

        // Congratulate our newly registered user by email.
        $mymail = new PlMailer('register/success.mail.tpl');
        $mymail->assign('forlife', $forlife);
        $mymail->assign('firstname', $firstname);
        $mymail->send();

        // Index the user, to allow her to appear in searches.
        Profile::rebuildSearchTokens($pid);

        // Notify other users which were watching for her arrival.
        XDB::execute('INSERT INTO  contacts (uid, contact)
                           SELECT  uid, ni_id
                             FROM  watch_nonins
                            WHERE  ni_id = {?}', $uid);
        XDB::execute('DELETE FROM  watch_nonins
                            WHERE  ni_id = {?}', $uid);
        Platal::session()->updateNbNotifs();

        // Forcibly register the new user on default forums.
        $promoForum = 'xorg.promo.' . strtolower($promo);
        $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
        foreach ($registeredForums as $forum) {
            XDB::execute("INSERT INTO  forum_subs (fid, uid)
                               SELECT  fid, {?}
                                 FROM  forums
                                WHERE  name = {?}",
                         $uid, $val);

            // Notify the newsgroup admin of the promotion forum needs be created.
            if (XDB::affectedRows() == 0 && $forum == $promoForum) {
                $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
                $promoRegistered = new UserFilter(new PFC_And(
                        new UFC_Promo('=', UserFilter::DISPLAY, $promo),
                        new UFC_Registered(true),
                        new PFC_Not(new UFC_Dead())
                ));
                if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
                    $mymail = new PlMailer('admin/forums-promo.mail.tpl');
                    $mymail->assign('promo', $promo);
                    $mymail->send();
                }
            }
        }

        // Update the global registration count stats.
        $globals->updateNbIns();

        //
        // Update collateral data sources, and inform watchers by email.
        //

        // Email the referrer(s) of this new user.
        $res = XDB::iterRow("SELECT  sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
                               FROM  register_marketing
                              WHERE  uid = {?}
                           GROUP BY  sender
                           ORDER BY  lastDate DESC", $uid);
        XDB::execute("UPDATE  register_mstats
                         SET  success = NOW()
                       WHERE  uid = {?}", $uid);

        $market = array();
        while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
            $sender = User::getWithUID($senderid);
            $market[] = " - par {$sender->fullName()} sur $maketingEmails (le plus récemment le $lastDate)";
            $mymail = new PlMailer('register/marketer.mail.tpl');
            $mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
            $mymail->addTo($sender);
            $mymail->assign('sender', $sender);
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->setTxtBody(wordwrap($msg, 72));
            $mymail->send();
        }

        // Email the plat/al administrators about the registration.
        if ($globals->register->notif) {
            $mymail = new PlMailer('register/registration.mail.tpl');
            $mymail->setSubject("Inscription de $firstname $lastname ($promo)");
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->assign('birthdate', $birthdate);
            $mymail->assign('birthdate_ref', $birthdate_ref);
            $mymail->assign('forlife', $forlife);
            $mymail->assign('email', $email);
            $mymail->assign('logger', S::logger());
            if (count($market) > 0) {
                $mymail->assign('market', implode("\n", $market));
            }
            $mymail->setTxtBody($msg);
            $mymail->send();
        }

        // Remove old pending marketing requests for the new user.
        Marketing::clear($uid);

        pl_redirect('profile/edit');
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
f59bc2fb	1	<?php
f59bc2fb	2	/***************************************************************************
9f5bd98e	3	* Copyright (C) 2003-2010 Polytechnique.org *
f59bc2fb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class RegisterModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
94590511 SJ	27	'register' => $this->make_hook('register', AUTH_PUBLIC),
94590511 SJ	28	'register/end' => $this->make_hook('end', AUTH_PUBLIC),
f59bc2fb	29	);
	30	}
	31
20d90835	32	function handler_register(&$page, $hash = null)
f59bc2fb	33	{
94590511 SJ	34	$alert = null;
	35	$subState = new PlDict(S::v('subState', array()));
	36	if (!$subState->has('step')) {
	37	$subState->set('step', 0);
f59bc2fb	38	}
94590511 SJ	39	if (!$subState->has('backs')) {
94590511 SJ	40	$subState->set('backs', new PlDict());
2efe5355	41	}
94590511 SJ	42	if (Get::has('back') && Get::i('back') < $subState->i('step')) {
	43	$subState->set('step', max(0, Get::i('back')));
	44	$subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
	45	$subState->v('back')->kill('back');
	46	if ($subState->v('backs')->count() == 3) {
97a82cd2	47	$alert .= "Tentative d'inscription très hésitante - ";
eaf30d86	48	}
f59bc2fb	49	}
f59bc2fb	50
20d90835	51	if ($hash) {
94590511	52	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
94660e07	53	$nameTypes = array_flip($nameTypes);
94590511 SJ	54	$res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
94590511 SJ	55	p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
f59bc2fb	56	FROM register_marketing AS m
94660e07	57	INNER JOIN accounts AS a ON (m.uid = a.uid)
4b0cf4e4	58	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
9f1cd432	59	INNER JOIN profiles AS p ON (p.pid = ap.pid)
94660e07 SJ	60	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	61	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	62	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
4c5a5921	63	WHERE m.hash = {?} AND a.state = 'pending'",
94660e07 SJ	64	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
94660e07 SJ	65
94590511 SJ	66	if ($res->numRows() == 1) {
	67	$subState->merge($res->fetchOneRow());
	68	$subState->set('yearpromo', substr($subState->s('promo'), 1, 4));
94660e07	69
00ba8a74 SJ	70	XDB::execute('INSERT INTO register_mstats (uid, sender, success)
	71	SELECT m.uid, m.sender, 0
	72	FROM register_marketing AS m
	73	WHERE m.hash
a245a3e1	74	ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)',
94590511	75	$subState->s('hash'));
f59bc2fb	76	}
	77	}
	78
94590511	79	switch ($subState->i('step')) {
f59bc2fb	80	case 0:
8f201b69 FB	81	$wp = new PlWikiPage('Reference.Charte');
8f201b69 FB	82	$wp->buildCache();
f59bc2fb	83	if (Post::has('step1')) {
94590511 SJ	84	$subState->set('step', 1);
	85	if ($subState->has('hash')) {
	86	$subState->set('step', 3);
460d8f55	87	$this->load('register.inc.php');
94590511	88	createAliases($subState);
f59bc2fb	89	}
	90	}
	91	break;
	92
	93	case 1:
94590511 SJ	94	if (Post::has('yearpromo')) {
	95	$promo = Post::t('edu_type') . Post::t('yearpromo');
	96	$yearpromo = Post::i('yearpromo');
94660e07	97	$res = XDB::query("SELECT COUNT(*)
94590511 SJ	98	FROM accounts AS a
	99	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
	100	INNER JOIN profiles AS p ON (p.pid = ap.pid)
	101	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
94660e07	102	WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
a41bf2f8	103	$promo);
94660e07	104
a41bf2f8	105	if (!$res->fetchOneCell()) {
94660e07	106	$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
f59bc2fb	107	} else {
94590511 SJ	108	$subState->set('step', 2);
	109	$subState->set('promo', $promo);
	110	$subState->set('yearpromo', $yearpromo);
94660e07	111	if ($yearpromo >= 1996 && $yearpromo < 2000) {
94590511	112	$subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
94660e07	113	} elseif($yearpromo >= 2000) {
94590511	114	$subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
f59bc2fb	115	}
	116	}
	117	}
	118	break;
	119
	120	case 2:
	121	if (count($_POST)) {
460d8f55	122	$this->load('register.inc.php');
94590511 SJ	123	$subState->set('firstname', Post::t('firstname'));
	124	$subState->set('lastname', Post::t('lastname'));
	125	$subState->set('schoolid', Post::i('schoolid'));
	126	$error = checkNewUser($subState);
f59bc2fb	127
94660e07 SJ	128	if ($error !== true) {
	129	break;
	130	}
94590511	131	$error = createAliases($subState);
94660e07 SJ	132	if ($error === true) {
94660e07 SJ	133	unset($error);
94590511	134	$subState->set('step', 3);
f59bc2fb	135	}
	136	}
	137	break;
	138
	139	case 3:
	140	if (count($_POST)) {
460d8f55	141	$this->load('register.inc.php');
97a82cd2 VZ	142
97a82cd2 VZ	143	// Validate the email address format and domain.
c6310567	144	require_once 'emails.inc.php';
94660e07	145
5e2307dc	146	if (!isvalid_email(Post::v('email'))) {
94660e07	147	$error[] = "Le champ 'Email' n'est pas valide.";
5e2307dc	148	} elseif (!isvalid_email_redirection(Post::v('email'))) {
94590511	149	$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
94660e07	150	. 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
f59bc2fb	151	}
97a82cd2 VZ	152
97a82cd2 VZ	153	// Validate the birthday format and range.
94590511	154	$birth = Post::t('birthdate');
12e5d7a6	155	if (!preg_match('@^[0-3]?\d/[01]?\d/(19\|20)?\d{2}$@', $birth)) {
94660e07	156	$error[] = "La 'Date de naissance' n'est pas correcte.";
35cd1be1	157	} else {
12e5d7a6	158	$birth = explode('/', $birth, 3);
94660e07	159	for ($i = 0; $i < 3; ++$i)
7caaaf6d	160	$birth[$i] = intval($birth[$i]);
94660e07 SJ	161	if ($birth[2] < 100) {
	162	$birth[2] += 1900;
	163	}
7caaaf6d	164	$year = $birth[2];
94590511	165	$promo = $subState->i('yearpromo');
35cd1be1	166	if ($year > $promo - 15 \|\| $year < $promo - 30) {
94660e07	167	$error[] = "La 'Date de naissance' n'est pas correcte.";
97a82cd2	168	$alert = "Date de naissance incorrecte à l'inscription - ";
94590511	169	$subState->set('wrong_birthdate', $birth);
35cd1be1	170	}
f59bc2fb	171	}
f59bc2fb	172
3546b253 VZ	173	// Register the optional services requested by the user.
	174	$services = array();
	175	foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
	176	if (Post::b($service)) {
	177	$services[] = $service;
	178	}
	179	}
94590511	180	$subState->set('services', $services);
3546b253	181
97a82cd2	182	// Validate the password.
81b5a6c9	183	if (!Post::v('pwhash', false)) {
94660e07	184	$error[] = "Le mot de passe n'est pas valide.";
97a82cd2 VZ	185	}
	186
	187	// Check if the given email is known as dangerous.
94590511 SJ	188	$res = XDB::query("SELECT state, description
	189	FROM email_watch
	190	WHERE email = {?} AND state != 'safe'",
94660e07	191	Post::v('email'));
94590511	192	$bannedEmail = false;
15836cdd FB	193	if ($res->numRows()) {
15836cdd FB	194	list($state, $description) = $res->fetchOneRow();
97a82cd2	195	$alert .= "Email surveillé proposé à l'inscription - ";
94590511	196	$subState->set('email_desc', $description);
706ed3ef	197	if ($state == 'dangerous') {
94590511	198	$bannedEmail = true;
706ed3ef	199	}
5480a216	200	}
4b0cf4e4	201	if ($subState->i('watch') != 0) {
4653799f	202	$alert .= "Inscription d'un utilisateur surveillé - ";
0be07aa6	203	}
5480a216	204
94590511	205	if (($bannedIp = check_ip('unsafe'))) {
94660e07	206	unset($error);
bf273d6a	207	}
bf273d6a	208
94660e07 SJ	209	if (isset($error)) {
94660e07 SJ	210	$error = join('<br />', $error);
f59bc2fb	211	} else {
94590511 SJ	212	$subState->set('birthdate', sprintf("%04d-%02d-%02d",
	213	intval($birth[2]), intval($birth[1]), intval($birth[0])));
	214	$subState->set('email', Post::t('email'));
81b5a6c9	215	$subState->set('password', Post::t('pwhash'));
97a82cd2 VZ	216
	217	// Update the current alert if the birthdate is incorrect,
	218	// or if the IP address of the user has been banned.
94590511 SJ	219	if ($subState->s('birthdateRef') != '0000-00-00'
94590511 SJ	220	&& $subState->s('birthdateRef') != $subState->s('birthdate')) {
ecc734a5	221	$alert .= "Date de naissance incorrecte à l'inscription - ";
ecc734a5	222	}
94590511	223	if ($bannedIp) {
97a82cd2	224	$alert .= "Tentative d'inscription depuis une IP surveillée";
706ed3ef	225	}
97a82cd2 VZ	226
97a82cd2 VZ	227	// Prevent banned user from actually registering; save the current state for others.
94590511	228	if ($bannedEmail \|\| $bannedIp) {
115c90db	229	global $globals;
94660e07	230	$error = "Une erreur s'est produite lors de l'inscription."
1d55fe45	231	. " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
1d55fe45	232	. " register@{$globals->mail->domain}</a>"
94660e07	233	. " pour nous faire part de cette erreur.";
5480a216	234	} else {
94590511	235	$subState->set('step', 4);
4b0cf4e4	236	if ($subState->v('backs')->count() >= 3) {
94660e07	237	$alert .= "Fin d'une inscription hésitante.";
2efe5355	238	}
94590511	239	finishRegistration($subState);
5480a216	240	}
bf273d6a	241	}
f59bc2fb	242	}
	243	break;
	244	}
	245
94590511	246	$_SESSION['subState'] = $subState->dict();
4653799f	247	if (!empty($alert)) {
5480a216	248	send_warning_mail($alert);
5480a216	249	}
97a82cd2	250
94590511	251	$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
4baa7323	252	$page->addJsLink('password.js');
94660e07 SJ	253	if (isset($error)) {
94660e07 SJ	254	$page->trigError($error);
f59bc2fb	255	}
f59bc2fb	256	}
	257
	258	function handler_end(&$page, $hash = null)
	259	{
	260	global $globals;
94590511	261	$_SESSION['subState'] = array('step' => 5);
ecc734a5	262
97a82cd2 VZ	263	// Reject registration requests from unsafe IP addresses (and remove the
97a82cd2 VZ	264	// registration information from the database, to prevent IP changes).
ecc734a5	265	if (check_ip('unsafe')) {
94660e07	266	send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
97a82cd2 VZ	267	XDB::execute("DELETE FROM register_pending
97a82cd2 VZ	268	WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
ecc734a5	269	return PL_FORBIDDEN;
	270	}
	271
94590511 SJ	272	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
	273	$nameTypes = array_flip($nameTypes);
	274
97a82cd2 VZ	275	// Retrieve the pre-registration information using the url-provided
97a82cd2 VZ	276	// authentication token.
94590511 SJ	277	$res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
	278	r.password, r.email, r.services, r.naissance,
	279	pnl.name AS lastname, pnf.name AS firstname,
	280	pd.promo, p.sex, p.birthdate_ref
	281	FROM register_pending AS r
	282	INNER JOIN accounts AS a ON (r.uid = a.uid)
	283	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
9f1cd432	284	INNER JOIN profiles AS p ON (p.pid = ap.pid)
94590511 SJ	285	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	286	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
	287	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
4c5a5921	288	WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'",
94590511	289	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
97a82cd2	290	if (!$hash \|\| $res->numRows() == 0) {
f59bc2fb	291	$page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
97a82cd2	292	<p>Causes probables :</p>
f59bc2fb	293	<ol>
a7de4ef7	294	<li>Vérifie que tu visites l'adresse du dernier
97a82cd2	295	email reçu s'il y en a eu plusieurs.</li>
a7de4ef7	296	<li>Tu as peut-être mal copié l'adresse reçue par
97a82cd2	297	email, vérifie-la à la main.</li>
a7de4ef7	298	<li>Tu as peut-être attendu trop longtemps pour
94590511	299	confirmer. Les pré-inscriptions sont annulées
f59bc2fb	300	tous les 30 jours.</li>
a7de4ef7	301	<li>Tu es en fait déjà inscrit.</li>
f59bc2fb	302	</ol>");
	303	}
	304
94590511 SJ	305	list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
	306	$birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
	307	$yearpromo = substr($promo, 1, 4);
f59bc2fb	308
97a82cd2 VZ	309	// Prepare the template for display.
	310	$page->changeTpl('register/end.tpl');
	311	$page->addJsLink('do_challenge_response_logged.js');
	312	$page->assign('forlife', $forlife);
94590511	313	$page->assign('firstname', $firstname);
97a82cd2 VZ	314
	315	// Check if the user did enter a valid password; if not (or if none is found),
	316	// get her an information page.
94590511 SJ	317	if (Post::has('response')) {
	318	$expected_response = sha1("$forlife:$password:" . S::v('challenge'));
	319	if (Post::v('response') != $expected_response) {
97a82cd2 VZ	320	$page->trigError("Mot de passe invalide.");
	321	S::logger($uid)->log('auth_fail', 'bad password (register/end)');
	322	return;
	323	}
	324	} else {
	325	return;
	326	}
f59bc2fb	327
97a82cd2 VZ	328	//
	329	// Create the user account.
	330	//
94590511 SJ	331	XDB::execute("UPDATE accounts
94590511 SJ	332	SET password = {?}, state = 'active',
33a4f3f9	333	registration_date = NOW(), email = NULL
94590511 SJ	334	WHERE uid = {?}", $password, $uid);
	335	XDB::execute("UPDATE profiles
	336	SET birthdate = {?}, last_change = NOW()
	337	WHERE pid = {?}", $birthdate, $pid);
fe13bc1d	338	XDB::execute("INSERT INTO aliases (uid, alias, type)
97a82cd2	339	VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
fe13bc1d	340	XDB::execute("INSERT INTO aliases (uid, alias, type, flags)
97a82cd2	341	VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
94590511	342	if ($emailXorg2) {
fe13bc1d	343	XDB::execute("INSERT INTO aliases (uid, alias, type)
94590511	344	VALUES ({?}, {?}, 'alias')", $uid, $emailXorg2);
f59bc2fb	345	}
f59bc2fb	346
97a82cd2	347	// Add the registration email address as first and only redirection.
726eaf7a	348	require_once 'emails.inc.php';
94590511	349	$user = User::getSilentWithUID($uid);
12a587df	350	$redirect = new Redirect($user);
f59bc2fb	351	$redirect->add_email($email);
f59bc2fb	352
3546b253 VZ	353	// Try to start a session (so the user don't have to log in); we will use
3546b253 VZ	354	// the password available in Post:: to authenticate the user.
94590511	355	$success = Platal::session()->start(AUTH_MDP);
3546b253 VZ	356
	357	// Subscribe the user to the services she did request at registration time.
	358	foreach (explode(',', $services) as $service) {
	359	switch ($service) {
	360	case 'ax_letter':
	361	Platal::load('axletter', 'axletter.inc.php');
94590511	362	AXLetter::subscribe($uid);
3546b253 VZ	363	break;
3546b253 VZ	364	case 'imap':
3546b253 VZ	365	$storage = new EmailStorage($user, 'imap');
	366	$storage->activate();
	367	break;
	368	case 'ml_promo':
94590511	369	$r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
3546b253 VZ	370	if ($r->numRows()) {
3546b253 VZ	371	$asso_id = $r->fetchOneCell();
24a67e95 SJ	372	XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id)
24a67e95 SJ	373	VALUES ({?}, {?})',
94590511	374	$uid, $asso_id);
5c36f345	375	$mmlist = new MMList($user);
3546b253 VZ	376	$mmlist->subscribe("promo" . S::v('promo'));
	377	}
	378	break;
	379	case 'nl':
	380	require_once 'newsletter.inc.php';
94590511	381	NewsLetter::subscribe($uid);
3546b253 VZ	382	break;
	383	}
	384	}
	385
97a82cd2	386	// Log the registration in the user session.
03c0a3a7	387	S::logger($uid)->log('inscription', $email);
97a82cd2 VZ	388	XDB::execute("UPDATE register_pending
	389	SET hash = 'INSCRIT'
	390	WHERE uid = {?}", $uid);
f59bc2fb	391
97a82cd2	392	// Congratulate our newly registered user by email.
94590511	393	$mymail = new PlMailer('register/success.mail.tpl');
f59bc2fb	394	$mymail->assign('forlife', $forlife);
94590511	395	$mymail->assign('firstname', $firstname);
f59bc2fb	396	$mymail->send();
f59bc2fb	397
97a82cd2	398	// Index the user, to allow her to appear in searches.
bbdfd693	399	Profile::rebuildSearchTokens($pid);
2a54eb4d	400
97a82cd2	401	// Notify other users which were watching for her arrival.
00ba8a74 SJ	402	XDB::execute('INSERT INTO contacts (uid, contact)
	403	SELECT uid, ni_id
	404	FROM watch_nonins
	405	WHERE ni_id = {?}', $uid);
94590511 SJ	406	XDB::execute('DELETE FROM watch_nonins
	407	WHERE ni_id = {?}', $uid);
	408	Platal::session()->updateNbNotifs();
03c0a3a7	409
97a82cd2	410	// Forcibly register the new user on default forums.
94590511 SJ	411	$promoForum = 'xorg.promo.' . strtolower($promo);
	412	$registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
	413	foreach ($registeredForums as $forum) {
	414	XDB::execute("INSERT INTO forum_subs (fid, uid)
97a82cd2	415	SELECT fid, {?}
94590511 SJ	416	FROM forums
	417	WHERE name = {?}",
	418	$uid, $val);
97a82cd2 VZ	419
97a82cd2 VZ	420	// Notify the newsgroup admin of the promotion forum needs be created.
94590511 SJ	421	if (XDB::affectedRows() == 0 && $forum == $promoForum) {
	422	$promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
	423	$promoRegistered = new UserFilter(new PFC_And(
	424	new UFC_Promo('=', UserFilter::DISPLAY, $promo),
	425	new UFC_Registered(true),
	426	new PFC_Not(new UFC_Dead())
	427	));
	428	if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
03c0a3a7 FB	429	$mymail = new PlMailer('admin/forums-promo.mail.tpl');
	430	$mymail->assign('promo', $promo);
	431	$mymail->send();
	432	}
	433	}
	434	}
	435
97a82cd2	436	// Update the global registration count stats.
ebfdf077	437	$globals->updateNbIns();
b5dd6f2f	438
97a82cd2 VZ	439	//
	440	// Update collateral data sources, and inform watchers by email.
	441	//
f59bc2fb	442
97a82cd2	443	// Email the referrer(s) of this new user.
94590511 SJ	444	$res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
	445	FROM register_marketing
	446	WHERE uid = {?}
	447	GROUP BY sender
	448	ORDER BY lastDate DESC", $uid);
97a82cd2 VZ	449	XDB::execute("UPDATE register_mstats
	450	SET success = NOW()
	451	WHERE uid = {?}", $uid);
f59bc2fb	452
d3447a09	453	$market = array();
94590511 SJ	454	while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
94590511 SJ	455	$sender = User::getWithUID($senderid);
07f1f729	456	$market[] = " - par {$sender->fullName()} sur $maketingEmails (le plus récemment le $lastDate)";
94590511 SJ	457	$mymail = new PlMailer('register/marketer.mail.tpl');
94590511 SJ	458	$mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
330888b0	459	$mymail->addTo($sender);
94590511 SJ	460	$mymail->assign('sender', $sender);
	461	$mymail->assign('firstname', $firstname);
	462	$mymail->assign('lastname', $lastname);
	463	$mymail->assign('promo', $promo);
	464	$mymail->assign('sex', $sex);
f59bc2fb	465	$mymail->setTxtBody(wordwrap($msg, 72));
	466	$mymail->send();
	467	}
5f5f0eb5	468
97a82cd2	469	// Email the plat/al administrators about the registration.
9812efa0	470	if ($globals->register->notif) {
94590511 SJ	471	$mymail = new PlMailer('register/registration.mail.tpl');
	472	$mymail->setSubject("Inscription de $firstname $lastname ($promo)");
	473	$mymail->assign('firstname', $firstname);
	474	$mymail->assign('lastname', $lastname);
	475	$mymail->assign('promo', $promo);
	476	$mymail->assign('sex', $sex);
	477	$mymail->assign('birthdate', $birthdate);
	478	$mymail->assign('birthdate_ref', $birthdate_ref);
	479	$mymail->assign('forlife', $forlife);
	480	$mymail->assign('email', $email);
4b0cf4e4	481	$mymail->assign('logger', S::logger());
defff1aa	482	if (count($market) > 0) {
94590511	483	$mymail->assign('market', implode("\n", $market));
defff1aa	484	}
9812efa0	485	$mymail->setTxtBody($msg);
eaf30d86	486	$mymail->send();
9812efa0	487	}
f59bc2fb	488
97a82cd2	489	// Remove old pending marketing requests for the new user.
e654517d	490	Marketing::clear($uid);
f59bc2fb	491
97a0a459 FB	492	pl_redirect('profile/edit');
97a0a459 FB	493	}
f59bc2fb	494	}
f59bc2fb	495
a7de4ef7	496	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
f59bc2fb	497	?>