[platal.git] / modules / register.php

<?php
/***************************************************************************
 *  Copyright (C) 2003-2010 Polytechnique.org                              *
 *  http://opensource.polytechnique.org/                                   *
 *                                                                         *
 *  This program is free software; you can redistribute it and/or modify   *
 *  it under the terms of the GNU General Public License as published by   *
 *  the Free Software Foundation; either version 2 of the License, or      *
 *  (at your option) any later version.                                    *
 *                                                                         *
 *  This program is distributed in the hope that it will be useful,        *
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of         *
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the          *
 *  GNU General Public License for more details.                           *
 *                                                                         *
 *  You should have received a copy of the GNU General Public License      *
 *  along with this program; if not, write to the Free Software            *
 *  Foundation, Inc.,                                                      *
 *  59 Temple Place, Suite 330, Boston, MA  02111-1307  USA                *
 ***************************************************************************/

class RegisterModule extends PLModule
{
    function handlers()
    {
        return array(
            'register'     => $this->make_hook('register', AUTH_PUBLIC),
            'register/end' => $this->make_hook('end',      AUTH_PUBLIC),
        );
    }

    function handler_register(&$page, $hash = null)
    {
        $alert = null;
        $subState = new PlDict(S::v('subState', array()));
        if (!$subState->has('step')) {
            $subState->set('step', 0);
        }
        if (!$subState->has('backs')) {
            $subState->set('backs', new PlDict());
        }
        if (Get::has('back') && Get::i('back') < $subState->i('step')) {
            $subState->set('step', max(0, Get::i('back')));
            $subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
            $subState->v('back')->kill('back');
            if ($subState->v('backs')->count() == 3) {
                $alert .= "Tentative d'inscription très hésitante - ";
            }
        }

        if ($hash) {
            $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
            $nameTypes = array_flip($nameTypes);
            $res = XDB::query("SELECT  a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
                                       p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
                                 FROM  register_marketing AS m
                           INNER JOIN  accounts           AS a   ON (m.uid = a.uid)
                           INNER JOIN  account_profiles   AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                           INNER JOIN  profiles           AS p   ON (p.pid = ap.pid)
                           INNER JOIN  profile_display    AS pd  ON (p.pid = pd.pid)
                           INNER JOIN  profile_name       AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                           INNER JOIN  profile_name       AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                                WHERE  m.hash = {?} AND a.state = 'pending'",
                              $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);

            if ($res->numRows() == 1) {
                $subState->merge($res->fetchOneRow());
                $subState->set('yearpromo', substr($subState->s('promo'), 1, 4));

                XDB::execute('REPLACE INTO  register_mstats (uid,sender,success)
                                    SELECT  m.uid, m.sender, 0
                                      FROM  register_marketing AS m
                                     WHERE  m.hash',
                             $subState->s('hash'));
            }
        }

        switch ($subState->i('step')) {
            case 0:
                $wp = new PlWikiPage('Reference.Charte');
                $wp->buildCache();
                if (Post::has('step1')) {
                    $subState->set('step', 1);
                    if ($subState->has('hash')) {
                        $subState->set('step', 3);
                        $this->load('register.inc.php');
                        createAliases($subState);
                    }
                }
                break;

            case 1:
                if (Post::has('yearpromo')) {
                    $promo = Post::t('edu_type') . Post::t('yearpromo');
                    $yearpromo = Post::i('yearpromo');
                    $res = XDB::query("SELECT  COUNT(*)
                                         FROM  accounts         AS a
                                   INNER JOIN  account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                                   INNER JOIN  profiles         AS p  ON (p.pid = ap.pid)
                                   INNER JOIN  profile_display  AS pd ON (p.pid = pd.pid)
                                        WHERE  a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
                                      $promo);

                    if (!$res->fetchOneCell()) {
                        $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
                    } else {
                        $subState->set('step', 2);
                        $subState->set('promo', $promo);
                        $subState->set('yearpromo', $yearpromo);
                        if ($yearpromo >= 1996 && $yearpromo < 2000) {
                            $subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
                        } elseif($yearpromo >= 2000) {
                            $subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
                        }
                    }
                }
                break;

            case 2:
                if (count($_POST)) {
                    $this->load('register.inc.php');
                    $subState->set('firstname', Post::t('firstname'));
                    $subState->set('lastname', Post::t('lastname'));
                    $subState->set('schoolid', Post::i('schoolid'));
                    $error = checkNewUser($subState);

                    if ($error !== true) {
                        break;
                    }
                    $error = createAliases($subState);
                    if ($error === true) {
                        unset($error);
                        $subState->set('step', 3);
                    }
                }
                break;

            case 3:
                if (count($_POST)) {
                    $this->load('register.inc.php');

                    // Validate the email address format and domain.
                    require_once 'emails.inc.php';

                    if (!isvalid_email(Post::v('email'))) {
                        $error[] = "Le champ 'Email' n'est pas valide.";
                    } elseif (!isvalid_email_redirection(Post::v('email'))) {
                        $error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
                                 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
                    }

                    // Validate the birthday format and range.
                    $birth = Post::t('birthdate');
                    if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
                        $error[] = "La 'Date de naissance' n'est pas correcte.";
                    } else {
                        $birth = explode('/', $birth, 3);
                        for ($i = 0; $i < 3; ++$i)
                            $birth[$i] = intval($birth[$i]);
                        if ($birth[2] < 100) {
                            $birth[2] += 1900;
                        }
                        $year  = $birth[2];
                        $promo = $subState->i('yearpromo');
                        if ($year > $promo - 15 || $year < $promo - 30) {
                            $error[] = "La 'Date de naissance' n'est pas correcte.";
                            $alert = "Date de naissance incorrecte à l'inscription - ";
                            $subState->set('wrong_birthdate', $birth);
                        }
                    }

                    // Register the optional services requested by the user.
                    $services = array();
                    foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
                        if (Post::b($service)) {
                            $services[] = $service;
                        }
                    }
                    $subState->set('services', $services);

                    // Validate the password.
                    if (!Post::v('pwhash', false)) {
                        $error[] = "Le mot de passe n'est pas valide.";
                    }

                    // Check if the given email is known as dangerous.
                    $res = XDB::query("SELECT  state, description
                                         FROM  email_watch
                                        WHERE  email = {?} AND state != 'safe'",
                                      Post::v('email'));
                    $bannedEmail = false;
                    if ($res->numRows()) {
                        list($state, $description) = $res->fetchOneRow();
                        $alert .= "Email surveillé proposé à l'inscription - ";
                        $subState->set('email_desc', $description);
                        if ($state == 'dangerous') {
                            $bannedEmail = true;
                        }
                    }
                    if ($subState->i('watch') != 0) {
                        $alert .= "Inscription d'un utilisateur surveillé - ";
                    }

                    if (($bannedIp = check_ip('unsafe'))) {
                        unset($error);
                    }

                    if (isset($error)) {
                        $error = join('<br />', $error);
                    } else {
                        $subState->set('birthdate', sprintf("%04d-%02d-%02d",
                                                            intval($birth[2]), intval($birth[1]), intval($birth[0])));
                        $subState->set('email', Post::t('email'));
                        $subState->set('password', Post::t('pwhash'));

                        // Update the current alert if the birthdate is incorrect,
                        // or if the IP address of the user has been banned.
                        if ($subState->s('birthdateRef') != '0000-00-00'
                            && $subState->s('birthdateRef') != $subState->s('birthdate')) {
                            $alert .= "Date de naissance incorrecte à l'inscription - ";
                        }
                        if ($bannedIp) {
                            $alert .= "Tentative d'inscription depuis une IP surveillée";
                        }

                        // Prevent banned user from actually registering; save the current state for others.
                        if ($bannedEmail || $bannedIp) {
                            global $globals;
                            $error = "Une erreur s'est produite lors de l'inscription."
                                 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
                                 . " register@{$globals->mail->domain}</a>"
                                 . " pour nous faire part de cette erreur.";
                        } else {
                            $subState->set('step', 4);
                            if ($subState->v('backs')->count() >= 3) {
                                $alert .= "Fin d'une inscription hésitante.";
                            }
                            finishRegistration($subState);
                        }
                    }
                }
                break;
        }

        $_SESSION['subState'] = $subState->dict();
        if (!empty($alert)) {
            send_warning_mail($alert);
        }

        $page->changeTpl('register/step' . $subState->i('step') . '.tpl');
        $page->addJsLink('password.js');
        if (isset($error)) {
            $page->trigError($error);
        }
    }

    function handler_end(&$page, $hash = null)
    {
        global $globals;
        $_SESSION['subState'] = array('step' => 5);

        // Reject registration requests from unsafe IP addresses (and remove the
        // registration information from the database, to prevent IP changes).
        if (check_ip('unsafe')) {
            send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
            XDB::execute("DELETE FROM  register_pending
                                WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
            return PL_FORBIDDEN;
        }

        $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
        $nameTypes = array_flip($nameTypes);

        // Retrieve the pre-registration information using the url-provided
        // authentication token.
        $res = XDB::query("SELECT  r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
                                   r.password, r.email, r.services, r.naissance,
                                   pnl.name AS lastname, pnf.name AS firstname,
                                   pd.promo, p.sex, p.birthdate_ref
                             FROM  register_pending AS r
                       INNER JOIN  accounts         AS a   ON (r.uid = a.uid)
                       INNER JOIN  account_profiles AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
                       INNER JOIN  profiles         AS p   ON (p.pid = ap.pid)
                       INNER JOIN  profile_name     AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
                       INNER JOIN  profile_name     AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
                       INNER JOIN  profile_display  AS pd  ON (p.pid = pd.pid)
                            WHERE  hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'",
                          $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
        if (!$hash || $res->numRows() == 0) {
            $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
                         <p>Causes probables&nbsp;:</p>
                         <ol>
                           <li>Vérifie que tu visites l'adresse du dernier
                               email reçu s'il y en a eu plusieurs.</li>
                           <li>Tu as peut-être mal copié l'adresse reçue par
                               email, vérifie-la à la main.</li>
                           <li>Tu as peut-être attendu trop longtemps pour
                               confirmer. Les pré-inscriptions sont annulées
                               tous les 30 jours.</li>
                           <li>Tu es en fait déjà inscrit.</li>
                        </ol>");
        }

        list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
             $birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
        $yearpromo = substr($promo, 1, 4);

        // Prepare the template for display.
        $page->changeTpl('register/end.tpl');
        $page->addJsLink('do_challenge_response_logged.js');
        $page->assign('forlife', $forlife);
        $page->assign('firstname', $firstname);

        // Check if the user did enter a valid password; if not (or if none is found),
        // get her an information page.
        if (Post::has('response')) {
            $expected_response = sha1("$forlife:$password:" . S::v('challenge'));
            if (Post::v('response') != $expected_response) {
                $page->trigError("Mot de passe invalide.");
                S::logger($uid)->log('auth_fail', 'bad password (register/end)');
                return;
            }
        } else {
            return;
        }

        //
        // Create the user account.
        //
        XDB::execute("UPDATE  accounts
                         SET  password = {?}, state = 'active',
                              registration_date = NOW(), email = NULL
                       WHERE  uid = {?}", $password, $uid);
        XDB::execute("UPDATE  profiles
                         SET  birthdate = {?}, last_change = NOW()
                       WHERE  pid = {?}", $birthdate, $pid);
        XDB::execute("INSERT INTO  aliases (uid, alias, type)
                           VALUES  ({?}, {?}, 'a_vie')", $uid, $forlife);
        XDB::execute("INSERT INTO  aliases (uid, alias, type, flags)
                           VALUES  ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
        if ($emailXorg2) {
            XDB::execute("INSERT INTO  aliases (uid, alias, type)
                               VALUES  ({?}, {?}, 'alias')", $uid, $emailXorg2);
        }

        // Add the registration email address as first and only redirection.
        require_once 'emails.inc.php';
        $user = User::getSilentWithUID($uid);
        $redirect = new Redirect($user);
        $redirect->add_email($email);

        // Try to start a session (so the user don't have to log in); we will use
        // the password available in Post:: to authenticate the user.
        $success = Platal::session()->start(AUTH_MDP);

        // Subscribe the user to the services she did request at registration time.
        foreach (explode(',', $services) as $service) {
            switch ($service) {
                case 'ax_letter':
                    Platal::load('axletter', 'axletter.inc.php');
                    AXLetter::subscribe($uid);
                    break;
                case 'imap':
                    $storage = new EmailStorage($user, 'imap');
                    $storage->activate();
                    break;
                case 'ml_promo':
                    $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
                    if ($r->numRows()) {
                        $asso_id = $r->fetchOneCell();
                        XDB::execute('REPLACE INTO  group_members (uid, asso_id)
                                            VALUES  ({?}, {?})',
                                     $uid, $asso_id);
                        $mmlist = new MMList($uid, S::v('password'));
                        $mmlist->subscribe("promo" . S::v('promo'));
                    }
                    break;
                case 'nl':
                    require_once 'newsletter.inc.php';
                    NewsLetter::subscribe($uid);
                    break;
            }
        }

        // Log the registration in the user session.
        S::logger($uid)->log('inscription', $email);
        XDB::execute("UPDATE  register_pending
                         SET  hash = 'INSCRIT'
                       WHERE  uid = {?}", $uid);

        // Congratulate our newly registered user by email.
        $mymail = new PlMailer('register/success.mail.tpl');
        $mymail->assign('forlife', $forlife);
        $mymail->assign('firstname', $firstname);
        $mymail->send();

        // Index the user, to allow her to appear in searches.
        Profile::rebuildSearchTokens($pid);

        // Notify other users which were watching for her arrival.
        XDB::execute('REPLACE INTO  contacts (uid, contact)
                            SELECT  uid, ni_id
                              FROM  watch_nonins
                             WHERE  ni_id = {?}', $uid);
        XDB::execute('DELETE FROM  watch_nonins
                            WHERE  ni_id = {?}', $uid);
        Platal::session()->updateNbNotifs();

        // Forcibly register the new user on default forums.
        $promoForum = 'xorg.promo.' . strtolower($promo);
        $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
        foreach ($registeredForums as $forum) {
            XDB::execute("INSERT INTO  forum_subs (fid, uid)
                               SELECT  fid, {?}
                                 FROM  forums
                                WHERE  name = {?}",
                         $uid, $val);

            // Notify the newsgroup admin of the promotion forum needs be created.
            if (XDB::affectedRows() == 0 && $forum == $promoForum) {
                $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
                $promoRegistered = new UserFilter(new PFC_And(
                        new UFC_Promo('=', UserFilter::DISPLAY, $promo),
                        new UFC_Registered(true),
                        new PFC_Not(new UFC_Dead())
                ));
                if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
                    $mymail = new PlMailer('admin/forums-promo.mail.tpl');
                    $mymail->assign('promo', $promo);
                    $mymail->send();
                }
            }
        }

        // Update the global registration count stats.
        $globals->updateNbIns();

        //
        // Update collateral data sources, and inform watchers by email.
        //

        // Email the referrer(s) of this new user.
        $res = XDB::iterRow("SELECT  sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
                               FROM  register_marketing
                              WHERE  uid = {?}
                           GROUP BY  sender
                           ORDER BY  lastDate DESC", $uid);
        XDB::execute("UPDATE  register_mstats
                         SET  success = NOW()
                       WHERE  uid = {?}", $uid);

        $market = array();
        while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
            $sender = User::getWithUID($senderid);
            $market[] = " - par {$sender->fullName()} sur $maketingEmails (le plus récemment le $lastDate)";
            $mymail = new PlMailer('register/marketer.mail.tpl');
            $mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
            $mymail->addTo($sender);
            $mymail->assign('sender', $sender);
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->setTxtBody(wordwrap($msg, 72));
            $mymail->send();
        }

        // Email the plat/al administrators about the registration.
        if ($globals->register->notif) {
            $mymail = new PlMailer('register/registration.mail.tpl');
            $mymail->setSubject("Inscription de $firstname $lastname ($promo)");
            $mymail->assign('firstname', $firstname);
            $mymail->assign('lastname', $lastname);
            $mymail->assign('promo', $promo);
            $mymail->assign('sex', $sex);
            $mymail->assign('birthdate', $birthdate);
            $mymail->assign('birthdate_ref', $birthdate_ref);
            $mymail->assign('forlife', $forlife);
            $mymail->assign('email', $email);
            $mymail->assign('logger', S::logger());
            if (count($market) > 0) {
                $mymail->assign('market', implode("\n", $market));
            }
            $mymail->setTxtBody($msg);
            $mymail->send();
        }

        // Remove old pending marketing requests for the new user.
        Marketing::clear($uid);

        pl_redirect('profile/edit');
    }
}

// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
?>
Commit	Line	Data
f59bc2fb	1	<?php
f59bc2fb	2	/***************************************************************************
9f5bd98e	3	* Copyright (C) 2003-2010 Polytechnique.org *
f59bc2fb	4	* http://opensource.polytechnique.org/ *
	5	* *
	6	* This program is free software; you can redistribute it and/or modify *
	7	* it under the terms of the GNU General Public License as published by *
	8	* the Free Software Foundation; either version 2 of the License, or *
	9	* (at your option) any later version. *
	10	* *
	11	* This program is distributed in the hope that it will be useful, *
	12	* but WITHOUT ANY WARRANTY; without even the implied warranty of *
	13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
	14	* GNU General Public License for more details. *
	15	* *
	16	* You should have received a copy of the GNU General Public License *
	17	* along with this program; if not, write to the Free Software *
	18	* Foundation, Inc., *
	19	* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
	20	***************************************************************************/
	21
	22	class RegisterModule extends PLModule
	23	{
	24	function handlers()
	25	{
	26	return array(
94590511 SJ	27	'register' => $this->make_hook('register', AUTH_PUBLIC),
94590511 SJ	28	'register/end' => $this->make_hook('end', AUTH_PUBLIC),
f59bc2fb	29	);
	30	}
	31
20d90835	32	function handler_register(&$page, $hash = null)
f59bc2fb	33	{
94590511 SJ	34	$alert = null;
	35	$subState = new PlDict(S::v('subState', array()));
	36	if (!$subState->has('step')) {
	37	$subState->set('step', 0);
f59bc2fb	38	}
94590511 SJ	39	if (!$subState->has('backs')) {
94590511 SJ	40	$subState->set('backs', new PlDict());
2efe5355	41	}
94590511 SJ	42	if (Get::has('back') && Get::i('back') < $subState->i('step')) {
	43	$subState->set('step', max(0, Get::i('back')));
	44	$subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
	45	$subState->v('back')->kill('back');
	46	if ($subState->v('backs')->count() == 3) {
97a82cd2	47	$alert .= "Tentative d'inscription très hésitante - ";
eaf30d86	48	}
f59bc2fb	49	}
f59bc2fb	50
20d90835	51	if ($hash) {
94590511	52	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
94660e07	53	$nameTypes = array_flip($nameTypes);
94590511 SJ	54	$res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
94590511 SJ	55	p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
f59bc2fb	56	FROM register_marketing AS m
94660e07	57	INNER JOIN accounts AS a ON (m.uid = a.uid)
4b0cf4e4	58	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
9f1cd432	59	INNER JOIN profiles AS p ON (p.pid = ap.pid)
94660e07 SJ	60	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
	61	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	62	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
4c5a5921	63	WHERE m.hash = {?} AND a.state = 'pending'",
94660e07 SJ	64	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
94660e07 SJ	65
94590511 SJ	66	if ($res->numRows() == 1) {
	67	$subState->merge($res->fetchOneRow());
	68	$subState->set('yearpromo', substr($subState->s('promo'), 1, 4));
94660e07 SJ	69
	70	XDB::execute('REPLACE INTO register_mstats (uid,sender,success)
	71	SELECT m.uid, m.sender, 0
	72	FROM register_marketing AS m
	73	WHERE m.hash',
94590511	74	$subState->s('hash'));
f59bc2fb	75	}
	76	}
	77
94590511	78	switch ($subState->i('step')) {
f59bc2fb	79	case 0:
8f201b69 FB	80	$wp = new PlWikiPage('Reference.Charte');
8f201b69 FB	81	$wp->buildCache();
f59bc2fb	82	if (Post::has('step1')) {
94590511 SJ	83	$subState->set('step', 1);
	84	if ($subState->has('hash')) {
	85	$subState->set('step', 3);
460d8f55	86	$this->load('register.inc.php');
94590511	87	createAliases($subState);
f59bc2fb	88	}
	89	}
	90	break;
	91
	92	case 1:
94590511 SJ	93	if (Post::has('yearpromo')) {
	94	$promo = Post::t('edu_type') . Post::t('yearpromo');
	95	$yearpromo = Post::i('yearpromo');
94660e07	96	$res = XDB::query("SELECT COUNT(*)
94590511 SJ	97	FROM accounts AS a
	98	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
	99	INNER JOIN profiles AS p ON (p.pid = ap.pid)
	100	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
94660e07	101	WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
a41bf2f8	102	$promo);
94660e07	103
a41bf2f8	104	if (!$res->fetchOneCell()) {
94660e07	105	$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
f59bc2fb	106	} else {
94590511 SJ	107	$subState->set('step', 2);
	108	$subState->set('promo', $promo);
	109	$subState->set('yearpromo', $yearpromo);
94660e07	110	if ($yearpromo >= 1996 && $yearpromo < 2000) {
94590511	111	$subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
94660e07	112	} elseif($yearpromo >= 2000) {
94590511	113	$subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
f59bc2fb	114	}
	115	}
	116	}
	117	break;
	118
	119	case 2:
	120	if (count($_POST)) {
460d8f55	121	$this->load('register.inc.php');
94590511 SJ	122	$subState->set('firstname', Post::t('firstname'));
	123	$subState->set('lastname', Post::t('lastname'));
	124	$subState->set('schoolid', Post::i('schoolid'));
	125	$error = checkNewUser($subState);
f59bc2fb	126
94660e07 SJ	127	if ($error !== true) {
	128	break;
	129	}
94590511	130	$error = createAliases($subState);
94660e07 SJ	131	if ($error === true) {
94660e07 SJ	132	unset($error);
94590511	133	$subState->set('step', 3);
f59bc2fb	134	}
	135	}
	136	break;
	137
	138	case 3:
	139	if (count($_POST)) {
460d8f55	140	$this->load('register.inc.php');
97a82cd2 VZ	141
97a82cd2 VZ	142	// Validate the email address format and domain.
c6310567	143	require_once 'emails.inc.php';
94660e07	144
5e2307dc	145	if (!isvalid_email(Post::v('email'))) {
94660e07	146	$error[] = "Le champ 'Email' n'est pas valide.";
5e2307dc	147	} elseif (!isvalid_email_redirection(Post::v('email'))) {
94590511	148	$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
94660e07	149	. 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
f59bc2fb	150	}
97a82cd2 VZ	151
97a82cd2 VZ	152	// Validate the birthday format and range.
94590511	153	$birth = Post::t('birthdate');
12e5d7a6	154	if (!preg_match('@^[0-3]?\d/[01]?\d/(19\|20)?\d{2}$@', $birth)) {
94660e07	155	$error[] = "La 'Date de naissance' n'est pas correcte.";
35cd1be1	156	} else {
12e5d7a6	157	$birth = explode('/', $birth, 3);
94660e07	158	for ($i = 0; $i < 3; ++$i)
7caaaf6d	159	$birth[$i] = intval($birth[$i]);
94660e07 SJ	160	if ($birth[2] < 100) {
	161	$birth[2] += 1900;
	162	}
7caaaf6d	163	$year = $birth[2];
94590511	164	$promo = $subState->i('yearpromo');
35cd1be1	165	if ($year > $promo - 15 \|\| $year < $promo - 30) {
94660e07	166	$error[] = "La 'Date de naissance' n'est pas correcte.";
97a82cd2	167	$alert = "Date de naissance incorrecte à l'inscription - ";
94590511	168	$subState->set('wrong_birthdate', $birth);
35cd1be1	169	}
f59bc2fb	170	}
f59bc2fb	171
3546b253 VZ	172	// Register the optional services requested by the user.
	173	$services = array();
	174	foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
	175	if (Post::b($service)) {
	176	$services[] = $service;
	177	}
	178	}
94590511	179	$subState->set('services', $services);
3546b253	180
97a82cd2	181	// Validate the password.
81b5a6c9	182	if (!Post::v('pwhash', false)) {
94660e07	183	$error[] = "Le mot de passe n'est pas valide.";
97a82cd2 VZ	184	}
	185
	186	// Check if the given email is known as dangerous.
94590511 SJ	187	$res = XDB::query("SELECT state, description
	188	FROM email_watch
	189	WHERE email = {?} AND state != 'safe'",
94660e07	190	Post::v('email'));
94590511	191	$bannedEmail = false;
15836cdd FB	192	if ($res->numRows()) {
15836cdd FB	193	list($state, $description) = $res->fetchOneRow();
97a82cd2	194	$alert .= "Email surveillé proposé à l'inscription - ";
94590511	195	$subState->set('email_desc', $description);
706ed3ef	196	if ($state == 'dangerous') {
94590511	197	$bannedEmail = true;
706ed3ef	198	}
5480a216	199	}
4b0cf4e4	200	if ($subState->i('watch') != 0) {
4653799f	201	$alert .= "Inscription d'un utilisateur surveillé - ";
0be07aa6	202	}
5480a216	203
94590511	204	if (($bannedIp = check_ip('unsafe'))) {
94660e07	205	unset($error);
bf273d6a	206	}
bf273d6a	207
94660e07 SJ	208	if (isset($error)) {
94660e07 SJ	209	$error = join('<br />', $error);
f59bc2fb	210	} else {
94590511 SJ	211	$subState->set('birthdate', sprintf("%04d-%02d-%02d",
	212	intval($birth[2]), intval($birth[1]), intval($birth[0])));
	213	$subState->set('email', Post::t('email'));
81b5a6c9	214	$subState->set('password', Post::t('pwhash'));
97a82cd2 VZ	215
	216	// Update the current alert if the birthdate is incorrect,
	217	// or if the IP address of the user has been banned.
94590511 SJ	218	if ($subState->s('birthdateRef') != '0000-00-00'
94590511 SJ	219	&& $subState->s('birthdateRef') != $subState->s('birthdate')) {
ecc734a5	220	$alert .= "Date de naissance incorrecte à l'inscription - ";
ecc734a5	221	}
94590511	222	if ($bannedIp) {
97a82cd2	223	$alert .= "Tentative d'inscription depuis une IP surveillée";
706ed3ef	224	}
97a82cd2 VZ	225
97a82cd2 VZ	226	// Prevent banned user from actually registering; save the current state for others.
94590511	227	if ($bannedEmail \|\| $bannedIp) {
115c90db	228	global $globals;
94660e07	229	$error = "Une erreur s'est produite lors de l'inscription."
1d55fe45	230	. " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
1d55fe45	231	. " register@{$globals->mail->domain}</a>"
94660e07	232	. " pour nous faire part de cette erreur.";
5480a216	233	} else {
94590511	234	$subState->set('step', 4);
4b0cf4e4	235	if ($subState->v('backs')->count() >= 3) {
94660e07	236	$alert .= "Fin d'une inscription hésitante.";
2efe5355	237	}
94590511	238	finishRegistration($subState);
5480a216	239	}
bf273d6a	240	}
f59bc2fb	241	}
	242	break;
	243	}
	244
94590511	245	$_SESSION['subState'] = $subState->dict();
4653799f	246	if (!empty($alert)) {
5480a216	247	send_warning_mail($alert);
5480a216	248	}
97a82cd2	249
94590511	250	$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
4baa7323	251	$page->addJsLink('password.js');
94660e07 SJ	252	if (isset($error)) {
94660e07 SJ	253	$page->trigError($error);
f59bc2fb	254	}
f59bc2fb	255	}
	256
	257	function handler_end(&$page, $hash = null)
	258	{
	259	global $globals;
94590511	260	$_SESSION['subState'] = array('step' => 5);
ecc734a5	261
97a82cd2 VZ	262	// Reject registration requests from unsafe IP addresses (and remove the
97a82cd2 VZ	263	// registration information from the database, to prevent IP changes).
ecc734a5	264	if (check_ip('unsafe')) {
94660e07	265	send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
97a82cd2 VZ	266	XDB::execute("DELETE FROM register_pending
97a82cd2 VZ	267	WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
ecc734a5	268	return PL_FORBIDDEN;
	269	}
	270
94590511 SJ	271	$nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
	272	$nameTypes = array_flip($nameTypes);
	273
97a82cd2 VZ	274	// Retrieve the pre-registration information using the url-provided
97a82cd2 VZ	275	// authentication token.
94590511 SJ	276	$res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
	277	r.password, r.email, r.services, r.naissance,
	278	pnl.name AS lastname, pnf.name AS firstname,
	279	pd.promo, p.sex, p.birthdate_ref
	280	FROM register_pending AS r
	281	INNER JOIN accounts AS a ON (r.uid = a.uid)
	282	INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
9f1cd432	283	INNER JOIN profiles AS p ON (p.pid = ap.pid)
94590511 SJ	284	INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
	285	INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
	286	INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
4c5a5921	287	WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'",
94590511	288	$nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
97a82cd2	289	if (!$hash \|\| $res->numRows() == 0) {
f59bc2fb	290	$page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
97a82cd2	291	<p>Causes probables :</p>
f59bc2fb	292	<ol>
a7de4ef7	293	<li>Vérifie que tu visites l'adresse du dernier
97a82cd2	294	email reçu s'il y en a eu plusieurs.</li>
a7de4ef7	295	<li>Tu as peut-être mal copié l'adresse reçue par
97a82cd2	296	email, vérifie-la à la main.</li>
a7de4ef7	297	<li>Tu as peut-être attendu trop longtemps pour
94590511	298	confirmer. Les pré-inscriptions sont annulées
f59bc2fb	299	tous les 30 jours.</li>
a7de4ef7	300	<li>Tu es en fait déjà inscrit.</li>
f59bc2fb	301	</ol>");
	302	}
	303
94590511 SJ	304	list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
	305	$birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
	306	$yearpromo = substr($promo, 1, 4);
f59bc2fb	307
97a82cd2 VZ	308	// Prepare the template for display.
	309	$page->changeTpl('register/end.tpl');
	310	$page->addJsLink('do_challenge_response_logged.js');
	311	$page->assign('forlife', $forlife);
94590511	312	$page->assign('firstname', $firstname);
97a82cd2 VZ	313
	314	// Check if the user did enter a valid password; if not (or if none is found),
	315	// get her an information page.
94590511 SJ	316	if (Post::has('response')) {
	317	$expected_response = sha1("$forlife:$password:" . S::v('challenge'));
	318	if (Post::v('response') != $expected_response) {
97a82cd2 VZ	319	$page->trigError("Mot de passe invalide.");
	320	S::logger($uid)->log('auth_fail', 'bad password (register/end)');
	321	return;
	322	}
	323	} else {
	324	return;
	325	}
f59bc2fb	326
97a82cd2 VZ	327	//
	328	// Create the user account.
	329	//
94590511 SJ	330	XDB::execute("UPDATE accounts
94590511 SJ	331	SET password = {?}, state = 'active',
33a4f3f9	332	registration_date = NOW(), email = NULL
94590511 SJ	333	WHERE uid = {?}", $password, $uid);
	334	XDB::execute("UPDATE profiles
	335	SET birthdate = {?}, last_change = NOW()
	336	WHERE pid = {?}", $birthdate, $pid);
fe13bc1d	337	XDB::execute("INSERT INTO aliases (uid, alias, type)
97a82cd2	338	VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
fe13bc1d	339	XDB::execute("INSERT INTO aliases (uid, alias, type, flags)
97a82cd2	340	VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
94590511	341	if ($emailXorg2) {
fe13bc1d	342	XDB::execute("INSERT INTO aliases (uid, alias, type)
94590511	343	VALUES ({?}, {?}, 'alias')", $uid, $emailXorg2);
f59bc2fb	344	}
f59bc2fb	345
97a82cd2	346	// Add the registration email address as first and only redirection.
726eaf7a	347	require_once 'emails.inc.php';
94590511	348	$user = User::getSilentWithUID($uid);
12a587df	349	$redirect = new Redirect($user);
f59bc2fb	350	$redirect->add_email($email);
f59bc2fb	351
3546b253 VZ	352	// Try to start a session (so the user don't have to log in); we will use
3546b253 VZ	353	// the password available in Post:: to authenticate the user.
94590511	354	$success = Platal::session()->start(AUTH_MDP);
3546b253 VZ	355
	356	// Subscribe the user to the services she did request at registration time.
	357	foreach (explode(',', $services) as $service) {
	358	switch ($service) {
	359	case 'ax_letter':
	360	Platal::load('axletter', 'axletter.inc.php');
94590511	361	AXLetter::subscribe($uid);
3546b253 VZ	362	break;
3546b253 VZ	363	case 'imap':
3546b253 VZ	364	$storage = new EmailStorage($user, 'imap');
	365	$storage->activate();
	366	break;
	367	case 'ml_promo':
94590511	368	$r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
3546b253 VZ	369	if ($r->numRows()) {
3546b253 VZ	370	$asso_id = $r->fetchOneCell();
eb41eda9	371	XDB::execute('REPLACE INTO group_members (uid, asso_id)
3546b253	372	VALUES ({?}, {?})',
94590511 SJ	373	$uid, $asso_id);
94590511 SJ	374	$mmlist = new MMList($uid, S::v('password'));
3546b253 VZ	375	$mmlist->subscribe("promo" . S::v('promo'));
	376	}
	377	break;
	378	case 'nl':
	379	require_once 'newsletter.inc.php';
94590511	380	NewsLetter::subscribe($uid);
3546b253 VZ	381	break;
	382	}
	383	}
	384
97a82cd2	385	// Log the registration in the user session.
03c0a3a7	386	S::logger($uid)->log('inscription', $email);
97a82cd2 VZ	387	XDB::execute("UPDATE register_pending
	388	SET hash = 'INSCRIT'
	389	WHERE uid = {?}", $uid);
f59bc2fb	390
97a82cd2	391	// Congratulate our newly registered user by email.
94590511	392	$mymail = new PlMailer('register/success.mail.tpl');
f59bc2fb	393	$mymail->assign('forlife', $forlife);
94590511	394	$mymail->assign('firstname', $firstname);
f59bc2fb	395	$mymail->send();
f59bc2fb	396
97a82cd2	397	// Index the user, to allow her to appear in searches.
bbdfd693	398	Profile::rebuildSearchTokens($pid);
2a54eb4d	399
97a82cd2	400	// Notify other users which were watching for her arrival.
94590511 SJ	401	XDB::execute('REPLACE INTO contacts (uid, contact)
	402	SELECT uid, ni_id
	403	FROM watch_nonins
	404	WHERE ni_id = {?}', $uid);
	405	XDB::execute('DELETE FROM watch_nonins
	406	WHERE ni_id = {?}', $uid);
	407	Platal::session()->updateNbNotifs();
03c0a3a7	408
97a82cd2	409	// Forcibly register the new user on default forums.
94590511 SJ	410	$promoForum = 'xorg.promo.' . strtolower($promo);
	411	$registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
	412	foreach ($registeredForums as $forum) {
	413	XDB::execute("INSERT INTO forum_subs (fid, uid)
97a82cd2	414	SELECT fid, {?}
94590511 SJ	415	FROM forums
	416	WHERE name = {?}",
	417	$uid, $val);
97a82cd2 VZ	418
97a82cd2 VZ	419	// Notify the newsgroup admin of the promotion forum needs be created.
94590511 SJ	420	if (XDB::affectedRows() == 0 && $forum == $promoForum) {
	421	$promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
	422	$promoRegistered = new UserFilter(new PFC_And(
	423	new UFC_Promo('=', UserFilter::DISPLAY, $promo),
	424	new UFC_Registered(true),
	425	new PFC_Not(new UFC_Dead())
	426	));
	427	if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
03c0a3a7 FB	428	$mymail = new PlMailer('admin/forums-promo.mail.tpl');
	429	$mymail->assign('promo', $promo);
	430	$mymail->send();
	431	}
	432	}
	433	}
	434
97a82cd2	435	// Update the global registration count stats.
ebfdf077	436	$globals->updateNbIns();
b5dd6f2f	437
97a82cd2 VZ	438	//
	439	// Update collateral data sources, and inform watchers by email.
	440	//
f59bc2fb	441
97a82cd2	442	// Email the referrer(s) of this new user.
94590511 SJ	443	$res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
	444	FROM register_marketing
	445	WHERE uid = {?}
	446	GROUP BY sender
	447	ORDER BY lastDate DESC", $uid);
97a82cd2 VZ	448	XDB::execute("UPDATE register_mstats
	449	SET success = NOW()
	450	WHERE uid = {?}", $uid);
f59bc2fb	451
d3447a09	452	$market = array();
94590511 SJ	453	while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
94590511 SJ	454	$sender = User::getWithUID($senderid);
07f1f729	455	$market[] = " - par {$sender->fullName()} sur $maketingEmails (le plus récemment le $lastDate)";
94590511 SJ	456	$mymail = new PlMailer('register/marketer.mail.tpl');
94590511 SJ	457	$mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
330888b0	458	$mymail->addTo($sender);
94590511 SJ	459	$mymail->assign('sender', $sender);
	460	$mymail->assign('firstname', $firstname);
	461	$mymail->assign('lastname', $lastname);
	462	$mymail->assign('promo', $promo);
	463	$mymail->assign('sex', $sex);
f59bc2fb	464	$mymail->setTxtBody(wordwrap($msg, 72));
	465	$mymail->send();
	466	}
5f5f0eb5	467
97a82cd2	468	// Email the plat/al administrators about the registration.
9812efa0	469	if ($globals->register->notif) {
94590511 SJ	470	$mymail = new PlMailer('register/registration.mail.tpl');
	471	$mymail->setSubject("Inscription de $firstname $lastname ($promo)");
	472	$mymail->assign('firstname', $firstname);
	473	$mymail->assign('lastname', $lastname);
	474	$mymail->assign('promo', $promo);
	475	$mymail->assign('sex', $sex);
	476	$mymail->assign('birthdate', $birthdate);
	477	$mymail->assign('birthdate_ref', $birthdate_ref);
	478	$mymail->assign('forlife', $forlife);
	479	$mymail->assign('email', $email);
4b0cf4e4	480	$mymail->assign('logger', S::logger());
defff1aa	481	if (count($market) > 0) {
94590511	482	$mymail->assign('market', implode("\n", $market));
defff1aa	483	}
9812efa0	484	$mymail->setTxtBody($msg);
eaf30d86	485	$mymail->send();
9812efa0	486	}
f59bc2fb	487
97a82cd2	488	// Remove old pending marketing requests for the new user.
e654517d	489	Marketing::clear($uid);
f59bc2fb	490
97a0a459 FB	491	pl_redirect('profile/edit');
97a0a459 FB	492	}
f59bc2fb	493	}
f59bc2fb	494
a7de4ef7	495	// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
f59bc2fb	496	?>