projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fixes startSessionAs.
[platal.git] / modules / register.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2010 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class RegisterModule extends PLModule
23 {
24 function handlers()
25 {
26 return array(
27 'register' => $this->make_hook('register', AUTH_PUBLIC),
28 'register/end' => $this->make_hook('end', AUTH_PUBLIC),
29 );
30 }
31
32 function handler_register(&$page, $hash = null)
33 {
34 $alert = null;
35 $sub_state = S::v('sub_state', array());
36 if (!isset($sub_state['step'])) {
37 $sub_state['step'] = 0;
38 }
39 if (!isset($sub_state['backs'])) {
40 $sub_state['backs'] = array();
41 }
42 if (Get::has('back') && Get::i('back') < $sub_state['step']) {
43 $sub_state['step'] = max(0, Get::i('back'));
44 $state = $sub_state;
45 unset($state['backs']);
46 $sub_state['backs'][] = $state;
47 if (count($sub_state['backs']) == 3) {
48 $alert .= "Tentative d'inscription très hésitante - ";
49 }
50 }
51
52 if ($hash) {
53 require_once 'directory.enums.inc.php';
54
55 $nameTypes = DirEnum::getOptionsArray(DirEnum::NAMETYPES);
56 $nameTypes = array_flip($nameTypes);
57 $res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id,
58 p.birthdate_ref, FIND_IN_SET('watch', a.flags)
59 FROM register_marketing AS m
60 INNER JOIN accounts AS a ON (m.uid = a.uid)
61 INNER JOIN account_profiles AS ap ON (a.uid = ap.id AND FIND_IN_SET('owner', ap.perms))
62 INNER JOIN profiles AS p ON (p.pid = ap.id)
63 INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
64 INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
65 INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
66 WHERE m.hash = {?}",
67 $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
68
69 if (list($uid, $promo, $lastname, $firstname, $xorgid, $birthdate, $watch) = $res->fetchOneRow()) {
70 $sub_state['uid'] = $uid;
71 $sub_state['hash'] = $hash;
72 $sub_state['yearpromo'] = substr($promo, 1, 4);
73 $sub_state['promo'] = $promo;
74 $sub_state['lastname'] = $lastname;
75 $sub_state['firstname'] = $firstname;
76 $sub_state['xorgid'] = $xorgid;
77 $sub_state['birthdate_ref'] = $birthdate;
78 $sub_state['watch'] = $watch;
79
80 XDB::execute('REPLACE INTO register_mstats (uid,sender,success)
81 SELECT m.uid, m.sender, 0
82 FROM register_marketing AS m
83 WHERE m.hash',
84 $sub_state['hash']);
85 }
86 }
87
88 switch ($sub_state['step']) {
89 case 0:
90 $wp = new PlWikiPage('Reference.Charte');
91 $wp->buildCache();
92 if (Post::has('step1')) {
93 $sub_state['step'] = 1;
94 if (isset($sub_state['hash'])) {
95 $sub_state['step'] = 3;
96 $this->load('register.inc.php');
97 create_aliases($sub_state);
98 }
99 }
100 break;
101
102 case 1:
103 if (Post::has('promo')) {
104 $promo = Post::t('edu_type') . Post::t('promo');
105 $yearpromo = Post::i('promo');
106 $res = XDB::query("SELECT COUNT(*)
107 FROM accounts AS a
108 INNER JOIN account_profile AS pa ON (a.uid = pa.uid AND FIND_IN_SET('owner', ap.perms))
109 INNER JOIN profile AS p ON (p.pid = pa.pid)
110 INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
111 WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
112 $promo);
113
114 if (!$res->fetchOneCell()) {
115 $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
116 } else {
117 $sub_state['step'] = 2;
118 $sub_state['promo'] = $promo;
119 $sub_state['yearpromo'] = $yearpromo;
120 if ($yearpromo >= 1996 && $yearpromo < 2000) {
121 $sub_state['schoolid'] = ($yearpromo % 100) * 10 . '???';
122 } elseif($yearpromo >= 2000) {
123 $sub_state['schoolid'] = 100 + ($yearpromo % 100) . '???';
124 }
125 }
126 }
127 break;
128
129 case 2:
130 if (count($_POST)) {
131 $this->load('register.inc.php');
132 $sub_state['firstname'] = Post::v('firstname');
133 $sub_state['lastname'] = Post::v('lastname');
134 $sub_state['schoolid'] = Post::v('schoolid');
135 $error = check_new_user($sub_state);
136
137 if ($error !== true) {
138 break;
139 }
140 $error = create_aliases($sub_state);
141 if ($error === true) {
142 unset($error);
143 $sub_state['step'] = 3;
144 }
145 }
146 break;
147
148 case 3:
149 if (count($_POST)) {
150 $this->load('register.inc.php');
151
152 // Validate the email address format and domain.
153 require_once 'emails.inc.php';
154
155 if (!isvalid_email(Post::v('email'))) {
156 $error[] = "Le champ 'Email' n'est pas valide.";
157 } elseif (!isvalid_email_redirection(Post::v('email'))) {
158 $error[] = $sub_state['forlife'] . ' doit renvoyer vers un email existant '
159 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
160 }
161
162 // Validate the birthday format and range.
163 $birth = trim(Env::v('birthdate'));
164 if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
165 $error[] = "La 'Date de naissance' n'est pas correcte.";
166 } else {
167 $birth = explode('/', $birth, 3);
168 for ($i = 0; $i < 3; ++$i)
169 $birth[$i] = intval($birth[$i]);
170 if ($birth[2] < 100) {
171 $birth[2] += 1900;
172 }
173 $year = $birth[2];
174 $promo = (int) $sub_state['promo'];
175 if ($year > $promo - 15 || $year < $promo - 30) {
176 $error[] = "La 'Date de naissance' n'est pas correcte.";
177 $alert = "Date de naissance incorrecte à l'inscription - ";
178 $sub_state['wrong_naissance'] = $birth;
179 }
180 }
181
182 // Register the optional services requested by the user.
183 $services = array();
184 foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
185 if (Post::b($service)) {
186 $services[] = $service;
187 }
188 }
189 $sub_state['services'] = $services;
190
191 // Validate the password.
192 if (!Post::v('response2', false)) {
193 $error[] = "Le mot de passe n'est pas valide.";
194 }
195
196 // Check if the given email is known as dangerous.
197 $res = XDB::query("SELECT w.state, w.description
198 FROM email_watch AS w
199 WHERE w.email = {?} AND w.state != 'safe'",
200 Post::v('email'));
201 $email_banned = false;
202 if ($res->numRows()) {
203 list($state, $description) = $res->fetchOneRow();
204 $alert .= "Email surveillé proposé à l'inscription - ";
205 $sub_state['email_desc'] = $description;
206 if ($state == 'dangerous') {
207 $email_banned = true;
208 }
209 }
210 if ($sub_state['watch']) {
211 $alert .= "Inscription d'un utilisateur surveillé - ";
212 }
213
214 if (($ip_banned = check_ip('unsafe'))) {
215 unset($error);
216 }
217
218 if (isset($error)) {
219 $error = join('<br />', $error);
220 } else {
221 $sub_state['birthdate'] = sprintf("%04d-%02d-%02d",
222 intval($birth[2]), intval($birth[1]), intval($birth[0]));
223 $sub_state['email'] = Post::v('email');
224 $sub_state['password'] = Post::v('response2');
225
226 // Update the current alert if the birthdate is incorrect,
227 // or if the IP address of the user has been banned.
228 if ($sub_state['birthdate_ref'] != '0000-00-00'
229 && $sub_state['birthdate_ref'] != $sub_state['birthdate']) {
230 $alert .= "Date de naissance incorrecte à l'inscription - ";
231 }
232 if ($ip_banned) {
233 $alert .= "Tentative d'inscription depuis une IP surveillée";
234 }
235
236 // Prevent banned user from actually registering; save the current state for others.
237 if ($email_banned || $ip_banned) {
238 global $globals;
239 $error = "Une erreur s'est produite lors de l'inscription."
240 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
241 . " register@{$globals->mail->domain}</a>"
242 . " pour nous faire part de cette erreur.";
243 } else {
244 $sub_state['step'] = 4;
245 if (count($sub_state['backs']) >= 3) {
246 $alert .= "Fin d'une inscription hésitante.";
247 }
248 finish_ins($sub_state);
249 }
250 }
251 }
252 break;
253 }
254
255 $_SESSION['sub_state'] = $sub_state;
256 if (!empty($alert)) {
257 send_warning_mail($alert);
258 }
259
260 $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
261 $page->addJsLink('motdepasse.js');
262 if (isset($error)) {
263 $page->trigError($error);
264 }
265 }
266
267 function handler_end(&$page, $hash = null)
268 {
269 global $globals;
270 $_SESSION['sub_state'] = array('step' => 5);
271
272 // Reject registration requests from unsafe IP addresses (and remove the
273 // registration information from the database, to prevent IP changes).
274 if (check_ip('unsafe')) {
275 send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
276 XDB::execute("DELETE FROM register_pending
277 WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
278 return PL_FORBIDDEN;
279 }
280
281 // /* TODO */
282 // Retrieve the pre-registration information using the url-provided
283 // authentication token.
284 if ($hash) {
285 $res = XDB::query(
286 "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2,
287 r.password, r.email, r.services, r.naissance, u.nom, u.prenom,
288 u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini
289 FROM register_pending AS r
290 INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id
291 WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
292 }
293 if (!$hash || $res->numRows() == 0) {
294 $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
295 <p>Causes probables&nbsp;:</p>
296 <ol>
297 <li>Vérifie que tu visites l'adresse du dernier
298 email reçu s'il y en a eu plusieurs.</li>
299 <li>Tu as peut-être mal copié l'adresse reçue par
300 email, vérifie-la à la main.</li>
301 <li>Tu as peut-être attendu trop longtemps pour
302 confirmer. Les pré-inscriptions sont annulées
303 tous les 30 jours.</li>
304 <li>Tu es en fait déjà inscrit.</li>
305 </ol>");
306 }
307
308 list($uid, $forlife, $bestalias, $mailorg2, $password, $email, $services,
309 $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow();
310
311 // Prepare the template for display.
312 $page->changeTpl('register/end.tpl');
313 $page->addJsLink('do_challenge_response_logged.js');
314 $page->assign('forlife', $forlife);
315 $page->assign('prenom', $prenom);
316 $page->assign('femme', $femme);
317
318 // Check if the user did enter a valid password; if not (or if none is found),
319 // get her an information page.
320 if (Env::has('response')) {
321 require_once 'secure_hash.inc.php';
322 $expected_response = hash_encrypt("$forlife:$password:" . S::v('challenge'));
323 if (Env::v('response') != $expected_response) {
324 $page->trigError("Mot de passe invalide.");
325 S::logger($uid)->log('auth_fail', 'bad password (register/end)');
326 return;
327 }
328 } else {
329 return;
330 }
331
332 //
333 // Create the user account.
334 //
335 XDB::execute("UPDATE auth_user_md5
336 SET password = {?}, perms = 'user',
337 date = NOW(), naissance = {?}, date_ins = NOW()
338 WHERE user_id = {?}", $password, $naissance, $uid);
339 XDB::execute("REPLACE INTO auth_user_quick (user_id) VALUES ({?})", $uid);
340 XDB::execute("INSERT INTO aliases (id, alias, type)
341 VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
342 XDB::execute("INSERT INTO aliases (id, alias, type, flags)
343 VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
344 if ($mailorg2) {
345 XDB::execute("INSERT INTO aliases (id, alias, type)
346 VALUES ({?}, {?}, 'alias')", $uid, $mailorg2);
347 }
348
349 // Add the registration email address as first and only redirection.
350 require_once 'emails.inc.php';
351 $user = User::getSilent($uid);
352 $redirect = new Redirect($user);
353 $redirect->add_email($email);
354
355 // Try to start a session (so the user don't have to log in); we will use
356 // the password available in Post:: to authenticate the user.
357 Platal::session()->start(AUTH_MDP);
358
359 // Subscribe the user to the services she did request at registration time.
360 foreach (explode(',', $services) as $service) {
361 switch ($service) {
362 case 'ax_letter':
363 Platal::load('axletter', 'axletter.inc.php');
364 AXLetter::subscribe(S::user()->id());
365 break;
366 case 'imap':
367 $user = S::user();
368 $storage = new EmailStorage($user, 'imap');
369 $storage->activate();
370 break;
371 case 'ml_promo':
372 $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', S::user()->promo());
373 if ($r->numRows()) {
374 $asso_id = $r->fetchOneCell();
375 XDB::execute('REPLACE INTO group_members (uid, asso_id)
376 VALUES ({?}, {?})',
377 S::user()->id(), $asso_id);
378 $mmlist = new MMList(S::user()->id(), S::v('password'));
379 $mmlist->subscribe("promo" . S::v('promo'));
380 }
381 break;
382 case 'nl':
383 require_once 'newsletter.inc.php';
384 NewsLetter::subscribe();
385 break;
386 }
387 }
388
389 // Log the registration in the user session.
390 S::logger($uid)->log('inscription', $email);
391 XDB::execute("UPDATE register_pending
392 SET hash = 'INSCRIT'
393 WHERE uid = {?}", $uid);
394
395 // Congratulate our newly registered user by email.
396 $mymail = new PlMailer('register/inscription.reussie.tpl');
397 $mymail->assign('forlife', $forlife);
398 $mymail->assign('prenom', $prenom);
399 $mymail->send();
400
401 // Index the user, to allow her to appear in searches.
402 Profile::rebuildSearchTokens($uid);
403
404 // Notify other users which were watching for her arrival.
405 require_once 'notifs.inc.php';
406 register_watch_op($uid, WATCH_INSCR);
407 inscription_notifs_base($uid);
408
409 // Forcibly register the new user on default forums.
410 $promo_forum = 'xorg.promo.x' . $promo;
411 $registered_forums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promo_forum);
412 foreach ($registered_forums as $forum) {
413 XDB::execute("INSERT INTO #forums#.abos (fid,uid)
414 SELECT fid, {?}
415 FROM #forums#.list
416 WHERE nom = {?}",
417 $uid, $val);
418
419 // Notify the newsgroup admin of the promotion forum needs be created.
420 if (XDB::affectedRows() == 0 && $forum == $promo_forum) {
421 $res = XDB::query("SELECT SUM(perms IN ('admin','user') AND deces = 0), COUNT(*)
422 FROM auth_user_md5
423 WHERE promo = {?}", $promo);
424 list($promo_registered_count, $promo_count) = $res->fetchOneRow();
425 if ($promo_registered_count > 0.2 * $promo_count) {
426 $mymail = new PlMailer('admin/forums-promo.mail.tpl');
427 $mymail->assign('promo', $promo);
428 $mymail->send();
429 }
430 }
431 }
432
433 // Update the global registration count stats.
434 $globals->updateNbIns();
435
436 //
437 // Update collateral data sources, and inform watchers by email.
438 //
439
440 // Email the referrer(s) of this new user.
441 $res = XDB::iterRow(
442 "SELECT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom,
443 s.prenom, FIND_IN_SET('femme', s.flags) AS femme,
444 GROUP_CONCAT(m.email SEPARATOR ', ') AS mails, MAX(m.last) AS dateDernier
445 FROM register_marketing AS m
446 INNER JOIN auth_user_md5 AS s ON (m.sender = s.user_id)
447 INNER JOIN aliases AS sa ON (sa.id = m.sender
448 AND FIND_IN_SET('bestalias', sa.flags))
449 WHERE m.uid = {?}
450 GROUP BY m.sender
451 ORDER BY dateDernier DESC", $uid);
452 XDB::execute("UPDATE register_mstats
453 SET success = NOW()
454 WHERE uid = {?}", $uid);
455
456 $market = array();
457 while (list($salias, $snom, $sprenom, $sfemme, $mails, $dateDernier) = $res->next()) {
458 $market[] = " - par $snom $sprenom sur $mails (le plus récemment le $dateDernier)";
459 $mymail = new PlMailer();
460 $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !");
461 $mymail->setFrom('"Marketing Polytechnique.org" <register@' . $globals->mail->domain . '>');
462 $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>");
463 $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n"
464 . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), "
465 . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, "
466 . "vient à l'instant de terminer son inscription.\n\n"
467 . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n"
468 . "Bien cordialement,\n"
469 . "-- \n"
470 . "L'équipe Polytechnique.org";
471 $mymail->setTxtBody(wordwrap($msg, 72));
472 $mymail->send();
473 }
474
475 // Email the plat/al administrators about the registration.
476 if ($globals->register->notif) {
477 $mymail = new PlMailer();
478 $mymail->setSubject("Inscription de $prenom $nom (X$promo)");
479 $mymail->setFrom('"Webmaster Polytechnique.org" <web@' . $globals->mail->domain . '>');
480 $mymail->addTo($globals->register->notif);
481 $mymail->addHeader('Reply-To', $globals->register->notif);
482 $msg = "$prenom $nom (X$promo) a terminé son inscription avec les données suivantes :\n"
483 . " - nom : $nom\n"
484 . " - prenom : $prenom\n"
485 . " - promo : $promo\n"
486 . " - naissance : $naissance (date connue : $naiss_ini)\n"
487 . " - forlife : $forlife\n"
488 . " - email : $email\n"
489 . " - sexe : $femme\n"
490 . " - ip : " . S::logger()->ip . " (" . S::logger()->host . ")\n"
491 . (S::logger()->proxy_ip ? " - proxy : " . S::logger()->proxy_ip . " (" . S::logger()->proxy_host . ")\n" : "")
492 . "\n\n";
493 if (count($market) > 0) {
494 $msg .= "Les marketings suivants avaient été effectués :\n"
495 . implode("\n", $market);
496 } else {
497 $msg .= "$prenom $nom n'a jamais reçu d'email de marketing.";
498 }
499 $mymail->setTxtBody($msg);
500 $mymail->send();
501 }
502
503 // Remove old pending marketing requests for the new user.
504 Marketing::clear($uid);
505
506 pl_redirect('profile/edit');
507 }
508 }
509
510 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
511 ?>
plat/al