projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge commit 'origin/master' into fusionax
[platal.git] / modules / register.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2009 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class RegisterModule extends PLModule
23 {
24 function handlers()
25 {
26 return array(
27 'register' => $this->make_hook('register', AUTH_PUBLIC),
28 'register/end' => $this->make_hook('end', AUTH_PUBLIC),
29 );
30 }
31
32 function handler_register(&$page, $hash = null)
33 {
34 $alert = null;
35 $sub_state = S::v('sub_state', Array());
36 if (!isset($sub_state['step'])) {
37 $sub_state['step'] = 0;
38 }
39 if (!isset($sub_state['backs'])) {
40 $sub_state['backs'] = array();
41 }
42 if (Get::has('back') && Get::i('back') < $sub_state['step']) {
43 $sub_state['step'] = max(0,Get::i('back'));
44 $state = $sub_state;
45 unset($state['backs']);
46 $sub_state['backs'][] = $state;
47 if (count($sub_state['backs']) == 3) {
48 $alert .= "Tentative d'inscription très hésitante - ";
49 }
50 }
51
52 if ($hash) {
53 $res = XDB::query(
54 "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, u.naissance_ini, FIND_IN_SET('watch', u.flags)
55 FROM register_marketing AS m
56 INNER JOIN auth_user_md5 AS u ON u.user_id = m.uid
57 WHERE m.hash={?}", $hash);
58 if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) {
59 $sub_state['uid'] = $uid;
60 $sub_state['hash'] = $hash;
61 $sub_state['promo'] = $promo;
62 $sub_state['nom'] = $nom;
63 $sub_state['prenom'] = $prenom;
64 $sub_state['ourmat'] = $ourmat;
65 $sub_state['watch'] = $watch;
66 $sub_state['naissance_ini'] = $naiss;
67
68 XDB::execute(
69 "REPLACE INTO register_mstats (uid,sender,success)
70 SELECT m.uid, m.sender, 0
71 FROM register_marketing AS m
72 WHERE m.hash", $sub_state['hash']);
73 }
74 }
75
76 switch ($sub_state['step']) {
77 case 0:
78 $wp = new PlWikiPage('Reference.Charte');
79 $wp->buildCache();
80 if (Post::has('step1')) {
81 $sub_state['step'] = 1;
82 if (isset($sub_state['hash'])) {
83 $sub_state['step'] = 3;
84 $this->load('register.inc.php');
85 create_aliases($sub_state);
86 }
87 }
88 break;
89
90 case 1:
91 if (Post::has('promo')) {
92 $promo = Post::i('promo');
93 $res = XDB::query("SELECT COUNT(*)
94 FROM auth_user_md5
95 WHERE perms='pending' AND deces = '0000-00-00'
96 AND promo = {?}",
97 $promo);
98 if (!$res->fetchOneCell()) {
99 $err = "La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !";
100 } else {
101 $sub_state['step'] = 2;
102 $sub_state['promo'] = $promo;
103 if ($promo >= 1996 && $promo<2000) {
104 $sub_state['mat'] = ($promo % 100)*10 . '???';
105 } elseif($promo >= 2000) {
106 $sub_state['mat'] = 100 + ($promo % 100) . '???';
107 }
108 }
109 }
110 break;
111
112 case 2:
113 if (count($_POST)) {
114 $this->load('register.inc.php');
115 $sub_state['prenom'] = Post::v('prenom');
116 $sub_state['nom'] = Post::v('nom');
117 $sub_state['mat'] = Post::v('mat');
118 $err = check_new_user($sub_state);
119
120 if ($err !== true) { break; }
121 $err = create_aliases($sub_state);
122 if ($err === true) {
123 unset($err);
124 $sub_state['step'] = 3;
125 }
126 }
127 break;
128
129 case 3:
130 if (count($_POST)) {
131 $this->load('register.inc.php');
132
133 // Validate the email address format and domain.
134 require_once 'emails.inc.php';
135 if (!isvalid_email(Post::v('email'))) {
136 $err[] = "Le champ 'Email' n'est pas valide.";
137 } elseif (!isvalid_email_redirection(Post::v('email'))) {
138 $err[] = $sub_state['forlife']." doit renvoyer vers un email existant ".
139 "valide, en particulier, il ne peut pas être renvoyé vers lui-même.";
140 }
141
142 // Validate the birthday format and range.
143 $birth = trim(Env::v('naissance'));
144 if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
145 $err[] = "La 'Date de naissance' n'est pas correcte.";
146 } else {
147 $birth = explode('/', $birth, 3);
148 for ($i = 0; $i < 3; $i++)
149 $birth[$i] = intval($birth[$i]);
150 if ($birth[2] < 100) $birth[2] += 1900;
151 $year = $birth[2];
152 $promo = (int)$sub_state['promo'];
153 if ($year > $promo - 15 || $year < $promo - 30) {
154 $err[] = "La 'Date de naissance' n'est pas correcte.";
155 $alert = "Date de naissance incorrecte à l'inscription - ";
156 $sub_state['wrong_naissance'] = $birth;
157 }
158 }
159
160 // Register the optional services requested by the user.
161 $services = array();
162 foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
163 if (Post::b($service)) {
164 $services[] = $service;
165 }
166 }
167 $sub_state['services'] = $services;
168
169 // Validate the password.
170 if (!Post::v('response2', false)) {
171 $err[] = "Le mot de passe n'est pas valide.";
172 }
173
174 // Check if the given email is known as dangerous.
175 $res = XDB::query("SELECT w.state, w.description
176 FROM emails_watch AS w
177 WHERE w.email = {?} AND w.state != 'safe'",
178 Post::v('email'));
179 $email_banned = false;
180 if ($res->numRows()) {
181 list($state, $description) = $res->fetchOneRow();
182 $alert .= "Email surveillé proposé à l'inscription - ";
183 $sub_state['email_desc'] = $description;
184 if ($state == 'dangerous') {
185 $email_banned = true;
186 }
187 }
188 if ($sub_state['watch']) {
189 $alert .= "Inscription d'un utilisateur surveillé - ";
190 }
191
192 if (($ip_banned = check_ip('unsafe'))) {
193 unset($err);
194 }
195
196 if (isset($err)) {
197 $err = join('<br />', $err);
198 } else {
199 $sub_state['naissance'] = sprintf("%04d-%02d-%02d",
200 intval($birth[2]), intval($birth[1]), intval($birth[0]));
201 $sub_state['email'] = Post::v('email');
202 $sub_state['password'] = Post::v('response2');
203
204 // Update the current alert if the birthdate is incorrect,
205 // or if the IP address of the user has been banned.
206 if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) {
207 $alert .= "Date de naissance incorrecte à l'inscription - ";
208 }
209 if ($ip_banned) {
210 $alert .= "Tentative d'inscription depuis une IP surveillée";
211 }
212
213 // Prevent banned user from actually registering; save the current state for others.
214 if ($email_banned || $ip_banned) {
215 global $globals;
216 $err = "Une erreur s'est produite lors de l'inscription."
217 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
218 . " register@{$globals->mail->domain}</a>"
219 . " pour nous faire part de cette erreur";
220 } else {
221 $sub_state['step'] = 4;
222 if (count($sub_state['backs']) >= 3) {
223 $alert .= "Fin d'une inscription hésitante";
224 }
225 finish_ins($sub_state);
226 }
227 }
228 }
229 break;
230 }
231
232 $_SESSION['sub_state'] = $sub_state;
233 if (!empty($alert)) {
234 send_warning_mail($alert);
235 }
236
237 $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
238 $page->addJsLink('motdepasse.js');
239 if (isset($err)) {
240 $page->trigError($err);
241 }
242 }
243
244 function handler_end(&$page, $hash = null)
245 {
246 global $globals;
247 $_SESSION['sub_state'] = array('step' => 5);
248
249 // Reject registration requests from unsafe IP addresses (and remove the
250 // registration information from the database, to prevent IP changes).
251 if (check_ip('unsafe')) {
252 send_warning_mail('Une IP surveillée a tenté de finaliser son inscription');
253 XDB::execute("DELETE FROM register_pending
254 WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
255 return PL_FORBIDDEN;
256 }
257
258 require_once('user.func.inc.php');
259
260 // Retrieve the pre-registration information using the url-provided
261 // authentication token.
262 if ($hash) {
263 $res = XDB::query(
264 "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2,
265 r.password, r.email, r.services, r.naissance, u.nom, u.prenom,
266 u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini
267 FROM register_pending AS r
268 INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id
269 WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
270 }
271 if (!$hash || $res->numRows() == 0) {
272 $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
273 <p>Causes probables&nbsp;:</p>
274 <ol>
275 <li>Vérifie que tu visites l'adresse du dernier
276 email reçu s'il y en a eu plusieurs.</li>
277 <li>Tu as peut-être mal copié l'adresse reçue par
278 email, vérifie-la à la main.</li>
279 <li>Tu as peut-être attendu trop longtemps pour
280 confirmer. Les pré-inscriptions sont annulées
281 tous les 30 jours.</li>
282 <li>Tu es en fait déjà inscrit.</li>
283 </ol>");
284 }
285
286 list($uid, $forlife, $bestalias, $mailorg2, $password, $email, $services,
287 $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow();
288
289 // Prepare the template for display.
290 $page->changeTpl('register/end.tpl');
291 $page->addJsLink('do_challenge_response_logged.js');
292 $page->assign('forlife', $forlife);
293 $page->assign('prenom', $prenom);
294 $page->assign('femme', $femme);
295
296 // Check if the user did enter a valid password; if not (or if none is found),
297 // get her an information page.
298 if (Env::has('response')) {
299 require_once 'secure_hash.inc.php';
300 $expected_response = hash_encrypt("$forlife:$password:" . S::v('challenge'));
301 if (Env::v('response') != $expected_response) {
302 $page->trigError("Mot de passe invalide.");
303 S::logger($uid)->log('auth_fail', 'bad password (register/end)');
304 return;
305 }
306 } else {
307 return;
308 }
309
310 //
311 // Create the user account.
312 //
313 XDB::execute("UPDATE auth_user_md5
314 SET password = {?}, perms = 'user',
315 date = NOW(), naissance = {?}, date_ins = NOW()
316 WHERE user_id = {?}", $password, $naissance, $uid);
317 XDB::execute("REPLACE INTO auth_user_quick (user_id) VALUES ({?})", $uid);
318 XDB::execute("INSERT INTO aliases (id, alias, type)
319 VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
320 XDB::execute("INSERT INTO aliases (id, alias, type, flags)
321 VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
322 if ($mailorg2) {
323 XDB::execute("INSERT INTO aliases (id, alias, type)
324 VALUES ({?}, {?}, 'alias')", $uid, $mailorg2);
325 }
326
327 // Add the registration email address as first and only redirection.
328 require_once('emails.inc.php');
329 $user = User::getSilent($uid);
330 $redirect = new Redirect($user);
331 $redirect->add_email($email);
332
333 // Try to start a session (so the user don't have to log in); we will use
334 // the password available in Post:: to authenticate the user.
335 Platal::session()->start(AUTH_MDP);
336
337 // Subscribe the user to the services she did request at registration time.
338 foreach (explode(',', $services) as $service) {
339 switch ($service) {
340 case 'ax_letter':
341 Platal::load('axletter', 'axletter.inc.php');
342 AXLetter::subscribe(S::user()->id());
343 break;
344 case 'imap':
345 require_once 'emails.inc.php';
346 $user = S::user();
347 $storage = new EmailStorage($user, 'imap');
348 $storage->activate();
349 break;
350 case 'ml_promo':
351 $r = XDB::query('SELECT id FROM #groupex#.asso WHERE diminutif = {?}', S::user()->promo());
352 if ($r->numRows()) {
353 $asso_id = $r->fetchOneCell();
354 XDB::execute('REPLACE INTO #groupex#.membres (uid, asso_id)
355 VALUES ({?}, {?})',
356 S::user()->id(), $asso_id);
357 $mmlist = new MMList(S::user()->id(), S::v('password'));
358 $mmlist->subscribe("promo" . S::v('promo'));
359 }
360 break;
361 case 'nl':
362 require_once 'newsletter.inc.php';
363 NewsLetter::subscribe();
364 break;
365 }
366 }
367
368 // Log the registration in the user session.
369 S::logger($uid)->log('inscription', $email);
370 XDB::execute("UPDATE register_pending
371 SET hash = 'INSCRIT'
372 WHERE uid = {?}", $uid);
373
374 // Congratulate our newly registered user by email.
375 $mymail = new PlMailer('register/inscription.reussie.tpl');
376 $mymail->assign('forlife', $forlife);
377 $mymail->assign('prenom', $prenom);
378 $mymail->send();
379
380 // Index the user, to allow her to appear in searches.
381 require_once('user.func.inc.php');
382 user_reindex($uid);
383
384 // Notify other users which were watching for her arrival.
385 require_once 'notifs.inc.php';
386 register_watch_op($uid, WATCH_INSCR);
387 inscription_notifs_base($uid);
388
389 // Forcibly register the new user on default forums.
390 $promo_forum = 'xorg.promo.x' . $promo;
391 $registered_forums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promo_forum);
392 foreach ($registered_forums as $forum) {
393 XDB::execute("INSERT INTO #forums#.abos (fid,uid)
394 SELECT fid, {?}
395 FROM #forums#.list
396 WHERE nom = {?}",
397 $uid, $val);
398
399 // Notify the newsgroup admin of the promotion forum needs be created.
400 if (XDB::affectedRows() == 0 && $forum == $promo_forum) {
401 $res = XDB::query("SELECT SUM(perms IN ('admin','user') AND deces = 0), COUNT(*)
402 FROM auth_user_md5
403 WHERE promo = {?}", $promo);
404 list($promo_registered_count, $promo_count) = $res->fetchOneRow();
405 if ($promo_registered_count > 0.2 * $promo_count) {
406 $mymail = new PlMailer('admin/forums-promo.mail.tpl');
407 $mymail->assign('promo', $promo);
408 $mymail->send();
409 }
410 }
411 }
412
413 // Update the global registration count stats.
414 $globals->updateNbIns();
415
416 //
417 // Update collateral data sources, and inform watchers by email.
418 //
419
420 // Email the referrer(s) of this new user.
421 $res = XDB::iterRow(
422 "SELECT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom,
423 s.prenom, FIND_IN_SET('femme', s.flags) AS femme,
424 GROUP_CONCAT(m.email SEPARATOR ', ') AS mails, MAX(m.last) AS dateDernier
425 FROM register_marketing AS m
426 INNER JOIN auth_user_md5 AS s ON (m.sender = s.user_id)
427 INNER JOIN aliases AS sa ON (sa.id = m.sender
428 AND FIND_IN_SET('bestalias', sa.flags))
429 WHERE m.uid = {?}
430 GROUP BY m.sender
431 ORDER BY dateDernier DESC", $uid);
432 XDB::execute("UPDATE register_mstats
433 SET success = NOW()
434 WHERE uid = {?}", $uid);
435
436 $market = array();
437 while (list($salias, $snom, $sprenom, $sfemme, $mails, $dateDernier) = $res->next()) {
438 $market[] = " - par $snom $sprenom sur $mails (le plus récemment le $dateDernier)";
439 $mymail = new PlMailer();
440 $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !");
441 $mymail->setFrom('"Marketing Polytechnique.org" <register@' . $globals->mail->domain . '>');
442 $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>");
443 $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n"
444 . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), "
445 . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, "
446 . "vient à l'instant de terminer son inscription.\n\n"
447 . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n"
448 . "Bien cordialement,\n"
449 . "-- \n"
450 . "L'équipe Polytechnique.org";
451 $mymail->setTxtBody(wordwrap($msg, 72));
452 $mymail->send();
453 }
454
455 // Email the plat/al administrators about the registration.
456 if ($globals->register->notif) {
457 $mymail = new PlMailer();
458 $mymail->setSubject("Inscription de $prenom $nom (X$promo)");
459 $mymail->setFrom('"Webmaster Polytechnique.org" <web@' . $globals->mail->domain . '>');
460 $mymail->addTo($globals->register->notif);
461 $mymail->addHeader('Reply-To', $globals->register->notif);
462 $msg = "$prenom $nom (X$promo) a terminé son inscription avec les données suivantes :\n"
463 . " - nom : $nom\n"
464 . " - prenom : $prenom\n"
465 . " - promo : $promo\n"
466 . " - naissance : $naissance (date connue : $naiss_ini)\n"
467 . " - forlife : $forlife\n"
468 . " - email : $email\n"
469 . " - sexe : $femme\n"
470 . " - ip : " . S::logger()->ip . " (" . S::logger()->host . ")\n"
471 . (S::logger()->proxy_ip ? " - proxy : " . S::logger()->proxy_ip . " (" . S::logger()->proxy_host . ")\n" : "")
472 . "\n\n";
473 if (count($market) > 0) {
474 $msg .= "Les marketings suivants avaient été effectués :\n"
475 . implode("\n", $market);
476 } else {
477 $msg .= "$prenom $nom n'a jamais reçu d'email de marketing.";
478 }
479 $mymail->setTxtBody($msg);
480 $mymail->send();
481 }
482
483 // Remove old pending marketing requests for the new user.
484 Marketing::clear($uid);
485
486 pl_redirect('profile/edit');
487 }
488 }
489
490 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
491 ?>
plat/al