projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
New IP watcher :
[platal.git] / modules / register.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2007 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class RegisterModule extends PLModule
23 {
24 function handlers()
25 {
26 return array(
27 'register' => $this->make_hook('register', AUTH_PUBLIC),
28 'register/end' => $this->make_hook('end', AUTH_PUBLIC),
29 'register/end.php' => $this->make_hook('end_old', AUTH_PUBLIC),
30 'register/success' => $this->make_hook('success', AUTH_MDP),
31 );
32 }
33
34 function handler_register(&$page, $hash = null)
35 {
36 $alert = null;
37 $sub_state = S::v('sub_state', Array());
38 if (!isset($sub_state['step'])) {
39 $sub_state['step'] = 0;
40 }
41 if (Get::has('back') && Get::i('back') < $sub_state['step']) {
42 $sub_state['step'] = max(0,Get::i('back'));
43 }
44
45 // Compatibility with old sources, keep it atm
46 if (!$hash && Env::has('hash')) {
47 $hash = Env::v('hash');
48 }
49
50 if ($hash) {
51 $res = XDB::query(
52 "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule
53 FROM register_marketing AS m
54 INNER JOIN auth_user_md5 AS u ON u.user_id = m.uid
55 WHERE m.hash={?}", $hash);
56 if (list($uid, $promo, $nom, $prenom, $ourmat) = $res->fetchOneRow()) {
57 $sub_state['uid'] = $uid;
58 $sub_state['hash'] = $hash;
59 $sub_state['promo'] = $promo;
60 $sub_state['nom'] = $nom;
61 $sub_state['prenom'] = $prenom;
62 $sub_state['ourmat'] = $ourmat;
63
64 XDB::execute(
65 "REPLACE INTO register_mstats (uid,sender,success)
66 SELECT m.uid, m.sender, 0
67 FROM register_marketing AS m
68 WHERE m.hash", $sub_state['hash']);
69 }
70 }
71
72 switch ($sub_state['step']) {
73 case 0:
74 require_once('wiki.inc.php');
75 wiki_require_page('Reference.Charte');
76 if (Post::has('step1')) {
77 $sub_state['step'] = 1;
78 if (isset($sub_state['hash'])) {
79 $sub_state['step'] = 3;
80 require_once(dirname(__FILE__) . '/register/register.inc.php');
81 create_aliases($sub_state);
82 }
83 }
84 break;
85
86 case 1:
87 if (Post::has('promo')) {
88 $promo = Post::i('promo');
89 $res = XDB::query("SELECT COUNT(*)
90 FROM auth_user_md5
91 WHERE perms='pending' AND deces = '0000-00-00'
92 AND promo = {?}",
93 $promo);
94 if (!$res->fetchOneCell()) {
95 $err = "La promotion saisie est incorrecte ou tous les camardes de cette promo sont inscrits !";
96 } else {
97 $sub_state['step'] = 2;
98 $sub_state['promo'] = $promo;
99 if ($promo >= 1996 && $promo<2000) {
100 $sub_state['mat'] = ($promo % 100)*10 . '???';
101 } elseif($promo >= 2000) {
102 $sub_state['mat'] = 100 + ($promo % 100) . '???';
103 }
104 }
105 }
106 break;
107
108 case 2:
109 if (count($_POST)) {
110 require_once(dirname(__FILE__) . '/register/register.inc.php');
111 $sub_state['prenom'] = Post::v('prenom');
112 $sub_state['nom'] = Post::v('nom');
113 $sub_state['mat'] = Post::v('mat');
114 $err = check_new_user($sub_state);
115
116 if ($err !== true) { break; }
117 $err = create_aliases($sub_state);
118 if ($err === true) {
119 unset($err);
120 $sub_state['step'] = 3;
121 }
122 }
123 break;
124
125 case 3:
126 if (count($_POST)) {
127 require_once(dirname(__FILE__) . '/register/register.inc.php');
128 if (!isvalid_email(Post::v('email'))) {
129 $err[] = "Le champ 'E-mail' n'est pas valide.";
130 } elseif (!isvalid_email_redirection(Post::v('email'))) {
131 $err[] = $sub_state['forlife']." doit renvoyer vers un email existant ".
132 "valide, en particulier, il ne peut pas être renvoyé vers lui-même.";
133 }
134 $birth = trim(Env::v('naissance'));
135 if (!preg_match('/^[0-3][0-9][01][0-9][12][90][0-9][0-9]$/', $birth)) {
136 $err[] = "La 'Date de naissance' n'est pas correcte.";
137 } else {
138 $year = (int)substr($birth, 4, 4);
139 $promo = (int)$sub_state['promo'];
140 if ($year > $promo - 15 || $year < $promo - 30) {
141 $err[] = "La 'Date de naissance' n'est pas correcte.";
142 $alert = "Date de naissance incorrecte a l'inscription - ";
143 }
144 }
145
146 // Check if the given email is known as dangerous
147 $res = Xdb::iterRow("SELECT w.state, w.description, a.alias
148 FROM emails AS e
149 INNER JOIN emails_watch AS w ON (e.email = w.email AND w.state != 'safe')
150 INNER JOIN aliases AS a ON (e.uid = a.id AND a.type = 'a_vie')
151 WHERE e.email = {?}
152 ORDER BY a.alias", Post::v('email'));
153 $aliases = array();
154 while(list($gstate, $gdescription, $alias) = $res->next()) {
155 $state = $gstate;
156 $description = $gdescription;
157 $aliases[] = $alias;
158 }
159 if (count($aliases) != 0) {
160 $alert .= "Email surveille propose a l'inscription - ";
161 }
162
163 if (check_ip('unsafe')) {
164 unset($err);
165 }
166
167 if (isset($err)) {
168 $err = join('<br />', $err);
169 } else {
170 $sub_state['naissance'] = sprintf("%s-%s-%s",
171 substr($birth,4,4),
172 substr($birth,2,2),
173 substr($birth,0,2));
174 $sub_state['email'] = Post::v('email');
175 if (check_ip('unsafe')) {
176 $err = "Une erreur s'est produite lors de l'inscription."
177 . " Merci de contacter <a href='register@polytechnique.org'>register@polytechnique.org</a>"
178 . " pour nous faire part de cette erreur";
179 $alert .= "Tentative d'inscription depuis une IP surveillee";
180 } else {
181 $sub_state['step'] = 4;
182 finish_ins($sub_state);
183 }
184 }
185 }
186 break;
187 }
188
189 $_SESSION['sub_state'] = $sub_state;
190 if ($alert) {
191 send_warning_mail($alert);
192 }
193 $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
194 if (isset($err)) {
195 $page->trig($err);
196 }
197 }
198
199 function handler_end_old(&$page)
200 {
201 return $this->handler_end($page, Env::v('hash'));
202 }
203
204 function handler_end(&$page, $hash = null)
205 {
206 global $globals;
207
208 $page->changeTpl('register/end.tpl');
209 $_SESSION['sub_state'] = array('step' => 5);
210 require_once('user.func.inc.php');
211
212 if ($hash) {
213 $res = XDB::query(
214 "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2,
215 r.password, r.email, r.naissance, u.nom, u.prenom,
216 u.promo, u.flags
217 FROM register_pending AS r
218 INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id
219 WHERE hash={?} AND hash!='INSCRIT'", $hash);
220 }
221
222 if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email,
223 $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow())
224 {
225 $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
226 <p>Causes probables :</p>
227 <ol>
228 <li>Vérifie que tu visites l'adresse du dernier
229 e-mail reçu s'il y en a eu plusieurs.</li>
230 <li>Tu as peut-être mal copié l'adresse reçue par
231 mail, vérifie-la à la main.</li>
232 <li>Tu as peut-être attendu trop longtemps pour
233 confirmer. Les pré-inscriptions sont annulées
234 tous les 30 jours.</li>
235 <li>Tu es en fait déjà inscrit.</li>
236 </ol>");
237 }
238
239
240
241 /***********************************************************/
242 /****************** REALLY CREATE ACCOUNT ******************/
243 /***********************************************************/
244
245 XDB::execute('UPDATE auth_user_md5
246 SET password={?}, perms="user",
247 date=NOW(), naissance={?}, date_ins = NOW()
248 WHERE user_id={?}', $password, $naissance, $uid);
249 XDB::execute('REPLACE INTO auth_user_quick (user_id) VALUES ({?})', $uid);
250 XDB::execute('INSERT INTO aliases (id,alias,type)
251 VALUES ({?}, {?}, "a_vie")', $uid,
252 $forlife);
253 XDB::execute('INSERT INTO aliases (id,alias,type,flags)
254 VALUES ({?}, {?}, "alias", "bestalias")',
255 $uid, $bestalias);
256 if ($mailorg2) {
257 XDB::execute('INSERT INTO aliases (id,alias,type)
258 VALUES ({?}, {?}, "alias")', $uid,
259 $mailorg2);
260 }
261
262 require_once('emails.inc.php');
263 $redirect = new Redirect($uid);
264 $redirect->add_email($email);
265
266 // on cree un objet logger et on log l'inscription
267 $logger = new CoreLogger($uid);
268 $logger->log('inscription', $email);
269
270 XDB::execute('UPDATE register_pending SET hash="INSCRIT" WHERE uid={?}', $uid);
271
272 global $platal;
273 $platal->on_subscribe($forlife, $uid, $promo, $password);
274
275 $mymail = new PlMailer('register/inscription.reussie.tpl');
276 $mymail->assign('forlife', $forlife);
277 $mymail->assign('prenom', $prenom);
278 $mymail->send();
279
280 if (!start_connexion($uid,false)) {
281 return PL_FORBIDDEN;
282 }
283 $_SESSION['auth'] = AUTH_MDP;
284
285 /***********************************************************/
286 /************* envoi d'un mail au démarcheur ***************/
287 /***********************************************************/
288 $res = XDB::iterRow(
289 "SELECT DISTINCT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom,
290 s.prenom, FIND_IN_SET('femme', s.flags) AS femme
291 FROM register_marketing AS m
292 INNER JOIN auth_user_md5 AS s ON ( m.sender = s.user_id )
293 INNER JOIN aliases AS sa ON ( sa.id = m.sender
294 AND FIND_IN_SET('bestalias', sa.flags) )
295 WHERE m.uid = {?}", $uid);
296 XDB::execute("UPDATE register_mstats SET success=NOW() WHERE uid={?}", $uid);
297
298 while (list($salias, $snom, $sprenom, $sfemme) = $res->next()) {
299 $mymail = new PlMailer();
300 $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !");
301 $mymail->setFrom('"Marketing Polytechnique.org" <register@polytechnique.org>');
302 $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>");
303 $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n"
304 . "Nous t'écrivons pour t'informer que {$prenom} {$nom} (X{$promo}), "
305 . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, "
306 . "vient à l'instant de terminer son inscription.\n\n"
307 . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n"
308 . "Bien cordialement,\n"
309 . "L'équipe Polytechnique.org";
310 $mymail->setTxtBody(wordwrap($msg, 72));
311 $mymail->send();
312 }
313
314 XDB::execute("DELETE FROM register_marketing WHERE uid = {?}", $uid);
315
316 pl_redirect('register/success');
317 $page->assign('uid', $uid);
318 }
319
320 function handler_success(&$page)
321 {
322 $page->changeTpl('register/success.tpl');
323
324 $_SESSION['sub_state'] = array('step' => 5);
325 if (Env::has('response2')) {
326 $_SESSION['password'] = $password = Post::v('response2');
327
328 XDB::execute('UPDATE auth_user_md5 SET password={?}
329 WHERE user_id={?}', $password,
330 S::v('uid'));
331
332 $log =& S::v('log');
333 $log->log('passwd', '');
334
335 if (Cookie::v('ORGaccess')) {
336 require_once('secure_hash.inc.php');
337 setcookie('ORGaccess', hash_encrypt($password), (time()+25920000), '/', '' ,0);
338 }
339
340 $page->assign('mdpok', true);
341 }
342
343 $page->addJsLink('motdepasse.js');
344 }
345 }
346
347 ?>
plat/al