projects / platal.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Cleanup and fix email/send.
[platal.git] / modules / register.php
1 <?php
2 /***************************************************************************
3 * Copyright (C) 2003-2010 Polytechnique.org *
4 * http://opensource.polytechnique.org/ *
5 * *
6 * This program is free software; you can redistribute it and/or modify *
7 * it under the terms of the GNU General Public License as published by *
8 * the Free Software Foundation; either version 2 of the License, or *
9 * (at your option) any later version. *
10 * *
11 * This program is distributed in the hope that it will be useful, *
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
14 * GNU General Public License for more details. *
15 * *
16 * You should have received a copy of the GNU General Public License *
17 * along with this program; if not, write to the Free Software *
18 * Foundation, Inc., *
19 * 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA *
20 ***************************************************************************/
21
22 class RegisterModule extends PLModule
23 {
24 function handlers()
25 {
26 return array(
27 'register' => $this->make_hook('register', AUTH_PUBLIC),
28 'register/end' => $this->make_hook('end', AUTH_PUBLIC),
29 );
30 }
31
32 function handler_register(&$page, $hash = null)
33 {
34 $alert = null;
35 $subState = new PlDict(S::v('subState', array()));
36 if (!$subState->has('step')) {
37 $subState->set('step', 0);
38 }
39 if (!$subState->has('backs')) {
40 $subState->set('backs', new PlDict());
41 }
42 if (Get::has('back') && Get::i('back') < $subState->i('step')) {
43 $subState->set('step', max(0, Get::i('back')));
44 $subState->v('back')->set($subState->v('back')->count() + 1, $subState->dict());
45 $subState->v('back')->kill('back');
46 if ($subState->v('backs')->count() == 3) {
47 $alert .= "Tentative d'inscription très hésitante - ";
48 }
49 }
50
51 if ($hash) {
52 require_once 'directory.enums.inc.php';
53
54 $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
55 $nameTypes = array_flip($nameTypes);
56 $res = XDB::query("SELECT a.uid, pd.promo, pnl.name AS lastname, pnf.name AS firstname, p.xorg_id AS xorgid,
57 p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash
58 FROM register_marketing AS m
59 INNER JOIN accounts AS a ON (m.uid = a.uid)
60 INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
61 INNER JOIN profiles AS p ON (p.pid = ap.uid)
62 INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
63 INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
64 INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
65 WHERE m.hash = {?}",
66 $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
67
68 if ($res->numRows() == 1) {
69 $subState->merge($res->fetchOneRow());
70 $subState->set('yearpromo', substr($subState->s('promo'), 1, 4));
71
72 XDB::execute('REPLACE INTO register_mstats (uid,sender,success)
73 SELECT m.uid, m.sender, 0
74 FROM register_marketing AS m
75 WHERE m.hash',
76 $subState->s('hash'));
77 }
78 }
79
80 switch ($subState->i('step')) {
81 case 0:
82 $wp = new PlWikiPage('Reference.Charte');
83 $wp->buildCache();
84 if (Post::has('step1')) {
85 $subState->set('step', 1);
86 if ($subState->has('hash')) {
87 $subState->set('step', 3);
88 $this->load('register.inc.php');
89 createAliases($subState);
90 }
91 }
92 break;
93
94 case 1:
95 if (Post::has('yearpromo')) {
96 $promo = Post::t('edu_type') . Post::t('yearpromo');
97 $yearpromo = Post::i('yearpromo');
98 $res = XDB::query("SELECT COUNT(*)
99 FROM accounts AS a
100 INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
101 INNER JOIN profiles AS p ON (p.pid = ap.pid)
102 INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
103 WHERE a.state = 'pending' AND p.deathdate IS NULL AND pd.promo = {?}",
104 $promo);
105
106 if (!$res->fetchOneCell()) {
107 $error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
108 } else {
109 $subState->set('step', 2);
110 $subState->set('promo', $promo);
111 $subState->set('yearpromo', $yearpromo);
112 if ($yearpromo >= 1996 && $yearpromo < 2000) {
113 $subState->set('schoolid', ($yearpromo % 100) * 10 . '???');
114 } elseif($yearpromo >= 2000) {
115 $subState->set('schoolid', 100 + ($yearpromo % 100) . '???');
116 }
117 }
118 }
119 break;
120
121 case 2:
122 if (count($_POST)) {
123 $this->load('register.inc.php');
124 $subState->set('firstname', Post::t('firstname'));
125 $subState->set('lastname', Post::t('lastname'));
126 $subState->set('schoolid', Post::i('schoolid'));
127 $error = checkNewUser($subState);
128
129 if ($error !== true) {
130 break;
131 }
132 $error = createAliases($subState);
133 if ($error === true) {
134 unset($error);
135 $subState->set('step', 3);
136 }
137 }
138 break;
139
140 case 3:
141 if (count($_POST)) {
142 $this->load('register.inc.php');
143
144 // Validate the email address format and domain.
145 require_once 'emails.inc.php';
146
147 if (!isvalid_email(Post::v('email'))) {
148 $error[] = "Le champ 'Email' n'est pas valide.";
149 } elseif (!isvalid_email_redirection(Post::v('email'))) {
150 $error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant '
151 . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
152 }
153
154 // Validate the birthday format and range.
155 $birth = Post::t('birthdate');
156 if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) {
157 $error[] = "La 'Date de naissance' n'est pas correcte.";
158 } else {
159 $birth = explode('/', $birth, 3);
160 for ($i = 0; $i < 3; ++$i)
161 $birth[$i] = intval($birth[$i]);
162 if ($birth[2] < 100) {
163 $birth[2] += 1900;
164 }
165 $year = $birth[2];
166 $promo = $subState->i('yearpromo');
167 if ($year > $promo - 15 || $year < $promo - 30) {
168 $error[] = "La 'Date de naissance' n'est pas correcte.";
169 $alert = "Date de naissance incorrecte à l'inscription - ";
170 $subState->set('wrong_birthdate', $birth);
171 }
172 }
173
174 // Register the optional services requested by the user.
175 $services = array();
176 foreach (array('ax_letter', 'imap', 'ml_promo', 'nl') as $service) {
177 if (Post::b($service)) {
178 $services[] = $service;
179 }
180 }
181 $subState->set('services', $services);
182
183 // Validate the password.
184 if (!Post::v('response2', false)) {
185 $error[] = "Le mot de passe n'est pas valide.";
186 }
187
188 // Check if the given email is known as dangerous.
189 $res = XDB::query("SELECT state, description
190 FROM email_watch
191 WHERE email = {?} AND state != 'safe'",
192 Post::v('email'));
193 $bannedEmail = false;
194 if ($res->numRows()) {
195 list($state, $description) = $res->fetchOneRow();
196 $alert .= "Email surveillé proposé à l'inscription - ";
197 $subState->set('email_desc', $description);
198 if ($state == 'dangerous') {
199 $bannedEmail = true;
200 }
201 }
202 if ($subState->i('watch') != 0) {
203 $alert .= "Inscription d'un utilisateur surveillé - ";
204 }
205
206 if (($bannedIp = check_ip('unsafe'))) {
207 unset($error);
208 }
209
210 if (isset($error)) {
211 $error = join('<br />', $error);
212 } else {
213 $subState->set('birthdate', sprintf("%04d-%02d-%02d",
214 intval($birth[2]), intval($birth[1]), intval($birth[0])));
215 $subState->set('email', Post::t('email'));
216 $subState->set('password', Post::t('response2'));
217
218 // Update the current alert if the birthdate is incorrect,
219 // or if the IP address of the user has been banned.
220 if ($subState->s('birthdateRef') != '0000-00-00'
221 && $subState->s('birthdateRef') != $subState->s('birthdate')) {
222 $alert .= "Date de naissance incorrecte à l'inscription - ";
223 }
224 if ($bannedIp) {
225 $alert .= "Tentative d'inscription depuis une IP surveillée";
226 }
227
228 // Prevent banned user from actually registering; save the current state for others.
229 if ($bannedEmail || $bannedIp) {
230 global $globals;
231 $error = "Une erreur s'est produite lors de l'inscription."
232 . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>"
233 . " register@{$globals->mail->domain}</a>"
234 . " pour nous faire part de cette erreur.";
235 } else {
236 $subState->set('step', 4);
237 if ($subState->v('backs')->count() >= 3) {
238 $alert .= "Fin d'une inscription hésitante.";
239 }
240 finishRegistration($subState);
241 }
242 }
243 }
244 break;
245 }
246
247 $_SESSION['subState'] = $subState->dict();
248 if (!empty($alert)) {
249 send_warning_mail($alert);
250 }
251
252 $page->changeTpl('register/step' . $subState->i('step') . '.tpl');
253 $page->addJsLink('motdepasse.js');
254 if (isset($error)) {
255 $page->trigError($error);
256 }
257 }
258
259 function handler_end(&$page, $hash = null)
260 {
261 global $globals;
262 $_SESSION['subState'] = array('step' => 5);
263
264 // Reject registration requests from unsafe IP addresses (and remove the
265 // registration information from the database, to prevent IP changes).
266 if (check_ip('unsafe')) {
267 send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
268 XDB::execute("DELETE FROM register_pending
269 WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
270 return PL_FORBIDDEN;
271 }
272
273 require_once 'directory.enums.inc.php';
274 $nameTypes = DirEnum::getOptions(DirEnum::NAMETYPES);
275 $nameTypes = array_flip($nameTypes);
276
277 // Retrieve the pre-registration information using the url-provided
278 // authentication token.
279 $res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,
280 r.password, r.email, r.services, r.naissance,
281 pnl.name AS lastname, pnf.name AS firstname,
282 pd.promo, p.sex, p.birthdate_ref
283 FROM register_pending AS r
284 INNER JOIN accounts AS a ON (r.uid = a.uid)
285 INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))
286 INNER JOIN profiles AS p ON (p.pid = ap.uid)
287 INNER JOIN profile_name AS pnl ON (p.pid = pnl.pid AND pnl.typeid = {?})
288 INNER JOIN profile_name AS pnf ON (p.pid = pnf.pid AND pnf.typeid = {?})
289 INNER JOIN profile_display AS pd ON (p.pid = pd.pid)
290 WHERE hash = {?} AND hash != 'INSCRIT'",
291 $nameTypes['name_ini'], $nameTypes['firstname_ini'], $hash);
292 if (!$hash || $res->numRows() == 0) {
293 $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>
294 <p>Causes probables&nbsp;:</p>
295 <ol>
296 <li>Vérifie que tu visites l'adresse du dernier
297 email reçu s'il y en a eu plusieurs.</li>
298 <li>Tu as peut-être mal copié l'adresse reçue par
299 email, vérifie-la à la main.</li>
300 <li>Tu as peut-être attendu trop longtemps pour
301 confirmer. Les pré-inscriptions sont annulées
302 tous les 30 jours.</li>
303 <li>Tu es en fait déjà inscrit.</li>
304 </ol>");
305 }
306
307 list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services,
308 $birthdate, $lastname, $firstname, $promo, $sex, $birthdate_ref) = $res->fetchOneRow();
309 $yearpromo = substr($promo, 1, 4);
310
311 // Prepare the template for display.
312 $page->changeTpl('register/end.tpl');
313 $page->addJsLink('do_challenge_response_logged.js');
314 $page->assign('forlife', $forlife);
315 $page->assign('firstname', $firstname);
316
317 // Check if the user did enter a valid password; if not (or if none is found),
318 // get her an information page.
319 if (Post::has('response')) {
320 $expected_response = sha1("$forlife:$password:" . S::v('challenge'));
321 if (Post::v('response') != $expected_response) {
322 $page->trigError("Mot de passe invalide.");
323 S::logger($uid)->log('auth_fail', 'bad password (register/end)');
324 return;
325 }
326 } else {
327 return;
328 }
329
330 //
331 // Create the user account.
332 //
333 XDB::execute("UPDATE accounts
334 SET password = {?}, state = 'active',
335 registration_date = NOW()
336 WHERE uid = {?}", $password, $uid);
337 XDB::execute("UPDATE profiles
338 SET birthdate = {?}, last_change = NOW()
339 WHERE pid = {?}", $birthdate, $pid);
340 XDB::execute("INSERT INTO aliases (uid, alias, type)
341 VALUES ({?}, {?}, 'a_vie')", $uid, $forlife);
342 XDB::execute("INSERT INTO aliases (uid, alias, type, flags)
343 VALUES ({?}, {?}, 'alias', 'bestalias')", $uid, $bestalias);
344 if ($emailXorg2) {
345 XDB::execute("INSERT INTO aliases (uid, alias, type)
346 VALUES ({?}, {?}, 'alias')", $uid, $emailXorg2);
347 }
348
349 // Add the registration email address as first and only redirection.
350 require_once 'emails.inc.php';
351 $user = User::getSilentWithUID($uid);
352 $redirect = new Redirect($user);
353 $redirect->add_email($email);
354
355 // Try to start a session (so the user don't have to log in); we will use
356 // the password available in Post:: to authenticate the user.
357 $success = Platal::session()->start(AUTH_MDP);
358
359 // Subscribe the user to the services she did request at registration time.
360 foreach (explode(',', $services) as $service) {
361 switch ($service) {
362 case 'ax_letter':
363 Platal::load('axletter', 'axletter.inc.php');
364 AXLetter::subscribe($uid);
365 break;
366 case 'imap':
367 $storage = new EmailStorage($user, 'imap');
368 $storage->activate();
369 break;
370 case 'ml_promo':
371 $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
372 if ($r->numRows()) {
373 $asso_id = $r->fetchOneCell();
374 XDB::execute('REPLACE INTO group_members (uid, asso_id)
375 VALUES ({?}, {?})',
376 $uid, $asso_id);
377 $mmlist = new MMList($uid, S::v('password'));
378 $mmlist->subscribe("promo" . S::v('promo'));
379 }
380 break;
381 case 'nl':
382 require_once 'newsletter.inc.php';
383 NewsLetter::subscribe($uid);
384 break;
385 }
386 }
387
388 // Log the registration in the user session.
389 S::logger($uid)->log('inscription', $email);
390 XDB::execute("UPDATE register_pending
391 SET hash = 'INSCRIT'
392 WHERE uid = {?}", $uid);
393
394 // Congratulate our newly registered user by email.
395 $mymail = new PlMailer('register/success.mail.tpl');
396 $mymail->assign('forlife', $forlife);
397 $mymail->assign('firstname', $firstname);
398 $mymail->send();
399
400 // Index the user, to allow her to appear in searches.
401 Profile::rebuildSearchTokens($uid);
402
403 // Notify other users which were watching for her arrival.
404 XDB::execute('REPLACE INTO contacts (uid, contact)
405 SELECT uid, ni_id
406 FROM watch_nonins
407 WHERE ni_id = {?}', $uid);
408 XDB::execute('DELETE FROM watch_nonins
409 WHERE ni_id = {?}', $uid);
410 Platal::session()->updateNbNotifs();
411
412 // Forcibly register the new user on default forums.
413 $promoForum = 'xorg.promo.' . strtolower($promo);
414 $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements', $promoForum);
415 foreach ($registeredForums as $forum) {
416 XDB::execute("INSERT INTO forum_subs (fid, uid)
417 SELECT fid, {?}
418 FROM forums
419 WHERE name = {?}",
420 $uid, $val);
421
422 // Notify the newsgroup admin of the promotion forum needs be created.
423 if (XDB::affectedRows() == 0 && $forum == $promoForum) {
424 $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
425 $promoRegistered = new UserFilter(new PFC_And(
426 new UFC_Promo('=', UserFilter::DISPLAY, $promo),
427 new UFC_Registered(true),
428 new PFC_Not(new UFC_Dead())
429 ));
430 if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
431 $mymail = new PlMailer('admin/forums-promo.mail.tpl');
432 $mymail->assign('promo', $promo);
433 $mymail->send();
434 }
435 }
436 }
437
438 // Update the global registration count stats.
439 $globals->updateNbIns();
440
441 //
442 // Update collateral data sources, and inform watchers by email.
443 //
444
445 // Email the referrer(s) of this new user.
446 $res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate
447 FROM register_marketing
448 WHERE uid = {?}
449 GROUP BY sender
450 ORDER BY lastDate DESC", $uid);
451 XDB::execute("UPDATE register_mstats
452 SET success = NOW()
453 WHERE uid = {?}", $uid);
454
455 while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
456 $sender = User::getWithUID($senderid);
457 $market[] = " - par $sender->fullName() sur $maketingEmails (le plus récemment le $lastDate)";
458 $mymail = new PlMailer('register/marketer.mail.tpl');
459 $mymail->setSubject("$firstname $lastname s'est inscrit à Polytechnique.org !");
460 $mymail->addTo("\"$sender->fullName()\" <$sender->bestEmail()@{$globals->mail->domain}>");
461 $mymail->assign('sender', $sender);
462 $mymail->assign('firstname', $firstname);
463 $mymail->assign('lastname', $lastname);
464 $mymail->assign('promo', $promo);
465 $mymail->assign('sex', $sex);
466 $mymail->setTxtBody(wordwrap($msg, 72));
467 $mymail->send();
468 }
469
470 // Email the plat/al administrators about the registration.
471 if ($globals->register->notif) {
472 $mymail = new PlMailer('register/registration.mail.tpl');
473 $mymail->setSubject("Inscription de $firstname $lastname ($promo)");
474 $mymail->assign('firstname', $firstname);
475 $mymail->assign('lastname', $lastname);
476 $mymail->assign('promo', $promo);
477 $mymail->assign('sex', $sex);
478 $mymail->assign('birthdate', $birthdate);
479 $mymail->assign('birthdate_ref', $birthdate_ref);
480 $mymail->assign('forlife', $forlife);
481 $mymail->assign('email', $email);
482 $mymail->assign('logger', S::logger());
483 if (count($market) > 0) {
484 $mymail->assign('market', implode("\n", $market));
485 }
486 $mymail->setTxtBody($msg);
487 $mymail->send();
488 }
489
490 // Remove old pending marketing requests for the new user.
491 Marketing::clear($uid);
492
493 pl_redirect('profile/edit');
494 }
495 }
496
497 // vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8:
498 ?>
plat/al