X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fregister.php;h=1a58b3ae58d1e99c08f45b0aa681253f5d6df3dc;hb=37633309d5096c7e3b82b34266914d2b0980b8a2;hp=6d73d7fc10e1f7c2dfdfbb10919c4f5ab1ba2fbe;hpb=1e33266a2f91e1af7a5cb3e8fbbc1c49ff9341f3;p=platal.git diff --git a/modules/register.php b/modules/register.php index 6d73d7f..1a58b3a 100644 --- a/modules/register.php +++ b/modules/register.php @@ -1,6 +1,6 @@ fetchOneRow()) { + if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) { $sub_state['uid'] = $uid; $sub_state['hash'] = $hash; $sub_state['promo'] = $promo; $sub_state['nom'] = $nom; $sub_state['prenom'] = $prenom; $sub_state['ourmat'] = $ourmat; + $sub_state['watch'] = $watch; + $sub_state['naissance_ini'] = $naiss; XDB::execute( "REPLACE INTO register_mstats (uid,sender,success) @@ -76,7 +88,7 @@ class RegisterModule extends PLModule $sub_state['step'] = 1; if (isset($sub_state['hash'])) { $sub_state['step'] = 3; - require_once('register.inc.php'); + require_once(dirname(__FILE__) . '/register/register.inc.php'); create_aliases($sub_state); } } @@ -106,7 +118,7 @@ class RegisterModule extends PLModule case 2: if (count($_POST)) { - require_once('register.inc.php'); + require_once(dirname(__FILE__) . '/register/register.inc.php'); $sub_state['prenom'] = Post::v('prenom'); $sub_state['nom'] = Post::v('nom'); $sub_state['mat'] = Post::v('mat'); @@ -122,16 +134,15 @@ class RegisterModule extends PLModule break; case 3: - $alert = null; if (count($_POST)) { - require_once('register.inc.php'); + require_once(dirname(__FILE__) . '/register/register.inc.php'); if (!isvalid_email(Post::v('email'))) { $err[] = "Le champ 'E-mail' n'est pas valide."; } elseif (!isvalid_email_redirection(Post::v('email'))) { $err[] = $sub_state['forlife']." doit renvoyer vers un email existant ". - "valide, en particulier, il ne peut pas être renvoyé vers lui-même."; + "valide, en particulier, il ne peut pas être renvoyé vers lui-même."; } - $birth = Env::v('naissance'); + $birth = trim(Env::v('naissance')); if (!preg_match('/^[0-3][0-9][01][0-9][12][90][0-9][0-9]$/', $birth)) { $err[] = "La 'Date de naissance' n'est pas correcte."; } else { @@ -139,7 +150,8 @@ class RegisterModule extends PLModule $promo = (int)$sub_state['promo']; if ($year > $promo - 15 || $year < $promo - 30) { $err[] = "La 'Date de naissance' n'est pas correcte."; - $alert = "Date de naissance proposée $birth\n\n"; + $alert = "Date de naissance incorrecte a l'inscription - "; + $sub_state['wrong_naissance'] = $birth; } } @@ -157,10 +169,14 @@ class RegisterModule extends PLModule $aliases[] = $alias; } if (count($aliases) != 0) { - $alert .= "Email proposé : " . Post::v('email') . "\n" - . "Ce mails est connu avec l'état $state :\n" - . $description . "\n" - . "Pour les alias :\n* " . join("\n* ", $aliases) . "\n\n"; + $alert .= "Email surveille propose a l'inscription - "; + } + if ($sub_state['watch']) { + $alter .= "Inscription d'un utilisateur surveillé - "; + } + + if (check_ip('unsafe')) { + unset($err); } if (isset($err)) { @@ -170,18 +186,31 @@ class RegisterModule extends PLModule substr($birth,4,4), substr($birth,2,2), substr($birth,0,2)); + if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) { + $alert .= "Date de naissance incorrecte à l'inscription - "; + } $sub_state['email'] = Post::v('email'); - $sub_state['step'] = 4; - finish_ins($sub_state); - } - if (!is_null($alert)) { - send_alert_mail($sub_state, $alert); + if (check_ip('unsafe')) { + $err = "Une erreur s'est produite lors de l'inscription." + . " Merci de contacter register@polytechnique.org" + . " pour nous faire part de cette erreur"; + $alert .= "Tentative d'inscription depuis une IP surveillee"; + } else { + $sub_state['step'] = 4; + if (count($sub_state['backs']) >= 3) { + $alert .= "Fin d'une inscription hésitante"; + } + finish_ins($sub_state); + } } } break; } $_SESSION['sub_state'] = $sub_state; + if ($alert) { + send_warning_mail($alert); + } $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl'); if (isset($err)) { $page->trig($err); @@ -197,34 +226,43 @@ class RegisterModule extends PLModule { global $globals; + $page->changeTpl('register/end.tpl'); $_SESSION['sub_state'] = array('step' => 5); + + if (check_ip('unsafe')) { + send_warning_mail('Une IP surveillée a tenté de finaliser son inscription'); + XDB::execute('DELETE FROM register_pending + WHERE hash = {?} AND hash != \'INSCRIT\'', $hash); + return PL_FORBIDDEN; + } + require_once('user.func.inc.php'); if ($hash) { $res = XDB::query( "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2, r.password, r.email, r.naissance, u.nom, u.prenom, - u.promo, u.flags + u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini FROM register_pending AS r INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id WHERE hash={?} AND hash!='INSCRIT'", $hash); } if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email, - $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow()) + $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow()) { $page->kill("
Cette adresse n'existe pas, ou plus, sur le serveur.
Causes probables :