X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fregister.php;h=1a58b3ae58d1e99c08f45b0aa681253f5d6df3dc;hb=5122b820e488b28e0b62ec09cd76d87f1d22fc99;hp=92fc139d67d613f285f2fb474b27bb24b09acfb6;hpb=0be07aa610451e9c9e6f45425cae68eac31dbd7e;p=platal.git diff --git a/modules/register.php b/modules/register.php index 92fc139..1a58b3a 100644 --- a/modules/register.php +++ b/modules/register.php @@ -58,18 +58,19 @@ class RegisterModule extends PLModule if ($hash) { $res = XDB::query( - "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, FIND_IN_SET('watch', u.flags) + "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, u.naissance_ini, FIND_IN_SET('watch', u.flags) FROM register_marketing AS m INNER JOIN auth_user_md5 AS u ON u.user_id = m.uid WHERE m.hash={?}", $hash); - if (list($uid, $promo, $nom, $prenom, $ourmat, $watch) = $res->fetchOneRow()) { + if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) { $sub_state['uid'] = $uid; $sub_state['hash'] = $hash; $sub_state['promo'] = $promo; $sub_state['nom'] = $nom; $sub_state['prenom'] = $prenom; $sub_state['ourmat'] = $ourmat; - $sub_state['watch'] = $watch; + $sub_state['watch'] = $watch; + $sub_state['naissance_ini'] = $naiss; XDB::execute( "REPLACE INTO register_mstats (uid,sender,success) @@ -150,6 +151,7 @@ class RegisterModule extends PLModule if ($year > $promo - 15 || $year < $promo - 30) { $err[] = "La 'Date de naissance' n'est pas correcte."; $alert = "Date de naissance incorrecte a l'inscription - "; + $sub_state['wrong_naissance'] = $birth; } } @@ -184,10 +186,13 @@ class RegisterModule extends PLModule substr($birth,4,4), substr($birth,2,2), substr($birth,0,2)); + if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) { + $alert .= "Date de naissance incorrecte à l'inscription - "; + } $sub_state['email'] = Post::v('email'); if (check_ip('unsafe')) { $err = "Une erreur s'est produite lors de l'inscription." - . " Merci de contacter register@polytechnique.org" + . " Merci de contacter register@polytechnique.org" . " pour nous faire part de cette erreur"; $alert .= "Tentative d'inscription depuis une IP surveillee"; } else { @@ -221,22 +226,31 @@ class RegisterModule extends PLModule { global $globals; + $page->changeTpl('register/end.tpl'); $_SESSION['sub_state'] = array('step' => 5); + + if (check_ip('unsafe')) { + send_warning_mail('Une IP surveillée a tenté de finaliser son inscription'); + XDB::execute('DELETE FROM register_pending + WHERE hash = {?} AND hash != \'INSCRIT\'', $hash); + return PL_FORBIDDEN; + } + require_once('user.func.inc.php'); if ($hash) { $res = XDB::query( "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2, r.password, r.email, r.naissance, u.nom, u.prenom, - u.promo, u.flags + u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini FROM register_pending AS r INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id WHERE hash={?} AND hash!='INSCRIT'", $hash); } if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email, - $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow()) + $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow()) { $page->kill("

Cette adresse n'existe pas, ou plus, sur le serveur.

Causes probables :

@@ -293,7 +307,7 @@ class RegisterModule extends PLModule $mymail->assign('prenom', $prenom); $mymail->send(); - if (!start_connexion($uid,false)) { + if (!start_connexion($uid, false)) { return PL_FORBIDDEN; } $_SESSION['auth'] = AUTH_MDP; @@ -317,7 +331,7 @@ class RegisterModule extends PLModule $mymail->setFrom('"Marketing Polytechnique.org" '); $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>"); $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n" - . "Nous t'écrivons pour t'informer que {$prenom} {$nom} (X{$promo}), " + . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), " . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, " . "vient à l'instant de terminer son inscription.\n\n" . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n" @@ -326,6 +340,8 @@ class RegisterModule extends PLModule $mymail->setTxtBody(wordwrap($msg, 72)); $mymail->send(); } + + /**** send a mail to X.org administrators ****/ if ($globals->register->notif) { $mymail = new PlMailer(); $mymail->setSubject("Inscription de $prenom $nom (X$promo)"); @@ -335,15 +351,18 @@ class RegisterModule extends PLModule . " - nom : $nom\n" . " - prenom : $prenom\n" . " - promo : $promo\n" - . " - naissance : $naissance\n" + . " - naissance : $naissance (date connue : $naiss_ini)\n" . " - forlife : $forlife\n" . " - email : $email\n" - . " - sexe : $femme\n"; + . " - sexe : $femme\n" + . " - ip : " . (@$_SERVER['HTTP_X_FORWARDED_FOR'] ? $_SERVER['HTTP_X_FORWARDED_FOR'] + : $_SERVER['REMOTE_ADDR']) . "\n" + . " - proxy : " . (@$_SERVER['HTTP_X_FORWARDED_FOR'] ? $_SERVER['REMOTE_ADDR'] : "") . "\n"; $mymail->setTxtBody($msg); $mymail->send(); } - XDB::execute("DELETE FROM register_marketing WHERE uid = {?}", $uid); + Marketing::clear($uid); pl_redirect('register/success'); $page->assign('uid', $uid); @@ -361,7 +380,7 @@ class RegisterModule extends PLModule WHERE user_id={?}', $password, S::v('uid')); - $log =& S::v('log'); + $log = S::v('log'); $log->log('passwd', ''); if (Cookie::v('ORGaccess')) { @@ -372,6 +391,23 @@ class RegisterModule extends PLModule $page->assign('mdpok', true); } + $res = XDB::iterRow("SELECT sub, domain + FROM register_subs + WHERE uid = {?} AND type = 'list' + ORDER BY domain", + S::i('uid')); + $current_domain = null; + $lists = array(); + while (list($sub, $domain) = $res->next()) { + if ($current_domain != $domain) { + $current_domain = $domain; + $client = new MMList(S::v('uid'), S::v('password'), $domain); + } + list($details, ) = $client->get_members($sub); + $lists["$sub@$domain"] = $details; + } + $page->assign_by_ref('lists', $lists); + $page->addJsLink('motdepasse.js'); } }