X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fregister.php;h=1a58b3ae58d1e99c08f45b0aa681253f5d6df3dc;hb=6c49e229103128b29bcc10194f70e96e02cadb1a;hp=dc89b9787f4f6e49588fa808172147eddc3ca407;hpb=35cd1be17c5173bc0d7d3d7b2472f56838750455;p=platal.git
diff --git a/modules/register.php b/modules/register.php
index dc89b97..1a58b3a 100644
--- a/modules/register.php
+++ b/modules/register.php
@@ -1,6 +1,6 @@
fetchOneRow()) {
+ if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) {
$sub_state['uid'] = $uid;
$sub_state['hash'] = $hash;
$sub_state['promo'] = $promo;
$sub_state['nom'] = $nom;
$sub_state['prenom'] = $prenom;
$sub_state['ourmat'] = $ourmat;
+ $sub_state['watch'] = $watch;
+ $sub_state['naissance_ini'] = $naiss;
XDB::execute(
"REPLACE INTO register_mstats (uid,sender,success)
@@ -70,11 +82,13 @@ class RegisterModule extends PLModule
switch ($sub_state['step']) {
case 0:
+ require_once('wiki.inc.php');
+ wiki_require_page('Reference.Charte');
if (Post::has('step1')) {
$sub_state['step'] = 1;
if (isset($sub_state['hash'])) {
$sub_state['step'] = 3;
- require_once('register.inc.php');
+ require_once(dirname(__FILE__) . '/register/register.inc.php');
create_aliases($sub_state);
}
}
@@ -83,8 +97,13 @@ class RegisterModule extends PLModule
case 1:
if (Post::has('promo')) {
$promo = Post::i('promo');
- if ($promo < 1900 || $promo > date('Y')) {
- $err = "La promotion saisie est incorrecte !";
+ $res = XDB::query("SELECT COUNT(*)
+ FROM auth_user_md5
+ WHERE perms='pending' AND deces = '0000-00-00'
+ AND promo = {?}",
+ $promo);
+ if (!$res->fetchOneCell()) {
+ $err = "La promotion saisie est incorrecte ou tous les camardes de cette promo sont inscrits !";
} else {
$sub_state['step'] = 2;
$sub_state['promo'] = $promo;
@@ -99,7 +118,7 @@ class RegisterModule extends PLModule
case 2:
if (count($_POST)) {
- require_once('register.inc.php');
+ require_once(dirname(__FILE__) . '/register/register.inc.php');
$sub_state['prenom'] = Post::v('prenom');
$sub_state['nom'] = Post::v('nom');
$sub_state['mat'] = Post::v('mat');
@@ -116,14 +135,14 @@ class RegisterModule extends PLModule
case 3:
if (count($_POST)) {
- require_once('register.inc.php');
+ require_once(dirname(__FILE__) . '/register/register.inc.php');
if (!isvalid_email(Post::v('email'))) {
$err[] = "Le champ 'E-mail' n'est pas valide.";
} elseif (!isvalid_email_redirection(Post::v('email'))) {
$err[] = $sub_state['forlife']." doit renvoyer vers un email existant ".
- "valide, en particulier, il ne peut pas être renvoyé vers lui-même.";
+ "valide, en particulier, il ne peut pas être renvoyé vers lui-même.";
}
- $birth = Env::v('naissance');
+ $birth = trim(Env::v('naissance'));
if (!preg_match('/^[0-3][0-9][01][0-9][12][90][0-9][0-9]$/', $birth)) {
$err[] = "La 'Date de naissance' n'est pas correcte.";
} else {
@@ -131,9 +150,35 @@ class RegisterModule extends PLModule
$promo = (int)$sub_state['promo'];
if ($year > $promo - 15 || $year < $promo - 30) {
$err[] = "La 'Date de naissance' n'est pas correcte.";
+ $alert = "Date de naissance incorrecte a l'inscription - ";
+ $sub_state['wrong_naissance'] = $birth;
}
}
+ // Check if the given email is known as dangerous
+ $res = Xdb::iterRow("SELECT w.state, w.description, a.alias
+ FROM emails AS e
+ INNER JOIN emails_watch AS w ON (e.email = w.email AND w.state != 'safe')
+ INNER JOIN aliases AS a ON (e.uid = a.id AND a.type = 'a_vie')
+ WHERE e.email = {?}
+ ORDER BY a.alias", Post::v('email'));
+ $aliases = array();
+ while(list($gstate, $gdescription, $alias) = $res->next()) {
+ $state = $gstate;
+ $description = $gdescription;
+ $aliases[] = $alias;
+ }
+ if (count($aliases) != 0) {
+ $alert .= "Email surveille propose a l'inscription - ";
+ }
+ if ($sub_state['watch']) {
+ $alter .= "Inscription d'un utilisateur surveillé - ";
+ }
+
+ if (check_ip('unsafe')) {
+ unset($err);
+ }
+
if (isset($err)) {
$err = join('
', $err);
} else {
@@ -141,16 +186,32 @@ class RegisterModule extends PLModule
substr($birth,4,4),
substr($birth,2,2),
substr($birth,0,2));
+ if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) {
+ $alert .= "Date de naissance incorrecte à l'inscription - ";
+ }
$sub_state['email'] = Post::v('email');
- $sub_state['step'] = 4;
- finish_ins($sub_state);
+ if (check_ip('unsafe')) {
+ $err = "Une erreur s'est produite lors de l'inscription."
+ . " Merci de contacter register@polytechnique.org"
+ . " pour nous faire part de cette erreur";
+ $alert .= "Tentative d'inscription depuis une IP surveillee";
+ } else {
+ $sub_state['step'] = 4;
+ if (count($sub_state['backs']) >= 3) {
+ $alert .= "Fin d'une inscription hésitante";
+ }
+ finish_ins($sub_state);
+ }
}
}
break;
}
$_SESSION['sub_state'] = $sub_state;
- $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl', SIMPLE);
+ if ($alert) {
+ send_warning_mail($alert);
+ }
+ $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl');
if (isset($err)) {
$page->trig($err);
}
@@ -165,7 +226,16 @@ class RegisterModule extends PLModule
{
global $globals;
+
$page->changeTpl('register/end.tpl');
+ $_SESSION['sub_state'] = array('step' => 5);
+
+ if (check_ip('unsafe')) {
+ send_warning_mail('Une IP surveillée a tenté de finaliser son inscription');
+ XDB::execute('DELETE FROM register_pending
+ WHERE hash = {?} AND hash != \'INSCRIT\'', $hash);
+ return PL_FORBIDDEN;
+ }
require_once('user.func.inc.php');
@@ -173,26 +243,26 @@ class RegisterModule extends PLModule
$res = XDB::query(
"SELECT r.uid, r.forlife, r.bestalias, r.mailorg2,
r.password, r.email, r.naissance, u.nom, u.prenom,
- u.promo, u.flags
+ u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini
FROM register_pending AS r
INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id
WHERE hash={?} AND hash!='INSCRIT'", $hash);
}
if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email,
- $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow())
+ $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow())
{
$page->kill("
Cette adresse n'existe pas, ou plus, sur le serveur.
Causes probables :