X-Git-Url: http://git.polytechnique.org/?a=blobdiff_plain;f=modules%2Fregister.php;h=9a32e609de50568218e05acbdcd9645d090706e7;hb=460d8f5533ac4dff9d0df95efe11c399228b8637;hp=b8376d1626b7f7d7e75c35d2728e20d7549b0a10;hpb=433336f3f681767b3e6fcf69db51d64b6fb7656b;p=platal.git diff --git a/modules/register.php b/modules/register.php index b8376d1..9a32e60 100644 --- a/modules/register.php +++ b/modules/register.php @@ -1,6 +1,6 @@ $this->make_hook('end', AUTH_PUBLIC), 'register/end.php' => $this->make_hook('end_old', AUTH_PUBLIC), 'register/success' => $this->make_hook('success', AUTH_MDP), + 'register/save' => $this->make_hook('save', AUTH_MDP), ); } function handler_register(&$page, $hash = null) { + $alert = null; $sub_state = S::v('sub_state', Array()); if (!isset($sub_state['step'])) { $sub_state['step'] = 0; } + if (!isset($sub_state['backs'])) { + $sub_state['backs'] = array(); + } if (Get::has('back') && Get::i('back') < $sub_state['step']) { $sub_state['step'] = max(0,Get::i('back')); + $state = $sub_state; + unset($state['backs']); + $sub_state['backs'][] = $state; + if (count($sub_state['backs']) == 3) { + $alert .= "Tentative d'inscription tres hesitante - "; + } } // Compatibility with old sources, keep it atm @@ -48,17 +59,19 @@ class RegisterModule extends PLModule if ($hash) { $res = XDB::query( - "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule + "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, u.naissance_ini, FIND_IN_SET('watch', u.flags) FROM register_marketing AS m INNER JOIN auth_user_md5 AS u ON u.user_id = m.uid WHERE m.hash={?}", $hash); - if (list($uid, $promo, $nom, $prenom, $ourmat) = $res->fetchOneRow()) { + if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) { $sub_state['uid'] = $uid; $sub_state['hash'] = $hash; $sub_state['promo'] = $promo; $sub_state['nom'] = $nom; $sub_state['prenom'] = $prenom; $sub_state['ourmat'] = $ourmat; + $sub_state['watch'] = $watch; + $sub_state['naissance_ini'] = $naiss; XDB::execute( "REPLACE INTO register_mstats (uid,sender,success) @@ -70,13 +83,13 @@ class RegisterModule extends PLModule switch ($sub_state['step']) { case 0: - require_once('wiki.inc.php'); - wiki_require_page('Reference.Charte'); + $wp = new PlWikiPage('Reference.Charte'); + $wp->buildCache(); if (Post::has('step1')) { $sub_state['step'] = 1; if (isset($sub_state['hash'])) { $sub_state['step'] = 3; - require_once(dirname(__FILE__) . '/register/register.inc.php'); + $this->load('register.inc.php'); create_aliases($sub_state); } } @@ -106,7 +119,7 @@ class RegisterModule extends PLModule case 2: if (count($_POST)) { - require_once(dirname(__FILE__) . '/register/register.inc.php'); + $this->load('register.inc.php'); $sub_state['prenom'] = Post::v('prenom'); $sub_state['nom'] = Post::v('nom'); $sub_state['mat'] = Post::v('mat'); @@ -122,69 +135,92 @@ class RegisterModule extends PLModule break; case 3: - $alert = null; if (count($_POST)) { - require_once(dirname(__FILE__) . '/register/register.inc.php'); + $this->load('register.inc.php'); + require_once 'emails.inc.php'; if (!isvalid_email(Post::v('email'))) { $err[] = "Le champ 'E-mail' n'est pas valide."; } elseif (!isvalid_email_redirection(Post::v('email'))) { $err[] = $sub_state['forlife']." doit renvoyer vers un email existant ". - "valide, en particulier, il ne peut pas être renvoyé vers lui-même."; + "valide, en particulier, il ne peut pas être renvoyé vers lui-même."; } - $birth = Env::v('naissance'); - if (!preg_match('/^[0-3][0-9][01][0-9][12][90][0-9][0-9]$/', $birth)) { + $birth = trim(Env::v('naissance')); + if (!preg_match('@^[0-3]?\d/[01]?\d/(19|20)?\d{2}$@', $birth)) { $err[] = "La 'Date de naissance' n'est pas correcte."; } else { - $year = (int)substr($birth, 4, 4); + $birth = explode('/', $birth, 3); + for ($i = 0; $i < 3; $i++) + $birth[$i] = intval($birth[$i]); + if ($birth[2] < 100) $birth[2] += 1900; + $year = $birth[2]; $promo = (int)$sub_state['promo']; if ($year > $promo - 15 || $year < $promo - 30) { $err[] = "La 'Date de naissance' n'est pas correcte."; - $alert = "Date de naissance proposée $birth\n\n"; + $alert = "Date de naissance incorrecte a l'inscription - "; + $sub_state['wrong_naissance'] = $birth; } } // Check if the given email is known as dangerous - $res = Xdb::iterRow("SELECT w.state, w.description, a.alias - FROM emails AS e - INNER JOIN emails_watch AS w ON (e.email = w.email AND w.state != 'safe') - INNER JOIN aliases AS a ON (e.uid = a.id AND a.type = 'a_vie') - WHERE e.email = {?} - ORDER BY a.alias", Post::v('email')); - $aliases = array(); - while(list($gstate, $gdescription, $alias) = $res->next()) { - $state = $gstate; - $description = $gdescription; - $aliases[] = $alias; + $res = XDB::query("SELECT w.state, w.description + FROM emails_watch AS w + WHERE w.email = {?} AND w.state != 'safe'", + Post::v('email')); + $email_banned = false; + if ($res->numRows()) { + list($state, $description) = $res->fetchOneRow(); + $alert .= "Email surveille propose a l'inscription - "; + $sub_state['email_desc'] = $description; + if ($state == 'dangerous') { + $email_banned = true; + } } - if (count($aliases) != 0) { - $alert .= "Email proposé : " . Post::v('email') . "\n" - . "Ce mails est connu avec l'état $state :\n" - . $description . "\n" - . "Pour les alias :\n* " . join("\n* ", $aliases) . "\n\n"; + if ($sub_state['watch']) { + $alert .= "Inscription d'un utilisateur surveillé - "; + } + + if (check_ip('unsafe')) { + unset($err); } if (isset($err)) { $err = join('
', $err); } else { - $sub_state['naissance'] = sprintf("%s-%s-%s", - substr($birth,4,4), - substr($birth,2,2), - substr($birth,0,2)); + $sub_state['naissance'] = sprintf("%04d-%02d-%02d", + intval($birth[2]), intval($birth[1]), intval($birth[0])); + if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) { + $alert .= "Date de naissance incorrecte à l'inscription - "; + } $sub_state['email'] = Post::v('email'); - $sub_state['step'] = 4; - finish_ins($sub_state); - } - if (!is_null($alert)) { - send_alert_mail($sub_state, $alert); + $ip_banned = check_ip('unsafe'); + if ($ip_banned) { + $alert .= "Tentative d'inscription depuis une IP surveillee"; + } + if ($email_banned || $ip_banned) { + global $globals; + $err = "Une erreur s'est produite lors de l'inscription." + . " Merci de contacter = 3) { + $alert .= "Fin d'une inscription hésitante"; + } + finish_ins($sub_state); + } } } break; } $_SESSION['sub_state'] = $sub_state; + if (!empty($alert)) { + send_warning_mail($alert); + } $page->changeTpl('register/step'.intval($sub_state['step']).'.tpl'); if (isset($err)) { - $page->trig($err); + $page->trigError($err); } } @@ -197,34 +233,43 @@ class RegisterModule extends PLModule { global $globals; + $page->changeTpl('register/end.tpl'); $_SESSION['sub_state'] = array('step' => 5); + + if (check_ip('unsafe')) { + send_warning_mail('Une IP surveillée a tenté de finaliser son inscription'); + XDB::execute('DELETE FROM register_pending + WHERE hash = {?} AND hash != \'INSCRIT\'', $hash); + return PL_FORBIDDEN; + } + require_once('user.func.inc.php'); if ($hash) { $res = XDB::query( "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2, r.password, r.email, r.naissance, u.nom, u.prenom, - u.promo, u.flags + u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini FROM register_pending AS r INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id WHERE hash={?} AND hash!='INSCRIT'", $hash); } if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email, - $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow()) + $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow()) { $page->kill("

Cette adresse n'existe pas, ou plus, sur le serveur.

Causes probables :

    -
  1. Vérifie que tu visites l'adresse du dernier - e-mail reçu s'il y en a eu plusieurs.
    2. -
  2. Tu as peut-être mal copié l'adresse reçue par - mail, vérifie-la à la main.
    3. -
  3. Tu as peut-être attendu trop longtemps pour - confirmer. Les pré-inscriptions sont annulées +
  4. Vérifie que tu visites l'adresse du dernier + e-mail reçu s'il y en a eu plusieurs.
    5. +
  5. Tu as peut-être mal copié l'adresse reçue par + mail, vérifie-la à la main.
    6. +
  6. Tu as peut-être attendu trop longtemps pour + confirmer. Les pré-inscriptions sont annulées tous les 30 jours.
    7. -
  7. Tu es en fait déjà inscrit.
    8. +
  8. Tu es en fait déjà inscrit.
"); } @@ -256,8 +301,8 @@ class RegisterModule extends PLModule $redirect->add_email($email); // on cree un objet logger et on log l'inscription - $logger = new CoreLogger($uid); - $logger->log('inscription', $email); + $logger = new PlLogger($uid); + S::logger()->log('inscription', $email); XDB::execute('UPDATE register_pending SET hash="INSCRIT" WHERE uid={?}', $uid); @@ -269,39 +314,80 @@ class RegisterModule extends PLModule $mymail->assign('prenom', $prenom); $mymail->send(); - start_connexion($uid,false); + require_once('user.func.inc.php'); + user_reindex($uid); + + // update number of subscribers (perms has changed) + $globals->updateNbIns(); + + if (!start_connexion($uid, false)) { + return PL_FORBIDDEN; + } $_SESSION['auth'] = AUTH_MDP; /***********************************************************/ - /************* envoi d'un mail au démarcheur ***************/ + /************* envoi d'un mail au démarcheur ***************/ /***********************************************************/ $res = XDB::iterRow( - "SELECT DISTINCT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom, - s.prenom, FIND_IN_SET('femme', s.flags) AS femme + "SELECT sa.alias, IF(s.nom_usage,s.nom_usage,s.nom) AS nom, + s.prenom, FIND_IN_SET('femme', s.flags) AS femme, + GROUP_CONCAT(m.email) AS mails, MAX(m.last) AS dateDernier FROM register_marketing AS m INNER JOIN auth_user_md5 AS s ON ( m.sender = s.user_id ) INNER JOIN aliases AS sa ON ( sa.id = m.sender AND FIND_IN_SET('bestalias', sa.flags) ) - WHERE m.uid = {?}", $uid); + WHERE m.uid = {?} + GROUP BY m.sender + ORDER BY dateDernier DESC", $uid); XDB::execute("UPDATE register_mstats SET success=NOW() WHERE uid={?}", $uid); - while (list($salias, $snom, $sprenom, $sfemme) = $res->next()) { + $market = array(); + while (list($salias, $snom, $sprenom, $sfemme, $mails, $dateDernier) = $res->next()) { + $market[] = " - par $snom $sprenom sur $mails (le plus récemment le $dateDernier)"; $mymail = new PlMailer(); - $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !"); - $mymail->setFrom('"Marketing Polytechnique.org" '); + $mymail->setSubject("$prenom $nom s'est inscrit à Polytechnique.org !"); + $mymail->setFrom('"Marketing Polytechnique.org" mail->domain . '>'); $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>"); - $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n" - . "Nous t'écrivons pour t'informer que {$prenom} {$nom} (X{$promo}), " - . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, " - . "vient à l'instant de terminer son inscription.\n\n" - . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n" + $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n" + . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), " + . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, " + . "vient à l'instant de terminer son inscription.\n\n" + . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n" . "Bien cordialement,\n" - . "L'équipe Polytechnique.org"; + . "L'équipe Polytechnique.org"; $mymail->setTxtBody(wordwrap($msg, 72)); $mymail->send(); } - XDB::execute("DELETE FROM register_marketing WHERE uid = {?}", $uid); + /**** send a mail to X.org administrators ****/ + if ($globals->register->notif) { + $mymail = new PlMailer(); + $mymail->setSubject("Inscription de $prenom $nom (X$promo)"); + $mymail->setFrom('"Webmaster Polytechnique.org" mail->domain . '>'); + $mymail->addTo($globals->register->notif); + $mymail->addHeader('Reply-To', $globals->register->notif); + $msg = "$prenom $nom (X$promo) a terminé son inscription avec les données suivantes :\n" + . " - nom : $nom\n" + . " - prenom : $prenom\n" + . " - promo : $promo\n" + . " - naissance : $naissance (date connue : $naiss_ini)\n" + . " - forlife : $forlife\n" + . " - email : $email\n" + . " - sexe : $femme\n" + . " - ip : {$logger->ip} ({$logger->host})\n" + . ($logger->proxy_ip ? " - proxy : {$logger->proxy_ip} ({$logger->proxy_host})\n" : "") + . "\n\n"; + if (count($market) > 0) { + $msg .= "Les marketings suivants avaient été effectués :\n" + . implode("\n", $market); + } else { + $msg .= "$prenom $nom n'a jamais reçu d\'email de marketing."; + } + $mymail->setTxtBody($msg); + $mymail->send(); + } + + Marketing::clear($uid); pl_redirect('register/success'); $page->assign('uid', $uid); @@ -309,6 +395,7 @@ class RegisterModule extends PLModule function handler_success(&$page) { + global $globals; $page->changeTpl('register/success.tpl'); $_SESSION['sub_state'] = array('step' => 5); @@ -319,8 +406,19 @@ class RegisterModule extends PLModule WHERE user_id={?}', $password, S::v('uid')); - $log =& S::v('log'); - $log->log('passwd', ''); + // If GoogleApps is enabled, and the user did choose to use synchronized passwords, + // and if the (stupid) user has decided to user /register/success another time, + // updates the Google Apps password as well. + if ($globals->mailstorage->googleapps_domain) { + require_once 'googleapps.inc.php'; + $account = new GoogleAppsAccount(S::v('uid'), S::v('forlife')); + if ($account->active() && $account->sync_password) { + $account->set_password($password); + } + } + + $log = S::v('log'); + S::logger()->log('passwd', ''); if (Cookie::v('ORGaccess')) { require_once('secure_hash.inc.php'); @@ -330,8 +428,76 @@ class RegisterModule extends PLModule $page->assign('mdpok', true); } + $res = XDB::iterRow("SELECT sub, domain + FROM register_subs + WHERE uid = {?} AND type = 'list' + ORDER BY domain", + S::i('uid')); + $current_domain = null; + $lists = array(); + while (list($sub, $domain) = $res->next()) { + if ($current_domain != $domain) { + $current_domain = $domain; + $client = new MMList(S::v('uid'), S::v('password'), $domain); + } + list($details, ) = $client->get_members($sub); + $lists["$sub@$domain"] = $details; + } + $page->assign_by_ref('lists', $lists); + $page->addJsLink('motdepasse.js'); } + + function handler_save(&$page) + { + global $globals; + + // Finish registration procedure + if (Post::v('register_from_ax_question')) { + XDB::execute('UPDATE auth_user_quick + SET profile_from_ax = 1 + WHERE user_id = {?}', + S::v('uid')); + } + if (Post::v('add_to_nl')) { + require_once 'newsletter.inc.php'; + NewsLetter::subscribe(); + } + if (Post::v('add_to_ax')) { + require_once dirname(__FILE__) . '/axletter/axletter.inc.php'; + AXLetter::subscribe(); + } + if (Post::v('add_to_promo')) { + $r = XDB::query('SELECT id FROM groupex.asso WHERE diminutif = {?}', + S::v('promo')); + $asso_id = $r->fetchOneCell(); + XDB::execute('REPLACE INTO groupex.membres (uid,asso_id) + VALUES ({?}, {?})', + S::v('uid'), $asso_id); + $mmlist = new MMList(S::v('uid'), S::v('password')); + $mmlist->subscribe("promo".S::v('promo')); + } + if (Post::v('sub_ml')) { + $subs = array_keys(Post::v('sub_ml')); + $current_domain = null; + foreach ($subs as $list) { + list($sub, $domain) = explode('@', $list); + if ($domain != $current_domain) { + $current_domain = $domain; + $client = new MMList(S::v('uid'), S::v('password'), $domain); + } + $client->subscribe($sub); + } + } + if (Post::v('imap')) { + require_once 'emails.inc.php'; + $storage = new EmailStorage(S::v('uid'), 'imap'); + $storage->activate(); + } + + pl_redirect('profile/edit'); + } } +// vim:set et sw=4 sts=4 sws=4 foldmethod=marker enc=utf-8: ?>