From: Vincent Zanotti Date: Sun, 24 Aug 2008 00:28:30 +0000 (+0200) Subject: Adds a security check on the existence of an hruid at registration time. X-Git-Tag: xorg/0.10.0~86^2~32 X-Git-Url: http://git.polytechnique.org/?a=commitdiff_plain;h=56081a9c7569245bf06ac582a7657d84c73dc839;p=platal.git Adds a security check on the existence of an hruid at registration time. Signed-off-by: Vincent Zanotti --- diff --git a/include/marketing.inc.php b/include/marketing.inc.php index f397ad0..52988c2 100644 --- a/include/marketing.inc.php +++ b/include/marketing.inc.php @@ -53,37 +53,30 @@ class Marketing private function getUser($uid, $email) { - $res = XDB::query("SELECT FIND_IN_SET('femme', flags) AS sexe, nom, prenom, promo - FROM auth_user_md5 - WHERE user_id = {?}", $uid); - if ($res->numRows() == 0) { + $user = User::getSilent($uid); + if (!$user) { return null; } - $user = $res->fetchOneAssoc(); - $user['id'] = $uid; - $user['forlife'] = make_forlife($user['prenom'], $user['nom'], $user['promo']); - $user['mail'] = $email; - $user['to'] = '"' . $user['prenom'] . ' ' . $user['nom'] . '" <' . $email . '>'; - return $user; + + global $globals; + return array( + 'id' => $user->id(), + 'sexe' => $user->isFemale(), + 'mail' => $email, + 'forlife_email' => $user->login() . '@' . $globals->mail->domain, + 'forlife_email2' => $user->login() . '@' . $globals->mail->domain2, + 'to' => '"' . $user->fullName() . '" <' . $email . '>', + ); } private function getFrom($from, $sender) { global $globals; - if ($from == 'staff') { + if ($from == 'staff' || !($user = User::getSilent($sender))) { return '"L\'équipe de Polytechnique.org" mail->domain . '>'; - } else { - $res = XDB::query("SELECT u.nom, u.prenom, a.alias - FROM auth_user_md5 AS u - INNER JOIN aliases AS a ON (a.id = u.user_id AND FIND_IN_SET('bestalias', a.flags)) - WHERE u.user_id = {?}", $sender); - if (!$res->numRows()) { - return '"L\'équipe de Polytechnique.org" mail->domain . '>'; - } - $sender = $res->fetchOneAssoc(); - return '"' . $sender['prenom'] . ' ' . $sender['nom'] . '" <' . $sender['alias'] . '@' . $globals->mail->domain . '>'; } + return sprintf('"%s" <%s>', $user->fullName(), $user->bestEmail()); } private function &getEngine($type, $data, $from) @@ -304,12 +297,8 @@ class ListMarketing extends AnnuaireMarketing public function __construct($data, $from) { list($this->name, $this->domain) = explode('@', $data); - $res = XDB::query("SELECT prenom, IF (nom_usage != '', nom_usage, nom) - FROM auth_user_md5 - WHERE user_id = {?} AND user_id != 0", $from ? $from : 0); - if ($res->numRows()) { - list($prenom, $nom) = $res->fetchOneRow(); - $from = "$prenom $nom"; + if ($from && ($user = User::getSilent($from))) { + $from = $user->fullName(); } else { $from = "Je"; } @@ -339,12 +328,8 @@ class GroupMarketing extends AnnuaireMarketing public function __construct($data, $from) { $this->group = $data; - $res = XDB::query("SELECT prenom, IF (nom_usage != '', nom_usage, nom) - FROM auth_user_md5 - WHERE user_id = {?} AND user_id != 0", $from ? $from : 0); - if ($res->numRows()) { - list($prenom, $nom) = $res->fetchOneRow(); - $from = "$prenom $nom vient"; + if ($from && ($user = User::getSilent($from))) { + $from = $user->fullName() . " vient"; } else { $from = "Je viens"; } diff --git a/modules/register/register.inc.php b/modules/register/register.inc.php index 4839e36..2de1530 100644 --- a/modules/register/register.inc.php +++ b/modules/register/register.inc.php @@ -149,24 +149,24 @@ function create_aliases (&$sub) global $globals; extract ($sub); - $mailorg = make_username($prenom, $nom); + $mailorg = make_username($prenom, $nom); $mailorg2 = $mailorg.sprintf(".%02u", ($promo%100)); - $forlife = make_forlife($prenom, $nom, $promo); - $res = XDB::query('SELECT COUNT(*) FROM aliases WHERE alias={?}', $forlife); - if ($res->fetchOneCell() > 0) { - return "Tu as un homonyme dans ta promo, il faut traiter ce cas manuellement.
". - "envoie un mail à mail->domain}\">" . - "support@{$globals->mail->domain} en expliquant ta situation."; + $res = XDB::query("SELECT hruid FROM auth_user_md5 WHERE user_id = {?}", $uid); + if ($res->numRows() == 0) { + return "Tu n'as pas d'adresse à vie pré-attribuée.
" + . "Envoie un mail à mail->domain}\">" . + . "support@{$globals->mail->domain} en expliquant ta situation."; + } else { + // TODO: at the moment forlife == hruid, however we'll have to change + // that behaviour when masters will be on plat/al. + $forlife = $res->fetchOneCell(); } - $res = XDB::query('SELECT id, type, expire FROM aliases WHERE alias={?}', $mailorg); - - if ( $res->numRows() ) { - + $res = XDB::query('SELECT id, type, expire FROM aliases WHERE alias={?}', $mailorg); + if ($res->numRows()) { list($h_id, $h_type, $expire) = $res->fetchOneRow(); - - if ( $h_type != 'homonyme' and empty($expire) ) { + if ($h_type != 'homonyme' and empty($expire)) { XDB::execute('UPDATE aliases SET expire=ADDDATE(NOW(),INTERVAL 1 MONTH) WHERE alias={?}', $mailorg); XDB::execute('REPLACE INTO homonymes (homonyme_id,user_id) VALUES ({?},{?})', $h_id, $h_id); XDB::execute('REPLACE INTO homonymes (homonyme_id,user_id) VALUES ({?},{?})', $h_id, $uid); diff --git a/templates/marketing/marketing.mail.tpl b/templates/marketing/marketing.mail.tpl index af5e9b2..dc202bb 100644 --- a/templates/marketing/marketing.mail.tpl +++ b/templates/marketing/marketing.mail.tpl @@ -27,7 +27,7 @@ {#globals.baseurl#}/register/%%hash%% ========================================================== -Il ne te faut que 5 minutes sur https://www.polytechnique.org/ pour rejoindre la communauté polytechnicienne sur le web grâce aux services de Polytechnique.org dont profitent déjà {$num_users} camarades. Cela te permettra, entre autres, de contacter un X en connaissant seulement son nom et son prénom et de bénéficier à vie d'une adresse prestigieuse {$u.forlife}@polytechnique.org et de son alias discret {$u.forlife}@m4x.org (m4x = mail for X). +Il ne te faut que 5 minutes sur https://www.polytechnique.org/ pour rejoindre la communauté polytechnicienne sur le web grâce aux services de Polytechnique.org dont profitent déjà {$num_users} camarades. Cela te permettra, entre autres, de contacter un X en connaissant seulement son nom et son prénom et de bénéficier à vie d'une adresse prestigieuse {$u.forlife_email} et de son alias discret {$u.forlife_email2} (m4x = mail for X). Pas de nouvelle boîte aux lettres à relever, il suffit de la rediriger vers ton adresse personnelle et/ou professionnelle que tu indiques et que tu peux changer à ta guise, sans que tes correspondants n'aient à actualiser leur carnet d'adresses.