From ecc734a5a016762e3757edf7ec64e0dfac6c41f1 Mon Sep 17 00:00:00 2001 From: x2003bruneau Date: Wed, 4 Apr 2007 21:12:00 +0000 Subject: [PATCH] Add birthdate check on subscription (only if the database contains a 'known' value) -> need tests git-svn-id: svn+ssh://murphy/home/svn/platal/trunk@1663 839d8a87-29fc-0310-9880-83ba4fa771e5 --- modules/register.php | 29 +++++++++++++++++++++-------- modules/register/register.inc.php | 21 +++++++++++---------- upgrade/0.9.14/01_auth_user_md5.sql | 10 ++++++++++ 3 files changed, 42 insertions(+), 18 deletions(-) diff --git a/modules/register.php b/modules/register.php index 77dff4d..64e8edd 100644 --- a/modules/register.php +++ b/modules/register.php @@ -58,18 +58,19 @@ class RegisterModule extends PLModule if ($hash) { $res = XDB::query( - "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, FIND_IN_SET('watch', u.flags) + "SELECT m.uid, u.promo, u.nom, u.prenom, u.matricule, u.naissance_ini, FIND_IN_SET('watch', u.flags) FROM register_marketing AS m INNER JOIN auth_user_md5 AS u ON u.user_id = m.uid WHERE m.hash={?}", $hash); - if (list($uid, $promo, $nom, $prenom, $ourmat, $watch) = $res->fetchOneRow()) { + if (list($uid, $promo, $nom, $prenom, $ourmat, $naiss, $watch) = $res->fetchOneRow()) { $sub_state['uid'] = $uid; $sub_state['hash'] = $hash; $sub_state['promo'] = $promo; $sub_state['nom'] = $nom; $sub_state['prenom'] = $prenom; $sub_state['ourmat'] = $ourmat; - $sub_state['watch'] = $watch; + $sub_state['watch'] = $watch; + $sub_state['naissance_ini'] = $naiss; XDB::execute( "REPLACE INTO register_mstats (uid,sender,success) @@ -184,6 +185,9 @@ class RegisterModule extends PLModule substr($birth,4,4), substr($birth,2,2), substr($birth,0,2)); + if ($sub_state['naissance_ini'] != '0000-00-00' && $sub_state['naissance'] != $sub_state['naissance_ini']) { + $alert .= "Date de naissance incorrecte à l'inscription - "; + } $sub_state['email'] = Post::v('email'); if (check_ip('unsafe')) { $err = "Une erreur s'est produite lors de l'inscription." @@ -221,22 +225,31 @@ class RegisterModule extends PLModule { global $globals; + $page->changeTpl('register/end.tpl'); $_SESSION['sub_state'] = array('step' => 5); + + if (check_ip('unsafe')) { + send_warning_mail('Une IP surveillée a tenté de finaliser son inscription'); + XDB::execute('DELETE FROM register_pending + WHERE hash = {?} AND hash != \'INSCRIT\'', $hash); + return PL_FORBIDDEN; + } + require_once('user.func.inc.php'); if ($hash) { $res = XDB::query( "SELECT r.uid, r.forlife, r.bestalias, r.mailorg2, r.password, r.email, r.naissance, u.nom, u.prenom, - u.promo, u.flags + u.promo, FIND_IN_SET('femme', u.flags), u.naissance_ini FROM register_pending AS r INNER JOIN auth_user_md5 AS u ON r.uid = u.user_id WHERE hash={?} AND hash!='INSCRIT'", $hash); } if (!$hash || !list($uid, $forlife, $bestalias, $mailorg2, $password, $email, - $naissance, $nom, $prenom, $promo, $femme) = $res->fetchOneRow()) + $naissance, $nom, $prenom, $promo, $femme, $naiss_ini) = $res->fetchOneRow()) { $page->kill("

Cette adresse n'existe pas, ou plus, sur le serveur.

Causes probables :

@@ -293,7 +306,7 @@ class RegisterModule extends PLModule $mymail->assign('prenom', $prenom); $mymail->send(); - if (!start_connexion($uid,false)) { + if (!start_connexion($uid, false)) { return PL_FORBIDDEN; } $_SESSION['auth'] = AUTH_MDP; @@ -317,7 +330,7 @@ class RegisterModule extends PLModule $mymail->setFrom('"Marketing Polytechnique.org" '); $mymail->addTo("\"$sprenom $snom\" <$salias@{$globals->mail->domain}>"); $msg = ($sfemme?'Chère':'Cher')." $sprenom,\n\n" - . "Nous t'écrivons pour t'informer que {$prenom} {$nom} (X{$promo}), " + . "Nous t'écrivons pour t'informer que $prenom $nom (X$promo), " . "que tu avais incité".($femme?'e':'')." à s'inscrire à Polytechnique.org, " . "vient à l'instant de terminer son inscription.\n\n" . "Merci de ta participation active à la reconnaissance de ce site !!!\n\n" @@ -337,7 +350,7 @@ class RegisterModule extends PLModule . " - nom : $nom\n" . " - prenom : $prenom\n" . " - promo : $promo\n" - . " - naissance : $naissance\n" + . " - naissance : $naissance (date connue : $naiss_ini)\n" . " - forlife : $forlife\n" . " - email : $email\n" . " - sexe : $femme\n" diff --git a/modules/register/register.inc.php b/modules/register/register.inc.php index 3b475f4..e81f32e 100644 --- a/modules/register/register.inc.php +++ b/modules/register/register.inc.php @@ -46,7 +46,7 @@ function user_cmp($prenom, $nom, $_prenom, $_nom) // }}} // {{{ function check_mat -function check_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch) +function check_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch, &$naiss) { if (!preg_match('/^[0-9][0-9][0-9][0-9][0-9][0-9]$/', $mat)) { return "Le matricule doit comporter 6 chiffres."; @@ -62,10 +62,10 @@ function check_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch) } $res = XDB::query( - 'SELECT user_id, promo, perms IN ("admin","user"), nom, prenom, FIND_IN_SET(\'watch\', u.flags) + 'SELECT user_id, promo, perms IN ("admin","user"), nom, prenom, FIND_IN_SET(\'watch\', u.flags), naissance_ini FROM auth_user_md5 WHERE matricule={?} and deces = 0', $ourmat); - list ($uid, $_promo, $_already, $_nom, $_prenom, $watch) = $res->fetchOneRow(); + list ($uid, $_promo, $_already, $_nom, $_prenom, $watch, $naiss) = $res->fetchOneRow(); if ($_already) { return "tu es déjà inscrit ou ton matricule est incorrect !"; } if ($_promo != $promo) { return "erreur de matricule"; } @@ -80,13 +80,13 @@ function check_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch) // }}} // {{{ function check_old_mat -function check_old_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch) +function check_old_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch, &$naiss) { $res = XDB::iterRow( - 'SELECT user_id, nom, prenom, matricule, FIND_IN_SET(\'watch\', flags) + 'SELECT user_id, nom, prenom, matricule, FIND_IN_SET(\'watch\', flags), naissance_ini FROM auth_user_md5 WHERE promo={?} AND deces=0 AND perms="pending"', $promo); - while (list($_uid, $_nom, $_prenom, $_mat, $watch) = $res->next()) { + while (list($_uid, $_nom, $_prenom, $_mat, $watch, $naiss) = $res->next()) { if (user_cmp($prenom, $nom, $_prenom, $_nom)) { $ourid = $_uid; $ourmat = $_mat; @@ -95,11 +95,11 @@ function check_old_mat($promo, $mat, $nom, $prenom, &$ourmat, &$ourid, &$watch) } $res = XDB::iterRow( - 'SELECT user_id, nom, prenom, matricule, alias, FIND_IN_SET(\'watch\', u.flags) + 'SELECT user_id, nom, prenom, matricule, alias, FIND_IN_SET(\'watch\', u.flags), naissance_ini FROM auth_user_md5 AS u INNER JOIN aliases AS a ON (u.user_id = a.id and FIND_IN_SET("bestalias", a.flags)) WHERE promo={?} AND deces=0 AND perms IN ("user","admin")', $promo); - while (list($_uid, $_nom, $_prenom, $_mat, $alias, $watch) = $res->next()) { + while (list($_uid, $_nom, $_prenom, $_mat, $alias, $watch, $naiss) = $res->next()) { if (user_cmp($prenom, $nom, $_prenom, $_nom)) { $ourid = $_uid; $ourmat = $_mat; @@ -127,9 +127,9 @@ function check_new_user(&$sub) $nom = strtoupper(replace_accent($nom)); if ($promo >= 1996) { - $res = check_mat($promo, $mat, $nom, $prenom, $ourmat, $ourid, $watch); + $res = check_mat($promo, $mat, $nom, $prenom, $ourmat, $ourid, $watch, $naiss); } else { - $res = check_old_mat($promo, $mat, $nom, $prenom, $ourmat, $ourid, $watch); + $res = check_old_mat($promo, $mat, $nom, $prenom, $ourmat, $ourid, $watch, $naiss); } if ($res !== true) { return $res; } @@ -138,6 +138,7 @@ function check_new_user(&$sub) $sub['ourmat'] = $ourmat; $sub['uid'] = $ourid; $sub['watch'] = $watch; + $sub['naissance_ini'] = $naiss; return true; } diff --git a/upgrade/0.9.14/01_auth_user_md5.sql b/upgrade/0.9.14/01_auth_user_md5.sql index ab99ab2..4037e64 100644 --- a/upgrade/0.9.14/01_auth_user_md5.sql +++ b/upgrade/0.9.14/01_auth_user_md5.sql @@ -1,4 +1,14 @@ +# Security stuff alter table auth_user_md5 change flags flags set('femme', 'watch') not null; +alter table auth_user_md5 add column naissance_ini date not null default '0000-00-00' after smtppass; + +# Deprecated stuff +alter table auth_user_md5 drop column nom_ini_soundex; +alter table auth_user_md5 drop column prenom_ini_soundex; +alter table auth_user_md5 drop column appli; +alter table auth_user_md5 drop column bits; + +# Advance search alter table auth_user_md5 add key nationalite(nationalite); alter table adresses add key country(country); alter table adresses add key region(region); -- 2.1.4