function handler_exit($page, $level = null)
{
global $globals;
if (S::has('suid')) {
Platal::session()->stopSUID();
pl_redirect('/');
}
Platal::session()->destroy();
http_redirect($globals->baseurl_http);
$page->changeTpl('exit.tpl');
}
function handler_rss($page, $group, $alias, $hash, $file = null)
{
if (is_null($file)) {
if (is_null($hash)) {
return PL_FORBIDDEN;
}
$this->handler_rss($page, null, $group, $alias, $hash);
}
$user = Platal::session()->tokenAuth($alias, $hash);
if (is_null($user)) {
return PL_FORBIDDEN;
}
require_once 'banana/forum.inc.php';
$banana = new ForumsBanana($user, array('group' => $group, 'action' => 'rss2'));
$banana->run();
exit;
}
function handler_sso($page)
{
$this->load('sso.inc.php');
// First, perform security checks.
if (!wats4u_sso_check()) {
return PL_BAD_REQUEST;
}
global $globals;
if (!S::logged()) {
// Request auth.
$page->assign('external_auth', true);
$page->assign('ext_url', $globals->wats4u->public_url);
$page->setTitle('Authentification');
$page->setDefaultSkin('group_login');
$page->assign('group', null);
return PL_DO_AUTH;
}
if (!S::user()->checkPerms(PERMS_USER)) {
// External (X.net) account
return PL_FORBIDDEN;
}
// Update the last login information (unless the user is in SUID).
$uid = S::i('uid');
if (!S::suid()) {
global $platal;
S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url']));
}
// If we logged in specifically for this 'external_auth' request
// and didn't want to "keep access to services", we kill the session
// just before returning.
// See classes/xorgsession.php:startSessionAs
if (S::b('external_auth_exit')) {
S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->killAccessCookie();
Platal::session()->destroy();
}
// Compute return URL
$full_return = wats4u_sso_build_return_url(S::user());
if ($full_return === "") {
// Something went wrong
$page->kill("Erreur dans le traitement de la requête Wats4U.");
}
http_redirect($full_return);
}
function handler_su($page, $uid = null)
{
if (S::has('suid')) {
$page->kill("Déjà en SUID !!!");
}
if ($uid === null) {
throw new Exception("You forgot to pass the uid you want to impersonate");
}
$user = new UserFilter(new UFC_Uid($uid));
$user = $user->get(true);
if ($user !== false) {
$user->select(UserSelect::login());
if (!Platal::session()->startSUID($user)) {
$page->trigError('Impossible d\'effectuer un SUID sur ' . $uid);
} else {
S::logger()->log('admin/su', array('uid' => $user->id()));
pl_redirect('home');
}
} else {
throw new Exception("Impossible de faire un SUID sur " . $uid);
}
}
function handler_pdf($page, $arg0 = null, $arg1 = null)
{
$this->load('contacts.pdf.inc.php');
$user = S::user();
Platal::session()->close();
$order = array(new UFO_Name());
if ($arg0 == 'promo') {
$order = array_unshift($order, new UFO_Promo());
} else {
$order[] = new UFO_Promo();
}
$filter = new UserFilter(new UFC_Contact($user), $order);
$pdf = new ContactsPDF();
$it = $filter->iterProfiles();
while ($p = $it->next()) {
$pdf = ContactsPDF::addContact($pdf, $p, $arg0 == 'photos' || $arg1 == 'photos');
}
$pdf->Output();
exit;
}
function handler_rss($page, $liste = null, $alias = null, $hash = null)
{
if (!$liste) {
return PL_NOT_FOUND;
}
$user = Platal::session()->tokenAuth($alias, $hash);
if (is_null($user)) {
return PL_FORBIDDEN;
}
$mlist = $this->prepare_list($liste);
if (list($det) = $mlist->getMembers()) {
if (substr($liste, 0, 5) != 'promo' && ($det['ins'] || $det['priv']) && !$det['own'] && $det['sub'] < 2) {
exit;
}
require_once 'banana/ml.inc.php';
$banana = new MLBanana($user, array('listname' => $mlist->mbox, 'domain' => $mlist->domain, 'action' => 'rss2'));
$banana->run();
}
exit;
}
function handler_exit($page, $level = null)
{
if (S::suid()) {
$old = S::user()->login();
S::logger()->log('suid_stop', $old . " by " . S::suid('hruid'));
Platal::session()->stopSUID();
$target = S::s('suid_startpage');
S::kill('suid_startpage');
if (!empty($target)) {
http_redirect($target);
}
pl_redirect('admin/user/' . $old);
}
if ($level == 'forget' || $level == 'forgetall') {
Platal::session()->killAccessCookie();
}
if ($level == 'forgetuid' || $level == 'forgetall') {
Platal::session()->killLoginFormCookies();
}
if (S::logged()) {
S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']);
Platal::session()->destroy();
}
if (Get::has('redirect')) {
http_redirect(rawurldecode(Get::v('redirect')));
} else {
$page->changeTpl('platal/exit.tpl');
}
}
function handler_user($page, $login = false)
{
global $globals;
$page->changeTpl('admin/user.tpl');
$page->setTitle('Administration - Compte');
if (S::suid()) {
$page->kill("Déjà en SUID !!!");
}
// Loads the user identity using the environment.
if ($login) {
$user = User::get($login);
}
if (empty($user)) {
pl_redirect('admin/accounts');
}
$listClient = new MMList(S::user());
$login = $user->login();
$registered = $user->state != 'pending';
// Form processing
if (!empty($_POST)) {
S::assert_xsrf_token();
if (Post::has('uid') && Post::i('uid') != $user->id()) {
$page->kill('Une erreur s\'est produite');
}
}
// Handles specific requests (AX sync, su, ...).
if (Post::has('log_account')) {
pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m'));
}
if (Post::has('su_account') && $registered) {
if (!Platal::session()->startSUID($user)) {
$page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login());
} else {
pl_redirect("");
}
}
// Handles account deletion.
if (Post::has('account_deletion_confirmation')) {
$uid = $user->id();
$name = $user->fullName();
$profile = $user->profile();
if ($profile && Post::b('clear_profile')) {
$user->profile()->clear();
}
$user->clear(true);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit.");
if (Post::b('erase_account')) {
XDB::execute('DELETE FROM accounts
WHERE uid = {?}', $uid);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données");
}
}
// Account Form {{{
require_once 'emails.inc.php';
$to_update = array();
if (Post::has('disable_weak_access')) {
$to_update['weak_password'] = null;
} else {
if (Post::has('update_account')) {
if (!$user->hasProfile()) {
require_once 'name.func.inc.php';
$name_update = false;
$lastname = capitalize_name(Post::t('lastname'));
$firstname = capitalize_name(Post::t('firstname'));
if ($lastname != $user->lastname) {
$to_update['lastname'] = $lastname;
$name_update = true;
}
if (Post::s('type') != 'virtual' && $firstname != $user->firstname) {
$to_update['firstname'] = $firstname;
$name_update = true;
}
if ($name_update) {
if (Post::s('type') == 'virtual') {
$firstname = '';
}
$to_update['full_name'] = build_full_name($firstname, $lastname);
$to_update['directory_name'] = build_directory_name($firstname, $lastname);
$to_update['sort_name'] = build_sort_name($firstname, $lastname);
}
if (Post::s('display_name') != $user->displayName()) {
$to_update['display_name'] = Post::s('display_name');
}
}
if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
$to_update['sex'] = Post::s('sex');
if ($user->hasProfile()) {
XDB::execute('UPDATE profiles
SET sex = {?}
WHERE pid = {?}', Post::s('sex'), $user->profile()->id());
}
}
if (!Post::blank('pwhash')) {
$to_update['password'] = Post::s('pwhash');
require_once 'googleapps.inc.php';
$account = new GoogleAppsAccount($user);
if ($account->active() && $account->sync_password) {
$account->set_password(Post::s('pwhash'));
}
}
if (!Post::blank('weak_password')) {
$to_update['weak_password'] = Post::s('weak_password');
}
if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
$to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
}
if (Post::i('skin') != $user->skin) {
$to_update['skin'] = Post::i('skin');
if ($to_update['skin'] == 0) {
$to_update['skin'] = null;
}
}
if (Post::s('state') != $user->state) {
$to_update['state'] = Post::s('state');
}
if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
$to_update['is_admin'] = Post::b('is_admin');
}
if (Post::s('type') != $user->type) {
$to_update['type'] = Post::s('type');
}
if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
$to_update['flags'] = new PlFlagset();
$to_update['flags']->addFlag('watch', Post::i('watch'));
}
if (Post::t('comment') != $user->comment) {
$to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
}
$new_email = strtolower(Post::t('email'));
if (require_email_update($user, $new_email)) {
$to_update['email'] = $new_email;
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
}
}
if (!empty($to_update)) {
$res = XDB::query('SELECT *
FROM accounts
WHERE uid = {?}', $user->id());
$oldValues = $res->fetchAllAssoc();
$oldValues = $oldValues[0];
$set = array();
$diff = array();
foreach ($to_update as $k => $value) {
$value = XDB::format('{?}', $value);
$set[] = $k . ' = ' . $value;
$diff[$k] = array($oldValues[$k], trim($value, "'"));
unset($oldValues[$k]);
}
XDB::rawExecute('UPDATE accounts
SET ' . implode(', ', $set) . '
WHERE uid = ' . XDB::format('{?}', $user->id()));
$page->trigSuccess('Données du compte mise à jour avec succès');
$user = User::getWithUID($user->id());
/* Formats the $diff and send it to the site administrators. The rules are the folowing:
* -formats: password, token, weak_password
*/
foreach (array('password', 'token', 'weak_password') as $key) {
if (isset($diff[$key])) {
$diff[$key] = array('old value', 'new value');
} else {
$oldValues[$key] = 'old value';
}
}
$mail = new PlMailer('admin/useredit.mail.tpl');
$mail->assign('admin', S::user()->hruid);
$mail->assign('hruid', $user->hruid);
$mail->assign('diff', $diff);
$mail->assign('oldValues', $oldValues);
$mail->send();
}
// }}}
// Profile form {{{
if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
if (Post::i('del_profile', 0) != 0) {
XDB::execute('DELETE FROM account_profiles
WHERE uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile'));
XDB::execute('DELETE FROM profiles
WHERE pid = {?}', Post::i('del_profile'));
} else {
if (!Post::blank('new_profile')) {
$profile = Profile::get(Post::t('new_profile'));
if (!$profile) {
$page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
} else {
XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid)
VALUES ({?}, {?})', $user->id(), $profile->id());
}
}
}
XDB::execute('UPDATE account_profiles
SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
WHERE uid = {?}', Post::i('owner'), $user->id());
}
// }}}
// Email forwards form {{{
$redirect = $registered ? new Redirect($user) : null;
if (Post::has('add_fwd')) {
$email = Post::t('email');
if (!isvalid_email_redirection($email, $user)) {
$page->trigError("Email non valide: {$email}");
} else {
$redirect->add_email($email);
$page->trigSuccess("Ajout de {$email} effectué");
}
} else {
if (!Post::blank('del_fwd')) {
$redirect->delete_email(Post::t('del_fwd'));
} else {
if (!Post::blank('activate_fwd')) {
$redirect->modify_one_email(Post::t('activate_fwd'), true);
} else {
if (!Post::blank('deactivate_fwd')) {
$redirect->modify_one_email(Post::t('deactivate_fwd'), false);
} else {
if (Post::has('disable_fwd')) {
$redirect->disable();
} else {
if (Post::has('enable_fwd')) {
$redirect->enable();
} else {
if (!Post::blank('clean_fwd')) {
$redirect->clean_errors(Post::t('clean_fwd'));
}
}
}
}
}
}
}
// }}}
// Email alias form {{{
if (Post::has('add_alias')) {
// Splits new alias in user and fqdn.
$alias = Env::t('email');
if (strpos($alias, '@') !== false) {
list($alias, $domain) = explode('@', $alias);
} else {
$domain = $user->mainEmailDomain();
}
// Checks for alias' user validity.
if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) {
$page->trigError("'{$alias}' n'est pas un alias valide");
}
// Eventually adds the alias to the right domain.
if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
$req = new AliasReq($user, $alias, 'Admin request', false);
if ($req->commit()) {
$page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué.");
} else {
$page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué.");
}
} elseif ($domain == $user->mainEmailDomain()) {
XDB::execute('INSERT INTO email_source_account (email, uid, domain, type, flags)
SELECT {?}, {?}, id, \'alias\', \'\'
FROM email_virtual_domains
WHERE name = {?}', $alias, $user->id(), $domain);
$page->trigSuccess("Nouvel alias '{$alias}' ajouté");
} else {
$page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur.");
}
} else {
if (!Post::blank('del_alias')) {
$delete_alias = Post::t('del_alias');
list($email, $domain) = explode('@', $delete_alias);
XDB::execute('DELETE s
FROM email_source_account AS s
INNER JOIN email_virtual_domains AS m ON (s.domain = m.id)
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
WHERE s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain);
XDB::execute('UPDATE email_redirect_account AS r
INNER JOIN email_virtual_domains AS m ON (m.name = {?})
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
SET r.rewrite = \'\'
WHERE r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email);
fix_bestalias($user);
$page->trigSuccess("L'alias '{$delete_alias}' a été supprimé");
} else {
if (!Post::blank('best')) {
$best_alias = Post::t('best');
// First delete the bestalias flag from all this user's emails.
XDB::execute("UPDATE email_source_account\n SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n WHERE uid = {?}", $user->id());
// Then gives the bestalias flag to the given email.
list($email, $domain) = explode('@', $best_alias);
XDB::execute("UPDATE email_source_account\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n WHERE uid = {?} AND email = {?}", $user->id(), $email);
// As having a non-null bestalias value is critical in
// plat/al's code, we do an a posteriori check on the
// validity of the bestalias.
fix_bestalias($user);
}
}
}
// }}}
// OpenId form {{{
if (Post::has('del_openid')) {
XDB::execute('DELETE FROM account_auth_openid
WHERE id = {?}', Post::i('del_openid'));
}
// }}}
// Forum form {{{
if (Post::has('b_edit')) {
XDB::execute("DELETE FROM forum_innd\n WHERE uid = {?}", $user->id());
if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") {
XDB::execute("INSERT INTO forum_innd\n SET ipmin = '0', ipmax = '4294967295',\n write_perm = {?}, read_perm = {?},\n comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id());
}
}
// }}}
$page->addJsLink('jquery.ui.xorg.js');
// Displays last login and last host information.
$res = XDB::query("SELECT start, host\n FROM log_sessions\n WHERE uid = {?} AND suid IS NULL\n ORDER BY start DESC\n LIMIT 1", $user->id());
list($lastlogin, $host) = $res->fetchOneRow();
$page->assign('lastlogin', $lastlogin);
$page->assign('host', $host);
// Display mailing lists
$page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail()));
// Display active aliases.
$page->assign('virtuals', $user->emailGroupAliases());
$aliases = XDB::iterator("SELECT CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n (s.type = 'alias_aux') AS alias\n FROM email_source_account AS s\n INNER JOIN email_virtual_domains AS d ON (s.domain = d.id)\n WHERE s.uid = {?}\n ORDER BY !alias, s.email", $user->id());
$page->assign('aliases', $aliases);
$page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type'));
$page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name'));
$page->assign('profiles', XDB::iterator('SELECT p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id
FROM account_profiles AS ap
INNER JOIN profiles AS p ON (ap.pid = p.pid)
WHERE ap.uid = {?}', $user->id()));
$page->assign('openid', XDB::iterator('SELECT id, url
FROM account_auth_openid
WHERE uid = {?}', $user->id()));
// Displays email redirection and the general profile.
if ($registered && $redirect) {
$page->assign('emails', $redirect->emails);
}
$page->assign('user', $user);
$page->assign('hasProfile', $user->hasProfile());
// Displays forum bans.
$res = XDB::query("SELECT write_perm, read_perm, comment\n FROM forum_innd\n WHERE uid = {?}", $user->id());
$bans = $res->fetchOneAssoc();
$page->assign('bans', $bans);
}
final function checkAuthAndPerms()
{
return Platal::session()->checkAuthAndPerms($this->auth(), $this->perms());
}
function handler_remote($page)
{
global $globals, $platal;
if (!(Env::has('timestamp') && Env::has('site') && Env::has('hash') && Env::has('request'))) {
$page->trigError("Requête non valide");
return;
}
// Read request
$timestamp = Env::s('timestamp');
if (abs($timestamp - time()) > $globals->remote->lag) {
$page->trigError("Delai d'attente dépassé");
return;
}
$site = Env::s('site');
$request = Env::s('request');
// Load remote information
try {
$remote = Remote::from(Env::s('site'));
$remote->select(RemoteSelect::groups());
} catch (ItemNotFoundException $e) {
$page->trigError("Ton site n'est pas renseigné dans la base de données");
return;
}
// Check request
if (md5($timestamp . $site . $remote->privkey() . $request) != Env::s('hash')) {
$page->trigError("Erreur de validation de la requête d'authentification");
return;
}
$request = json_decode($request, true);
// Force login
$user = Platal::session()->doAuthWithoutStart(AUTH_COOKIE);
if (empty($user)) {
$page->assign('remote_site', $remote->label());
$platal->force_login($page);
return PL_FORBIDDEN;
}
// Build response
$response = array('uid' => $user->id());
if ($remote->hasRight('names') && in_array('names', $request)) {
$response['hruid'] = $user->login();
$response['firstname'] = $user->firstname();
$response['lastname'] = $user->lastname();
$response['nickname'] = $user->nickname();
}
if ($remote->hasRight('email') && in_array('email', $request)) {
$response['email'] = $user->email();
}
if ($remote->hasRight('rights') && in_array('rights', $request)) {
$r = array();
foreach ($remote->groups() as $g) {
$r[$g->name()] = array_map(function ($r) {
return (string) $r;
}, $user->rights($g));
}
if (!empty($r)) {
$response['rights'] = $r;
}
}
if ($remote->hasRight('sport') && in_array('sport', $request)) {
$groups = $user->castes()->groups();
$group = $groups->filter('ns', Group::NS_SPORT)->first();
if ($group) {
$response['sport'] = $group->label();
}
}
if ($remote->hasRight('promo') && in_array('promo', $request)) {
$groups = $user->castes()->groups()->filter('ns', Group::NS_PROMO);
$groups = $groups->remove(Group::from('on_platal'));
// Extract promos from group labels
// For backward compatibility, compute the minimal promo year
$promo = 0;
$promos = array();
foreach ($groups as $g) {
$matches = array();
if (preg_match('/^promo_([a-z_]+)([1-9][0-9]{3})$/', $g->name(), $matches)) {
$promos[] = $matches[1] . $matches[2];
$year = (int) $matches[2];
if (!$promo || $year < $promo) {
$promo = $year;
}
}
}
if ($promo) {
$response['promo'] = $promo;
$response['promos'] = $promos;
}
}
if ($remote->hasRight('photo') && in_array('photo', $request)) {
$img = $user->photo();
if ($img === false) {
$img = $user->original();
}
if ($img !== false) {
$response['photo'] = $globals->baseurl . '/' . $img->src('full');
}
}
if ($remote->hasRight('binets_admin') && in_array('binets_admin', $request)) {
$gf = new GroupFilter(new PFC_And(new GFC_User($user, Rights::admin()), new GFC_Namespace('binet')));
$gs = $gf->get();
if ($gs->count() > 0) {
$gs->select(GroupSelect::base());
$r = array();
foreach ($gs as $g) {
$r[$g->name()] = $g->label();
}
if (!empty($r)) {
$response['binets_admin'] = $r;
}
}
}
// Send response
$response = json_encode($response);
$location = Env::s('location');
header('Location: ' . $site . '?location=' . $location . '×tamp=' . $timestamp . '&response=' . $response . '&hash=' . md5($timestamp . $remote->privkey() . $response));
}
function handler_end($page, $hash = null)
{
global $globals;
$_SESSION['subState'] = array('step' => 5);
// Reject registration requests from unsafe IP addresses (and remove the
// registration information from the database, to prevent IP changes).
if (check_ip('unsafe')) {
send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
XDB::execute("DELETE FROM register_pending\n WHERE hash = {?} AND hash != 'INSCRIT'", $hash);
return PL_FORBIDDEN;
}
// Retrieve the pre-registration information using the url-provided
// authentication token.
$res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,\n r.password, r.email, r.services, r.naissance,\n ppn.lastname_initial, ppn.firstname_initial, pe.promo_year,\n pd.promo, p.sex, p.birthdate_ref, a.type, a.email AS old_account_email\n FROM register_pending AS r\n INNER JOIN accounts AS a ON (r.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'", $hash);
if (!$hash || $res->numRows() == 0) {
$page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>\n <p>Causes probables :</p>\n <ol>\n <li>Vérifie que tu visites l'adresse du dernier\n email reçu s'il y en a eu plusieurs.</li>\n <li>Tu as peut-être mal copié l'adresse reçue par\n email, vérifie-la à la main.</li>\n <li>Tu as peut-être attendu trop longtemps pour\n confirmer. Les pré-inscriptions sont annulées\n tous les 30 jours.</li>\n <li>Tu es en fait déjà inscrit.</li>\n </ol>");
}
list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services, $birthdate, $lastname, $firstname, $yearpromo, $promo, $sex, $birthdate_ref, $type, $old_account_email) = $res->fetchOneRow();
$isX = $type == 'x';
$mail_domain = User::$sub_mail_domains[$type] . $globals->mail->domain;
// Prepare the template for display.
$page->changeTpl('register/end.tpl');
$page->assign('forlife', $forlife);
$page->assign('firstname', $firstname);
// Check if the user did enter a valid password; if not (or if none is found),
// get her an information page.
if (Post::has('response')) {
$expected_response = sha1("{$forlife}:{$password}:" . S::v('challenge'));
if (Post::v('response') != $expected_response) {
$page->trigError("Mot de passe invalide.");
S::logger($uid)->log('auth_fail', 'bad password (register/end)');
return;
}
} else {
return;
}
//
// Create the user account.
//
XDB::startTransaction();
XDB::execute("UPDATE accounts\n SET password = {?}, state = 'active',\n registration_date = NOW(), email = NULL\n WHERE uid = {?}", $password, $uid);
XDB::execute("UPDATE profiles\n SET birthdate = {?}, last_change = NOW()\n WHERE pid = {?}", $birthdate, $pid);
XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain)
SELECT {?}, {?}, \'forlife\', \'\', id
FROM email_virtual_domains
WHERE name = {?}', $forlife, $uid, $mail_domain);
XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain)
SELECT {?}, {?}, \'alias\', \'bestalias\', id
FROM email_virtual_domains
WHERE name = {?}', $bestalias, $uid, $mail_domain);
if ($emailXorg2) {
XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain)
SELECT {?}, {?}, \'alias\', \'\', id
FROM email_virtual_domains
WHERE name = {?}', $emailXorg2, $uid, $mail_domain);
}
XDB::commit();
// Try to start a session (so the user don't have to log in); we will use
// the password available in Post:: to authenticate the user.
Platal::session()->start(AUTH_PASSWD);
// Add the registration email address as first and only redirection.
require_once 'emails.inc.php';
$user = User::getSilentWithUID($uid);
$redirect = new Redirect($user);
$redirect->add_email($email);
fix_bestalias($user);
// If the user was registered to some aliases and MLs, we must change
// the subscription to her forlife email.
if ($old_account_email) {
$listClient = new MMList($user);
$listClient->change_user_email($old_account_email, $user->forlifeEmail());
update_alias_user($old_account_email, $user->forlifeEmail());
}
// Subscribe the user to the services she did request at registration time.
require_once 'newsletter.inc.php';
foreach (explode(',', $services) as $service) {
switch ($service) {
case 'ax_letter':
/* This option is deprecated by 'com_letters' */
NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user);
break;
case 'com_letters':
NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user);
NewsLetter::forGroup(NewsLetter::GROUP_EP)->subscribe($user);
NewsLetter::forGroup(NewsLetter::GROUP_FX)->subscribe($user);
break;
case 'nl':
NewsLetter::forGroup(NewsLetter::GROUP_XORG)->subscribe($user);
break;
case 'imap':
Email::activate_storage($user, 'imap', Bogo::IMAP_DEFAULT);
break;
case 'ml_promo':
if ($isX) {
$r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
if ($r->numRows()) {
$asso_id = $r->fetchOneCell();
XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id)
VALUES ({?}, {?})', $uid, $asso_id);
try {
MailingList::subscribePromo($yearpromo, $user);
} catch (Exception $e) {
PlErrorReport::report($e);
$page->trigError("L'inscription à la liste promo" . $yearpromo . " a échouée.");
}
}
}
break;
}
}
// Log the registration in the user session.
S::logger($uid)->log('inscription', $email);
XDB::execute("UPDATE register_pending\n SET hash = 'INSCRIT'\n WHERE uid = {?}", $uid);
// Congratulate our newly registered user by email.
$mymail = new PlMailer('register/success.mail.tpl');
$mymail->addTo("\"{$user->fullName()}\" <{$user->forlifeEmail()}>");
if ($isX) {
$mymail->setSubject('Bienvenue parmi les X sur le web !');
} else {
$mymail->setSubject('Bienvenue sur Polytechnique.org !');
}
$mymail->assign('forlife', $forlife);
$mymail->assign('firstname', $firstname);
$mymail->send();
// Index the user, to allow her to appear in searches.
Profile::rebuildSearchTokens($pid);
// Notify other users which were watching for her arrival.
XDB::execute('INSERT INTO contacts (uid, contact)
SELECT uid, {?}
FROM watch_nonins
WHERE ni_id = {?}', $pid, $uid);
XDB::execute('DELETE FROM watch_nonins
WHERE ni_id = {?}', $uid);
Platal::session()->updateNbNotifs();
// Forcibly register the new user on default forums.
$registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements');
if ($isX) {
$promoForum = 'xorg.promo.' . strtolower($promo);
$exists = XDB::fetchOneCell('SELECT COUNT(*)
FROM forums
WHERE name = {?}', $promoForum);
if ($exists == 0) {
// Notify the newsgroup admin of the promotion forum needs be created.
$promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
$promoRegistered = new UserFilter(new PFC_And(new UFC_Promo('=', UserFilter::DISPLAY, $promo), new UFC_Registered(true), new PFC_Not(new UFC_Dead())));
if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
$mymail = new PlMailer('admin/forums-promo.mail.tpl');
$mymail->assign('promo', $promo);
$mymail->send();
}
} else {
$registeredForums[] = $promoForum;
}
}
foreach ($registeredForums as $forum) {
XDB::execute("INSERT INTO forum_subs (fid, uid)\n SELECT fid, {?}\n FROM forums\n WHERE name = {?}", $uid, $val);
}
// Update the global registration count stats.
$globals->updateNbIns();
//
// Update collateral data sources, and inform watchers by email.
//
// Email the referrer(s) of this new user.
$res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate\n FROM register_marketing\n WHERE uid = {?}\n GROUP BY sender\n ORDER BY lastDate DESC", $uid);
XDB::execute("UPDATE register_mstats\n SET success = NOW()\n WHERE uid = {?}", $uid);
$market = array();
while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
$sender = User::getWithUID($senderid);
$market[] = " - par {$sender->fullName()} sur {$maketingEmails} (le plus récemment le {$lastDate})";
$mymail = new PlMailer('register/marketer.mail.tpl');
$mymail->setSubject("{$firstname} {$lastname} s'est inscrit à Polytechnique.org !");
$mymail->setTo($sender);
$mymail->assign('sender', $sender);
$mymail->assign('firstname', $firstname);
$mymail->assign('lastname', $lastname);
$mymail->assign('promo', $promo);
$mymail->assign('sex', $sex);
$mymail->setTxtBody(wordwrap($msg, 72));
$mymail->send();
}
// Email the plat/al administrators about the registration.
if ($globals->register->notif) {
$mymail = new PlMailer('register/registration.mail.tpl');
$mymail->setSubject("Inscription de {$firstname} {$lastname} ({$promo})");
$mymail->assign('firstname', $firstname);
$mymail->assign('lastname', $lastname);
$mymail->assign('promo', $promo);
$mymail->assign('sex', $sex);
$mymail->assign('birthdate', $birthdate);
$mymail->assign('birthdate_ref', $birthdate_ref);
$mymail->assign('forlife', $forlife);
$mymail->assign('email', $email);
$mymail->assign('logger', S::logger());
if (count($market) > 0) {
$mymail->assign('market', implode("\n", $market));
}
$mymail->setTxtBody($msg);
$mymail->send();
}
// Remove old pending marketing requests for the new user.
Marketing::clear($uid);
pl_redirect('profile/edit');
}
function handler_change_rights($page)
{
if (Env::has('right') && (may_update() || S::suid())) {
switch (Env::v('right')) {
case 'admin':
Platal::session()->stopSUID();
break;
case 'anim':
Platal::session()->doSelfSuid();
may_update(true);
is_member(true);
break;
case 'member':
Platal::session()->doSelfSuid();
may_update(false, true);
is_member(true);
break;
case 'logged':
Platal::session()->doSelfSuid();
may_update(false, true);
is_member(false, true);
break;
}
}
if (!empty($_SERVER['HTTP_REFERER'])) {
http_redirect($_SERVER['HTTP_REFERER']);
} else {
pl_redirect('');
}
}
function handler_exit($page)
{
Platal::session()->stopSUID();
Platal::session()->destroy();
$page->changeTpl('xnet/deconnexion.tpl');
}
