function prepareform($pay, $user) { // Documentation: // https://www.paypal.com/developer // Warning: the automatic return only works if we force the // users to create a paypal account. We do not use it; thus // the user must come back on the site. global $globals, $platal; $this->urlform = 'https://' . $globals->money->paypal_site . '/cgi-bin/webscr'; $roboturl = str_replace("https://", "http://", $globals->baseurl) . '/' . $platal->ns . "payment/paypal_return/" . $user->id() . "?comment=" . urlencode(Env::v('comment')) . '&display=' . Post::i('display'); $this->infos = array('commercant' => array('business' => $globals->money->paypal_compte, 'rm' => 2, 'return' => $roboturl, 'cn' => 'Commentaires', 'no_shipping' => 1, 'cbt' => empty($GLOBALS['IS_XNET_SITE']) ? 'Revenir sur polytechnique.org.' : 'Revenir sur polytechnique.net.')); $info_client = array('first_name' => $user->firstName(), 'last_name' => $user->lastName(), 'email' => $user->bestEmail()); if ($user->hasProfile()) { $res = XDB::query("SELECT pa.text, GROUP_CONCAT(pace2.short_name) AS city,\n GROUP_CONCAT(pace3.short_name) AS zip, GROUP_CONCAT(pace1.short_name) AS country,\n IF(pp1.display_tel != '', pp1.display_tel, pp2.display_tel) AS night_phone_b\n FROM profile_addresses AS pa\n LEFT JOIN profile_phones AS pp1 ON (pp1.pid = pa.pid AND pp1.link_type = 'address' AND pp1.link_id = pa.id)\n LEFT JOIN profile_phones AS pp2 ON (pp2.pid = pa.pid AND pp2.link_type = 'user' AND pp2.link_id = 0)\n LEFT JOIN profile_addresses_components AS pc ON (pa.pid = pc.pid AND pa.jobid = pc.jobid AND pa.groupid = pc.groupid\n AND pa.type = pc.type AND pa.id = pc.id)\n LEFT JOIN profile_addresses_components_enum AS pace1 ON (FIND_IN_SET('country', pace1.types) AND pace1.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace2 ON (FIND_IN_SET('locality', pace2.types) AND pace2.id = pc.component_id)\n LEFT JOIN profile_addresses_components_enum AS pace3 ON (FIND_IN_SET('postal_code', pace3.types) AND pace3.id = pc.component_id)\n WHERE pa.pid = {?} AND FIND_IN_SET('current', pa.flags)\n GROUP BY pa.pid, pa.jobid, pa.groupid, pa.id, pa.type\n LIMIT 1", $user->profile()->id()); if (is_array($res)) { $this->infos['client'] = array_map('replace_accent', array_merge($info_client, $res->fetchOneAssoc())); list($this->infos['client']['address1'], $this->infos['client']['address2']) = explode("\n", Geocoder::getFirstLines($this->infos['client']['text'], $this->infos['client']['zip'], 2)); unset($this->infos['client']['text']); } else { $this->infos['client'] = array_map('replace_accent', $info_client); } } else { $this->infos['client'] = array_map('replace_accent', $info_client); } // We build the transaction's reference $prefix = rand_url_id(); $fullref = substr("{$prefix}-xorg-{$pay->id}", -15); $this->infos['commande'] = array('item_name' => replace_accent($pay->text), 'amount' => $this->val_number, 'currency_code' => 'EUR', 'custom' => $fullref); $this->infos['divers'] = array('cmd' => '_xclick'); }
public function commit() { $hash = rand_url_id(12); XDB::execute('INSERT INTO register_pending_xnet (uid, hruid, email, date, hash, sender_name, group_name) VALUES ({?}, {?}, {?}, NOW(), {?}, {?}, {?})', $this->uid, $this->hruid, $this->email, $hash, $this->user->fullName(), $this->group); return true; }
public function commit() { $values = array(); $i = 0; foreach ($this->users as $user) { $values[] = XDB::format('({?}, {?}, {?}, NOW(), {?}, {?}, {?})', $user['uid'], $user['hruid'], $user['email'], rand_url_id(12), $this->user->fullName(), $this->group); if ($i == $this->limit) { XDB::rawExecute('INSERT INTO register_pending_xnet (uid, hruid, email, date, hash, sender_name, group_name) VALUES ' . implode(', ', $values)); $i = 0; $values = array(); } else { ++$i; } } XDB::rawExecute('INSERT INTO register_pending_xnet (uid, hruid, email, date, hash, sender_name, group_name) VALUES ' . implode(', ', $values)); return true; }
function prepareform($pay, $user) { global $globals, $platal; $log = S::v('log'); // Transaction's reference computation. $prefix = rand_url_id(); $fullref = substr("{$prefix}-{$pay->id}", -12); // FIXME : check for duplicates $ts = time(); $trans_date = gmdate("YmdHis", $ts); $trans_id = gmdate("His", $ts); // FIXME : check for duplicates // Form's content. $this->urlform = "https://systempay.cyberpluspaiement.com/vads-payment/"; $this->infos['commercant'] = array('vads_site_id' => $globals->money->cyperplus_account, 'vads_return_mode' => 'NONE', 'vads_url_return' => $pay->url ? $pay->url : $globals->baseurl . '/' . $platal->ns); $this->infos['client'] = array('vads_cust_email' => $user->bestEmail(), 'vads_cust_id' => $user->id(), 'vads_cust_name' => substr(self::replaceNonAlpha(replace_accent($user->shortName())), 0, 127)); $this->infos['commande'] = array('vads_amount' => $this->val, 'vads_currency' => '978', 'vads_payment_config' => 'SINGLE', 'vads_trans_date' => $trans_date, 'vads_trans_id' => $trans_id, 'vads_order_id' => $fullref, 'vads_order_info' => substr(self::replaceNonAlpha(replace_accent(Env::v('comment'))), 0, 255), 'vads_order_info2' => Post::i('display')); $this->infos['divers'] = array('vads_version' => 'V2', 'vads_ctx_mode' => $globals->money->cyperplus_prod, 'vads_page_action' => 'PAYMENT', 'vads_action_mode' => 'INTERACTIVE'); // Entry key computation. $all_params = array_merge($this->infos['commercant'], $this->infos['client'], $this->infos['commande'], $this->infos['divers']); ksort($all_params); $this->infos['divers']['signature'] = sha1(join('+', $all_params) . '+' . $globals->money->cyperplus_key); }
function finishRegistration($subState) { global $globals; $hash = rand_url_id(12); XDB::execute('INSERT INTO register_pending (uid, forlife, bestalias, mailorg2, password, email, date, relance, naissance, hash, services) VALUES ({?}, {?}, {?}, {?}, {?}, {?}, NOW(), 0, {?}, {?}, {?}) ON DUPLICATE KEY UPDATE password=VALUES(password), email=VALUES(email), date=VALUES(date), naissance=VALUES(naissance), hash=VALUES(hash), services=VALUES(services)', $subState->i('uid'), $subState->s('forlife'), $subState->s('bestalias'), $subState->s('emailXorg2'), $subState->s('password'), $subState->s('email'), $subState->s('birthdate'), $hash, implode(',', $subState->v('services'))); $mymail = new PlMailer('register/end.mail.tpl'); $mymail->assign('emailXorg', $subState->s('bestalias')); $mymail->assign('to', $subState->s('email')); $mymail->assign('baseurl', $globals->baseurl); $mymail->assign('hash', $hash); $mymail->assign('subject', ucfirst($globals->mail->domain) . ' : ' . $subState->s('bestalias')); $mymail->send(); }
function handler_recovery_ext($page) { $page->changeTpl('xnet/recovery.tpl'); if (!Post::has('login')) { return; } $user = User::getSilent(Post::t('login')); if (is_null($user)) { $page->trigError('Le compte n\'existe pas.'); return; } if ($user->state != 'active') { $page->trigError('Ton compte n\'est pas activé.'); return; } $page->assign('ok', true); $hash = rand_url_id(); XDB::execute('INSERT INTO account_lost_passwords (uid, created, certificat) VALUES ({?}, NOW(), {?})', $user->id(), $hash); $mymail = new PlMailer('platal/password_recovery_xnet.mail.tpl'); $mymail->setTo($user); $mymail->assign('hash', $hash); $mymail->assign('email', Post::t('login')); $mymail->send(); S::logger($user->id())->log('recovery', $user->bestEmail()); }
function handler_user($page, $login = false) { global $globals; $page->changeTpl('admin/user.tpl'); $page->setTitle('Administration - Compte'); if (S::suid()) { $page->kill("Déjà en SUID !!!"); } // Loads the user identity using the environment. if ($login) { $user = User::get($login); } if (empty($user)) { pl_redirect('admin/accounts'); } $listClient = new MMList(S::user()); $login = $user->login(); $registered = $user->state != 'pending'; // Form processing if (!empty($_POST)) { S::assert_xsrf_token(); if (Post::has('uid') && Post::i('uid') != $user->id()) { $page->kill('Une erreur s\'est produite'); } } // Handles specific requests (AX sync, su, ...). if (Post::has('log_account')) { pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m')); } if (Post::has('su_account') && $registered) { if (!Platal::session()->startSUID($user)) { $page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login()); } else { pl_redirect(""); } } // Handles account deletion. if (Post::has('account_deletion_confirmation')) { $uid = $user->id(); $name = $user->fullName(); $profile = $user->profile(); if ($profile && Post::b('clear_profile')) { $user->profile()->clear(); } $user->clear(true); $page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit."); if (Post::b('erase_account')) { XDB::execute('DELETE FROM accounts WHERE uid = {?}', $uid); $page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données"); } } // Account Form {{{ require_once 'emails.inc.php'; $to_update = array(); if (Post::has('disable_weak_access')) { $to_update['weak_password'] = null; } else { if (Post::has('update_account')) { if (!$user->hasProfile()) { require_once 'name.func.inc.php'; $name_update = false; $lastname = capitalize_name(Post::t('lastname')); $firstname = capitalize_name(Post::t('firstname')); if ($lastname != $user->lastname) { $to_update['lastname'] = $lastname; $name_update = true; } if (Post::s('type') != 'virtual' && $firstname != $user->firstname) { $to_update['firstname'] = $firstname; $name_update = true; } if ($name_update) { if (Post::s('type') == 'virtual') { $firstname = ''; } $to_update['full_name'] = build_full_name($firstname, $lastname); $to_update['directory_name'] = build_directory_name($firstname, $lastname); $to_update['sort_name'] = build_sort_name($firstname, $lastname); } if (Post::s('display_name') != $user->displayName()) { $to_update['display_name'] = Post::s('display_name'); } } if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) { $to_update['sex'] = Post::s('sex'); if ($user->hasProfile()) { XDB::execute('UPDATE profiles SET sex = {?} WHERE pid = {?}', Post::s('sex'), $user->profile()->id()); } } if (!Post::blank('pwhash')) { $to_update['password'] = Post::s('pwhash'); require_once 'googleapps.inc.php'; $account = new GoogleAppsAccount($user); if ($account->active() && $account->sync_password) { $account->set_password(Post::s('pwhash')); } } if (!Post::blank('weak_password')) { $to_update['weak_password'] = Post::s('weak_password'); } if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) { $to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null; } if (Post::i('skin') != $user->skin) { $to_update['skin'] = Post::i('skin'); if ($to_update['skin'] == 0) { $to_update['skin'] = null; } } if (Post::s('state') != $user->state) { $to_update['state'] = Post::s('state'); } if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) { $to_update['is_admin'] = Post::b('is_admin'); } if (Post::s('type') != $user->type) { $to_update['type'] = Post::s('type'); } if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) { $to_update['flags'] = new PlFlagset(); $to_update['flags']->addFlag('watch', Post::i('watch')); } if (Post::t('comment') != $user->comment) { $to_update['comment'] = Post::blank('comment') ? null : Post::t('comment'); } $new_email = strtolower(Post::t('email')); if (require_email_update($user, $new_email)) { $to_update['email'] = $new_email; $listClient->change_user_email($user->forlifeEmail(), $new_email); update_alias_user($user->forlifeEmail(), $new_email); } } } if (!empty($to_update)) { $res = XDB::query('SELECT * FROM accounts WHERE uid = {?}', $user->id()); $oldValues = $res->fetchAllAssoc(); $oldValues = $oldValues[0]; $set = array(); $diff = array(); foreach ($to_update as $k => $value) { $value = XDB::format('{?}', $value); $set[] = $k . ' = ' . $value; $diff[$k] = array($oldValues[$k], trim($value, "'")); unset($oldValues[$k]); } XDB::rawExecute('UPDATE accounts SET ' . implode(', ', $set) . ' WHERE uid = ' . XDB::format('{?}', $user->id())); $page->trigSuccess('Données du compte mise à jour avec succès'); $user = User::getWithUID($user->id()); /* Formats the $diff and send it to the site administrators. The rules are the folowing: * -formats: password, token, weak_password */ foreach (array('password', 'token', 'weak_password') as $key) { if (isset($diff[$key])) { $diff[$key] = array('old value', 'new value'); } else { $oldValues[$key] = 'old value'; } } $mail = new PlMailer('admin/useredit.mail.tpl'); $mail->assign('admin', S::user()->hruid); $mail->assign('hruid', $user->hruid); $mail->assign('diff', $diff); $mail->assign('oldValues', $oldValues); $mail->send(); } // }}} // Profile form {{{ if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) { if (Post::i('del_profile', 0) != 0) { XDB::execute('DELETE FROM account_profiles WHERE uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile')); XDB::execute('DELETE FROM profiles WHERE pid = {?}', Post::i('del_profile')); } else { if (!Post::blank('new_profile')) { $profile = Profile::get(Post::t('new_profile')); if (!$profile) { $page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas'); } else { XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid) VALUES ({?}, {?})', $user->id(), $profile->id()); } } } XDB::execute('UPDATE account_profiles SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\')) WHERE uid = {?}', Post::i('owner'), $user->id()); } // }}} // Email forwards form {{{ $redirect = $registered ? new Redirect($user) : null; if (Post::has('add_fwd')) { $email = Post::t('email'); if (!isvalid_email_redirection($email, $user)) { $page->trigError("Email non valide: {$email}"); } else { $redirect->add_email($email); $page->trigSuccess("Ajout de {$email} effectué"); } } else { if (!Post::blank('del_fwd')) { $redirect->delete_email(Post::t('del_fwd')); } else { if (!Post::blank('activate_fwd')) { $redirect->modify_one_email(Post::t('activate_fwd'), true); } else { if (!Post::blank('deactivate_fwd')) { $redirect->modify_one_email(Post::t('deactivate_fwd'), false); } else { if (Post::has('disable_fwd')) { $redirect->disable(); } else { if (Post::has('enable_fwd')) { $redirect->enable(); } else { if (!Post::blank('clean_fwd')) { $redirect->clean_errors(Post::t('clean_fwd')); } } } } } } } // }}} // Email alias form {{{ if (Post::has('add_alias')) { // Splits new alias in user and fqdn. $alias = Env::t('email'); if (strpos($alias, '@') !== false) { list($alias, $domain) = explode('@', $alias); } else { $domain = $user->mainEmailDomain(); } // Checks for alias' user validity. if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) { $page->trigError("'{$alias}' n'est pas un alias valide"); } // Eventually adds the alias to the right domain. if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) { $req = new AliasReq($user, $alias, 'Admin request', false); if ($req->commit()) { $page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué."); } else { $page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué."); } } elseif ($domain == $user->mainEmailDomain()) { XDB::execute('INSERT INTO email_source_account (email, uid, domain, type, flags) SELECT {?}, {?}, id, \'alias\', \'\' FROM email_virtual_domains WHERE name = {?}', $alias, $user->id(), $domain); $page->trigSuccess("Nouvel alias '{$alias}' ajouté"); } else { $page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur."); } } else { if (!Post::blank('del_alias')) { $delete_alias = Post::t('del_alias'); list($email, $domain) = explode('@', $delete_alias); XDB::execute('DELETE s FROM email_source_account AS s INNER JOIN email_virtual_domains AS m ON (s.domain = m.id) INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id) WHERE s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain); XDB::execute('UPDATE email_redirect_account AS r INNER JOIN email_virtual_domains AS m ON (m.name = {?}) INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id) SET r.rewrite = \'\' WHERE r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email); fix_bestalias($user); $page->trigSuccess("L'alias '{$delete_alias}' a été supprimé"); } else { if (!Post::blank('best')) { $best_alias = Post::t('best'); // First delete the bestalias flag from all this user's emails. XDB::execute("UPDATE email_source_account\n SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n WHERE uid = {?}", $user->id()); // Then gives the bestalias flag to the given email. list($email, $domain) = explode('@', $best_alias); XDB::execute("UPDATE email_source_account\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n WHERE uid = {?} AND email = {?}", $user->id(), $email); // As having a non-null bestalias value is critical in // plat/al's code, we do an a posteriori check on the // validity of the bestalias. fix_bestalias($user); } } } // }}} // OpenId form {{{ if (Post::has('del_openid')) { XDB::execute('DELETE FROM account_auth_openid WHERE id = {?}', Post::i('del_openid')); } // }}} // Forum form {{{ if (Post::has('b_edit')) { XDB::execute("DELETE FROM forum_innd\n WHERE uid = {?}", $user->id()); if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") { XDB::execute("INSERT INTO forum_innd\n SET ipmin = '0', ipmax = '4294967295',\n write_perm = {?}, read_perm = {?},\n comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id()); } } // }}} $page->addJsLink('jquery.ui.xorg.js'); // Displays last login and last host information. $res = XDB::query("SELECT start, host\n FROM log_sessions\n WHERE uid = {?} AND suid IS NULL\n ORDER BY start DESC\n LIMIT 1", $user->id()); list($lastlogin, $host) = $res->fetchOneRow(); $page->assign('lastlogin', $lastlogin); $page->assign('host', $host); // Display mailing lists $page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail())); // Display active aliases. $page->assign('virtuals', $user->emailGroupAliases()); $aliases = XDB::iterator("SELECT CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n (s.type = 'alias_aux') AS alias\n FROM email_source_account AS s\n INNER JOIN email_virtual_domains AS d ON (s.domain = d.id)\n WHERE s.uid = {?}\n ORDER BY !alias, s.email", $user->id()); $page->assign('aliases', $aliases); $page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type')); $page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name')); $page->assign('profiles', XDB::iterator('SELECT p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id FROM account_profiles AS ap INNER JOIN profiles AS p ON (ap.pid = p.pid) WHERE ap.uid = {?}', $user->id())); $page->assign('openid', XDB::iterator('SELECT id, url FROM account_auth_openid WHERE uid = {?}', $user->id())); // Displays email redirection and the general profile. if ($registered && $redirect) { $page->assign('emails', $redirect->emails); } $page->assign('user', $user); $page->assign('hasProfile', $user->hasProfile()); // Displays forum bans. $res = XDB::query("SELECT write_perm, read_perm, comment\n FROM forum_innd\n WHERE uid = {?}", $user->id()); $bans = $res->fetchOneAssoc(); $page->assign('bans', $bans); }
public function set_rewrite($rewrite) { if ($this->type != 'smtp' || $this->rewrite == $rewrite) { return; } if (!$rewrite || !isvalid_email($rewrite)) { $rewrite = ''; } XDB::execute('UPDATE email_redirect_account SET rewrite = {?} WHERE uid = {?} AND redirect = {?} AND type = \'smtp\'', $rewrite, $this->user->id(), $this->email); $this->rewrite = $rewrite; if (!$this->allow_rewrite) { global $globals; if (empty($this->hash)) { $this->hash = rand_url_id(); XDB::execute('UPDATE email_redirect_account SET hash = {?} WHERE uid = {?} AND redirect = {?} AND type = \'smtp\'', $this->hash, $this->user->id(), $this->email); } $mail = new PlMailer('emails/rewrite-in.mail.tpl'); $mail->assign('mail', $this); $mail->assign('user', $this->user); $mail->assign('baseurl', $globals->baseurl); $mail->assign('sitename', $globals->core->sitename); $mail->assign('to', $this->email); $mail->send($this->user->isEmailFormatHtml()); } }
public static function relance(PlUser $user, $nbx = -1) { global $globals; if ($nbx < 0) { $nbx = $globals->core->NbIns; } $res = XDB::fetchOneCell('SELECT r.date, r.email, r.bestalias FROM register_pending WHERE r.hash = \'INSCRIT\' AND uid = {?}', $user->id()); if (!$res) { return false; } else { list($date, $email, $alias) = $res; } $hash = rand_url_id(12); $pass = rand_pass(); $pass_encrypted = sha1($pass); $fdate = strftime('%d %B %Y', strtotime($date)); $mymail = new PlMailer('marketing/relance.mail.tpl'); $mymail->assign('nbdix', $nbx); $mymail->assign('fdate', $fdate); $mymail->assign('lusername', $alias); $mymail->assign('nveau_pass', $pass); $mymail->assign('baseurl', $globals->baseurl); $mymail->assign('lins_id', $hash); $mymail->assign('lemail', $email); $mymail->assign('subj', ucfirst($globals->mail->domain) . ' : ' . $alias); $mymail->send(); XDB::execute('UPDATE register_pending SET hash={?}, password={?}, relance=NOW() WHERE uid={?}', $hash, $pass_encrypted, $user->id()); return $user->fullName(); }
function handler_feed($page) { if (Env::has('act_rss')) { $hash_rss = rand_url_id(16); S::user()->hash_rss($hash_rss); $page->assign('success', true); } if (Env::has('des_rss')) { S::user()->hash_rss(''); $page->assign('desactivated', true); } $page->assign('user', S::user()); $page->assign('title', 'Flux'); $page->addCssLink('profile.css'); $page->changeTpl('profile/feed.tpl'); }