function handler_coml_remaining($page)
{
pl_content_headers('text/html');
$page->changeTpl('newsletter/remaining.tpl', NO_SKIN);
$article = new ComLArticle('', Post::t('body'), '');
$rest = $article->remain();
$page->assign('too_long', $rest['remaining_lines'] < 0);
$page->assign('last_line', $rest['remaining_lines'] == 0);
$page->assign('remaining', $rest['remaining_lines'] == 0 ? $rest['remaining_characters_for_last_line'] : $rest['remaining_lines']);
}
function handler_map_url($page)
{
pl_content_headers('text/plain');
if (Post::has('text')) {
$address = new Address(array('text' => Post::t('text')));
$gmapsGeocoder = new GMapsGeocoder();
$gmapsGeocoder->getGeocodedAddress($address);
echo GMapsGeocoder::buildStaticMapURL($address->latitude, $address->longitude, Post::t('color'));
}
exit;
}
function send_robot_homonym(PlUser $user, $email)
{
$cc = "validation+homonyme@" . Platal::globals()->mail->domain;
$from = "\"Support Polytechnique.org\" <{$cc}>";
$body = Post::has('mailbody') ? Post::t('mailbody') : get_robot_mail_text($user, $email);
$user = User::getSilentWithUID($user->id());
$mymail = new PlMailer();
$mymail->setFrom($from);
$mymail->setSubject("Mise en place du robot {$email}@" . $user->mainEmailDomain());
$mymail->addCc($cc);
$mymail->setTxtBody($body);
$mymail->sendTo($user);
}
function handler_admin_url($page)
{
$page->changeTpl('urlshortener/admin.tpl');
if (!Post::has('url')) {
return;
}
$url = Post::t('url');
$alias = Post::t('alias');
$url_regex = '{^(https?|ftp)://[a-zA-Z0-9._%#+/?=&~-]+$}i';
if (strlen($url) > 255 || !preg_match($url_regex, $url)) {
$page->trigError("L'url donnée n'est pas valide.");
return;
}
$page->assign('url', $url);
if ($alias != '') {
if (!preg_match('/^[a-zA-Z0-9\\-\\/]+$/i', $alias)) {
$page->trigError("L'alias proposé n'est pas valide.");
return;
}
if (preg_match('/^a\\//i', $alias)) {
$page->trigError("L'alias commence par le préfixe 'a/' qui est réservé et donc non autorisé.");
return;
}
$page->assign('alias', $alias);
$used = XDB::fetchOneCell('SELECT COUNT(*)
FROM url_shortener
WHERE alias = {?}', $alias);
if ($used != 0) {
$page->trigError("L'alias proposé est déjà utilisé.");
return;
}
} else {
do {
$alias = 'a/' . rand_token(6);
$used = XDB::fetchOneCell('SELECT COUNT(*)
FROM url_shortener
WHERE alias = {?}', $alias);
} while ($used != 0);
$page->assign('alias', $alias);
}
XDB::execute('INSERT INTO url_shortener (url, alias)
VALUES ({?}, {?})', $url, $alias);
$page->trigSuccess("L'url « " . $url . ' » est maintenant accessible depuis « http://u.w4x.org/' . $alias . ' ».');
}
protected function handle_editor()
{
global $globals;
if (Env::has('listname')) {
$this->liste = Post::t('listname');
}
if (Env::has('domainname')) {
$this->domain = Post::t('domainname');
}
if (Env::has('assotype')) {
$this->asso = Post::t('assotype');
}
if (!$this->asso) {
$this->domain = $globals->mail->domain;
}
foreach ($this->owners as $key => &$email) {
$email = Post::t('owners_' . $key);
}
foreach ($this->members as $key => &$email) {
$email = Post::t('members_' . $key);
}
return true;
}
function handler_aaliases($page, $alias = null)
{
global $globals;
require_once 'emails.inc.php';
$page->setTitle('Administration - Aliases');
if (Post::has('new_alias')) {
pl_redirect('admin/aliases/' . Post::t('new_alias') . '@' . $globals->mail->domain);
}
// If no alias, list them all.
if (is_null($alias)) {
$page->changeTpl('lists/admin_aliases.tpl');
$page->assign('aliases', array_merge(iterate_list_alias($globals->mail->domain), iterate_list_alias($globals->mail->domain2)));
return;
}
list($local_part, $domain) = explode('@', $alias);
if (!($globals->mail->domain == $domain || $globals->mail->domain2 == $domain) || !preg_match("/^[a-zA-Z0-9\\-\\.]*\$/", $local_part)) {
$page->trigErrorRedirect('Le nom de l\'alias est erroné.', $globals->asso('diminutif') . 'admin/aliases');
}
// Now we can perform the action.
if (Post::has('del_alias')) {
S::assert_xsrf_token();
delete_list_alias($local_part, $domain);
$page->trigSuccessRedirect($alias . ' supprimé.', 'admin/aliases');
}
if (Post::has('add_member')) {
S::assert_xsrf_token();
if (add_to_list_alias(Post::t('add_member'), $local_part, $domain)) {
$page->trigSuccess('Ajout réussit.');
} else {
$page->trigError('Ajout infructueux.');
}
}
if (Get::has('del_member')) {
S::assert_xsrf_token();
if (delete_from_list_alias(Get::t('del_member'), $local_part, $domain)) {
$page->trigSuccess('Suppression réussie.');
} else {
$page->trigError('Suppression infructueuse.');
}
}
$page->changeTpl('lists/admin_edit_alias.tpl');
$page->assign('members', list_alias_members($local_part, $domain));
$page->assign('alias', $alias);
}
function handler_broken($page, $uid = null)
{
$page->changeTpl('marketing/broken.tpl');
if (is_null($uid)) {
return PL_NOT_FOUND;
}
$user = User::get($uid);
if (!$user) {
return PL_NOT_FOUND;
} elseif ($user->login() == S::user()->login()) {
pl_redirect('emails/redirect');
}
$res = XDB::query('SELECT p.deathdate IS NULL AS alive, r.last, IF(r.type = \'googleapps\', \'googleapps\', r.redirect) AS active_email
FROM accounts AS a
LEFT JOIN email_redirect_account AS r ON (a.uid = r.uid AND r.type IN (\'smtp\', \'googleapps\') AND r.flags = \'active\')
LEFT JOIN account_profiles AS ap ON (ap.uid = r.uid AND FIND_IN_SET(\'owner\', ap.perms))
LEFT JOIN profiles AS p ON (p.pid = ap.pid)
WHERE a.uid = {?}
ORDER BY r.broken_level, r.last', $user->id());
if (!$res->numRows()) {
return PL_NOT_FOUND;
}
$user->addProperties($res->fetchOneAssoc());
$page->assign('user', $user);
$email = null;
require_once 'emails.inc.php';
if (Post::has('mail')) {
$email = valide_email(Post::v('mail'));
}
if (Post::has('valide') && isvalid_email_redirection($email, $user)) {
S::assert_xsrf_token();
// security stuff
check_email($email, "Proposition d'une adresse surveillee pour " . $user->login() . " par " . S::user()->login());
$state = XDB::fetchOneCell('SELECT flags
FROM email_redirect_account
WHERE redirect = {?} AND uid = {?}', $email, $user->id());
if ($state == 'broken') {
$page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user->fullName()} et est en panne.");
} elseif ($state == 'active') {
$page->trigWarning("L'adresse que tu as fournie est l'adresse actuelle de {$user->fullName()}");
} elseif ($user->email && !Post::t('comment')) {
$page->trigError("Il faut que tu ajoutes un commentaire à ta proposition pour justifier le " . "besoin de changer la redirection de {$user->fullName()}.");
} else {
$valid = new BrokenReq(S::user(), $user, $email, trim(Post::v('comment')));
$valid->submit();
$page->assign('sent', true);
}
} elseif ($email) {
$page->trigError("L'adresse proposée n'est pas une adresse acceptable pour une redirection.");
}
}
function handler_register_ext($page, $hash = null)
{
XDB::execute('DELETE FROM register_pending_xnet
WHERE DATE_SUB(NOW(), INTERVAL 1 MONTH) > date');
$res = XDB::fetchOneAssoc('SELECT uid, hruid, email
FROM register_pending_xnet
WHERE hash = {?}', $hash);
if (is_null($hash) || is_null($res)) {
$page->trigErrorRedirect('Cette adresse n\'existe pas ou n\'existe plus sur le serveur.', '');
}
if (Post::has('pwhash') && Post::t('pwhash')) {
XDB::startTransaction();
XDB::query('UPDATE accounts
SET password = {?}, state = \'active\', registration_date = NOW()
WHERE uid = {?} AND state = \'pending\' AND type = \'xnet\'', Post::t('pwhash'), $res['uid']);
XDB::query('DELETE FROM register_pending_xnet
WHERE uid = {?}', $res['uid']);
XDB::commit();
S::logger($res['uid'])->log('passwd', '');
// Try to start a session (so the user don't have to log in); we will use
// the password available in Post:: to authenticate the user.
Post::kill('wait');
Platal::session()->startAvailableAuth();
$page->changeTpl('xnet/register.success.tpl');
$page->assign('email', $res['email']);
} else {
$page->changeTpl('platal/password.tpl');
$page->assign('xnet', true);
$page->assign('hruid', $res['hruid']);
$page->assign('do_auth', 1);
}
}
function handler_index($page, $action = null)
{
require_once 'emails.inc.php';
require_once 'googleapps.inc.php';
$page->changeTpl('googleapps/index.tpl');
$page->setTitle('Compte Google Apps');
$user = S::user();
$account = new GoogleAppsAccount($user);
// Fills up the 'is Google Apps redirection active' variable.
$redirect_active = false;
$redirect_unique = true;
$gapps_email = '';
if ($account->active()) {
$redirect = new Redirect($user);
foreach ($redirect->emails as $email) {
if ($email->type == 'googleapps') {
$gapps_email = $email->email;
$redirect_active = $email->active;
$redirect_unique = !$redirect->other_active($email->email);
}
}
}
$page->assign('redirect_active', $redirect_active);
$page->assign('redirect_unique', $redirect_unique);
// Updates the Google Apps account as required.
if ($action) {
if ($action == 'password' && Post::has('pwsync')) {
S::assert_xsrf_token();
if (Post::v('pwsync') == 'sync') {
$account->set_password_sync(true);
$account->set_password($user->password());
} else {
$account->set_password_sync(false);
}
} elseif ($action == 'password' && Post::has('pwhash') && Post::t('pwhash') && !$account->sync_password) {
S::assert_xsrf_token();
$account->set_password(Post::t('pwhash'));
}
if ($action == 'suspend' && Post::has('suspend') && $account->active()) {
S::assert_xsrf_token();
if ($account->pending_update_suspension) {
$page->trigWarning("Ton compte est déjà en cours de désactivation.");
} else {
if (!$redirect_active || $redirect->modify_one_email($gapps_email, false) == SUCCESS) {
$account->suspend();
$page->trigSuccess("Ton compte Google Apps est dorénavant désactivé.");
} else {
$page->trigError("Ton compte Google Apps est ta seule adresse de redirection. Ton compte ne peux pas être désactivé.");
}
}
} elseif ($action == 'unsuspend' && Post::has('unsuspend') && $account->suspended()) {
$account->unsuspend(Post::b('redirect_mails', true));
$page->trigSuccess("Ta demande de réactivation a bien été prise en compte.");
}
if ($action == 'create') {
$page->assign('has_password_sync', Get::has('password_sync'));
$page->assign('password_sync', Get::b('password_sync', true));
}
if ($action == 'create' && Post::has('password_sync') && Post::has('redirect_mails')) {
S::assert_xsrf_token();
$password_sync = Post::b('password_sync');
$redirect_mails = Post::b('redirect_mails');
if ($password_sync) {
$password = $user->password();
} else {
$password = Post::t('pwhash');
}
$account->create($password_sync, $password, $redirect_mails);
$page->trigSuccess("La demande de création de ton compte Google Apps a bien été enregistrée.");
}
}
$page->assign('account', $account);
}
function handler_admin_name($page, $hruid = null)
{
$page->changeTpl('admin/admin_name.tpl');
if (Post::has('id')) {
$user = User::get(Post::t('id'));
if (is_null($user)) {
$page->trigError("L'identifiant donné ne correspond à personne ou est ambigu.");
exit;
}
pl_redirect('admin/name/' . $user->hruid);
}
$user = User::getSilent($hruid);
if (!is_null($user)) {
require_once 'name.func.inc.php';
if ($user->hasProfile()) {
$name_types = array('lastname_main' => 'Nom patronymique', 'lastname_marital' => 'Nom marital', 'lastname_ordinary' => 'Nom usuel', 'firstname_main' => 'Prénom', 'firstname_ordinary' => 'Prénom usuel', 'pseudonym' => 'Pseudonyme');
$names = XDB::fetchOneAssoc('SELECT lastname_main, lastname_marital, lastname_ordinary,
firstname_main, firstname_ordinary, pseudonym
FROM profile_public_names
WHERE pid = {?}', $user->profile()->id());
} else {
$name_types = array('lastname' => 'Nom', 'firstname' => 'Prénom');
$names = XDB::fetchOneAssoc('SELECT lastname, firstname
FROM accounts
WHERE uid = {?}', $user->id());
}
if (Post::has('correct')) {
$new_names = array();
$update = true;
foreach ($name_types as $key => $fullname) {
$new_names[$key] = Post::t($key);
if (mb_strtolower($new_names[$key]) != mb_strtolower($names[$key])) {
$update = false;
}
}
if ($update) {
if ($user->hasProfile()) {
update_public_names($user->profile()->id(), $new_names);
update_display_names($user->profile(), $new_names);
} else {
$new_names['full_name'] = build_full_name($new_names['firstname'], $new_names['lastname']);
$new_names['directory_name'] = build_directory_name($new_names['firstname'], $new_names['lastname']);
$new_names['sort_name'] = build_sort_name($new_names['firstname'], $new_names['lastname']);
XDB::execute('UPDATE accounts
SET lastname = {?}, firstname = {?}, full_name = {?},
directory_name = {?}, sort_name = {?}
WHERE uid = {?}', $new_names['lastname'], $new_names['firstname'], $new_names['full_name'], $new_names['directory_name'], $new_names['sort_name'], $user->id());
}
$page->trigSuccess('Mise à jour réussie.');
} else {
$page->trigError('Seuls des changements de casse sont autorisés ici.');
}
}
if ($user->hasProfile()) {
$names = XDB::fetchOneAssoc('SELECT lastname_main, lastname_marital, lastname_ordinary,
firstname_main, firstname_ordinary, pseudonym
FROM profile_public_names
WHERE pid = {?}', $user->profile()->id());
} else {
$names = XDB::fetchOneAssoc('SELECT lastname, firstname
FROM accounts
WHERE uid = {?}', $user->id());
}
foreach ($names as $key => $name) {
$names[$key] = array('value' => $name, 'standard' => capitalize_name($name));
$names[$key]['different'] = $names[$key]['value'] != $names[$key]['standard'];
}
$page->assign('uid', $user->id());
$page->assign('hruid', $user->hruid);
$page->assign('names', $names);
$page->assign('name_types', $name_types);
}
}
function handler_broken($page, $warn = null, $email = null)
{
require_once 'emails.inc.php';
$wp = new PlWikiPage('Xorg.PatteCassée');
$wp->buildCache();
global $globals;
$page->changeTpl('emails/broken.tpl');
if ($warn == 'warn' && $email) {
S::assert_xsrf_token();
// Usual verifications.
$email = valide_email($email);
$uid = XDB::fetchOneCell('SELECT uid
FROM email_redirect_account
WHERE redirect = {?}', $email);
if ($uid) {
$dest = User::getWithUID($uid);
$active = XDB::fetchOneCell('SELECT flags
FROM email_redirect_account
WHERE redirect = {?} AND uid = {?}', $email, $uid) == 'active';
$mail = new PlMailer('emails/broken-web.mail.tpl');
$mail->assign('email', $email);
$mail->assign('request', S::user());
$mail->sendTo($dest);
$page->trigSuccess('Email envoyé !');
}
} elseif (Post::has('email')) {
S::assert_xsrf_token();
$email = Post::t('email');
if (!User::isForeignEmailAddress($email)) {
$page->assign('neuneu', true);
} else {
$user = mark_broken_email($email);
$page->assign('user', $user);
$page->assign('email', $email);
}
}
}
function handler_register($page, $hash = null)
{
$page->forceSkin('register');
$alert = array();
$alert_details = '';
$subState = new PlDict(S::v('subState', array()));
if (!$subState->has('step')) {
$subState->set('step', 0);
}
if (!$subState->has('backs')) {
$subState->set('backs', new PlDict());
}
if (Get::has('back') && Get::i('back') < $subState->i('step')) {
$subState->set('step', max(0, Get::i('back')));
$subState->v('backs')->set($subState->v('backs')->count() + 1, $subState->dict());
$subState->v('backs')->kill('backs');
if ($subState->v('backs')->count() == 3) {
$alert[] = "Tentative d'inscription très hésitante";
$alert_details .= "\n * Retours en arrières : 3.";
}
}
if ($hash) {
$res = XDB::query("SELECT a.uid, a.hruid, ppn.lastname_initial AS lastname, ppn.firstname_initial AS firstname, p.xorg_id AS xorgid,\n pd.promo, pe.promo_year AS yearpromo, pde.degree AS edu_type,\n p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash, a.type, a.comment\n FROM register_marketing AS m\n INNER JOIN accounts AS a ON (m.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n INNER JOIN profile_education_degree_enum AS pde ON (pde.id = pe.degreeid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n WHERE m.hash = {?} AND a.state = 'pending'", $hash);
if ($res->numRows() == 1) {
$subState->merge($res->fetchOneRow());
$subState->set('main_mail_domain', User::$sub_mail_domains[$subState->v('type')]);
XDB::execute('INSERT INTO register_mstats (uid, sender, success)
SELECT m.uid, m.sender, 0
FROM register_marketing AS m
WHERE m.hash
ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)', $subState->s('hash'));
}
}
switch ($subState->i('step')) {
case 0:
$wp = new PlWikiPage('Reference.Charte');
$wp->buildCache();
if (Post::has('step1')) {
$subState->set('step', 1);
if ($subState->has('hash')) {
$subState->set('step', 3);
$this->load('register.inc.php');
createAliases($subState);
}
}
break;
case 1:
if (Post::has('yearpromo')) {
$edu_type = Post::t('edu_type');
$yearpromo = Post::i('yearpromo');
$promo = Profile::$cycle_prefixes[$edu_type] . $yearpromo;
$res = XDB::query("SELECT COUNT(*)\n FROM accounts AS a\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE a.state = 'pending' AND p.deathdate IS NULL AND pe.promo_year = {?}", $yearpromo);
if (!$res->fetchOneCell()) {
$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
} else {
$subState->set('step', 2);
$subState->set('promo', $promo);
$subState->set('yearpromo', $yearpromo);
$subState->set('edu_type', $edu_type);
if ($edu_type == Profile::DEGREE_X) {
if ($yearpromo >= 1996 && $yearpromo < 2000) {
$subState->set('schoolid', $yearpromo % 100 * 10 . '???');
$subState->set('schoolid_exemple', $yearpromo % 100 * 10000 + 532);
$subState->set('schoolid_exemple_ev2', ($yearpromo + 1) % 100 * 10000 + 532);
} elseif ($yearpromo >= 2000) {
$subState->set('schoolid', 100 + $yearpromo % 100 . '???');
$subState->set('schoolid_exemple', (100 + $yearpromo % 100) * 1000 + 532);
$subState->set('schoolid_exemple_ev2', (100 + ($yearpromo + 1) % 100) * 1000 + 532);
}
}
}
}
break;
case 2:
if (count($_POST)) {
$this->load('register.inc.php');
$subState->set('firstname', Post::t('firstname'));
$subState->set('lastname', Post::t('lastname'));
if (Post::has('schoolid')) {
$subState->set('schoolid', Post::i('schoolid'));
}
$error = checkNewUser($subState);
if ($error !== true) {
break;
}
$error = createAliases($subState);
if ($error === true) {
unset($error);
$subState->set('step', 3);
}
}
break;
case 3:
if (count($_POST)) {
$this->load('register.inc.php');
// Validate the email address format and domain.
require_once 'emails.inc.php';
$user = User::get($subState->s('uid'));
if (!isvalid_email(Post::v('email'))) {
$error[] = "Le champ 'Email' n'est pas valide.";
} elseif (!isvalid_email_redirection(Post::v('email'), $user)) {
$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant ' . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
}
// Validate the birthday format and range.
$birth = Post::t('birthdate');
if (!preg_match('@^[0-3]?\\d/[01]?\\d/(19|20)?\\d{2}$@', $birth)) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
} else {
$birth = explode('/', $birth, 3);
for ($i = 0; $i < 3; ++$i) {
$birth[$i] = intval($birth[$i]);
}
if ($birth[2] < 100) {
$birth[2] += 1900;
}
$year = $birth[2];
$ref_year = substr($subState->v('birthdateRef'), 0, 4);
if (abs($ref_year - $year) > 2) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
$subState->set('wrong_birthdate', $birth);
}
}
// Register the optional services requested by the user.
$services = array();
foreach (array('com_letters', 'imap', 'ml_promo', 'nl') as $service) {
if (Post::b($service)) {
$services[] = $service;
}
}
$subState->set('services', $services);
// Validate the password.
if (!Post::v('pwhash', false)) {
$error[] = "Le mot de passe n'est pas valide.";
}
// Check if the given email is known as dangerous.
$res = XDB::query("SELECT state, description\n FROM email_watch\n WHERE email = {?} AND state != 'safe'", Post::v('email'));
$bannedEmail = false;
if ($res->numRows()) {
list($state, $description) = $res->fetchOneRow();
$alert[] = "Email surveillé proposé à l'inscription";
$alert_details .= "\n * Email surveillé : " . Post::v('email');
$subState->set('email_desc', $description);
if ($state == 'dangerous') {
$bannedEmail = true;
}
}
if ($subState->i('watch') != 0) {
$alert[] = "Inscription d'un utilisateur surveillé";
$alert_details .= "\n * Commentaire pour la surveillance : " . $subState->v('comment');
}
if ($bannedIp = check_ip('unsafe')) {
unset($error);
}
if (isset($error)) {
$error = join('<br />', $error);
} else {
$subState->set('birthdate', sprintf("%04d-%02d-%02d", intval($birth[2]), intval($birth[1]), intval($birth[0])));
$subState->set('email', Post::t('email'));
$subState->set('password', Post::t('pwhash'));
// Update the current alert if the birthdate is incorrect,
// or if the IP address of the user has been banned.
if ($subState->s('birthdateRef') != '0000-00-00' && $subState->s('birthdateRef') != $subState->s('birthdate')) {
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
}
if ($bannedIp) {
$alert[] = "Tentative d'inscription depuis une IP surveillée";
$alert_details .= "\n * IP surveillée : " . $_SESSION['check_ip'];
}
// Prevent banned user from actually registering; save the current state for others.
if ($bannedEmail || $bannedIp) {
global $globals;
$error = "Une erreur s'est produite lors de l'inscription." . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>" . " register@{$globals->mail->domain}</a>" . " pour nous faire part de cette erreur.";
} else {
$subState->set('step', 4);
if ($subState->v('backs')->count() >= 3) {
$alert[] = "Fin d'une inscription hésitante";
$alert_details .= "\n * Nombre de retours en arrière : " . $subState->v('backs')->count();
}
finishRegistration($subState);
}
}
}
break;
}
$_SESSION['subState'] = $subState->dict();
if (count($alert)) {
$alert_details = "Détails des alertes :" . $alert_details . "\n\n";
$alert_details .= 'Compte concerné : ' . $subState->s('forlife') . ' (redirection vers : ' . ($subState->s('email') == '' ? Post::t('email') : $subState->s('email')) . ")\n\n\n";
send_warning_mail(implode(' - ', $alert), $alert_details);
}
$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
if (isset($error)) {
$page->trigError($error);
}
}
function handler_admin_member($page, $user)
{
global $globals;
$user = User::getSilent($user);
if (empty($user)) {
return PL_NOT_FOUND;
}
if (!$user->inGroup($globals->asso('id'))) {
pl_redirect('annuaire');
}
$page->changeTpl('xnetgrp/membres-edit.tpl');
$page->addJsLink('xnet_members.js');
$mmlist = new MMList(S::user(), $globals->asso('mail_domain'));
if (Post::has('change')) {
S::assert_xsrf_token();
require_once 'emails.inc.php';
require_once 'name.func.inc.php';
// Convert user status to X
if (!Post::blank('x')) {
$forlife = $this->changeLogin($page, $user, Post::i('userid'), Post::b('broken'), Post::b('marketing'), Post::v('marketing_from'));
if ($forlife) {
pl_redirect('member/' . $forlife);
}
}
// Update user info
if ($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) {
$lastname = capitalize_name(Post::t('lastname'));
if (Post::s('type') != 'virtual') {
$firstname = capitalize_name(Post::t('firstname'));
} else {
$firstname = '';
}
$full_name = build_full_name($firstname, $lastname);
$directory_name = build_directory_name($firstname, $lastname);
$sort_name = build_sort_name($firstname, $lastname);
XDB::query('UPDATE accounts
SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
firstname = {?}, lastname = {?}, sex = {?}, type = {?}
WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), $firstname, $lastname, Post::t('sex') == 'male' ? 'male' : 'female', Post::t('type') == 'xnet' ? 'xnet' : 'virtual', $user->id());
}
// Updates email.
$new_email = strtolower(Post::t('email'));
if (($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) && require_email_update($user, $new_email)) {
XDB::query('UPDATE accounts
SET email = {?}
WHERE uid = {?}', $new_email, $user->id());
if ($user->forlifeEmail()) {
$listClient = new MMList(S::user());
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
$user = User::getWithUID($user->id());
}
if (XDB::affectedRows()) {
$page->trigSuccess('Données de l\'utilisateur mises à jour.');
}
if ($user->type == 'xnet' && !$user->perms) {
if (Post::b('suggest')) {
$request = new AccountReq(S::user(), $user->hruid, Post::t('email'), $globals->asso('nom'), $globals->asso('diminutif'));
$request->submit();
$page->trigSuccess('Le compte va bientôt être activé.');
}
if (Post::b('again')) {
$this->again($user->id());
$page->trigSuccess('Relance effectuée avec succès.');
}
}
// Update group params for user
$perms = Post::v('group_perms');
$comm = Post::t('comm');
$position = Post::t('group_position') == '' ? null : Post::v('group_position');
if ($user->group_perms != $perms || $user->group_comm != $comm || $user->group_position != $position) {
XDB::query('UPDATE group_members
SET perms = {?}, comm = {?}, position = {?}
WHERE uid = {?} AND asso_id = {?}', $perms == 'admin' ? 'admin' : 'membre', $comm, $position, $user->id(), $globals->asso('id'));
if (XDB::affectedRows()) {
if ($perms != $user->group_perms) {
$page->trigSuccess('Permissions modifiées !');
}
if ($comm != $user->group_comm) {
$page->trigSuccess('Commentaire mis à jour.');
}
if ($position != $user->group_position) {
$page->trigSuccess('Poste mis à jour.');
}
}
}
// Gets user info again as they might have change
$user = User::getSilent($user->id());
// Update ML subscriptions
foreach (Env::v('ml1', array()) as $ml => $state) {
$ask = empty($_REQUEST['ml2'][$ml]) ? 0 : 2;
if ($ask == $state) {
continue;
}
if ($state == '1') {
$page->trigWarning("{$user->fullName()} a " . "actuellement une demande d'inscription en " . "cours sur <strong>{$ml}@</strong> !!!");
} elseif ($ask) {
$mmlist->mass_subscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}@.");
} else {
$mmlist->mass_unsubscribe($ml, array($user->forlifeEmail()));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}@.");
}
}
// Change subscriptioin to aliases
foreach (Env::v('ml3', array()) as $ml => $state) {
require_once 'emails.inc.php';
$ask = !empty($_REQUEST['ml4'][$ml]);
list($local_part, ) = explode('@', $ml);
if ($ask == $state) {
continue;
}
if ($ask) {
add_to_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été abonné à {$ml}.");
} else {
delete_from_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
$page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}.");
}
}
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
// Updates group's newsletter subscription.
if (Post::i('newsletter') == 1) {
$nl->subscribe($user);
} else {
$nl->unsubscribe(null, $user->id());
}
}
}
$res = XDB::rawFetchAllAssoc('SHOW COLUMNS FROM group_members LIKE \'position\'');
$positions = str_replace(array('enum(', ')', '\''), '', $res[0]['Type']);
if ($globals->asso('has_nl')) {
$nl = NewsLetter::forGroup($globals->asso('shortname'));
$nl_registered = $nl->subscriptionState($user);
} else {
$nl_registered = false;
}
$page->assign('user', $user);
$page->assign('suggest', $this->suggest($user));
$page->assign('listes', $mmlist->get_lists($user->forlifeEmail()));
$page->assign('alias', $user->emailGroupAliases($globals->asso('mail_domain')));
$page->assign('positions', explode(',', $positions));
$page->assign('nl_registered', $nl_registered);
$page->assign('pending_xnet_account', XDB::fetchOneCell('SELECT 1
FROM register_pending_xnet
WHERE uid = {?}', $user->id()));
}
function handler_payment($page, $ref = -1)
{
$page->changeTpl('payment/payment.tpl');
$page->setTitle('Télépaiement');
$this->load('money.inc.php');
$meth = new PayMethod(Env::i('methode', -1));
$pay = new Payment($ref);
if (!$pay->flags->hasflag('public') && (!S::user() || !S::logged())) {
$page->kill("Vous n'avez pas les permissions nécessaires pour accéder à cette page.");
} else {
$page->assign('public', true);
}
if ($pay->flags->hasflag('old')) {
$page->kill('La transaction selectionnée est périmée.');
}
if (Env::has('montant')) {
$pay->amount_def = Env::v('montant');
}
$val = Post::v('amount') != 0 ? Post::v('amount') : $pay->amount_def;
if (($error = $pay->check($val)) !== true) {
$page->trigError($error);
}
if (Post::has('op') && Post::v('op', 'select') == 'submit') {
if (S::logged()) {
$user = S::user();
} else {
$user = User::getSilent(Post::t('login'));
}
if (is_null($user)) {
$page->trigError("L'identifiant est erroné.");
$page->assign('login_error', true);
$page->assign('login', Post::t('login'));
} else {
$pay->init($val, $meth);
$pay->prepareform($user);
$page->assign('full_name', $user->fullName(true));
$page->assign('sex', $user->isFemale());
}
} elseif (S::logged()) {
$res = XDB::iterator('SELECT ts_confirmed, amount
FROM payment_transactions
WHERE uid = {?} AND ref = {?}
ORDER BY ts_confirmed DESC', S::v('uid', -1), $pay->id);
if ($res->total()) {
$page->assign('transactions', $res);
}
// Only if $id = -1, meaning only for donation the site's association
if ($ref == -1) {
$biggest_donations = XDB::fetchAllAssoc('SELECT IF(p.display,
IF(ap.pid IS NOT NULL, CONCAT(a.full_name, \' (\', pd.promo, \')\'), a.full_name),
\'XXXX\') AS name, p.amount, p.ts_confirmed
FROM payment_transactions AS p
INNER JOIN accounts AS a ON (a.uid = p.uid)
LEFT JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET(\'owner\', ap.perms))
LEFT JOIN profile_display AS pd ON (ap.pid = pd.pid)
WHERE p.ref = {?}
ORDER BY LENGTH(p.amount) DESC, p.amount DESC, name
LIMIT 10', $pay->id);
$donations = XDB::fetchAllAssoc('(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, MONTH(ts_confirmed) AS month, ts_confirmed
FROM payment_transactions
WHERE ref = {?} AND YEAR(ts_confirmed) = YEAR(CURDATE())
GROUP BY month)
UNION
(SELECT SUM(amount) AS amount, YEAR(ts_confirmed) AS year, 0 AS month, ts_confirmed
FROM payment_transactions
WHERE ref = {?} AND YEAR(ts_confirmed) < YEAR(CURDATE())
GROUP BY year)
ORDER BY year DESC, month DESC', $pay->id, $pay->id);
$page->assign('biggest_donations', $biggest_donations);
$page->assign('donations', $donations);
$page->assign('donation', true);
}
}
$val = floor($val * 100) / 100;
$page->assign('amount', $val);
$page->assign('comment', Env::v('comment'));
$page->assign('meth', $meth);
$page->assign('pay', $pay);
$page->assign('evtlink', $pay->event());
}
function handler_edit($page)
{
global $globals;
$user = S::user();
if (empty($user)) {
return PL_NOT_FOUND;
}
if ($user->type != 'xnet') {
pl_redirect('index');
}
$page->changeTpl('xnet/edit.tpl');
if (Post::has('change')) {
S::assert_xsrf_token();
// Convert user status to X
if (!Post::blank('login_X')) {
$forlife = $this->changeLogin($page, $user, Post::t('login_X'));
if ($forlife) {
pl_redirect('index');
}
}
require_once 'emails.inc.php';
require_once 'name.func.inc.php';
// Update user info
$lastname = capitalize_name(Post::t('lastname'));
$firstname = capitalize_name(Post::t('firstname'));
$full_name = build_full_name($firstname, $lastname);
$directory_name = build_directory_name($firstname, $lastname);
$sort_name = build_sort_name($firstname, $lastname);
XDB::query('UPDATE accounts
SET full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
firstname = {?}, lastname = {?}, sex = {?}
WHERE uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), Post::t('firstname'), Post::t('lastname'), Post::t('sex') == 'male' ? 'male' : 'female', $user->id());
// Updates email.
$new_email = strtolower(Post::t('email'));
if (require_email_update($user, $new_email)) {
XDB::query('UPDATE accounts
SET email = {?}
WHERE uid = {?}', $new_email, $user->id());
$listClient = new MMList(S::user());
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
$user = User::getWithUID($user->id());
S::set('user', $user);
$page->trigSuccess('Données mises à jour.');
}
$page->addJsLink('password.js');
$page->assign('user', $user);
}
function handler_create($page)
{
if (!$this->get_lists_domain()) {
return PL_NOT_FOUND;
}
$page->changeTpl('xnetlists/create.tpl');
if (!Post::has('submit')) {
return;
} else {
S::assert_xsrf_token();
}
if (!Post::has('liste') || !Post::t('liste')) {
$page->trigError('Le champs « adresse souhaitée » est vide.');
return;
}
$list = strtolower(Post::t('liste'));
if (!preg_match("/^[a-zA-Z0-9\\-]*\$/", $list)) {
$page->trigError('le nom de la liste ne doit contenir que des lettres non accentuées, chiffres et tirets');
return;
}
require_once 'emails.inc.php';
if (list_exist($list, $this->get_lists_domain())) {
$page->trigError('Cet alias est déjà pris.');
return;
}
if (!Post::t('desc')) {
$page->trigError('Le sujet est vide.');
return;
}
$mlist = $this->prepare_list($list);
$success = MailingList::create($mlist->mbox, $mlist->domain, S::user(), Post::t('desc'), Post::t('advertise'), Post::t('modlevel'), Post::t('inslevel'), array(S::user()->forlifeEmail()), array(S::user()->forlifeEmail()));
if (!$success) {
$page->kill("Un problème est survenu, contacter " . "<a href='mailto:support@m4x.org'>support@m4x.org</a>");
return;
}
create_list($mlist->mbox, $mlist->domain);
global $globals;
XDB::execute("UPDATE groups\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'has_ml')\n WHERE id = {?}", $globals->asso('id'));
pl_redirect('lists/admin/' . $list);
}
