function handler_admin($page, $liste = null)
{
global $globals;
if (is_null($liste)) {
return PL_NOT_FOUND;
}
$mlist = $this->prepare_list($liste);
$this->is_group_admin($page);
if (!$this->is_group_admin($page)) {
$this->verify_list_owner($page, $mlist);
}
$page->changeTpl('lists/admin.tpl');
if (Env::has('send_mark')) {
S::assert_xsrf_token();
$actions = Env::v('mk_action');
$uids = Env::v('mk_uid');
$mails = Env::v('mk_email');
foreach ($actions as $key => $action) {
switch ($action) {
case 'none':
break;
case 'marketu':
case 'markets':
require_once 'emails.inc.php';
$user = User::get($uids[$key]);
$mail = valide_email($mails[$key]);
if (isvalid_email_redirection($mail, $user)) {
$from = $action == 'marketu' ? 'user' : 'staff';
$market = Marketing::get($uids[$key], $mail);
if (!$market) {
$market = new Marketing($uids[$key], $mail, 'list', $mlist->address, $from, S::v('uid'));
$market->add();
break;
}
}
default:
XDB::execute('INSERT IGNORE INTO register_subs (uid, type, sub, domain)
VALUES ({?}, \'list\', {?}, {?})', $uids[$key], $mlist->mbox, $mlist->domain);
}
}
}
if (Env::has('add_member') || isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
S::assert_xsrf_token();
if (isset($_FILES['add_member_file']) && $_FILES['add_member_file']['tmp_name']) {
$upload =& PlUpload::get($_FILES['add_member_file'], S::user()->login(), 'list.addmember', true);
if (!$upload) {
$page->trigError("Une erreur s'est produite lors du téléchargement du fichier.");
} else {
$logins = $upload->getContents();
}
} else {
$logins = Env::v('add_member');
}
$logins = preg_split("/[; ,\r\n\\|]+/", $logins);
$members = User::getBulkForlifeEmailsFromEmail($logins);
$unfound = array_diff_key($logins, $members);
// Make sure we send a list (array_values) of unique (array_unique)
// emails.
$members = array_values(array_unique($members));
$arr = $mlist->subscribeBulk($members);
$successes = array();
if (is_array($arr)) {
foreach ($arr as $addr) {
$successes[] = $addr[1];
$page->trigSuccess("{$addr[0]} inscrit.");
}
}
$already = array_diff($members, $successes);
if (is_array($already)) {
foreach ($already as $item) {
$page->trigWarning($item . ' est déjà inscrit.');
}
}
if (is_array($unfound)) {
foreach ($unfound as $item) {
if (trim($item) != '') {
$page->trigError($item . " ne correspond pas à un compte existant et n'est pas une adresse email.");
}
}
}
}
if (Env::has('del_member')) {
S::assert_xsrf_token();
if (strpos(Env::v('del_member'), '@') === false) {
if ($del_member = User::getSilent(Env::t('del_member'))) {
$mlist->unsubscribeBulk(array($del_member->forlifeEmail()));
}
} else {
$mlist->unsubscribeBulk(array(Env::v('del_member')));
}
pl_redirect('lists/admin/' . $liste);
}
if (Env::has('add_owner')) {
S::assert_xsrf_token();
$owners = User::getBulkForlifeEmailsFromEmail(Env::v('add_owner'));
if ($owners) {
foreach ($owners as $forlife_email) {
if ($mlist->addOwner($forlife_email)) {
$page->trigSuccess($login . " ajouté aux modérateurs.");
}
}
}
}
if (Env::has('del_owner')) {
S::assert_xsrf_token();
if (strpos(Env::v('del_owner'), '@') === false) {
if ($del_owner = User::getSilent(Env::t('del_owner'))) {
$mlist->removeOwner($del_owner->forlifeEmail());
} else {
// Shit happens, and a non-email could be set as the owner
$mlist->removeOwner(Env::v('del_owner'));
}
} else {
$mlist->removeOwner(Env::v('del_owner'));
}
pl_redirect('lists/admin/' . $liste);
}
if (list($det, $mem, $own) = $mlist->getMembers()) {
global $list_unregistered;
if ($list_unregistered) {
$page->assign_by_ref('unregistered', $list_unregistered);
}
$membres = list_sort_members($mem, @$tri_promo);
$moderos = list_sort_owners($own, @$tri_promo);
$page->assign_by_ref('details', $det);
$page->assign_by_ref('members', $membres);
$page->assign_by_ref('owners', $moderos);
$page->assign('np_m', count($mem));
} else {
$page->kill("La liste n'existe pas ou tu n'as pas le droit de l'administrer.<br />" . " Si tu penses qu'il s'agit d'une erreur, " . "<a href='mailto:support@polytechnique.org'>contact le support</a>.");
}
}
function handler_public($page, $hruid = null)
{
$page->changeTpl('marketing/public.tpl');
// Retrieves the user info, and checks the user is not yet registered.
$user = User::getSilent($hruid);
if (!$user || !$user->hasProfile()) {
return PL_NOT_FOUND;
}
if ($user->state != 'pending') {
$page->kill('Cet utilisateur est déjà inscrit');
}
// Displays the page, and handles the eventual user actions.
$page->assign('full_name', $user->fullName());
$page->assign('promo', $user->promo());
if (Post::has('valide')) {
S::assert_xsrf_token();
$email = trim(Post::v('mail'));
require_once 'emails.inc.php';
if (!isvalid_email_redirection($email, $user)) {
$page->trigError('Email invalide !');
} else {
// On cherche les marketings précédents sur cette adresse
// email, en se restreignant au dernier mois
if (Marketing::get($user->id(), $email, true)) {
$page->assign('already', true);
} else {
$page->assign('ok', true);
check_email($email, "Une adresse surveillée est proposée au marketing par " . S::user()->login());
$market = new Marketing($user->id(), $email, 'default', null, Post::v('origine'), S::v('uid'), Post::v('origine') == 'user' ? Post::v('personal_notes') : null);
$market->add();
}
}
} else {
global $globals;
require_once 'marketing.inc.php';
$sender = User::getSilent(S::v('uid'));
$perso_signature = 'Cordialement,<br />-- <br />' . $sender->fullName();
$market = new AnnuaireMarketing(null, true);
$text = $market->getText(array('sexe' => $user->isFemale(), 'forlife_email' => $user->hruid . "@" . $user->mainEmailDomain(), 'forlife_email2' => $user->hruid . "@" . $user->alternateEmailDomain()));
$text = str_replace('%%hash%%', '', $text);
$text = str_replace('%%personal_notes%%', '<em id="personal_notes_display"></em>', $text);
$text = str_replace('%%sender%%', '<span id="sender">' . $perso_signature . '</span>', $text);
$page->assign('text', nl2br($text));
$page->assign('perso_signature', $perso_signature);
$page->assign('mail_part', 'escaped_html');
}
}
public function add_email($email)
{
$email_stripped = strtolower(trim($email));
if (!isvalid_email($email_stripped)) {
return ERROR_INVALID_EMAIL;
}
if (!isvalid_email_redirection($email_stripped, $this->user)) {
return ERROR_LOOP_EMAIL;
}
// We first need to retrieve the value for the antispam filter: it is
// either the user's redirections common value, or if they differ, our
// default value.
$bogo = new Bogo($this->user);
$filter = $bogo->single_state ? Bogo::$states[$bogo->state] : Bogo::MAIN_DEFAULT;
// If the email was already present for this user, we reset it to the default values, we thus use REPLACE INTO.
XDB::execute('REPLACE INTO email_redirect_account (uid, redirect, flags, action)
VALUES ({?}, {?}, \'active\', {?})', $this->user->id(), $email, $filter);
// Replace this email by forlife email, if present in aliases and MLs.
$listClient = new MMList(S::user());
$listClient->change_user_email($email, $this->user->forlifeEmail());
update_alias_user($email, $this->user->forlifeEmail());
if ($logger = S::v('log', null)) {
// may be absent --> step4.php
S::logger()->log('email_add', $email . ($this->user->id() != S::v('uid') ? " (admin on {$this->user->login()})" : ""));
}
foreach ($this->emails as $mail) {
if ($mail->email == $email_stripped) {
return SUCCESS;
}
}
$this->emails[] = new Email($this->user, array('redirect' => $email, 'rewrite' => '', 'type' => 'smtp', 'action' => $filter, 'broken_date' => '0000-00-00', 'broken_level' => 0, 'last' => '0000-00-00', 'flags' => 'active', 'hash' => null, 'allow_rewrite' => 0));
// security stuff
check_email($email, "Ajout d'une adresse surveillée aux redirections de " . $this->user->login());
check_redirect($this);
$this->update_imap();
return SUCCESS;
}
function handler_user($page, $login = false)
{
global $globals;
$page->changeTpl('admin/user.tpl');
$page->setTitle('Administration - Compte');
if (S::suid()) {
$page->kill("Déjà en SUID !!!");
}
// Loads the user identity using the environment.
if ($login) {
$user = User::get($login);
}
if (empty($user)) {
pl_redirect('admin/accounts');
}
$listClient = new MMList(S::user());
$login = $user->login();
$registered = $user->state != 'pending';
// Form processing
if (!empty($_POST)) {
S::assert_xsrf_token();
if (Post::has('uid') && Post::i('uid') != $user->id()) {
$page->kill('Une erreur s\'est produite');
}
}
// Handles specific requests (AX sync, su, ...).
if (Post::has('log_account')) {
pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m'));
}
if (Post::has('su_account') && $registered) {
if (!Platal::session()->startSUID($user)) {
$page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login());
} else {
pl_redirect("");
}
}
// Handles account deletion.
if (Post::has('account_deletion_confirmation')) {
$uid = $user->id();
$name = $user->fullName();
$profile = $user->profile();
if ($profile && Post::b('clear_profile')) {
$user->profile()->clear();
}
$user->clear(true);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit.");
if (Post::b('erase_account')) {
XDB::execute('DELETE FROM accounts
WHERE uid = {?}', $uid);
$page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données");
}
}
// Account Form {{{
require_once 'emails.inc.php';
$to_update = array();
if (Post::has('disable_weak_access')) {
$to_update['weak_password'] = null;
} else {
if (Post::has('update_account')) {
if (!$user->hasProfile()) {
require_once 'name.func.inc.php';
$name_update = false;
$lastname = capitalize_name(Post::t('lastname'));
$firstname = capitalize_name(Post::t('firstname'));
if ($lastname != $user->lastname) {
$to_update['lastname'] = $lastname;
$name_update = true;
}
if (Post::s('type') != 'virtual' && $firstname != $user->firstname) {
$to_update['firstname'] = $firstname;
$name_update = true;
}
if ($name_update) {
if (Post::s('type') == 'virtual') {
$firstname = '';
}
$to_update['full_name'] = build_full_name($firstname, $lastname);
$to_update['directory_name'] = build_directory_name($firstname, $lastname);
$to_update['sort_name'] = build_sort_name($firstname, $lastname);
}
if (Post::s('display_name') != $user->displayName()) {
$to_update['display_name'] = Post::s('display_name');
}
}
if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
$to_update['sex'] = Post::s('sex');
if ($user->hasProfile()) {
XDB::execute('UPDATE profiles
SET sex = {?}
WHERE pid = {?}', Post::s('sex'), $user->profile()->id());
}
}
if (!Post::blank('pwhash')) {
$to_update['password'] = Post::s('pwhash');
require_once 'googleapps.inc.php';
$account = new GoogleAppsAccount($user);
if ($account->active() && $account->sync_password) {
$account->set_password(Post::s('pwhash'));
}
}
if (!Post::blank('weak_password')) {
$to_update['weak_password'] = Post::s('weak_password');
}
if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
$to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
}
if (Post::i('skin') != $user->skin) {
$to_update['skin'] = Post::i('skin');
if ($to_update['skin'] == 0) {
$to_update['skin'] = null;
}
}
if (Post::s('state') != $user->state) {
$to_update['state'] = Post::s('state');
}
if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
$to_update['is_admin'] = Post::b('is_admin');
}
if (Post::s('type') != $user->type) {
$to_update['type'] = Post::s('type');
}
if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
$to_update['flags'] = new PlFlagset();
$to_update['flags']->addFlag('watch', Post::i('watch'));
}
if (Post::t('comment') != $user->comment) {
$to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
}
$new_email = strtolower(Post::t('email'));
if (require_email_update($user, $new_email)) {
$to_update['email'] = $new_email;
$listClient->change_user_email($user->forlifeEmail(), $new_email);
update_alias_user($user->forlifeEmail(), $new_email);
}
}
}
if (!empty($to_update)) {
$res = XDB::query('SELECT *
FROM accounts
WHERE uid = {?}', $user->id());
$oldValues = $res->fetchAllAssoc();
$oldValues = $oldValues[0];
$set = array();
$diff = array();
foreach ($to_update as $k => $value) {
$value = XDB::format('{?}', $value);
$set[] = $k . ' = ' . $value;
$diff[$k] = array($oldValues[$k], trim($value, "'"));
unset($oldValues[$k]);
}
XDB::rawExecute('UPDATE accounts
SET ' . implode(', ', $set) . '
WHERE uid = ' . XDB::format('{?}', $user->id()));
$page->trigSuccess('Données du compte mise à jour avec succès');
$user = User::getWithUID($user->id());
/* Formats the $diff and send it to the site administrators. The rules are the folowing:
* -formats: password, token, weak_password
*/
foreach (array('password', 'token', 'weak_password') as $key) {
if (isset($diff[$key])) {
$diff[$key] = array('old value', 'new value');
} else {
$oldValues[$key] = 'old value';
}
}
$mail = new PlMailer('admin/useredit.mail.tpl');
$mail->assign('admin', S::user()->hruid);
$mail->assign('hruid', $user->hruid);
$mail->assign('diff', $diff);
$mail->assign('oldValues', $oldValues);
$mail->send();
}
// }}}
// Profile form {{{
if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
if (Post::i('del_profile', 0) != 0) {
XDB::execute('DELETE FROM account_profiles
WHERE uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile'));
XDB::execute('DELETE FROM profiles
WHERE pid = {?}', Post::i('del_profile'));
} else {
if (!Post::blank('new_profile')) {
$profile = Profile::get(Post::t('new_profile'));
if (!$profile) {
$page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
} else {
XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid)
VALUES ({?}, {?})', $user->id(), $profile->id());
}
}
}
XDB::execute('UPDATE account_profiles
SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
WHERE uid = {?}', Post::i('owner'), $user->id());
}
// }}}
// Email forwards form {{{
$redirect = $registered ? new Redirect($user) : null;
if (Post::has('add_fwd')) {
$email = Post::t('email');
if (!isvalid_email_redirection($email, $user)) {
$page->trigError("Email non valide: {$email}");
} else {
$redirect->add_email($email);
$page->trigSuccess("Ajout de {$email} effectué");
}
} else {
if (!Post::blank('del_fwd')) {
$redirect->delete_email(Post::t('del_fwd'));
} else {
if (!Post::blank('activate_fwd')) {
$redirect->modify_one_email(Post::t('activate_fwd'), true);
} else {
if (!Post::blank('deactivate_fwd')) {
$redirect->modify_one_email(Post::t('deactivate_fwd'), false);
} else {
if (Post::has('disable_fwd')) {
$redirect->disable();
} else {
if (Post::has('enable_fwd')) {
$redirect->enable();
} else {
if (!Post::blank('clean_fwd')) {
$redirect->clean_errors(Post::t('clean_fwd'));
}
}
}
}
}
}
}
// }}}
// Email alias form {{{
if (Post::has('add_alias')) {
// Splits new alias in user and fqdn.
$alias = Env::t('email');
if (strpos($alias, '@') !== false) {
list($alias, $domain) = explode('@', $alias);
} else {
$domain = $user->mainEmailDomain();
}
// Checks for alias' user validity.
if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) {
$page->trigError("'{$alias}' n'est pas un alias valide");
}
// Eventually adds the alias to the right domain.
if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
$req = new AliasReq($user, $alias, 'Admin request', false);
if ($req->commit()) {
$page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué.");
} else {
$page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué.");
}
} elseif ($domain == $user->mainEmailDomain()) {
XDB::execute('INSERT INTO email_source_account (email, uid, domain, type, flags)
SELECT {?}, {?}, id, \'alias\', \'\'
FROM email_virtual_domains
WHERE name = {?}', $alias, $user->id(), $domain);
$page->trigSuccess("Nouvel alias '{$alias}' ajouté");
} else {
$page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur.");
}
} else {
if (!Post::blank('del_alias')) {
$delete_alias = Post::t('del_alias');
list($email, $domain) = explode('@', $delete_alias);
XDB::execute('DELETE s
FROM email_source_account AS s
INNER JOIN email_virtual_domains AS m ON (s.domain = m.id)
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
WHERE s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain);
XDB::execute('UPDATE email_redirect_account AS r
INNER JOIN email_virtual_domains AS m ON (m.name = {?})
INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id)
SET r.rewrite = \'\'
WHERE r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email);
fix_bestalias($user);
$page->trigSuccess("L'alias '{$delete_alias}' a été supprimé");
} else {
if (!Post::blank('best')) {
$best_alias = Post::t('best');
// First delete the bestalias flag from all this user's emails.
XDB::execute("UPDATE email_source_account\n SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n WHERE uid = {?}", $user->id());
// Then gives the bestalias flag to the given email.
list($email, $domain) = explode('@', $best_alias);
XDB::execute("UPDATE email_source_account\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n WHERE uid = {?} AND email = {?}", $user->id(), $email);
// As having a non-null bestalias value is critical in
// plat/al's code, we do an a posteriori check on the
// validity of the bestalias.
fix_bestalias($user);
}
}
}
// }}}
// OpenId form {{{
if (Post::has('del_openid')) {
XDB::execute('DELETE FROM account_auth_openid
WHERE id = {?}', Post::i('del_openid'));
}
// }}}
// Forum form {{{
if (Post::has('b_edit')) {
XDB::execute("DELETE FROM forum_innd\n WHERE uid = {?}", $user->id());
if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") {
XDB::execute("INSERT INTO forum_innd\n SET ipmin = '0', ipmax = '4294967295',\n write_perm = {?}, read_perm = {?},\n comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id());
}
}
// }}}
$page->addJsLink('jquery.ui.xorg.js');
// Displays last login and last host information.
$res = XDB::query("SELECT start, host\n FROM log_sessions\n WHERE uid = {?} AND suid IS NULL\n ORDER BY start DESC\n LIMIT 1", $user->id());
list($lastlogin, $host) = $res->fetchOneRow();
$page->assign('lastlogin', $lastlogin);
$page->assign('host', $host);
// Display mailing lists
$page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail()));
// Display active aliases.
$page->assign('virtuals', $user->emailGroupAliases());
$aliases = XDB::iterator("SELECT CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n (s.type = 'alias_aux') AS alias\n FROM email_source_account AS s\n INNER JOIN email_virtual_domains AS d ON (s.domain = d.id)\n WHERE s.uid = {?}\n ORDER BY !alias, s.email", $user->id());
$page->assign('aliases', $aliases);
$page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type'));
$page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name'));
$page->assign('profiles', XDB::iterator('SELECT p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id
FROM account_profiles AS ap
INNER JOIN profiles AS p ON (ap.pid = p.pid)
WHERE ap.uid = {?}', $user->id()));
$page->assign('openid', XDB::iterator('SELECT id, url
FROM account_auth_openid
WHERE uid = {?}', $user->id()));
// Displays email redirection and the general profile.
if ($registered && $redirect) {
$page->assign('emails', $redirect->emails);
}
$page->assign('user', $user);
$page->assign('hasProfile', $user->hasProfile());
// Displays forum bans.
$res = XDB::query("SELECT write_perm, read_perm, comment\n FROM forum_innd\n WHERE uid = {?}", $user->id());
$bans = $res->fetchOneAssoc();
$page->assign('bans', $bans);
}
function handler_register($page, $hash = null)
{
$page->forceSkin('register');
$alert = array();
$alert_details = '';
$subState = new PlDict(S::v('subState', array()));
if (!$subState->has('step')) {
$subState->set('step', 0);
}
if (!$subState->has('backs')) {
$subState->set('backs', new PlDict());
}
if (Get::has('back') && Get::i('back') < $subState->i('step')) {
$subState->set('step', max(0, Get::i('back')));
$subState->v('backs')->set($subState->v('backs')->count() + 1, $subState->dict());
$subState->v('backs')->kill('backs');
if ($subState->v('backs')->count() == 3) {
$alert[] = "Tentative d'inscription très hésitante";
$alert_details .= "\n * Retours en arrières : 3.";
}
}
if ($hash) {
$res = XDB::query("SELECT a.uid, a.hruid, ppn.lastname_initial AS lastname, ppn.firstname_initial AS firstname, p.xorg_id AS xorgid,\n pd.promo, pe.promo_year AS yearpromo, pde.degree AS edu_type,\n p.birthdate_ref AS birthdateRef, FIND_IN_SET('watch', a.flags) AS watch, m.hash, a.type, a.comment\n FROM register_marketing AS m\n INNER JOIN accounts AS a ON (m.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n INNER JOIN profile_education_degree_enum AS pde ON (pde.id = pe.degreeid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n WHERE m.hash = {?} AND a.state = 'pending'", $hash);
if ($res->numRows() == 1) {
$subState->merge($res->fetchOneRow());
$subState->set('main_mail_domain', User::$sub_mail_domains[$subState->v('type')]);
XDB::execute('INSERT INTO register_mstats (uid, sender, success)
SELECT m.uid, m.sender, 0
FROM register_marketing AS m
WHERE m.hash
ON DUPLICATE KEY UPDATE sender = VALUES(sender), success = VALUES(success)', $subState->s('hash'));
}
}
switch ($subState->i('step')) {
case 0:
$wp = new PlWikiPage('Reference.Charte');
$wp->buildCache();
if (Post::has('step1')) {
$subState->set('step', 1);
if ($subState->has('hash')) {
$subState->set('step', 3);
$this->load('register.inc.php');
createAliases($subState);
}
}
break;
case 1:
if (Post::has('yearpromo')) {
$edu_type = Post::t('edu_type');
$yearpromo = Post::i('yearpromo');
$promo = Profile::$cycle_prefixes[$edu_type] . $yearpromo;
$res = XDB::query("SELECT COUNT(*)\n FROM accounts AS a\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE a.state = 'pending' AND p.deathdate IS NULL AND pe.promo_year = {?}", $yearpromo);
if (!$res->fetchOneCell()) {
$error = 'La promotion saisie est incorrecte ou tous les camarades de cette promotion sont inscrits !';
} else {
$subState->set('step', 2);
$subState->set('promo', $promo);
$subState->set('yearpromo', $yearpromo);
$subState->set('edu_type', $edu_type);
if ($edu_type == Profile::DEGREE_X) {
if ($yearpromo >= 1996 && $yearpromo < 2000) {
$subState->set('schoolid', $yearpromo % 100 * 10 . '???');
$subState->set('schoolid_exemple', $yearpromo % 100 * 10000 + 532);
$subState->set('schoolid_exemple_ev2', ($yearpromo + 1) % 100 * 10000 + 532);
} elseif ($yearpromo >= 2000) {
$subState->set('schoolid', 100 + $yearpromo % 100 . '???');
$subState->set('schoolid_exemple', (100 + $yearpromo % 100) * 1000 + 532);
$subState->set('schoolid_exemple_ev2', (100 + ($yearpromo + 1) % 100) * 1000 + 532);
}
}
}
}
break;
case 2:
if (count($_POST)) {
$this->load('register.inc.php');
$subState->set('firstname', Post::t('firstname'));
$subState->set('lastname', Post::t('lastname'));
if (Post::has('schoolid')) {
$subState->set('schoolid', Post::i('schoolid'));
}
$error = checkNewUser($subState);
if ($error !== true) {
break;
}
$error = createAliases($subState);
if ($error === true) {
unset($error);
$subState->set('step', 3);
}
}
break;
case 3:
if (count($_POST)) {
$this->load('register.inc.php');
// Validate the email address format and domain.
require_once 'emails.inc.php';
$user = User::get($subState->s('uid'));
if (!isvalid_email(Post::v('email'))) {
$error[] = "Le champ 'Email' n'est pas valide.";
} elseif (!isvalid_email_redirection(Post::v('email'), $user)) {
$error[] = $subState->s('forlife') . ' doit renvoyer vers un email existant ' . 'valide, en particulier, il ne peut pas être renvoyé vers lui-même.';
}
// Validate the birthday format and range.
$birth = Post::t('birthdate');
if (!preg_match('@^[0-3]?\\d/[01]?\\d/(19|20)?\\d{2}$@', $birth)) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
} else {
$birth = explode('/', $birth, 3);
for ($i = 0; $i < 3; ++$i) {
$birth[$i] = intval($birth[$i]);
}
if ($birth[2] < 100) {
$birth[2] += 1900;
}
$year = $birth[2];
$ref_year = substr($subState->v('birthdateRef'), 0, 4);
if (abs($ref_year - $year) > 2) {
$error[] = "La 'Date de naissance' n'est pas correcte.";
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
$subState->set('wrong_birthdate', $birth);
}
}
// Register the optional services requested by the user.
$services = array();
foreach (array('com_letters', 'imap', 'ml_promo', 'nl') as $service) {
if (Post::b($service)) {
$services[] = $service;
}
}
$subState->set('services', $services);
// Validate the password.
if (!Post::v('pwhash', false)) {
$error[] = "Le mot de passe n'est pas valide.";
}
// Check if the given email is known as dangerous.
$res = XDB::query("SELECT state, description\n FROM email_watch\n WHERE email = {?} AND state != 'safe'", Post::v('email'));
$bannedEmail = false;
if ($res->numRows()) {
list($state, $description) = $res->fetchOneRow();
$alert[] = "Email surveillé proposé à l'inscription";
$alert_details .= "\n * Email surveillé : " . Post::v('email');
$subState->set('email_desc', $description);
if ($state == 'dangerous') {
$bannedEmail = true;
}
}
if ($subState->i('watch') != 0) {
$alert[] = "Inscription d'un utilisateur surveillé";
$alert_details .= "\n * Commentaire pour la surveillance : " . $subState->v('comment');
}
if ($bannedIp = check_ip('unsafe')) {
unset($error);
}
if (isset($error)) {
$error = join('<br />', $error);
} else {
$subState->set('birthdate', sprintf("%04d-%02d-%02d", intval($birth[2]), intval($birth[1]), intval($birth[0])));
$subState->set('email', Post::t('email'));
$subState->set('password', Post::t('pwhash'));
// Update the current alert if the birthdate is incorrect,
// or if the IP address of the user has been banned.
if ($subState->s('birthdateRef') != '0000-00-00' && $subState->s('birthdateRef') != $subState->s('birthdate')) {
$alert[] = "Date de naissance incorrecte à l'inscription";
$alert_details .= "\n * Date de naissance renseignée : " . Post::t('birthdate');
if ($subState->v('birthdateRef') == '0000-00-00') {
$alert_details .= ' (date inconnue)';
} else {
$alert_details .= ' (date connue : ' . $subState->v('birthdateRef') . ')';
}
}
if ($bannedIp) {
$alert[] = "Tentative d'inscription depuis une IP surveillée";
$alert_details .= "\n * IP surveillée : " . $_SESSION['check_ip'];
}
// Prevent banned user from actually registering; save the current state for others.
if ($bannedEmail || $bannedIp) {
global $globals;
$error = "Une erreur s'est produite lors de l'inscription." . " Merci de contacter <a href='mailto:register@{$globals->mail->domain}>" . " register@{$globals->mail->domain}</a>" . " pour nous faire part de cette erreur.";
} else {
$subState->set('step', 4);
if ($subState->v('backs')->count() >= 3) {
$alert[] = "Fin d'une inscription hésitante";
$alert_details .= "\n * Nombre de retours en arrière : " . $subState->v('backs')->count();
}
finishRegistration($subState);
}
}
}
break;
}
$_SESSION['subState'] = $subState->dict();
if (count($alert)) {
$alert_details = "Détails des alertes :" . $alert_details . "\n\n";
$alert_details .= 'Compte concerné : ' . $subState->s('forlife') . ' (redirection vers : ' . ($subState->s('email') == '' ? Post::t('email') : $subState->s('email')) . ")\n\n\n";
send_warning_mail(implode(' - ', $alert), $alert_details);
}
$page->changeTpl('register/step' . $subState->i('step') . '.tpl');
if (isset($error)) {
$page->trigError($error);
}
}
