function handler_exit($page, $level = null) { global $globals; if (S::has('suid')) { Platal::session()->stopSUID(); pl_redirect('/'); } Platal::session()->destroy(); http_redirect($globals->baseurl_http); $page->changeTpl('exit.tpl'); }
function handler_rss($page, $group, $alias, $hash, $file = null) { if (is_null($file)) { if (is_null($hash)) { return PL_FORBIDDEN; } $this->handler_rss($page, null, $group, $alias, $hash); } $user = Platal::session()->tokenAuth($alias, $hash); if (is_null($user)) { return PL_FORBIDDEN; } require_once 'banana/forum.inc.php'; $banana = new ForumsBanana($user, array('group' => $group, 'action' => 'rss2')); $banana->run(); exit; }
function handler_sso($page) { $this->load('sso.inc.php'); // First, perform security checks. if (!wats4u_sso_check()) { return PL_BAD_REQUEST; } global $globals; if (!S::logged()) { // Request auth. $page->assign('external_auth', true); $page->assign('ext_url', $globals->wats4u->public_url); $page->setTitle('Authentification'); $page->setDefaultSkin('group_login'); $page->assign('group', null); return PL_DO_AUTH; } if (!S::user()->checkPerms(PERMS_USER)) { // External (X.net) account return PL_FORBIDDEN; } // Update the last login information (unless the user is in SUID). $uid = S::i('uid'); if (!S::suid()) { global $platal; S::logger($uid)->log('connexion_wats4u', $platal->path . ' ' . urldecode($_GET['url'])); } // If we logged in specifically for this 'external_auth' request // and didn't want to "keep access to services", we kill the session // just before returning. // See classes/xorgsession.php:startSessionAs if (S::b('external_auth_exit')) { S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']); Platal::session()->killAccessCookie(); Platal::session()->destroy(); } // Compute return URL $full_return = wats4u_sso_build_return_url(S::user()); if ($full_return === "") { // Something went wrong $page->kill("Erreur dans le traitement de la requête Wats4U."); } http_redirect($full_return); }
function handler_su($page, $uid = null) { if (S::has('suid')) { $page->kill("Déjà en SUID !!!"); } if ($uid === null) { throw new Exception("You forgot to pass the uid you want to impersonate"); } $user = new UserFilter(new UFC_Uid($uid)); $user = $user->get(true); if ($user !== false) { $user->select(UserSelect::login()); if (!Platal::session()->startSUID($user)) { $page->trigError('Impossible d\'effectuer un SUID sur ' . $uid); } else { S::logger()->log('admin/su', array('uid' => $user->id())); pl_redirect('home'); } } else { throw new Exception("Impossible de faire un SUID sur " . $uid); } }
function handler_pdf($page, $arg0 = null, $arg1 = null) { $this->load('contacts.pdf.inc.php'); $user = S::user(); Platal::session()->close(); $order = array(new UFO_Name()); if ($arg0 == 'promo') { $order = array_unshift($order, new UFO_Promo()); } else { $order[] = new UFO_Promo(); } $filter = new UserFilter(new UFC_Contact($user), $order); $pdf = new ContactsPDF(); $it = $filter->iterProfiles(); while ($p = $it->next()) { $pdf = ContactsPDF::addContact($pdf, $p, $arg0 == 'photos' || $arg1 == 'photos'); } $pdf->Output(); exit; }
function handler_rss($page, $liste = null, $alias = null, $hash = null) { if (!$liste) { return PL_NOT_FOUND; } $user = Platal::session()->tokenAuth($alias, $hash); if (is_null($user)) { return PL_FORBIDDEN; } $mlist = $this->prepare_list($liste); if (list($det) = $mlist->getMembers()) { if (substr($liste, 0, 5) != 'promo' && ($det['ins'] || $det['priv']) && !$det['own'] && $det['sub'] < 2) { exit; } require_once 'banana/ml.inc.php'; $banana = new MLBanana($user, array('listname' => $mlist->mbox, 'domain' => $mlist->domain, 'action' => 'rss2')); $banana->run(); } exit; }
function handler_exit($page, $level = null) { if (S::suid()) { $old = S::user()->login(); S::logger()->log('suid_stop', $old . " by " . S::suid('hruid')); Platal::session()->stopSUID(); $target = S::s('suid_startpage'); S::kill('suid_startpage'); if (!empty($target)) { http_redirect($target); } pl_redirect('admin/user/' . $old); } if ($level == 'forget' || $level == 'forgetall') { Platal::session()->killAccessCookie(); } if ($level == 'forgetuid' || $level == 'forgetall') { Platal::session()->killLoginFormCookies(); } if (S::logged()) { S::logger()->log('deconnexion', @$_SERVER['HTTP_REFERER']); Platal::session()->destroy(); } if (Get::has('redirect')) { http_redirect(rawurldecode(Get::v('redirect'))); } else { $page->changeTpl('platal/exit.tpl'); } }
function handler_user($page, $login = false) { global $globals; $page->changeTpl('admin/user.tpl'); $page->setTitle('Administration - Compte'); if (S::suid()) { $page->kill("Déjà en SUID !!!"); } // Loads the user identity using the environment. if ($login) { $user = User::get($login); } if (empty($user)) { pl_redirect('admin/accounts'); } $listClient = new MMList(S::user()); $login = $user->login(); $registered = $user->state != 'pending'; // Form processing if (!empty($_POST)) { S::assert_xsrf_token(); if (Post::has('uid') && Post::i('uid') != $user->id()) { $page->kill('Une erreur s\'est produite'); } } // Handles specific requests (AX sync, su, ...). if (Post::has('log_account')) { pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m')); } if (Post::has('su_account') && $registered) { if (!Platal::session()->startSUID($user)) { $page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login()); } else { pl_redirect(""); } } // Handles account deletion. if (Post::has('account_deletion_confirmation')) { $uid = $user->id(); $name = $user->fullName(); $profile = $user->profile(); if ($profile && Post::b('clear_profile')) { $user->profile()->clear(); } $user->clear(true); $page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit."); if (Post::b('erase_account')) { XDB::execute('DELETE FROM accounts WHERE uid = {?}', $uid); $page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données"); } } // Account Form {{{ require_once 'emails.inc.php'; $to_update = array(); if (Post::has('disable_weak_access')) { $to_update['weak_password'] = null; } else { if (Post::has('update_account')) { if (!$user->hasProfile()) { require_once 'name.func.inc.php'; $name_update = false; $lastname = capitalize_name(Post::t('lastname')); $firstname = capitalize_name(Post::t('firstname')); if ($lastname != $user->lastname) { $to_update['lastname'] = $lastname; $name_update = true; } if (Post::s('type') != 'virtual' && $firstname != $user->firstname) { $to_update['firstname'] = $firstname; $name_update = true; } if ($name_update) { if (Post::s('type') == 'virtual') { $firstname = ''; } $to_update['full_name'] = build_full_name($firstname, $lastname); $to_update['directory_name'] = build_directory_name($firstname, $lastname); $to_update['sort_name'] = build_sort_name($firstname, $lastname); } if (Post::s('display_name') != $user->displayName()) { $to_update['display_name'] = Post::s('display_name'); } } if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) { $to_update['sex'] = Post::s('sex'); if ($user->hasProfile()) { XDB::execute('UPDATE profiles SET sex = {?} WHERE pid = {?}', Post::s('sex'), $user->profile()->id()); } } if (!Post::blank('pwhash')) { $to_update['password'] = Post::s('pwhash'); require_once 'googleapps.inc.php'; $account = new GoogleAppsAccount($user); if ($account->active() && $account->sync_password) { $account->set_password(Post::s('pwhash')); } } if (!Post::blank('weak_password')) { $to_update['weak_password'] = Post::s('weak_password'); } if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) { $to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null; } if (Post::i('skin') != $user->skin) { $to_update['skin'] = Post::i('skin'); if ($to_update['skin'] == 0) { $to_update['skin'] = null; } } if (Post::s('state') != $user->state) { $to_update['state'] = Post::s('state'); } if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) { $to_update['is_admin'] = Post::b('is_admin'); } if (Post::s('type') != $user->type) { $to_update['type'] = Post::s('type'); } if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) { $to_update['flags'] = new PlFlagset(); $to_update['flags']->addFlag('watch', Post::i('watch')); } if (Post::t('comment') != $user->comment) { $to_update['comment'] = Post::blank('comment') ? null : Post::t('comment'); } $new_email = strtolower(Post::t('email')); if (require_email_update($user, $new_email)) { $to_update['email'] = $new_email; $listClient->change_user_email($user->forlifeEmail(), $new_email); update_alias_user($user->forlifeEmail(), $new_email); } } } if (!empty($to_update)) { $res = XDB::query('SELECT * FROM accounts WHERE uid = {?}', $user->id()); $oldValues = $res->fetchAllAssoc(); $oldValues = $oldValues[0]; $set = array(); $diff = array(); foreach ($to_update as $k => $value) { $value = XDB::format('{?}', $value); $set[] = $k . ' = ' . $value; $diff[$k] = array($oldValues[$k], trim($value, "'")); unset($oldValues[$k]); } XDB::rawExecute('UPDATE accounts SET ' . implode(', ', $set) . ' WHERE uid = ' . XDB::format('{?}', $user->id())); $page->trigSuccess('Données du compte mise à jour avec succès'); $user = User::getWithUID($user->id()); /* Formats the $diff and send it to the site administrators. The rules are the folowing: * -formats: password, token, weak_password */ foreach (array('password', 'token', 'weak_password') as $key) { if (isset($diff[$key])) { $diff[$key] = array('old value', 'new value'); } else { $oldValues[$key] = 'old value'; } } $mail = new PlMailer('admin/useredit.mail.tpl'); $mail->assign('admin', S::user()->hruid); $mail->assign('hruid', $user->hruid); $mail->assign('diff', $diff); $mail->assign('oldValues', $oldValues); $mail->send(); } // }}} // Profile form {{{ if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) { if (Post::i('del_profile', 0) != 0) { XDB::execute('DELETE FROM account_profiles WHERE uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile')); XDB::execute('DELETE FROM profiles WHERE pid = {?}', Post::i('del_profile')); } else { if (!Post::blank('new_profile')) { $profile = Profile::get(Post::t('new_profile')); if (!$profile) { $page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas'); } else { XDB::execute('INSERT IGNORE INTO account_profiles (uid, pid) VALUES ({?}, {?})', $user->id(), $profile->id()); } } } XDB::execute('UPDATE account_profiles SET perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\')) WHERE uid = {?}', Post::i('owner'), $user->id()); } // }}} // Email forwards form {{{ $redirect = $registered ? new Redirect($user) : null; if (Post::has('add_fwd')) { $email = Post::t('email'); if (!isvalid_email_redirection($email, $user)) { $page->trigError("Email non valide: {$email}"); } else { $redirect->add_email($email); $page->trigSuccess("Ajout de {$email} effectué"); } } else { if (!Post::blank('del_fwd')) { $redirect->delete_email(Post::t('del_fwd')); } else { if (!Post::blank('activate_fwd')) { $redirect->modify_one_email(Post::t('activate_fwd'), true); } else { if (!Post::blank('deactivate_fwd')) { $redirect->modify_one_email(Post::t('deactivate_fwd'), false); } else { if (Post::has('disable_fwd')) { $redirect->disable(); } else { if (Post::has('enable_fwd')) { $redirect->enable(); } else { if (!Post::blank('clean_fwd')) { $redirect->clean_errors(Post::t('clean_fwd')); } } } } } } } // }}} // Email alias form {{{ if (Post::has('add_alias')) { // Splits new alias in user and fqdn. $alias = Env::t('email'); if (strpos($alias, '@') !== false) { list($alias, $domain) = explode('@', $alias); } else { $domain = $user->mainEmailDomain(); } // Checks for alias' user validity. if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) { $page->trigError("'{$alias}' n'est pas un alias valide"); } // Eventually adds the alias to the right domain. if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) { $req = new AliasReq($user, $alias, 'Admin request', false); if ($req->commit()) { $page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué."); } else { $page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué."); } } elseif ($domain == $user->mainEmailDomain()) { XDB::execute('INSERT INTO email_source_account (email, uid, domain, type, flags) SELECT {?}, {?}, id, \'alias\', \'\' FROM email_virtual_domains WHERE name = {?}', $alias, $user->id(), $domain); $page->trigSuccess("Nouvel alias '{$alias}' ajouté"); } else { $page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur."); } } else { if (!Post::blank('del_alias')) { $delete_alias = Post::t('del_alias'); list($email, $domain) = explode('@', $delete_alias); XDB::execute('DELETE s FROM email_source_account AS s INNER JOIN email_virtual_domains AS m ON (s.domain = m.id) INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id) WHERE s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain); XDB::execute('UPDATE email_redirect_account AS r INNER JOIN email_virtual_domains AS m ON (m.name = {?}) INNER JOIN email_virtual_domains AS d ON (d.aliasing = m.id) SET r.rewrite = \'\' WHERE r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email); fix_bestalias($user); $page->trigSuccess("L'alias '{$delete_alias}' a été supprimé"); } else { if (!Post::blank('best')) { $best_alias = Post::t('best'); // First delete the bestalias flag from all this user's emails. XDB::execute("UPDATE email_source_account\n SET flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n WHERE uid = {?}", $user->id()); // Then gives the bestalias flag to the given email. list($email, $domain) = explode('@', $best_alias); XDB::execute("UPDATE email_source_account\n SET flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n WHERE uid = {?} AND email = {?}", $user->id(), $email); // As having a non-null bestalias value is critical in // plat/al's code, we do an a posteriori check on the // validity of the bestalias. fix_bestalias($user); } } } // }}} // OpenId form {{{ if (Post::has('del_openid')) { XDB::execute('DELETE FROM account_auth_openid WHERE id = {?}', Post::i('del_openid')); } // }}} // Forum form {{{ if (Post::has('b_edit')) { XDB::execute("DELETE FROM forum_innd\n WHERE uid = {?}", $user->id()); if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") { XDB::execute("INSERT INTO forum_innd\n SET ipmin = '0', ipmax = '4294967295',\n write_perm = {?}, read_perm = {?},\n comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id()); } } // }}} $page->addJsLink('jquery.ui.xorg.js'); // Displays last login and last host information. $res = XDB::query("SELECT start, host\n FROM log_sessions\n WHERE uid = {?} AND suid IS NULL\n ORDER BY start DESC\n LIMIT 1", $user->id()); list($lastlogin, $host) = $res->fetchOneRow(); $page->assign('lastlogin', $lastlogin); $page->assign('host', $host); // Display mailing lists $page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail())); // Display active aliases. $page->assign('virtuals', $user->emailGroupAliases()); $aliases = XDB::iterator("SELECT CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n (s.type = 'alias_aux') AS alias\n FROM email_source_account AS s\n INNER JOIN email_virtual_domains AS d ON (s.domain = d.id)\n WHERE s.uid = {?}\n ORDER BY !alias, s.email", $user->id()); $page->assign('aliases', $aliases); $page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type')); $page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name')); $page->assign('profiles', XDB::iterator('SELECT p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id FROM account_profiles AS ap INNER JOIN profiles AS p ON (ap.pid = p.pid) WHERE ap.uid = {?}', $user->id())); $page->assign('openid', XDB::iterator('SELECT id, url FROM account_auth_openid WHERE uid = {?}', $user->id())); // Displays email redirection and the general profile. if ($registered && $redirect) { $page->assign('emails', $redirect->emails); } $page->assign('user', $user); $page->assign('hasProfile', $user->hasProfile()); // Displays forum bans. $res = XDB::query("SELECT write_perm, read_perm, comment\n FROM forum_innd\n WHERE uid = {?}", $user->id()); $bans = $res->fetchOneAssoc(); $page->assign('bans', $bans); }
final function checkAuthAndPerms() { return Platal::session()->checkAuthAndPerms($this->auth(), $this->perms()); }
function handler_remote($page) { global $globals, $platal; if (!(Env::has('timestamp') && Env::has('site') && Env::has('hash') && Env::has('request'))) { $page->trigError("Requête non valide"); return; } // Read request $timestamp = Env::s('timestamp'); if (abs($timestamp - time()) > $globals->remote->lag) { $page->trigError("Delai d'attente dépassé"); return; } $site = Env::s('site'); $request = Env::s('request'); // Load remote information try { $remote = Remote::from(Env::s('site')); $remote->select(RemoteSelect::groups()); } catch (ItemNotFoundException $e) { $page->trigError("Ton site n'est pas renseigné dans la base de données"); return; } // Check request if (md5($timestamp . $site . $remote->privkey() . $request) != Env::s('hash')) { $page->trigError("Erreur de validation de la requête d'authentification"); return; } $request = json_decode($request, true); // Force login $user = Platal::session()->doAuthWithoutStart(AUTH_COOKIE); if (empty($user)) { $page->assign('remote_site', $remote->label()); $platal->force_login($page); return PL_FORBIDDEN; } // Build response $response = array('uid' => $user->id()); if ($remote->hasRight('names') && in_array('names', $request)) { $response['hruid'] = $user->login(); $response['firstname'] = $user->firstname(); $response['lastname'] = $user->lastname(); $response['nickname'] = $user->nickname(); } if ($remote->hasRight('email') && in_array('email', $request)) { $response['email'] = $user->email(); } if ($remote->hasRight('rights') && in_array('rights', $request)) { $r = array(); foreach ($remote->groups() as $g) { $r[$g->name()] = array_map(function ($r) { return (string) $r; }, $user->rights($g)); } if (!empty($r)) { $response['rights'] = $r; } } if ($remote->hasRight('sport') && in_array('sport', $request)) { $groups = $user->castes()->groups(); $group = $groups->filter('ns', Group::NS_SPORT)->first(); if ($group) { $response['sport'] = $group->label(); } } if ($remote->hasRight('promo') && in_array('promo', $request)) { $groups = $user->castes()->groups()->filter('ns', Group::NS_PROMO); $groups = $groups->remove(Group::from('on_platal')); // Extract promos from group labels // For backward compatibility, compute the minimal promo year $promo = 0; $promos = array(); foreach ($groups as $g) { $matches = array(); if (preg_match('/^promo_([a-z_]+)([1-9][0-9]{3})$/', $g->name(), $matches)) { $promos[] = $matches[1] . $matches[2]; $year = (int) $matches[2]; if (!$promo || $year < $promo) { $promo = $year; } } } if ($promo) { $response['promo'] = $promo; $response['promos'] = $promos; } } if ($remote->hasRight('photo') && in_array('photo', $request)) { $img = $user->photo(); if ($img === false) { $img = $user->original(); } if ($img !== false) { $response['photo'] = $globals->baseurl . '/' . $img->src('full'); } } if ($remote->hasRight('binets_admin') && in_array('binets_admin', $request)) { $gf = new GroupFilter(new PFC_And(new GFC_User($user, Rights::admin()), new GFC_Namespace('binet'))); $gs = $gf->get(); if ($gs->count() > 0) { $gs->select(GroupSelect::base()); $r = array(); foreach ($gs as $g) { $r[$g->name()] = $g->label(); } if (!empty($r)) { $response['binets_admin'] = $r; } } } // Send response $response = json_encode($response); $location = Env::s('location'); header('Location: ' . $site . '?location=' . $location . '×tamp=' . $timestamp . '&response=' . $response . '&hash=' . md5($timestamp . $remote->privkey() . $response)); }
function handler_end($page, $hash = null) { global $globals; $_SESSION['subState'] = array('step' => 5); // Reject registration requests from unsafe IP addresses (and remove the // registration information from the database, to prevent IP changes). if (check_ip('unsafe')) { send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.'); XDB::execute("DELETE FROM register_pending\n WHERE hash = {?} AND hash != 'INSCRIT'", $hash); return PL_FORBIDDEN; } // Retrieve the pre-registration information using the url-provided // authentication token. $res = XDB::query("SELECT r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,\n r.password, r.email, r.services, r.naissance,\n ppn.lastname_initial, ppn.firstname_initial, pe.promo_year,\n pd.promo, p.sex, p.birthdate_ref, a.type, a.email AS old_account_email\n FROM register_pending AS r\n INNER JOIN accounts AS a ON (r.uid = a.uid)\n INNER JOIN account_profiles AS ap ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n INNER JOIN profiles AS p ON (p.pid = ap.pid)\n INNER JOIN profile_public_names AS ppn ON (ppn.pid = p.pid)\n INNER JOIN profile_display AS pd ON (p.pid = pd.pid)\n INNER JOIN profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n WHERE hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'", $hash); if (!$hash || $res->numRows() == 0) { $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>\n <p>Causes probables :</p>\n <ol>\n <li>Vérifie que tu visites l'adresse du dernier\n email reçu s'il y en a eu plusieurs.</li>\n <li>Tu as peut-être mal copié l'adresse reçue par\n email, vérifie-la à la main.</li>\n <li>Tu as peut-être attendu trop longtemps pour\n confirmer. Les pré-inscriptions sont annulées\n tous les 30 jours.</li>\n <li>Tu es en fait déjà inscrit.</li>\n </ol>"); } list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services, $birthdate, $lastname, $firstname, $yearpromo, $promo, $sex, $birthdate_ref, $type, $old_account_email) = $res->fetchOneRow(); $isX = $type == 'x'; $mail_domain = User::$sub_mail_domains[$type] . $globals->mail->domain; // Prepare the template for display. $page->changeTpl('register/end.tpl'); $page->assign('forlife', $forlife); $page->assign('firstname', $firstname); // Check if the user did enter a valid password; if not (or if none is found), // get her an information page. if (Post::has('response')) { $expected_response = sha1("{$forlife}:{$password}:" . S::v('challenge')); if (Post::v('response') != $expected_response) { $page->trigError("Mot de passe invalide."); S::logger($uid)->log('auth_fail', 'bad password (register/end)'); return; } } else { return; } // // Create the user account. // XDB::startTransaction(); XDB::execute("UPDATE accounts\n SET password = {?}, state = 'active',\n registration_date = NOW(), email = NULL\n WHERE uid = {?}", $password, $uid); XDB::execute("UPDATE profiles\n SET birthdate = {?}, last_change = NOW()\n WHERE pid = {?}", $birthdate, $pid); XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'forlife\', \'\', id FROM email_virtual_domains WHERE name = {?}', $forlife, $uid, $mail_domain); XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'alias\', \'bestalias\', id FROM email_virtual_domains WHERE name = {?}', $bestalias, $uid, $mail_domain); if ($emailXorg2) { XDB::execute('INSERT INTO email_source_account (email, uid, type, flags, domain) SELECT {?}, {?}, \'alias\', \'\', id FROM email_virtual_domains WHERE name = {?}', $emailXorg2, $uid, $mail_domain); } XDB::commit(); // Try to start a session (so the user don't have to log in); we will use // the password available in Post:: to authenticate the user. Platal::session()->start(AUTH_PASSWD); // Add the registration email address as first and only redirection. require_once 'emails.inc.php'; $user = User::getSilentWithUID($uid); $redirect = new Redirect($user); $redirect->add_email($email); fix_bestalias($user); // If the user was registered to some aliases and MLs, we must change // the subscription to her forlife email. if ($old_account_email) { $listClient = new MMList($user); $listClient->change_user_email($old_account_email, $user->forlifeEmail()); update_alias_user($old_account_email, $user->forlifeEmail()); } // Subscribe the user to the services she did request at registration time. require_once 'newsletter.inc.php'; foreach (explode(',', $services) as $service) { switch ($service) { case 'ax_letter': /* This option is deprecated by 'com_letters' */ NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user); break; case 'com_letters': NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user); NewsLetter::forGroup(NewsLetter::GROUP_EP)->subscribe($user); NewsLetter::forGroup(NewsLetter::GROUP_FX)->subscribe($user); break; case 'nl': NewsLetter::forGroup(NewsLetter::GROUP_XORG)->subscribe($user); break; case 'imap': Email::activate_storage($user, 'imap', Bogo::IMAP_DEFAULT); break; case 'ml_promo': if ($isX) { $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo); if ($r->numRows()) { $asso_id = $r->fetchOneCell(); XDB::execute('INSERT IGNORE INTO group_members (uid, asso_id) VALUES ({?}, {?})', $uid, $asso_id); try { MailingList::subscribePromo($yearpromo, $user); } catch (Exception $e) { PlErrorReport::report($e); $page->trigError("L'inscription à la liste promo" . $yearpromo . " a échouée."); } } } break; } } // Log the registration in the user session. S::logger($uid)->log('inscription', $email); XDB::execute("UPDATE register_pending\n SET hash = 'INSCRIT'\n WHERE uid = {?}", $uid); // Congratulate our newly registered user by email. $mymail = new PlMailer('register/success.mail.tpl'); $mymail->addTo("\"{$user->fullName()}\" <{$user->forlifeEmail()}>"); if ($isX) { $mymail->setSubject('Bienvenue parmi les X sur le web !'); } else { $mymail->setSubject('Bienvenue sur Polytechnique.org !'); } $mymail->assign('forlife', $forlife); $mymail->assign('firstname', $firstname); $mymail->send(); // Index the user, to allow her to appear in searches. Profile::rebuildSearchTokens($pid); // Notify other users which were watching for her arrival. XDB::execute('INSERT INTO contacts (uid, contact) SELECT uid, {?} FROM watch_nonins WHERE ni_id = {?}', $pid, $uid); XDB::execute('DELETE FROM watch_nonins WHERE ni_id = {?}', $uid); Platal::session()->updateNbNotifs(); // Forcibly register the new user on default forums. $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements'); if ($isX) { $promoForum = 'xorg.promo.' . strtolower($promo); $exists = XDB::fetchOneCell('SELECT COUNT(*) FROM forums WHERE name = {?}', $promoForum); if ($exists == 0) { // Notify the newsgroup admin of the promotion forum needs be created. $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo)); $promoRegistered = new UserFilter(new PFC_And(new UFC_Promo('=', UserFilter::DISPLAY, $promo), new UFC_Registered(true), new PFC_Not(new UFC_Dead()))); if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) { $mymail = new PlMailer('admin/forums-promo.mail.tpl'); $mymail->assign('promo', $promo); $mymail->send(); } } else { $registeredForums[] = $promoForum; } } foreach ($registeredForums as $forum) { XDB::execute("INSERT INTO forum_subs (fid, uid)\n SELECT fid, {?}\n FROM forums\n WHERE name = {?}", $uid, $val); } // Update the global registration count stats. $globals->updateNbIns(); // // Update collateral data sources, and inform watchers by email. // // Email the referrer(s) of this new user. $res = XDB::iterRow("SELECT sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate\n FROM register_marketing\n WHERE uid = {?}\n GROUP BY sender\n ORDER BY lastDate DESC", $uid); XDB::execute("UPDATE register_mstats\n SET success = NOW()\n WHERE uid = {?}", $uid); $market = array(); while (list($senderid, $maketingEmails, $lastDate) = $res->next()) { $sender = User::getWithUID($senderid); $market[] = " - par {$sender->fullName()} sur {$maketingEmails} (le plus récemment le {$lastDate})"; $mymail = new PlMailer('register/marketer.mail.tpl'); $mymail->setSubject("{$firstname} {$lastname} s'est inscrit à Polytechnique.org !"); $mymail->setTo($sender); $mymail->assign('sender', $sender); $mymail->assign('firstname', $firstname); $mymail->assign('lastname', $lastname); $mymail->assign('promo', $promo); $mymail->assign('sex', $sex); $mymail->setTxtBody(wordwrap($msg, 72)); $mymail->send(); } // Email the plat/al administrators about the registration. if ($globals->register->notif) { $mymail = new PlMailer('register/registration.mail.tpl'); $mymail->setSubject("Inscription de {$firstname} {$lastname} ({$promo})"); $mymail->assign('firstname', $firstname); $mymail->assign('lastname', $lastname); $mymail->assign('promo', $promo); $mymail->assign('sex', $sex); $mymail->assign('birthdate', $birthdate); $mymail->assign('birthdate_ref', $birthdate_ref); $mymail->assign('forlife', $forlife); $mymail->assign('email', $email); $mymail->assign('logger', S::logger()); if (count($market) > 0) { $mymail->assign('market', implode("\n", $market)); } $mymail->setTxtBody($msg); $mymail->send(); } // Remove old pending marketing requests for the new user. Marketing::clear($uid); pl_redirect('profile/edit'); }
function handler_change_rights($page) { if (Env::has('right') && (may_update() || S::suid())) { switch (Env::v('right')) { case 'admin': Platal::session()->stopSUID(); break; case 'anim': Platal::session()->doSelfSuid(); may_update(true); is_member(true); break; case 'member': Platal::session()->doSelfSuid(); may_update(false, true); is_member(true); break; case 'logged': Platal::session()->doSelfSuid(); may_update(false, true); is_member(false, true); break; } } if (!empty($_SERVER['HTTP_REFERER'])) { http_redirect($_SERVER['HTTP_REFERER']); } else { pl_redirect(''); } }
function handler_exit($page) { Platal::session()->stopSUID(); Platal::session()->destroy(); $page->changeTpl('xnet/deconnexion.tpl'); }