Пример #1
0
 function handler_user($page, $login = false)
 {
     global $globals;
     $page->changeTpl('admin/user.tpl');
     $page->setTitle('Administration - Compte');
     if (S::suid()) {
         $page->kill("Déjà en SUID !!!");
     }
     // Loads the user identity using the environment.
     if ($login) {
         $user = User::get($login);
     }
     if (empty($user)) {
         pl_redirect('admin/accounts');
     }
     $listClient = new MMList(S::user());
     $login = $user->login();
     $registered = $user->state != 'pending';
     // Form processing
     if (!empty($_POST)) {
         S::assert_xsrf_token();
         if (Post::has('uid') && Post::i('uid') != $user->id()) {
             $page->kill('Une erreur s\'est produite');
         }
     }
     // Handles specific requests (AX sync, su, ...).
     if (Post::has('log_account')) {
         pl_redirect("admin/logger?loguser={$login}&year=" . date('Y') . "&month=" . date('m'));
     }
     if (Post::has('su_account') && $registered) {
         if (!Platal::session()->startSUID($user)) {
             $page->trigError('Impossible d\'effectuer un SUID sur ' . $user->login());
         } else {
             pl_redirect("");
         }
     }
     // Handles account deletion.
     if (Post::has('account_deletion_confirmation')) {
         $uid = $user->id();
         $name = $user->fullName();
         $profile = $user->profile();
         if ($profile && Post::b('clear_profile')) {
             $user->profile()->clear();
         }
         $user->clear(true);
         $page->trigSuccess("L'utilisateur {$name} ({$uid}) a bien été désinscrit.");
         if (Post::b('erase_account')) {
             XDB::execute('DELETE FROM  accounts
                                 WHERE  uid = {?}', $uid);
             $page->trigSuccess("L'utilisateur {$name} ({$uid}) a été supprimé de la base de données");
         }
     }
     // Account Form {{{
     require_once 'emails.inc.php';
     $to_update = array();
     if (Post::has('disable_weak_access')) {
         $to_update['weak_password'] = null;
     } else {
         if (Post::has('update_account')) {
             if (!$user->hasProfile()) {
                 require_once 'name.func.inc.php';
                 $name_update = false;
                 $lastname = capitalize_name(Post::t('lastname'));
                 $firstname = capitalize_name(Post::t('firstname'));
                 if ($lastname != $user->lastname) {
                     $to_update['lastname'] = $lastname;
                     $name_update = true;
                 }
                 if (Post::s('type') != 'virtual' && $firstname != $user->firstname) {
                     $to_update['firstname'] = $firstname;
                     $name_update = true;
                 }
                 if ($name_update) {
                     if (Post::s('type') == 'virtual') {
                         $firstname = '';
                     }
                     $to_update['full_name'] = build_full_name($firstname, $lastname);
                     $to_update['directory_name'] = build_directory_name($firstname, $lastname);
                     $to_update['sort_name'] = build_sort_name($firstname, $lastname);
                 }
                 if (Post::s('display_name') != $user->displayName()) {
                     $to_update['display_name'] = Post::s('display_name');
                 }
             }
             if (Post::s('sex') != ($user->isFemale() ? 'female' : 'male')) {
                 $to_update['sex'] = Post::s('sex');
                 if ($user->hasProfile()) {
                     XDB::execute('UPDATE  profiles
                                  SET  sex = {?}
                                WHERE  pid = {?}', Post::s('sex'), $user->profile()->id());
                 }
             }
             if (!Post::blank('pwhash')) {
                 $to_update['password'] = Post::s('pwhash');
                 require_once 'googleapps.inc.php';
                 $account = new GoogleAppsAccount($user);
                 if ($account->active() && $account->sync_password) {
                     $account->set_password(Post::s('pwhash'));
                 }
             }
             if (!Post::blank('weak_password')) {
                 $to_update['weak_password'] = Post::s('weak_password');
             }
             if (Post::i('token_access', 0) != ($user->token_access ? 1 : 0)) {
                 $to_update['token'] = Post::i('token_access') ? rand_url_id(16) : null;
             }
             if (Post::i('skin') != $user->skin) {
                 $to_update['skin'] = Post::i('skin');
                 if ($to_update['skin'] == 0) {
                     $to_update['skin'] = null;
                 }
             }
             if (Post::s('state') != $user->state) {
                 $to_update['state'] = Post::s('state');
             }
             if (Post::i('is_admin', 0) != ($user->is_admin ? 1 : 0)) {
                 $to_update['is_admin'] = Post::b('is_admin');
             }
             if (Post::s('type') != $user->type) {
                 $to_update['type'] = Post::s('type');
             }
             if (Post::i('watch', 0) != ($user->watch ? 1 : 0)) {
                 $to_update['flags'] = new PlFlagset();
                 $to_update['flags']->addFlag('watch', Post::i('watch'));
             }
             if (Post::t('comment') != $user->comment) {
                 $to_update['comment'] = Post::blank('comment') ? null : Post::t('comment');
             }
             $new_email = strtolower(Post::t('email'));
             if (require_email_update($user, $new_email)) {
                 $to_update['email'] = $new_email;
                 $listClient->change_user_email($user->forlifeEmail(), $new_email);
                 update_alias_user($user->forlifeEmail(), $new_email);
             }
         }
     }
     if (!empty($to_update)) {
         $res = XDB::query('SELECT  *
                              FROM  accounts
                             WHERE  uid = {?}', $user->id());
         $oldValues = $res->fetchAllAssoc();
         $oldValues = $oldValues[0];
         $set = array();
         $diff = array();
         foreach ($to_update as $k => $value) {
             $value = XDB::format('{?}', $value);
             $set[] = $k . ' = ' . $value;
             $diff[$k] = array($oldValues[$k], trim($value, "'"));
             unset($oldValues[$k]);
         }
         XDB::rawExecute('UPDATE  accounts
                             SET  ' . implode(', ', $set) . '
                           WHERE  uid = ' . XDB::format('{?}', $user->id()));
         $page->trigSuccess('Données du compte mise à jour avec succès');
         $user = User::getWithUID($user->id());
         /* Formats the $diff and send it to the site administrators. The rules are the folowing:
          *  -formats: password, token, weak_password
          */
         foreach (array('password', 'token', 'weak_password') as $key) {
             if (isset($diff[$key])) {
                 $diff[$key] = array('old value', 'new value');
             } else {
                 $oldValues[$key] = 'old value';
             }
         }
         $mail = new PlMailer('admin/useredit.mail.tpl');
         $mail->assign('admin', S::user()->hruid);
         $mail->assign('hruid', $user->hruid);
         $mail->assign('diff', $diff);
         $mail->assign('oldValues', $oldValues);
         $mail->send();
     }
     // }}}
     // Profile form {{{
     if (Post::has('add_profile') || Post::has('del_profile') || Post::has('owner')) {
         if (Post::i('del_profile', 0) != 0) {
             XDB::execute('DELETE FROM  account_profiles
                                 WHERE  uid = {?} AND pid = {?}', $user->id(), Post::i('del_profile'));
             XDB::execute('DELETE FROM  profiles
                                 WHERE  pid = {?}', Post::i('del_profile'));
         } else {
             if (!Post::blank('new_profile')) {
                 $profile = Profile::get(Post::t('new_profile'));
                 if (!$profile) {
                     $page->trigError('Le profil ' . Post::t('new_profile') . ' n\'existe pas');
                 } else {
                     XDB::execute('INSERT IGNORE INTO  account_profiles (uid, pid)
                                           VALUES  ({?}, {?})', $user->id(), $profile->id());
                 }
             }
         }
         XDB::execute('UPDATE  account_profiles
                          SET  perms = IF(pid = {?}, CONCAT(perms, \',owner\'), REPLACE(perms, \'owner\', \'\'))
                        WHERE  uid = {?}', Post::i('owner'), $user->id());
     }
     // }}}
     // Email forwards form {{{
     $redirect = $registered ? new Redirect($user) : null;
     if (Post::has('add_fwd')) {
         $email = Post::t('email');
         if (!isvalid_email_redirection($email, $user)) {
             $page->trigError("Email non valide: {$email}");
         } else {
             $redirect->add_email($email);
             $page->trigSuccess("Ajout de {$email} effectué");
         }
     } else {
         if (!Post::blank('del_fwd')) {
             $redirect->delete_email(Post::t('del_fwd'));
         } else {
             if (!Post::blank('activate_fwd')) {
                 $redirect->modify_one_email(Post::t('activate_fwd'), true);
             } else {
                 if (!Post::blank('deactivate_fwd')) {
                     $redirect->modify_one_email(Post::t('deactivate_fwd'), false);
                 } else {
                     if (Post::has('disable_fwd')) {
                         $redirect->disable();
                     } else {
                         if (Post::has('enable_fwd')) {
                             $redirect->enable();
                         } else {
                             if (!Post::blank('clean_fwd')) {
                                 $redirect->clean_errors(Post::t('clean_fwd'));
                             }
                         }
                     }
                 }
             }
         }
     }
     // }}}
     // Email alias form {{{
     if (Post::has('add_alias')) {
         // Splits new alias in user and fqdn.
         $alias = Env::t('email');
         if (strpos($alias, '@') !== false) {
             list($alias, $domain) = explode('@', $alias);
         } else {
             $domain = $user->mainEmailDomain();
         }
         // Checks for alias' user validity.
         if (!preg_match('/[-a-z0-9\\.]+/s', $alias)) {
             $page->trigError("'{$alias}' n'est pas un alias valide");
         }
         // Eventually adds the alias to the right domain.
         if ($domain == $globals->mail->alias_dom || $domain == $globals->mail->alias_dom2) {
             $req = new AliasReq($user, $alias, 'Admin request', false);
             if ($req->commit()) {
                 $page->trigSuccess("Nouvel alias '{$alias}@{$domain}' attribué.");
             } else {
                 $page->trigError("Impossible d'ajouter l'alias '{$alias}@{$domain}', il est probablement déjà attribué.");
             }
         } elseif ($domain == $user->mainEmailDomain()) {
             XDB::execute('INSERT INTO  email_source_account (email, uid, domain, type, flags)
                                SELECT  {?}, {?}, id, \'alias\', \'\'
                                  FROM  email_virtual_domains
                                 WHERE  name = {?}', $alias, $user->id(), $domain);
             $page->trigSuccess("Nouvel alias '{$alias}' ajouté");
         } else {
             $page->trigError("Le domaine '{$domain}' n'est pas valide pour cet utilisateur.");
         }
     } else {
         if (!Post::blank('del_alias')) {
             $delete_alias = Post::t('del_alias');
             list($email, $domain) = explode('@', $delete_alias);
             XDB::execute('DELETE  s
                         FROM  email_source_account  AS s
                   INNER JOIN  email_virtual_domains AS m ON (s.domain = m.id)
                   INNER JOIN  email_virtual_domains AS d ON (d.aliasing = m.id)
                        WHERE  s.email = {?} AND s.uid = {?} AND d.name = {?} AND type != \'forlife\'', $email, $user->id(), $domain);
             XDB::execute('UPDATE  email_redirect_account AS r
                   INNER JOIN  email_virtual_domains  AS m ON (m.name = {?})
                   INNER JOIN  email_virtual_domains  AS d ON (d.aliasing = m.id)
                          SET  r.rewrite = \'\'
                        WHERE  r.uid = {?} AND r.rewrite = CONCAT({?}, \'@\', d.name)', $domain, $user->id(), $email);
             fix_bestalias($user);
             $page->trigSuccess("L'alias '{$delete_alias}' a été supprimé");
         } else {
             if (!Post::blank('best')) {
                 $best_alias = Post::t('best');
                 // First delete the bestalias flag from all this user's emails.
                 XDB::execute("UPDATE  email_source_account\n                             SET  flags = TRIM(BOTH ',' FROM REPLACE(CONCAT(',', flags, ','), ',bestalias,', ','))\n                           WHERE  uid = {?}", $user->id());
                 // Then gives the bestalias flag to the given email.
                 list($email, $domain) = explode('@', $best_alias);
                 XDB::execute("UPDATE  email_source_account\n                             SET  flags = CONCAT_WS(',', IF(flags = '', NULL, flags), 'bestalias')\n                           WHERE  uid = {?} AND email = {?}", $user->id(), $email);
                 // As having a non-null bestalias value is critical in
                 // plat/al's code, we do an a posteriori check on the
                 // validity of the bestalias.
                 fix_bestalias($user);
             }
         }
     }
     // }}}
     // OpenId form {{{
     if (Post::has('del_openid')) {
         XDB::execute('DELETE FROM  account_auth_openid
                             WHERE  id = {?}', Post::i('del_openid'));
     }
     // }}}
     // Forum form {{{
     if (Post::has('b_edit')) {
         XDB::execute("DELETE FROM  forum_innd\n                                WHERE  uid = {?}", $user->id());
         if (Env::v('write_perm') != "" || Env::v('read_perm') != "" || Env::v('commentaire') != "") {
             XDB::execute("INSERT INTO  forum_innd\n                                      SET  ipmin = '0', ipmax = '4294967295',\n                                           write_perm = {?}, read_perm = {?},\n                                           comment = {?}, priority = '200', uid = {?}", Env::v('write_perm'), Env::v('read_perm'), Env::v('comment'), $user->id());
         }
     }
     // }}}
     $page->addJsLink('jquery.ui.xorg.js');
     // Displays last login and last host information.
     $res = XDB::query("SELECT  start, host\n                             FROM  log_sessions\n                            WHERE  uid = {?} AND suid IS NULL\n                         ORDER BY  start DESC\n                            LIMIT  1", $user->id());
     list($lastlogin, $host) = $res->fetchOneRow();
     $page->assign('lastlogin', $lastlogin);
     $page->assign('host', $host);
     // Display mailing lists
     $page->assign('mlists', $listClient->get_all_user_lists($user->forlifeEmail()));
     // Display active aliases.
     $page->assign('virtuals', $user->emailGroupAliases());
     $aliases = XDB::iterator("SELECT  CONCAT(s.email, '@', d.name) AS email, (s.type = 'forlife') AS forlife,\n                                          (s.email REGEXP '\\\\.[0-9]{2}\$') AS hundred_year,\n                                          FIND_IN_SET('bestalias', s.flags) AS bestalias, s.expire,\n                                          (s.type = 'alias_aux') AS alias\n                                    FROM  email_source_account  AS s\n                              INNER JOIN  email_virtual_domains AS d ON (s.domain = d.id)\n                                   WHERE  s.uid = {?}\n                                ORDER BY  !alias, s.email", $user->id());
     $page->assign('aliases', $aliases);
     $page->assign('account_types', XDB::iterator('SELECT * FROM account_types ORDER BY type'));
     $page->assign('skins', XDB::iterator('SELECT id, name FROM skins ORDER BY name'));
     $page->assign('profiles', XDB::iterator('SELECT  p.pid, p.hrpid, FIND_IN_SET(\'owner\', ap.perms) AS owner, p.ax_id
                                                FROM  account_profiles AS ap
                                          INNER JOIN  profiles AS p ON (ap.pid = p.pid)
                                               WHERE  ap.uid = {?}', $user->id()));
     $page->assign('openid', XDB::iterator('SELECT  id, url
                                              FROM  account_auth_openid
                                             WHERE  uid = {?}', $user->id()));
     // Displays email redirection and the general profile.
     if ($registered && $redirect) {
         $page->assign('emails', $redirect->emails);
     }
     $page->assign('user', $user);
     $page->assign('hasProfile', $user->hasProfile());
     // Displays forum bans.
     $res = XDB::query("SELECT  write_perm, read_perm, comment\n                             FROM  forum_innd\n                            WHERE  uid = {?}", $user->id());
     $bans = $res->fetchOneAssoc();
     $page->assign('bans', $bans);
 }
Пример #2
0
 public function add_email($email)
 {
     $email_stripped = strtolower(trim($email));
     if (!isvalid_email($email_stripped)) {
         return ERROR_INVALID_EMAIL;
     }
     if (!isvalid_email_redirection($email_stripped, $this->user)) {
         return ERROR_LOOP_EMAIL;
     }
     // We first need to retrieve the value for the antispam filter: it is
     // either the user's redirections common value, or if they differ, our
     // default value.
     $bogo = new Bogo($this->user);
     $filter = $bogo->single_state ? Bogo::$states[$bogo->state] : Bogo::MAIN_DEFAULT;
     // If the email was already present for this user, we reset it to the default values, we thus use REPLACE INTO.
     XDB::execute('REPLACE INTO  email_redirect_account (uid, redirect, flags, action)
                         VALUES  ({?}, {?}, \'active\', {?})', $this->user->id(), $email, $filter);
     // Replace this email by forlife email, if present in aliases and MLs.
     $listClient = new MMList(S::user());
     $listClient->change_user_email($email, $this->user->forlifeEmail());
     update_alias_user($email, $this->user->forlifeEmail());
     if ($logger = S::v('log', null)) {
         // may be absent --> step4.php
         S::logger()->log('email_add', $email . ($this->user->id() != S::v('uid') ? " (admin on {$this->user->login()})" : ""));
     }
     foreach ($this->emails as $mail) {
         if ($mail->email == $email_stripped) {
             return SUCCESS;
         }
     }
     $this->emails[] = new Email($this->user, array('redirect' => $email, 'rewrite' => '', 'type' => 'smtp', 'action' => $filter, 'broken_date' => '0000-00-00', 'broken_level' => 0, 'last' => '0000-00-00', 'flags' => 'active', 'hash' => null, 'allow_rewrite' => 0));
     // security stuff
     check_email($email, "Ajout d'une adresse surveillée aux redirections de " . $this->user->login());
     check_redirect($this);
     $this->update_imap();
     return SUCCESS;
 }
Пример #3
0
 function handler_admin_member($page, $user)
 {
     global $globals;
     $user = User::getSilent($user);
     if (empty($user)) {
         return PL_NOT_FOUND;
     }
     if (!$user->inGroup($globals->asso('id'))) {
         pl_redirect('annuaire');
     }
     $page->changeTpl('xnetgrp/membres-edit.tpl');
     $page->addJsLink('xnet_members.js');
     $mmlist = new MMList(S::user(), $globals->asso('mail_domain'));
     if (Post::has('change')) {
         S::assert_xsrf_token();
         require_once 'emails.inc.php';
         require_once 'name.func.inc.php';
         // Convert user status to X
         if (!Post::blank('x')) {
             $forlife = $this->changeLogin($page, $user, Post::i('userid'), Post::b('broken'), Post::b('marketing'), Post::v('marketing_from'));
             if ($forlife) {
                 pl_redirect('member/' . $forlife);
             }
         }
         // Update user info
         if ($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) {
             $lastname = capitalize_name(Post::t('lastname'));
             if (Post::s('type') != 'virtual') {
                 $firstname = capitalize_name(Post::t('firstname'));
             } else {
                 $firstname = '';
             }
             $full_name = build_full_name($firstname, $lastname);
             $directory_name = build_directory_name($firstname, $lastname);
             $sort_name = build_sort_name($firstname, $lastname);
             XDB::query('UPDATE  accounts
                            SET  full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
                                 firstname = {?}, lastname = {?}, sex = {?}, type = {?}
                          WHERE  uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), $firstname, $lastname, Post::t('sex') == 'male' ? 'male' : 'female', Post::t('type') == 'xnet' ? 'xnet' : 'virtual', $user->id());
         }
         // Updates email.
         $new_email = strtolower(Post::t('email'));
         if (($user->type == 'virtual' || $user->type == 'xnet' && !$user->perms) && require_email_update($user, $new_email)) {
             XDB::query('UPDATE  accounts
                            SET  email = {?}
                          WHERE  uid = {?}', $new_email, $user->id());
             if ($user->forlifeEmail()) {
                 $listClient = new MMList(S::user());
                 $listClient->change_user_email($user->forlifeEmail(), $new_email);
                 update_alias_user($user->forlifeEmail(), $new_email);
             }
             $user = User::getWithUID($user->id());
         }
         if (XDB::affectedRows()) {
             $page->trigSuccess('Données de l\'utilisateur mises à jour.');
         }
         if ($user->type == 'xnet' && !$user->perms) {
             if (Post::b('suggest')) {
                 $request = new AccountReq(S::user(), $user->hruid, Post::t('email'), $globals->asso('nom'), $globals->asso('diminutif'));
                 $request->submit();
                 $page->trigSuccess('Le compte va bientôt être activé.');
             }
             if (Post::b('again')) {
                 $this->again($user->id());
                 $page->trigSuccess('Relance effectuée avec succès.');
             }
         }
         // Update group params for user
         $perms = Post::v('group_perms');
         $comm = Post::t('comm');
         $position = Post::t('group_position') == '' ? null : Post::v('group_position');
         if ($user->group_perms != $perms || $user->group_comm != $comm || $user->group_position != $position) {
             XDB::query('UPDATE  group_members
                            SET  perms = {?}, comm = {?}, position = {?}
                          WHERE  uid = {?} AND asso_id = {?}', $perms == 'admin' ? 'admin' : 'membre', $comm, $position, $user->id(), $globals->asso('id'));
             if (XDB::affectedRows()) {
                 if ($perms != $user->group_perms) {
                     $page->trigSuccess('Permissions modifiées !');
                 }
                 if ($comm != $user->group_comm) {
                     $page->trigSuccess('Commentaire mis à jour.');
                 }
                 if ($position != $user->group_position) {
                     $page->trigSuccess('Poste mis à jour.');
                 }
             }
         }
         // Gets user info again as they might have change
         $user = User::getSilent($user->id());
         // Update ML subscriptions
         foreach (Env::v('ml1', array()) as $ml => $state) {
             $ask = empty($_REQUEST['ml2'][$ml]) ? 0 : 2;
             if ($ask == $state) {
                 continue;
             }
             if ($state == '1') {
                 $page->trigWarning("{$user->fullName()} a " . "actuellement une demande d'inscription en " . "cours sur <strong>{$ml}@</strong> !!!");
             } elseif ($ask) {
                 $mmlist->mass_subscribe($ml, array($user->forlifeEmail()));
                 $page->trigSuccess("{$user->fullName()} a été abonné à {$ml}@.");
             } else {
                 $mmlist->mass_unsubscribe($ml, array($user->forlifeEmail()));
                 $page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}@.");
             }
         }
         // Change subscriptioin to aliases
         foreach (Env::v('ml3', array()) as $ml => $state) {
             require_once 'emails.inc.php';
             $ask = !empty($_REQUEST['ml4'][$ml]);
             list($local_part, ) = explode('@', $ml);
             if ($ask == $state) {
                 continue;
             }
             if ($ask) {
                 add_to_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
                 $page->trigSuccess("{$user->fullName()} a été abonné à {$ml}.");
             } else {
                 delete_from_list_alias($user->id(), $local_part, $globals->asso('mail_domain'));
                 $page->trigSuccess("{$user->fullName()} a été désabonné de {$ml}.");
             }
         }
         if ($globals->asso('has_nl')) {
             $nl = NewsLetter::forGroup($globals->asso('shortname'));
             // Updates group's newsletter subscription.
             if (Post::i('newsletter') == 1) {
                 $nl->subscribe($user);
             } else {
                 $nl->unsubscribe(null, $user->id());
             }
         }
     }
     $res = XDB::rawFetchAllAssoc('SHOW COLUMNS FROM group_members LIKE \'position\'');
     $positions = str_replace(array('enum(', ')', '\''), '', $res[0]['Type']);
     if ($globals->asso('has_nl')) {
         $nl = NewsLetter::forGroup($globals->asso('shortname'));
         $nl_registered = $nl->subscriptionState($user);
     } else {
         $nl_registered = false;
     }
     $page->assign('user', $user);
     $page->assign('suggest', $this->suggest($user));
     $page->assign('listes', $mmlist->get_lists($user->forlifeEmail()));
     $page->assign('alias', $user->emailGroupAliases($globals->asso('mail_domain')));
     $page->assign('positions', explode(',', $positions));
     $page->assign('nl_registered', $nl_registered);
     $page->assign('pending_xnet_account', XDB::fetchOneCell('SELECT  1
                                                                FROM  register_pending_xnet
                                                               WHERE  uid = {?}', $user->id()));
 }
Пример #4
0
 function handler_end($page, $hash = null)
 {
     global $globals;
     $_SESSION['subState'] = array('step' => 5);
     // Reject registration requests from unsafe IP addresses (and remove the
     // registration information from the database, to prevent IP changes).
     if (check_ip('unsafe')) {
         send_warning_mail('Une IP surveillée a tenté de finaliser son inscription.');
         XDB::execute("DELETE FROM  register_pending\n                                WHERE  hash = {?} AND hash != 'INSCRIT'", $hash);
         return PL_FORBIDDEN;
     }
     // Retrieve the pre-registration information using the url-provided
     // authentication token.
     $res = XDB::query("SELECT  r.uid, p.pid, r.forlife, r.bestalias, r.mailorg2,\n                                   r.password, r.email, r.services, r.naissance,\n                                   ppn.lastname_initial, ppn.firstname_initial, pe.promo_year,\n                                   pd.promo, p.sex, p.birthdate_ref, a.type, a.email AS old_account_email\n                             FROM  register_pending AS r\n                       INNER JOIN  accounts         AS a   ON (r.uid = a.uid)\n                       INNER JOIN  account_profiles AS ap  ON (a.uid = ap.uid AND FIND_IN_SET('owner', ap.perms))\n                       INNER JOIN  profiles         AS p   ON (p.pid = ap.pid)\n                       INNER JOIN  profile_public_names AS ppn ON (ppn.pid = p.pid)\n                       INNER JOIN  profile_display  AS pd  ON (p.pid = pd.pid)\n                       INNER JOIN  profile_education AS pe ON (pe.pid = p.pid AND FIND_IN_SET('primary', pe.flags))\n                            WHERE  hash = {?} AND hash != 'INSCRIT' AND a.state = 'pending'", $hash);
     if (!$hash || $res->numRows() == 0) {
         $page->kill("<p>Cette adresse n'existe pas, ou plus, sur le serveur.</p>\n                         <p>Causes probables&nbsp;:</p>\n                         <ol>\n                           <li>Vérifie que tu visites l'adresse du dernier\n                               email reçu s'il y en a eu plusieurs.</li>\n                           <li>Tu as peut-être mal copié l'adresse reçue par\n                               email, vérifie-la à la main.</li>\n                           <li>Tu as peut-être attendu trop longtemps pour\n                               confirmer. Les pré-inscriptions sont annulées\n                               tous les 30 jours.</li>\n                           <li>Tu es en fait déjà inscrit.</li>\n                        </ol>");
     }
     list($uid, $pid, $forlife, $bestalias, $emailXorg2, $password, $email, $services, $birthdate, $lastname, $firstname, $yearpromo, $promo, $sex, $birthdate_ref, $type, $old_account_email) = $res->fetchOneRow();
     $isX = $type == 'x';
     $mail_domain = User::$sub_mail_domains[$type] . $globals->mail->domain;
     // Prepare the template for display.
     $page->changeTpl('register/end.tpl');
     $page->assign('forlife', $forlife);
     $page->assign('firstname', $firstname);
     // Check if the user did enter a valid password; if not (or if none is found),
     // get her an information page.
     if (Post::has('response')) {
         $expected_response = sha1("{$forlife}:{$password}:" . S::v('challenge'));
         if (Post::v('response') != $expected_response) {
             $page->trigError("Mot de passe invalide.");
             S::logger($uid)->log('auth_fail', 'bad password (register/end)');
             return;
         }
     } else {
         return;
     }
     //
     // Create the user account.
     //
     XDB::startTransaction();
     XDB::execute("UPDATE  accounts\n                         SET  password = {?}, state = 'active',\n                              registration_date = NOW(), email = NULL\n                       WHERE  uid = {?}", $password, $uid);
     XDB::execute("UPDATE  profiles\n                         SET  birthdate = {?}, last_change = NOW()\n                       WHERE  pid = {?}", $birthdate, $pid);
     XDB::execute('INSERT INTO  email_source_account (email, uid, type, flags, domain)
                        SELECT  {?}, {?}, \'forlife\', \'\', id
                          FROM  email_virtual_domains
                         WHERE  name = {?}', $forlife, $uid, $mail_domain);
     XDB::execute('INSERT INTO  email_source_account (email, uid, type, flags, domain)
                        SELECT  {?}, {?}, \'alias\', \'bestalias\', id
                          FROM  email_virtual_domains
                         WHERE  name = {?}', $bestalias, $uid, $mail_domain);
     if ($emailXorg2) {
         XDB::execute('INSERT INTO  email_source_account (email, uid, type, flags, domain)
                            SELECT  {?}, {?}, \'alias\', \'\', id
                              FROM  email_virtual_domains
                             WHERE  name = {?}', $emailXorg2, $uid, $mail_domain);
     }
     XDB::commit();
     // Try to start a session (so the user don't have to log in); we will use
     // the password available in Post:: to authenticate the user.
     Platal::session()->start(AUTH_PASSWD);
     // Add the registration email address as first and only redirection.
     require_once 'emails.inc.php';
     $user = User::getSilentWithUID($uid);
     $redirect = new Redirect($user);
     $redirect->add_email($email);
     fix_bestalias($user);
     // If the user was registered to some aliases and MLs, we must change
     // the subscription to her forlife email.
     if ($old_account_email) {
         $listClient = new MMList($user);
         $listClient->change_user_email($old_account_email, $user->forlifeEmail());
         update_alias_user($old_account_email, $user->forlifeEmail());
     }
     // Subscribe the user to the services she did request at registration time.
     require_once 'newsletter.inc.php';
     foreach (explode(',', $services) as $service) {
         switch ($service) {
             case 'ax_letter':
                 /* This option is deprecated by 'com_letters' */
                 NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user);
                 break;
             case 'com_letters':
                 NewsLetter::forGroup(NewsLetter::GROUP_AX)->subscribe($user);
                 NewsLetter::forGroup(NewsLetter::GROUP_EP)->subscribe($user);
                 NewsLetter::forGroup(NewsLetter::GROUP_FX)->subscribe($user);
                 break;
             case 'nl':
                 NewsLetter::forGroup(NewsLetter::GROUP_XORG)->subscribe($user);
                 break;
             case 'imap':
                 Email::activate_storage($user, 'imap', Bogo::IMAP_DEFAULT);
                 break;
             case 'ml_promo':
                 if ($isX) {
                     $r = XDB::query('SELECT id FROM groups WHERE diminutif = {?}', $yearpromo);
                     if ($r->numRows()) {
                         $asso_id = $r->fetchOneCell();
                         XDB::execute('INSERT IGNORE INTO  group_members (uid, asso_id)
                                                   VALUES  ({?}, {?})', $uid, $asso_id);
                         try {
                             MailingList::subscribePromo($yearpromo, $user);
                         } catch (Exception $e) {
                             PlErrorReport::report($e);
                             $page->trigError("L'inscription à la liste promo" . $yearpromo . " a échouée.");
                         }
                     }
                 }
                 break;
         }
     }
     // Log the registration in the user session.
     S::logger($uid)->log('inscription', $email);
     XDB::execute("UPDATE  register_pending\n                         SET  hash = 'INSCRIT'\n                       WHERE  uid = {?}", $uid);
     // Congratulate our newly registered user by email.
     $mymail = new PlMailer('register/success.mail.tpl');
     $mymail->addTo("\"{$user->fullName()}\" <{$user->forlifeEmail()}>");
     if ($isX) {
         $mymail->setSubject('Bienvenue parmi les X sur le web !');
     } else {
         $mymail->setSubject('Bienvenue sur Polytechnique.org !');
     }
     $mymail->assign('forlife', $forlife);
     $mymail->assign('firstname', $firstname);
     $mymail->send();
     // Index the user, to allow her to appear in searches.
     Profile::rebuildSearchTokens($pid);
     // Notify other users which were watching for her arrival.
     XDB::execute('INSERT INTO  contacts (uid, contact)
                        SELECT  uid, {?}
                          FROM  watch_nonins
                         WHERE  ni_id = {?}', $pid, $uid);
     XDB::execute('DELETE FROM  watch_nonins
                         WHERE  ni_id = {?}', $uid);
     Platal::session()->updateNbNotifs();
     // Forcibly register the new user on default forums.
     $registeredForums = array('xorg.general', 'xorg.pa.divers', 'xorg.pa.logements');
     if ($isX) {
         $promoForum = 'xorg.promo.' . strtolower($promo);
         $exists = XDB::fetchOneCell('SELECT  COUNT(*)
                                        FROM  forums
                                       WHERE  name = {?}', $promoForum);
         if ($exists == 0) {
             // Notify the newsgroup admin of the promotion forum needs be created.
             $promoFull = new UserFilter(new UFC_Promo('=', UserFilter::DISPLAY, $promo));
             $promoRegistered = new UserFilter(new PFC_And(new UFC_Promo('=', UserFilter::DISPLAY, $promo), new UFC_Registered(true), new PFC_Not(new UFC_Dead())));
             if ($promoRegistered->getTotalCount() > 0.2 * $promoFull->getTotalCount()) {
                 $mymail = new PlMailer('admin/forums-promo.mail.tpl');
                 $mymail->assign('promo', $promo);
                 $mymail->send();
             }
         } else {
             $registeredForums[] = $promoForum;
         }
     }
     foreach ($registeredForums as $forum) {
         XDB::execute("INSERT INTO  forum_subs (fid, uid)\n                               SELECT  fid, {?}\n                                 FROM  forums\n                                WHERE  name = {?}", $uid, $val);
     }
     // Update the global registration count stats.
     $globals->updateNbIns();
     //
     // Update collateral data sources, and inform watchers by email.
     //
     // Email the referrer(s) of this new user.
     $res = XDB::iterRow("SELECT  sender, GROUP_CONCAT(email SEPARATOR ', ') AS mails, MAX(last) AS lastDate\n                               FROM  register_marketing\n                              WHERE  uid = {?}\n                           GROUP BY  sender\n                           ORDER BY  lastDate DESC", $uid);
     XDB::execute("UPDATE  register_mstats\n                         SET  success = NOW()\n                       WHERE  uid = {?}", $uid);
     $market = array();
     while (list($senderid, $maketingEmails, $lastDate) = $res->next()) {
         $sender = User::getWithUID($senderid);
         $market[] = " - par {$sender->fullName()} sur {$maketingEmails} (le plus récemment le {$lastDate})";
         $mymail = new PlMailer('register/marketer.mail.tpl');
         $mymail->setSubject("{$firstname} {$lastname} s'est inscrit à Polytechnique.org !");
         $mymail->setTo($sender);
         $mymail->assign('sender', $sender);
         $mymail->assign('firstname', $firstname);
         $mymail->assign('lastname', $lastname);
         $mymail->assign('promo', $promo);
         $mymail->assign('sex', $sex);
         $mymail->setTxtBody(wordwrap($msg, 72));
         $mymail->send();
     }
     // Email the plat/al administrators about the registration.
     if ($globals->register->notif) {
         $mymail = new PlMailer('register/registration.mail.tpl');
         $mymail->setSubject("Inscription de {$firstname} {$lastname} ({$promo})");
         $mymail->assign('firstname', $firstname);
         $mymail->assign('lastname', $lastname);
         $mymail->assign('promo', $promo);
         $mymail->assign('sex', $sex);
         $mymail->assign('birthdate', $birthdate);
         $mymail->assign('birthdate_ref', $birthdate_ref);
         $mymail->assign('forlife', $forlife);
         $mymail->assign('email', $email);
         $mymail->assign('logger', S::logger());
         if (count($market) > 0) {
             $mymail->assign('market', implode("\n", $market));
         }
         $mymail->setTxtBody($msg);
         $mymail->send();
     }
     // Remove old pending marketing requests for the new user.
     Marketing::clear($uid);
     pl_redirect('profile/edit');
 }
Пример #5
0
 function handler_edit($page)
 {
     global $globals;
     $user = S::user();
     if (empty($user)) {
         return PL_NOT_FOUND;
     }
     if ($user->type != 'xnet') {
         pl_redirect('index');
     }
     $page->changeTpl('xnet/edit.tpl');
     if (Post::has('change')) {
         S::assert_xsrf_token();
         // Convert user status to X
         if (!Post::blank('login_X')) {
             $forlife = $this->changeLogin($page, $user, Post::t('login_X'));
             if ($forlife) {
                 pl_redirect('index');
             }
         }
         require_once 'emails.inc.php';
         require_once 'name.func.inc.php';
         // Update user info
         $lastname = capitalize_name(Post::t('lastname'));
         $firstname = capitalize_name(Post::t('firstname'));
         $full_name = build_full_name($firstname, $lastname);
         $directory_name = build_directory_name($firstname, $lastname);
         $sort_name = build_sort_name($firstname, $lastname);
         XDB::query('UPDATE  accounts
                        SET  full_name = {?}, directory_name = {?}, sort_name = {?}, display_name = {?},
                             firstname = {?}, lastname = {?}, sex = {?}
                      WHERE  uid = {?}', $full_name, $directory_name, $sort_name, Post::t('display_name'), Post::t('firstname'), Post::t('lastname'), Post::t('sex') == 'male' ? 'male' : 'female', $user->id());
         // Updates email.
         $new_email = strtolower(Post::t('email'));
         if (require_email_update($user, $new_email)) {
             XDB::query('UPDATE  accounts
                                SET  email = {?}
                              WHERE  uid = {?}', $new_email, $user->id());
             $listClient = new MMList(S::user());
             $listClient->change_user_email($user->forlifeEmail(), $new_email);
             update_alias_user($user->forlifeEmail(), $new_email);
         }
         $user = User::getWithUID($user->id());
         S::set('user', $user);
         $page->trigSuccess('Données mises à jour.');
     }
     $page->addJsLink('password.js');
     $page->assign('user', $user);
 }