Premier commit pour la reprise du site

.gitignore

+/nbproject/private/
+*~
+messages.pot
+locales/es_ES/LC_MESSAGES/messages.mo
+locales/de_DE/LC_MESSAGES/messages.mo
+locales/en_US/LC_MESSAGES/messages.mo
+locales/fr_FR/LC_MESSAGES/messages.mo
+locales/it_IT/LC_MESSAGES/messages.mo
+/.tx/
+#images/logo-lqdn-2.png
+static/images/logo-lqdn.png
+images/ids/
+images/logo-[0-9]*.png
+images/banner1.png
+images/banner_fr_FR.png
+images/banner_en_US.png
+videos/
+admin/.htaccess
+admin/.htpasswd
+pplome.*
+*.log
+tmp/*
+admin/tmp/*
+piplomes/
+CACHE/
+vendor/
+pdf/
+/phinx.yml
+/app/env
+
+tests/_output/*
+/var/log/*
+!/var/log/.gitkeep
+/.php_cs.cache

.gitlab-ci.yml

+before_script:
+  - '[[ -d /srv/soutien/ ]] || mkdir -p /srv/soutien/'
+  - 'which git || (apt-get update -yq && apt-get install git -yqq)'
+stages:
+  - test
+  - cleanup_test
+  - deploy
+
+job test:
+  stage: test
+  variables:
+    SQL_HOST: "localhost"
+    SQL_PORT: "3306"
+    SQL_DATABASE: "test_$CI_BUILD_REF"
+    SQL_USER: "soutien"
+    SQL_PASSWORD: "soutien"
+    PHINX_PASSWORD: "$SQL_PASSWORD"
+    PHINX_USER: "$SQL_USER"
+    PHINX_DATABASE: "test_$CI_BUILD_REF"
+    PHINX_HOST: "$SQL_HOST"
+    PHINX_PORT: "$SQL_PORT"
+    SYSADMIN: "gitlab@email.com"
+    FDNNURL1: "https://secure.fd2n.org/fd2n/cb"
+    FDNNURL2: "https://secure.fdn2.org/fdn2/don"
+    BASE_DOMAIN: "dev.laquadrature.net"
+    SITE_ID: "XXXXXXXX"
+    CERTIFICATE: "XXXXXXXXXXXXXXXXXXXXXXXXx"
+    CTX_MODE: "TEST"
+    PIPLOME_PATH: "/var/www/site/pdf/"
+    PIPLOME_URL: "https://www.laquadrature.net/pdf/"
+    CAMPAIGN_START_DATE: "2016-11-10"
+    CAMPAIGN_BUDGET: "321000"
+    LOGS: "./"
+    SMTP_HOST: "smtp.example.com"
+    SMTP_PORT: "25"
+    SMTP_SECURITY: "none"
+    SMTP_USER: "user"
+    SMTP_PW: "password"
+    DEBUG: "0"
+    ENV: "test"
+  script:
+    - echo "SQL_PASSWORD=${SQL_PASSWORD}" > app/env
+    - echo "SQL_USER=${SQL_USER}" >> app/env
+    - echo "SQL_DATABASE=${SQL_DATABASE}" >> app/env
+    - make install
+    - make server-start
+    - make test
+    - make server-stop
+    - mysql -u $SQL_USER -p$SQL_PASSWORD -e "DROP DATABASE $SQL_DATABASE"
+  tags:
+    - preprod
+
+cleanup test:
+  stage: cleanup_test
+  variables:
+    SQL_DATABASE: "test_$CI_BUILD_REF"
+    SQL_USER: "soutien"
+    SQL_PASSWORD: "soutien"
+  script:
+    - make server-stop
+    - mysql -u $SQL_USER -p$SQL_PASSWORD -e "DROP DATABASE $SQL_DATABASE"
+  when: on_failure
+  tags:
+    - preprod
+
+job install:
+  stage: deploy
+  environment: preprod
+  variables:
+    PHINX_ENVIRONMENT: "development"
+  script:
+    - chmod a+x ci/install.sh
+    - ./ci/install.sh
+  stage: deploy
+  tags:
+    - preprod
+  only:
+    - preprod
+
+job deploy:
+  stage: deploy
+  environment: production
+  variables:
+    PHINX_ENVIRONMENT: "production"
+  script:
+    - chmod a+x ci/install.sh
+    - ./ci/install.sh
+  stage: deploy
+  tags:
+    - prod
+  only:
+    - master

.htaccess

+# Enable rewrite engine and route requests to framework
+RewriteEngine On
+
+# Some servers require you to specify the `RewriteBase` directive
+# In such cases, it should be the path (relative to the document root)
+# containing this .htaccess file
+#
+# RewriteBase /
+
+# HTTPS for the people
+#RewriteCond %{HTTPS} off
+#RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]
+
+RewriteCond %{REQUEST_URI} \.ini$
+RewriteRule \.ini$ - [R=404]
+
+RewriteCond %{REQUEST_FILENAME} !-l
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule .* index.php [L,QSA]
+RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

.php_cs

+<?php
+
+$finder = PhpCsFixer\Finder::create()
+    ->files()
+    ->name('*.php')
+    ->ignoreDotFiles(true)
+    ->ignoreVCS(true)
+    ->in(__DIR__)
+    ->exclude('campaigns')
+    ->exclude('ci')
+    ->exclude('db')
+    ->exclude('locales')
+    ->exclude('static')
+    ->exclude('templates')
+    ->exclude('tests')
+    ->exclude('tex')
+    ->exclude('tmp')
+    ->exclude('vendor')
+    ->exclude('_support')
+;
+
+return PhpCsFixer\Config::create()
+    ->setRules([
+        '@PSR2' => true
+    ])
+    ->setUsingCache(true)
+    ->setFinder($finder)
+;

Makefile

+.PHONY: help doctor install reset-db translations
+.DEFAULT_GOAL := help
+
+ifeq ($(shell test -e app/env && echo -n yes),yes)
+include app/env
+export $(shell sed 's/=.*//' app/env)
+endif
+
+MYSQL_CONNECTION_STRING = -h$(SQL_HOST) -u$(SQL_USER)
+ifdef SQL_PASSWORD
+	MYSQL_CONNECTION_STRING += -p$(SQL_PASSWORD)
+endif
+
+help:
+	@echo "\033[33mUsage:\033[0m"
+	@echo "  make [command]"
+	@echo ""
+	@echo "\033[33mAvailable commands:\033[0m"
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' Makefile | sort \
+		| awk 'BEGIN {FS = ":.*?## "}; {printf "  \033[32m%s\033[0m___%s\n", $$1, $$2}' | column -ts___
+
+doctor: ## Check that everything is installed to use this application
+	@echo "\033[1m\033[36m==> Check required dependencies\033[0m\033[21m"
+	@which composer >/dev/null 2>&1 && echo "\033[32mcomposer installed\033[0m" || echo "\033[31mcomposer not installed\033[0m"
+	@which mysql >/dev/null 2>&1 && echo "\033[32mmysql installed\033[0m" || echo "\033[31mmysql not installed\033[0m"
+	@echo "\033[1m\033[36m==> Check configuration\033[0m\033[21m"
+	@test -s ./app/env && echo "\033[32mEnvironment config OK\033[0m" || echo "\033[31mYou need to copy app/env.sample to app/env in order to configure your application.\033[0m"
+	@test -s ./app/config.php && echo "\033[32mConfiguration OK\033[0m" || echo "\033[31mYou need to copy app/config.php.sample to app/config.php in order to configure your application.\033[0m"
+	@echo "\033[1m\033[36m==> Check optional dependencies\033[0m\033[21m"
+	@which msgmerge >/dev/null 2>&1 && echo "\033[32mmsgmerge installed\033[0m" || echo "\033[31mmsgmerge not installed\033[0m"
+	@which msgfmt >/dev/null 2>&1 && echo "\033[32mmsgfmt installed\033[0m" || echo "\033[31mmsgfmt not installed\033[0m"
+	@which xgettext >/dev/null 2>&1 && echo "\033[32mxgettext installed\033[0m" || echo "\033[31mxgettext not installed\033[0m"
+	@which pdftk >/dev/null 2>&1 && echo "\033[32mpdftk installed\033[0m" || echo "\033[31mpdftk not installed\033[0m"
+
+install: ## Install the application
+	@echo "\033[1m\033[36m==> Install Composer dependencies\033[0m\033[21m"
+	@composer -n install
+
+reset-db: ## Install or re-install the DB
+	@echo "\033[1m\033[36m==> Drop database "$(SQL_DATABASE)" if it already exists\033[0m\033[21m"
+	mysql $(MYSQL_CONNECTION_STRING) -e "DROP DATABASE IF EXISTS $(SQL_DATABASE)"
+	@echo "\033[1m\033[36m==> Create database "$(SQL_DATABASE)"\033[0m\033[21m"
+	@mysql $(MYSQL_CONNECTION_STRING) -e "CREATE DATABASE $(SQL_DATABASE)"
+	@echo "\033[1m\033[36m==> Create schema\033[0m\033[21m"
+	@php vendor/bin/phinx migrate -c app/Resources/phinx.yml
+	@echo "\033[1m\033[36m==> Loading fixtures\033[0m\033[21m"
+	@php vendor/bin/phinx seed:run -c app/Resources/phinx.yml -s AdminSeeder -s UserSeeder -s AddressSeeder -s CounterpartSeeder -s DonationSeeder
+
+test: test-functional test-acceptance cs-lint ## Launch tests
+
+test-acceptance: ## Launch functional tests.
+	@$(MAKE) reset-db
+	@./vendor/bin/codecept run acceptance
+
+test-functional: ## Launch functional tests.
+	@$(MAKE) reset-db
+	@./vendor/bin/codecept run functional
+
+server-start: server-stop ## Launch a local server
+	@php -S 127.0.0.1:8000 >> ./var/log/server.log &
+	@echo "\033[32mServer running. (http://127.0.0.1:8000)\033[0m"
+
+server-stop: ## Stop local server if running
+	@ps -aux | grep "[p]hp -S 127.0.0.1:8000" | grep -v grep | awk '{print $$2}' | xargs -r -n 1 kill
+	@echo "\033[32mServer stopped. (http://127.0.0.1:8000)\033[0m"
+
+cs-fix: ## Fix CS
+	@vendor/bin/php-cs-fixer fix
+
+cs-lint: ## Lint
+	@vendor/bin/php-cs-fixer fix --dry-run
+
+translations: locales/fr_FR/LC_MESSAGES/messages.mo locales/en_US/LC_MESSAGES/messages.mo ## Generate translations
+
+messages.pot: app/*.php templates/*/*.html
+	[ -r $@ ] || touch $@
+	xgettext --package-name=LQDNCampaign --package-version=2016.1 --force-po -o $@ --keyword=__ --keyword=_  --from-code=UTF-8 $^
+
+locales/%/LC_MESSAGES/messages.po: messages.pot
+	msgmerge -v -U $@ $^
+
+locales/fr_FR/LC_MESSAGES/messages.mo: locales/fr_FR/LC_MESSAGES/messages.po
+	msgfmt $^ -o $@
+
+locales/en_US/LC_MESSAGES/messages.mo: locales/en_US/LC_MESSAGES/messages.po
+	msgfmt $^ -o $@

README.md

+# LQDN soutien
+
+## Installation
+
+In order to install this project, run `make doctor` to check that everything is fine.
+
+Then you can run `make install` to install the project. Follow instructions if needed.
+To install the DB, you need to run `make reset-db` (it will remove your local DB if it exists).
+
+Once everything if fine, you can run a simple PHP server with `make server-start`
+
+You have those accounts to test:
+
+* alice@example.org / password
+* bob@example.org / password
+
+To access to the admin (`/admin`) use `admin`/`password`
+
+## Contributing
+
+Before submitting a PR, makes sure tests are OK: `make test`

app/Campaign.php

+<?php
+
+class Campaign extends Controller
+{
+    /*
+    Page principale du site
+     */
+    public function beforeRoute($f3, $args)
+    {
+        parent::beforeRoute($f3, $args);
+
+        // Valeur par défaut du bloc de contenu
+        $f3->set('block_content', 'campaign/empty.html');
+
+        // Get the database
+        $f3->set('SESSION.errors', []);
+    }
+
+    public function afterRoute($f3, $args)
+    {
+        parent::afterRoute($f3, $args);
+        // Rendu HTML de la page
+        echo Template::instance()->render('campaign/base.html');
+    }
+
+    public static function show($f3, $args)
+    {
+        // Let's do some math first
+        // So, get the $db
+        $db = $f3->get('DB');
+        // Number of month left for a one-year provisionning since CAMPAIGN_START_DATE
+        $now = new DateTime('now');
+        $start = new DateTime(CAMPAIGN_START_DATE);
+        if ($start > $now) {
+            $months = 0;
+        } else {
+            $months = $now->diff($start)->m;
+        }
+        $total_confirmed = 0;
+        $total_provisional = 0;
+        // So now, let's get the amount of confirmed dons, which are all the 1, 4, 101 and 102
+        // statuses since CAMPAIGN_START_DATE
+        $result = $db->query("SELECT SUM(somme)
+            AS total_confirmed
+            FROM dons
+            WHERE status IN (1, 4, 102)
+                AND datec > '".CAMPAIGN_START_DATE."'"
+            );
+        $total_confirmed = intval($result->fetchColumn());
+        $f3->set('total_confirmed', $total_confirmed);
+        // Now, provisional. All reccuring pledge who have a datec in the last month (still active)
+        // multiplied by the number of remaining month
+        $result = $db->query("SELECT
+            SUM(a.somme) AS total_provisional
+            FROM (SELECT sum(somme) as somme
+                FROM dons
+                WHERE datec >= (CURRENT_DATE() - INTERVAL 1 MONTH)
+                AND status IN (101, 102)
+                GROUP BY identifier
+            ) a");
+        // How many month till the end of the year. Also, only 80% of them
+        $total_provisional = intval($result->fetchColumn()) * (12 - $months);
+        $f3->set('total_provisional', $total_provisional);
+        // Now, let's calculate the percentage of each of them
+        $campaign_goal = CAMPAIGN_BUDGET;
+        $percent_confirmed = number_format($total_confirmed * 100 / $campaign_goal);
+        $f3->set('percent_confirmed', $percent_confirmed);
+        $percent_provisional = number_format($total_provisional * 100 / $campaign_goal);
+        $f3->set('percent_provisional', $percent_provisional);
+        $f3->set('block_content', 'campaign/home.html');
+    }
+
+    // Page d'attente
+    public function wait($f3)
+    {
+        echo Template::instance()->render('campaign/wait.html');
+        exit;
+    }
+
+    // Que fait la Quadrature ?
+    public function what($f3)
+    {
+        $f3->set('block_content', 'campaign/what.html');
+    }
+
+    // Comment fonctionne la Quadrature ?
+    public function who($f3)
+    {
+        $f3->set('block_content', 'campaign/who.html');
+    }
+
+    // À quoi servent les dons ?
+    public function why($f3)
+    {
+        $f3->set('block_content', 'campaign/why.html');
+    }
+
+    // FAQ donateurs
+    public function faq($f3)
+    {
+        $f3->set('block_content', 'campaign/faq.html');
+    }
+
+    // Matériel de campagne
+    public function material($f3)
+    {
+        // On n'a que des bannières fr et en
+        if ($f3->get('lang_short')!='fr') {
+            $f3->set('lang_short', 'en');
+        }
+        $f3->set('block_content', 'campaign/material.html');
+    }
+
+    public function merci($f3)
+    {
+        $f3->set('form_visible', 'merci');
+        $f3->set('block_content', 'campaign/home.html');
+    }
+
+    // Don
+    public function donate($f3, $args)
+    {
+        // First, let's validate that all the required data exists
+        $sum = $f3->get('amount');
+        if ($f3->get('amount_other') != '') {
+            $sum = $f3->get('amount_other');
+        }
+
+        $f3->set('amount', $sum);
+
+        $status = 0;
+        $f3->set('monthly', $f3->get('monthly'));
+        if ($f3->get('monthly') == "true") {
+            $status = 100;
+        }
+
+        $cumul_id = 0;
+        $db = $f3->get('DB');
+        // Si l'utilisateur est déjà connecté, on le récupère
+        if ($f3->get('SESSION.user', true)) {
+            $user = $db->query("SELECT * FROM users WHERE id = ".$f3->get('SESSION.id'));
+            $user = $user->fetch(PDO::FETCH_ASSOC);
+            $email = $user['email'];
+            $user_id = $user['id'];
+            $cumul_id = $user['cumul'];
+        } else {
+            // Depuis les dons cumulés, on recherche d'abord si le donateur existe déjà (basé sur son email)
+            $email = Utils::asl($f3->get('email'));
+            $hash = hash('sha256', $f3->get('password'));
+
+            $sql = "SELECT id FROM users WHERE email = '".Utils::asl($email)."';";
+            $result = $db->query($sql);
+
+            if ($result->fetchColumn() > 0) {
+                // We have an existing user, we should try to login with the provided password
+                // or 403.
+                $mapper = new DB\SQL\Mapper($f3->get('DB'), 'users');
+                $auth = new \Auth($mapper, array('id' => 'email', 'pw' => 'hash'));
+                $login = $auth->login($email, $hash);
+                if (!$login) {
+                    $f3->error(403);
+                } else {
+                    $result = $db->query("SELECT id, cumul FROM users WHERE email = '".Utils::asl($email)."'");
+                    $user = $result->fetch(PDO::FETCH_ASSOC);
+                    $user_id = $user['id'];
+                    $cumul_id = $user['cumul'];
+                }
+            } else {
+                // The user does not exist, so let's create it
+                $result = $db->query("INSERT INTO users (pseudo, email, hash)
+					VALUES ('".$f3->get('pseudo')."', '$email', '$hash')");
+                $user_id = $db->lastInsertId();
+            }
+        }
+        $sql = "INSERT INTO dons SET
+			status = '".$status."',
+			datec  = NOW(),
+			somme  = '".$sum."',
+			user_id  = '".$user_id."',
+			public = '".intval($f3->get('public'))."',
+			cumul  = '".intval($cumul_id)."';";
+
+        $db->query($sql);
+        $id = $db->lastInsertId();
+        if (!$id) {
+            //TODO: Test this part
+            @mail(SYSADMIN, 'LQDN Don, bug Mysql');
+            $errno = 7;
+        }
+        setcookie("donlqdn", md5("SALT!!!".$id."!!!"), 86400, "/");
+
+        $target = "https://paiement.systempay.fr/vads-payment/";
+        $transaction_date = new DateTime('now', new DateTimeZone("UTC"));
+        $params = array(
+            // Champs obligatoires
+            "vads_trans_date" => $transaction_date->format("YmdHis"),
+            "vads_site_id" => SITE_ID,
+            "vads_action_mode" => "INTERACTIVE",
+            "vads_ctx_mode" => CTX_MODE,
+            // Autres codes possibles (page 16)
+            "vads_trans_id" => str_repeat("0", 6-strlen($id)).$id,
+            "vads_version" => "V2",
+            // Champs facultatifs
+            "vads_language" => $f3->get('lang'),
+            "vads_order_id" => $id,
+            "vads_url_cancel" => ROOTURL,
+            "vads_url_check" => "",
+            "vads_url_error" => ROOTURL,
+            "vads_url_referral" => ROOTURL,
+            "vads_url_refused" => ROOTURL,
+            "vads_url_return" => ROOTURL . "/merci",
+            "vads_url_success" => ROOTURL,
+            "vads_validation_mode" => "0",
+            "vads_shop_name" => "La Quadrature du Net",
+            "vads_shop_url" => ROOTURL
+        );
+        if ($f3->get('monthly') == "true") {
+            // En cas de paiement récurrent, on doit créer un compte carte si ce n'est pas déjà fait
+            $identifier = "";
+            $identifier = $id . "_" . substr($email, 0, strpos($email, '@'));
+            $db->query("UPDATE dons SET identifier = '".$identifier."' WHERE id = '".$id."'");
+            $db->query("INSERT INTO identifiers (identifier, user_id) VALUES ('". $identifier ."','" .$user_id ."')");
+            $params["vads_identifier"] = substr($identifier, 0, 50); // Pas plus de 50 caractères
+            $params["vads_page_action"] = "REGISTER_SUBSCRIBE";
+            $params["vads_cust_email"] = $email; // Email du porteur
+            $params["vads_sub_effect_date"] = date("Ymd"); // Date d'effet à ce jour
+            $params["vads_sub_amount"] = $sum*100;
+            $params["vads_sub_currency"] = "978";
+            $params["vads_sub_desc"] = "RRULE:FREQ=MONTHLY;BYMONTHDAY=7"; // Tous les 7 du mois
+        } else {
+            // En cas de paiement ponctuel, le montant est donné différemment
+            $params["vads_page_action"] = "PAYMENT";
+            $params["vads_amount"] = $sum*100;
+            $params["vads_currency"] = "978";
+            $params["vads_payment_config"] = "SINGLE";
+        }
+        // Calcul de la signature
+        ksort($params);
+        $signature = "";
+        foreach ($params as $key=>$value) {
+            $signature .= $value."+";
+        }
+        $signature .= CERTIFICATE;
+        $signature = sha1($signature);
+        $params["signature"] = $signature;
+
+        $f3->set('target', $target);
+        $f3->set('vads_params', $params);
+        $f3->set('signature', $signature);
+
+        // Log des informations envoyées pour debug en cas de souci
+        $don_log = new Log('dons.log');
+        $don_log->write('target : '. $target);
+        $don_log->write('params : ');
+        foreach ($params as $key=>$value) {
+            $don_log->write($key.' : '.$value);
+        }
+        $don_log->write('signature : '. $signature);
+        $f3->set('form_visible', 'vads');
+        Campaign::show($f3, $args);
+    }
+};

app/Controller.php

+<?php
+
+class Controller
+{
+    // Constructeur
+    public function __construct()
+    {
+        $f3=Base::instance();
+    }
+
+    // Fonction appelée avant routage
+    public function beforeRoute($f3, $args)
+    {
+        if (php_sapi_name() == 'cli') {
+            $HTTP_HOST = 'localhost';
+        } else {
+            $HTTP_HOST = $_SERVER['HTTP_HOST'];
+        }