public function login() { if (!empty($_POST['login']) && !empty($_POST['password'])) { if ($user = User::connect($_POST['login'], $_POST['password'])) { $this->redirect($this->getUrl('index')); } } $this->render('administration/login'); }
public function create($request) { $data = $request->getParameters(); if (isset($data['submitLogin']) && !Session::isActive()) { $is_admin = isset($data['is_admin']) && $data['is_admin'] == 1; $username = Utils::secure($data['username']); $password = Utils::secure($data['pass']); if (User::find_by_username($username)) { $user = User::find_by_username($username); $current_log_fail = $user->getLogFails(); if (!$user->isAllowedToAttemptLogin()) { $next_timestamp = $current_log_fail['next_try']; $last_try_timestamp = $current_log_fail['last_try']; $nb_try = $current_log_fail['nb_try']; $next_try_tps = $next_timestamp - Utils::tps(); $next_try_min = floor($next_try_tps / 60); $next_try_sec = round($next_try_tps - $next_try_min * 60); $next_try_str = "{$next_try_min} m et {$next_try_sec} s"; $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error($nb_try . " tentatives de connexions à la suite pour ce compte. Veuillez patienter {$next_try_str}")); return $response; } $realPass = User::find_by_username($username)->getPassword(); if (password_verify($password, $realPass)) { User::connect($username, 1); $user->resetLogFails(); return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT); } else { if (sha1($password) == $realPass) { $user->resetLogFails(); User::connect($username, 1)->setPassword(password_hash($password, PASSWORD_BCRYPT)); return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT); } if (!$user->isIntervalBetweenTwoLogAttemptElapsed() || !$current_log_fail) { $user->addLogFail(); } else { $user->resetLogFails(); $user->addLogFail(); } $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error('Mot de passe incorrect')); return $response; } } else { $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : []; $data['currentPageTitle'] = 'Connexion'; $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401); $response->addMessage(ViewMessage::error('Ce nom d\'utilisateur n\'existe pas')); return $response; } } }
<?php //NB: ce site (si humble soit-il) représente parfaitement les conventions, algorithmies, indentations des normes d'Aouka(à adopter donc)! $URLTab = explode("/", str_replace($_SERVER["DOCUMENT_ROOT"], "", $_SERVER["SCRIPT_FILENAME"])); include $_SERVER["DOCUMENT_ROOT"] . "/" . $URLTab[1] . "/" . $URLTab[2] . "/config.php"; if (isset($_POST['userCode']) && isset($_POST['password'])) { User::connect($_POST['userCode'], $_POST['password']); } include SRV_BASEPATH . "/include/head.php"; include SRV_BASEPATH . "/include/header.php"; if (!User::isConnected()) { ?> <!-- formulaire d'identification--> <form id="FormConnection" method="post"> <h4>Votre prénom:</h4> <input type="text" name="userCode" class="form-control" placeholder="Entre ton prénom"> <h4>Mot de passe:</h4> <input type="password" name="password" class="form-control"/> <button type="submit" id="SubmitID" value="envoyer" class="btn btn-default">connection</button> </form> <?php } else { $aUser = User::get(); ?> <nav class="navbar navbar-default navbar-fixed-top"> <div class="container-fluid"> <ul class="navbar-header"> <a href="#" id="GetVotes" class="btn btn-default" role="button">Votez</a> <a href="#" id="GetStats" class="btn btn-default" role="button">Vos Stats</a> <a href="<?php echo BASEPATH; ?>
// GET route $app->get('/', function () { //instance of User class $u = new User(); $conn = $u->connect(); $u->createUser($conn, 'milos', 'babic', '1988-04-15', 'Serbia', 'baki', '123', 'a@a.a'); }); // GET rerister/ registration form $app->get('/register', function () { echo "\n <form action='' method='post'>\n <label>first name</label><br />\n <input type='text' name='txt_name' /><br />\n <label>last name</label><br />\n <input type='text' name='txt_surname' /><br />\n <label>date of birth (DD/MM/YYYY)</label><br />\n <input type='text' name='txt_day' /><input type='text' name='txt_mounth' /><input type='text' name='txt_year' /><br />\n <label>coutry</label><br />\n <input type='text' name='txt_country' /><br />\n <label>username</label><br />\n <input type='text' name='txt_username' /><br />\n <label>pasword</label><br />\n <input type='password' name='txt_pass' /><br />\n <label>email</label><br />\n <input type='text' name='txt_email' /><br />\n <input type='submit' name='btn_register' value='register' />\n </form>\n "; }); // POST route $app->post('/register', function () { //db for later check of existing username $u = new User(); $conn = $u->connect(); //cehck if some post aprams are missing if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['date_of_birth']) || empty($_POST['country']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) { returnError('Missing or empty post parameters.'); } //assigning post paramms to variables $first_name = $_POST['first_name']; $last_name = $_POST['last_name']; $date_of_birth = $_POST['date_of_birth']; $country = $_POST['date_of_birth']; $username = $_POST['username']; $password = $_POST['password']; $email = $_POST['email']; //validation fo data if (!ctype_alpha($first_name)) { returnError('All first_name chars must be english letters.');
<?php if (!empty($_POST)) { extract($_POST); if (empty($username)) { $message = "\n\t\t\t<div class=\"alert alert-danger\">\n\t\t\tNom de compte vide.\n\t\t\t</div>"; } else { if (empty($password)) { $message = "\n\t\t\t<div class=\"alert alert-danger\">\n\t\t\tMot de passe vide.\n\t\t\t</div>"; } else { $subscribe = new User(); $subscribe->connect($_POST); $message = "\n\t\t\t<div class=\"alert alert-success\">\n\t\t\tConnexion validé !<br/>\n\t\t\tRedirection dans 5secondes.\n\t\t\t</div>"; echo '<meta http-equiv="refresh" content="5; URL=index.php">'; } } } ?> <div class="page-header"> <h1>Connexion</h1> <h5>Merci de vous inscrire avant d'essayer de vous connectez (<a href="index.php?page=inscription">Inscription</a>)</h5> </div> <section class="col-md-4 col-md-offset-4"> <?php if (isset($message)) { echo $message; } ?> <form class="form-horizontal" role="form" method="POST" action="#"> <div class="form-group"> <div class="row">
public static function searchByQuery($query = false, $page, $limit) { $conn = parent::connect(); if ($query == "") { return Student::archives($page, $limit); } $matchedUsers = Skill::getUserIdByQuery($query); if (empty($matchedUsers)) { return null; } //concatenate matchedUsers with a comma so it can be used with mysql 'IN' $userlist = implode(", ", $matchedUsers); $sql = "SELECT * FROM userlist WHERE userID IN ({$userlist});"; $pp = new OKPager($sql, $limit); $pp->conn = $conn; $totalRows = $pp->countTotalRows(); $matches['num_rows'] = $totalRows; foreach ($pp->fetchData($page) as $res) { $matches['result'][] = new Student($res); } return $matches; }
include_once "/class/User.php"; include_once "/views/include/connexion.php"; if (isset($_POST['submit'])) { $login = $_POST['login']; $pwd = $_POST['pwd']; if (isset($login, $pwd)) { if (!empty($login) && !empty($pwd)) { //initialisations des variables $login = htmlentities($login); $password = sha1(htmlentities($pwd)); $remember = false; $user = new User(); $user->setLogin($login); $user->setPassword($password); //s'il a coché la case 'remember' on set la variable a true if (isset($_POST['remember']) && !empty($_POST['remember'])) { $remember = true; } if ($user->connect($bdd, $remember)) { header('Location: ' . $basePath); } else { echo "<div class='erreur'>Erreur dans le pseudo/mot de passe</div>"; } } else { echo "<div class='erreur'>Des champs n'ont pas été remplis !</div>"; } } else { echo "<div class='erreur'>Des champs n'ont pas été remplis !</div>"; } }
include_once 'function/bdd.php'; include_once "/class/Security.php"; include_once '/class/User.php'; $basePath = "http://" . $_SERVER["SERVER_NAME"] . "/enote/"; $secu = new Security(); $redirect_connection = "Location: " . $basePath . "?page=connexion"; $view_header = 'views/global/header.php'; $view_footer = 'views/global/footer.php'; $log = 'login'; $passw = 'password'; // si il y a un cookie, on connect l'user. if (isset($_COOKIE[$log]) && !empty($_COOKIE[$log]) && isset($_COOKIE[$passw]) && !empty($_COOKIE[$passw])) { $user = new User(); $user->setLogin(filter_input(INPUT_COOKIE, $log)); $user->setPassword(filter_input(INPUT_COOKIE, $passw)); $user->connect($bdd, true); echo "cookie set session"; } if (isset($_SESSION['user']) && !empty($_SESSION['user'])) { $sessionUser = unserialize($_SESSION['user']); } // si une page est demandée avec '?p=pageDemandee' (dans l'url) if (isset($_GET['page']) && !empty($_GET['page']) && preg_match("/^[a-zA-Z0-9-]+\$/i", $_GET['page'])) { if (!$secu->logged() && $_GET['page'] != 'connexion') { header($redirect_connection); } $p = htmlspecialchars(htmlentities($_GET['page'])); // Vérifie si le fichier existe avant inclusion if (file_exists('controller/' . $p . 'Controller.php')) { // Inclusion de l'entete de la page include_once $view_header;