public function login()
 {
     if (!empty($_POST['login']) && !empty($_POST['password'])) {
         if ($user = User::connect($_POST['login'], $_POST['password'])) {
             $this->redirect($this->getUrl('index'));
         }
     }
     $this->render('administration/login');
 }
Beispiel #2
0
 public function create($request)
 {
     $data = $request->getParameters();
     if (isset($data['submitLogin']) && !Session::isActive()) {
         $is_admin = isset($data['is_admin']) && $data['is_admin'] == 1;
         $username = Utils::secure($data['username']);
         $password = Utils::secure($data['pass']);
         if (User::find_by_username($username)) {
             $user = User::find_by_username($username);
             $current_log_fail = $user->getLogFails();
             if (!$user->isAllowedToAttemptLogin()) {
                 $next_timestamp = $current_log_fail['next_try'];
                 $last_try_timestamp = $current_log_fail['last_try'];
                 $nb_try = $current_log_fail['nb_try'];
                 $next_try_tps = $next_timestamp - Utils::tps();
                 $next_try_min = floor($next_try_tps / 60);
                 $next_try_sec = round($next_try_tps - $next_try_min * 60);
                 $next_try_str = "{$next_try_min} m et {$next_try_sec} s";
                 $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
                 $data['currentPageTitle'] = 'Connexion';
                 $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
                 $response->addMessage(ViewMessage::error($nb_try . " tentatives de connexions à la suite pour ce compte. Veuillez patienter {$next_try_str}"));
                 return $response;
             }
             $realPass = User::find_by_username($username)->getPassword();
             if (password_verify($password, $realPass)) {
                 User::connect($username, 1);
                 $user->resetLogFails();
                 return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT);
             } else {
                 if (sha1($password) == $realPass) {
                     $user->resetLogFails();
                     User::connect($username, 1)->setPassword(password_hash($password, PASSWORD_BCRYPT));
                     return new RedirectResponse($data['redirect'] ? urldecode($data['redirect']) : WEBROOT);
                 }
                 if (!$user->isIntervalBetweenTwoLogAttemptElapsed() || !$current_log_fail) {
                     $user->addLogFail();
                 } else {
                     $user->resetLogFails();
                     $user->addLogFail();
                 }
                 $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
                 $data['currentPageTitle'] = 'Connexion';
                 $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
                 $response->addMessage(ViewMessage::error('Mot de passe incorrect'));
                 return $response;
             }
         } else {
             $data = isset($data['redirect']) ? ['redirect' => $data['redirect']] : [];
             $data['currentPageTitle'] = 'Connexion';
             $response = !$is_admin ? new ViewResponse('login/login', $data) : new ViewResponse('admin/login/login', $data, true, 'layouts/admin_login.php', 401);
             $response->addMessage(ViewMessage::error('Ce nom d\'utilisateur n\'existe pas'));
             return $response;
         }
     }
 }
Beispiel #3
0
<?php

//NB: ce site (si humble soit-il) représente parfaitement les conventions, algorithmies, indentations des normes d'Aouka(à adopter donc)!
$URLTab = explode("/", str_replace($_SERVER["DOCUMENT_ROOT"], "", $_SERVER["SCRIPT_FILENAME"]));
include $_SERVER["DOCUMENT_ROOT"] . "/" . $URLTab[1] . "/" . $URLTab[2] . "/config.php";
if (isset($_POST['userCode']) && isset($_POST['password'])) {
    User::connect($_POST['userCode'], $_POST['password']);
}
include SRV_BASEPATH . "/include/head.php";
include SRV_BASEPATH . "/include/header.php";
if (!User::isConnected()) {
    ?>
	<!-- formulaire d'identification-->
	<form id="FormConnection" method="post">
		<h4>Votre prénom:</h4>
		<input type="text" name="userCode" class="form-control" placeholder="Entre ton prénom">
		<h4>Mot de passe:</h4>
		<input type="password" name="password" class="form-control"/>
		<button type="submit" id="SubmitID" value="envoyer" class="btn btn-default">connection</button>
	</form> <?php 
} else {
    $aUser = User::get();
    ?>
	<nav class="navbar navbar-default navbar-fixed-top">
		<div class="container-fluid">
			<ul class="navbar-header">
				<a href="#" id="GetVotes" class="btn btn-default" role="button">Votez</a>
				<a href="#" id="GetStats" class="btn btn-default" role="button">Vos Stats</a>
				<a href="<?php 
    echo BASEPATH;
    ?>
Beispiel #4
0
// GET route
$app->get('/', function () {
    //instance of User class
    $u = new User();
    $conn = $u->connect();
    $u->createUser($conn, 'milos', 'babic', '1988-04-15', 'Serbia', 'baki', '123', 'a@a.a');
});
// GET rerister/ registration form
$app->get('/register', function () {
    echo "\n        <form action='' method='post'>\n            <label>first name</label><br />\n            <input type='text' name='txt_name' /><br />\n            <label>last name</label><br />\n            <input type='text' name='txt_surname' /><br />\n            <label>date of birth (DD/MM/YYYY)</label><br />\n            <input type='text' name='txt_day' /><input type='text' name='txt_mounth' /><input type='text' name='txt_year' /><br />\n            <label>coutry</label><br />\n            <input type='text' name='txt_country' /><br />\n            <label>username</label><br />\n            <input type='text' name='txt_username' /><br />\n            <label>pasword</label><br />\n            <input type='password' name='txt_pass' /><br />\n            <label>email</label><br />\n            <input type='text' name='txt_email' /><br />\n            <input type='submit' name='btn_register' value='register' />\n        </form>\n        ";
});
// POST route
$app->post('/register', function () {
    //db for later check of existing username
    $u = new User();
    $conn = $u->connect();
    //cehck if some post aprams are missing
    if (empty($_POST['first_name']) || empty($_POST['last_name']) || empty($_POST['date_of_birth']) || empty($_POST['country']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['email'])) {
        returnError('Missing or empty post parameters.');
    }
    //assigning post paramms to variables
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $date_of_birth = $_POST['date_of_birth'];
    $country = $_POST['date_of_birth'];
    $username = $_POST['username'];
    $password = $_POST['password'];
    $email = $_POST['email'];
    //validation fo data
    if (!ctype_alpha($first_name)) {
        returnError('All first_name chars must be english letters.');
Beispiel #5
0
<?php

if (!empty($_POST)) {
    extract($_POST);
    if (empty($username)) {
        $message = "\n\t\t\t<div class=\"alert alert-danger\">\n\t\t\tNom de compte vide.\n\t\t\t</div>";
    } else {
        if (empty($password)) {
            $message = "\n\t\t\t<div class=\"alert alert-danger\">\n\t\t\tMot de passe vide.\n\t\t\t</div>";
        } else {
            $subscribe = new User();
            $subscribe->connect($_POST);
            $message = "\n\t\t\t<div class=\"alert alert-success\">\n\t\t\tConnexion validé !<br/>\n\t\t\tRedirection dans 5secondes.\n\t\t\t</div>";
            echo '<meta http-equiv="refresh" content="5; URL=index.php">';
        }
    }
}
?>
<div class="page-header">
	<h1>Connexion</h1>
	<h5>Merci de vous inscrire avant d'essayer de vous connectez (<a href="index.php?page=inscription">Inscription</a>)</h5>
</div>
<section class="col-md-4 col-md-offset-4">
	<?php 
if (isset($message)) {
    echo $message;
}
?>
	<form class="form-horizontal" role="form" method="POST" action="#">
		<div class="form-group">
	  		<div class="row">
Beispiel #6
0
 public static function searchByQuery($query = false, $page, $limit)
 {
     $conn = parent::connect();
     if ($query == "") {
         return Student::archives($page, $limit);
     }
     $matchedUsers = Skill::getUserIdByQuery($query);
     if (empty($matchedUsers)) {
         return null;
     }
     //concatenate matchedUsers with a comma so it can be used with mysql 'IN'
     $userlist = implode(", ", $matchedUsers);
     $sql = "SELECT * FROM userlist WHERE userID IN ({$userlist});";
     $pp = new OKPager($sql, $limit);
     $pp->conn = $conn;
     $totalRows = $pp->countTotalRows();
     $matches['num_rows'] = $totalRows;
     foreach ($pp->fetchData($page) as $res) {
         $matches['result'][] = new Student($res);
     }
     return $matches;
 }
include_once "/class/User.php";
include_once "/views/include/connexion.php";
if (isset($_POST['submit'])) {
    $login = $_POST['login'];
    $pwd = $_POST['pwd'];
    if (isset($login, $pwd)) {
        if (!empty($login) && !empty($pwd)) {
            //initialisations des variables
            $login = htmlentities($login);
            $password = sha1(htmlentities($pwd));
            $remember = false;
            $user = new User();
            $user->setLogin($login);
            $user->setPassword($password);
            //s'il a coché la case 'remember' on set la variable a true
            if (isset($_POST['remember']) && !empty($_POST['remember'])) {
                $remember = true;
            }
            if ($user->connect($bdd, $remember)) {
                header('Location: ' . $basePath);
            } else {
                echo "<div class='erreur'>Erreur dans le pseudo/mot de passe</div>";
            }
        } else {
            echo "<div class='erreur'>Des champs n'ont pas été remplis !</div>";
        }
    } else {
        echo "<div class='erreur'>Des champs n'ont pas été remplis !</div>";
    }
}
Beispiel #8
0
include_once 'function/bdd.php';
include_once "/class/Security.php";
include_once '/class/User.php';
$basePath = "http://" . $_SERVER["SERVER_NAME"] . "/enote/";
$secu = new Security();
$redirect_connection = "Location: " . $basePath . "?page=connexion";
$view_header = 'views/global/header.php';
$view_footer = 'views/global/footer.php';
$log = 'login';
$passw = 'password';
// si il y a un cookie, on connect l'user.
if (isset($_COOKIE[$log]) && !empty($_COOKIE[$log]) && isset($_COOKIE[$passw]) && !empty($_COOKIE[$passw])) {
    $user = new User();
    $user->setLogin(filter_input(INPUT_COOKIE, $log));
    $user->setPassword(filter_input(INPUT_COOKIE, $passw));
    $user->connect($bdd, true);
    echo "cookie set session";
}
if (isset($_SESSION['user']) && !empty($_SESSION['user'])) {
    $sessionUser = unserialize($_SESSION['user']);
}
// si une page est demandée avec '?p=pageDemandee' (dans l'url)
if (isset($_GET['page']) && !empty($_GET['page']) && preg_match("/^[a-zA-Z0-9-]+\$/i", $_GET['page'])) {
    if (!$secu->logged() && $_GET['page'] != 'connexion') {
        header($redirect_connection);
    }
    $p = htmlspecialchars(htmlentities($_GET['page']));
    // Vérifie si le fichier existe avant inclusion
    if (file_exists('controller/' . $p . 'Controller.php')) {
        // Inclusion de l'entete de la page
        include_once $view_header;