public function logoff()
 {
     $authManager = new \W\Security\AuthentificationManager();
     $authManager->logUserOut();
     // on se déconnecte, on retourne à l'accueil
     $this->redirectToRoute('home');
 }
Beispiel #2
0
 /**
  * Création d'un utilisateur
  */
 public function create()
 {
     function securise($string)
     {
         if (ctype_digit($string)) {
             $string = intval($string);
         } else {
             $string = mysql_real_escape_string($string);
             $string = addcslashes($string, '%_');
             $string = htmlspecialchars($string);
         }
         return $string;
     }
     if (isset($_POST['page_name']) && isset($_POST['passwrd']) && isset($_POST['mail']) && !empty($_POST['page_name']) && !empty($_POST['passwrd']) && !empty($_POST['mail'])) {
         // Si on a toutes les infos
         $pagename = securise($_POST['page_name']);
         $passwrd = securise($_POST['passwrd']);
         $mail = securise($_POST['mail']);
         $usersManager = new \Manager\UsersManager();
         $usersManager->insert(['page_name' => $pagename, 'passwrd' => password_hash($passwrd, PASSWORD_DEFAULT), 'mail' => $mail]);
         $userSession = new \W\Security\AuthentificationManager();
         $userSession->logUserIn($user);
         $usersManager = new \Manager\UsersManager();
         $user = $usersManager->find($userId);
         unset($user['password']);
         // on instancie les datas de base en DB
         $userID = $user['id'];
         $name = 'avatar_1';
         $value = 'gergregegregergegregregregrege';
         $initdata = new \Manager\OptionsManager();
         $initdata->insertInit($userID, $name, $value);
     }
     $this->redirectToRoute('backoffice');
 }
Beispiel #3
0
 public function check()
 {
     $authentificationManager = new \W\Security\AuthentificationManager();
     $loggedUser = $authentificationManager->getLoggedUser();
     //si l'utilisateur est déjà connecté...
     if ($loggedUser) {
         return true;
     }
     //si on a un cookie de w_remember_me
     if (!empty($_COOKIE['kikala_remember_me'])) {
         //check en base de données que les données sont les bonnes
         $cookieData = json_decode($_COOKIE['kikala_remember_me'], true);
         $userManager = new \Manager\UserManager();
         $user = $userManager->find($cookieData['id']);
         //si le hash du cookie verifie le hash en bdd
         if (password_verify($cookieData['token'], $user['tokenCookie'])) {
             $authentificationManager->logUserIn($user);
             return true;
         } else {
             //efface le cookie erroné
             setcookie('kikala_remember_me', '', 0, '/');
             return false;
         }
     }
     return false;
 }
Beispiel #4
0
 public function mailPasswordRecovery($token, $id)
 {
     unset($_SESSION['error']);
     if (isset($token) && isset($id)) {
         $usermanager = new \Manager\UserManager();
         $auth = new \W\Security\AuthentificationManager();
         $user = $usermanager->find($id);
         $tokenVerif = $user['token'];
         if (password_verify($token, $tokenVerif)) {
             $usermanager->update(['token' => '', 'token_timestamp' => 0], $id);
             $auth->logUserIn($user);
             $_SESSION['error']['forgetpassword'] = "******";
             $this->show('user/changepassword', ['id' => $id]);
         } else {
             $_SESSION['error']['forgetpassword'] = "******";
         }
     } else {
         $_SESSION['error']['forgetpassword'] = "******";
     }
     $this->show('default/home');
 }
Beispiel #5
0
function confirmAccount($token, $subscription)
{
    //die(time().'---'.$token.'---->'.$subscription);
    if ($token != 0 && time() < $token && $subscription == 0) {
        $response[0] = true;
        $response[1] = "Log correct but please check your mail for confirmation's account !";
    } else {
        if ($token != 0 && time() > $token && $subscription == 0) {
            $usermanager = new \Manager\UserManager();
            $auth = new \W\Security\AuthentificationManager();
            $usermanager->delete($_SESSION['user']['id']);
            $auth->logUserOut();
            setcookie("auth", "", time() - 3600, '/', 'localhost', false, true);
            $response[0] = false;
            $response[1] = "Your account don't confirm during 3 days so I deleted it Mother F****r!";
        } else {
            $response[0] = true;
            $response[1] = "Log correct !";
        }
    }
    return $response;
}
 /**
  * Page Inscription d'une formation
  */
 public function manageInscriptions()
 {
     $message = array();
     // inscription à une formation
     // si l'utilisateur n'est pas connecté => Message d'erreur : il faut se connecter pour s'inscrire
     $authentificationManager = new \W\Security\AuthentificationManager();
     if (!$authentificationManager->getLoggedUser()) {
         $message[] = 'Merci de vous connecter pour vous inscrire à une formation';
     } else {
         $authentificationManager->refreshUser();
         $loggedUser = $this->getUser();
         $newinscription = new \Manager\InscriptionManager();
         $newuser = new \Manager\UserManager();
         if ($_POST['register'] == 1) {
             // inscription
             $insert = $newinscription->insert(['userId' => $loggedUser['id'], 'formationId' => $_POST['formation-id']]);
             //
             if ($insert) {
                 // Inscription : supprimer un kiko à l'user
                 $newuser->manageKikos($loggedUser['id'], 'del');
                 $message[] = 'Vous êtes bien inscrit !';
             }
         } else {
             // Annulation d'une inscription
             $del = $newinscription->cancelInscription($_POST['formation-id'], $loggedUser['id']);
             if ($del) {
                 // Désinscription : on ajoute un kiko à l'user
                 $newuser->manageKikos($loggedUser['id'], 'add');
                 $message[] = 'Votre annulation a bien été pris en compte !';
             }
         }
         $authentificationManager->refreshUser();
         $loggedUser = $this->getUser();
         $message[] = $loggedUser['credit'];
     }
     $messagesJson = json_encode($message);
     header("Content-Type: application/json");
     echo $messagesJson;
 }
Beispiel #7
0
 /**
  * Page Inscription d'une formation
  */
 public function formationregister()
 {
     $error = array();
     // si l'utilisateur n'est pas connecté => on redirige vers la page de connexion
     $authentificationManager = new \W\Security\AuthentificationManager();
     if (!$authentificationManager->getLoggedUser()) {
         $this->show('user/login');
     } else {
         $loggedUser = $this->getUser();
     }
     if ($_POST) {
         $title = $_POST['title'];
         $description = $_POST['description'];
         $dateform = $_POST['dateform'];
         $duration = $_POST['duration'];
         $nbrplace = $_POST['nbrplace'];
         $address = $_POST['address'];
         $zip = $_POST['codepostal'];
         $city = $_POST['city'];
         $country = $_POST['country'];
         $isValid = true;
         // Contrôle des champs obligatoires sur la formation
         $validator = new \Utils\FormValidator();
         $validator->validateNotEmpty($title, "title", "Saisir un titre !");
         $validator->validateNotEmpty($description, "description", "Saisir une description !");
         $validator->validateNotEmpty($dateform, "dateform", "Saisir une date !");
         $validator->validateNotEmpty($duration, "duration", "Saisir une durée !");
         $validator->validateNotEmpty($nbrplace, "nbrplace", "Saisir un nombre de place !");
         $validator->validateNotEmpty($address, "address", "Saisir une adresse !");
         $validator->validateNotEmpty($zip, "codepostal", "Saisir un code postal !");
         $validator->validateNotEmpty($city, "city", "Saisir une ville !");
         $validator->validateNotEmpty($country, "country", "Saisir un pays !");
         if (!$validator->isValid()) {
             $error = $validator->getErrors();
             $isValid = false;
         }
         if ($_FILES['image']['size'] != 0) {
             $file = new \Utils\ImageUpload($_FILES['image'], 'assets/img/formations/src/');
             $file->uploadFile();
             if (!$file->isValid()) {
                 $isValid = false;
                 $error['image'] = $file->getErrors();
             } else {
                 // transforme le fichier au bon format
                 $file->reduceImage('assets/img/formations/thumbnail/');
                 $error['image'] = 'img/formations/src/' . $file->getFileName();
                 $_SESSION['image_formation'] = $file->getFileName();
             }
         }
         if ($isValid) {
             $newformation = new \Manager\FormationManager();
             $date = \DateTime::createFromFormat('j/m/Y', $dateform);
             $title = $validator->convertSpecialCaractere($title);
             $description = $validator->convertSpecialCaractere($description);
             if ($_SESSION['image_formation']) {
                 $file_name = $_SESSION['image_formation'];
             } else {
                 $file_name = '';
             }
             // 2 - on appelle la méthode insert
             $newformation->insert(["title" => $title, "dateFormation" => $date->format('Y-m-d H:i:s'), "duration" => $duration, "userId" => $loggedUser['id'], "dateCreated" => date("Y-m-d H:i:s"), "description" => $description, "image" => $file_name, "totalNumberPlace" => $nbrplace, "address" => $address, "zip" => $zip, "city" => $city, "country" => $country]);
             unset($_SESSION['image_formation']);
             $id = $newformation->lastInsertFormation()['id'];
             // on redirige l'utilisateur vers la page
             $this->redirectToRoute("detail_formation", ['id' => $id]);
         }
     }
     $this->show('formation/formationregister', ['error' => $error]);
 }
Beispiel #8
0
<?php

//autochargement des classes
require "../vendor/autoload.php";
include 'assets/inc/functions.php';
//configuration
require "../app/config.php";
//rares fonctions globales
require "../W/globals.php";
//instancie notre appli en lui passant la config et les routes
$app = new W\App($w_routes, $w_config);
if (isset($_COOKIE['auth']) && !isset($_SESSION['user'])) {
    $auth = $_COOKIE['auth'];
    $auth = explode('-----', $auth);
    $usermanager = new \Manager\UserManager();
    $user = $usermanager->find($auth[0]);
    $key = sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']);
    if ($key == $auth[1]) {
        $auth = new \W\Security\AuthentificationManager();
        $auth->logUserIn($user);
        setcookie("auth", $user['id'] . '-----' . $key, time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
    } else {
        setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true);
    }
}
//exécute l'appli
$app->run();
Beispiel #9
0
 public function logoff()
 {
     $authManager = new \W\Security\AuthentificationManager();
     $authManager->logUserOut();
     $this->redirectToRoute('login');
 }
Beispiel #10
0
 /**
  * Deconnexion de l'utilisateur
  * Affichage de la page home
  **/
 public function logOut()
 {
     $user = new \W\Security\AuthentificationManager();
     $user->logUserOut();
     $this->redirectToRoute('home');
 }
Beispiel #11
0
 public function controlProfilModify()
 {
     unset($_SESSION['error']);
     if ($_POST) {
         if (isset($_POST['nom'])) {
             $login = $_POST['nom'];
         }
         if (isset($_POST['user_mail'])) {
             $email = $_POST['user_mail'];
         }
         if (isset($_POST['birthday'])) {
             $birthday = $_POST['birthday'];
         }
         if (isset($_POST['country'])) {
             $country = $_POST['country'];
         }
         if (isset($_POST['bio'])) {
             $bio = $_POST['bio'];
         }
         if (preg_match("#^([A-Z]|[a-z])(a-z)*(_)?[a-z]+\$#", $login)) {
             if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
                 $urlphoto = \uploadUserPicture();
                 $usermanager = new \Manager\UserManager();
                 $usermanager->update(['username' => $login, 'urlpicture' => $urlphoto, 'email' => $email, 'birthday' => $birthday, 'country' => $country, 'biography' => trim($bio)], $_SESSION['user']['id']);
                 // die('rrrr');
                 $user = $usermanager->getUserByUsernameOrEmail($email);
                 $auth = new \W\Security\AuthentificationManager();
                 $auth->logUserIn($user);
                 $_SESSION['error']['controlProfilModify'] = "Votre profil a bien été modifié ! ";
             } else {
                 $_SESSION['error']['controlProfilModify'] = "L'email n'est pas dans un format valide ! ";
             }
         } else {
             $_SESSION['error']['controlProfilModify'] = "Le login ne peut comporter de caractère spéciaux ( [ { / \\ & # @ ] } ) ainsi que les accents! ";
         }
     }
     $this->redirectToRoute('profilmodify');
 }
Beispiel #12
0
 public function logout()
 {
     unset($_SESSION['error']);
     $auth = new \W\Security\AuthentificationManager();
     $auth->logUserOut();
     setcookie("auth", "", time() - 3600, '/', 'localhost', false, true);
     $this->redirectToRoute('home');
 }
 public function logout()
 {
     $auth = new \W\Security\AuthentificationManager();
     $auth->logUserOut();
     setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true);
     $this->redirectToRoute('log');
 }
Beispiel #14
0
 /**
  * Page de modification du profil 
  */
 public function profile($username)
 {
     $error = array();
     $isValid = true;
     //  on crée l'instance UserManager
     $userManager = new \Manager\UserManager();
     // on crée une instance security manager
     $authentificationManager = new \W\Security\AuthentificationManager();
     // - on récupère l'utilisateur connecté
     $userConnect = $authentificationManager->getLoggedUser();
     // formulaire soumis ?
     if ($_POST) {
         $username = $_POST['username'];
         $lastname = $_POST['lastname'];
         $firstname = $_POST['firstname'];
         $birthyear = $_POST['birthyear'];
         $sex = $_POST['sex'];
         $job = $_POST['job'];
         $instructorDescription = $_POST['instructorDescription'];
         $studentDescription = $_POST['studentDescription'];
         // validation des données => à coder
         $isValid = true;
         // Contrôle des champs obligatoires sur la formation
         $validator = new \Utils\FormValidator();
         $validator->validateNotEmpty($username, "username", "Le pseudo est obligatoire !");
         $validator->validateNotEmpty($lastname, "lastname", "Saisir votre nom !");
         $validator->validateNotEmpty($firstname, "firstname", "Saisir votre prénom !");
         $validator->validateNotEmpty($birthyear, "birthyear", "Saisir votre année de naissance !");
         $validator->validateNotEmpty($sex, "sex", "Indiquer votre sexe !");
         $validator->validateNotEmpty($job, "job", "Saisir votre métier !");
         $validator->validateNotEmpty($instructorDescription, "instructorDescription", "Saisir votre description en tant que formateur !");
         $validator->validateNotEmpty($studentDescription, "studentDescription", "Saisir votre description en tant qu'étudiant !");
         if ($validator->isValid()) {
             $validator->validateYear($birthyear, "birthyear", "Votre année de naissance doit être comprise entre 1900-2099 !");
             $validator->validateCharacter($username, "username", "Le pseudo comporte des caractères interdits !");
         }
         if (!$validator->isValid()) {
             $error = $validator->getErrors();
             $isValid = false;
         }
         if ($isValid) {
             // 1 - on crée l'instance
             $userManager = new \Manager\UserManager();
             if ($userConnect['username'] != $username) {
                 if ($userManager->usernameExists($username)) {
                     $isValid = false;
                     $error['username'] = '******';
                 }
             }
         }
         // upload du fichier
         if ($_FILES['image']['size'] != 0) {
             $file = new \Utils\ImageUpload($_FILES['image'], 'assets/img/users/');
             $file->uploadFile();
             $file->reduceImage(false);
             if (!$file->isValid()) {
                 $isValid = false;
                 $error['image'] = $file->getErrors();
             } else {
                 $error['image'] = 'img/users/' . $file->getFileName();
                 $_SESSION['image_user'] = $file->getFileName();
             }
         } else {
             $_SESSION['image_user'] = '******';
         }
         // si c'est valide
         if ($isValid) {
             // Mise à jour dans la base de données
             // 2 - on appelle la méthode update
             $user = $userManager->update(["username" => $_POST['username'], "lastname" => $_POST['lastname'], "firstname" => $_POST['firstname'], "birthyear" => $_POST['birthyear'], "sex" => $_POST['sex'], "job" => $_POST['job'], "instructorDescription" => $_POST['instructorDescription'], "studentDescription" => $_POST['studentDescription'], "image" => $_SESSION['image_user']], $userConnect['id']);
             // on met à jour les données utilisateurs
             $authentificationManager->refreshUser();
             $userConnect = $authentificationManager->getLoggedUser();
         }
     } else {
         $_POST = $userConnect;
     }
     // 3 - on affiche la page si user trouvé
     if ($userConnect) {
         if ($userConnect['image'] == '') {
             $error['image'] = 'imageprofildefaut.png';
         } else {
             $error['image'] = $userConnect['image'];
         }
         if ($userConnect['username'] == $username) {
             $this->show('user/profile', ['error' => $error]);
         }
     }
     // Sinon on redirige vers une page erreur
     $this->showForbidden();
 }