public function log()
{
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
$passwordError = "";
if ($_POST) {
if ($_POST['logger'] == null || $_POST['password'] == null) {
$passwordError = "vide!";
} else {
$logger = $_POST['logger'];
$password = $_POST['password'];
$pos = strpos($logger, '@');
//on test sur le champ username
if ($pos === false) {
$username = $logger;
if ($usermanager->usernameExists($username)) {
if ($auth->isValidLoginInfo($username, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($username);
$auth->logUserIn($user);
if ($_POST['remember']) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
}
$this->show('logger/log', ["passwordError" => $passwordError]);
} else {
$passwordError = "Wrong login/mp couple!";
}
} else {
$passwordError = "Login not found!";
}
} else {
//sinon le log contient un @ c'est un email dc verification dans la BDD sur le champ email
$email = $logger;
if ($usermanager->emailExists($email)) {
if ($auth->isValidLoginInfo($email, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($email);
$auth->logUserIn($user);
if ($_POST['remember']) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
}
$this->show('logger/log', ["passwordError" => $passwordError]);
} else {
$passwordError = "Wrong email/mp couple!";
}
} else {
$passwordError = "Email not found";
}
}
}
}
$this->show('logger/log', ["passwordError" => $passwordError]);
}
/**
* Page de connexion
*/
public function login()
{
if (isset($_POST['login-submit'])) {
// Si on a reçu une soumission de formulaire
if (!isset($_POST['email']) || empty($_POST['email']) || !isset($_POST['password']) || empty($_POST['password'])) {
// S'il manque des informations
$this->redirectToRoute('login');
}
$authManager = new \W\Security\AuthentificationManager();
$userId = $authManager->isValidLoginInfo($_POST['email'], $_POST['password']);
if ($userId) {
// Les infos sont cohérentes
$usersManager = new \Manager\UserManager();
$user = $usersManager->find($userId);
unset($user['password']);
// Enregistrement des infos utilisateur en session
$authManager->logUserIn($user);
// Retour à l'accueil
$this->redirectToRoute('home');
}
// Si il y a une erreur dans le login ou le mot de passe
$this->show('default/login', ['errorConnection' => true]);
}
// on va sur la page de login de base
$this->show('default/login');
}
public function check()
{
$authentificationManager = new \W\Security\AuthentificationManager();
$loggedUser = $authentificationManager->getLoggedUser();
//si l'utilisateur est déjà connecté...
if ($loggedUser) {
return true;
}
//si on a un cookie de w_remember_me
if (!empty($_COOKIE['kikala_remember_me'])) {
//check en base de données que les données sont les bonnes
$cookieData = json_decode($_COOKIE['kikala_remember_me'], true);
$userManager = new \Manager\UserManager();
$user = $userManager->find($cookieData['id']);
//si le hash du cookie verifie le hash en bdd
if (password_verify($cookieData['token'], $user['tokenCookie'])) {
$authentificationManager->logUserIn($user);
return true;
} else {
//efface le cookie erroné
setcookie('kikala_remember_me', '', 0, '/');
return false;
}
}
return false;
}
/**
* Création d'un utilisateur
*/
public function create()
{
function securise($string)
{
if (ctype_digit($string)) {
$string = intval($string);
} else {
$string = mysql_real_escape_string($string);
$string = addcslashes($string, '%_');
$string = htmlspecialchars($string);
}
return $string;
}
if (isset($_POST['page_name']) && isset($_POST['passwrd']) && isset($_POST['mail']) && !empty($_POST['page_name']) && !empty($_POST['passwrd']) && !empty($_POST['mail'])) {
// Si on a toutes les infos
$pagename = securise($_POST['page_name']);
$passwrd = securise($_POST['passwrd']);
$mail = securise($_POST['mail']);
$usersManager = new \Manager\UsersManager();
$usersManager->insert(['page_name' => $pagename, 'passwrd' => password_hash($passwrd, PASSWORD_DEFAULT), 'mail' => $mail]);
$userSession = new \W\Security\AuthentificationManager();
$userSession->logUserIn($user);
$usersManager = new \Manager\UsersManager();
$user = $usersManager->find($userId);
unset($user['password']);
// on instancie les datas de base en DB
$userID = $user['id'];
$name = 'avatar_1';
$value = 'gergregegregergegregregregrege';
$initdata = new \Manager\OptionsManager();
$initdata->insertInit($userID, $name, $value);
}
$this->redirectToRoute('backoffice');
}
public function mailPasswordRecovery($token, $id)
{
unset($_SESSION['error']);
if (isset($token) && isset($id)) {
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
$user = $usermanager->find($id);
$tokenVerif = $user['token'];
if (password_verify($token, $tokenVerif)) {
$usermanager->update(['token' => '', 'token_timestamp' => 0], $id);
$auth->logUserIn($user);
$_SESSION['error']['forgetpassword'] = "******";
$this->show('user/changepassword', ['id' => $id]);
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
$this->show('default/home');
}
/**
* Login de l'utilisateur
* Affichage de la page des choriste
**/
public function login()
{
$userLogin = new \W\Security\AuthentificationManager();
if ($this->getuser() != NULL) {
$this->redirectToRoute('choristes_actus');
// si l'utilisateur est deja connecté on le renvoi vers le coin des choristes
}
if (isset($_POST['sent'])) {
// si il n'est pas connecté il arrive sur le formulaire de connexion ou il renseigne mail et mdp
$login = $_POST['login'];
$password = $_POST['password'];
$id = $userLogin->isValidLoginInfo($login, $password);
if ($id) {
$findUser = new \Manager\UsersManager();
$user = $findUser->find($id);
$userLogin->logUserIn($user);
$this->getUser();
$this->redirectToRoute('choristes_actus');
}
}
$this->show('default/login');
}
public function login()
{
if (isset($_POST['login-submit'])) {
// Si on a reçu une soumission de formulaire
if (!isset($_POST['login']) || empty($_POST['login']) || !isset($_POST['password']) || empty($_POST['password'])) {
// S'il manque des informations
$this->redirectToRoute('login');
}
$authManager = new \W\Security\AuthentificationManager();
$userId = $authManager->isValidLoginInfo($_POST['login'], $_POST['password']);
if ($userId) {
// Les infos sont coherentes
$usersManager = new \Manager\UsersManager();
$user = $usersManager->find($userId);
unset($user['password']);
// Enregistrement des infos utilisateur en session
$authManager->logUserIn($user);
$this->redirectToRoute('todolist_list');
}
$this->show('default/login', ['errorConnection' => true]);
}
$this->show('default/login');
}
<?php
//autochargement des classes
require "../vendor/autoload.php";
include 'assets/inc/functions.php';
//configuration
require "../app/config.php";
//rares fonctions globales
require "../W/globals.php";
//instancie notre appli en lui passant la config et les routes
$app = new W\App($w_routes, $w_config);
if (isset($_COOKIE['auth']) && !isset($_SESSION['user'])) {
$auth = $_COOKIE['auth'];
$auth = explode('-----', $auth);
$usermanager = new \Manager\UserManager();
$user = $usermanager->find($auth[0]);
$key = sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']);
if ($key == $auth[1]) {
$auth = new \W\Security\AuthentificationManager();
$auth->logUserIn($user);
setcookie("auth", $user['id'] . '-----' . $key, time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
} else {
setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true);
}
}
//exécute l'appli
$app->run();
public function login()
{
function securise($string)
{
if (ctype_digit($string)) {
$string = intval($string);
} else {
$string = mysql_real_escape_string($string);
$string = addcslashes($string, '%_');
$string = htmlspecialchars($string);
}
return $string;
}
if (isset($_POST['login-submit'])) {
// Si on a reçu une soumission de formulaire
if (!isset($_POST['login']) || empty($_POST['login']) || !isset($_POST['password']) || empty($_POST['password'])) {
// S'il manque des informations
$this->redirectToRoute('login');
}
$authManager = new \W\Security\AuthentificationManager();
$login = securise($_POST['login']);
$password = securise($_POST['password']);
$userId = $authManager->isValidLoginInfo($login, $password);
if ($userId) {
// Les infos sont coherentes
$usersManager = new \Manager\UsersManager();
$user = $usersManager->find($userId);
unset($user['password']);
// insertion des datas initiales en db
// Enregistrement des infos utilisateur en session
$authManager->logUserIn($user);
$this->redirectToRoute('backoffice');
}
$this->show('Default/login', ['errorConnection' => true]);
}
$this->show('Default/login');
}
public function controlProfilModify()
{
unset($_SESSION['error']);
if ($_POST) {
if (isset($_POST['nom'])) {
$login = $_POST['nom'];
}
if (isset($_POST['user_mail'])) {
$email = $_POST['user_mail'];
}
if (isset($_POST['birthday'])) {
$birthday = $_POST['birthday'];
}
if (isset($_POST['country'])) {
$country = $_POST['country'];
}
if (isset($_POST['bio'])) {
$bio = $_POST['bio'];
}
if (preg_match("#^([A-Z]|[a-z])(a-z)*(_)?[a-z]+\$#", $login)) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$urlphoto = \uploadUserPicture();
$usermanager = new \Manager\UserManager();
$usermanager->update(['username' => $login, 'urlpicture' => $urlphoto, 'email' => $email, 'birthday' => $birthday, 'country' => $country, 'biography' => trim($bio)], $_SESSION['user']['id']);
// die('rrrr');
$user = $usermanager->getUserByUsernameOrEmail($email);
$auth = new \W\Security\AuthentificationManager();
$auth->logUserIn($user);
$_SESSION['error']['controlProfilModify'] = "Votre profil a bien été modifié ! ";
} else {
$_SESSION['error']['controlProfilModify'] = "L'email n'est pas dans un format valide ! ";
}
} else {
$_SESSION['error']['controlProfilModify'] = "Le login ne peut comporter de caractère spéciaux ( [ { / \\ & # @ ] } ) ainsi que les accents! ";
}
}
$this->redirectToRoute('profilmodify');
}
public function log()
{
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
unset($_SESSION['error']);
$isValid = true;
if ($_POST) {
if (\isIsset($_POST)) {
$logger = $_POST['logger'];
$password = $_POST['password'];
$pos = strpos($logger, '@');
//on test sur le champ username
if ($pos === false) {
$username = $logger;
if ($usermanager->usernameExists($username)) {
if ($auth->isValidLoginInfo($username, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($username);
$auth->logUserIn($user);
if (isset($_POST['remember'])) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', 'mudeo.dev', false, true);
}
$return = \confirmAccount($user['token_timestamp']);
$_SESSION['error']['log'] = $return[1];
} else {
$isValid = false;
$_SESSION['error']['log'] = "Wrong login/mp couple!";
}
} else {
$isValid = false;
$_SESSION['error']['log'] = "Login not found!";
}
} else {
//sinon le log contient un @ c'est un email dc verification dans la BDD sur le champ email
$email = $logger;
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
if ($usermanager->emailExists($email)) {
if ($auth->isValidLoginInfo($email, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($email);
$auth->logUserIn($user);
if (isset($_POST['remember'])) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', 'localhost', false, true);
}
$return = \confirmAccount($user['token_timestamp'], $_SESSION['user']['subscription']);
$isValid = $return[0];
$_SESSION['error']['log'] = $return[1];
} else {
$isValid = false;
$_SESSION['error']['log'] = "Mauvais couple email/mot de passe !";
}
} else {
$isValid = false;
$_SESSION['error']['log'] = "Email pas présent dans la base ! ";
}
} else {
$isValid = false;
$_SESSION['error']['log'] = "Le format de l'email n'est pas valide !";
}
}
// fin si mail
} else {
$isValid = false;
$_SESSION['error']['log'] = "Veuillez remplir tous les champs !";
}
}
if ($isValid) {
$this->redirectToRoute('userhome');
} else {
$this->redirectToRoute('home');
}
}
/**
* Page du nouveau mot de passe
*/
public function newpassword($token, $username)
{
$error = array();
$userManager = new \Manager\UserManager();
$user = $userManager->getUserByUsernameOrEmail($username);
if ($user) {
if ($_POST) {
$isValid = true;
$newpassword = $_POST['newpassword'];
$newpasswordConfirm = $_POST['newpasswordConfirm'];
$validator = new \Utils\FormValidator();
$validator->validateNotEmpty($newpassword, "newpassword", "Saisir un mot de passe");
$validator->validateNotEmpty($newpasswordConfirm, "newpasswordConfirm", "Ressaisir le mot de passe");
if (!$validator->isValid()) {
$error = $validator->getErrors();
$isValid = false;
}
// erreur sur le mdp
if ($newpassword != $newpasswordConfirm) {
$isValid = false;
$error['newpasswordConfirm'] = 'Les mots de passe ne correspondent pas !';
}
if ($isValid) {
// - Mise à jour en BDD
$userManager->update(['token' => '', 'password' => password_hash($newpassword, PASSWORD_DEFAULT)], $user['id']);
// - on connecte l'utilisateur
$authentificationManager = new \W\Security\AuthentificationManager();
$authentificationManager->logUserIn($user);
// - redirection vers la page du compte utilisateur
$this->show('user/detail_account', ['user' => $user]);
}
}
if (password_verify($token, $user['token'])) {
$this->show('user/newpassword');
}
}
$this->showForbidden();
}
