function signup($post, $connect)
{
if (!empty($post['signup_user']) && !empty($post['signup_mail']) && !empty($post['signup_pass1']) && !empty($post['signup_pass2'])) {
if (preg_match('/@.+\\./', $post['signup_mail'])) {
$sql = "SELECT id, user, mail FROM users WHERE user='******'signup_user']) . "'";
$result = $connect->query($sql);
if ($result->rowCount() > 0) {
$res['end'] = false;
$res['info'] = "Le nom d'utilisateur est déjà pris.";
return json_encode($res);
} else {
$sql = "SELECT id, user, mail FROM users WHERE mail='" . htmlspecialchars($post['signup_mail']) . "'";
$result = $connect->query($sql);
if ($result->rowCount() > 0) {
$res['end'] = false;
$res['info'] = "L'adresse mail est déjà prise.";
return json_encode($res);
} else {
if (strlen($post['signup_pass1']) >= 6) {
if ($post['signup_pass1'] === $post['signup_pass2']) {
$sql = $connect->prepare('INSERT INTO users (user, password, mail) VALUES (:user, :password, :mail)');
$sql->execute(array('user' => htmlspecialchars($post['signup_user']), 'password' => pass_hash($post['signup_user'], $post['signup_pass1']), 'mail' => htmlspecialchars($post['signup_mail'])));
$to = $post['signup_mail'];
$subject = 'Vérification InstaPics';
$message = "Bonjour " . $post['signup_user'] . ",\nPour vérifier votre compte, il vous suffit de cliquer sur le lien ci dessous.\nhttp://localhost:8080/Camagru/verif.php?v=" . $post['signup_user'] . "&l=" . sha1($post['signup_user'] . "quarante");
$headers = 'From: verif@instapics.fr';
mail($to, $subject, $message, $headers);
$res['end'] = true;
$res['info'] = "Un mail de vérification a été envoyé.";
return json_encode($res);
} else {
$res['end'] = false;
$res['info'] = "Les mots de passe ne correspondent pas.";
return json_encode($res);
}
} else {
$res['end'] = false;
$res['info'] = "Le mot de passe doit faire au moins 6 caractères.";
return json_encode($res);
}
}
}
} else {
$res['end'] = false;
$res['info'] = "L'adresse mail doit être sous la forme test@test.test";
return json_encode($res);
}
} else {
$res['end'] = false;
$res['info'] = "Veuillez remplir tous les champs.";
return json_encode($res);
}
$res['end'] = false;
$res['info'] = "Erreur.";
return json_encode($res);
}
function signin($post, $connect)
{
if (!empty($post['signin_user']) && !empty($post['signin_pass'])) {
$sql = "SELECT * FROM users WHERE user='******'signin_user']) . "'";
$result = $connect->query($sql);
if ($result->rowCount() > 0) {
$user = $result->fetch();
if ($user['user'] === $post['signin_user'] && $user['password'] === pass_hash($post['signin_user'], $post['signin_pass'])) {
if ($user['valid'] == 1) {
$sql = "SELECT COUNT(*) AS 'count' FROM likes WHERE pic_user='******'user'] . "'";
$result = $connect->query($sql);
$fetch = $result->fetch();
$_SESSION['id'] = $user['id'];
$_SESSION['user'] = $user['user'];
$_SESSION['mail'] = $user['mail'];
$_SESSION['hearts'] = $fetch['count'];
$_SESSION['create_at'] = $user['create_at'];
$res['end'] = true;
$res['user'] = $user['user'];
$res['mail'] = $user['mail'];
$res['hearts'] = $fetch['count'];
$res['create_at'] = $user['create_at'];
$res['info'] = "Vous êtes connecté ! ;)";
return json_encode($res);
} else {
$res['end'] = false;
$res['info'] = "Vous devez d'abord vérifier votre compte.";
return json_encode($res);
}
} else {
$res['end'] = false;
$res['info'] = "Les informations entrées sont incorrectes.";
return json_encode($res);
}
} else {
$res['end'] = false;
$res['info'] = "Les informations entrées sont incorrectes.";
return json_encode($res);
}
} else {
$res['end'] = false;
$res['info'] = "Veuillez remplir tous les champs.";
return json_encode($res);
}
$res['end'] = false;
$res['info'] = "Erreur.";
return json_encode($res);
}
function login($user, $pass)
{
$hasshed = pass_hash($user, $pass);
$conf = new connectionconf();
$this->conn = $conf->connect();
$sql = "select * from users where username='******' and pass='******'";
//echo $sql;
$result = mysqli_query($this->conn, $sql);
if (mysqli_num_rows($result) > 0) {
$id = "0";
while ($row = mysqli_fetch_assoc($result)) {
$id = $row["id"];
}
return $id;
} else {
return 0;
}
// mysqli_close($this->conn);
}
function signin($post, $connect)
{
if (!empty($post['password']) && !empty($post['password'])) {
$sql = "SELECT uuid, mail, password, create_at, rank, accesstoken FROM users WHERE mail='" . htmlspecialchars($post['mail']) . "'";
$result = mysqli_query($connect, $sql);
if (mysqli_num_rows($result) > 0) {
$user = mysqli_fetch_assoc($result);
if ($user['mail'] === $post['mail'] && $user['password'] === pass_hash($post['mail'], $post['password'])) {
$_SESSION['uuid'] = $user['uuid'];
$_SESSION['mail'] = $user['mail'];
$_SESSION['rank'] = $user['rank'];
$_SESSION['create_at'] = $user['create_at'];
$_SESSION['accesstoken'] = $user['accesstoken'];
return true;
} else {
$_SESSION['error'] = "Informations incorrectes.";
}
}
}
return false;
}
echo 1;
} else {
echo 0;
}
} else {
if (isset($_POST['username'])) {
$client = S3Client::factory(array('credentials' => array('key' => 'KEY', 'secret' => 'KEY')));
function createNewBucket($bucket, $client)
{
$result = $client->createBucket(array('Bucket' => 'klaud-' . $bucket, 'LocationConstraint' => 'us-west-2'));
return $result;
}
$key = $_POST['hash'];
$email = $_POST['email'];
$username = $_POST['username'];
$password = pass_hash("ripemd160", $_POST['password'], "SALT", "PEPPER");
$insert_query = "INSERT INTO `users` (`auto`, `user`, `pass`, `email`) VALUES ('', '{$username}', '{$password}', '{$email}')";
$update_query = "UPDATE `accesskeys` SET `user`='{$username}' WHERE `accesskey`='{$key}'";
$select_query = $db->query("SELECT `user` FROM `users` WHERE `user`='{$username}'");
if ($select_query->num_rows == 0) {
if ($db->query($insert_query) == TRUE) {
if ($db->query($update_query) == TRUE) {
$result = createNewBucket($username, $client);
if ($result['Location'] == "http://klaud-" . $username . ".s3.amazonaws.com/") {
$result = $client->putBucketCors(array('Bucket' => 'klaud-' . $username, 'CORSRules' => array(array('AllowedHeaders' => array('*'), 'AllowedMethods' => array('HEAD', 'GET', 'PUT', 'POST', 'DELETE'), 'AllowedOrigins' => array('SERVER_URL'), 'ExposeHeaders' => array('ETag')))));
echo 1;
} else {
echo 3;
}
} else {
echo 0;
if ($_GET['action'] === "add") {
if (empty($_POST['mail']) || empty($_POST['password'])) {
?>
<form action="users.php?action=add" method="POST">
<label for="mail">Email :</label><br />
<input type="email" name="mail" /><br />
<label for="password">Mot de passe :</label><br />
<input type="password" name="password" /><br />
<label for="rank">Rang :</label><br />
<input type="text" name="rank" /><br />
<hr />
<input type="submit" name="submit" value="Créer" />
</form>
<?php
} else {
$sql = "INSERT INTO users (uuid, mail, password, rank, create_at, accesstoken)\n\t\t\tVALUES ('" . uuid() . "', '" . htmlspecialchars($_POST['mail']) . "', '" . pass_hash($_POST['mail'], $_POST['password']) . "', " . htmlspecialchars($_POST['rank']) . ", NOW(), NULL)";
if (mysqli_query($connect, $sql)) {
echo "L'utilisateur a été ajouté";
} else {
echo "Erreur: " . $sql . "<br />" . mysqli_error($connect);
}
}
} elseif ($_GET['action'] === "del" && $_GET['uuid']) {
$sql = "DELETE FROM users WHERE uuid=" . $_GET['uuid'];
if (mysqli_query($connect, $sql)) {
echo "L'utilisateur a été suprimmé";
} else {
echo "Erreur: " . mysqli_error($connect);
}
} elseif ($_GET['action'] === "modif" && $_GET['uuid']) {
if ($_POST['submit'] === "Modifier" && !empty($_POST['password'])) {
$sql = "DELETE FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "'";
$result = $connect->query($sql);
echo "La demande de réinitialisation a été annulée.";
} else {
$sql = "SELECT mail, code FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "' AND code='" . htmlspecialchars($_GET['c']) . "'";
$result = $connect->query($sql);
if ($result->rowCount() > 0) {
if (isset($_POST['password1']) && isset($_POST['password2']) && !empty($_POST['password1']) && !empty($_POST['password2']) && $_POST['submit'] === "Valider") {
if (strlen($_POST['password1']) >= 6) {
if ($_POST['password1'] === $_POST['password2']) {
$sql = "SELECT user, mail FROM users WHERE mail='" . htmlspecialchars($_GET['m']) . "'";
$result = $connect->query($sql);
if ($result->rowCount() > 0) {
$user = $result->fetch();
$sql = $connect->prepare('UPDATE users SET password = :password WHERE mail = :mail');
$sql->execute(array('password' => pass_hash($user['user'], $_POST['password1']), 'mail' => $_GET['m']));
$sql = "DELETE FROM codes WHERE mail='" . htmlspecialchars($_GET['m']) . "'";
$result = $connect->query($sql);
echo "Votre mot de passe a été réinitialisé.";
}
} else {
?>
Les mots de passe ne correspondent pas.<br />
Veuillez entrer votre nouveau mot de passe :
<form action="reset.php?m=<?php
echo htmlspecialchars($_GET['m']);
?>
&c=<?php
echo htmlspecialchars($_GET['c']);
?>
" method="post">
die("Connection failed: " . mysqli_connect_error());
}
// CREATE
$sql = "CREATE DATABASE " . $dbname;
if (mysqli_query($connect, $sql)) {
echo "Database created successfully<br />";
mysqli_close($connect);
$connect = mysqli_connect($server, $user, $pass, $dbname);
if (!$connect) {
die("Connection failed: " . mysqli_connect_error());
}
// USER
$sql = "CREATE TABLE users (\n\t\t\t\t\tuuid VARCHAR(255) NOT NULL,\n\t\t\t\t\tmail VARCHAR(255) NOT NULL,\n\t\t\t\t\tpassword VARCHAR(128) NOT NULL,\n\t\t\t\t\trank INT(1),\n\t\t\t\t\tcreate_at TIMESTAMP,\n\t\t\t\t\taccesstoken VARCHAR(255)\n\t\t\t\t)";
if (mysqli_query($connect, $sql)) {
echo "Users table created successfully<br />";
$sql = "INSERT INTO users (uuid, mail, password, rank, create_at)\n\t\t\t\t\tVALUES ('" . uuid() . "', '" . $_POST['mail'] . "', '" . pass_hash($_POST['mail'], $_POST['password1']) . "', 1, NOW())";
if (mysqli_query($connect, $sql)) {
echo "New record created successfully<br />";
} else {
echo "Error: " . $sql . "<br />" . mysqli_error($connect);
}
} else {
echo "Error creating table: " . mysqli_error($connect);
}
// ARTICLE
$sql = "CREATE TABLE articles (\n\t\t\t\t\tuuid VARCHAR(255) NOT NULL,\n\t\t\t\t\tname VARCHAR(255) NOT NULL,\n\t\t\t\t\tdescription TEXT,\n\t\t\t\t\timg VARCHAR(255),\n\t\t\t\t\tprice FLOAT(4),\n\t\t\t\t\tstock INT(11),\n\t\t\t\t\tstar INT(1)\n\t\t\t\t)";
if (mysqli_query($connect, $sql)) {
echo "Article table created successfully<br />";
} else {
echo "Error creating table: " . mysqli_error($connect);
}
function hashEmail($email)
{
return pass_hash("ripemd160", $email, "SALT", "PEPPER");
}
