function user_admin() { $infos_user = read_infos_user($_SESSION['id']); if (false !== $infos_user) { if ($infos_user['user_pseudo'] == 'nicolas.grenie') { return true; } else { return false; } } }
$form_reset_pwd->add('Text', 'email_adress')->label('Votre adresse e-mail'); $form_reset_pwd->add('Submit', 'submit')->value('Envoyer informations'); //errors and message arrays $error_reset_pwd = array(); $msg_confirm = array(); //operations on the reset form if ($form_reset_pwd->is_valid($_POST)) { $email_addr = $form_reset_pwd->get_cleaned_data('email_adress'); $user_id = find_user_id($email_addr); if ($user_id !== false) { $new_pwd = gen_new_pwd(); //generate a new password update_password_user($user_id, $new_pwd); //update the modification $msg_confirm[] = "Mot de passe réinitialisé avec succès, vous recevrez prochainement un mél avec vos différentes informations de connexion. Attention pensez à changer le nouveau mot de passe pour le retenir plus facilement."; $infos_user = read_infos_user($user_id); // Preparation du mail $message_mail = "<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"> </head><body> <p>Nouveau mot de passe <b>NabzFood</b>.</p> <p>Vous avez demandé à changer votre mot de passe pour le site Nabzfood, ce mél est la confirmation que tout s'est bien passé.</p><p>Vos nouvelles informations de connexion : </p><p>Login : "******"</p><p>Mot de passe : " . $new_pwd . "</p>"; if (!empty($infos_user['hash_validation'])) { print_r($infos_user); $hash_validation = $infos_user['hash_validation']; $message_mail .= "<p>Lien pour valider votre compte : <a href=\"http:\\//" . $_SERVER['PHP_SELF'] . "?module=members&action=valid_account&hash=" . $hash_validation . "\">ce lien</a> pour activer votre compte !</p>"; } //end of empty hash_validation $message_mail .= "</body></html>"; $subject = "[Nabzfood] Réinitialisation mot de passe"; // Envoi du mail include './modules/mail/mail.php'; } else { $error_reset_pwd[] = "Nous n'avons pas trouvé de compte corespondant à cet e-mail, merci d'enter une adresse valide. Si vous n'êtes pas encore inscrit cliquez sur le lien \"Inscription\" dans le menu de gauche."; }
<?php //only display this page if user is connected if (!user_connected() || !verify_get_id($_GET['id'], $_SESSION['id'])) { include PATH_GLOBAL_VIEW . 'error_not_connected.php'; } else { //if id is not specified or in the wrong format if (empty($_GET['id']) or !is_numeric($_GET['id'])) { include PATH_VIEW . 'error_parameter_profile.php'; } else { $infos_user = read_infos_user($_SESSION['id']); if (false !== $infos_user && $infos_user['hash_validation'] == '') { $username = $infos_user['user_pseudo']; $email_addr = $infos_user['user_mail']; $lastconnect = $infos_user['user_lastconnect']; $_SESSION['email'] = $email_addr; include PATH_VIEW . 'profile_user.php'; } else { include PATH_VIEW . 'error_null_profile.php'; } } }
//Login Form include PATH_LIB . 'form.php'; $form_login = new Form('form_login'); $form_login->method('POST'); $form_login->add('Text', 'username')->label("Votre nom d'utilisateur"); $form_login->add('Password', 'password')->label("Votre mot de passe"); $form_login->add('Checkbox', 'auto_login')->required("false")->label("Connexion automatique"); $form_login->add('Submit', 'submit')->value("Connectez-moi !"); $form_login->bound($_POST); //verification of the login form $errors_login = array(); if ($form_login->is_valid($_POST)) { list($username, $password) = $form_login->get_cleaned_data('username', 'password'); $id_user = valid_login($username, sha1($password)); if (false !== $id_user) { $infos_user = read_infos_user($id_user); if (!empty($infos_user['hash_validation'])) { $errors_login[] = "Compte non validé pour recevoir à nouveau un lien d'activation : <a href=\"index.php?module=members&action=reset_pwd\"> formulaire de renvoi de lien d'activation </a> </p>"; include PATH_VIEW . 'form_login.php'; } else { $_SESSION['id'] = $id_user; $_SESSION['pseudo'] = $username; $_SESSION['email'] = $infos_user['user_mail']; up_lastconnect($id_user); //up the last_connect of user if (false !== $form_login->get_cleaned_data('auto_login')) { $browser = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; $hash_cookie = sha1('592a23516c' . $username . '3b665d692a' . sha1($password) . '307e352c2b' . $browser . '7e79437856'); setcookie('id', $_SESSION['id'], strtotime("+1 month"), '/'); setcookie('auto_login', $hash_cookie, strtotime("+1 month"), '/'); }
<?php if (!user_admin()) { include PATH_GLOBAL_VIEW . 'error_not_admin.php'; } else { require_once PATH_MODEL . 'admin.php'; require_once PATH_MODEL . 'members.php'; require_once PATH_LIB . 'form.php'; $form_mail_user = new Form('form_mail_user'); $form_mail_user->method('POST'); $form_mail_user->add('Text', 'mail_subject')->label('Sujet du message')->value('[Nabzfood]'); $form_mail_user->add('Textarea', 'mail_content')->label('Message')->cols(100)->rows(20); $form_mail_user->add('Submit', 'Envoyer'); $infos_user = read_infos_user($_GET['uid']); $pseudo = $infos_user['user_pseudo']; if ($form_mail_user->is_valid($_POST)) { $subject = $form_mail_user->get_cleaned_data('mail_subject'); $txtmessage = $_POST['mail_content']; //dont use get_cleaned because it loose the aspect of the txt $txtmessage = str_replace("\r\n", "<br \\>", $txtmessage); //replace txt \n by HTML <br /> $email_addr = $infos_user['user_mail']; $message_mail = $txtmessage; //Send mail include './modules/mail/mail.php'; } //end of is_valid include PATH_VIEW . 'form_mail_user.php'; //header("Location: index.php?module=admin&action=users&id=".$_SESSION['id']); //reload Admin user page } //end of user_admin