function main()
{
global $session;
global $db_connect_info;
global $http_user_name;
global $http_user_email;
if ($session->started()) {
navigateTo(HREF_MAIN);
}
$http_user_name = trim($_POST['user-name']);
$http_user_password = trim($_POST['user-password']);
$http_user_password_re = trim($_POST['user-password-re']);
$http_user_email = trim($_POST['user-email']);
// 입력 값의 유효성을 검증한다.
if (empty($http_user_name) || empty($http_user_password) || empty($http_user_email)) {
return array('result' => true, 'message' => '');
}
if (strlen($http_user_name) < 2) {
return array('result' => false, 'message' => '아이디는 3자 이상으로 입력해 주세요');
}
if (strlen($http_user_password) < 5) {
return array('result' => false, 'message' => '비밀번호는 4자 이상으로 입력해 주세요');
}
if (strcmp($http_user_password, $http_user_password_re) != 0) {
return array('result' => false, 'message' => '비밀번호와 비밀번호 확인이 일치하지 않습니다');
}
// 이메일 포멧의 유효성을 검증한다.
if (!filter_var($http_user_email, FILTER_VALIDATE_EMAIL)) {
return array('result' => false, 'message' => '올바르지 않은 이메일 주소입니다');
}
// reCAPTCHA를 검증한다.
if (!getReCaptcha()) {
return array('result' => false, 'message' => 'reCAPTCHA가 올바르게 입력되지 않았습니다');
}
$db = new YwDatabase($db_connect_info);
// 데이터베이스 연결을 체크한다.
if (!$db->connect()) {
return array('result' => false, 'message' => '서버와의 연결에 실패했습니다');
}
// 아이디와 이메일 유효성을 검증한다.
if (!$db->query("SELECT `name` FROM " . USER_TABLE . " WHERE `name`='" . $db->purify($http_user_name) . "' OR `email`='" . $db->purify($http_user_email) . "';")) {
return array('result' => false, 'message' => '유저 정보를 불러오는데 실패하였습니다');
}
if ($db->total_results() > 0) {
$result = $db->get_result();
if (strcmp($http_user_name, $result['name']) == 0) {
return array('result' => false, 'message' => '이미 사용중인 아이디입니다');
} else {
return array('result' => false, 'message' => '이미 사용중인 이메일 주소입니다');
}
}
// 서버로 데이터를 전송한다.
if (!$db->query("INSERT INTO " . USER_TABLE . " (`name`, `password`, `email`) VALUES ('" . $db->purify($http_user_name) . "', '" . passwordHash($http_user_password) . "', '" . $db->purify($http_user_email) . "');")) {
return array('result' => false, 'message' => '계정을 생성하는데 실패했습니다');
}
$db->log($http_user_name, LOG_SIGNUP, '1');
$db->close();
navigateTo(HREF_SIGNIN . '?signup=1');
return array('result' => true, 'message' => '');
}
function main()
{
global $session;
global $db_connect_info;
global $http_user_email;
if ($session->started()) {
navigateTo(HREF_MAIN);
}
$http_user_email = trim($_POST['user-email']);
// 입력 값의 유효성을 검증한다.
if (empty($http_user_email)) {
return array('result' => true, 'message' => '');
}
// 이메일 포멧의 유효성을 검증한다.
if (!filter_var($http_user_email, FILTER_VALIDATE_EMAIL)) {
return array('result' => false, 'message' => '이메일 주소가 올바르지 않습니다');
}
// reCAPTCHA를 검증한다.
if (!getReCaptcha()) {
return array('result' => false, 'message' => 'reCAPTCHA가 올바르게 입력되지 않았습니다');
}
$db = new YwDatabase($db_connect_info);
// 데이터베이스 연결을 체크한다.
if (!$db->connect()) {
return array('result' => false, 'message' => '서버와의 연결에 실패했습니다');
}
// 아이디와 이메일 유효성을 검증한다.
if (!$db->query("SELECT `name` FROM " . USER_TABLE . " WHERE `email`='" . $db->purify($http_user_email) . "';")) {
return array('result' => false, 'message' => '이메일 주소를 조회하는데 실패했습니다');
}
if ($db->total_results() < 1) {
return array('result' => false, 'message' => '존재하지 않는 이메일 주소입니다');
}
$result = $db->get_result();
$user_name = $result['name'];
// 새로운 비밀번호를 생성한다.
$generated_password = bin2hex(openssl_random_pseudo_bytes(6));
if (!$db->query("UPDATE " . USER_TABLE . " SET `password`='" . passwordHash($generated_password) . "' WHERE `email`='" . $db->purify($http_user_email) . "';")) {
return array('result' => false, 'message' => '비밀번호를 업데이트하는데 실패했습니다');
}
$email_content = "<b>" . $user_name . "</b> 회원님의 새 비밀번호는 <b>" . $generated_password . "</b>입니다.";
if (!getMailer($http_user_email, "연세위키 비밀번호를 알려드립니다", $email_content)) {
return array('result' => false, 'message' => '이메일 발송에 실패했습니다');
}
$db->log($user_name, LOG_RESET, '1');
$db->close();
return array('result' => true, 'message' => '이메일로 아이디와 새로운 비밀번호를 전송했습니다');
}
public function Authorization($username, $password, $remember = false)
{
$query = "select ID,Login from users where Login = :username and Password = :password limit 1";
$q = $this->DB->db_pdo->prepare($query);
$s = $this->getSalt($username);
if ($s != null) {
$hashes = passwordHash($password, $s);
$q->execute(array(":username" => $username, ":password" => $hashes['hash']));
$this->user = $q->fetch();
if (!$this->user) {
$this->is_authorized = false;
} else {
$this->is_authorized = true;
$this->user_id = $this->user['ID'];
$this->saveSession($remember);
header("Location: index.php");
}
}
return $this->is_authorized;
}
function main()
{
global $session;
global $db_connect_info;
$http_user_name = trim(strip_tags($_POST['user-name']));
$http_user_password = trim($_POST['user-password']);
$http_redirect = empty($_POST['redirect']) ? HREF_MAIN : $_POST['redirect'];
if ($session->started()) {
navigateTo(HREF_MAIN);
}
if (empty($http_user_name) || empty($http_user_password)) {
return array('result' => true, 'message' => '');
}
$db = new YwDatabase($db_connect_info);
if (!$db->connect()) {
return array('result' => false, 'message' => '서버와의 연결에 실패했습니다');
}
// 아이디가 유효한지 확인합니다.
if (!$db->query("SELECT * FROM " . USER_TABLE . " WHERE `name`='" . $db->purify($http_user_name) . "';")) {
return array('result' => false, 'message' => '유저 정보를 불러오는데 실패했습니다');
}
if ($db->total_results() < 1) {
return array('result' => false, 'message' => '존재하지 않는 아이디입니다');
}
$result = $db->get_result();
// 비밀번호가 일치하는지 확인합니다.
if (strcmp(passwordHash($http_user_password), $result['password']) != 0) {
$db->log($session->ip, LOG_SIGNIN, '0');
return array('result' => false, 'message' => '비밀번호가 올바르지 않습니다');
}
// 세션 등록
$session->start($result['name'], $result['id'], intval($result['permission']));
$db->log($session->name, LOG_SIGNIN, '1');
$db->close();
navigateTo($http_redirect);
return array('result' => true, 'message' => '');
}
mail(getVar('email'), 'Votre compte sur plopbox.zlock.eu', "Votre compte a ete cree sur plopbox.zlock.eu\nLogin: "******"\nPassword: "******"UPDATE users SET level = 2 WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => getVar('id')));
break;
case 'removeAdmin':
$sth = $dbh->prepare("UPDATE users SET level = 1 WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => getVar('id')));
break;
case 'ban':
$sth = $dbh->prepare("UPDATE users SET level = 0 WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => getVar('id')));
break;
case 'genPassword':
$password = genPassword();
$sth = $dbh->prepare("UPDATE users SET password = :password WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => getVar('id'), ':password' => passwordHash($password)));
mail(getVar('email'), 'Votre nouveau mot de passe sur plopbox.zlock.eu', "Votre nouveau mot de passe sur plopbox.zlock.eu est: " . $password, 'From: noreply@zlock.eu');
break;
}
}
if (!$_SESSION['id'] && $_SESSION['id'] != 1) {
render('forbidden');
}
$userssQuery = $dbh->prepare("SELECT id, login, email, level FROM users");
$userssQuery->execute();
$users = $userssQuery->fetchAll();
// 0 = banned // 1 = user // 2 = admin // 3 = superadmin
$levels = array('<span class="label label-important">Banni</span>', '<span class="label">Normal</span>', '<span class="label label-success">Admin serveur</span>', '<span class="label label-inverse">Root</span>');
render('users', array('users' => $users, 'levels' => $levels));
}
require_once 'inc/init.inc.php';
require_once 'inc/haut_de_site.inc.php';
echo '<section>';
echo "<h1>Connexion</h1>";
if (utilisateurEstConnecte()) {
header('location:profil.php');
exit;
}
if (isset($_POST['connexion'])) {
$query = sprintf("SELECT * FROM membre WHERE pseudo='%s'", $mysqli->real_escape_string($_POST['pseudo']));
// Protection injection SQL : $mysqli->real_escape_string : empêche les ' en mettant des \ devant et pour les POST, utile que lors de la connection au site pour éviter la faille 'OR 1=1 OR 1=' dans le pseudo. %s sert à appeler la chaîne de charactère créer par $mysqli pour ensuite vérifier avec la requête que le pseudo existe bien.
$selection_membre = executeRequete($query);
if ($selection_membre->num_rows != 0) {
$membre = $selection_membre->fetch_assoc();
$mdpRecu = passwordHash($_POST['mdp']);
// $mdpBDDRecup = $membre['mdp'];
if ($mdpRecu == $membre['mdp']) {
foreach ($membre as $indice => $valeurs) {
if ($indice != 'mdp') {
$_SESSION['utilisateur'][$indice] = $valeurs;
}
}
header("location:profil.php");
exit;
} else {
$msg .= "<div class='erreur'>Mot de passe incorrect</div>";
}
} else {
$msg .= "<div class='erreur'>Pseudo incorrect</div>";
}
echo '<section>';
if (utilisateurEstConnecte()) {
header('location:profil.php');
//permet de rediriger le membre connecté vers sa page profil
exit;
}
if (isset($_POST['reset'])) {
$emailPost = htmlspecialchars($_POST['email']);
$email = executeRequete("SELECT mail FROM membre WHERE mail='{$emailPost}' ");
if (!empty($_POST['email'])) {
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
if ($email->num_rows == 0) {
echo '<p class="erreur">Cette adresse mail n\'existe pas pour notre site.</p>';
} else {
$randomPassword = substr(uniqid(rand(), true), 3, 10);
$new_password = passwordHash($randomPassword);
// Création d'un nouveau mdp aléatoire grâce au rand
$reset_mdp_bdd = executeRequete("UPDATE membre SET mdp='{$new_password}' WHERE mail='{$_POST['email']}' ");
$body = "Votre mot de passe a bien été réinitialiser pour le site Hus- Design with passion. Votre nouveau mot de passe temporaire est '{$randomPassword}'. Veuillez changer de mot de passe une fois sur le site en vous dirigeant vers la page profil et en cliquant sur le bouton 'Changer de mot de passe' .";
mail($_POST['email'], 'Votre mot de passe temporaire', $body, 'From: Hus@admin.fr');
// Mise en page du mail
echo "<p class='validation'>Votre mot de passe a bien été changé. Vous allez recevoir un mot de passe temporaire dans votre boîte mail. Regardez également dans vos spams si vous ne le trouvez pas dans votre dossier de réception principal. Une fois connecté avec ce mot de passe, veillez à le changer pour un mot de passe que vous vous souviendrez plus facilement en veillant à ce qu'il soit sécurisé. </p>";
}
} else {
echo '<p class="erreur">Vous devez renseigner une adresse email valide : exemple@monsite.fr</p>';
}
} else {
echo '<p class="erreur">Vous devez renseigner une adresse mail.</p>';
}
}
?>
$membre = $selection_membre->fetch_assoc();
foreach ($membre as $indice => $valeurs) {
$_SESSION['utilisateur'][$indice] = $valeurs;
}
header('location:profil.php');
exit;
}
// ------------------ Mise à jour du mot de passe ---------------
if (isset($_POST['maj_mdp'])) {
$nouveau_mdp = $_POST['nouveau_mdp'];
$resaisir_mdp = $_POST['resaisir_mdp'];
$recup_mdp = $mysqli->query("SELECT mdp FROM membre WHERE id_membre=' " . $_SESSION['utilisateur']['id_membre'] . " ' ");
$recherche_mdp = $recup_mdp->fetch_assoc();
// $bdd_mdp = $recherche_mdp['mdp'];
if ($nouveau_mdp == $resaisir_mdp) {
$nouveau_mdpHash = passwordHash($nouveau_mdp);
$msg .= "<div class='validation' id='notification'>Votre mot de passe a été modifié</div>";
$modif_mdp_bdd = executeRequete("UPDATE membre SET mdp='{$nouveau_mdpHash}' WHERE id_membre=' " . $_SESSION['utilisateur']['id_membre'] . " ' ");
} else {
$msg .= "<div class='erreur' id='notification'>Les mots de passe ne sont pas identiques.</div>";
}
// header('location:profil.php');
}
// ------------------------------Mise à jour newsletter ---------------
if (utilisateurEstConnecte()) {
$abonnement_membre = executeRequete("SELECT Checkbox FROM newsletter WHERE id_membre = " . $_SESSION['utilisateur']['id_membre'] . "");
$resultat_abo = $abonnement_membre->fetch_assoc();
$nbLineAbo = $abonnement_membre->num_rows;
if (isset($_POST['abonner'])) {
if ($nbLineAbo == 0) {
executeRequete("INSERT INTO newsletter VALUES ('','" . $_SESSION['utilisateur']['id_membre'] . "', 'oui')");
$result = $conn->query("SELECT * FROM usersimgs WHERE userId='" . $_POST["loginId"] . "'");
$data = $result->fetch_all(MYSQLI_ASSOC);
echo json_encode($data);
}
break;
case isset($_POST["updateMyProfileDetails"]):
if (isset($_POST["updateMyProfileDetails"]) && !empty($_POST["updateMyProfileDetails"]) && isset($_POST["newEducationSelected"]) && !empty($_POST["newEducationSelected"]) && isset($_POST["newAcademySelected"]) && !empty($_POST["newAcademySelected"]) && isset($_POST["newAgeSelected"]) && !empty($_POST["newAgeSelected"])) {
$result = $conn->query("UPDATE users SET gender ='" . $_POST["newGenderSelected"] . "' , Name ='" . $_POST["newNameSelected"] . "' , education ='" . $_POST["newEducationSelected"] . "' , Age ='" . $_POST["newAgeSelected"] . "' , academy ='" . $_POST["newAcademySelected"] . "' , year = '" . $_POST["newYearSelected"] . "' WHERE id ='" . $_POST["updateId"] . "' ");
echo $result;
} else {
echo "N0T updated";
}
break;
case isset($_POST["InsertNewUser"]):
if (isset($_POST["InsertNewUser"]) && !empty($_POST["InsertNewUser"]) && isset($_POST["newNameSelected"]) && !empty($_POST["newNameSelected"]) && isset($_POST["newPasswordSelected"]) && !empty($_POST["newPasswordSelected"]) && isset($_POST["newEducationSelected"]) && !empty($_POST["newEducationSelected"]) && isset($_POST["newAcademySelected"]) && !empty($_POST["newAcademySelected"]) && isset($_POST["newAgeSelected"]) && !empty($_POST["newAgeSelected"])) {
$passHash = passwordHash($_POST["newPasswordSelected"]);
$result = $conn->query("INSERT users SET Name ='" . $_POST["newNameSelected"] . "' ,password ='******' , gender ='" . $_POST["newGenderSelected"] . "' , education ='" . $_POST["newEducationSelected"] . "' , Age ='" . $_POST["newAgeSelected"] . "' , academy ='" . $_POST["newAcademySelected"] . "' , year = '" . $_POST["newYearSelected"] . "'");
$last_id = mysqli_insert_id($conn);
echo $last_id;
} else {
echo "N0T updated";
}
break;
case isset($_POST["InsertNewUserFilter"]):
if (isset($_POST["InsertNewUserFilter"])) {
$result = $conn->query("UPDATE users SET filterGender ='" . $_POST["filterGender"] . "' , filterFromAge ='" . $_POST["filterFromAge"] . "' , filterToAge ='" . $_POST["filterToAge"] . "' , filterAcademy = '" . $_POST["filterAcademy"] . "' , filterYear = '" . $_POST["filterYear"] . "' WHERE id ='" . $_POST["myProfileId"] . "' ");
} else {
echo "N0T updated";
}
break;
case isset($_FILES['file']['name']):
<?php
require 'init.php';
if (isLogged()) {
header('Location: index.php');
}
if (getVar('email') && getVar('password')) {
$loginQuery = $dbh->prepare("SELECT id FROM users WHERE email = :email AND password = :password");
$loginQuery->execute(array(':email' => getVar('email'), ':password' => passwordHash(getVar('password'))));
$login = $loginQuery->fetch();
$loginQuery->closeCursor();
if ($loginQuery->rowCount()) {
$_SESSION['id'] = $login['id'];
$rolesQuery = $dbh->prepare("SELECT is_admin, is_moderator, is_writer FROM users_roles WHERE user_id = :id");
$rolesQuery->execute(array(':id' => $login['id']));
$roles = $rolesQuery->fetch();
$rolesQuery->closeCursor();
$_SESSION['roles']['admin'] = $roles['is_admin'];
$_SESSION['roles']['moderator'] = $roles['is_moderator'];
$_SESSION['roles']['writer'] = $roles['is_writer'];
header('Location: index.php');
} else {
renderSingle('login', array('failedLogin' => true));
}
}
renderSingle('login', array('failedLogin' => false));
static function submitNewUser($username, $password, $email, $password2 = null)
{
if (!registerUsers()) {
return 5;
}
// admin has disabled registering new users
$email = filter_var($email, FILTER_SANITIZE_EMAIL);
$username = validateUserName($username) ? $username : false;
$password = validatePassword($password) ? $password : false;
if (!$username || !$password) {
return 1;
// username or password does not meet the requirements
}
if (isset($password2)) {
$password2 = validatePassword($password2) ? $password2 : false;
if ($password2 != false) {
//$password2 = passwordHash($password2);
if ($password2 != $password) {
return 4;
// passwords do not match
}
} else {
return 4;
}
}
$password = passwordHash($password);
$current_datetime = jDateTime::gdate('Y-m-d H:i:s');
if (Users::userExists($username)) {
return 2;
// username already exist
}
$activate = md5($email . time());
$conn = MySQL::open_conn();
$query = "INSERT INTO c_users (user_login, user_pass, user_email, user_registered, activate) ";
$query .= "VALUES ('{$username}', '{$password}', '{$email}', '{$current_datetime}', '{$activate}')";
$res = $conn->query($query);
if (!$res) {
return 3;
}
// unknown error while creating new user
$row = $conn->query("SELECT MAX(ID) AS max FROM c_users")->fetch_array();
if ($row) {
$id = $row['max'];
}
if (shouldConfMail()) {
$mail_content = replace_template(getDefaultEmailTemplateContent(), getConfEmailTemplateVars($id));
Email::sendMail($email, $username, getConfMailSubject(), $mail_content);
}
return 0;
}
$notify = 'verified';
} else {
$notify = 'not_verified';
}
}
if (isset($_POST['register_user'])) {
$pass = trim($_POST['adminpass']);
$user = trim($_POST['adminuser']);
$admin_n = trim($_POST['admin_name']);
$admin_e = trim($_POST['admin_email']);
if (!empty($user) && !empty($admin_n) && !empty($admin_e)) {
if ($pass == trim($_POST['adminpass_2'])) {
if (empty($pass)) {
$pwd = null;
} else {
$pwd = passwordHash($_POST['adminuser'], $pass);
}
$notify = '';
$currentadmins = getAdministrators();
foreach ($currentadmins as $admin) {
if ($admin['user'] == $user) {
$notify = 'exists';
break;
}
}
if (!is_valid_email_zp($admin_e)) {
$notify = 'invalidemail';
}
if (empty($notify)) {
saveAdmin($user, $pwd, $admin_n, $admin_e, 0, NULL);
$link = FULLWEBPATH . '/index.php?p=' . substr($_zp_gallery_page, 0, -4) . '&verify=' . bin2hex(serialize(array('user' => $user, 'email' => $admin_e)));
}
}
if (!isset($_POST['login'])) {
$_zp_loggedin = checkAuthorization(zp_getCookie('zenphoto_auth'));
if (!$_zp_loggedin) {
// Clear the cookie
zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
}
} else {
// Handle the login form.
if (isset($_POST['login']) && isset($_POST['user']) && isset($_POST['pass'])) {
$post_user = sanitize($_POST['user'], 3);
$post_pass = sanitize($_POST['pass'], 3);
$redirect = sanitize_path($_POST['redirect']);
if ($_zp_loggedin = checkLogon($post_user, $post_pass)) {
zp_setcookie("zenphoto_auth", passwordHash($post_user, $post_pass), time() + COOKIE_PESISTENCE, $cookiepath);
if (!empty($redirect)) {
header("Location: " . FULLWEBPATH . '/' . $redirect);
}
} else {
// Clear the cookie, just in case
zp_setcookie("zenphoto_auth", "", time() - 368000, $cookiepath);
// was it a request for a reset?
if ($_zp_captcha->checkCaptcha(trim($post_pass), sanitize($_POST['code_h'], 3))) {
if (empty($post_user)) {
$requestor = 'You are receiving this e-mail because of a password reset request on your Zenphoto gallery.';
} else {
$requestor = sprintf(gettext("You are receiving this e-mail because of a password reset request on your Zenphoto gallery from a user who tried to log in as %s."), $post_user);
}
$admins = getAdministrators();
$user = array_shift($admins);
require 'init.php';
if (!$_SESSION['id']) {
render('forbidden');
}
$sth = $dbh->prepare("SELECT email FROM users WHERE id = :id");
$sth->execute(array(':id' => $_SESSION['id']));
$email = $sth->fetch()['email'];
//Profil change
if (getVar('email')) {
//Password change
if (getVar('oldPassword')) {
if (getVar('newPassword1') != getVar('newPassword2')) {
render('profil', array('script' => 'toastr.error(\'Les deux mots de passe sont differents\', \'Erreur\');', 'email' => $email));
}
$sth = $dbh->prepare("SELECT id FROM users WHERE id = :id AND password = :password");
$sth->execute(array(':id' => $_SESSION['id'], ':password' => passwordHash(getVar('oldPassword'))));
$user = $sth->fetch();
if (!$sth->rowCount()) {
render('profil', array('script' => 'toastr.error(\'Le mot de passe est errone\', \'Erreur\');', 'email' => $email));
} else {
$sth = $dbh->prepare("UPDATE users SET email = :email, password = :password WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => $_SESSION['id'], ':email' => getVar('email'), ':password' => passwordHash(getVar('newPassword1'))));
render('profil', array('script' => 'toastr.success(\'Le mot de passe a bien ete change\', \'Profil modifie\');', 'email' => $email));
}
} else {
$sth = $dbh->prepare("UPDATE users SET email = :email WHERE id = :id LIMIT 1");
$sth->execute(array(':id' => $_SESSION['id'], ':email' => getVar('email')));
render('profil', array('script' => 'toastr.success(\'L\'email a bien ete change\', \'Profil modifie\');', 'email' => $email));
}
}
render('profil', array('script' => null, 'email' => $email));
/**
* Sets the encrypted album password
*
* @param string $pwd the cleartext password
*/
function setPassword($pwd)
{
if (empty($pwd)) {
$this->set('password', "");
} else {
$this->set('password', passwordHash($this->get('user'), $pwd));
}
}
$msg .= "<div class='erreur'>Le mot de passe doit être compris entre 4 et 14 caractères</div>";
}
if (empty($msg)) {
$membre = executerequete("SELECT * FROM membre WHERE pseudo='{$_POST['pseudo']}'");
if ($membre->num_rows > 0) {
$msg .= "<div class='erreur'>Pseudo indisponible</div>";
} else {
// protection faille XSS :
$pseudo = htmlspecialchars(addslashes($_POST['pseudo']));
$nom = htmlspecialchars(addslashes($_POST['nom']));
$prenom = htmlspecialchars(addslashes($_POST['prenom']));
$email = htmlspecialchars(addslashes($_POST['email']));
$ville = htmlspecialchars(addslashes($_POST['ville']));
$cp = htmlspecialchars(addslashes($_POST['cp']));
$adresse = htmlspecialchars(addslashes($_POST['adresse']));
$mdp = passwordHash($_POST['mdp']);
executeRequete("INSERT INTO membre (pseudo,mdp,nom,prenom,mail,sexe,ville,cp,adresse) VALUES ('{$pseudo}','{$mdp}','{$nom}','{$prenom}','{$email}','{$_POST['sexe']}','{$ville}','{$cp}','{$adresse}')");
$msg .= "<div class='validation'>Félicitations ! Inscription effectuée.</div>";
}
}
}
echo $msg;
?>
<h1>Inscription</h1>
<div id="form_inscription">
<form method="POST" action="inscription.php">
<label for="pseudo">Pseudo</label>
<input type="text" id="pseudo" name="pseudo" maxlength="14" placeholder="Pseudo" title="caractères acceptés : a-zA-Z0-9_." class="design_input"><br>
<!--required="required" pattern="[a-zA-Z0-9_.]"-->
<label for="mdp">Mot de passe</label>
/**
* Checks a logon user/password against the list of admins
*
* Returns true if there is a match
*
* @param string $user
* @param string $pass
* @return bool
*/
function checkLogon($user, $pass)
{
$admins = getAdministrators();
foreach ($admins as $admin) {
if ($admin['user'] == $user) {
$md5 = passwordHash($user, $pass);
if ($admin['pass'] == $md5) {
return checkAuthorization($md5);
}
}
}
return false;
}
function main()
{
global $session;
global $db_connect_info;
global $page_focus;
$http_user_email = trim($_POST['user-email']);
$http_user_password = $_POST['user-password'];
$http_user_new_password = $_POST['user-new-password'];
$http_user_new_password_re = $_POST['user-new-password-re'];
$http_student_id = trim($_POST['student-id']);
$http_student_password = $_POST['student-password'];
$http_user_password_drop = $_POST['user-drop-password'];
// 0: 계정 정보, 1: 재학생 인증, 2: 이메일 변경, 4: 비번 변경, 4: 계정 삭제
$page_focus = 0;
if (!$session->started()) {
navigateTo(HREF_MAIN);
}
$db = new YwDatabase($db_connect_info);
if (!$db->connect()) {
return array('result' => false, 'message' => '서버와의 연결에 실패했습니다');
}
// 유저 정보 불러오기
if (!$db->query("SELECT * FROM " . USER_TABLE . " WHERE `id`=" . $session->id . ";")) {
return array('result' => false, 'message' => '유저 정보를 불러오는데 실패했습니다');
}
$user = $db->get_result();
$user['login_history'] = array();
// 최근 3일간 로그인 기록 가져오기
if (!$db->query("SELECT * FROM " . LOG_TABLE . " WHERE `user_name`='" . $user['name'] . "' AND `behavior`='signin' AND `timestamp` >= (CURDATE() - INTERVAL 3 DAY) " . "ORDER BY `timestamp` DESC LIMIT 30;")) {
return array('result' => false, 'user' => $user, 'message' => '최근 로그인 기록을 로드하는데 실패했습니다');
}
while ($result = $db->get_result()) {
array_push($user['login_history'], $result);
}
if (!empty($http_student_id)) {
$page_focus = 1;
// 중복 학번 검사
if (!$db->query("SELECT 1 FROM " . USER_TABLE . " WHERE `code`='" . $db->purify($http_student_id) . "';")) {
return array('result' => false, 'user' => $user, 'message' => '학번을 조회하지 못했습니다');
}
if ($db->total_results() > 0) {
return array('result' => false, 'user' => $user, 'message' => '이미 인증에 사용된 연세포탈 계정입니다');
}
// 포탈 로그인 인증
if (!getYonseiAuth($http_student_id, $http_student_password)) {
return array('result' => false, 'message' => '학번이나 비밀번호가 올바르지 않습니다');
}
if (!$db->query("UPDATE " . USER_TABLE . " SET `code`='" . $http_student_id . "'" . (intval($user['permission']) < 1 ? ", `permission`=1" : "") . " WHERE `id`=" . $user['id'] . ";")) {
return array('result' => false, 'message' => '서버 오류로 인증을 완료하지 못했습니다');
}
if ($user_permission < 1) {
$session->setPermission(1);
}
$db->log($session->name, LOG_STUDENT_AUTH, $http_student_id);
navigateTo(HREF_DASHBOARD . '?auth=1');
return array('result' => true, 'user' => $user, 'message' => '재학생 인증을 완료했습니다');
}
// 이메일 변경
if (!empty($http_user_email)) {
$page_focus = 2;
if (!filter_var($http_user_email, FILTER_VALIDATE_EMAIL)) {
return array('result' => false, 'user' => $user, 'message' => '이메일 주소가 올바르지 않습니다');
}
if (strcmp($user['email'], $http_user_email) == 0) {
return array('result' => false, 'user' => $user, 'message' => '동일한 이메일 주소가 입력되었습니다');
}
if (!$db->query("SELECT 1 FROM " . USER_TABLE . " WHERE `email`='" . $db->purify($http_user_email) . "';")) {
return array('result' => false, 'user' => $user, 'message' => '이메일 주소 조회에 실패했습니다');
}
if ($db->total_results() > 0) {
return array('result' => false, 'user' => $user, 'message' => '이미 사용중인 이메일 주소입니다');
}
if (!$db->query("UPDATE " . USER_TABLE . " SET `email`='" . $db->purify($http_user_email) . "' WHERE `id`=" . $user['id'] . ";")) {
return array('result' => false, 'user' => $user, 'message' => '이메일 주소 변경에 실패하였습니다');
}
$db->log($session->name, LOG_CHANGE_EMAIL, $user['email']);
$user['email'] = $http_user_email;
return array('result' => true, 'user' => $user, 'message' => '이메일 주소를 변경하였습니다');
}
// 비밀번호 변경
if (!empty($http_user_new_password)) {
$page_focus = 3;
if (strcmp($http_user_new_password, $http_user_new_password_re) != 0) {
return array('result' => false, 'user' => $user, 'message' => '비밀번호와 비밀번호 확인이 일치하지 않습니다');
}
if (strlen($http_user_new_password) < 4) {
return array('result' => false, 'user' => $user, 'message' => '비밀번호는 4자 이상으로 입력해 주세요');
}
$http_user_password = passwordHash($http_user_password);
$http_user_new_password = passwordHash($http_user_new_password);
if (strcmp($user['password'], $http_user_password) != 0) {
return array('result' => false, 'user' => $user, 'message' => '현재 비밀번호가 올바르지 않습니다');
}
if (!$db->query("UPDATE " . USER_TABLE . " SET `password`='" . $http_user_new_password . "' WHERE `id`=" . $user['id'] . ";")) {
return array('result' => false, 'user' => $user, 'message' => '서버 오류로 비밀번호를 변경하지 못했습니다');
}
$db->log($session->name, LOG_CHANGE_PASSWORD, $user['password']);
return array('result' => true, 'user' => $user, 'message' => '비밀번호를 변경하였습니다.');
}
// 계정 삭제
if (!empty($http_user_password_drop)) {
$page_focus = 4;
if (strcmp($user['password'], passwordHash($http_user_password_drop)) != 0) {
return array('result' => false, 'user' => $user, 'message' => '비밀번호가 올바르지 않습니다');
}
if (!$db->query("DELETE FROM " . USER_TABLE . " WHERE `id`=" . $user['id'] . ";")) {
return array('result' => false, 'user' => $user, 'message' => '서버 오류로 계정을 삭제하지 못했습니다');
}
$db->log($session->name, LOG_DELETE_ACCOUNT, '');
navigateTo(HREF_SIGNOUT);
return array('result' => true, 'user' => $user, 'message' => '');
}
return array('result' => true, 'user' => $user);
}
$_POST['searchpass'] = $pwd;
// invalidate, user changed but password not set
if (!empty($newuser) && empty($pwd) && empty($pwd2)) {
$fail = '?mismatch=user_search';
}
}
}
if ($_POST['searchpass'] == $_POST['searchpass_2']) {
setOption('search_user', $newuser);
if (empty($pwd)) {
if (empty($_POST['searchpass'])) {
setOption('search_password', NULL);
// clear the gallery password
}
} else {
setOption('search_password', passwordHash($newuser . $pwd));
}
} else {
if (empty($notify)) {
$notify = '?mismatch=search';
} else {
$notify = $fail;
}
}
setOption('gallery_hint', process_language_string_save('gallery_hint', 3));
setOption('search_hint', process_language_string_save('search_hint', 3));
setBoolOption('persistent_archive', isset($_POST['persistent_archive']));
setBoolOption('album_session', isset($_POST['album_session']));
$oldloc = getOption('locale', true);
// get the option as stored in the database, not what might have been set by a cookie
$newloc = sanitize($_POST['locale'], 3);
if ($userQuery->rowCount()) {
$newPass = genPassword();
mail(getVar('email'), 'Your new password on ' . getConfigKey('title'), 'Your new password is ' . $newPass);
$resetQuery = $dbh->prepare("UPDATE users SET password = :password WHERE email = :email LIMIT 1");
$resetQuery->execute(array(':password' => passwordHash($newPass), ':email' => getVar('email')));
render('user-reset', array());
} else {
render('error', array('error' => 'No account was found.'));
}
} else {
render('user-reset');
}
break;
case 'login':
$loginQuery = $dbh->prepare("SELECT id, firstname, lastname, username, email, address, city, postalcode, phone FROM users WHERE username = :username AND password = :password");
$loginQuery->execute(array(':username' => getVar('username'), ':password' => passwordHash(getVar('password'))));
$user = $loginQuery->fetchAll()[0];
if ($loginQuery->rowCount()) {
foreach ($user as $key => $value) {
$_SESSION[$key] = $value;
}
renderHome();
} else {
renderHome('loginFailed', true);
}
break;
case 'edit':
if (getVar('email')) {
$userQuery = $dbh->prepare("UPDATE users SET email = :email, firstname = :firstname, lastname = :lastname, address = :address, city = :city, postalcode = :postalcode, phone = :phone WHERE id = :id LIMIT 1");
$userQuery->execute(array(':id' => $_SESSION['id'], ':email' => getVar('email'), ':firstname' => getVar('firstname'), ':lastname' => getVar('lastname'), ':address' => getVar('address'), ':city' => getVar('city'), ':postalcode' => getVar('postalcode'), ':phone' => getVar('phone')));
renderHome('userUpdated', true);
})->add($mw);
$app->get('/email_registered/{email}', function ($req, $res, $args) {
if (isEmailRegistered($args['email'])) {
return $res->withAddedHeader('status', 'error')->withStatus(200);
}
return $res->withAddedHeader('status', 'success')->withStatus(200);
});
$app->get('/logout', function ($req, $res, $args) {
$session = destroySession();
$response["status"] = "info";
$response["message"] = "Logged out successfully";
return $res->write(json_encode($response))->withStatus(200);
});
$app->post('/login', function ($req, $res, $args) {
$user = $req->getParsedBody()["customer"];
$saltedPass = passwordHash($user['email'], $user['password']);
$userQuery = array('email' => $user['email']);
$db = getMongo();
$user = $db->users->findOne($userQuery);
if ($user != NULL) {
if ($user['password'] === $saltedPass) {
$response['status'] = "success";
$response['message'] = 'Logged in successfully.';
$response['name'] = $user['name'];
$response['uid'] = $user['_id'];
$response['email'] = $user['email'];
if (!isset($_SESSION)) {
session_start();
}
$_SESSION['uid'] = $user['_id'];
$_SESSION['email'] = $user['email'];
<?php
if (isset($_POST["submit_update_user"])) {
$id = $_GET['id'];
$changepass = false;
//$username = $_POST['new_user_username'];
//$username = validateUserName($username) ? $_POST['new_user_username'] : false;
if (!empty($_POST['new_user_password'])) {
$changepass = true;
$bh_password = $_POST['new_user_password'];
$bh_password = validatePassword($bh_password) ? $_POST['new_user_password'] : false;
$password = passwordHash($bh_password);
}
$email = $_POST['new_user_email'];
//$vip = isset($_POST['new_user_vip']) ? 1 : 0;
$bp_role = $_POST['new_user_role'];
$bp_vip = $_POST['new_user_vip'];
if ($bp_vip == 0) {
$vip = 0;
$vip_start = null;
$vip_expire = null;
} elseif ($bp_vip == -1) {
$vip = -1;
$vip_start = $current_datetime;
$vip_expire = null;
} else {
$vip = $bp_vip;
$vip_start = strtotime($current_datetime);
$vip_expire = strtotime('+' . $vip . ' day', $vip_start);
$vip_start = $current_datetime;
$vip_expire = date('Y-m-d H:i:s', $vip_expire);
<?php
require 'init.php';
//User already logged
if (isset($_SESSION['id'])) {
render('dashboard', array('regularInfos' => $regularInfos, 'regularPlayers' => $regularPlayers, 'supertanksInfos' => $supertanksInfos, 'supertanksPlayers' => $supertanksPlayers, 'voiceUsers' => $voiceUsers));
}
if (getVar('login') && getVar('password')) {
$sth = $dbh->prepare("SELECT id, login, email, level FROM users WHERE login = :login AND password = :password");
$sth->execute(array(':login' => getVar('login'), ':password' => passwordHash(getVar('password'))));
$user = $sth->fetchAll()[0];
if ($sth->rowCount()) {
foreach ($user as $key => $value) {
$_SESSION[$key] = $value;
}
render('dashboard', array('regularInfos' => $regularInfos, 'regularPlayers' => $regularPlayers, 'supertanksInfos' => $supertanksInfos, 'supertanksPlayers' => $supertanksPlayers, 'voiceUsers' => $voiceUsers));
} else {
render('login', array('logfailed' => true));
}
} else {
render('login', array('logfailed' => false));
}
