/**
* Page de connexion
*/
public function login()
{
if (isset($_POST['login-submit'])) {
// Si on a reçu une soumission de formulaire
if (!isset($_POST['email']) || empty($_POST['email']) || !isset($_POST['password']) || empty($_POST['password'])) {
// S'il manque des informations
$this->redirectToRoute('login');
}
$authManager = new \W\Security\AuthentificationManager();
$userId = $authManager->isValidLoginInfo($_POST['email'], $_POST['password']);
if ($userId) {
// Les infos sont cohérentes
$usersManager = new \Manager\UserManager();
$user = $usersManager->find($userId);
unset($user['password']);
// Enregistrement des infos utilisateur en session
$authManager->logUserIn($user);
// Retour à l'accueil
$this->redirectToRoute('home');
}
// Si il y a une erreur dans le login ou le mot de passe
$this->show('default/login', ['errorConnection' => true]);
}
// on va sur la page de login de base
$this->show('default/login');
}
public function check()
{
$authentificationManager = new \W\Security\AuthentificationManager();
$loggedUser = $authentificationManager->getLoggedUser();
//si l'utilisateur est déjà connecté...
if ($loggedUser) {
return true;
}
//si on a un cookie de w_remember_me
if (!empty($_COOKIE['kikala_remember_me'])) {
//check en base de données que les données sont les bonnes
$cookieData = json_decode($_COOKIE['kikala_remember_me'], true);
$userManager = new \Manager\UserManager();
$user = $userManager->find($cookieData['id']);
//si le hash du cookie verifie le hash en bdd
if (password_verify($cookieData['token'], $user['tokenCookie'])) {
$authentificationManager->logUserIn($user);
return true;
} else {
//efface le cookie erroné
setcookie('kikala_remember_me', '', 0, '/');
return false;
}
}
return false;
}
/**
* Page d'accueil
*/
public function home()
{
$newFormation = new \Manager\FormationManager();
$countFormation = $newFormation->countFormations();
$newUser = new \Manager\UserManager();
$countKikologue = $newUser->countKikologue();
$this->show('default/home', ['nbrFormation' => $countFormation['nbrFormation'], 'nbrKikologue' => $countKikologue['nbrKikologue']]);
}
public function validateFormulaire()
{
$username = $this->post['username'];
$email = $this->post['email'];
$password = $this->post['password'];
$passwordConfirm = $this->post['passwordConfirm'];
$lastname = $this->post['lastname'];
$firstname = $this->post['firstname'];
$birthyear = $this->post['birthyear'];
$sex = $this->post['sex'];
$job = $this->post['job'];
$instructorDescription = $this->post['instructorDescription'];
$studentDescription = $this->post['studentDescription'];
// Contrôle des champs obligatoires sur la formation
$validator = new \Utils\FormValidator();
$validator->validateNotEmpty($username, "username", "Le pseudo est obligatoire !");
$validator->validateNotEmpty($email, "email", "L'email est obligatoire !");
$validator->validateNotEmpty($password, "password", "Choisir un mot de passe !");
$validator->validateNotEmpty($passwordConfirm, "passwordConfirm", "Ressaisir le mot de passe !");
$validator->validateNotEmpty($lastname, "lastname", "Saisir votre nom !");
$validator->validateNotEmpty($firstname, "firstname", "Saisir votre prénom !");
$validator->validateNotEmpty($birthyear, "birthyear", "Saisir votre année de naissance !");
$validator->validateNotEmpty($sex, "sex", "Indiquer votre sexe !");
$validator->validateNotEmpty($job, "job", "Saisir votre métier !");
$validator->validateNotEmpty($instructorDescription, "instructorDescription", "Saisir votre description en tant que formateur !");
$validator->validateNotEmpty($studentDescription, "studentDescription", "Saisir votre description en tant qu'étudiant !");
if ($validator->isValid()) {
$validator->validateEmail($email, "email", "L'email est incorrect !");
$validator->validateYear($birthyear, "birthyear", "Votre année de naissance doit être comprise entre 1900-2099 !");
$validator->validateCharacter($username, "username", "Le pseudo comporte des caractères interdits !");
}
if (!$validator->isValid()) {
$this->error = $validator->getErrors();
$this->isValid = false;
}
if ($this->isValid) {
// 1 - on crée l'instance
$userManager = new \Manager\UserManager();
// erreur pour le mail (déjà existant)
if ($userManager->emailExists($email)) {
$this->isValid = false;
$this->error['email'] = 'Email déjà utlisé !';
}
if ($userManager->usernameExists($username)) {
$this->isValid = false;
$this->error['username'] = '******';
}
// erreur sur le mdp
if ($password != $passwordConfirm) {
$this->isValid = false;
$this->error['passwordConfirm'] = 'Les mots de passe ne correspondent pas !';
}
}
}
public function log()
{
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
$passwordError = "";
if ($_POST) {
if ($_POST['logger'] == null || $_POST['password'] == null) {
$passwordError = "vide!";
} else {
$logger = $_POST['logger'];
$password = $_POST['password'];
$pos = strpos($logger, '@');
//on test sur le champ username
if ($pos === false) {
$username = $logger;
if ($usermanager->usernameExists($username)) {
if ($auth->isValidLoginInfo($username, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($username);
$auth->logUserIn($user);
if ($_POST['remember']) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
}
$this->show('logger/log', ["passwordError" => $passwordError]);
} else {
$passwordError = "Wrong login/mp couple!";
}
} else {
$passwordError = "Login not found!";
}
} else {
//sinon le log contient un @ c'est un email dc verification dans la BDD sur le champ email
$email = $logger;
if ($usermanager->emailExists($email)) {
if ($auth->isValidLoginInfo($email, $password)) {
$user = $usermanager->getUserByUsernameOrEmail($email);
$auth->logUserIn($user);
if ($_POST['remember']) {
setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
}
$this->show('logger/log', ["passwordError" => $passwordError]);
} else {
$passwordError = "Wrong email/mp couple!";
}
} else {
$passwordError = "Email not found";
}
}
}
}
$this->show('logger/log', ["passwordError" => $passwordError]);
}
public function mailPasswordRecovery($token, $id)
{
unset($_SESSION['error']);
if (isset($token) && isset($id)) {
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
$user = $usermanager->find($id);
$tokenVerif = $user['token'];
if (password_verify($token, $tokenVerif)) {
$usermanager->update(['token' => '', 'token_timestamp' => 0], $id);
$auth->logUserIn($user);
$_SESSION['error']['forgetpassword'] = "******";
$this->show('user/changepassword', ['id' => $id]);
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
$this->show('default/home');
}
function confirmAccount($token, $subscription)
{
//die(time().'---'.$token.'---->'.$subscription);
if ($token != 0 && time() < $token && $subscription == 0) {
$response[0] = true;
$response[1] = "Log correct but please check your mail for confirmation's account !";
} else {
if ($token != 0 && time() > $token && $subscription == 0) {
$usermanager = new \Manager\UserManager();
$auth = new \W\Security\AuthentificationManager();
$usermanager->delete($_SESSION['user']['id']);
$auth->logUserOut();
setcookie("auth", "", time() - 3600, '/', 'localhost', false, true);
$response[0] = false;
$response[1] = "Your account don't confirm during 3 days so I deleted it Mother F****r!";
} else {
$response[0] = true;
$response[1] = "Log correct !";
}
}
return $response;
}
/**
* Page Inscription d'une formation
*/
public function manageInscriptions()
{
$message = array();
// inscription à une formation
// si l'utilisateur n'est pas connecté => Message d'erreur : il faut se connecter pour s'inscrire
$authentificationManager = new \W\Security\AuthentificationManager();
if (!$authentificationManager->getLoggedUser()) {
$message[] = 'Merci de vous connecter pour vous inscrire à une formation';
} else {
$authentificationManager->refreshUser();
$loggedUser = $this->getUser();
$newinscription = new \Manager\InscriptionManager();
$newuser = new \Manager\UserManager();
if ($_POST['register'] == 1) {
// inscription
$insert = $newinscription->insert(['userId' => $loggedUser['id'], 'formationId' => $_POST['formation-id']]);
//
if ($insert) {
// Inscription : supprimer un kiko à l'user
$newuser->manageKikos($loggedUser['id'], 'del');
$message[] = 'Vous êtes bien inscrit !';
}
} else {
// Annulation d'une inscription
$del = $newinscription->cancelInscription($_POST['formation-id'], $loggedUser['id']);
if ($del) {
// Désinscription : on ajoute un kiko à l'user
$newuser->manageKikos($loggedUser['id'], 'add');
$message[] = 'Votre annulation a bien été pris en compte !';
}
}
$authentificationManager->refreshUser();
$loggedUser = $this->getUser();
$message[] = $loggedUser['credit'];
}
$messagesJson = json_encode($message);
header("Content-Type: application/json");
echo $messagesJson;
}
public function changePassword($token)
{
// je regarde si le token existe en DB
$tokenManager = new \Manager\TokenManager();
$tokenExist = $tokenManager->tokenExists($token);
if ($tokenExist) {
// a la 1ere arrivée sur la page, le formulaire n'a pas été soumis
// je regarde si l'utilisateur a mis les 2 même mot de passe
if (isset($_POST['password']) && isset($_POST['password-confirm']) && !empty($_POST['password']) && !empty($_POST['password-confirm'])) {
// je compare si les mots de passe sont egaux
if ($_POST['password'] == $_POST['password-confirm']) {
// mise a jour du mot de passe
$userManager = new \Manager\UserManager();
$updateUser = $userManager->update(['password' => password_hash($_POST['password'], PASSWORD_DEFAULT)], $tokenExist['id_users']);
if ($updateUser) {
// suppresion du token
$tokenManager->delete($tokenExist['id']);
$this->redirectToRoute('login');
}
} else {
$this->show('user/change_password', ['token' => $token, 'errorPass' => true]);
}
}
$this->show('user/change_password', ['token' => $token]);
}
//le token n'existe pas en DB
$this->show('user/change_password', ['errorToken' => true]);
}
}
$smarty->registerPlugin("function", "clear_infos", "smarty_clear_infos_tag");
function smarty_clear_infos_tag($params, $smarty)
{
unset($_SESSION["info"]);
}
$smarty->assign("controller", $controller);
$smarty->assign("action", $action);
$controllerClass = "Controller\\" . ucfirst($controller);
$actionMethod = "load" . ucfirst($action);
if (!class_exists($controllerClass)) {
echo "Error: No such class: " . $controllerClass;
exit;
}
session_start();
$userManager = new Manager\UserManager();
$user = $userManager->getLoggedInUser();
if ($user == null && strtolower($controller) != "login" && strtolower($controller) != "register") {
header("Location: " . generate_url("login", "default", array("redirect" => urlencode($_SERVER["REQUEST_URI"]))));
exit;
} else {
$smarty->assign("user", $user);
}
$controllerInstance = new $controllerClass();
$controllerInstance->load();
if (method_exists($controllerInstance, $actionMethod)) {
//fill all action parameters with GET/POST parameters
$r = new ReflectionMethod($controllerClass, $actionMethod);
$pars = array();
$params = $r->getParameters();
foreach ($params as $param) {
<?php
namespace Controller;
$userManager = new \Manager\UserManager($em);
if (isset($_POST['username'])) {
if (empty($_POST['username']) || empty($_POST['password'])) {
$error = "Veuillez renseigner tout les champs";
} elseif (!$userManager->connect($_POST['username'], $_POST['password'])) {
$error = "Utilisateur ou mot de passe incorrect";
}
}
<?php
set_time_limit(0);
$um = new Manager\UserManager();
$um->register("Max Mustermann", "*****@*****.**", "test", "test");
$um->login("test", "test");
$cm = new \Manager\CardsManager();
import_dir(__DIR__ . '/exampleCards', array());
function import_dir($path, $tags)
{
global $cm;
$dir = opendir($path);
while (false !== ($entry = readdir($dir))) {
$f = $path . "/" . $entry;
if (strlen($entry) > 2) {
if (is_dir($f)) {
import_dir($f, array_merge($tags, array($entry)));
} else {
if (is_file($f)) {
$cm->importFile($f, array_merge($tags, array($entry)));
}
}
}
}
}
$mnm = new Manager\MindMapNodeManager();
$map = $mnm->createMindMap("niceMindMap");
$cards = $cm->getCardsByUser($um->getLoggedInUser());
$x = 0;
foreach ($cards as $c) {
if ($x++ == 5) {
public function controlProfilModify()
{
unset($_SESSION['error']);
if ($_POST) {
if (isset($_POST['nom'])) {
$login = $_POST['nom'];
}
if (isset($_POST['user_mail'])) {
$email = $_POST['user_mail'];
}
if (isset($_POST['birthday'])) {
$birthday = $_POST['birthday'];
}
if (isset($_POST['country'])) {
$country = $_POST['country'];
}
if (isset($_POST['bio'])) {
$bio = $_POST['bio'];
}
if (preg_match("#^([A-Z]|[a-z])(a-z)*(_)?[a-z]+\$#", $login)) {
if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
$urlphoto = \uploadUserPicture();
$usermanager = new \Manager\UserManager();
$usermanager->update(['username' => $login, 'urlpicture' => $urlphoto, 'email' => $email, 'birthday' => $birthday, 'country' => $country, 'biography' => trim($bio)], $_SESSION['user']['id']);
// die('rrrr');
$user = $usermanager->getUserByUsernameOrEmail($email);
$auth = new \W\Security\AuthentificationManager();
$auth->logUserIn($user);
$_SESSION['error']['controlProfilModify'] = "Votre profil a bien été modifié ! ";
} else {
$_SESSION['error']['controlProfilModify'] = "L'email n'est pas dans un format valide ! ";
}
} else {
$_SESSION['error']['controlProfilModify'] = "Le login ne peut comporter de caractère spéciaux ( [ { / \\ & # @ ] } ) ainsi que les accents! ";
}
}
$this->redirectToRoute('profilmodify');
}
public function forgetpassword()
{
unset($_SESSION['error']);
if ($_POST) {
if (\isIsset($_POST)) {
$emailPasswordRecovery = $_POST['emailPasswordRecovery'];
if (filter_var($emailPasswordRecovery, FILTER_VALIDATE_EMAIL)) {
$usermanager = new \Manager\UserManager();
if ($usermanager->emailExists($emailPasswordRecovery)) {
$user = $usermanager->getUserByUsernameOrEmail($emailPasswordRecovery);
if (\isComfirmedAccount($user['id'])) {
//On ne peut pas réinitialiser son password si le compte n'est pas confirmé
$token = \W\Security\StringUtils::randomString(32);
$tokentime = time() + 20 * 60;
$usermanager->update(['token' => password_hash($token, PASSWORD_DEFAULT), 'token_timestamp' => $tokentime], $user['id']);
$lien = '<a href="' . $this->generateUrl('mailPassword', ['token' => $token, 'id' => $user['id']], true) . '">http://www.mudeo.com/verif/u675CXIV9YOLHbYIjhgc8O7UNM</a>';
$lien_img = "od972.free.fr/logo.png";
$msg = "<img src='" . $lien_img . "' style='width:100px;height:100px'/> <h2>Mudéo </h2>";
$msg .= "<h4>MFF Corp.</h4><br/><br/>";
$msg .= "Pour pouvoir changer votre mot de passe <span style='font-weight:bold;'>" . strtoupper($user['username']) . "</span>. Veuillez cliquer sur le lien suivant qui vous redirigera vers notre site<br/><br/>" . $lien;
require_once 'assets/inc/mailer.php';
smtpmailer('*****@*****.**', '*****@*****.**', 'Admin', 'Vérification de la création de compte Mudéo', $msg);
if (isset($errorMail)) {
$_SESSION['error']['forgetpassword'] = $error;
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
} else {
$_SESSION['error']['forgetpassword'] = "******" . $user['email'] . " avant de pouvoir utiliser cette fonctionalité";
}
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
} else {
$_SESSION['error']['forgetpassword'] = "******";
}
}
$this->show('Default/home');
}
<?php
//autochargement des classes
require "../vendor/autoload.php";
include 'assets/inc/functions.php';
//configuration
require "../app/config.php";
//rares fonctions globales
require "../W/globals.php";
//instancie notre appli en lui passant la config et les routes
$app = new W\App($w_routes, $w_config);
if (isset($_COOKIE['auth']) && !isset($_SESSION['user'])) {
$auth = $_COOKIE['auth'];
$auth = explode('-----', $auth);
$usermanager = new \Manager\UserManager();
$user = $usermanager->find($auth[0]);
$key = sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']);
if ($key == $auth[1]) {
$auth = new \W\Security\AuthentificationManager();
$auth->logUserIn($user);
setcookie("auth", $user['id'] . '-----' . $key, time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true);
} else {
setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true);
}
}
//exécute l'appli
$app->run();
<?php
namespace Controller;
$userManager = new \Manager\UserManager($em);
if (isset($_POST['email'])) {
if (empty($_POST['email']) || empty($_POST['firstname']) || empty($_POST['lastname']) || empty($_POST['username']) || empty($_POST['password']) || empty($_POST['confirm'])) {
$error = "Veuillez renseigner tout les champs";
} elseif ($_POST['password'] != $_POST['confirm']) {
$error = "La confirmation du mot de passe est incorrecte";
} else {
$userManager->createAdmin($_POST['email'], $_POST['username'], $_POST['password'], array('ROLE_GUEST'));
}
}
public function creditKikos($token)
{
if ($token == '1234') {
// Va récupérer toutes les formations avec top_credit = 0
$newformation = new \Manager\FormationManager();
$listes = $newformation->listFormationsToCredit();
// Pour chacun des formations récupérer :
foreach ($listes as $key => $value) {
// Compte le nombre d'inscrit à cette formation
$newinscription = new \Manager\InscriptionManager();
$nbrInscrit = $newinscription->countInscription($value['formationId']);
// crédite le formateur de kikos = au nombre d'inscrits
if ($nbrInscrit > 0) {
$newuser = new \Manager\UserManager();
$newuser->manageKikos($value['userId'], 'add', $nbrInscrit);
}
// Mise à jour du top Credit
$newformation->update(['topCredit' => 1], $value['formationId']);
}
} else {
$this->showForbidden();
}
}
/**
* Page de modification du profil
*/
public function profile($username)
{
$error = array();
$isValid = true;
// on crée l'instance UserManager
$userManager = new \Manager\UserManager();
// on crée une instance security manager
$authentificationManager = new \W\Security\AuthentificationManager();
// - on récupère l'utilisateur connecté
$userConnect = $authentificationManager->getLoggedUser();
// formulaire soumis ?
if ($_POST) {
$username = $_POST['username'];
$lastname = $_POST['lastname'];
$firstname = $_POST['firstname'];
$birthyear = $_POST['birthyear'];
$sex = $_POST['sex'];
$job = $_POST['job'];
$instructorDescription = $_POST['instructorDescription'];
$studentDescription = $_POST['studentDescription'];
// validation des données => à coder
$isValid = true;
// Contrôle des champs obligatoires sur la formation
$validator = new \Utils\FormValidator();
$validator->validateNotEmpty($username, "username", "Le pseudo est obligatoire !");
$validator->validateNotEmpty($lastname, "lastname", "Saisir votre nom !");
$validator->validateNotEmpty($firstname, "firstname", "Saisir votre prénom !");
$validator->validateNotEmpty($birthyear, "birthyear", "Saisir votre année de naissance !");
$validator->validateNotEmpty($sex, "sex", "Indiquer votre sexe !");
$validator->validateNotEmpty($job, "job", "Saisir votre métier !");
$validator->validateNotEmpty($instructorDescription, "instructorDescription", "Saisir votre description en tant que formateur !");
$validator->validateNotEmpty($studentDescription, "studentDescription", "Saisir votre description en tant qu'étudiant !");
if ($validator->isValid()) {
$validator->validateYear($birthyear, "birthyear", "Votre année de naissance doit être comprise entre 1900-2099 !");
$validator->validateCharacter($username, "username", "Le pseudo comporte des caractères interdits !");
}
if (!$validator->isValid()) {
$error = $validator->getErrors();
$isValid = false;
}
if ($isValid) {
// 1 - on crée l'instance
$userManager = new \Manager\UserManager();
if ($userConnect['username'] != $username) {
if ($userManager->usernameExists($username)) {
$isValid = false;
$error['username'] = '******';
}
}
}
// upload du fichier
if ($_FILES['image']['size'] != 0) {
$file = new \Utils\ImageUpload($_FILES['image'], 'assets/img/users/');
$file->uploadFile();
$file->reduceImage(false);
if (!$file->isValid()) {
$isValid = false;
$error['image'] = $file->getErrors();
} else {
$error['image'] = 'img/users/' . $file->getFileName();
$_SESSION['image_user'] = $file->getFileName();
}
} else {
$_SESSION['image_user'] = '******';
}
// si c'est valide
if ($isValid) {
// Mise à jour dans la base de données
// 2 - on appelle la méthode update
$user = $userManager->update(["username" => $_POST['username'], "lastname" => $_POST['lastname'], "firstname" => $_POST['firstname'], "birthyear" => $_POST['birthyear'], "sex" => $_POST['sex'], "job" => $_POST['job'], "instructorDescription" => $_POST['instructorDescription'], "studentDescription" => $_POST['studentDescription'], "image" => $_SESSION['image_user']], $userConnect['id']);
// on met à jour les données utilisateurs
$authentificationManager->refreshUser();
$userConnect = $authentificationManager->getLoggedUser();
}
} else {
$_POST = $userConnect;
}
// 3 - on affiche la page si user trouvé
if ($userConnect) {
if ($userConnect['image'] == '') {
$error['image'] = 'imageprofildefaut.png';
} else {
$error['image'] = $userConnect['image'];
}
if ($userConnect['username'] == $username) {
$this->show('user/profile', ['error' => $error]);
}
}
// Sinon on redirige vers une page erreur
$this->showForbidden();
}