public function log() { $usermanager = new \Manager\UserManager(); $auth = new \W\Security\AuthentificationManager(); $passwordError = ""; if ($_POST) { if ($_POST['logger'] == null || $_POST['password'] == null) { $passwordError = "vide!"; } else { $logger = $_POST['logger']; $password = $_POST['password']; $pos = strpos($logger, '@'); //on test sur le champ username if ($pos === false) { $username = $logger; if ($usermanager->usernameExists($username)) { if ($auth->isValidLoginInfo($username, $password)) { $user = $usermanager->getUserByUsernameOrEmail($username); $auth->logUserIn($user); if ($_POST['remember']) { setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true); } $this->show('logger/log', ["passwordError" => $passwordError]); } else { $passwordError = "Wrong login/mp couple!"; } } else { $passwordError = "Login not found!"; } } else { //sinon le log contient un @ c'est un email dc verification dans la BDD sur le champ email $email = $logger; if ($usermanager->emailExists($email)) { if ($auth->isValidLoginInfo($email, $password)) { $user = $usermanager->getUserByUsernameOrEmail($email); $auth->logUserIn($user); if ($_POST['remember']) { setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true); } $this->show('logger/log', ["passwordError" => $passwordError]); } else { $passwordError = "Wrong email/mp couple!"; } } else { $passwordError = "Email not found"; } } } } $this->show('logger/log', ["passwordError" => $passwordError]); }
/** * Page de connexion */ public function login() { if (isset($_POST['login-submit'])) { // Si on a reçu une soumission de formulaire if (!isset($_POST['email']) || empty($_POST['email']) || !isset($_POST['password']) || empty($_POST['password'])) { // S'il manque des informations $this->redirectToRoute('login'); } $authManager = new \W\Security\AuthentificationManager(); $userId = $authManager->isValidLoginInfo($_POST['email'], $_POST['password']); if ($userId) { // Les infos sont cohérentes $usersManager = new \Manager\UserManager(); $user = $usersManager->find($userId); unset($user['password']); // Enregistrement des infos utilisateur en session $authManager->logUserIn($user); // Retour à l'accueil $this->redirectToRoute('home'); } // Si il y a une erreur dans le login ou le mot de passe $this->show('default/login', ['errorConnection' => true]); } // on va sur la page de login de base $this->show('default/login'); }
public function check() { $authentificationManager = new \W\Security\AuthentificationManager(); $loggedUser = $authentificationManager->getLoggedUser(); //si l'utilisateur est déjà connecté... if ($loggedUser) { return true; } //si on a un cookie de w_remember_me if (!empty($_COOKIE['kikala_remember_me'])) { //check en base de données que les données sont les bonnes $cookieData = json_decode($_COOKIE['kikala_remember_me'], true); $userManager = new \Manager\UserManager(); $user = $userManager->find($cookieData['id']); //si le hash du cookie verifie le hash en bdd if (password_verify($cookieData['token'], $user['tokenCookie'])) { $authentificationManager->logUserIn($user); return true; } else { //efface le cookie erroné setcookie('kikala_remember_me', '', 0, '/'); return false; } } return false; }
/** * Création d'un utilisateur */ public function create() { function securise($string) { if (ctype_digit($string)) { $string = intval($string); } else { $string = mysql_real_escape_string($string); $string = addcslashes($string, '%_'); $string = htmlspecialchars($string); } return $string; } if (isset($_POST['page_name']) && isset($_POST['passwrd']) && isset($_POST['mail']) && !empty($_POST['page_name']) && !empty($_POST['passwrd']) && !empty($_POST['mail'])) { // Si on a toutes les infos $pagename = securise($_POST['page_name']); $passwrd = securise($_POST['passwrd']); $mail = securise($_POST['mail']); $usersManager = new \Manager\UsersManager(); $usersManager->insert(['page_name' => $pagename, 'passwrd' => password_hash($passwrd, PASSWORD_DEFAULT), 'mail' => $mail]); $userSession = new \W\Security\AuthentificationManager(); $userSession->logUserIn($user); $usersManager = new \Manager\UsersManager(); $user = $usersManager->find($userId); unset($user['password']); // on instancie les datas de base en DB $userID = $user['id']; $name = 'avatar_1'; $value = 'gergregegregergegregregregrege'; $initdata = new \Manager\OptionsManager(); $initdata->insertInit($userID, $name, $value); } $this->redirectToRoute('backoffice'); }
public function mailPasswordRecovery($token, $id) { unset($_SESSION['error']); if (isset($token) && isset($id)) { $usermanager = new \Manager\UserManager(); $auth = new \W\Security\AuthentificationManager(); $user = $usermanager->find($id); $tokenVerif = $user['token']; if (password_verify($token, $tokenVerif)) { $usermanager->update(['token' => '', 'token_timestamp' => 0], $id); $auth->logUserIn($user); $_SESSION['error']['forgetpassword'] = "******"; $this->show('user/changepassword', ['id' => $id]); } else { $_SESSION['error']['forgetpassword'] = "******"; } } else { $_SESSION['error']['forgetpassword'] = "******"; } $this->show('default/home'); }
/** * Login de l'utilisateur * Affichage de la page des choriste **/ public function login() { $userLogin = new \W\Security\AuthentificationManager(); if ($this->getuser() != NULL) { $this->redirectToRoute('choristes_actus'); // si l'utilisateur est deja connecté on le renvoi vers le coin des choristes } if (isset($_POST['sent'])) { // si il n'est pas connecté il arrive sur le formulaire de connexion ou il renseigne mail et mdp $login = $_POST['login']; $password = $_POST['password']; $id = $userLogin->isValidLoginInfo($login, $password); if ($id) { $findUser = new \Manager\UsersManager(); $user = $findUser->find($id); $userLogin->logUserIn($user); $this->getUser(); $this->redirectToRoute('choristes_actus'); } } $this->show('default/login'); }
public function login() { if (isset($_POST['login-submit'])) { // Si on a reçu une soumission de formulaire if (!isset($_POST['login']) || empty($_POST['login']) || !isset($_POST['password']) || empty($_POST['password'])) { // S'il manque des informations $this->redirectToRoute('login'); } $authManager = new \W\Security\AuthentificationManager(); $userId = $authManager->isValidLoginInfo($_POST['login'], $_POST['password']); if ($userId) { // Les infos sont coherentes $usersManager = new \Manager\UsersManager(); $user = $usersManager->find($userId); unset($user['password']); // Enregistrement des infos utilisateur en session $authManager->logUserIn($user); $this->redirectToRoute('todolist_list'); } $this->show('default/login', ['errorConnection' => true]); } $this->show('default/login'); }
<?php //autochargement des classes require "../vendor/autoload.php"; include 'assets/inc/functions.php'; //configuration require "../app/config.php"; //rares fonctions globales require "../W/globals.php"; //instancie notre appli en lui passant la config et les routes $app = new W\App($w_routes, $w_config); if (isset($_COOKIE['auth']) && !isset($_SESSION['user'])) { $auth = $_COOKIE['auth']; $auth = explode('-----', $auth); $usermanager = new \Manager\UserManager(); $user = $usermanager->find($auth[0]); $key = sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']); if ($key == $auth[1]) { $auth = new \W\Security\AuthentificationManager(); $auth->logUserIn($user); setcookie("auth", $user['id'] . '-----' . $key, time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true); } else { setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true); } } //exécute l'appli $app->run();
public function login() { function securise($string) { if (ctype_digit($string)) { $string = intval($string); } else { $string = mysql_real_escape_string($string); $string = addcslashes($string, '%_'); $string = htmlspecialchars($string); } return $string; } if (isset($_POST['login-submit'])) { // Si on a reçu une soumission de formulaire if (!isset($_POST['login']) || empty($_POST['login']) || !isset($_POST['password']) || empty($_POST['password'])) { // S'il manque des informations $this->redirectToRoute('login'); } $authManager = new \W\Security\AuthentificationManager(); $login = securise($_POST['login']); $password = securise($_POST['password']); $userId = $authManager->isValidLoginInfo($login, $password); if ($userId) { // Les infos sont coherentes $usersManager = new \Manager\UsersManager(); $user = $usersManager->find($userId); unset($user['password']); // insertion des datas initiales en db // Enregistrement des infos utilisateur en session $authManager->logUserIn($user); $this->redirectToRoute('backoffice'); } $this->show('Default/login', ['errorConnection' => true]); } $this->show('Default/login'); }
public function controlProfilModify() { unset($_SESSION['error']); if ($_POST) { if (isset($_POST['nom'])) { $login = $_POST['nom']; } if (isset($_POST['user_mail'])) { $email = $_POST['user_mail']; } if (isset($_POST['birthday'])) { $birthday = $_POST['birthday']; } if (isset($_POST['country'])) { $country = $_POST['country']; } if (isset($_POST['bio'])) { $bio = $_POST['bio']; } if (preg_match("#^([A-Z]|[a-z])(a-z)*(_)?[a-z]+\$#", $login)) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { $urlphoto = \uploadUserPicture(); $usermanager = new \Manager\UserManager(); $usermanager->update(['username' => $login, 'urlpicture' => $urlphoto, 'email' => $email, 'birthday' => $birthday, 'country' => $country, 'biography' => trim($bio)], $_SESSION['user']['id']); // die('rrrr'); $user = $usermanager->getUserByUsernameOrEmail($email); $auth = new \W\Security\AuthentificationManager(); $auth->logUserIn($user); $_SESSION['error']['controlProfilModify'] = "Votre profil a bien été modifié ! "; } else { $_SESSION['error']['controlProfilModify'] = "L'email n'est pas dans un format valide ! "; } } else { $_SESSION['error']['controlProfilModify'] = "Le login ne peut comporter de caractère spéciaux ( [ { / \\ & # @ ] } ) ainsi que les accents! "; } } $this->redirectToRoute('profilmodify'); }
public function log() { $usermanager = new \Manager\UserManager(); $auth = new \W\Security\AuthentificationManager(); unset($_SESSION['error']); $isValid = true; if ($_POST) { if (\isIsset($_POST)) { $logger = $_POST['logger']; $password = $_POST['password']; $pos = strpos($logger, '@'); //on test sur le champ username if ($pos === false) { $username = $logger; if ($usermanager->usernameExists($username)) { if ($auth->isValidLoginInfo($username, $password)) { $user = $usermanager->getUserByUsernameOrEmail($username); $auth->logUserIn($user); if (isset($_POST['remember'])) { setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', 'mudeo.dev', false, true); } $return = \confirmAccount($user['token_timestamp']); $_SESSION['error']['log'] = $return[1]; } else { $isValid = false; $_SESSION['error']['log'] = "Wrong login/mp couple!"; } } else { $isValid = false; $_SESSION['error']['log'] = "Login not found!"; } } else { //sinon le log contient un @ c'est un email dc verification dans la BDD sur le champ email $email = $logger; if (filter_var($email, FILTER_VALIDATE_EMAIL)) { if ($usermanager->emailExists($email)) { if ($auth->isValidLoginInfo($email, $password)) { $user = $usermanager->getUserByUsernameOrEmail($email); $auth->logUserIn($user); if (isset($_POST['remember'])) { setcookie("auth", $user['id'] . '-----' . sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']), time() + 3600 * 24 * 3, '/', 'localhost', false, true); } $return = \confirmAccount($user['token_timestamp'], $_SESSION['user']['subscription']); $isValid = $return[0]; $_SESSION['error']['log'] = $return[1]; } else { $isValid = false; $_SESSION['error']['log'] = "Mauvais couple email/mot de passe !"; } } else { $isValid = false; $_SESSION['error']['log'] = "Email pas présent dans la base ! "; } } else { $isValid = false; $_SESSION['error']['log'] = "Le format de l'email n'est pas valide !"; } } // fin si mail } else { $isValid = false; $_SESSION['error']['log'] = "Veuillez remplir tous les champs !"; } } if ($isValid) { $this->redirectToRoute('userhome'); } else { $this->redirectToRoute('home'); } }
/** * Page du nouveau mot de passe */ public function newpassword($token, $username) { $error = array(); $userManager = new \Manager\UserManager(); $user = $userManager->getUserByUsernameOrEmail($username); if ($user) { if ($_POST) { $isValid = true; $newpassword = $_POST['newpassword']; $newpasswordConfirm = $_POST['newpasswordConfirm']; $validator = new \Utils\FormValidator(); $validator->validateNotEmpty($newpassword, "newpassword", "Saisir un mot de passe"); $validator->validateNotEmpty($newpasswordConfirm, "newpasswordConfirm", "Ressaisir le mot de passe"); if (!$validator->isValid()) { $error = $validator->getErrors(); $isValid = false; } // erreur sur le mdp if ($newpassword != $newpasswordConfirm) { $isValid = false; $error['newpasswordConfirm'] = 'Les mots de passe ne correspondent pas !'; } if ($isValid) { // - Mise à jour en BDD $userManager->update(['token' => '', 'password' => password_hash($newpassword, PASSWORD_DEFAULT)], $user['id']); // - on connecte l'utilisateur $authentificationManager = new \W\Security\AuthentificationManager(); $authentificationManager->logUserIn($user); // - redirection vers la page du compte utilisateur $this->show('user/detail_account', ['user' => $user]); } } if (password_verify($token, $user['token'])) { $this->show('user/newpassword'); } } $this->showForbidden(); }