function index_password_change()
{
global $tpl;
if (!isset($_GET['valid']) || $_GET['valid'] != $_SESSION['index_password_code']) {
$tpl->assign('hsuccess', false);
modexec('index');
}
$mdl = new Modele('users');
$mdl->find(array('user_email' => $_SESSION['index_password_email']));
$mdl->next();
if (isset($_POST['pwd1'])) {
$success = $mdl->modFrom(array('user_pass' => $_POST['pwd1']), false);
$tpl->assign('hsuccess', $success);
if ($success) {
unset($_SESSION['index_password_code']);
$_SESSION['user'] = $mdl->toArray();
$_SESSION['user']['role'] = aclFromText($mdl->raw_user_role);
$tpl->assign('_user', $_SESSION['user']);
modexec('index');
}
}
$tpl->assign('user', $mdl);
display();
}
function tripusr_step4()
{
global $tpl;
$ufile = _tripusr_load();
if ($ufile->tu_step != 4) {
redirect('tripusr', 'continue', array('file' => $ufile->getKey()));
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST["next"])) {
$bill = new Modele('trip_types');
$bill->fetch($_POST['ticket']);
switch ($bill->raw_tt_restriction) {
case 'ALL':
$ufile->tu_type = $bill->getKey();
$ufile->tu_price = $bill->tt_price;
$ufile->tu_step = 5;
redirect('tripusr', 'step5', array('file' => $ufile->getKey()));
break;
case 'USER':
$ufile->tu_type = $bill->getKey();
if (aclFromText($_SESSION['user']['user_role']) >= ACL_USER) {
$ufile->tu_price = $bill->tt_price;
$ufile->tu_step = 5;
redirect('tripusr', 'step5', array('file' => $ufile->getKey()));
}
break;
default:
echo 'ERROR: not implemented';
quit();
break;
}
}
/* else {
$questions = new Modele('trip_options');
$questions->find(array('topt_trip' => $ufile->raw_tu_trip));
// Pas de complements, go back etape 2
if ($questions->count() == 0) {
$ufile->tu_step = 2;
redirect('tripusr', 'step2', array('file' => $ufile->getKey()));
} else {
$ufile->tu_step = 3;
redirect('tripusr', 'step3', array('file' => $ufile->getKey()));
}
} */
}
$tickets = new Modele('trip_types');
$tickets->find(array('tt_trip' => $ufile->raw_tu_trip));
$tickets->appendTemplate('tickets');
display();
}
function user_add_mandate($user, $mandate)
{
$usr = new Modele('users');
$mdt = new Modele('mandate');
$lnk = new Modele('user_mandate');
if (preg_match('/^9([0-9]{4})([0-9]{7})[0-9]$/', $user, $matchs)) {
$user = $matchs[2];
$mandate = $matchs[1];
}
$usr->fetch($user);
$mdt->fetch($mandate);
if ($lnk->find(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey())) && $lnk->count() > 0) {
return 'L\'utilisateur a déjà un mandat, changez ces privilèges manuellement';
}
$succ = $lnk->addFrom(array('um_user' => $usr->getKey(), 'um_mandate' => $mdt->getKey()));
if ($succ && aclFromText($usr->raw_user_role) < ACL_USER) {
$usr->user_role = ACL_USER;
}
return $succ;
}
/**
* Permet d'authentifier un utilisateur
*
* @global type $pdo
* @param type $user Utilisateur
* @param type $pass Mot de passe chiffré
* @return boolean True si authentification réussie
*/
function login_user($user, $pass, $otp_code = null)
{
global $pdo, $srcdir;
$sql = $pdo->prepare('SELECT * FROM users WHERE user_name = ?');
$sql->bindValue(1, $user);
$sql->execute();
if ($user = $sql->fetch()) {
//Ici l'utilisateur existe
if (strlen($user['user_pass']) != 32) {
// Mot de passe non chiffré ...
$user['user_pass'] = md5($user['user_name'] . ':' . $user['user_pass']);
}
if (strlen($user['user_otp'])) {
require_once $srcdir . '/libs/GoogleAuthenticator/GoogleAuthenticator.php';
$otp = new GoogleAuthenticator();
if (!$otp->checkCode($user['user_otp'], $otp_code)) {
return -1;
}
}
//Mot de passe correct ?
if (md5($user['user_pass'] . $_SESSION['random']) == $pass) {
$_SESSION['user'] = $user;
$_SESSION['user']['role'] = aclFromText($user['user_role']);
unset($_SESSION['random']);
return true;
}
}
return false;
}
