function Connexion($check_validity = TRUE)
{
// the following global variables are stored in a distinct file
global $WIKISERVER, $WIKILOGIN, $WIKIBASEPASSWORD, $BASE;
if (!isset($_SERVER["PHP_AUTH_USER"]) || !isset($_SERVER["PHP_AUTH_PW"])) {
authentification();
}
$connexion = mysql_pconnect($WIKISERVER, $WIKILOGIN, $WIKIBASEPASSWORD);
if (!$connexion) {
echo gettext("Sorry, impossible connexion to server");
exit;
}
if (!mysql_select_db($BASE, $connexion)) {
echo gettext("Sorry, impossible connexion to database");
echo "<B>Message de MySQL :</B> " . mysql_error($connexion);
exit;
}
// from the manual, Chapter 16
$query = "SELECT my_username FROM user WHERE my_login='******' and my_password='******'";
$result = mysql_query($query, $connexion);
if (mysql_num_rows($result) == 0) {
authentification();
echo gettext("Sorry, wrong username or password");
exit;
}
return $connexion;
}
<?php
include_once '../Model/authentification.php';
if (isset($_POST['pseudo']) && isset($_POST['password'])) {
$pseudo = strip_tags($_POST['pseudo']);
$passH = sha1(strip_tags($_POST['password']));
$per = authentification($pseudo, $passH);
if ($per) {
session_start();
$_SESSION['USER_ID'] = $per['id'];
$_SESSION['USER_PSEUDO'] = $pseudo;
}
}
include_once '../View/index.php';
?>
<?php
session_start();
include_once "connexion.php";
include_once "fonctions.php";
/* Affiche un message d'erreur si connexion échouée */
$erreurCo = "";
$erreurCrea = "";
$erreurModif = "";
if (isset($_POST['login']) && isset($_POST['password']) && !$_SESSION['connecte']) {
$erreurCo = authentification($dbh);
}
if (isset($_POST['nlogin']) && isset($_POST['npassword']) && isset($_POST['npasswordV'])) {
$erreurCrea = inscription($dbh);
}
if (isset($_POST['infoPassword'])) {
$erreurModif = modifInfoUser($dbh);
}
$infos_user = getInfosUser($dbh);
/* Stockage de la vue à charger dans un buffer */
$html = recupererHTML("../main.html");
/* Initialisation du tableau pour le remplacement */
$remplacement = array('%navbar%' => recupererHTML("../html/navbar.html"), '%contenu%' => $_SESSION['connecte'] ? recupererHTML("../html/compte.html") : recupererHTML("../html/accueil.html"), '%scripts%' => "", '%accueilActif%' => 'class="active"', '%questActif%' => "", '%statActif%' => "", '%deconnexion%' => $_SESSION['connecte'] ? '<ul class="nav navbar-nav navbar-right"><li><a href="../php/deconnexion.php">Deconnexion</a></li></ul>' : '', '%erreurCo%' => $erreurCo, '%erreurCrea%' => $erreurCrea, '%erreurModif%' => $erreurModif, '%selGNull%' => !isset($infos_user->genre) ? "selected" : "", '%selGHom%' => $infos_user->genre == "homme" ? "selected" : "", '%selGFem%' => $infos_user->genre == "femme" ? "selected" : "", '%infoProf%' => isset($infos_user->profession) ? "value='" . $infos_user->profession . "'" : "", '%infoFrT%' => $infos_user->fr_natif ? 'checked' : '', '%infoFrF%' => !$infos_user->fr_natif ? 'checked' : '');
/* Remplacement des variables de la vue par les données de la page */
$html = remplacerContenu($html, $remplacement);
echo $html;
<?php
include 'lib/PDO.php';
include 'lib/user.php';
include 'lib/random_password.php';
//permet de se deconnecter
if (!empty($_GET['action']) && $_GET['action'] == 'off') {
include 'modele/connexion/deconnexion.php';
deconnexion();
} else {
if (!empty($_POST['action']) && $_POST['action'] == 'login') {
if (isset($_POST['pseudo']) && isset($_POST['password'])) {
include 'modele/connexion/authentification.php';
authentification($_POST['pseudo'], $_POST['password']);
}
} else {
include 'vue/connexion/connexion.php';
}
}
*/
header('Content-type: application/json');
include_once "./mysql_connect.php";
/* INPUT */
$EMAIL = set_value('EMAIL', '');
$PASSWORD = set_value('PASSWORD', '');
$SERVER_URL = set_value('SERVER_URL', 'http://refresh.nouvelingenieur.fr');
function authentification($EMAIL, $PASSWORD)
{
if ($PASSWORD == sha1('')) {
return array('SUCCESS' => 'False', 'MESSAGE' => _('Email missing'));
}
if ($EMAIL == sha1('')) {
return array('SUCCESS' => 'False', 'MESSAGE' => _('Password missing'));
}
$hash_log = $EMAIL;
$hash_pass = $PASSWORD;
$result = @mysql_query(sprintf("SELECT user_id,is_valid,privileges FROM user WHERE hash_mail='%s' AND hash_pass='******'", mysql_real_escape_string($hash_log), mysql_real_escape_string($hash_pass)));
if (mysql_num_rows($result) == 0) {
return array('SUCCESS' => 'False', 'MESSAGE' => _('Email and password do not match'));
} else {
return array('SUCCESS' => 'True', 'MESSAGE' => _('You are now logged in'));
}
}
$array = authentification($EMAIL, $PASSWORD);
array_walk_recursive($array, function (&$item, $key) {
if (is_string($item)) {
$item = htmlentities($item);
}
});
echo "Ext.util.JSONP.callback(" . json_encode(array("data" => $array)) . ")";
/**
* Affiche le header du site
* Affiche les boutons de connexion/inscription pour les visiteurs
* Affiche un message personnalisé et l'option de déconnexion pour les membres authentifiés
*/
function afficheHeader($dbh)
{
$html = recupererHTML("../html/bandeau.html");
//$estConnecte = true;
$espaceConnexion = "";
$modalInscription = "";
$modalConnexion = "";
$modalConfirmation = "";
if (isset($_POST["login"]) && $_POST["password"]) {
$_SESSION["estConnecte"] = authentification($dbh, $_POST["login"], $_POST["password"]);
$_SESSION["role"] = $dbh->query("SELECT role FROM utilisateur WHERE pseudo='" . $_POST["login"] . "'");
$_SESSION["role"] = $_SESSION["role"]->fetch(PDO::FETCH_OBJ);
$_SESSION["role"] = $_SESSION["role"]->role;
$_SESSION["pseudo"] = $_POST["login"];
}
if (isset($_SESSION["estConnecte"]) && $_SESSION["estConnecte"]) {
$espaceConnexion = '
<div class="account" id="logged">
Bienvenue, ' . $_SESSION["pseudo"] . ' !
<form method="post">
<button type="submit" id="deConnexion" value="Deconnexion" name="deConnexion">Deconnexion</button>
</form>
</div>
';
} else {
$espaceConnexion = '
<nav class="main-nav">
<ul>
<li><a class="connexion lien" href="#conn">Se connecter</a></li>
<li><a class="inscription lien" href="#inscr">S\'inscrire</a></li>
</ul>
</nav>
';
$modalInscription = '
<div id="inscr" class="modal">
<div>
<a href="#fermer" title="Fermer" class="fermer">X</a>
<h2>INSCRIPTION</h2>
<form action="' . $_SERVER['PHP_SELF'] . '#conf" method="post">
<label for="inscrPseudo">Pseudo</label>
<input type="text" name="inscrPseudo" id="inscrPseudo" placeholder="Pseudo" required><br>
<label for="inscrMail">Mail</label>
<input type="text" name="inscrMail" id="inscrMail" placeholder="*****@*****.**" required><br>
<button type="submit" class="submit">Je m\'inscris !</button>
</form>
</div>
</div>
';
$pageActuelle = $_SERVER['PHP_SELF'] == "/1000k_web/php/consulter_technote.php" ? "/1000k_web/php/consulter_technote.php?id=" . $_GET["id"] : ($_SERVER['PHP_SELF'] == "/1000k_web/php/consulter_question.php" ? "/1000k_web/php/consulter_question.php?id=" . $_GET["id"] : $_SERVER['PHP_SELF']);
$modalConnexion = '
<div id="conn" class="modal">
<div>
<a href="#fermer" title="Fermer" class="fermer">X</a>
<h2>CONNEXION</h2>
<form action="' . $pageActuelle . '" method="post">
<label for="connPseudo">Pseudo</label>
<input type="text" name="login" id="connPseudo" placeholder="Pseudo" required><br>
<label for="connMDP">Mail</label>
<input type="password" name="password" id="connMDP" placeholder="*****" required><br>
<button type="submit" class="submit">Je me connecte !</button>
</form>
</div>
</div>
';
if (isset($_POST["inscrPseudo"]) && isset($_POST["inscrMail"])) {
$message = creationCompte($_POST["inscrMail"], $_POST["inscrPseudo"], $dbh);
$modalConfirmation = '
<div id="conf" class="modal">
<div>
<a href="#fermer" title="Fermer" class="fermer">X</a>
<h2>CONFIRMATION</h2>
<span>' . $message . '</span>
</div>
</div>
';
}
}
$remplacement = array('%espaceConnexion%' => $espaceConnexion, '%modalInscription%' => $modalInscription, '%modalConnexion%' => $modalConnexion, '%modalConfirmation%' => $modalConfirmation);
return remplacerContenu($html, $remplacement);
}
