public function login() { Users::redirectIf(true); $nickname = Helper::post('nickname'); $password = Helper::post('password'); if (empty($nickname) || empty($password)) { Session::setFlash('danger', '', Translate::get('error.forms.missing.content')); Router::redirect('user.signin'); } $users = Users::select()->addFields(['id', 'id_group', 'password', 'nickname', 'mail', 'user_key', 'firstname', 'lastname', 'avatar'])->where('nickname', $nickname)->andWhere('mail_check', '1')->orWhere('mail', $nickname)->get(0, 1); if (empty($users) || !password_verify($password, $users[0]->password)) { Session::setFlash('danger', '', Translate::get('user.error.login')); Router::redirect('user.signin'); } $user = $users[0]; $group = Groups::select()->where('id', $user->id_group)->get(); if (empty($group)) { Session::setFlash('danger', '', 'Vous n\'êtes pas dans un groupe valide'); Router::redirect('user.signin'); } $group = $group[0]; $br = new BinaryRight($group->auth_site); if (!$br->compare(Groups::getAuth('site', 'connection'))) { Session::setFlash('danger', '', 'Vous ne pouvez pas vous connecter !'); Router::redirect('user.signin'); } $user->connection_at = BaseModel::now(); $user->save(); Users::sessionSet($user); Session::setFlash('success', '', Translate::get('user.success.login')); Router::redirect('home.index'); }
public function update($id, $name) { $user = $this->checkUser($id, $name); if (Session::get('csrf') != Helper::post('_csrf')) { Router::redirect('home.index'); } $modified = false; if (Helper::post('firstname') != null) { $user->firstname = Helper::post('firstname'); $modified = true; } if (Helper::post('lastname') != null) { $user->lastname = Helper::post('lastname'); $modified = true; } $password = [Helper::post('last_password'), Helper::post('new_password'), Helper::post('confirm_password')]; if (password_verify($password[0], $user->password)) { if ($password[1] == $password[2]) { $user->password = password_hash($password[1], PASSWORD_BCRYPT); $modified = true; } } $result = Helper::post('showName') != null; if ($user->show_name != $result) { $user->show_name = $result ? 1 : 0; $modified = true; } $result = Helper::post('deleteAvatar') != null; if ($result) { $user->avatar = ''; $modified = true; } if (isset($_FILES['avatar']['tmp_name']) && !empty($_FILES['avatar']['tmp_name']) && !$result) { $max_size = 10 * 1024 * 1024; if ($_FILES['avatar']['size'] > $max_size) { Session::setFlash('danger', '', Translate::get('user.modify.error.size')); Router::redirect('account.form', ['id' => $user->id, 'name' => $user->nickname]); } $extensions_valides = ['jpg', 'jpeg', 'gif', 'png']; $extension_upload = strtolower(substr(strrchr($_FILES['avatar']['name'], '.'), 1)); if (!in_array($extension_upload, $extensions_valides)) { Session::setFlash('danger', '', Translate::get('user.modify.error.format')); Router::redirect('account.form', ['id' => $user->id, 'name' => $user->nickname]); } $old_avatar = 'public/img/avatar/' . $user->avatar; $name = time() . '-' . $user->id . '-avatar.png'; if (file_exists(__DIR__ . '/../../' . $old_avatar)) { unlink(__DIR__ . '/../../' . $old_avatar); } $manager = new ImageManager(); $manager->make($_FILES['avatar']['tmp_name'])->fit(128, 128)->save('public/img/avatar/' . $name); $user->avatar = $name; $modified = true; } if ($modified) { $user->save(); Users::sessionSet($user); Session::setFlash('success', '', Translate::get('user.modify.success')); } Router::redirect('account.form', ['id' => $user->id, 'name' => $user->nickname]); }