/** * @covers $this->object->reset * @todo Implement testReset(). */ public function testReset() { session_start(); $_SESSION['test'] = 'TEST'; $this->object->reset(); $this->assertEquals(0, count($_SESSION)); }
/** * login * * @param string $email * @param string $password * @param bool $rememberMe * @param string $userIp * @param string $userAgent * @return bool */ public function doLogIn($email, $password, $rememberMe, $userIp, $userAgent) { //1. check if user is blocked if ($this->isIpBlocked($userIp)) { $this->errors[] = "Your IP Address has been blocked"; return false; } //2. validate only presence $validation = new Validation(); if (!$validation->validate(["Your Email" => [$email, 'required'], "Your Password" => [$password, 'required']])) { $this->errors = $validation->errors(); return false; } //3. check if user has previous failed login attempts $database = Database::openConnection(); $database->getByUserEmail("failed_logins", $email); $failedLogin = $database->fetchAssociative(); $last_time = isset($failedLogin["last_failed_login"]) ? $failedLogin["last_failed_login"] : null; $count = isset($failedLogin["failed_login_attempts"]) ? $failedLogin["failed_login_attempts"] : null; //check if the failed login attempts exceeded limits //@see Validation::attempts() if (!$validation->validate(['Failed Login' => [["last_time" => $last_time, "count" => $count], 'attempts']])) { $this->errors = $validation->errors(); return false; } //4. get user from database $database->prepare("SELECT * FROM users WHERE email = :email AND is_email_activated = 1 LIMIT 1"); $database->bindValue(':email', $email); $database->execute(); $user = $database->fetchAssociative(); $userId = isset($user["id"]) ? $user["id"] : null; $hashedPassword = isset($user["hashed_password"]) ? $user["hashed_password"] : null; //5. validate data returned from users table if (!$validation->validate(["Login" => [["user_id" => $userId, "hashed_password" => $hashedPassword, "password" => $password], 'credentials']])) { //if not valid, then increment number of failed logins $this->incrementFailedLogins($email, $failedLogin); //also, check if current IP address is trying to login using multiple accounts, //if so, then block it, if not, just add a new record to database $this->handleIpFailedLogin($userIp, $email); $this->errors = $validation->errors(); return false; } //reset session Session::reset(["user_id" => $userId, "role" => $user["role"], "ip" => $userIp, "user_agent" => $userAgent]); //if remember me checkbox is checked, then save data to cookies as well if (!empty($rememberMe) && $rememberMe === "rememberme") { //reset cookie, Cookie token usable only once Cookie::reset($userId); } else { Cookie::remove($userId); } //if user credentials are valid then, //reset failed logins & forgotten password tokens $this->resetFailedLogins($email); $this->resetPasswordToken($userId); return true; }
/** * Checks if user is logged in or not. * It uses Session and Cookies to validate the current user. * * @access public * @static static method * @return boolean * */ private function loggedIn() { if (Session::isSessionValid($this->request->clientIp(), $this->request->userAgent())) { return true; } if (Cookie::isCookieValid()) { //get role from user class, because cookies don't store roles $role = $this->controller->user->getProfileInfo(Cookie::getUserId())["role"]; Session::reset(["user_id" => Cookie::getUserId(), "role" => $role, "ip" => $this->request->clientIp(), "user_agent" => $this->request->userAgent()]); //reset cookie, Cookie token is usable only once Cookie::reset(Session::getUserId()); return true; } return false; }
} } if (isset($_POST['password']) && isset($_POST['passverif']) && !empty($_POST['password']) && !empty($_POST['passverif'])) { if ($_POST['password'] == $_POST['passverif']) { $password = password_hash($_POST['passverif'], PASSWORD_BCRYPT); $req = $pdo->prepare("UPDATE users SET Password=? WHERE Num_adh=?"); $req->execute([$password, $_SESSION['auth']->Num_adh]); $message = "<div class='cadreerreur bgjaune txtcenter'>Mot de passe modifié</div>"; } else { $message = "<div class='cadreerreur bgjaune txtcenter'>Les mots de passe doivent être identiques</div>"; } } if (isset($_POST['check_deleted']) && !empty($_POST['check_deleted'])) { $req = $pdo->prepare("DELETE FROM users WHERE Num_adh=?"); $req->execute([$_SESSION['auth']->Num_adh]); Session::reset(); header('Location:index.php?page=home'); } if (isset($_POST['del_last'])) { $req = $pdo->prepare("SELECT Jours, date_resa, NumResa FROM resa WHERE Num_adh = ? ORDER BY NumResa asc;"); $req->execute([$_SESSION['auth']->Num_adh]); $fetch = $req->fetchAll(PDO::FETCH_OBJ); $now = date_create(); foreach ($fetch as $f) { $datecommande = new DateTime($f->date_resa); $jourresa = new DateTime($f->Jours); $diff = $now->diff($datecommande); $resapassee = $diff->format('%d'); if ($resapassee < 1 && $datecommande < $jourresa) { $lastresa = $f->NumResa; $req = $pdo->prepare("DELETE FROM resa WHERE NumResa = '{$lastresa}'");
<?php include 'config.php'; $session = new Session($base->pdo); $account = new Account($base->pdo); $session->activity(0); if (isset($_COOKIE["user_id"]) && $_COOKIE["user_token"] && $account->checkToken()) { $session->reset($_COOKIE["user_id"]); } else { $account->create('anonymous', ''); } ?> <!DOCTYPE html> <html lang="fr"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>ChatBox - Conversez à travers le monde</title> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, user-scalable=no"> <link rel="shortcut icon" type="image/ico" href="favicon.ico" /> <link href="./css/main.css" rel="stylesheet" type="text/css"> </head> <body> <div class="clearfix welcome"> <section class="connect">