public function logoff() { $authManager = new \W\Security\AuthentificationManager(); $authManager->logUserOut(); // on se déconnecte, on retourne à l'accueil $this->redirectToRoute('home'); }
/** * Création d'un utilisateur */ public function create() { function securise($string) { if (ctype_digit($string)) { $string = intval($string); } else { $string = mysql_real_escape_string($string); $string = addcslashes($string, '%_'); $string = htmlspecialchars($string); } return $string; } if (isset($_POST['page_name']) && isset($_POST['passwrd']) && isset($_POST['mail']) && !empty($_POST['page_name']) && !empty($_POST['passwrd']) && !empty($_POST['mail'])) { // Si on a toutes les infos $pagename = securise($_POST['page_name']); $passwrd = securise($_POST['passwrd']); $mail = securise($_POST['mail']); $usersManager = new \Manager\UsersManager(); $usersManager->insert(['page_name' => $pagename, 'passwrd' => password_hash($passwrd, PASSWORD_DEFAULT), 'mail' => $mail]); $userSession = new \W\Security\AuthentificationManager(); $userSession->logUserIn($user); $usersManager = new \Manager\UsersManager(); $user = $usersManager->find($userId); unset($user['password']); // on instancie les datas de base en DB $userID = $user['id']; $name = 'avatar_1'; $value = 'gergregegregergegregregregrege'; $initdata = new \Manager\OptionsManager(); $initdata->insertInit($userID, $name, $value); } $this->redirectToRoute('backoffice'); }
public function check() { $authentificationManager = new \W\Security\AuthentificationManager(); $loggedUser = $authentificationManager->getLoggedUser(); //si l'utilisateur est déjà connecté... if ($loggedUser) { return true; } //si on a un cookie de w_remember_me if (!empty($_COOKIE['kikala_remember_me'])) { //check en base de données que les données sont les bonnes $cookieData = json_decode($_COOKIE['kikala_remember_me'], true); $userManager = new \Manager\UserManager(); $user = $userManager->find($cookieData['id']); //si le hash du cookie verifie le hash en bdd if (password_verify($cookieData['token'], $user['tokenCookie'])) { $authentificationManager->logUserIn($user); return true; } else { //efface le cookie erroné setcookie('kikala_remember_me', '', 0, '/'); return false; } } return false; }
public function mailPasswordRecovery($token, $id) { unset($_SESSION['error']); if (isset($token) && isset($id)) { $usermanager = new \Manager\UserManager(); $auth = new \W\Security\AuthentificationManager(); $user = $usermanager->find($id); $tokenVerif = $user['token']; if (password_verify($token, $tokenVerif)) { $usermanager->update(['token' => '', 'token_timestamp' => 0], $id); $auth->logUserIn($user); $_SESSION['error']['forgetpassword'] = "******"; $this->show('user/changepassword', ['id' => $id]); } else { $_SESSION['error']['forgetpassword'] = "******"; } } else { $_SESSION['error']['forgetpassword'] = "******"; } $this->show('default/home'); }
function confirmAccount($token, $subscription) { //die(time().'---'.$token.'---->'.$subscription); if ($token != 0 && time() < $token && $subscription == 0) { $response[0] = true; $response[1] = "Log correct but please check your mail for confirmation's account !"; } else { if ($token != 0 && time() > $token && $subscription == 0) { $usermanager = new \Manager\UserManager(); $auth = new \W\Security\AuthentificationManager(); $usermanager->delete($_SESSION['user']['id']); $auth->logUserOut(); setcookie("auth", "", time() - 3600, '/', 'localhost', false, true); $response[0] = false; $response[1] = "Your account don't confirm during 3 days so I deleted it Mother F****r!"; } else { $response[0] = true; $response[1] = "Log correct !"; } } return $response; }
/** * Page Inscription d'une formation */ public function manageInscriptions() { $message = array(); // inscription à une formation // si l'utilisateur n'est pas connecté => Message d'erreur : il faut se connecter pour s'inscrire $authentificationManager = new \W\Security\AuthentificationManager(); if (!$authentificationManager->getLoggedUser()) { $message[] = 'Merci de vous connecter pour vous inscrire à une formation'; } else { $authentificationManager->refreshUser(); $loggedUser = $this->getUser(); $newinscription = new \Manager\InscriptionManager(); $newuser = new \Manager\UserManager(); if ($_POST['register'] == 1) { // inscription $insert = $newinscription->insert(['userId' => $loggedUser['id'], 'formationId' => $_POST['formation-id']]); // if ($insert) { // Inscription : supprimer un kiko à l'user $newuser->manageKikos($loggedUser['id'], 'del'); $message[] = 'Vous êtes bien inscrit !'; } } else { // Annulation d'une inscription $del = $newinscription->cancelInscription($_POST['formation-id'], $loggedUser['id']); if ($del) { // Désinscription : on ajoute un kiko à l'user $newuser->manageKikos($loggedUser['id'], 'add'); $message[] = 'Votre annulation a bien été pris en compte !'; } } $authentificationManager->refreshUser(); $loggedUser = $this->getUser(); $message[] = $loggedUser['credit']; } $messagesJson = json_encode($message); header("Content-Type: application/json"); echo $messagesJson; }
/** * Page Inscription d'une formation */ public function formationregister() { $error = array(); // si l'utilisateur n'est pas connecté => on redirige vers la page de connexion $authentificationManager = new \W\Security\AuthentificationManager(); if (!$authentificationManager->getLoggedUser()) { $this->show('user/login'); } else { $loggedUser = $this->getUser(); } if ($_POST) { $title = $_POST['title']; $description = $_POST['description']; $dateform = $_POST['dateform']; $duration = $_POST['duration']; $nbrplace = $_POST['nbrplace']; $address = $_POST['address']; $zip = $_POST['codepostal']; $city = $_POST['city']; $country = $_POST['country']; $isValid = true; // Contrôle des champs obligatoires sur la formation $validator = new \Utils\FormValidator(); $validator->validateNotEmpty($title, "title", "Saisir un titre !"); $validator->validateNotEmpty($description, "description", "Saisir une description !"); $validator->validateNotEmpty($dateform, "dateform", "Saisir une date !"); $validator->validateNotEmpty($duration, "duration", "Saisir une durée !"); $validator->validateNotEmpty($nbrplace, "nbrplace", "Saisir un nombre de place !"); $validator->validateNotEmpty($address, "address", "Saisir une adresse !"); $validator->validateNotEmpty($zip, "codepostal", "Saisir un code postal !"); $validator->validateNotEmpty($city, "city", "Saisir une ville !"); $validator->validateNotEmpty($country, "country", "Saisir un pays !"); if (!$validator->isValid()) { $error = $validator->getErrors(); $isValid = false; } if ($_FILES['image']['size'] != 0) { $file = new \Utils\ImageUpload($_FILES['image'], 'assets/img/formations/src/'); $file->uploadFile(); if (!$file->isValid()) { $isValid = false; $error['image'] = $file->getErrors(); } else { // transforme le fichier au bon format $file->reduceImage('assets/img/formations/thumbnail/'); $error['image'] = 'img/formations/src/' . $file->getFileName(); $_SESSION['image_formation'] = $file->getFileName(); } } if ($isValid) { $newformation = new \Manager\FormationManager(); $date = \DateTime::createFromFormat('j/m/Y', $dateform); $title = $validator->convertSpecialCaractere($title); $description = $validator->convertSpecialCaractere($description); if ($_SESSION['image_formation']) { $file_name = $_SESSION['image_formation']; } else { $file_name = ''; } // 2 - on appelle la méthode insert $newformation->insert(["title" => $title, "dateFormation" => $date->format('Y-m-d H:i:s'), "duration" => $duration, "userId" => $loggedUser['id'], "dateCreated" => date("Y-m-d H:i:s"), "description" => $description, "image" => $file_name, "totalNumberPlace" => $nbrplace, "address" => $address, "zip" => $zip, "city" => $city, "country" => $country]); unset($_SESSION['image_formation']); $id = $newformation->lastInsertFormation()['id']; // on redirige l'utilisateur vers la page $this->redirectToRoute("detail_formation", ['id' => $id]); } } $this->show('formation/formationregister', ['error' => $error]); }
<?php //autochargement des classes require "../vendor/autoload.php"; include 'assets/inc/functions.php'; //configuration require "../app/config.php"; //rares fonctions globales require "../W/globals.php"; //instancie notre appli en lui passant la config et les routes $app = new W\App($w_routes, $w_config); if (isset($_COOKIE['auth']) && !isset($_SESSION['user'])) { $auth = $_COOKIE['auth']; $auth = explode('-----', $auth); $usermanager = new \Manager\UserManager(); $user = $usermanager->find($auth[0]); $key = sha1($user['username'] . $user['password'] . $_SERVER['REMOTE_ADDR']); if ($key == $auth[1]) { $auth = new \W\Security\AuthentificationManager(); $auth->logUserIn($user); setcookie("auth", $user['id'] . '-----' . $key, time() + 3600 * 24 * 3, '/', '127.0.0.1', false, true); } else { setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true); } } //exécute l'appli $app->run();
public function logoff() { $authManager = new \W\Security\AuthentificationManager(); $authManager->logUserOut(); $this->redirectToRoute('login'); }
/** * Deconnexion de l'utilisateur * Affichage de la page home **/ public function logOut() { $user = new \W\Security\AuthentificationManager(); $user->logUserOut(); $this->redirectToRoute('home'); }
public function controlProfilModify() { unset($_SESSION['error']); if ($_POST) { if (isset($_POST['nom'])) { $login = $_POST['nom']; } if (isset($_POST['user_mail'])) { $email = $_POST['user_mail']; } if (isset($_POST['birthday'])) { $birthday = $_POST['birthday']; } if (isset($_POST['country'])) { $country = $_POST['country']; } if (isset($_POST['bio'])) { $bio = $_POST['bio']; } if (preg_match("#^([A-Z]|[a-z])(a-z)*(_)?[a-z]+\$#", $login)) { if (filter_var($email, FILTER_VALIDATE_EMAIL)) { $urlphoto = \uploadUserPicture(); $usermanager = new \Manager\UserManager(); $usermanager->update(['username' => $login, 'urlpicture' => $urlphoto, 'email' => $email, 'birthday' => $birthday, 'country' => $country, 'biography' => trim($bio)], $_SESSION['user']['id']); // die('rrrr'); $user = $usermanager->getUserByUsernameOrEmail($email); $auth = new \W\Security\AuthentificationManager(); $auth->logUserIn($user); $_SESSION['error']['controlProfilModify'] = "Votre profil a bien été modifié ! "; } else { $_SESSION['error']['controlProfilModify'] = "L'email n'est pas dans un format valide ! "; } } else { $_SESSION['error']['controlProfilModify'] = "Le login ne peut comporter de caractère spéciaux ( [ { / \\ & # @ ] } ) ainsi que les accents! "; } } $this->redirectToRoute('profilmodify'); }
public function logout() { unset($_SESSION['error']); $auth = new \W\Security\AuthentificationManager(); $auth->logUserOut(); setcookie("auth", "", time() - 3600, '/', 'localhost', false, true); $this->redirectToRoute('home'); }
public function logout() { $auth = new \W\Security\AuthentificationManager(); $auth->logUserOut(); setcookie("auth", "", time() - 3600, '/', '127.0.0.1', false, true); $this->redirectToRoute('log'); }
/** * Page de modification du profil */ public function profile($username) { $error = array(); $isValid = true; // on crée l'instance UserManager $userManager = new \Manager\UserManager(); // on crée une instance security manager $authentificationManager = new \W\Security\AuthentificationManager(); // - on récupère l'utilisateur connecté $userConnect = $authentificationManager->getLoggedUser(); // formulaire soumis ? if ($_POST) { $username = $_POST['username']; $lastname = $_POST['lastname']; $firstname = $_POST['firstname']; $birthyear = $_POST['birthyear']; $sex = $_POST['sex']; $job = $_POST['job']; $instructorDescription = $_POST['instructorDescription']; $studentDescription = $_POST['studentDescription']; // validation des données => à coder $isValid = true; // Contrôle des champs obligatoires sur la formation $validator = new \Utils\FormValidator(); $validator->validateNotEmpty($username, "username", "Le pseudo est obligatoire !"); $validator->validateNotEmpty($lastname, "lastname", "Saisir votre nom !"); $validator->validateNotEmpty($firstname, "firstname", "Saisir votre prénom !"); $validator->validateNotEmpty($birthyear, "birthyear", "Saisir votre année de naissance !"); $validator->validateNotEmpty($sex, "sex", "Indiquer votre sexe !"); $validator->validateNotEmpty($job, "job", "Saisir votre métier !"); $validator->validateNotEmpty($instructorDescription, "instructorDescription", "Saisir votre description en tant que formateur !"); $validator->validateNotEmpty($studentDescription, "studentDescription", "Saisir votre description en tant qu'étudiant !"); if ($validator->isValid()) { $validator->validateYear($birthyear, "birthyear", "Votre année de naissance doit être comprise entre 1900-2099 !"); $validator->validateCharacter($username, "username", "Le pseudo comporte des caractères interdits !"); } if (!$validator->isValid()) { $error = $validator->getErrors(); $isValid = false; } if ($isValid) { // 1 - on crée l'instance $userManager = new \Manager\UserManager(); if ($userConnect['username'] != $username) { if ($userManager->usernameExists($username)) { $isValid = false; $error['username'] = '******'; } } } // upload du fichier if ($_FILES['image']['size'] != 0) { $file = new \Utils\ImageUpload($_FILES['image'], 'assets/img/users/'); $file->uploadFile(); $file->reduceImage(false); if (!$file->isValid()) { $isValid = false; $error['image'] = $file->getErrors(); } else { $error['image'] = 'img/users/' . $file->getFileName(); $_SESSION['image_user'] = $file->getFileName(); } } else { $_SESSION['image_user'] = '******'; } // si c'est valide if ($isValid) { // Mise à jour dans la base de données // 2 - on appelle la méthode update $user = $userManager->update(["username" => $_POST['username'], "lastname" => $_POST['lastname'], "firstname" => $_POST['firstname'], "birthyear" => $_POST['birthyear'], "sex" => $_POST['sex'], "job" => $_POST['job'], "instructorDescription" => $_POST['instructorDescription'], "studentDescription" => $_POST['studentDescription'], "image" => $_SESSION['image_user']], $userConnect['id']); // on met à jour les données utilisateurs $authentificationManager->refreshUser(); $userConnect = $authentificationManager->getLoggedUser(); } } else { $_POST = $userConnect; } // 3 - on affiche la page si user trouvé if ($userConnect) { if ($userConnect['image'] == '') { $error['image'] = 'imageprofildefaut.png'; } else { $error['image'] = $userConnect['image']; } if ($userConnect['username'] == $username) { $this->show('user/profile', ['error' => $error]); } } // Sinon on redirige vers une page erreur $this->showForbidden(); }