<?php
if (!user_connected()) {
include PATH_LIB . 'form.php';
$form_reset_pwd = new Form('form_reset_pwd');
$form_reset_pwd->method('POST');
$form_reset_pwd->add('Text', 'email_adress')->label('Votre adresse e-mail');
$form_reset_pwd->add('Submit', 'submit')->value('Envoyer informations');
//errors and message arrays
$error_reset_pwd = array();
$msg_confirm = array();
//operations on the reset form
if ($form_reset_pwd->is_valid($_POST)) {
$email_addr = $form_reset_pwd->get_cleaned_data('email_adress');
$user_id = find_user_id($email_addr);
if ($user_id !== false) {
$new_pwd = gen_new_pwd();
//generate a new password
update_password_user($user_id, $new_pwd);
//update the modification
$msg_confirm[] = "Mot de passe réinitialisé avec succès, vous recevrez prochainement un mél avec vos différentes informations de connexion. Attention pensez à changer le nouveau mot de passe pour le retenir plus facilement.";
$infos_user = read_infos_user($user_id);
// Preparation du mail
$message_mail = "<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"> </head><body> <p>Nouveau mot de passe <b>NabzFood</b>.</p> <p>Vous avez demandé à changer votre mot de passe pour le site Nabzfood, ce mél est la confirmation que tout s'est bien passé.</p><p>Vos nouvelles informations de connexion : </p><p>Login : "******"</p><p>Mot de passe : " . $new_pwd . "</p>";
if (!empty($infos_user['hash_validation'])) {
print_r($infos_user);
$hash_validation = $infos_user['hash_validation'];
$message_mail .= "<p>Lien pour valider votre compte : <a href=\"http:\\//" . $_SERVER['PHP_SELF'] . "?module=members&action=valid_account&hash=" . $hash_validation . "\">ce lien</a> pour activer votre compte !</p>";
}
//end of empty hash_validation
$message_mail .= "</body></html>";
<?php
//only display this page if user is connected
if (!user_connected() || !verify_get_id($_GET['id'], $_SESSION['id'])) {
include PATH_GLOBAL_VIEW . 'error_not_connected.php';
} else {
include PATH_LIB . 'form.php';
//extract infos about the nabz
//$infos_nabz = read_infos_nabz($_GET['id']);
//Edit infos form
$form_edit_infos = new Form('form_edit_infos');
$form_edit_infos->method('POST');
$form_edit_infos->add('Email', 'email_addr')->label('Votre adresse e-mail')->Required(false)->value($_SESSION['email']);
$form_edit_infos->add('Submit', 'submit')->initial('Modifier ces informations');
//Edit password form
$form_edit_password = new Form('form_edit_password');
$form_edit_password->method('POST');
$form_edit_password->add('Password', 'old_password')->label('Votre ancien mot de passe');
$form_edit_password->add('Password', 'new_password')->label('Votre nouveau mot de passe');
$form_edit_password->add('Password', 'verif_new_password')->label('Confirmation nouveau mot de passe');
$form_edit_password->add('Submit', 'submit')->initial('Modifier mon mot de passe');
//Errors array
$errors_form_infos = array();
$errors_form_password = array();
//Message array
if (!empty($_POST['message'])) {
$msg_confirm = $_POST['message'];
}
//Retrieve the message confirmation if is not empty
if ($form_edit_infos->is_valid($_POST)) {
$email_addr = $form_edit_infos->get_cleaned_data('email_addr');
$value = stripslashes($value);
}
array_walk_recursive($_GET, 'remove_magic_quotes_gpc');
array_walk_recursive($_POST, 'remove_magic_quotes_gpc');
array_walk_recursive($_COOKIE, 'remove_magic_quotes_gpc');
}
// Inclusion de Pdo2, potentiellement utile partout
include PATH_LIB . 'pdo2.php';
//is user connected ?
function user_connected()
{
return !empty($_SESSION['id']);
}
include PATH_MODEL . 'members.php';
//User not connected but got autologin cookie
if (!user_connected() && !empty($_COOKIE['id']) && !empty($_COOKIE['auto_login'])) {
//echo 'not connected'.$_COOKIE['id'];
$infos_user = read_infos_user($_COOKIE['id']);
if (false !== $infos_user) {
$browser = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$hash = sha1('592a23516c' . $infos_user['user_pseudo'] . '3b665d692a' . $infos_user['user_pass'] . '307e352c2b' . $browser . '7e79437856');
if ($_COOKIE['auto_login'] == $hash) {
// On enregistre les informations dans la session
$_SESSION['id'] = $_COOKIE['id'];
$_SESSION['pseudo'] = $infos_user['user_pseudo'];
$_SESSION['email'] = $infos_user['user_mail'];
}
}
}
//is user admin ?
function user_admin()
<?php
if (user_connected()) {
include PATH_GLOBAL_VIEW . 'error_already_connected.php';
} else {
//Login Form
include PATH_LIB . 'form.php';
$form_login = new Form('form_login');
$form_login->method('POST');
$form_login->add('Text', 'username')->label("Votre nom d'utilisateur");
$form_login->add('Password', 'password')->label("Votre mot de passe");
$form_login->add('Checkbox', 'auto_login')->required("false")->label("Connexion automatique");
$form_login->add('Submit', 'submit')->value("Connectez-moi !");
$form_login->bound($_POST);
//verification of the login form
$errors_login = array();
if ($form_login->is_valid($_POST)) {
list($username, $password) = $form_login->get_cleaned_data('username', 'password');
$id_user = valid_login($username, sha1($password));
if (false !== $id_user) {
$infos_user = read_infos_user($id_user);
if (!empty($infos_user['hash_validation'])) {
$errors_login[] = "Compte non validé pour recevoir à nouveau un lien d'activation : <a href=\"index.php?module=members&action=reset_pwd\"> formulaire de renvoi de lien d'activation </a> </p>";
include PATH_VIEW . 'form_login.php';
} else {
$_SESSION['id'] = $id_user;
$_SESSION['pseudo'] = $username;
$_SESSION['email'] = $infos_user['user_mail'];
up_lastconnect($id_user);
//up the last_connect of user
if (false !== $form_login->get_cleaned_data('auto_login')) {
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="fr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Nabzfood - Un lapin qui a de l'appétit</title>
<meta http-equiv="Content-Language" content="fr" />
<link rel="stylesheet" href="style/global.css" type="text/css" media="screen" />
<link rel="stylesheet" href="style/nabz.css" type="text/css" media="screen" />
<link rel="stylesheet" href="style/table_product.css" type="text/css" media="screen" />
</head>
<body>
<h1>Nabzfood - Un lapin qui a de l'appétit</h1>
<div id="left">
<?php
include 'global/menu.php';
if (user_connected() && user_has_nabz($_SESSION['id']) > 0) {
include 'global/nabz_summary.php';
}
?>
</div>
<div id="centre">
public function show_diaries()
{
if (user_connected()) {
$user = User::get_by_login($_SESSION['user']);
$diaries = array();
$diaries = Diary::get_all_diaries($user->id());
include 'views/diaries.php';
} else {
show_message("message_error", "Vous n'êtes pas connecté");
include 'views/signin.php';
}
}