/**
  * @covers $this->object->reset
  * @todo   Implement testReset().
  */
 public function testReset()
 {
     session_start();
     $_SESSION['test'] = 'TEST';
     $this->object->reset();
     $this->assertEquals(0, count($_SESSION));
 }
Exemplo n.º 2
0
 /**
  * login
  *
  * @param string $email
  * @param string $password
  * @param bool   $rememberMe
  * @param string $userIp
  * @param string $userAgent
  * @return bool
  */
 public function doLogIn($email, $password, $rememberMe, $userIp, $userAgent)
 {
     //1. check if user is blocked
     if ($this->isIpBlocked($userIp)) {
         $this->errors[] = "Your IP Address has been blocked";
         return false;
     }
     //2. validate only presence
     $validation = new Validation();
     if (!$validation->validate(["Your Email" => [$email, 'required'], "Your Password" => [$password, 'required']])) {
         $this->errors = $validation->errors();
         return false;
     }
     //3. check if user has previous failed login attempts
     $database = Database::openConnection();
     $database->getByUserEmail("failed_logins", $email);
     $failedLogin = $database->fetchAssociative();
     $last_time = isset($failedLogin["last_failed_login"]) ? $failedLogin["last_failed_login"] : null;
     $count = isset($failedLogin["failed_login_attempts"]) ? $failedLogin["failed_login_attempts"] : null;
     //check if the failed login attempts exceeded limits
     //@see Validation::attempts()
     if (!$validation->validate(['Failed Login' => [["last_time" => $last_time, "count" => $count], 'attempts']])) {
         $this->errors = $validation->errors();
         return false;
     }
     //4. get user from database
     $database->prepare("SELECT * FROM users WHERE email = :email AND is_email_activated = 1 LIMIT 1");
     $database->bindValue(':email', $email);
     $database->execute();
     $user = $database->fetchAssociative();
     $userId = isset($user["id"]) ? $user["id"] : null;
     $hashedPassword = isset($user["hashed_password"]) ? $user["hashed_password"] : null;
     //5. validate data returned from users table
     if (!$validation->validate(["Login" => [["user_id" => $userId, "hashed_password" => $hashedPassword, "password" => $password], 'credentials']])) {
         //if not valid, then increment number of failed logins
         $this->incrementFailedLogins($email, $failedLogin);
         //also, check if current IP address is trying to login using multiple accounts,
         //if so, then block it, if not, just add a new record to database
         $this->handleIpFailedLogin($userIp, $email);
         $this->errors = $validation->errors();
         return false;
     }
     //reset session
     Session::reset(["user_id" => $userId, "role" => $user["role"], "ip" => $userIp, "user_agent" => $userAgent]);
     //if remember me checkbox is checked, then save data to cookies as well
     if (!empty($rememberMe) && $rememberMe === "rememberme") {
         //reset cookie, Cookie token usable only once
         Cookie::reset($userId);
     } else {
         Cookie::remove($userId);
     }
     //if user credentials are valid then,
     //reset failed logins & forgotten password tokens
     $this->resetFailedLogins($email);
     $this->resetPasswordToken($userId);
     return true;
 }
Exemplo n.º 3
0
 /**
  * Checks if user is logged in or not.
  * It uses Session and Cookies to validate the current user.
  *
  * @access public
  * @static static method
  * @return boolean
  *
  */
 private function loggedIn()
 {
     if (Session::isSessionValid($this->request->clientIp(), $this->request->userAgent())) {
         return true;
     }
     if (Cookie::isCookieValid()) {
         //get role from user class, because cookies don't store roles
         $role = $this->controller->user->getProfileInfo(Cookie::getUserId())["role"];
         Session::reset(["user_id" => Cookie::getUserId(), "role" => $role, "ip" => $this->request->clientIp(), "user_agent" => $this->request->userAgent()]);
         //reset cookie, Cookie token is usable only once
         Cookie::reset(Session::getUserId());
         return true;
     }
     return false;
 }
Exemplo n.º 4
0
     }
 }
 if (isset($_POST['password']) && isset($_POST['passverif']) && !empty($_POST['password']) && !empty($_POST['passverif'])) {
     if ($_POST['password'] == $_POST['passverif']) {
         $password = password_hash($_POST['passverif'], PASSWORD_BCRYPT);
         $req = $pdo->prepare("UPDATE users SET Password=? WHERE Num_adh=?");
         $req->execute([$password, $_SESSION['auth']->Num_adh]);
         $message = "<div class='cadreerreur bgjaune txtcenter'>Mot de passe modifié</div>";
     } else {
         $message = "<div class='cadreerreur bgjaune txtcenter'>Les mots de passe doivent être identiques</div>";
     }
 }
 if (isset($_POST['check_deleted']) && !empty($_POST['check_deleted'])) {
     $req = $pdo->prepare("DELETE FROM users WHERE Num_adh=?");
     $req->execute([$_SESSION['auth']->Num_adh]);
     Session::reset();
     header('Location:index.php?page=home');
 }
 if (isset($_POST['del_last'])) {
     $req = $pdo->prepare("SELECT Jours, date_resa, NumResa FROM resa WHERE Num_adh = ? ORDER BY NumResa asc;");
     $req->execute([$_SESSION['auth']->Num_adh]);
     $fetch = $req->fetchAll(PDO::FETCH_OBJ);
     $now = date_create();
     foreach ($fetch as $f) {
         $datecommande = new DateTime($f->date_resa);
         $jourresa = new DateTime($f->Jours);
         $diff = $now->diff($datecommande);
         $resapassee = $diff->format('%d');
         if ($resapassee < 1 && $datecommande < $jourresa) {
             $lastresa = $f->NumResa;
             $req = $pdo->prepare("DELETE FROM resa WHERE NumResa = '{$lastresa}'");
Exemplo n.º 5
0
<?php

include 'config.php';
$session = new Session($base->pdo);
$account = new Account($base->pdo);
$session->activity(0);
if (isset($_COOKIE["user_id"]) && $_COOKIE["user_token"] && $account->checkToken()) {
    $session->reset($_COOKIE["user_id"]);
} else {
    $account->create('anonymous', '');
}
?>

<!DOCTYPE html>
<html lang="fr">
	<head>
		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
		<title>ChatBox - Conversez à travers le monde</title>
		<meta charset="UTF-8">

		<meta name="viewport" content="width=device-width, user-scalable=no">
		
		<link rel="shortcut icon" type="image/ico" href="favicon.ico" />
		
		<link href="./css/main.css" rel="stylesheet" type="text/css">

	</head>
	
	<body>
		<div class="clearfix welcome">
			<section class="connect">