function user_admin()
{
$infos_user = read_infos_user($_SESSION['id']);
if (false !== $infos_user) {
if ($infos_user['user_pseudo'] == 'nicolas.grenie') {
return true;
} else {
return false;
}
}
}
$form_reset_pwd->add('Text', 'email_adress')->label('Votre adresse e-mail');
$form_reset_pwd->add('Submit', 'submit')->value('Envoyer informations');
//errors and message arrays
$error_reset_pwd = array();
$msg_confirm = array();
//operations on the reset form
if ($form_reset_pwd->is_valid($_POST)) {
$email_addr = $form_reset_pwd->get_cleaned_data('email_adress');
$user_id = find_user_id($email_addr);
if ($user_id !== false) {
$new_pwd = gen_new_pwd();
//generate a new password
update_password_user($user_id, $new_pwd);
//update the modification
$msg_confirm[] = "Mot de passe réinitialisé avec succès, vous recevrez prochainement un mél avec vos différentes informations de connexion. Attention pensez à changer le nouveau mot de passe pour le retenir plus facilement.";
$infos_user = read_infos_user($user_id);
// Preparation du mail
$message_mail = "<html><head><meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\"> </head><body> <p>Nouveau mot de passe <b>NabzFood</b>.</p> <p>Vous avez demandé à changer votre mot de passe pour le site Nabzfood, ce mél est la confirmation que tout s'est bien passé.</p><p>Vos nouvelles informations de connexion : </p><p>Login : "******"</p><p>Mot de passe : " . $new_pwd . "</p>";
if (!empty($infos_user['hash_validation'])) {
print_r($infos_user);
$hash_validation = $infos_user['hash_validation'];
$message_mail .= "<p>Lien pour valider votre compte : <a href=\"http:\\//" . $_SERVER['PHP_SELF'] . "?module=members&action=valid_account&hash=" . $hash_validation . "\">ce lien</a> pour activer votre compte !</p>";
}
//end of empty hash_validation
$message_mail .= "</body></html>";
$subject = "[Nabzfood] Réinitialisation mot de passe";
// Envoi du mail
include './modules/mail/mail.php';
} else {
$error_reset_pwd[] = "Nous n'avons pas trouvé de compte corespondant à cet e-mail, merci d'enter une adresse valide. Si vous n'êtes pas encore inscrit cliquez sur le lien \"Inscription\" dans le menu de gauche.";
}
<?php
//only display this page if user is connected
if (!user_connected() || !verify_get_id($_GET['id'], $_SESSION['id'])) {
include PATH_GLOBAL_VIEW . 'error_not_connected.php';
} else {
//if id is not specified or in the wrong format
if (empty($_GET['id']) or !is_numeric($_GET['id'])) {
include PATH_VIEW . 'error_parameter_profile.php';
} else {
$infos_user = read_infos_user($_SESSION['id']);
if (false !== $infos_user && $infos_user['hash_validation'] == '') {
$username = $infos_user['user_pseudo'];
$email_addr = $infos_user['user_mail'];
$lastconnect = $infos_user['user_lastconnect'];
$_SESSION['email'] = $email_addr;
include PATH_VIEW . 'profile_user.php';
} else {
include PATH_VIEW . 'error_null_profile.php';
}
}
}
//Login Form
include PATH_LIB . 'form.php';
$form_login = new Form('form_login');
$form_login->method('POST');
$form_login->add('Text', 'username')->label("Votre nom d'utilisateur");
$form_login->add('Password', 'password')->label("Votre mot de passe");
$form_login->add('Checkbox', 'auto_login')->required("false")->label("Connexion automatique");
$form_login->add('Submit', 'submit')->value("Connectez-moi !");
$form_login->bound($_POST);
//verification of the login form
$errors_login = array();
if ($form_login->is_valid($_POST)) {
list($username, $password) = $form_login->get_cleaned_data('username', 'password');
$id_user = valid_login($username, sha1($password));
if (false !== $id_user) {
$infos_user = read_infos_user($id_user);
if (!empty($infos_user['hash_validation'])) {
$errors_login[] = "Compte non validé pour recevoir à nouveau un lien d'activation : <a href=\"index.php?module=members&action=reset_pwd\"> formulaire de renvoi de lien d'activation </a> </p>";
include PATH_VIEW . 'form_login.php';
} else {
$_SESSION['id'] = $id_user;
$_SESSION['pseudo'] = $username;
$_SESSION['email'] = $infos_user['user_mail'];
up_lastconnect($id_user);
//up the last_connect of user
if (false !== $form_login->get_cleaned_data('auto_login')) {
$browser = !empty($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$hash_cookie = sha1('592a23516c' . $username . '3b665d692a' . sha1($password) . '307e352c2b' . $browser . '7e79437856');
setcookie('id', $_SESSION['id'], strtotime("+1 month"), '/');
setcookie('auto_login', $hash_cookie, strtotime("+1 month"), '/');
}
<?php
if (!user_admin()) {
include PATH_GLOBAL_VIEW . 'error_not_admin.php';
} else {
require_once PATH_MODEL . 'admin.php';
require_once PATH_MODEL . 'members.php';
require_once PATH_LIB . 'form.php';
$form_mail_user = new Form('form_mail_user');
$form_mail_user->method('POST');
$form_mail_user->add('Text', 'mail_subject')->label('Sujet du message')->value('[Nabzfood]');
$form_mail_user->add('Textarea', 'mail_content')->label('Message')->cols(100)->rows(20);
$form_mail_user->add('Submit', 'Envoyer');
$infos_user = read_infos_user($_GET['uid']);
$pseudo = $infos_user['user_pseudo'];
if ($form_mail_user->is_valid($_POST)) {
$subject = $form_mail_user->get_cleaned_data('mail_subject');
$txtmessage = $_POST['mail_content'];
//dont use get_cleaned because it loose the aspect of the txt
$txtmessage = str_replace("\r\n", "<br \\>", $txtmessage);
//replace txt \n by HTML <br />
$email_addr = $infos_user['user_mail'];
$message_mail = $txtmessage;
//Send mail
include './modules/mail/mail.php';
}
//end of is_valid
include PATH_VIEW . 'form_mail_user.php';
//header("Location: index.php?module=admin&action=users&id=".$_SESSION['id']); //reload Admin user page
}
//end of user_admin
