2019-09-09 23:48:52 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
$has_error = false;
|
|
|
|
$error_message = null;
|
|
|
|
|
2019-09-24 21:18:32 +00:00
|
|
|
if (isset($_POST["login"]) && !isset($_SESSION["user_id"])) {
|
2019-09-09 23:48:52 +00:00
|
|
|
$logging_in_user = new LoggingInUser($_POST);
|
|
|
|
try {
|
|
|
|
$logging_in_user->makeVerifications();
|
|
|
|
$logging_in_user->login();
|
|
|
|
} catch (AssertionError $e) {
|
|
|
|
$has_error = true;
|
|
|
|
$error_message = $e->getMessage();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
|
|
|
|
$recuperate_account = new RecuperateAccount($_POST);
|
|
|
|
try {
|
|
|
|
$recuperate_account->makeVerifications();
|
|
|
|
$recuperate_account->recuperateAccount();
|
|
|
|
} catch (AssertionError $e) {
|
|
|
|
$has_error = true;
|
|
|
|
$error_message = $e->getMessage();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
|
|
|
|
$reset_password = new ResetPassword($_GET, $_POST);
|
|
|
|
try {
|
|
|
|
$reset_password->makeVerifications();
|
|
|
|
if (isset($_POST["password"]))
|
|
|
|
$reset_password->resetPassword();
|
|
|
|
} catch (AssertionError $e) {
|
|
|
|
$has_error = true;
|
|
|
|
$error_message = $e->getMessage();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"]))
|
|
|
|
sendConfirmEmail();
|
|
|
|
|
|
|
|
class LoggingInUser
|
|
|
|
{
|
|
|
|
public $email;
|
|
|
|
/** @var User $user */
|
|
|
|
public $user;
|
|
|
|
private $password;
|
|
|
|
|
|
|
|
public function __construct($data)
|
|
|
|
{
|
|
|
|
foreach ($data as $key => $value)
|
|
|
|
$this->$key = htmlspecialchars($value);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function makeVerifications()
|
|
|
|
{
|
|
|
|
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
|
|
|
|
$this->user = User::fromEmail($this->email);
|
|
|
|
ensure($this->user != null, "Le compte n'existe pas.");
|
|
|
|
ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect.");
|
|
|
|
if ($this->user->getConfirmEmailToken() != null) {
|
|
|
|
$_SESSION["confirm_email"] = $this->email;
|
2019-09-24 10:04:42 +00:00
|
|
|
/** @noinspection HtmlUnknownTarget */
|
2019-09-09 23:48:52 +00:00
|
|
|
throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). "
|
2019-09-23 22:16:50 +00:00
|
|
|
. "<a href=\"/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.");
|
2019-09-09 23:48:52 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
public function login()
|
|
|
|
{
|
|
|
|
$_SESSION["user_id"] = $this->user->getId();
|
|
|
|
loadUserValues();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class RecuperateAccount
|
|
|
|
{
|
|
|
|
public $email;
|
|
|
|
/** @var User $user */
|
|
|
|
public $user;
|
|
|
|
|
|
|
|
public function __construct($data)
|
|
|
|
{
|
|
|
|
foreach ($data as $key => $value)
|
|
|
|
$this->$key = htmlspecialchars($value);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function makeVerifications()
|
|
|
|
{
|
|
|
|
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
|
|
|
|
$this->user = User::fromEmail($this->email);
|
|
|
|
ensure($this->user != null, "Le compte n'existe pas.");
|
|
|
|
}
|
|
|
|
|
|
|
|
public function recuperateAccount()
|
|
|
|
{
|
|
|
|
$token = genRandomPhrase(64);
|
|
|
|
$this->user->setForgottenPasswordToken($token);
|
|
|
|
Mailer::sendForgottenPasswordProcedureMail($this->user);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
class ResetPassword
|
|
|
|
{
|
|
|
|
public $token;
|
|
|
|
/** @var User $user */
|
|
|
|
public $user;
|
|
|
|
private $password;
|
|
|
|
private $confirm_password;
|
|
|
|
|
|
|
|
public function __construct($data, $data2)
|
|
|
|
{
|
|
|
|
foreach ($data as $key => $value)
|
|
|
|
$this->$key = htmlspecialchars($value);
|
|
|
|
foreach ($data2 as $key => $value)
|
|
|
|
$this->$key = htmlspecialchars($value);
|
|
|
|
}
|
|
|
|
|
|
|
|
public function makeVerifications()
|
|
|
|
{
|
|
|
|
global $DB;
|
|
|
|
$data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch();
|
|
|
|
ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton.");
|
|
|
|
$this->user = User::fromId($data["id"]);
|
|
|
|
|
2019-09-24 10:04:42 +00:00
|
|
|
if (!isset($_POST["password"]))
|
2019-09-09 23:48:52 +00:00
|
|
|
return;
|
|
|
|
|
|
|
|
ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents.");
|
|
|
|
ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères.");
|
|
|
|
}
|
|
|
|
|
|
|
|
public function resetPassword()
|
|
|
|
{
|
|
|
|
$this->user->setForgottenPasswordToken(null);
|
|
|
|
$this->user->setPassword($this->password);
|
|
|
|
|
|
|
|
Mailer::sendChangePasswordMail($this->user);
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
function sendConfirmEmail()
|
|
|
|
{
|
|
|
|
global $URL_BASE;
|
|
|
|
|
|
|
|
$email = htmlspecialchars($_SESSION["confirm_email"]);
|
|
|
|
|
|
|
|
if (!isset($email)) {
|
|
|
|
header("Location: $URL_BASE/connexion");
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
$user = User::fromEmail($email);
|
|
|
|
|
|
|
|
if ($user === null) {
|
|
|
|
unset($_SESSION["confirm_email"]);
|
|
|
|
header("Location: $URL_BASE/connexion");
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
Mailer::sendConfirmEmail($user);
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
require_once "server_files/views/connexion.php";
|