plateforme-corres2math/server_files/controllers/connexion.php

170 lines
4.2 KiB
PHP
Raw Normal View History

<?php
$has_error = false;
$error_message = null;
if (isset($_POST["login"]) && !isset($_SESSION["user_id"])) {
$logging_in_user = new LoggingInUser($_POST);
try {
$logging_in_user->makeVerifications();
$logging_in_user->login();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
$recuperate_account = new RecuperateAccount($_POST);
try {
$recuperate_account->makeVerifications();
$recuperate_account->recuperateAccount();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
$reset_password = new ResetPassword($_GET, $_POST);
try {
$reset_password->makeVerifications();
if (isset($_POST["password"]))
$reset_password->resetPassword();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"]))
sendConfirmEmail();
class LoggingInUser
{
public $email;
/** @var User $user */
public $user;
private $password;
public function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
}
public function makeVerifications()
{
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
$this->user = User::fromEmail($this->email);
ensure($this->user != null, "Le compte n'existe pas.");
ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect.");
if ($this->user->getConfirmEmailToken() != null) {
$_SESSION["confirm_email"] = $this->email;
/** @noinspection HtmlUnknownTarget */
throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). "
. "<a href=\"/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.");
}
}
public function login()
{
$_SESSION["user_id"] = $this->user->getId();
loadUserValues();
}
}
class RecuperateAccount
{
public $email;
/** @var User $user */
public $user;
public function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
}
public function makeVerifications()
{
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
$this->user = User::fromEmail($this->email);
ensure($this->user != null, "Le compte n'existe pas.");
}
public function recuperateAccount()
{
$token = genRandomPhrase(64);
$this->user->setForgottenPasswordToken($token);
Mailer::sendForgottenPasswordProcedureMail($this->user);
}
}
class ResetPassword
{
public $token;
/** @var User $user */
public $user;
private $password;
private $confirm_password;
public function __construct($data, $data2)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
foreach ($data2 as $key => $value)
$this->$key = htmlspecialchars($value);
}
public function makeVerifications()
{
global $DB;
$data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch();
ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton.");
$this->user = User::fromId($data["id"]);
if (!isset($_POST["password"]))
return;
ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents.");
ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères.");
}
public function resetPassword()
{
$this->user->setForgottenPasswordToken(null);
$this->user->setPassword($this->password);
Mailer::sendChangePasswordMail($this->user);
return false;
}
}
function sendConfirmEmail()
{
global $URL_BASE;
$email = htmlspecialchars($_SESSION["confirm_email"]);
if (!isset($email)) {
header("Location: $URL_BASE/connexion");
exit();
}
$user = User::fromEmail($email);
if ($user === null) {
unset($_SESSION["confirm_email"]);
header("Location: $URL_BASE/connexion");
exit();
}
Mailer::sendConfirmEmail($user);
return false;
}
require_once "server_files/views/connexion.php";