makeVerifications(); $logging_in_user->login(); } catch (AssertionError $e) { $has_error = true; $error_message = $e->getMessage(); } } if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) { $recuperate_account = new RecuperateAccount($_POST); try { $recuperate_account->makeVerifications(); $recuperate_account->recuperateAccount(); } catch (AssertionError $e) { $has_error = true; $error_message = $e->getMessage(); } } if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) { $reset_password = new ResetPassword($_GET, $_POST); try { $reset_password->makeVerifications(); if (isset($_POST["password"])) $reset_password->resetPassword(); } catch (AssertionError $e) { $has_error = true; $error_message = $e->getMessage(); } } if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) sendConfirmEmail(); class LoggingInUser { public $email; /** @var User $user */ public $user; private $password; public function __construct($data) { foreach ($data as $key => $value) $this->$key = htmlspecialchars($value); } public function makeVerifications() { ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide."); $this->user = User::fromEmail($this->email); ensure($this->user != null, "Le compte n'existe pas."); ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect."); if ($this->user->getConfirmEmailToken() != null) { $_SESSION["confirm_email"] = $this->email; /** @noinspection HtmlUnknownTarget */ throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). " . "Cliquez ici pour renvoyer le mail de confirmation."); } } public function login() { $_SESSION["user_id"] = $this->user->getId(); $this->user->setForgottenPasswordToken(null); loadUserValues(); } } class RecuperateAccount { public $email; /** @var User $user */ public $user; public function __construct($data) { foreach ($data as $key => $value) $this->$key = htmlspecialchars($value); } public function makeVerifications() { ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide."); $this->user = User::fromEmail($this->email); ensure($this->user != null, "Le compte n'existe pas."); } public function recuperateAccount() { $token = genRandomPhrase(64); $this->user->setForgottenPasswordToken($token); Mailer::sendForgottenPasswordProcedureMail($this->user); } } class ResetPassword { public $token; /** @var User $user */ public $user; private $password; private $confirm_password; public function __construct($data, $data2) { foreach ($data as $key => $value) $this->$key = htmlspecialchars($value); foreach ($data2 as $key => $value) $this->$key = htmlspecialchars($value); } public function makeVerifications() { global $DB; $data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch(); ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton."); $this->user = User::fromId($data["id"]); if (!isset($_POST["password"])) return; ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents."); ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères."); } public function resetPassword() { $this->user->setForgottenPasswordToken(null); $this->user->setPassword($this->password); Mailer::sendChangePasswordMail($this->user); return false; } } function sendConfirmEmail() { global $URL_BASE; $email = htmlspecialchars($_SESSION["confirm_email"]); if (!isset($email)) { header("Location: $URL_BASE/connexion"); exit(); } $user = User::fromEmail($email); if ($user === null) { unset($_SESSION["confirm_email"]); header("Location: $URL_BASE/connexion"); exit(); } Mailer::sendConfirmEmail($user); return false; } require_once "server_files/views/connexion.php";