2019-08-21 20:56:46 +00:00
< ? php
2019-09-06 11:48:50 +00:00
require_once " ../config.php " ;
2019-08-21 20:56:46 +00:00
if ( isset ( $_POST [ " submitted " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = login ();
}
2019-09-02 14:39:57 +00:00
if ( isset ( $_POST [ " forgotten_password " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = recuperateAccount ();
}
if ( isset ( $_GET [ " reset_password " ]) && isset ( $_GET [ " token " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$reset_data = $DB -> query ( " SELECT `id`, `email` FROM `users` WHERE `forgotten_password` = ' " . htmlspecialchars ( $_GET [ " token " ]) . " '; " ) -> fetch ();
if ( $reset_data === FALSE ) {
header ( " Location: $URL_BASE /connexion " );
exit ();
}
if ( isset ( $_POST [ " reset_password " ]))
$error_message = resetPassword ();
}
2019-09-02 15:29:27 +00:00
if ( isset ( $_GET [ " confirmation-mail " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = sendConfirmEmail ();
}
2019-08-21 20:56:46 +00:00
function login () {
2019-09-06 23:33:05 +00:00
global $URL_BASE ;
2019-08-21 20:56:46 +00:00
$email = htmlspecialchars ( $_POST [ " email " ]);
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL ))
return " L'email entrée est invalide. " ;
$password = htmlspecialchars ( $_POST [ " password " ]);
2019-09-06 23:33:05 +00:00
$user = User :: fromEmail ( $email );
if ( $user === FALSE )
2019-08-21 20:56:46 +00:00
return " Le compte n'existe pas. " ;
2019-09-02 15:29:27 +00:00
2019-09-06 23:33:05 +00:00
if ( $user -> getConfirmEmailToken () !== NULL ) {
2019-09-02 15:29:27 +00:00
$_SESSION [ " confirm_email " ] = $email ;
return " L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href= \" $URL_BASE /connexion/confirmation-mail \" >Cliquez ici pour renvoyer le mail de confirmation</a>. " ;
}
2019-09-06 23:33:05 +00:00
if ( ! $user -> checkPassword ( $password ))
2019-08-21 20:56:46 +00:00
return " Le mot de passe est incorrect. " ;
2019-09-06 23:33:05 +00:00
$_SESSION [ " user_id " ] = $user -> getId ();
2019-09-06 11:48:50 +00:00
loadUserValues ();
2019-08-21 20:56:46 +00:00
return false ;
}
2019-09-02 14:39:57 +00:00
function recuperateAccount () {
2019-09-06 23:33:05 +00:00
global $MAIL_ADDRESS , $URL_BASE ;
2019-09-02 14:39:57 +00:00
$email = htmlspecialchars ( $_POST [ " email " ]);
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL ))
return " L'email entrée est invalide. " ;
2019-09-06 23:33:05 +00:00
$user = User :: fromEmail ( $email );
if ( $user == null )
2019-09-02 14:39:57 +00:00
return " Le compte n'existe pas. " ;
$token = uniqid ();
2019-09-06 23:33:05 +00:00
$user -> setForgottenPasswordToken ( $token );
2019-09-02 14:39:57 +00:00
$msg = " Bonjour, \r \n \r \n "
. " Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : $URL_BASE /connexion/reinitialiser_mdp/ $token\r\n\r\n "
. " Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message. \r \n \r \n "
. " Cordialement, \r \n \r \n "
. " Le comité national d'organisation du TFJM². " ;
mail ( " $email " , " Mot de passe oublié - TFJM² " , $msg , " From: $MAIL_ADDRESS\r\n " );
return false ;
}
function resetPassword () {
global $DB , $MAIL_ADDRESS , $reset_data ;
2019-09-06 23:33:05 +00:00
2019-09-02 14:39:57 +00:00
$id = $reset_data [ " id " ];
$email = $reset_data [ " email " ];
$password = htmlspecialchars ( $_POST [ " password " ]);
$confirm = htmlspecialchars ( $_POST [ " confirm_password " ]);
if ( strlen ( $password ) < 8 )
return " Le mot de passe doit comporter au moins 8 caractères. " ;
if ( $password != $confirm )
return " Les deux mots de passe sont différents. " ;
2019-09-06 23:33:05 +00:00
2019-09-02 14:39:57 +00:00
$hash = password_hash ( $password , PASSWORD_BCRYPT );
2019-09-06 23:33:05 +00:00
2019-09-02 14:39:57 +00:00
$DB -> prepare ( " UPDATE `users` SET `pwd_hash` = ?, `forgotten_password` = NULL WHERE `id` = ?; " ) -> execute ([ $hash , $id ]);
2019-09-02 15:29:27 +00:00
$msg = " Bonjour, \r \n \r \n Nous vous informons que votre mot de passe vient d'être modifié. "
. " Si vous n'êtes pas à l'origine de cette manipulation, veuillez immédiatement vérifier vos accès à votre boîte mail et changer votre mot de passe sur la plateforme d'inscription. \r \n \r \n "
. " Cordialement, \r \n \r \n Le comité national d'organisation du TFJM² " ;
mail ( $email , " Mot de passe modifié TFJM² " , $msg , " From: $MAIL_ADDRESS\r\n " );
2019-09-02 14:39:57 +00:00
return false ;
}
2019-09-02 15:29:27 +00:00
function sendConfirmEmail () {
2019-09-06 23:33:05 +00:00
global $URL_BASE , $MAIL_ADDRESS , $YEAR ;
2019-09-02 15:29:27 +00:00
$email = htmlspecialchars ( $_SESSION [ " confirm_email " ]);
if ( ! isset ( $email )) {
header ( " Location: $URL_BASE /connexion " );
exit ();
}
2019-09-06 23:33:05 +00:00
$user = User :: fromEmail ( $email );
2019-09-02 15:29:27 +00:00
2019-09-06 23:33:05 +00:00
if ( $user === null ) {
2019-09-02 15:29:27 +00:00
unset ( $_SESSION [ " confirm_email " ]);
header ( " Location: $URL_BASE /connexion " );
exit ();
}
2019-09-06 23:33:05 +00:00
$confirm_email_uid = $user -> getConfirmEmailToken ();
2019-09-02 15:29:27 +00:00
$msg = " Bonjour, \r \n \r \n Pour confirmer votre adresse mail, cliquez ici : $URL_BASE /confirmer_mail/ $confirm_email_uid\r\n\r\n "
. " Cordialement, \r \n \r \n Le comité national d'organisation du TFJM² " ;
mail ( $email , " Confirmation d'adresse mail TFJM² $YEAR " , $msg , " From: $MAIL_ADDRESS\r\n " );
return false ;
}
2019-09-06 11:48:50 +00:00
require_once " ../views/header.php " ;
require_once " ../views/connexion.php " ;
require_once " ../views/footer.php " ;