2019-08-21 20:56:46 +00:00
< ? php
include 'config.php' ;
if ( isset ( $_POST [ " submitted " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = login ();
}
2019-09-02 14:39:57 +00:00
if ( isset ( $_POST [ " forgotten_password " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = recuperateAccount ();
}
if ( isset ( $_GET [ " reset_password " ]) && isset ( $_GET [ " token " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$reset_data = $DB -> query ( " SELECT `id`, `email` FROM `users` WHERE `forgotten_password` = ' " . htmlspecialchars ( $_GET [ " token " ]) . " '; " ) -> fetch ();
if ( $reset_data === FALSE ) {
header ( " Location: $URL_BASE /connexion " );
exit ();
}
if ( isset ( $_POST [ " reset_password " ]))
$error_message = resetPassword ();
}
2019-09-02 15:29:27 +00:00
if ( isset ( $_GET [ " confirmation-mail " ]) && ! isset ( $_SESSION [ " user_id " ])) {
$error_message = sendConfirmEmail ();
}
2019-08-21 20:56:46 +00:00
function login () {
2019-09-02 15:29:27 +00:00
global $DB , $URL_BASE , $YEAR ;
2019-08-21 20:56:46 +00:00
$email = htmlspecialchars ( $_POST [ " email " ]);
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL ))
return " L'email entrée est invalide. " ;
$password = htmlspecialchars ( $_POST [ " password " ]);
2019-09-02 15:29:27 +00:00
$result = $DB -> query ( " SELECT `id`, `pwd_hash`, `email`, `surname`, `first_name`, `role`, `team_id`, `confirm_email` FROM `users` WHERE `email` = ' " . $email . " '; " );
2019-08-21 20:56:46 +00:00
if (( $data = $result -> fetch ()) === FALSE )
return " Le compte n'existe pas. " ;
2019-09-02 15:29:27 +00:00
if ( $data [ " confirm_email " ] !== NULL ) {
$_SESSION [ " confirm_email " ] = $email ;
return " L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href= \" $URL_BASE /connexion/confirmation-mail \" >Cliquez ici pour renvoyer le mail de confirmation</a>. " ;
}
2019-08-21 20:56:46 +00:00
if ( ! password_verify ( $password , $data [ " pwd_hash " ]))
return " Le mot de passe est incorrect. " ;
$_SESSION [ " user_id " ] = $data [ " id " ];
$_SESSION [ " email " ] = $data [ " email " ];
$_SESSION [ " surname " ] = $data [ " surname " ];
$_SESSION [ " first_name " ] = $data [ " first_name " ];
$_SESSION [ " role " ] = $data [ " role " ];
$_SESSION [ " team_id " ] = $data [ " team_id " ];
$response = $DB -> query ( " SELECT `tournament`, `validation_status` FROM `teams` WHERE `id` =' " . $_SESSION [ " team_id " ] . " ' AND `year` = ' $YEAR '; " );
$data = $response -> fetch ();
$_SESSION [ " tournament_id " ] = $data [ " tournament " ];
$_SESSION [ " team_validation_status " ] = $data [ " validation_status " ];
return false ;
}
2019-09-02 14:39:57 +00:00
function recuperateAccount () {
global $DB , $MAIL_ADDRESS , $URL_BASE , $YEAR ;
$email = htmlspecialchars ( $_POST [ " email " ]);
if ( ! filter_var ( $email , FILTER_VALIDATE_EMAIL ))
return " L'email entrée est invalide. " ;
$req = $DB -> query ( " SELECT `id` FROM `users` WHERE `email` = ' $email ' AND `year` = $YEAR ; " );
if ( ! $req -> fetch ())
return " Le compte n'existe pas. " ;
$token = uniqid ();
$DB -> exec ( " UPDATE `users` SET `forgotten_password` = ' $token ' WHERE `email` = ' $email ' AND `year` = $YEAR ; " );
$msg = " Bonjour, \r \n \r \n "
. " Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : $URL_BASE /connexion/reinitialiser_mdp/ $token\r\n\r\n "
. " Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message. \r \n \r \n "
. " Cordialement, \r \n \r \n "
. " Le comité national d'organisation du TFJM². " ;
mail ( " $email " , " Mot de passe oublié - TFJM² " , $msg , " From: $MAIL_ADDRESS\r\n " );
return false ;
}
function resetPassword () {
global $DB , $MAIL_ADDRESS , $reset_data ;
$id = $reset_data [ " id " ];
$email = $reset_data [ " email " ];
$password = htmlspecialchars ( $_POST [ " password " ]);
$confirm = htmlspecialchars ( $_POST [ " confirm_password " ]);
if ( strlen ( $password ) < 8 )
return " Le mot de passe doit comporter au moins 8 caractères. " ;
if ( $password != $confirm )
return " Les deux mots de passe sont différents. " ;
$hash = password_hash ( $password , PASSWORD_BCRYPT );
$DB -> prepare ( " UPDATE `users` SET `pwd_hash` = ?, `forgotten_password` = NULL WHERE `id` = ?; " ) -> execute ([ $hash , $id ]);
2019-09-02 15:29:27 +00:00
$msg = " Bonjour, \r \n \r \n Nous vous informons que votre mot de passe vient d'être modifié. "
. " Si vous n'êtes pas à l'origine de cette manipulation, veuillez immédiatement vérifier vos accès à votre boîte mail et changer votre mot de passe sur la plateforme d'inscription. \r \n \r \n "
. " Cordialement, \r \n \r \n Le comité national d'organisation du TFJM² " ;
mail ( $email , " Mot de passe modifié TFJM² " , $msg , " From: $MAIL_ADDRESS\r\n " );
2019-09-02 14:39:57 +00:00
return false ;
}
2019-09-02 15:29:27 +00:00
function sendConfirmEmail () {
global $DB , $URL_BASE , $MAIL_ADDRESS , $YEAR ;
$email = htmlspecialchars ( $_SESSION [ " confirm_email " ]);
if ( ! isset ( $email )) {
header ( " Location: $URL_BASE /connexion " );
exit ();
}
$data = $DB -> query ( " SELECT `confirm_email` FROM `users` WHERE `email` = ' $email ' AND `year` = $YEAR ; " ) -> fetch ();
if ( $data === FALSE ) {
unset ( $_SESSION [ " confirm_email " ]);
header ( " Location: $URL_BASE /connexion " );
exit ();
}
$confirm_email_uid = $data [ " confirm_email " ];
$msg = " Bonjour, \r \n \r \n Pour confirmer votre adresse mail, cliquez ici : $URL_BASE /confirmer_mail/ $confirm_email_uid\r\n\r\n "
. " Cordialement, \r \n \r \n Le comité national d'organisation du TFJM² " ;
mail ( $email , " Confirmation d'adresse mail TFJM² $YEAR " , $msg , " From: $MAIL_ADDRESS\r\n " );
return false ;
}
2019-08-21 20:56:46 +00:00
?>
< ? php include " header.php " ?>
< ? php if ( isset ( $error_message ) && $error_message ) echo " <h2>Erreur : " . $error_message . " </h2> " ; ?>
< ? php
if ( isset ( $error_message ) && $error_message === FALSE ) {
2019-09-02 14:39:57 +00:00
if ( isset ( $_GET [ " mdp_oublie " ]))
echo " Le mail de récupération de mot de passe a bien été envoyé. " ;
else if ( isset ( $_POST [ " reset_password " ]))
echo " Le mot de passe a bien été changé. Vous pouvez désormais vous connecter. " ;
2019-09-02 15:29:27 +00:00
else if ( isset ( $_GET [ " confirmation-mail " ]))
echo " Le mail a bien été renvoyé. " ;
2019-09-02 14:39:57 +00:00
else
echo " Connexion réussie ! " ;
}
else if ( isset ( $_SESSION [ " user_id " ])) { ?>
2019-08-21 20:56:46 +00:00
< h2 > Vous êtes déjà connecté !</ h2 >
< ? php } else { ?>
2019-09-02 14:39:57 +00:00
< ? php if ( isset ( $_GET [ " mdp_oublie " ])) { ?>
< form method = " POST " >
< table style = " width: 100%; " >
< tbody >
< tr >
< td style = " width: 30%; " >
< label for = " email " > E - mail associée au compte :</ label >
</ td >
< td style = " width: 70%; " >
< input style = " width: 100%; " type = " email " id = " email " name = " email " />
</ td >
</ tr >
< tr >
< td colspan = " 2 " >
< input style = " width: 100%; " type = " submit " name = " forgotten_password " value = " Envoyer l'e-mail de récupération " />
</ td >
</ tr >
</ tbody >
</ table >
</ form >
2019-09-02 15:29:27 +00:00
< ? php } elseif ( isset ( $_GET [ " reset_password " ])) { ?>
2019-09-02 14:39:57 +00:00
< form method = " POST " >
< input type = " hidden " name = " token " value = " <?= $_GET["token"] ?> " />
< table style = " width: 100%; " >
< tbody >
< tr >
< td style = " width: 30%; " >
< label for = " password " > Nouveau mot de passe :</ label >
</ td >
< td style = " width: 70%; " >
< input style = " width: 100%; " type = " password " id = " password " name = " password " />
</ td >
</ tr >
< tr >
< td style = " width: 30%; " >
< label for = " confirm_password " > Confirmer le mot de passe :</ label >
</ td >
< td style = " width: 70%; " >
< input style = " width: 100%; " type = " password " id = " confirm_password " name = " confirm_password " />
</ td >
</ tr >
< tr >
< td colspan = " 2 " >
< input style = " width: 100%; " type = " submit " name = " reset_password " value = " Changer le mot de passe " />
</ td >
</ tr >
</ tbody >
</ table >
</ form >
2019-09-02 15:29:27 +00:00
< ? php } elseif ( isset ( $_GET [ " confirmation-mail " ])) { ?>
2019-09-02 14:39:57 +00:00
< ? php } else { ?>
< form method = " POST " >
< input type = " hidden " name = " submitted " value = " true " />
< table style = " width: 100%; " >
< tr >
< td style = " width: 30%; " >< label for = " email " > E - mail :</ label ></ td >
< td style = " width: 70%; " >< input style = " width: 100%; " type = " email " id = " email " name = " email " value = " <?php if (isset( $email )) echo $email ?> " /></ td >
</ tr >
< tr >
< td >< label for = " password " > Mot de passe :</ label ></ td >
< td >< input style = " width: 100%; " type = " password " id = " password " name = " password " /></ td >
</ tr >
< tr >
< td colspan = " 2 " >
<!-- suppress HtmlUnknownTarget -->
< a href = " <?= $URL_BASE ?>/connexion/mdp_oublie " > Mot de passe oublié ? </ a >
</ td >
</ tr >
< tr >
< td colspan = " 2 " >< input style = " width: 100%; " type = " submit " value = " Se connecter " /></ td >
</ tr >
</ table >
</ form >
< ? php } ?>
2019-08-21 20:56:46 +00:00
< ? php include " footer.php " ?>
< ? php } ?>