1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2024-12-25 06:22:22 +00:00

Amélioration du code de la page de connexion

This commit is contained in:
galaxyoyo 2019-09-09 00:41:52 +02:00
parent fbabdff69c
commit 190039a5e8
15 changed files with 270 additions and 259 deletions

View File

@ -29,6 +29,9 @@ $ROUTES["^ajouter_equipe$"] = ["server_files/controllers/ajouter_equipe.php"];
$ROUTES["^ajouter_organisateur$"] = ["server_files/controllers/ajouter_organisateur.php"];
$ROUTES["^ajouter_tournoi$"] = ["server_files/controllers/ajouter_tournoi.php"];
$ROUTES["^confirmer_mail/([a-z0-9]*)/?$"] = ["server_files/controllers/confirmer_mail.php", "token"];
$ROUTES["^connexion/(confirmation-mail)/?$"] = ["server_files/controllers/connexion.php", "confirmation-mail"];
$ROUTES["^connexion/(mdp_oublie)/?$"] = ["server_files/controllers/connexion.php", "mdp_oublie"];
$ROUTES["^connexion/(reinitialiser_mdp)/(.*)/?$"] = ["server_files/controllers/connexion.php", "reset_password", "token"];
$ROUTES["^connexion/?$"] = ["server_files/controllers/connexion.php"];
$ROUTES["^deconnexion/?$"] = ["server_files/controllers/deconnexion.php"];
$ROUTES["^equipe/([A-Z]{3})/?$"] = ["server_files/controllers/equipe.php", "trigram"];

View File

@ -1,32 +0,0 @@
version: '3'
services:
db:
image: mysql:5
command: --default-authentication-plugin=mysql_native_password
restart: always
environment:
MYSQL_ROOT_PASSWORD: mysql_root_password
MYSQL_DATABASE: plateforme
MYSQL_USER: plateforme
MYSQL_PASSWORD: plateforme
adminer:
image: adminer
restart: always
ports:
- 8888:8080
depends_on:
- db
plateforme:
build:
context: .
ports:
- 80:80
depends_on:
- db
environment:
TFJM_DB_HOST: db
TFJM_DB_USER: plateforme
TFJM_DB_NAME: plateforme
TFJM_DB_PASSWORD: plateforme

View File

@ -46,10 +46,7 @@ class NewTeam {
public function register() {
global $DB, $YEAR;
$alphabet = "0123456789abcdefghijkmnopqrstuvwxyz0123456789";
$this->access_code = "";
for ($i = 0; $i < 6; ++$i)
$this->access_code .= $alphabet[rand(0, strlen($alphabet) - 1)];
$this->access_code = genRandomPhrase(6);
$req = $DB->prepare("INSERT INTO `teams` (`name`, `trigram`, `tournament`, `encadrant_1`, `participant_1`, `validation_status`, `access_code`, `year`)
VALUES (?, ?, ?, ?, ?, ?, ?, ?);");

View File

@ -44,10 +44,7 @@ class NewOrganizer {
public function register() {
global $DB, $YEAR;
$alphabet = "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$this->password = "";
for ($i = 0; $i < 16; ++$i)
$this->password .= $alphabet[rand(0, strlen($alphabet) - 1)];
$this->password = genRandomPhrase(16, true);
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `surname`, `first_name`, `role`, `year`)
VALUES (?, ?, ?, ?, ?, ?);");

View File

@ -1,120 +1,170 @@
<?php
// TODO Arranger tout ça
$has_error = false;
$error_message = null;
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
$error_message = login();
$logging_in_user = new LoggingInUser($_POST);
try {
$logging_in_user->makeVerifications();
$logging_in_user->login();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
$error_message = recuperateAccount();
$recuperate_account = new RecuperateAccount($_POST);
try {
$recuperate_account->makeVerifications();
$recuperate_account->recuperateAccount();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
}
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
$reset_data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
if ($reset_data === FALSE) {
header("Location: $URL_BASE/connexion");
exit();
}
if (isset($_POST["reset_password"]))
$error_message = resetPassword();
}
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) {
$error_message = sendConfirmEmail();
}
function login() {
global $URL_BASE;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$password = htmlspecialchars($_POST["password"]);
$user = User::fromEmail($email);
if ($user === null)
return "Le compte n'existe pas.";
if ($user->getConfirmEmailToken() !== NULL) {
$_SESSION["confirm_email"] = $email;
return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.";
$reset_password = new ResetPassword($_GET, $_POST);
try {
$reset_password->makeVerifications();
if (isset($_POST["password"]))
$reset_password->resetPassword();
} catch (AssertionError $e) {
$has_error = true;
$error_message = $e->getMessage();
}
if (!$user->checkPassword($password))
return "Le mot de passe est incorrect.";
$_SESSION["user_id"] = $user->getId();
loadUserValues();
return false;
}
function recuperateAccount() {
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$user = User::fromEmail($email);
if ($user == null)
return "Le compte n'existe pas.";
$token = uniqid();
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"]))
sendConfirmEmail();
$user->setForgottenPasswordToken($token);
class LoggingInUser
{
public $email;
/** @var User $user */
public $user;
private $password;
Mailer::sendForgottenPasswordProcedureMail($user);
return false;
public function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
}
public function makeVerifications()
{
global $URL_BASE;
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
$this->user = User::fromEmail($this->email);
ensure($this->user != null, "Le compte n'existe pas.");
ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect.");
if ($this->user->getConfirmEmailToken() != null) {
$_SESSION["confirm_email"] = $this->email;
throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). "
. "<a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.");
}
}
public function login()
{
$_SESSION["user_id"] = $this->user->getId();
loadUserValues();
}
}
function resetPassword() {
global $reset_data;
class RecuperateAccount
{
public $email;
/** @var User $user */
public $user;
$id = $reset_data["id"];
$password = htmlspecialchars($_POST["password"]);
$confirm = htmlspecialchars($_POST["confirm_password"]);
if (strlen($password) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($password != $confirm)
return "Les deux mots de passe sont différents.";
public function __construct($data)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
}
$user = User::fromId($id);
$user->setForgottenPasswordToken(null);
$user->setPassword($password);
public function makeVerifications()
{
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
$this->user = User::fromEmail($this->email);
ensure($this->user != null, "Le compte n'existe pas.");
}
Mailer::sendChangePasswordMail($user);
return false;
public function recuperateAccount()
{
$token = genRandomPhrase(64);
$this->user->setForgottenPasswordToken($token);
Mailer::sendForgottenPasswordProcedureMail($this->user);
}
}
function sendConfirmEmail() {
class ResetPassword
{
public $token;
/** @var User $user */
public $user;
private $password;
private $confirm_password;
public function __construct($data, $data2)
{
foreach ($data as $key => $value)
$this->$key = htmlspecialchars($value);
foreach ($data2 as $key => $value)
$this->$key = htmlspecialchars($value);
}
public function makeVerifications()
{
global $DB;
$data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch();
ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton.");
$this->user = User::fromId($data["id"]);
if ($this->password == null)
return;
ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents.");
ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères.");
}
public function resetPassword()
{
$this->user->setForgottenPasswordToken(null);
$this->user->setPassword($this->password);
Mailer::sendChangePasswordMail($this->user);
return false;
}
}
function sendConfirmEmail()
{
global $URL_BASE;
$email = htmlspecialchars($_SESSION["confirm_email"]);
if (!isset($email)) {
header("Location: $URL_BASE/connexion");
exit();
}
$user = User::fromEmail($email);
if ($user === null) {
unset($_SESSION["confirm_email"]);
$email = htmlspecialchars($_SESSION["confirm_email"]);
if (!isset($email)) {
header("Location: $URL_BASE/connexion");
exit();
}
}
$user = User::fromEmail($email);
if ($user === null) {
unset($_SESSION["confirm_email"]);
header("Location: $URL_BASE/connexion");
exit();
}
Mailer::sendConfirmEmail($user);
return false;
return false;
}
require_once "server_files/views/connexion.php";

View File

@ -24,14 +24,8 @@ if (isset($_POST["select"])) {
$sols_req->execute([$team->getId(), $team->getTournamentId()]);
while (($sol_data = $sols_req->fetch()) !== false) {
$old_id = $sol_data["file_id"];
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
do
$id = genRandomPhrase(64);
while (file_exists("$LOCAL_PATH/files/$id"));
copy("$LOCAL_PATH/files/$old_id", "$LOCAL_PATH/files/$id");

View File

@ -73,7 +73,7 @@ class NewUser
}
}
$this->confirm_email_token = uniqid();
$this->confirm_email_token = genRandomPhrase(64);
}
public function register()

View File

@ -92,7 +92,7 @@ function updateAccount()
$email = htmlspecialchars($_POST["email"]);
if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$confirm_email_token = uniqid();
$confirm_email_token = genRandomPhrase(64);
$user->setEmail($email);
$user->setConfirmEmailToken($confirm_email_token);

View File

@ -56,15 +56,10 @@ function sendDocument()
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
} while (file_exists("$LOCAL_PATH/files/$id"));
do
$id = genRandomPhrase(64);
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
return "Une erreur est survenue lors de l'envoi du fichier.";

View File

@ -42,14 +42,8 @@ function saveSolution() {
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
do
$id = genRandomPhrase(64);
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))

View File

@ -38,14 +38,8 @@ function saveSynthesis() {
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
do {
$id = "";
for ($i = 0; $i < 64; ++$i) {
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
}
do
$id = genRandomPhrase(64);
while (file_exists("$LOCAL_PATH/files/$id"));
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))

View File

@ -38,7 +38,7 @@ class Mailer
{
global $YEAR;
$content = self::getTemplate("register");
$content = self::getTemplate("confirm_email");
$content = preg_replace("#{FIRST_NAME}#", $user->getFirstName(), $content);
$content = preg_replace("#{SURNAME}#", $user->getSurname(), $content);
$content = preg_replace("#{TOKEN}#", $user->getConfirmEmailToken(), $content);

View File

@ -1,4 +1,5 @@
<!DOCTYPE html>
<!--suppress HtmlUnknownTarget -->
<html lang="fr">
<head>
<meta charset="UTF-8">
@ -7,8 +8,8 @@
<body>
Bonjour,<br/>
<br/>
Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser :
$URL_BASE/connexion/reinitialiser_mdp/{TOKEN}<br/>
Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : <a
href="{URL_BASE}/connexion/reinitialiser_mdp/{TOKEN}">{URL_BASE}/connexion/reinitialiser_mdp/{TOKEN}</a><br/>
<br/>
Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message.<br/>
<br/>

View File

@ -1,17 +1,32 @@
<?php
function ensure($bool, $error_msg = "") {
function ensure($bool, $error_msg = "")
{
if (!$bool)
throw new AssertionError($error_msg);
}
function formatDate($date = NULL, $with_time = false) {
function formatDate($date = NULL, $with_time = false)
{
if ($date == NULL)
$date = date("yyyy-mm-dd");
return strftime("%d %B %G" . ($with_time ? " %H:%M" : ""), strtotime($date));
}
function dateWellFormed($date, $with_time = false) {
function dateWellFormed($date, $with_time = false)
{
return date_parse_from_format($with_time ? "yyyy-mm-dd HH-MM:ss" : "yy-mm-dd", $date) !== false;
}
function genRandomPhrase($size, $uppercase = false)
{
$alphabet = $uppercase ? "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789" : "0123456789abcdefghijklmnopqrstuvwxyz0123456789";
$phrase = "";
for ($i = 0; $i < $size; ++$i) {
$phrase .= $alphabet[rand(0, strlen($alphabet) - 1)];
}
return $phrase;
}

View File

@ -1,97 +1,100 @@
<?php
require_once "header.php";
if (isset($error_message) && $error_message)
echo "<h2>Erreur : " . $error_message . "</h2>";
if (isset($error_message) && $error_message === FALSE) {
if (isset($_GET["mdp_oublie"]))
echo "Le mail de récupération de mot de passe a bien été envoyé.";
else if (isset($_POST["reset_password"]))
echo "Le mot de passe a bien été changé. Vous pouvez désormais vous connecter.";
else if (isset($_GET["confirmation-mail"]))
echo "Le mail a bien été renvoyé.";
else
echo "Connexion réussie !";
if ($has_error)
echo "<h2>Erreur : " . $error_message . "</h2>";
else {
if (isset($recuperate_account))
echo "<h2>Le mail de récupération de mot de passe a bien été envoyé.</h2>";
elseif (isset($reset_password))
echo "<h2>Le mot de passe a bien été changé. Vous pouvez désormais vous connecter.</h2>";
elseif (isset($_GET["confirmation-mail"]))
echo "<h2>Le mail a bien été renvoyé.</h2>";
else if (isset($logging_in_user)) {
echo "<h2>Connexion réussie !</h2>";
require_once "footer.php";
} else if (isset($_SESSION["user_id"])) {
echo "<h2>Vous êtes déjà connecté.</h2>";
require_once "footer.php";
}
}
else if (isset($_SESSION["user_id"])) { ?>
<h2>Vous êtes déjà connecté !</h2>
if (isset($_GET["mdp_oublie"])) { ?>
<form method="POST">
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="email">E-mail associée au compte :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="email" id="email" name="email"/>
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="forgotten_password"
value="Envoyer l'e-mail de récupération"/>
</td>
</tr>
</tbody>
</table>
</form>
<?php } elseif (isset($_GET["reset_password"])) {
if ($reset_password->user != null) { ?>
<form method="POST">
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="password">Nouveau mot de passe :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="password" id="password" name="password"/>
</td>
</tr>
<tr>
<td style="width: 30%;">
<label for="confirm_password">Confirmer le mot de passe :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="password" id="confirm_password" name="confirm_password"/>
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="reset_password"
value="Changer le mot de passe"/>
</td>
</tr>
</tbody>
</table>
</form>
<?php }
} elseif (isset($_GET["confirmation-mail"])) { ?>
<?php } else { ?>
<?php if (isset($_GET["mdp_oublie"])) { ?>
<form method="POST">
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="email">E-mail associée au compte :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="email" id="email" name="email" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="forgotten_password" value="Envoyer l'e-mail de récupération" />
</td>
</tr>
</tbody>
</table>
</form>
<?php } elseif (isset($_GET["reset_password"])) { ?>
<form method="POST">
<input type="hidden" name="token" value="<?= $_GET["token"] ?>" />
<table style="width: 100%;">
<tbody>
<tr>
<td style="width: 30%;">
<label for="password">Nouveau mot de passe :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="password" id="password" name="password" />
</td>
</tr>
<tr>
<td style="width: 30%;">
<label for="confirm_password">Confirmer le mot de passe :</label>
</td>
<td style="width: 70%;">
<input style="width: 100%;" type="password" id="confirm_password" name="confirm_password" />
</td>
</tr>
<tr>
<td colspan="2">
<input style="width: 100%;" type="submit" name="reset_password" value="Changer le mot de passe" />
</td>
</tr>
</tbody>
</table>
</form>
<?php } elseif (isset($_GET["confirmation-mail"])) { ?>
<?php } else { ?>
<form method="POST">
<input type="hidden" name="submitted" value="true" />
<table style="width: 100%;">
<tr>
<td style="width: 30%;"><label for="email">E-mail :</label></td>
<td style="width: 70%;"><input style="width: 100%;" type="email" id="email" name="email" value="<?php if (isset($email)) echo $email ?>" /></td>
</tr>
<tr>
<td><label for="password">Mot de passe :</label></td>
<td><input style="width: 100%;" type="password" id="password" name="password" /></td>
</tr>
<tr>
<td colspan="2">
<!--suppress HtmlUnknownTarget -->
<a href="<?= $URL_BASE ?>/connexion/mdp_oublie">Mot de passe oublié ?</a>
</td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%;" type="submit" value="Se connecter" /></td>
</tr>
</table>
</form>
<?php } ?>
<form method="POST">
<input type="hidden" name="submitted" value="true"/>
<table style="width: 100%;">
<tr>
<td style="width: 30%;"><label for="email">E-mail :</label></td>
<td style="width: 70%;"><input style="width: 100%;" type="email" id="email" name="email"
value="<?php if (isset($email)) echo $email ?>"/></td>
</tr>
<tr>
<td><label for="password">Mot de passe :</label></td>
<td><input style="width: 100%;" type="password" id="password" name="password"/></td>
</tr>
<tr>
<td colspan="2">
<!--suppress HtmlUnknownTarget -->
<a href="<?= $URL_BASE ?>/connexion/mdp_oublie">Mot de passe oublié ?</a>
</td>
</tr>
<tr>
<td colspan="2"><input style="width: 100%;" type="submit" value="Se connecter"/></td>
</tr>
</table>
</form>
<?php } ?>
<?php require_once "footer.php" ?>