From 190039a5e8f864183b1c7ea35443c33f900ed5f5 Mon Sep 17 00:00:00 2001 From: galaxyoyo Date: Mon, 9 Sep 2019 00:41:52 +0200 Subject: [PATCH] =?UTF-8?q?Am=C3=A9lioration=20du=20code=20de=20la=20page?= =?UTF-8?q?=20de=20connexion?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dispatcher.php | 3 + docker-compose.yml | 32 --- server_files/controllers/ajouter_equipe.php | 5 +- .../controllers/ajouter_organisateur.php | 5 +- server_files/controllers/connexion.php | 228 +++++++++++------- server_files/controllers/equipe.php | 10 +- server_files/controllers/inscription.php | 2 +- server_files/controllers/mon_compte.php | 2 +- server_files/controllers/mon_equipe.php | 13 +- server_files/controllers/solutions.php | 10 +- server_files/controllers/syntheses.php | 10 +- server_files/services/mail.php | 2 +- .../mail_templates/forgotten_password.html | 5 +- server_files/utils.php | 21 +- server_files/views/connexion.php | 181 +++++++------- 15 files changed, 270 insertions(+), 259 deletions(-) delete mode 100644 docker-compose.yml diff --git a/dispatcher.php b/dispatcher.php index 11112a6..23abe0a 100644 --- a/dispatcher.php +++ b/dispatcher.php @@ -29,6 +29,9 @@ $ROUTES["^ajouter_equipe$"] = ["server_files/controllers/ajouter_equipe.php"]; $ROUTES["^ajouter_organisateur$"] = ["server_files/controllers/ajouter_organisateur.php"]; $ROUTES["^ajouter_tournoi$"] = ["server_files/controllers/ajouter_tournoi.php"]; $ROUTES["^confirmer_mail/([a-z0-9]*)/?$"] = ["server_files/controllers/confirmer_mail.php", "token"]; +$ROUTES["^connexion/(confirmation-mail)/?$"] = ["server_files/controllers/connexion.php", "confirmation-mail"]; +$ROUTES["^connexion/(mdp_oublie)/?$"] = ["server_files/controllers/connexion.php", "mdp_oublie"]; +$ROUTES["^connexion/(reinitialiser_mdp)/(.*)/?$"] = ["server_files/controllers/connexion.php", "reset_password", "token"]; $ROUTES["^connexion/?$"] = ["server_files/controllers/connexion.php"]; $ROUTES["^deconnexion/?$"] = ["server_files/controllers/deconnexion.php"]; $ROUTES["^equipe/([A-Z]{3})/?$"] = ["server_files/controllers/equipe.php", "trigram"]; diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index f8abd58..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,32 +0,0 @@ -version: '3' -services: - db: - image: mysql:5 - command: --default-authentication-plugin=mysql_native_password - restart: always - environment: - MYSQL_ROOT_PASSWORD: mysql_root_password - MYSQL_DATABASE: plateforme - MYSQL_USER: plateforme - MYSQL_PASSWORD: plateforme - - adminer: - image: adminer - restart: always - ports: - - 8888:8080 - depends_on: - - db - - plateforme: - build: - context: . - ports: - - 80:80 - depends_on: - - db - environment: - TFJM_DB_HOST: db - TFJM_DB_USER: plateforme - TFJM_DB_NAME: plateforme - TFJM_DB_PASSWORD: plateforme diff --git a/server_files/controllers/ajouter_equipe.php b/server_files/controllers/ajouter_equipe.php index f3a25c1..6043bcd 100644 --- a/server_files/controllers/ajouter_equipe.php +++ b/server_files/controllers/ajouter_equipe.php @@ -46,10 +46,7 @@ class NewTeam { public function register() { global $DB, $YEAR; - $alphabet = "0123456789abcdefghijkmnopqrstuvwxyz0123456789"; - $this->access_code = ""; - for ($i = 0; $i < 6; ++$i) - $this->access_code .= $alphabet[rand(0, strlen($alphabet) - 1)]; + $this->access_code = genRandomPhrase(6); $req = $DB->prepare("INSERT INTO `teams` (`name`, `trigram`, `tournament`, `encadrant_1`, `participant_1`, `validation_status`, `access_code`, `year`) VALUES (?, ?, ?, ?, ?, ?, ?, ?);"); diff --git a/server_files/controllers/ajouter_organisateur.php b/server_files/controllers/ajouter_organisateur.php index 469c4c8..dbb81b7 100644 --- a/server_files/controllers/ajouter_organisateur.php +++ b/server_files/controllers/ajouter_organisateur.php @@ -44,10 +44,7 @@ class NewOrganizer { public function register() { global $DB, $YEAR; - $alphabet = "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - $this->password = ""; - for ($i = 0; $i < 16; ++$i) - $this->password .= $alphabet[rand(0, strlen($alphabet) - 1)]; + $this->password = genRandomPhrase(16, true); $req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `surname`, `first_name`, `role`, `year`) VALUES (?, ?, ?, ?, ?, ?);"); diff --git a/server_files/controllers/connexion.php b/server_files/controllers/connexion.php index 862b51f..2fe94b2 100644 --- a/server_files/controllers/connexion.php +++ b/server_files/controllers/connexion.php @@ -1,120 +1,170 @@ makeVerifications(); + $logging_in_user->login(); + } catch (AssertionError $e) { + $has_error = true; + $error_message = $e->getMessage(); + } } if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) { - $error_message = recuperateAccount(); + $recuperate_account = new RecuperateAccount($_POST); + try { + $recuperate_account->makeVerifications(); + $recuperate_account->recuperateAccount(); + } catch (AssertionError $e) { + $has_error = true; + $error_message = $e->getMessage(); + } } if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) { - $reset_data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch(); - if ($reset_data === FALSE) { - header("Location: $URL_BASE/connexion"); - exit(); - } - - if (isset($_POST["reset_password"])) - $error_message = resetPassword(); -} - -if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) { - $error_message = sendConfirmEmail(); -} - -function login() { - global $URL_BASE; - - $email = htmlspecialchars($_POST["email"]); - - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) - return "L'email entrée est invalide."; - - $password = htmlspecialchars($_POST["password"]); - - $user = User::fromEmail($email); - if ($user === null) - return "Le compte n'existe pas."; - - if ($user->getConfirmEmailToken() !== NULL) { - $_SESSION["confirm_email"] = $email; - return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). Cliquez ici pour renvoyer le mail de confirmation."; + $reset_password = new ResetPassword($_GET, $_POST); + try { + $reset_password->makeVerifications(); + if (isset($_POST["password"])) + $reset_password->resetPassword(); + } catch (AssertionError $e) { + $has_error = true; + $error_message = $e->getMessage(); } - - if (!$user->checkPassword($password)) - return "Le mot de passe est incorrect."; - - $_SESSION["user_id"] = $user->getId(); - loadUserValues(); - - return false; } -function recuperateAccount() { - $email = htmlspecialchars($_POST["email"]); - - if (!filter_var($email, FILTER_VALIDATE_EMAIL)) - return "L'email entrée est invalide."; - - $user = User::fromEmail($email); - if ($user == null) - return "Le compte n'existe pas."; - - $token = uniqid(); +if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) + sendConfirmEmail(); - $user->setForgottenPasswordToken($token); +class LoggingInUser +{ + public $email; + /** @var User $user */ + public $user; + private $password; - Mailer::sendForgottenPasswordProcedureMail($user); - - return false; + public function __construct($data) + { + foreach ($data as $key => $value) + $this->$key = htmlspecialchars($value); + } + + public function makeVerifications() + { + global $URL_BASE; + + ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide."); + $this->user = User::fromEmail($this->email); + ensure($this->user != null, "Le compte n'existe pas."); + ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect."); + if ($this->user->getConfirmEmailToken() != null) { + $_SESSION["confirm_email"] = $this->email; + throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). " + . "Cliquez ici pour renvoyer le mail de confirmation."); + } + } + + public function login() + { + $_SESSION["user_id"] = $this->user->getId(); + loadUserValues(); + } } -function resetPassword() { - global $reset_data; +class RecuperateAccount +{ + public $email; + /** @var User $user */ + public $user; - $id = $reset_data["id"]; - $password = htmlspecialchars($_POST["password"]); - $confirm = htmlspecialchars($_POST["confirm_password"]); - - if (strlen($password) < 8) - return "Le mot de passe doit comporter au moins 8 caractères."; - - if ($password != $confirm) - return "Les deux mots de passe sont différents."; + public function __construct($data) + { + foreach ($data as $key => $value) + $this->$key = htmlspecialchars($value); + } - $user = User::fromId($id); - $user->setForgottenPasswordToken(null); - $user->setPassword($password); + public function makeVerifications() + { + ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide."); + $this->user = User::fromEmail($this->email); + ensure($this->user != null, "Le compte n'existe pas."); + } - Mailer::sendChangePasswordMail($user); - - return false; + public function recuperateAccount() + { + $token = genRandomPhrase(64); + $this->user->setForgottenPasswordToken($token); + Mailer::sendForgottenPasswordProcedureMail($this->user); + } } -function sendConfirmEmail() { +class ResetPassword +{ + public $token; + /** @var User $user */ + public $user; + private $password; + private $confirm_password; + + public function __construct($data, $data2) + { + foreach ($data as $key => $value) + $this->$key = htmlspecialchars($value); + foreach ($data2 as $key => $value) + $this->$key = htmlspecialchars($value); + } + + public function makeVerifications() + { + global $DB; + $data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch(); + ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton."); + $this->user = User::fromId($data["id"]); + + if ($this->password == null) + return; + + ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents."); + ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères."); + } + + public function resetPassword() + { + $this->user->setForgottenPasswordToken(null); + $this->user->setPassword($this->password); + + Mailer::sendChangePasswordMail($this->user); + + return false; + } +} + +function sendConfirmEmail() +{ global $URL_BASE; - - $email = htmlspecialchars($_SESSION["confirm_email"]); - - if (!isset($email)) { - header("Location: $URL_BASE/connexion"); - exit(); - } - $user = User::fromEmail($email); - - if ($user === null) { - unset($_SESSION["confirm_email"]); + $email = htmlspecialchars($_SESSION["confirm_email"]); + + if (!isset($email)) { header("Location: $URL_BASE/connexion"); exit(); - } + } + + $user = User::fromEmail($email); + + if ($user === null) { + unset($_SESSION["confirm_email"]); + header("Location: $URL_BASE/connexion"); + exit(); + } Mailer::sendConfirmEmail($user); - - return false; + + return false; } require_once "server_files/views/connexion.php"; diff --git a/server_files/controllers/equipe.php b/server_files/controllers/equipe.php index 1f52f94..6bc8409 100644 --- a/server_files/controllers/equipe.php +++ b/server_files/controllers/equipe.php @@ -24,14 +24,8 @@ if (isset($_POST["select"])) { $sols_req->execute([$team->getId(), $team->getTournamentId()]); while (($sol_data = $sols_req->fetch()) !== false) { $old_id = $sol_data["file_id"]; - $alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; - - do { - $id = ""; - for ($i = 0; $i < 64; ++$i) { - $id .= $alphabet[rand(0, strlen($alphabet) - 1)]; - } - } + do + $id = genRandomPhrase(64); while (file_exists("$LOCAL_PATH/files/$id")); copy("$LOCAL_PATH/files/$old_id", "$LOCAL_PATH/files/$id"); diff --git a/server_files/controllers/inscription.php b/server_files/controllers/inscription.php index 0d3f454..3f1462a 100644 --- a/server_files/controllers/inscription.php +++ b/server_files/controllers/inscription.php @@ -73,7 +73,7 @@ class NewUser } } - $this->confirm_email_token = uniqid(); + $this->confirm_email_token = genRandomPhrase(64); } public function register() diff --git a/server_files/controllers/mon_compte.php b/server_files/controllers/mon_compte.php index a41261b..9db09e9 100644 --- a/server_files/controllers/mon_compte.php +++ b/server_files/controllers/mon_compte.php @@ -92,7 +92,7 @@ function updateAccount() $email = htmlspecialchars($_POST["email"]); if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) { - $confirm_email_token = uniqid(); + $confirm_email_token = genRandomPhrase(64); $user->setEmail($email); $user->setConfirmEmailToken($confirm_email_token); diff --git a/server_files/controllers/mon_equipe.php b/server_files/controllers/mon_equipe.php index 8dd4d8c..0f17104 100644 --- a/server_files/controllers/mon_equipe.php +++ b/server_files/controllers/mon_equipe.php @@ -56,15 +56,10 @@ function sendDocument() if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files")) return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur."; - - $alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; - - do { - $id = ""; - for ($i = 0; $i < 64; ++$i) { - $id .= $alphabet[rand(0, strlen($alphabet) - 1)]; - } - } while (file_exists("$LOCAL_PATH/files/$id")); + + do + $id = genRandomPhrase(64); + while (file_exists("$LOCAL_PATH/files/$id")); if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id")) return "Une erreur est survenue lors de l'envoi du fichier."; diff --git a/server_files/controllers/solutions.php b/server_files/controllers/solutions.php index 34f471d..e1fa85e 100644 --- a/server_files/controllers/solutions.php +++ b/server_files/controllers/solutions.php @@ -42,14 +42,8 @@ function saveSolution() { if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files")) return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur."; - $alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; - - do { - $id = ""; - for ($i = 0; $i < 64; ++$i) { - $id .= $alphabet[rand(0, strlen($alphabet) - 1)]; - } - } + do + $id = genRandomPhrase(64); while (file_exists("$LOCAL_PATH/files/$id")); if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id")) diff --git a/server_files/controllers/syntheses.php b/server_files/controllers/syntheses.php index 65a2327..3a8fb9d 100644 --- a/server_files/controllers/syntheses.php +++ b/server_files/controllers/syntheses.php @@ -38,14 +38,8 @@ function saveSynthesis() { if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files")) return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur."; - $alphabet = "abcdefghijklmnopqrstuvwxyz0123456789"; - - do { - $id = ""; - for ($i = 0; $i < 64; ++$i) { - $id .= $alphabet[rand(0, strlen($alphabet) - 1)]; - } - } + do + $id = genRandomPhrase(64); while (file_exists("$LOCAL_PATH/files/$id")); if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id")) diff --git a/server_files/services/mail.php b/server_files/services/mail.php index 7f6d871..18be95b 100644 --- a/server_files/services/mail.php +++ b/server_files/services/mail.php @@ -38,7 +38,7 @@ class Mailer { global $YEAR; - $content = self::getTemplate("register"); + $content = self::getTemplate("confirm_email"); $content = preg_replace("#{FIRST_NAME}#", $user->getFirstName(), $content); $content = preg_replace("#{SURNAME}#", $user->getSurname(), $content); $content = preg_replace("#{TOKEN}#", $user->getConfirmEmailToken(), $content); diff --git a/server_files/services/mail_templates/forgotten_password.html b/server_files/services/mail_templates/forgotten_password.html index 1041695..18c187d 100644 --- a/server_files/services/mail_templates/forgotten_password.html +++ b/server_files/services/mail_templates/forgotten_password.html @@ -1,4 +1,5 @@ + @@ -7,8 +8,8 @@ Bonjour,

-Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : -$URL_BASE/connexion/reinitialiser_mdp/{TOKEN}
+Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : {URL_BASE}/connexion/reinitialiser_mdp/{TOKEN}

Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message.

diff --git a/server_files/utils.php b/server_files/utils.php index 342a268..e0a26f5 100644 --- a/server_files/utils.php +++ b/server_files/utils.php @@ -1,17 +1,32 @@ Erreur : " . $error_message . ""; - -if (isset($error_message) && $error_message === FALSE) { - if (isset($_GET["mdp_oublie"])) - echo "Le mail de récupération de mot de passe a bien été envoyé."; - else if (isset($_POST["reset_password"])) - echo "Le mot de passe a bien été changé. Vous pouvez désormais vous connecter."; - else if (isset($_GET["confirmation-mail"])) - echo "Le mail a bien été renvoyé."; - else - echo "Connexion réussie !"; +if ($has_error) + echo "

Erreur : " . $error_message . "

"; +else { + if (isset($recuperate_account)) + echo "

Le mail de récupération de mot de passe a bien été envoyé.

"; + elseif (isset($reset_password)) + echo "

Le mot de passe a bien été changé. Vous pouvez désormais vous connecter.

"; + elseif (isset($_GET["confirmation-mail"])) + echo "

Le mail a bien été renvoyé.

"; + else if (isset($logging_in_user)) { + echo "

Connexion réussie !

"; + require_once "footer.php"; + } else if (isset($_SESSION["user_id"])) { + echo "

Vous êtes déjà connecté.

"; + require_once "footer.php"; + } } -else if (isset($_SESSION["user_id"])) { ?> -

Vous êtes déjà connecté !

+if (isset($_GET["mdp_oublie"])) { ?> +
+ + + + + + + + + + +
+ + + +
+ +
+
+user != null) { ?> +
+ + + + + + + + + + + + + + +
+ + + +
+ + + +
+ +
+
+ - - -
- - - - - - - - - - -
- - - -
- -
-
- -
- " /> - - - - - - - - - - - - - - -
- - - -
- - - -
- -
-
- - -
- - - - - - - - - - - - - - - - -
- - Mot de passe oublié ? -
-
- +
+ + + + + + + + + + + + + + + + +
+ + Mot de passe oublié ? +
+
\ No newline at end of file