1
0
mirror of https://gitlab.com/animath/si/plateforme.git synced 2024-11-27 11:33:02 +00:00
plateforme-tfjm2/server_files/controllers/connexion.php
2019-09-08 12:45:48 +02:00

121 lines
3.0 KiB
PHP

<?php
// TODO Arranger tout ça
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
$error_message = login();
}
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
$error_message = recuperateAccount();
}
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
$reset_data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
if ($reset_data === FALSE) {
header("Location: $URL_BASE/connexion");
exit();
}
if (isset($_POST["reset_password"]))
$error_message = resetPassword();
}
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) {
$error_message = sendConfirmEmail();
}
function login() {
global $URL_BASE;
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$password = htmlspecialchars($_POST["password"]);
$user = User::fromEmail($email);
if ($user === null)
return "Le compte n'existe pas.";
if ($user->getConfirmEmailToken() !== NULL) {
$_SESSION["confirm_email"] = $email;
return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.";
}
if (!$user->checkPassword($password))
return "Le mot de passe est incorrect.";
$_SESSION["user_id"] = $user->getId();
loadUserValues();
return false;
}
function recuperateAccount() {
$email = htmlspecialchars($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
return "L'email entrée est invalide.";
$user = User::fromEmail($email);
if ($user == null)
return "Le compte n'existe pas.";
$token = uniqid();
$user->setForgottenPasswordToken($token);
Mailer::sendForgottenPasswordProcedureMail($user);
return false;
}
function resetPassword() {
global $reset_data;
$id = $reset_data["id"];
$password = htmlspecialchars($_POST["password"]);
$confirm = htmlspecialchars($_POST["confirm_password"]);
if (strlen($password) < 8)
return "Le mot de passe doit comporter au moins 8 caractères.";
if ($password != $confirm)
return "Les deux mots de passe sont différents.";
$user = User::fromId($id);
$user->setForgottenPasswordToken(null);
$user->setPassword($password);
Mailer::sendChangePasswordMail($user);
return false;
}
function sendConfirmEmail() {
global $URL_BASE;
$email = htmlspecialchars($_SESSION["confirm_email"]);
if (!isset($email)) {
header("Location: $URL_BASE/connexion");
exit();
}
$user = User::fromEmail($email);
if ($user === null) {
unset($_SESSION["confirm_email"]);
header("Location: $URL_BASE/connexion");
exit();
}
Mailer::sendConfirmEmail($user);
return false;
}
require_once "server_files/views/connexion.php";