mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2025-11-04 15:22:26 +01:00
Ajout de l'option de réinitialisation de mot de passe
This commit is contained in:
Yohann
@@ -13,6 +13,8 @@ RewriteRule ^ajouter_organisateur$ server_files/ajouter_organisateur.php [L]
|
|||||||
RewriteRule ^ajouter_tournoi$ server_files/ajouter_tournoi.php [L]
|
RewriteRule ^ajouter_tournoi$ server_files/ajouter_tournoi.php [L]
|
||||||
RewriteRule ^confirmer_mail/(.*?)$ server_files/confirmer_mail.php?token=$1 [L]
|
RewriteRule ^confirmer_mail/(.*?)$ server_files/confirmer_mail.php?token=$1 [L]
|
||||||
RewriteRule ^connexion$ server_files/connexion.php [L]
|
RewriteRule ^connexion$ server_files/connexion.php [L]
|
||||||
|
RewriteRule ^connexion/reinitialiser_mdp/(.*?)$ server_files/connexion.php?reset_password&token=$1 [L]
|
||||||
|
RewriteRule ^connexion/(.*?)$ server_files/connexion.php?$1 [L]
|
||||||
RewriteRule ^deconnexion$ server_files/deconnexion.php [L]
|
RewriteRule ^deconnexion$ server_files/deconnexion.php [L]
|
||||||
RewriteRule ^equipe/(.*?)$ server_files/equipe.php?trigram=$1 [L]
|
RewriteRule ^equipe/(.*?)$ server_files/equipe.php?trigram=$1 [L]
|
||||||
RewriteRule ^file/(.*?)$ server_files/view_file.php?file_id=$1 [L]
|
RewriteRule ^file/(.*?)$ server_files/view_file.php?file_id=$1 [L]
|
||||||
|
|||||||
@@ -6,6 +6,21 @@ if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
|
|||||||
$error_message = login();
|
$error_message = login();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
|
||||||
|
$error_message = recuperateAccount();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
|
||||||
|
$reset_data = $DB->query("SELECT `id`, `email` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
|
||||||
|
if ($reset_data === FALSE) {
|
||||||
|
header("Location: $URL_BASE/connexion");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_POST["reset_password"]))
|
||||||
|
$error_message = resetPassword();
|
||||||
|
}
|
||||||
|
|
||||||
function login() {
|
function login() {
|
||||||
global $DB, $YEAR;
|
global $DB, $YEAR;
|
||||||
|
|
||||||
@@ -38,6 +53,53 @@ function login() {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function recuperateAccount() {
|
||||||
|
global $DB, $MAIL_ADDRESS, $URL_BASE, $YEAR;
|
||||||
|
|
||||||
|
$email = htmlspecialchars($_POST["email"]);
|
||||||
|
|
||||||
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
||||||
|
return "L'email entrée est invalide.";
|
||||||
|
|
||||||
|
$req = $DB->query("SELECT `id` FROM `users` WHERE `email` = '$email' AND `year` = $YEAR;");
|
||||||
|
if (!$req->fetch())
|
||||||
|
return "Le compte n'existe pas.";
|
||||||
|
|
||||||
|
$token = uniqid();
|
||||||
|
|
||||||
|
$DB->exec("UPDATE `users` SET `forgotten_password` = '$token' WHERE `email` = '$email' AND `year` = $YEAR;");
|
||||||
|
|
||||||
|
$msg = "Bonjour,\r\n\r\n"
|
||||||
|
. "Vous avez indiqué avoir oublié votre mot de passe. Veuillez cliquer ici pour le réinitialiser : $URL_BASE/connexion/reinitialiser_mdp/$token\r\n\r\n"
|
||||||
|
. "Si vous n'êtes pas à l'origine de cette manipulation, vous pouvez ignorer ce message.\r\n\r\n"
|
||||||
|
. "Cordialement,\r\n\r\n"
|
||||||
|
. "Le comité national d'organisation du TFJM².";
|
||||||
|
mail("$email", "Mot de passe oublié - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function resetPassword() {
|
||||||
|
global $DB, $MAIL_ADDRESS, $reset_data;
|
||||||
|
|
||||||
|
$id = $reset_data["id"];
|
||||||
|
$email = $reset_data["email"];
|
||||||
|
$password = htmlspecialchars($_POST["password"]);
|
||||||
|
$confirm = htmlspecialchars($_POST["confirm_password"]);
|
||||||
|
|
||||||
|
if (strlen($password) < 8)
|
||||||
|
return "Le mot de passe doit comporter au moins 8 caractères.";
|
||||||
|
|
||||||
|
if ($password != $confirm)
|
||||||
|
return "Les deux mots de passe sont différents.";
|
||||||
|
|
||||||
|
$hash = password_hash($password, PASSWORD_BCRYPT);
|
||||||
|
|
||||||
|
$DB->prepare("UPDATE `users` SET `pwd_hash` = ?, `forgotten_password` = NULL WHERE `id` = ?;")->execute([$hash, $id]);
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<?php include "header.php" ?>
|
<?php include "header.php" ?>
|
||||||
@@ -46,15 +108,69 @@ function login() {
|
|||||||
|
|
||||||
<?php
|
<?php
|
||||||
if (isset($error_message) && $error_message === FALSE) {
|
if (isset($error_message) && $error_message === FALSE) {
|
||||||
?>
|
if (isset($_GET["mdp_oublie"]))
|
||||||
Connexion réussie !
|
echo "Le mail de récupération de mot de passe a bien été envoyé.";
|
||||||
<?php } else if (isset($_SESSION["user_id"])) { ?>
|
else if (isset($_POST["reset_password"]))
|
||||||
|
echo "Le mot de passe a bien été changé. Vous pouvez désormais vous connecter.";
|
||||||
|
else
|
||||||
|
echo "Connexion réussie !";
|
||||||
|
}
|
||||||
|
else if (isset($_SESSION["user_id"])) { ?>
|
||||||
<h2>Vous êtes déjà connecté !</h2>
|
<h2>Vous êtes déjà connecté !</h2>
|
||||||
|
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
|
|
||||||
<form method="POST">
|
<?php if (isset($_GET["mdp_oublie"])) { ?>
|
||||||
|
<form method="POST">
|
||||||
|
<table style="width: 100%;">
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td style="width: 30%;">
|
||||||
|
<label for="email">E-mail associée au compte :</label>
|
||||||
|
</td>
|
||||||
|
<td style="width: 70%;">
|
||||||
|
<input style="width: 100%;" type="email" id="email" name="email" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2">
|
||||||
|
<input style="width: 100%;" type="submit" name="forgotten_password" value="Envoyer l'e-mail de récupération" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<?php } else if (isset($_GET["reset_password"])) { ?>
|
||||||
|
<form method="POST">
|
||||||
|
<input type="hidden" name="token" value="<?= $_GET["token"] ?>" />
|
||||||
|
<table style="width: 100%;">
|
||||||
|
<tbody>
|
||||||
|
<tr>
|
||||||
|
<td style="width: 30%;">
|
||||||
|
<label for="password">Nouveau mot de passe :</label>
|
||||||
|
</td>
|
||||||
|
<td style="width: 70%;">
|
||||||
|
<input style="width: 100%;" type="password" id="password" name="password" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td style="width: 30%;">
|
||||||
|
<label for="confirm_password">Confirmer le mot de passe :</label>
|
||||||
|
</td>
|
||||||
|
<td style="width: 70%;">
|
||||||
|
<input style="width: 100%;" type="password" id="confirm_password" name="confirm_password" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan="2">
|
||||||
|
<input style="width: 100%;" type="submit" name="reset_password" value="Changer le mot de passe" />
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
</tbody>
|
||||||
|
</table>
|
||||||
|
</form>
|
||||||
|
<?php } else { ?>
|
||||||
|
<form method="POST">
|
||||||
<input type="hidden" name="submitted" value="true" />
|
<input type="hidden" name="submitted" value="true" />
|
||||||
<table style="width: 100%;">
|
<table style="width: 100%;">
|
||||||
<tr>
|
<tr>
|
||||||
@@ -66,13 +182,17 @@ if (isset($error_message) && $error_message === FALSE) {
|
|||||||
<td><input style="width: 100%;" type="password" id="password" name="password" /></td>
|
<td><input style="width: 100%;" type="password" id="password" name="password" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td colspan="2"><a href="<?= $URL_BASE ?>/connexion/mdp_oublie">Mot de passe oublié ?</a></td>
|
<td colspan="2">
|
||||||
|
<!--suppress HtmlUnknownTarget -->
|
||||||
|
<a href="<?= $URL_BASE ?>/connexion/mdp_oublie">Mot de passe oublié ?</a>
|
||||||
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
<tr>
|
<tr>
|
||||||
<td colspan="2"><input style="width: 100%;" type="submit" value="Se connecter" /></td>
|
<td colspan="2"><input style="width: 100%;" type="submit" value="Se connecter" /></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
</form>
|
</form>
|
||||||
|
<?php } ?>
|
||||||
|
|
||||||
<?php include "footer.php" ?>
|
<?php include "footer.php" ?>
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user