mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2025-11-04 00:52:03 +01:00
Amélioration du code de la page de connexion
This commit is contained in:
galaxyoyo
@@ -46,10 +46,7 @@ class NewTeam {
|
||||
public function register() {
|
||||
global $DB, $YEAR;
|
||||
|
||||
$alphabet = "0123456789abcdefghijkmnopqrstuvwxyz0123456789";
|
||||
$this->access_code = "";
|
||||
for ($i = 0; $i < 6; ++$i)
|
||||
$this->access_code .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
$this->access_code = genRandomPhrase(6);
|
||||
|
||||
$req = $DB->prepare("INSERT INTO `teams` (`name`, `trigram`, `tournament`, `encadrant_1`, `participant_1`, `validation_status`, `access_code`, `year`)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?, ?);");
|
||||
|
||||
@@ -44,10 +44,7 @@ class NewOrganizer {
|
||||
public function register() {
|
||||
global $DB, $YEAR;
|
||||
|
||||
$alphabet = "0123456789abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
||||
$this->password = "";
|
||||
for ($i = 0; $i < 16; ++$i)
|
||||
$this->password .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
$this->password = genRandomPhrase(16, true);
|
||||
|
||||
$req = $DB->prepare("INSERT INTO `users`(`email`, `pwd_hash`, `surname`, `first_name`, `role`, `year`)
|
||||
VALUES (?, ?, ?, ?, ?, ?);");
|
||||
|
||||
@@ -1,120 +1,170 @@
|
||||
<?php
|
||||
|
||||
// TODO Arranger tout ça
|
||||
$has_error = false;
|
||||
$error_message = null;
|
||||
|
||||
if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
|
||||
$error_message = login();
|
||||
$logging_in_user = new LoggingInUser($_POST);
|
||||
try {
|
||||
$logging_in_user->makeVerifications();
|
||||
$logging_in_user->login();
|
||||
} catch (AssertionError $e) {
|
||||
$has_error = true;
|
||||
$error_message = $e->getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
|
||||
$error_message = recuperateAccount();
|
||||
$recuperate_account = new RecuperateAccount($_POST);
|
||||
try {
|
||||
$recuperate_account->makeVerifications();
|
||||
$recuperate_account->recuperateAccount();
|
||||
} catch (AssertionError $e) {
|
||||
$has_error = true;
|
||||
$error_message = $e->getMessage();
|
||||
}
|
||||
}
|
||||
|
||||
if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
|
||||
$reset_data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
|
||||
if ($reset_data === FALSE) {
|
||||
header("Location: $URL_BASE/connexion");
|
||||
exit();
|
||||
}
|
||||
|
||||
if (isset($_POST["reset_password"]))
|
||||
$error_message = resetPassword();
|
||||
}
|
||||
|
||||
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) {
|
||||
$error_message = sendConfirmEmail();
|
||||
}
|
||||
|
||||
function login() {
|
||||
global $URL_BASE;
|
||||
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
||||
return "L'email entrée est invalide.";
|
||||
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
|
||||
$user = User::fromEmail($email);
|
||||
if ($user === null)
|
||||
return "Le compte n'existe pas.";
|
||||
|
||||
if ($user->getConfirmEmailToken() !== NULL) {
|
||||
$_SESSION["confirm_email"] = $email;
|
||||
return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.";
|
||||
$reset_password = new ResetPassword($_GET, $_POST);
|
||||
try {
|
||||
$reset_password->makeVerifications();
|
||||
if (isset($_POST["password"]))
|
||||
$reset_password->resetPassword();
|
||||
} catch (AssertionError $e) {
|
||||
$has_error = true;
|
||||
$error_message = $e->getMessage();
|
||||
}
|
||||
|
||||
if (!$user->checkPassword($password))
|
||||
return "Le mot de passe est incorrect.";
|
||||
|
||||
$_SESSION["user_id"] = $user->getId();
|
||||
loadUserValues();
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
function recuperateAccount() {
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
|
||||
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
|
||||
return "L'email entrée est invalide.";
|
||||
|
||||
$user = User::fromEmail($email);
|
||||
if ($user == null)
|
||||
return "Le compte n'existe pas.";
|
||||
|
||||
$token = uniqid();
|
||||
if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"]))
|
||||
sendConfirmEmail();
|
||||
|
||||
$user->setForgottenPasswordToken($token);
|
||||
class LoggingInUser
|
||||
{
|
||||
public $email;
|
||||
/** @var User $user */
|
||||
public $user;
|
||||
private $password;
|
||||
|
||||
Mailer::sendForgottenPasswordProcedureMail($user);
|
||||
|
||||
return false;
|
||||
public function __construct($data)
|
||||
{
|
||||
foreach ($data as $key => $value)
|
||||
$this->$key = htmlspecialchars($value);
|
||||
}
|
||||
|
||||
public function makeVerifications()
|
||||
{
|
||||
global $URL_BASE;
|
||||
|
||||
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
|
||||
$this->user = User::fromEmail($this->email);
|
||||
ensure($this->user != null, "Le compte n'existe pas.");
|
||||
ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect.");
|
||||
if ($this->user->getConfirmEmailToken() != null) {
|
||||
$_SESSION["confirm_email"] = $this->email;
|
||||
throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). "
|
||||
. "<a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.");
|
||||
}
|
||||
}
|
||||
|
||||
public function login()
|
||||
{
|
||||
$_SESSION["user_id"] = $this->user->getId();
|
||||
loadUserValues();
|
||||
}
|
||||
}
|
||||
|
||||
function resetPassword() {
|
||||
global $reset_data;
|
||||
class RecuperateAccount
|
||||
{
|
||||
public $email;
|
||||
/** @var User $user */
|
||||
public $user;
|
||||
|
||||
$id = $reset_data["id"];
|
||||
$password = htmlspecialchars($_POST["password"]);
|
||||
$confirm = htmlspecialchars($_POST["confirm_password"]);
|
||||
|
||||
if (strlen($password) < 8)
|
||||
return "Le mot de passe doit comporter au moins 8 caractères.";
|
||||
|
||||
if ($password != $confirm)
|
||||
return "Les deux mots de passe sont différents.";
|
||||
public function __construct($data)
|
||||
{
|
||||
foreach ($data as $key => $value)
|
||||
$this->$key = htmlspecialchars($value);
|
||||
}
|
||||
|
||||
$user = User::fromId($id);
|
||||
$user->setForgottenPasswordToken(null);
|
||||
$user->setPassword($password);
|
||||
public function makeVerifications()
|
||||
{
|
||||
ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
|
||||
$this->user = User::fromEmail($this->email);
|
||||
ensure($this->user != null, "Le compte n'existe pas.");
|
||||
}
|
||||
|
||||
Mailer::sendChangePasswordMail($user);
|
||||
|
||||
return false;
|
||||
public function recuperateAccount()
|
||||
{
|
||||
$token = genRandomPhrase(64);
|
||||
$this->user->setForgottenPasswordToken($token);
|
||||
Mailer::sendForgottenPasswordProcedureMail($this->user);
|
||||
}
|
||||
}
|
||||
|
||||
function sendConfirmEmail() {
|
||||
class ResetPassword
|
||||
{
|
||||
public $token;
|
||||
/** @var User $user */
|
||||
public $user;
|
||||
private $password;
|
||||
private $confirm_password;
|
||||
|
||||
public function __construct($data, $data2)
|
||||
{
|
||||
foreach ($data as $key => $value)
|
||||
$this->$key = htmlspecialchars($value);
|
||||
foreach ($data2 as $key => $value)
|
||||
$this->$key = htmlspecialchars($value);
|
||||
}
|
||||
|
||||
public function makeVerifications()
|
||||
{
|
||||
global $DB;
|
||||
$data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch();
|
||||
ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton.");
|
||||
$this->user = User::fromId($data["id"]);
|
||||
|
||||
if ($this->password == null)
|
||||
return;
|
||||
|
||||
ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents.");
|
||||
ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères.");
|
||||
}
|
||||
|
||||
public function resetPassword()
|
||||
{
|
||||
$this->user->setForgottenPasswordToken(null);
|
||||
$this->user->setPassword($this->password);
|
||||
|
||||
Mailer::sendChangePasswordMail($this->user);
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function sendConfirmEmail()
|
||||
{
|
||||
global $URL_BASE;
|
||||
|
||||
$email = htmlspecialchars($_SESSION["confirm_email"]);
|
||||
|
||||
if (!isset($email)) {
|
||||
header("Location: $URL_BASE/connexion");
|
||||
exit();
|
||||
}
|
||||
|
||||
$user = User::fromEmail($email);
|
||||
|
||||
if ($user === null) {
|
||||
unset($_SESSION["confirm_email"]);
|
||||
$email = htmlspecialchars($_SESSION["confirm_email"]);
|
||||
|
||||
if (!isset($email)) {
|
||||
header("Location: $URL_BASE/connexion");
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$user = User::fromEmail($email);
|
||||
|
||||
if ($user === null) {
|
||||
unset($_SESSION["confirm_email"]);
|
||||
header("Location: $URL_BASE/connexion");
|
||||
exit();
|
||||
}
|
||||
|
||||
Mailer::sendConfirmEmail($user);
|
||||
|
||||
return false;
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
require_once "server_files/views/connexion.php";
|
||||
|
||||
@@ -24,14 +24,8 @@ if (isset($_POST["select"])) {
|
||||
$sols_req->execute([$team->getId(), $team->getTournamentId()]);
|
||||
while (($sol_data = $sols_req->fetch()) !== false) {
|
||||
$old_id = $sol_data["file_id"];
|
||||
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
|
||||
|
||||
do {
|
||||
$id = "";
|
||||
for ($i = 0; $i < 64; ++$i) {
|
||||
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
}
|
||||
}
|
||||
do
|
||||
$id = genRandomPhrase(64);
|
||||
while (file_exists("$LOCAL_PATH/files/$id"));
|
||||
|
||||
copy("$LOCAL_PATH/files/$old_id", "$LOCAL_PATH/files/$id");
|
||||
|
||||
@@ -73,7 +73,7 @@ class NewUser
|
||||
}
|
||||
}
|
||||
|
||||
$this->confirm_email_token = uniqid();
|
||||
$this->confirm_email_token = genRandomPhrase(64);
|
||||
}
|
||||
|
||||
public function register()
|
||||
|
||||
@@ -92,7 +92,7 @@ function updateAccount()
|
||||
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$confirm_email_token = uniqid();
|
||||
$confirm_email_token = genRandomPhrase(64);
|
||||
$user->setEmail($email);
|
||||
$user->setConfirmEmailToken($confirm_email_token);
|
||||
|
||||
|
||||
@@ -56,15 +56,10 @@ function sendDocument()
|
||||
|
||||
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
|
||||
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
|
||||
|
||||
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
|
||||
|
||||
do {
|
||||
$id = "";
|
||||
for ($i = 0; $i < 64; ++$i) {
|
||||
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
}
|
||||
} while (file_exists("$LOCAL_PATH/files/$id"));
|
||||
|
||||
do
|
||||
$id = genRandomPhrase(64);
|
||||
while (file_exists("$LOCAL_PATH/files/$id"));
|
||||
|
||||
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
|
||||
return "Une erreur est survenue lors de l'envoi du fichier.";
|
||||
|
||||
@@ -42,14 +42,8 @@ function saveSolution() {
|
||||
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
|
||||
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
|
||||
|
||||
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
|
||||
|
||||
do {
|
||||
$id = "";
|
||||
for ($i = 0; $i < 64; ++$i) {
|
||||
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
}
|
||||
}
|
||||
do
|
||||
$id = genRandomPhrase(64);
|
||||
while (file_exists("$LOCAL_PATH/files/$id"));
|
||||
|
||||
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
|
||||
|
||||
@@ -38,14 +38,8 @@ function saveSynthesis() {
|
||||
if (!is_dir("$LOCAL_PATH/files") && !mkdir("$LOCAL_PATH/files"))
|
||||
return "Les droits sont insuffisants. Veuillez contacter l'administrateur du serveur.";
|
||||
|
||||
$alphabet = "abcdefghijklmnopqrstuvwxyz0123456789";
|
||||
|
||||
do {
|
||||
$id = "";
|
||||
for ($i = 0; $i < 64; ++$i) {
|
||||
$id .= $alphabet[rand(0, strlen($alphabet) - 1)];
|
||||
}
|
||||
}
|
||||
do
|
||||
$id = genRandomPhrase(64);
|
||||
while (file_exists("$LOCAL_PATH/files/$id"));
|
||||
|
||||
if (!rename($file["tmp_name"], "$LOCAL_PATH/files/$id"))
|
||||
|
||||
Reference in New Issue
Block a user