Amélioration du code de la page de connexion

2025-08-04 05:20:16 +02:00 · 2019-09-09 00:41:52 +02:00
parent fbabdff69c
commit 190039a5e8
15 changed files with 270 additions and 259 deletions
--- a/server_files/controllers/connexion.php
+++ b/server_files/controllers/connexion.php
@@ -1,120 +1,170 @@
 <?php

-// TODO Arranger tout ça
+$has_error = false;
+$error_message = null;

 if (isset($_POST["submitted"]) && !isset($_SESSION["user_id"])) {
-    $error_message = login();
+	$logging_in_user = new LoggingInUser($_POST);
+	try {
+		$logging_in_user->makeVerifications();
+		$logging_in_user->login();
+	} catch (AssertionError $e) {
+		$has_error = true;
+		$error_message = $e->getMessage();
+	}
 }

 if (isset($_POST["forgotten_password"]) && !isset($_SESSION["user_id"])) {
-    $error_message = recuperateAccount();
+	$recuperate_account = new RecuperateAccount($_POST);
+	try {
+		$recuperate_account->makeVerifications();
+		$recuperate_account->recuperateAccount();
+	} catch (AssertionError $e) {
+		$has_error = true;
+		$error_message = $e->getMessage();
+	}
 }

 if (isset($_GET["reset_password"]) && isset($_GET["token"]) && !isset($_SESSION["user_id"])) {
-	$reset_data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . htmlspecialchars($_GET["token"]) . "';")->fetch();
-    if ($reset_data === FALSE) {
-        header("Location: $URL_BASE/connexion");
-        exit();
-    }
-    
-    if (isset($_POST["reset_password"]))
-        $error_message = resetPassword();
-}
-
-if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"])) {
-    $error_message = sendConfirmEmail();
-}
-
-function login() {
-    global $URL_BASE;
-
-    $email = htmlspecialchars($_POST["email"]);
-
-    if (!filter_var($email, FILTER_VALIDATE_EMAIL))
-        return "L'email entrée est invalide.";
-
-    $password = htmlspecialchars($_POST["password"]);
-
-    $user = User::fromEmail($email);
-	if ($user === null)
-        return "Le compte n'existe pas.";
-    
-    if ($user->getConfirmEmailToken() !== NULL) {
-		$_SESSION["confirm_email"] = $email;
-		return "L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). <a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.";
+	$reset_password = new ResetPassword($_GET, $_POST);
+	try {
+		$reset_password->makeVerifications();
+		if (isset($_POST["password"]))
+			$reset_password->resetPassword();
+	} catch (AssertionError $e) {
+		$has_error = true;
+		$error_message = $e->getMessage();
 	}
-    
-    if (!$user->checkPassword($password))
-        return "Le mot de passe est incorrect.";
-
-    $_SESSION["user_id"] = $user->getId();
-	loadUserValues();
-
-    return false;
 }

-function recuperateAccount() {
-	$email = htmlspecialchars($_POST["email"]);
-	
-	if (!filter_var($email, FILTER_VALIDATE_EMAIL))
-		return "L'email entrée est invalide.";
-	
-	$user = User::fromEmail($email);
-	if ($user == null)
-	    return "Le compte n'existe pas.";
-    
-	$token = uniqid();
+if (isset($_GET["confirmation-mail"]) && !isset($_SESSION["user_id"]))
+	sendConfirmEmail();

-	$user->setForgottenPasswordToken($token);
+class LoggingInUser
+{
+	public $email;
+	/** @var User $user */
+	public $user;
+	private $password;

-	Mailer::sendForgottenPasswordProcedureMail($user);
-	
-	return false;
+	public function __construct($data)
+	{
+		foreach ($data as $key => $value)
+			$this->$key = htmlspecialchars($value);
+	}
+
+	public function makeVerifications()
+	{
+		global $URL_BASE;
+
+		ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
+		$this->user = User::fromEmail($this->email);
+		ensure($this->user != null, "Le compte n'existe pas.");
+		ensure($this->user->checkPassword($this->password), "Le mot de passe est incorrect.");
+		if ($this->user->getConfirmEmailToken() != null) {
+			$_SESSION["confirm_email"] = $this->email;
+			throw new AssertionError("L'adresse mail n'a pas été validée. Veuillez vérifier votre boîte mail (surtout vos spams). "
+				. "<a href=\"$URL_BASE/connexion/confirmation-mail\">Cliquez ici pour renvoyer le mail de confirmation</a>.");
+		}
+	}
+
+	public function login()
+	{
+		$_SESSION["user_id"] = $this->user->getId();
+		loadUserValues();
+	}
 }

-function resetPassword() {
-	global $reset_data;
+class RecuperateAccount
+{
+	public $email;
+	/** @var User $user */
+	public $user;

-    $id = $reset_data["id"];
-    $password = htmlspecialchars($_POST["password"]);
-    $confirm = htmlspecialchars($_POST["confirm_password"]);
-	
-	if (strlen($password) < 8)
-		return "Le mot de passe doit comporter au moins 8 caractères.";
-	
-	if ($password != $confirm)
-		return "Les deux mots de passe sont différents.";
+	public function __construct($data)
+	{
+		foreach ($data as $key => $value)
+			$this->$key = htmlspecialchars($value);
+	}

-	$user = User::fromId($id);
-	$user->setForgottenPasswordToken(null);
-	$user->setPassword($password);
+	public function makeVerifications()
+	{
+		ensure(filter_var($this->email, FILTER_VALIDATE_EMAIL), "L'adresse email est invalide.");
+		$this->user = User::fromEmail($this->email);
+		ensure($this->user != null, "Le compte n'existe pas.");
+	}

-	Mailer::sendChangePasswordMail($user);
-	
-	return false;
+	public function recuperateAccount()
+	{
+		$token = genRandomPhrase(64);
+		$this->user->setForgottenPasswordToken($token);
+		Mailer::sendForgottenPasswordProcedureMail($this->user);
+	}
 }

-function sendConfirmEmail() {
+class ResetPassword
+{
+	public $token;
+	/** @var User $user */
+	public $user;
+	private $password;
+	private $confirm_password;
+
+	public function __construct($data, $data2)
+	{
+		foreach ($data as $key => $value)
+			$this->$key = htmlspecialchars($value);
+		foreach ($data2 as $key => $value)
+			$this->$key = htmlspecialchars($value);
+	}
+
+	public function makeVerifications()
+	{
+		global $DB;
+		$data = $DB->query("SELECT `id` FROM `users` WHERE `forgotten_password` = '" . $this->token . "';")->fetch();
+		ensure($data !== false, "Il n'y a pas de compte à récupérer avec ce jeton.");
+		$this->user = User::fromId($data["id"]);
+
+		if ($this->password == null)
+			return;
+
+		ensure($this->password == $this->confirm_password, "Les deux mots de passe sont différents.");
+		ensure(strlen($this->password) >= 8, "Le mot de passe doit comporter au moins 8 caractères.");
+	}
+
+	public function resetPassword()
+	{
+		$this->user->setForgottenPasswordToken(null);
+		$this->user->setPassword($this->password);
+
+		Mailer::sendChangePasswordMail($this->user);
+
+		return false;
+	}
+}
+
+function sendConfirmEmail()
+{
 	global $URL_BASE;
-    
-    $email = htmlspecialchars($_SESSION["confirm_email"]);
-    
-    if (!isset($email)) {
-        header("Location: $URL_BASE/connexion");
-        exit();
-    }

-    $user = User::fromEmail($email);
-    
-    if ($user === null) {
-        unset($_SESSION["confirm_email"]);
+	$email = htmlspecialchars($_SESSION["confirm_email"]);
+
+	if (!isset($email)) {
 		header("Location: $URL_BASE/connexion");
 		exit();
-    }
+	}
+
+	$user = User::fromEmail($email);
+
+	if ($user === null) {
+		unset($_SESSION["confirm_email"]);
+		header("Location: $URL_BASE/connexion");
+		exit();
+	}

 	Mailer::sendConfirmEmail($user);
-    
-    return false;
+
+	return false;
 }

 require_once "server_files/views/connexion.php";