mirror of
https://gitlab.com/animath/si/plateforme.git
synced 2025-06-22 15:58:24 +02:00
Utilisation des nouvelles classes, amélioration du code
This commit is contained in:
galaxyoyo
@ -8,102 +8,96 @@ if (isset($_POST["submitted"])) {
|
||||
$error_message = updatePassword();
|
||||
}
|
||||
|
||||
if (isset($_SESSION["user_id"])) {
|
||||
$result = $DB->query("SELECT * FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "';");
|
||||
$user_data = $result->fetch();
|
||||
}
|
||||
else
|
||||
if (!isset($_SESSION["user_id"]))
|
||||
require_once "../403.php";
|
||||
|
||||
/** @var User $user */
|
||||
$user = $_SESSION["user"];
|
||||
|
||||
function updateAccount()
|
||||
{
|
||||
global $DB, $URL_BASE, $MAIL_ADDRESS;
|
||||
|
||||
if (!isset($_SESSION["user_id"]))
|
||||
return "Vous n'êtes pas connecté.";
|
||||
|
||||
$ID = $_SESSION["user_id"];
|
||||
global $URL_BASE, $MAIL_ADDRESS, $user;
|
||||
|
||||
$surname = htmlspecialchars($_POST["surname"]);
|
||||
if (isset($surname) && $surname != "")
|
||||
$DB->prepare("UPDATE `users` SET `surname` = ? WHERE `id` = ?;")->execute([$surname, $ID]);
|
||||
$user->setSurname($surname);
|
||||
|
||||
$first_name = htmlspecialchars($_POST["firstname"]);
|
||||
if (isset($first_name) && $first_name != "")
|
||||
$DB->prepare("UPDATE `users` SET `first_name` = ? WHERE `id` = ?;")->execute([$first_name, $ID]);
|
||||
$user->setFirstName($first_name);
|
||||
|
||||
$birth_date = htmlspecialchars($_POST["birth_date"]);
|
||||
if (isset($birth_date) && $birth_date != "")
|
||||
$DB->prepare("UPDATE `users` SET `birth_date` = ? WHERE `id` = ?;")->execute([$birth_date, $ID]);
|
||||
$user->setBirthDate($birth_date);
|
||||
|
||||
if (isset($_POST["gender"])) {
|
||||
$gender = htmlspecialchars($_POST["gender"]);
|
||||
if (isset($gender) && ($gender == "M" || $gender == "F"))
|
||||
$DB->prepare("UPDATE `users` SET `gender` = ? WHERE `id` = ?;")->execute([$gender, $ID]);
|
||||
$user->setGender($gender);
|
||||
}
|
||||
|
||||
$address = htmlspecialchars($_POST["address"]);
|
||||
if (isset($address) && $address != "")
|
||||
$DB->prepare("UPDATE `users` SET `address` = ? WHERE `id` = ?;")->execute([$address, $ID]);
|
||||
$user->setAddress($address);
|
||||
|
||||
$postal_code = htmlspecialchars($_POST["postal_code"]);
|
||||
if (isset($postal_code) && $postal_code != "")
|
||||
$DB->prepare("UPDATE `users` SET `postal_code` = ? WHERE `id` = ?;")->execute([$postal_code, $ID]);
|
||||
$user->setPostalCode($postal_code);
|
||||
|
||||
$city = htmlspecialchars($_POST["city"]);
|
||||
if (isset($city) && $city != "")
|
||||
$DB->prepare("UPDATE `users` SET `city` = ? WHERE `id` = ?;")->execute([$city, $ID]);
|
||||
$user->setCity($city);
|
||||
|
||||
$country = htmlspecialchars($_POST["country"]);
|
||||
if (isset($country) && $country != "")
|
||||
$DB->prepare("UPDATE `users` SET `country` = ? WHERE `id` = ?;")->execute([$country, $ID]);
|
||||
$user->setCountry($country);
|
||||
|
||||
$phone_number = htmlspecialchars($_POST["phone_number"]);
|
||||
if (isset($phone_number) && $phone_number != "")
|
||||
$DB->prepare("UPDATE `users` SET `phone_number` = ? WHERE `id` = ?;")->execute([$phone_number, $ID]);
|
||||
$user->setPhoneNumber($phone_number);
|
||||
|
||||
if (isset($_POST["school"])) {
|
||||
$school = htmlspecialchars($_POST["school"]);
|
||||
if (isset($school) && $school != "")
|
||||
$DB->prepare("UPDATE `users` SET `school` = ? WHERE `id` = ?;")->execute([$school, $ID]);
|
||||
$user->setSchool($school);
|
||||
}
|
||||
|
||||
if (isset($_POST["class"])) {
|
||||
$class = htmlspecialchars($_POST["class"]);
|
||||
if (isset($class) && ($class == "terminale" || $class == "premiere" || $class == "seconde"))
|
||||
$DB->prepare("UPDATE `users` SET `class` = ? WHERE `id` = ?;")->execute([strtoupper($class), $ID]);
|
||||
$user->setClass($class);
|
||||
}
|
||||
|
||||
if (isset($_POST["responsible_name"])) {
|
||||
$responsible_name = htmlspecialchars($_POST["responsible_name"]);
|
||||
if (isset($responsible_name) && $responsible_name != "")
|
||||
$DB->prepare("UPDATE `users` SET `responsible_name` = ? WHERE `id` = ?;")->execute([$responsible_name, $ID]);
|
||||
$user->setResponsibleName($responsible_name);
|
||||
}
|
||||
|
||||
if (isset($_POST["responsible_phone"])) {
|
||||
$responsible_phone = htmlspecialchars($_POST["responsible_phone"]);
|
||||
if (isset($responsible_phone) && $responsible_phone != "")
|
||||
$DB->prepare("UPDATE `users` SET `responsible_phone` = ? WHERE `id` = ?;")->execute([$responsible_phone, $ID]);
|
||||
$user->setResponsiblePhone($responsible_phone);
|
||||
}
|
||||
|
||||
if (isset($_POST["responsible_email"])) {
|
||||
$responsible_email = htmlspecialchars($_POST["responsible_email"]);
|
||||
if (isset($responsible_email) && $responsible_email != "")
|
||||
$DB->prepare("UPDATE `users` SET `responsible_email` = ? WHERE `id` = ?;")->execute([$responsible_email, $ID]);
|
||||
$user->setResponsibleEmail($responsible_email);
|
||||
}
|
||||
|
||||
if (isset($_POST["description"])) {
|
||||
$description = htmlspecialchars($_POST["description"]);
|
||||
if (isset($description) && $description != "")
|
||||
$DB->prepare("UPDATE `users` SET `description` = ? WHERE `id` = ?;")->execute([$description, $ID]);
|
||||
$user->setDescription($description);
|
||||
}
|
||||
|
||||
$email = htmlspecialchars($_POST["email"]);
|
||||
if (isset($email) && $email != "" && filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
||||
$confirm_email_uid = uniqid();
|
||||
$DB->prepare("UPDATE `users` SET `email` = ?, `confirm_email` = ? WHERE `id` = ?;")->execute([$email, $confirm_email_uid, $ID]);
|
||||
$confirm_email_token = uniqid();
|
||||
$user->setConfirmEmailToken($confirm_email_token);
|
||||
|
||||
$msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_uid";
|
||||
$msg = "Vous venez de changer votre adresse mail. Veuillez désormais confirmer votre adresse mail en cliquant ici : $URL_BASE/confirmer_mail/$confirm_email_token";
|
||||
mail($email, "Changement d'adresse mail - TFJM²", $msg, "From: $MAIL_ADDRESS\r\n");
|
||||
}
|
||||
|
||||
@ -112,17 +106,13 @@ function updateAccount()
|
||||
|
||||
function updatePassword()
|
||||
{
|
||||
global $DB, $YEAR;
|
||||
global $user;
|
||||
|
||||
$old = htmlspecialchars($_POST["old_password"]);
|
||||
$new = htmlspecialchars($_POST["new_password"]);
|
||||
$confirm = htmlspecialchars($_POST["confirm_password"]);
|
||||
|
||||
$result = $DB->query("SELECT `pwd_hash` FROM `users` WHERE `id` = '" . $_SESSION["user_id"] . "' AND `year` = '$YEAR';");
|
||||
if (($data = $result->fetch()) === FALSE)
|
||||
return "Le compte n'existe pas.";
|
||||
|
||||
if (!password_verify($old, $data["pwd_hash"]))
|
||||
if (!$user->checkPassword($old))
|
||||
return "L'ancien mot de passe est incorrect.";
|
||||
|
||||
if (strlen($new) < 8)
|
||||
@ -131,9 +121,7 @@ function updatePassword()
|
||||
if ($new != $confirm)
|
||||
return "Les deux mots de passe sont différents.";
|
||||
|
||||
$hash = password_hash($new, PASSWORD_BCRYPT);
|
||||
|
||||
$DB->prepare("UPDATE `users` SET `pwd_hash` = ? WHERE `id` = ?;")->execute([$hash, $_SESSION["user_id"]]);
|
||||
$user->setPassword($new);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user