2019-10-29 14:57:13 +01:00
|
|
|
<?php
|
|
|
|
namespace controllers\publics;
|
|
|
|
|
|
|
|
/**
|
2019-10-29 18:36:25 +01:00
|
|
|
* Page de connexion
|
|
|
|
*/
|
|
|
|
class Connect extends \descartes\Controller
|
|
|
|
{
|
|
|
|
/**
|
|
|
|
* Cette fonction est appelée avant toute les autres :
|
|
|
|
* @return void;
|
|
|
|
*/
|
|
|
|
public function _before()
|
2019-10-29 14:57:13 +01:00
|
|
|
{
|
|
|
|
global $bdd;
|
|
|
|
global $model;
|
|
|
|
$this->bdd = $bdd;
|
|
|
|
$this->model = $model;
|
|
|
|
|
|
|
|
$this->internal_user = new \controllers\internals\User($this->bdd);
|
|
|
|
}
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
/**
|
|
|
|
* Cette fonction retourne la fenetre de connexion
|
|
|
|
*/
|
|
|
|
public function login()
|
|
|
|
{
|
|
|
|
$this->render('connect/login');
|
|
|
|
}
|
2019-10-29 14:57:13 +01:00
|
|
|
|
|
|
|
/**
|
2019-10-29 18:36:25 +01:00
|
|
|
* Cette fonction connecte un utilisateur, et le redirige sur la page d'accueil
|
|
|
|
* @param string $_POST['mail'] : L'email de l'utilisateur
|
|
|
|
* @param string $_POST['password'] : Le mot de passe de l'utilisateur
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function connection()
|
|
|
|
{
|
|
|
|
$email = $_POST['mail'] ?? false;
|
2019-10-29 14:57:13 +01:00
|
|
|
$password = $_POST['password'] ?? false;
|
|
|
|
|
|
|
|
$user = $this->internal_user->check_credentials($email, $password);
|
2019-10-29 18:36:25 +01:00
|
|
|
if (!$user) {
|
2019-10-29 14:57:13 +01:00
|
|
|
\modules\DescartesSessionMessages\internals\DescartesSessionMessages::push('danger', 'Email ou mot de passe invalide.');
|
2019-10-29 18:36:25 +01:00
|
|
|
return header('Location: ' . \descartes\Router::url('Connect', 'login'));
|
|
|
|
}
|
2019-10-29 14:57:13 +01:00
|
|
|
|
|
|
|
$_SESSION['connect'] = true;
|
|
|
|
$_SESSION['user'] = $user;
|
2019-10-29 18:36:25 +01:00
|
|
|
$_SESSION['csrf'] = str_shuffle(uniqid().uniqid());
|
2019-10-29 14:57:13 +01:00
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
return header('Location: ' . \descartes\Router::url('Dashboard', 'show'));
|
|
|
|
}
|
2019-10-29 14:57:13 +01:00
|
|
|
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
/**
|
|
|
|
* Cette fonction retourne la fenetre de changement de password
|
|
|
|
* @return void;
|
|
|
|
*/
|
|
|
|
public function forget_password()
|
|
|
|
{
|
|
|
|
$this->render('connect/forget-password');
|
2019-10-29 14:57:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Cette fonction envoi un email contenant un lien pour re-générer un password oublié
|
|
|
|
* @param string $csrf : jeton csrf
|
|
|
|
* @param string $_POST['email'] : L'email pour lequel on veut envoyer un nouveau password
|
|
|
|
*/
|
2019-10-29 18:36:25 +01:00
|
|
|
public function send_reset_password($csrf)
|
2019-10-29 14:57:13 +01:00
|
|
|
{
|
2019-10-29 18:36:25 +01:00
|
|
|
if (!$this->verifyCSRF($csrf)) {
|
2019-10-29 14:57:13 +01:00
|
|
|
\modules\DescartesSessionMessages\internals\DescartesSessionMessages::push('danger', 'Jeton CSRF invalid !');
|
2019-10-29 18:36:25 +01:00
|
|
|
header('Location: ' . \descartes\Router::url('Connect', 'forget_password'));
|
2019-10-29 14:57:13 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$email = $_POST['email'] ?? false;
|
|
|
|
$user = $this->internal_user->get_by_email($email);
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
if (!$email || !$user) {
|
2019-10-29 14:57:13 +01:00
|
|
|
\modules\DescartesSessionMessages\internals\DescartesSessionMessages::push('danger', 'Aucun utilisateur n\'existe pour cette adresse mail.');
|
2019-10-29 18:36:25 +01:00
|
|
|
header('Location: ' . \descartes\Router::url('Connect', 'forget_password'));
|
2019-10-29 14:57:13 +01:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
|
|
|
|
$token = $Tokenista->generate(3600, ['user_id' => $user['id']]);
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
$reset_link = \descartes\Router::url('Connect', 'reset_password', ['user_id' => $user['id'], 'token' => $token]);
|
2019-10-29 14:57:13 +01:00
|
|
|
|
|
|
|
\controllers\internals\Tool::send_email($email, EMAIL_RESET_PASSWORD, ['reset_link' => $reset_link]);
|
|
|
|
|
|
|
|
return $this->render('connect/send-reset-password');
|
|
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Cette fonction permet à un utilisateur de re-définir son mot de passe
|
|
|
|
* @param int $user_id : L'id du user dont on veut modifier le password
|
|
|
|
* @param string $token : Le token permetttant de vérifier que l'opération est légitime
|
|
|
|
* @param optionnal $_POST['password'] : Le nouveau password à utiliser
|
|
|
|
*/
|
2019-10-29 18:36:25 +01:00
|
|
|
public function reset_password($user_id, $token)
|
2019-10-29 14:57:13 +01:00
|
|
|
{
|
|
|
|
$password = $_POST['password'] ?? false;
|
|
|
|
|
|
|
|
$Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
if (!$Tokenista->isValid($token, ['user_id' => $user_id])) {
|
2019-10-29 14:57:13 +01:00
|
|
|
return $this->render('connect/reset-password-invalid');
|
|
|
|
}
|
|
|
|
|
2019-10-29 18:36:25 +01:00
|
|
|
if (!$password) {
|
2019-10-29 14:57:13 +01:00
|
|
|
return $this->render('connect/reset-password');
|
|
|
|
}
|
|
|
|
|
|
|
|
$this->internal_user->update_password($user_id, $password);
|
|
|
|
return $this->render('connect/reset-password-done');
|
|
|
|
}
|
2019-10-29 18:36:25 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Cette fonction déconnecte un utilisateur et le renvoie sur la page d'accueil
|
|
|
|
* @return void
|
|
|
|
*/
|
|
|
|
public function logout()
|
|
|
|
{
|
|
|
|
session_unset();
|
|
|
|
session_destroy();
|
|
|
|
header('Location: ' . \descartes\Router::url('Connect', 'login'));
|
|
|
|
}
|
|
|
|
}
|