raspisms/controllers/publics/Connect.php

168 lines
5.5 KiB
PHP
Raw Normal View History

2019-10-29 14:57:13 +01:00
<?php
/*
2019-11-10 17:48:54 +01:00
* This file is part of RaspiSMS.
*
2019-11-10 17:48:54 +01:00
* (c) Pierre-Lin Bonnemaison <plebwebsas@gmail.com>
*
2019-11-10 17:48:54 +01:00
* This source file is subject to the GPL-3.0 license that is bundled
* with this source code in the file LICENSE.
*/
namespace controllers\publics;
2019-10-29 14:57:13 +01:00
/**
* Page de connexion.
2019-10-29 18:36:25 +01:00
*/
class Connect extends \descartes\Controller
{
private $internal_user;
2019-11-11 04:05:26 +01:00
private $internal_setting;
2019-10-29 18:36:25 +01:00
/**
* Cette fonction est appelée avant toute les autres :.
*
2019-10-29 18:36:25 +01:00
* @return void;
*/
public function __construct()
2019-10-29 14:57:13 +01:00
{
$bdd = \descartes\Model::_connect(DATABASE_HOST, DATABASE_NAME, DATABASE_USER, DATABASE_PASSWORD);
$this->internal_user = new \controllers\internals\User($bdd);
2019-11-11 04:05:26 +01:00
$this->internal_setting = new \controllers\internals\Setting($bdd);
2019-10-29 14:57:13 +01:00
}
2019-10-29 18:36:25 +01:00
/**
* Cette fonction retourne la fenetre de connexion.
2019-10-29 18:36:25 +01:00
*/
public function login()
{
2019-11-11 00:22:40 +01:00
if (\controllers\internals\Tool::is_connected())
{
return $this->redirect(\descartes\Router::url('Dashboard', 'show'));
}
return $this->render('connect/login');
2019-10-29 18:36:25 +01:00
}
2019-10-29 14:57:13 +01:00
/**
* Cette fonction connecte un utilisateur, et le redirige sur la page d'accueil.
*
* @param string $_POST['mail'] : L'email de l'utilisateur
2019-10-29 18:36:25 +01:00
* @param string $_POST['password'] : Le mot de passe de l'utilisateur
*/
public function connection()
{
$email = $_POST['mail'] ?? false;
2019-10-29 14:57:13 +01:00
$password = $_POST['password'] ?? false;
$user = $this->internal_user->check_credentials($email, $password);
if (!$user)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Email ou mot de passe invalide.');
return $this->redirect(\descartes\Router::url('Connect', 'login'));
2019-10-29 18:36:25 +01:00
}
2019-10-29 14:57:13 +01:00
2020-06-23 21:06:13 +02:00
if (\models\User::STATUS_ACTIVE !== $user['status'])
2020-03-30 01:52:53 +02:00
{
\FlashMessage\FlashMessage::push('danger', 'Votre compte est actuellement suspendu.');
return $this->redirect(\descartes\Router::url('Connect', 'login'));
}
2019-11-11 04:05:26 +01:00
$settings = $this->internal_setting->gets_for_user($user['id']);
$user['settings'] = $settings;
2019-10-29 14:57:13 +01:00
$_SESSION['connect'] = true;
$_SESSION['user'] = $user;
return $this->redirect(\descartes\Router::url('Dashboard', 'show'));
2019-10-29 18:36:25 +01:00
}
2019-10-29 14:57:13 +01:00
2019-10-29 18:36:25 +01:00
/**
* Cette fonction retourne la fenetre de changement de password.
*
2019-10-29 18:36:25 +01:00
* @return void;
*/
public function forget_password()
{
$this->render('connect/forget-password');
2019-10-29 14:57:13 +01:00
}
/**
* Cette fonction envoi un email contenant un lien pour re-générer un password oublié.
*
* @param string $csrf : jeton csrf
2019-10-29 14:57:13 +01:00
* @param string $_POST['email'] : L'email pour lequel on veut envoyer un nouveau password
*/
2019-10-29 18:36:25 +01:00
public function send_reset_password($csrf)
2019-10-29 14:57:13 +01:00
{
if (!$this->verify_csrf($csrf))
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Jeton CSRF invalid !');
2019-11-04 18:23:11 +01:00
return $this->redirect(\descartes\Router::url('Connect', 'forget_password'));
2019-10-29 14:57:13 +01:00
}
$email = $_POST['email'] ?? false;
$user = $this->internal_user->get_by_email($email);
if (!$email || !$user)
{
2019-11-09 03:35:12 +01:00
\FlashMessage\FlashMessage::push('danger', 'Aucun utilisateur n\'existe pour cette adresse mail.');
2019-11-04 18:23:11 +01:00
return $this->redirect(\descartes\Router::url('Connect', 'forget_password'));
2019-10-29 14:57:13 +01:00
}
$Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
2020-04-02 19:10:54 +02:00
$token = $Tokenista->generate(3600, ['id_user' => $user['id']]);
2019-10-29 14:57:13 +01:00
2020-04-02 19:10:54 +02:00
$reset_link = \descartes\Router::url('Connect', 'reset_password', ['id_user' => $user['id'], 'token' => $token]);
2020-06-23 21:06:13 +02:00
2020-04-16 07:50:30 +02:00
$mailer = new \controllers\internals\Mailer();
$email_send = $mailer->enqueue($email, EMAIL_RESET_PASSWORD, ['reset_link' => $reset_link]);
2019-10-29 14:57:13 +01:00
return $this->render('connect/send-reset-password');
}
/**
* Cette fonction permet à un utilisateur de re-définir son mot de passe.
*
2020-04-02 19:10:54 +02:00
* @param int $id_user : L'id du user dont on veut modifier le password
* @param string $token : Le token permetttant de vérifier que l'opération est légitime
2019-10-29 14:57:13 +01:00
* @param optionnal $_POST['password'] : Le nouveau password à utiliser
*/
2020-04-02 19:10:54 +02:00
public function reset_password($id_user, $token)
2019-10-29 14:57:13 +01:00
{
$password = $_POST['password'] ?? false;
$Tokenista = new \Ingenerator\Tokenista(APP_SECRET);
2020-04-02 19:10:54 +02:00
if (!$Tokenista->isValid($token, ['id_user' => $id_user]))
{
2019-10-29 14:57:13 +01:00
return $this->render('connect/reset-password-invalid');
}
if (!$password)
{
2019-10-29 14:57:13 +01:00
return $this->render('connect/reset-password');
}
2020-04-02 19:10:54 +02:00
$this->internal_user->update_password($id_user, $password);
2019-10-29 14:57:13 +01:00
return $this->render('connect/reset-password-done');
}
2019-10-29 18:36:25 +01:00
/**
* Cette fonction déconnecte un utilisateur et le renvoie sur la page d'accueil.
2019-10-29 18:36:25 +01:00
*/
public function logout()
{
session_destroy();
2020-02-06 03:10:56 +01:00
$_SESSION = [];
2019-11-04 18:23:11 +01:00
return $this->redirect(\descartes\Router::url('Connect', 'login'));
2019-10-29 18:36:25 +01:00
}
}