param null login
This commit is contained in:
parent
b0fec2951a
commit
1cf62d4140
@ -13,7 +13,8 @@
|
||||
* @link http://zwiicms.fr/
|
||||
*/
|
||||
|
||||
class user extends common {
|
||||
class user extends common
|
||||
{
|
||||
|
||||
public static $actions = [
|
||||
'add' => self::GROUP_ADMIN,
|
||||
@ -50,18 +51,19 @@ class user extends common {
|
||||
/**
|
||||
* Ajout
|
||||
*/
|
||||
public function add() {
|
||||
public function add()
|
||||
{
|
||||
// Soumission du formulaire
|
||||
if($this->isPost()) {
|
||||
$check=true;
|
||||
if ($this->isPost()) {
|
||||
$check = true;
|
||||
// L'identifiant d'utilisateur est indisponible
|
||||
$userId = $this->getInput('userAddId', helper::FILTER_ID, true);
|
||||
if($this->getData(['user', $userId])) {
|
||||
if ($this->getData(['user', $userId])) {
|
||||
self::$inputNotices['userAddId'] = 'Identifiant déjà utilisé';
|
||||
$check=false;
|
||||
$check = false;
|
||||
}
|
||||
// Double vérification pour le mot de passe
|
||||
if($this->getInput('userAddPassword', helper::FILTER_STRING_SHORT, true) !== $this->getInput('userAddConfirmPassword', helper::FILTER_STRING_SHORT, true)) {
|
||||
if ($this->getInput('userAddPassword', helper::FILTER_STRING_SHORT, true) !== $this->getInput('userAddConfirmPassword', helper::FILTER_STRING_SHORT, true)) {
|
||||
self::$inputNotices['userAddConfirmPassword'] = 'Incorrect';
|
||||
$check = false;
|
||||
}
|
||||
@ -94,7 +96,7 @@ class user extends common {
|
||||
|
||||
// Envoie le mail
|
||||
$sent = true;
|
||||
if($this->getInput('userAddSendMail', helper::FILTER_BOOLEAN) && $check === true) {
|
||||
if ($this->getInput('userAddSendMail', helper::FILTER_BOOLEAN) && $check === true) {
|
||||
$sent = $this->sendMail(
|
||||
$userMail,
|
||||
'Compte créé sur ' . $this->getData(['locale', 'title']),
|
||||
@ -122,13 +124,14 @@ class user extends common {
|
||||
/**
|
||||
* Suppression
|
||||
*/
|
||||
public function delete() {
|
||||
public function delete()
|
||||
{
|
||||
// Accès refusé
|
||||
if(
|
||||
if (
|
||||
// L'utilisateur n'existe pas
|
||||
$this->getData(['user', $this->getUrl(2)]) === null
|
||||
// Groupe insuffisant
|
||||
AND ($this->getUrl('group') < self::GROUP_MODERATOR)
|
||||
and ($this->getUrl('group') < self::GROUP_MODERATOR)
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
@ -144,7 +147,7 @@ class user extends common {
|
||||
]);
|
||||
}
|
||||
// Bloque la suppression de son propre compte
|
||||
elseif($this->getUser('id') === $this->getUrl(2)) {
|
||||
elseif ($this->getUser('id') === $this->getUrl(2)) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'user',
|
||||
@ -166,9 +169,12 @@ class user extends common {
|
||||
/**
|
||||
* Édition
|
||||
*/
|
||||
public function edit() {
|
||||
if ($this->getUrl(3) !== $_SESSION['csrf'] &&
|
||||
$this->getUrl(4) !== $_SESSION['csrf']) {
|
||||
public function edit()
|
||||
{
|
||||
if (
|
||||
$this->getUrl(3) !== $_SESSION['csrf'] &&
|
||||
$this->getUrl(4) !== $_SESSION['csrf']
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'redirect' => helper::baseUrl() . 'user',
|
||||
@ -176,18 +182,17 @@ class user extends common {
|
||||
]);
|
||||
}
|
||||
// Accès refusé
|
||||
if(
|
||||
if (
|
||||
// L'utilisateur n'existe pas
|
||||
$this->getData(['user', $this->getUrl(2)]) === null
|
||||
// Droit d'édition
|
||||
AND (
|
||||
and (
|
||||
// Impossible de s'auto-éditer
|
||||
(
|
||||
$this->getUser('id') === $this->getUrl(2)
|
||||
AND $this->getUrl('group') <= self::GROUP_VISITOR
|
||||
($this->getUser('id') === $this->getUrl(2)
|
||||
and $this->getUrl('group') <= self::GROUP_VISITOR
|
||||
)
|
||||
// Impossible d'éditer un autre utilisateur
|
||||
OR ($this->getUrl('group') < self::GROUP_MODERATOR)
|
||||
or ($this->getUrl('group') < self::GROUP_MODERATOR)
|
||||
)
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
@ -198,45 +203,41 @@ class user extends common {
|
||||
// Accès autorisé
|
||||
else {
|
||||
// Soumission du formulaire
|
||||
if($this->isPost()) {
|
||||
if ($this->isPost()) {
|
||||
// Double vérification pour le mot de passe
|
||||
$newPassword = $this->getData(['user', $this->getUrl(2), 'password']);
|
||||
if($this->getInput('userEditNewPassword')) {
|
||||
if ($this->getInput('userEditNewPassword')) {
|
||||
// L'ancien mot de passe est correct
|
||||
if(password_verify($this->getInput('userEditOldPassword'), $this->getData(['user', $this->getUrl(2), 'password']))) {
|
||||
if (password_verify($this->getInput('userEditOldPassword'), $this->getData(['user', $this->getUrl(2), 'password']))) {
|
||||
// La confirmation correspond au mot de passe
|
||||
if($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) {
|
||||
if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) {
|
||||
$newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD, true);
|
||||
// Déconnexion de l'utilisateur si il change le mot de passe de son propre compte
|
||||
if($this->getUser('id') === $this->getUrl(2)) {
|
||||
if ($this->getUser('id') === $this->getUrl(2)) {
|
||||
helper::deleteCookie('ZWII_USER_ID');
|
||||
helper::deleteCookie('ZWII_USER_PASSWORD');
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
self::$inputNotices['userEditConfirmPassword'] = 'Incorrect';
|
||||
}
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
self::$inputNotices['userEditOldPassword'] = 'Incorrect';
|
||||
}
|
||||
}
|
||||
// Modification du groupe
|
||||
if(
|
||||
if (
|
||||
$this->getUser('group') === self::GROUP_ADMIN
|
||||
AND $this->getUrl(2) !== $this->getUser('id')
|
||||
and $this->getUrl(2) !== $this->getUser('id')
|
||||
) {
|
||||
$newGroup = $this->getInput('userEditGroup', helper::FILTER_INT, true);
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$newGroup = $this->getData(['user', $this->getUrl(2), 'group']);
|
||||
}
|
||||
// Modification de nom Prénom
|
||||
if($this->getUser('group') === self::GROUP_ADMIN){
|
||||
if ($this->getUser('group') === self::GROUP_ADMIN) {
|
||||
$newfirstname = $this->getInput('userEditFirstname', helper::FILTER_STRING_SHORT, true);
|
||||
$newlastname = $this->getInput('userEditLastname', helper::FILTER_STRING_SHORT, true);
|
||||
}
|
||||
else{
|
||||
} else {
|
||||
$newfirstname = $this->getData(['user', $this->getUrl(2), 'firstname']);
|
||||
$newlastname = $this->getData(['user', $this->getUrl(2), 'lastname']);
|
||||
}
|
||||
@ -253,20 +254,20 @@ class user extends common {
|
||||
'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true),
|
||||
'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true),
|
||||
'password' => $newPassword,
|
||||
'connectFail' => $this->getData(['user',$this->getUrl(2),'connectFail']),
|
||||
'connectTimeout' => $this->getData(['user',$this->getUrl(2),'connectTimeout']),
|
||||
'accessUrl' => $this->getData(['user',$this->getUrl(2),'accessUrl']),
|
||||
'accessTimer' => $this->getData(['user',$this->getUrl(2),'accessTimer']),
|
||||
'accessCsrf' => $this->getData(['user',$this->getUrl(2),'accessCsrf']),
|
||||
'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']),
|
||||
'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']),
|
||||
'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']),
|
||||
'accessTimer' => $this->getData(['user', $this->getUrl(2), 'accessTimer']),
|
||||
'accessCsrf' => $this->getData(['user', $this->getUrl(2), 'accessCsrf']),
|
||||
'files' => $this->getInput('userEditFiles', helper::FILTER_BOOLEAN)
|
||||
]
|
||||
]);
|
||||
// Redirection spécifique si l'utilisateur change son mot de passe
|
||||
if($this->getUser('id') === $this->getUrl(2) AND $this->getInput('userEditNewPassword')) {
|
||||
if ($this->getUser('id') === $this->getUrl(2) and $this->getInput('userEditNewPassword')) {
|
||||
$redirect = helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl());
|
||||
}
|
||||
// Redirection si retour en arrière possible
|
||||
elseif($this->getUser('group') === 3) {
|
||||
elseif ($this->getUser('group') === 3) {
|
||||
$redirect = helper::baseUrl() . 'user';
|
||||
}
|
||||
// Redirection normale
|
||||
@ -291,11 +292,12 @@ class user extends common {
|
||||
/**
|
||||
* Mot de passe perdu
|
||||
*/
|
||||
public function forgot() {
|
||||
public function forgot()
|
||||
{
|
||||
// Soumission du formulaire
|
||||
if($this->isPost()) {
|
||||
if ($this->isPost()) {
|
||||
$userId = $this->getInput('userForgotId', helper::FILTER_ID, true);
|
||||
if($this->getData(['user', $userId])) {
|
||||
if ($this->getData(['user', $userId])) {
|
||||
// Enregistre la date de la demande dans le compte utilisateur
|
||||
$this->setData(['user', $userId, 'forgot', time()]);
|
||||
// Crée un id unique pour la réinitialisation
|
||||
@ -335,22 +337,23 @@ class user extends common {
|
||||
/**
|
||||
* Liste des utilisateurs
|
||||
*/
|
||||
public function index() {
|
||||
public function index()
|
||||
{
|
||||
$userIdsFirstnames = helper::arrayColumn($this->getData(['user']), 'firstname');
|
||||
ksort($userIdsFirstnames);
|
||||
foreach($userIdsFirstnames as $userId => $userFirstname) {
|
||||
foreach ($userIdsFirstnames as $userId => $userFirstname) {
|
||||
if ($this->getData(['user', $userId, 'group'])) {
|
||||
self::$users[] = [
|
||||
$userId,
|
||||
$userFirstname . ' ' . $this->getData(['user', $userId, 'lastname']),
|
||||
self::$groups[$this->getData(['user', $userId, 'group'])],
|
||||
template::button('userEdit' . $userId, [
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $userId . '/back/'. $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/edit/' . $userId . '/back/' . $_SESSION['csrf'],
|
||||
'value' => template::ico('pencil')
|
||||
]),
|
||||
template::button('userDelete' . $userId, [
|
||||
'class' => 'userDelete buttonRed',
|
||||
'href' => helper::baseUrl() . 'user/delete/' . $userId. '/' . $_SESSION['csrf'],
|
||||
'href' => helper::baseUrl() . 'user/delete/' . $userId . '/' . $_SESSION['csrf'],
|
||||
'value' => template::ico('cancel')
|
||||
])
|
||||
];
|
||||
@ -366,17 +369,18 @@ class user extends common {
|
||||
/**
|
||||
* Connexion
|
||||
*/
|
||||
public function login() {
|
||||
public function login()
|
||||
{
|
||||
// Soumission du formulaire
|
||||
$logStatus = '';
|
||||
if($this->isPost()) {
|
||||
if ($this->isPost()) {
|
||||
// Lire Id du compte
|
||||
$userId = $this->getInput('userLoginId', helper::FILTER_ID, true);
|
||||
// Check le captcha
|
||||
if(
|
||||
$this->getData(['config','connect','captcha'])
|
||||
AND password_verify($this->getInput('userLoginCaptcha', helper::FILTER_INT), $this->getInput('userLoginCaptchaResult') ) === false )
|
||||
{
|
||||
if (
|
||||
$this->getData(['config', 'connect', 'captcha'])
|
||||
and password_verify($this->getInput('userLoginCaptcha', helper::FILTER_INT), $this->getInput('userLoginCaptchaResult')) === false
|
||||
) {
|
||||
$captcha = false;
|
||||
} else {
|
||||
$captcha = true;
|
||||
@ -384,22 +388,24 @@ class user extends common {
|
||||
/**
|
||||
* Aucun compte existant
|
||||
*/
|
||||
if ( !$this->getData(['user', $userId])) {
|
||||
if (!$this->getData(['user', $userId])) {
|
||||
$logStatus = 'Compte inconnu';
|
||||
//Stockage de l'IP
|
||||
$this->setData([
|
||||
'blacklist',
|
||||
$userId,
|
||||
[
|
||||
'connectFail' => $this->getData(['blacklist',$userId,'connectFail']) + 1,
|
||||
'connectFail' => $this->getData(['blacklist', $userId, 'connectFail']) + 1,
|
||||
'lastFail' => time(),
|
||||
'ip' => helper::getIp()
|
||||
]
|
||||
]);
|
||||
// Verrouillage des IP
|
||||
$ipBlackList = helper::arrayColumn($this->getData(['blacklist']), 'ip');
|
||||
if ( $this->getData(['blacklist',$userId,'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
|
||||
AND in_array($this->getData(['blacklist',$userId,'ip']),$ipBlackList) ) {
|
||||
if (
|
||||
$this->getData(['blacklist', $userId, 'connectFail']) >= $this->getData(['config', 'connect', 'attempt'])
|
||||
and in_array($this->getData(['blacklist', $userId, 'ip']), $ipBlackList)
|
||||
) {
|
||||
$logStatus = 'Compte inconnu verrouillé';
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
@ -418,35 +424,37 @@ class user extends common {
|
||||
*/
|
||||
} else {
|
||||
// Cas 4 : le délai de blocage est dépassé et le compte est au max - Réinitialiser
|
||||
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
|
||||
AND $this->getData(['user',$userId,'connectFail']) === $this->getData(['config', 'connect', 'attempt']) ) {
|
||||
$this->setData(['user',$userId,'connectFail',0 ]);
|
||||
$this->setData(['user',$userId,'connectTimeout',0 ]);
|
||||
if (
|
||||
$this->getData(['user', $userId, 'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) < time()
|
||||
and $this->getData(['user', $userId, 'connectFail']) === $this->getData(['config', 'connect', 'attempt'])
|
||||
) {
|
||||
$this->setData(['user', $userId, 'connectFail', 0]);
|
||||
$this->setData(['user', $userId, 'connectTimeout', 0]);
|
||||
}
|
||||
// Check la présence des variables et contrôle du blocage du compte si valeurs dépassées
|
||||
// Vérification du mot de passe et du groupe
|
||||
if (
|
||||
( $this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) ) < time()
|
||||
AND $this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
|
||||
AND password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
|
||||
AND $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
|
||||
AND $captcha === true
|
||||
($this->getData(['user', $userId, 'connectTimeout']) + $this->getData(['config', 'connect', 'timeout'])) < time()
|
||||
and $this->getData(['user', $userId, 'connectFail']) < $this->getData(['config', 'connect', 'attempt'])
|
||||
and password_verify($this->getInput('userLoginPassword', helper::FILTER_STRING_SHORT, true), $this->getData(['user', $userId, 'password']))
|
||||
and $this->getData(['user', $userId, 'group']) >= self::GROUP_MEMBER
|
||||
and $captcha === true
|
||||
) {
|
||||
// RAZ
|
||||
$this->setData(['user',$userId,'connectFail',0 ]);
|
||||
$this->setData(['user',$userId,'connectTimeout',0 ]);
|
||||
$this->setData(['user', $userId, 'connectFail', 0]);
|
||||
$this->setData(['user', $userId, 'connectTimeout', 0]);
|
||||
// Expiration
|
||||
$expire = $this->getInput('userLoginLongTime') ? strtotime("+1 year") : 0;
|
||||
$c = $this->getInput('userLoginLongTime', helper::FILTER_BOOLEAN) === true ? 'true' : 'false';
|
||||
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false) , '', helper::isHttps(), true);
|
||||
setcookie('ZWII_USER_ID', $userId, $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
|
||||
setcookie('ZWII_USER_PASSWORD', $this->getData(['user', $userId, 'password']), $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
|
||||
setcookie('ZWII_USER_LONGTIME', $c, $expire, helper::baseUrl(false, false), '', helper::isHttps(), true);
|
||||
// Accès multiples avec le même compte
|
||||
$this->setData(['user',$userId,'accessCsrf',$_SESSION['csrf']]);
|
||||
$this->setData(['user', $userId, 'accessCsrf', $_SESSION['csrf']]);
|
||||
// Valeurs en sortie lorsque le site est en maintenance et que l'utilisateur n'est pas administrateur
|
||||
if(
|
||||
if (
|
||||
$this->getData(['config', 'maintenance'])
|
||||
AND $this->getData(['user', $userId, 'group']) < self::GROUP_ADMIN
|
||||
and $this->getData(['user', $userId, 'group']) < self::GROUP_ADMIN
|
||||
) {
|
||||
$this->addOutput([
|
||||
'notification' => 'Seul un administrateur peut se connecter lors d\'une maintenance',
|
||||
@ -457,7 +465,7 @@ class user extends common {
|
||||
$logStatus = 'Connexion réussie';
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'notification' => 'Bienvenue ' . $this->getData(['user',$userId,'firstname']) . ' ' . $this->getData(['user',$userId,'lastname']) ,
|
||||
'notification' => 'Bienvenue ' . $this->getData(['user', $userId, 'firstname']) . ' ' . $this->getData(['user', $userId, 'lastname']),
|
||||
'redirect' => helper::baseUrl() . str_replace('_', '/', str_replace('__', '#', $this->getUrl(2))),
|
||||
'state' => true
|
||||
]);
|
||||
@ -467,15 +475,15 @@ class user extends common {
|
||||
$notification = 'Captcha, identifiant ou mot de passe incorrects';
|
||||
$logStatus = $captcha === true ? 'Erreur de mot de passe' : 'Erreur de captcha';
|
||||
// Cas 1 le nombre de connexions est inférieur aux tentatives autorisées : incrément compteur d'échec
|
||||
if ($this->getData(['user',$userId,'connectFail']) < $this->getData(['config', 'connect', 'attempt'])) {
|
||||
$this->setData(['user',$userId,'connectFail',$this->getdata(['user',$userId,'connectFail']) + 1 ]);
|
||||
if ($this->getData(['user', $userId, 'connectFail']) < $this->getData(['config', 'connect', 'attempt'])) {
|
||||
$this->setData(['user', $userId, 'connectFail', $this->getdata(['user', $userId, 'connectFail']) + 1]);
|
||||
}
|
||||
// Cas 2 la limite du nombre de connexion est atteinte : placer le timer
|
||||
if ( $this->getdata(['user',$userId,'connectFail']) == $this->getData(['config', 'connect', 'attempt']) ) {
|
||||
$this->setData(['user',$userId,'connectTimeout', time()]);
|
||||
if ($this->getdata(['user', $userId, 'connectFail']) == $this->getData(['config', 'connect', 'attempt'])) {
|
||||
$this->setData(['user', $userId, 'connectTimeout', time()]);
|
||||
}
|
||||
// Cas 3 le délai de bloquage court
|
||||
if ($this->getData(['user',$userId,'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) > time() ) {
|
||||
if ($this->getData(['user', $userId, 'connectTimeout']) + $this->getData(['config', 'connect', 'timeout']) > time()) {
|
||||
$notification = 'Accès bloqué ' . ($this->getData(['config', 'connect', 'timeout']) / 60) . ' minutes.';
|
||||
}
|
||||
|
||||
@ -486,18 +494,20 @@ class user extends common {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Journalisation
|
||||
$dataLog = mb_detect_encoding(\PHP81_BC\strftime('%d/%m/%y',time()), 'UTF-8', true)
|
||||
? \PHP81_BC\strftime('%d/%m/%y',time()) . ';' . \PHP81_BC\strftime('%R',time()) . ';'
|
||||
: utf8_encode(\PHP81_BC\strftime('%d/%m/%y',time())) . ';' . utf8_encode(\PHP81_BC\strftime('%R',time())) . ';' ;
|
||||
$dataLog .= helper::getIp($this->getData(['config','connect','anonymousIp'])) . ';';
|
||||
$dataLog .= is_null($this->getInput('userLoginId')) ? ';' : $this->getInput('userLoginId', helper::FILTER_ID) . ';' ;
|
||||
$dataLog .= $this->getUrl() .';' ;
|
||||
$dataLog .= $logStatus ;
|
||||
$dataLog = mb_detect_encoding(\PHP81_BC\strftime('%d/%m/%y', time()), 'UTF-8', true)
|
||||
? \PHP81_BC\strftime('%d/%m/%y', time()) . ';' . \PHP81_BC\strftime('%R', time()) . ';'
|
||||
: utf8_encode(\PHP81_BC\strftime('%d/%m/%y', time())) . ';' . utf8_encode(\PHP81_BC\strftime('%R', time())) . ';';
|
||||
$dataLog .= helper::getIp($this->getData(['config', 'connect', 'anonymousIp'])) . ';';
|
||||
$dataLog .= empty($this->getInput('userLoginId')) ? ';' : $this->getInput('userLoginId', helper::FILTER_ID) . ';';
|
||||
$dataLog .= $this->getUrl() . ';';
|
||||
$dataLog .= $logStatus;
|
||||
$dataLog .= PHP_EOL;
|
||||
if ($this->getData(['config','connect','log'])) {
|
||||
if ($this->getData(['config', 'connect', 'log'])) {
|
||||
file_put_contents(self::DATA_DIR . 'journal.log', $dataLog, FILE_APPEND);
|
||||
}
|
||||
|
||||
// Stockage des cookies
|
||||
if (!empty($_COOKIE['ZWII_USER_ID'])) {
|
||||
self::$userId = $_COOKIE['ZWII_USER_ID'];
|
||||
@ -516,10 +526,13 @@ class user extends common {
|
||||
/**
|
||||
* Déconnexion
|
||||
*/
|
||||
public function logout() {
|
||||
public function logout()
|
||||
{
|
||||
// Ne pas effacer l'identifiant mais seulement le mot de passe
|
||||
if (array_key_exists('ZWII_USER_LONGTIME',$_COOKIE)
|
||||
AND $_COOKIE['ZWII_USER_LONGTIME'] !== 'true' ) {
|
||||
if (
|
||||
array_key_exists('ZWII_USER_LONGTIME', $_COOKIE)
|
||||
and $_COOKIE['ZWII_USER_LONGTIME'] !== 'true'
|
||||
) {
|
||||
helper::deleteCookie('ZWII_USER_ID');
|
||||
helper::deleteCookie('ZWII_USER_LONGTIME');
|
||||
}
|
||||
@ -536,15 +549,16 @@ class user extends common {
|
||||
/**
|
||||
* Réinitialisation du mot de passe
|
||||
*/
|
||||
public function reset() {
|
||||
public function reset()
|
||||
{
|
||||
// Accès refusé
|
||||
if(
|
||||
if (
|
||||
// L'utilisateur n'existe pas
|
||||
$this->getData(['user', $this->getUrl(2)]) === null
|
||||
// Lien de réinitialisation trop vieux
|
||||
OR $this->getData(['user', $this->getUrl(2), 'forgot']) + 86400 < time()
|
||||
or $this->getData(['user', $this->getUrl(2), 'forgot']) + 86400 < time()
|
||||
// Id unique incorrecte
|
||||
OR $this->getUrl(3) !== md5(json_encode($this->getData(['user', $this->getUrl(2)])))
|
||||
or $this->getUrl(3) !== md5(json_encode($this->getData(['user', $this->getUrl(2)])))
|
||||
) {
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
@ -554,15 +568,14 @@ class user extends common {
|
||||
// Accès autorisé
|
||||
else {
|
||||
// Soumission du formulaire
|
||||
if($this->isPost()) {
|
||||
if ($this->isPost()) {
|
||||
// Double vérification pour le mot de passe
|
||||
if($this->getInput('userResetNewPassword')) {
|
||||
if ($this->getInput('userResetNewPassword')) {
|
||||
// La confirmation ne correspond pas au mot de passe
|
||||
if($this->getInput('userResetNewPassword', helper::FILTER_STRING_SHORT, true) !== $this->getInput('userResetConfirmPassword', helper::FILTER_STRING_SHORT, true)) {
|
||||
if ($this->getInput('userResetNewPassword', helper::FILTER_STRING_SHORT, true) !== $this->getInput('userResetConfirmPassword', helper::FILTER_STRING_SHORT, true)) {
|
||||
$newPassword = $this->getData(['user', $this->getUrl(2), 'password']);
|
||||
self::$inputNotices['userResetConfirmPassword'] = 'Incorrect';
|
||||
}
|
||||
else {
|
||||
} else {
|
||||
$newPassword = $this->getInput('userResetNewPassword', helper::FILTER_PASSWORD, true);
|
||||
}
|
||||
// Modifie le mot de passe
|
||||
@ -570,8 +583,8 @@ class user extends common {
|
||||
// Réinitialise la date de la demande
|
||||
$this->setData(['user', $this->getUrl(2), 'forgot', 0]);
|
||||
// Réinitialise le blocage
|
||||
$this->setData(['user', $this->getUrl(2),'connectFail',0 ]);
|
||||
$this->setData(['user', $this->getUrl(2),'connectTimeout',0 ]);
|
||||
$this->setData(['user', $this->getUrl(2), 'connectFail', 0]);
|
||||
$this->setData(['user', $this->getUrl(2), 'connectTimeout', 0]);
|
||||
// Valeurs en sortie
|
||||
$this->addOutput([
|
||||
'notification' => 'Nouveau mot de passe enregistré',
|
||||
@ -593,66 +606,69 @@ class user extends common {
|
||||
/**
|
||||
* Importation CSV d'utilisateurs
|
||||
*/
|
||||
public function import() {
|
||||
public function import()
|
||||
{
|
||||
// Soumission du formulaire
|
||||
$notification = '';
|
||||
$success = true;
|
||||
if($this->isPost()) {
|
||||
if ($this->isPost()) {
|
||||
// Lecture du CSV et construction du tableau
|
||||
$file = $this->getInput('userImportCSVFile',helper::FILTER_STRING_SHORT, true);
|
||||
$file = $this->getInput('userImportCSVFile', helper::FILTER_STRING_SHORT, true);
|
||||
$filePath = self::FILE_DIR . 'source/' . $file;
|
||||
if ($file AND file_exists($filePath)) {
|
||||
if ($file and file_exists($filePath)) {
|
||||
// Analyse et extraction du CSV
|
||||
$rows = array_map(function($row) { return str_getcsv($row, $this->getInput('userImportSeparator') ); }, file($filePath));
|
||||
$rows = array_map(function ($row) {
|
||||
return str_getcsv($row, $this->getInput('userImportSeparator'));
|
||||
}, file($filePath));
|
||||
$header = array_shift($rows);
|
||||
$csv = array();
|
||||
foreach($rows as $row) {
|
||||
foreach ($rows as $row) {
|
||||
$csv[] = array_combine($header, $row);
|
||||
}
|
||||
// Traitement des données
|
||||
foreach($csv as $item ) {
|
||||
foreach ($csv as $item) {
|
||||
// Données valides
|
||||
if( array_key_exists('id', $item)
|
||||
AND array_key_exists('prenom',$item)
|
||||
AND array_key_exists('nom',$item)
|
||||
AND array_key_exists('groupe',$item)
|
||||
AND array_key_exists('email',$item)
|
||||
AND $item['nom']
|
||||
AND $item['prenom']
|
||||
AND $item['id']
|
||||
AND $item['email']
|
||||
AND $item['groupe']
|
||||
if (
|
||||
array_key_exists('id', $item)
|
||||
and array_key_exists('prenom', $item)
|
||||
and array_key_exists('nom', $item)
|
||||
and array_key_exists('groupe', $item)
|
||||
and array_key_exists('email', $item)
|
||||
and $item['nom']
|
||||
and $item['prenom']
|
||||
and $item['id']
|
||||
and $item['email']
|
||||
and $item['groupe']
|
||||
) {
|
||||
// Validation du groupe
|
||||
$item['groupe'] = (int) $item['groupe'];
|
||||
$item['groupe'] = ( $item['groupe'] >= self::GROUP_BANNED AND $item['groupe'] <= self::GROUP_ADMIN )
|
||||
$item['groupe'] = ($item['groupe'] >= self::GROUP_BANNED and $item['groupe'] <= self::GROUP_ADMIN)
|
||||
? $item['groupe'] : 1;
|
||||
// L'utilisateur existe
|
||||
if ( $this->getData(['user',helper::filter($item['id'] , helper::FILTER_ID)]))
|
||||
{
|
||||
if ($this->getData(['user', helper::filter($item['id'], helper::FILTER_ID)])) {
|
||||
// Notification du doublon
|
||||
$item['notification'] = template::ico('cancel');
|
||||
// Création du tableau de confirmation
|
||||
self::$users[] = [
|
||||
helper::filter($item['id'] , helper::FILTER_ID),
|
||||
helper::filter($item['id'], helper::FILTER_ID),
|
||||
$item['nom'],
|
||||
$item['prenom'],
|
||||
self::$groups[$item['groupe']],
|
||||
$item['prenom'],
|
||||
helper::filter($item['email'] , helper::FILTER_MAIL),
|
||||
helper::filter($item['email'], helper::FILTER_MAIL),
|
||||
$item['notification']
|
||||
];
|
||||
// L'utilisateur n'existe pas
|
||||
} else {
|
||||
// Nettoyage de l'identifiant
|
||||
$userId = helper::filter($item['id'] , helper::FILTER_ID);
|
||||
$userId = helper::filter($item['id'], helper::FILTER_ID);
|
||||
// Enregistre le user
|
||||
$create = $this->setData([
|
||||
'user',
|
||||
$userId, [
|
||||
'firstname' => $item['prenom'],
|
||||
'forgot' => 0,
|
||||
'group' => $item['groupe'] ,
|
||||
'group' => $item['groupe'],
|
||||
'lastname' => $item['nom'],
|
||||
'mail' => $item['email'],
|
||||
'pseudo' => $item['prenom'],
|
||||
@ -663,12 +679,15 @@ class user extends common {
|
||||
"accessUrl" => null,
|
||||
"accessTimer" => null,
|
||||
"accessCsrf" => null
|
||||
]]);
|
||||
]
|
||||
]);
|
||||
// Icône de notification
|
||||
$item['notification'] = $create ? template::ico('check') : template::ico('cancel');
|
||||
// Envoi du mail
|
||||
if ($create
|
||||
AND $this->getInput('userImportNotification',helper::FILTER_BOOLEAN) === true) {
|
||||
if (
|
||||
$create
|
||||
and $this->getInput('userImportNotification', helper::FILTER_BOOLEAN) === true
|
||||
) {
|
||||
$sent = $this->sendMail(
|
||||
$item['email'],
|
||||
'Compte créé sur ' . $this->getData(['locale', 'title']),
|
||||
@ -679,7 +698,7 @@ class user extends common {
|
||||
);
|
||||
if ($sent === true) {
|
||||
// Mail envoyé changement de l'icône
|
||||
$item['notification'] = template::ico('mail') ;
|
||||
$item['notification'] = template::ico('mail');
|
||||
}
|
||||
}
|
||||
// Création du tableau de confirmation
|
||||
@ -696,10 +715,10 @@ class user extends common {
|
||||
}
|
||||
}
|
||||
if (empty(self::$users)) {
|
||||
$notification = 'Rien à importer, erreur de format ou fichier incorrect' ;
|
||||
$notification = 'Rien à importer, erreur de format ou fichier incorrect';
|
||||
$success = false;
|
||||
} else {
|
||||
$notification = 'Importation effectuée' ;
|
||||
$notification = 'Importation effectuée';
|
||||
$success = true;
|
||||
}
|
||||
} else {
|
||||
@ -715,5 +734,4 @@ class user extends common {
|
||||
'state' => $success
|
||||
]);
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user