Advertisement
Guest User

Untitled

a guest
Apr 4th, 2017
142
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.74 KB | None | 0 0
  1. <?php
  2.  
  3. /**
  4. * Class Users_rights
  5. */
  6. class Users_rights
  7. {
  8. /**
  9. * @param $app Invoke SlimApp
  10. */
  11. function __construct($app)
  12. {
  13. $this->app = $app;
  14. $this->now = __TIMESTAMP__;
  15. }
  16.  
  17. // GLOBAL FUNCTIONS
  18.  
  19. /**
  20. * @param $session_key The session_key to revoke
  21. * @return mixed Return a boolean ( true / false ) depending on the success / failure of the revoke
  22. */
  23. function revoke_sessionkey($session_key)
  24. {
  25. $this->app->Database->ft_escape($session_key);
  26. return $this->app->mysql->query("UPDATE users_auth_sessions SET session_revoke = '$this->now' WHERE session_key = '$session_key'");
  27. }
  28.  
  29. /**
  30. * @param $session_key The session_key to read
  31. * @return array|bool|null If session found ( and not revoked ) returns the user data associated , otherwise, return false
  32. */
  33. function read_sessionkey($session_key)
  34. {
  35. $session_key = $this->app->Database->ft_escape($session_key);
  36. $session_data_query = $this->app->mysql->query("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'");
  37. $session_data = mysqli_fetch_assoc($session_data_query);
  38. if ($session_data['session_revoke'] > __TIMESTAMP__)
  39. return $this->user_data('uid', $session_data['uid']);
  40. else
  41. return false;
  42. }
  43.  
  44. // SESSIONS FUNCTIONS
  45.  
  46. function list_users()
  47. {
  48. $array = Array();
  49. $users_query = $this->app->mysql->query("SELECT * FROM users");
  50. while($user = mysqli_fetch_array($users_query))
  51. $array[$user['uid']] = $user;
  52. return $array;
  53. }
  54.  
  55. /**
  56. * @param $column The column of users table to perform search
  57. * @param $var The content to perform search
  58. * @return array|bool|null if user found, then return user datas, otherwise, return false
  59. */
  60. function user_data($column, $var)
  61. {
  62. $column = $this->app->Database->ft_escape($column);
  63. $var = $this->app->Database->ft_escape($var);
  64. $user_data_query = $this->app->mysql->query("SELECT * FROM users WHERE $column = '$var'");
  65. if(!$user_data_query->num_rows)
  66. return false;
  67. return mysqli_fetch_assoc($user_data_query);
  68. }
  69.  
  70. function user_data_value($column, $var, $return)
  71. {
  72. return $this->user_data($column, $var)[$return];
  73. }
  74.  
  75. /**
  76. * @param $username Takes the username to login
  77. * @param $password Takes the plain ( not hashed ) password to login
  78. * @param int $fail2ban Duration of the ban ( if 3 false attempts )
  79. * @return bool Return to function ( auth_user_log ) to log the attempt / redirect user or false if user not found
  80. */
  81. function auth_user($email, $password, $active ,$fail2ban = 900)
  82. {
  83. $email = $this->app->Database->ft_escape($email);
  84. $password = $this->app->Database->ft_escape($password);
  85. $active = $this->app->Database->ft_escape($active);
  86.  
  87. $user_data = $this->user_data('email', $email);
  88. if ($user_data) {
  89. $password_hash = $user_data['password'];
  90. $uid = $user_data['uid'];
  91. $grace_period = __TIMESTAMP__ - $fail2ban;
  92.  
  93. if($user_data['actif'] == true OR $active != false) {
  94.  
  95. if ($this->is_user_in_grace_period($uid,$grace_period) < 3) {
  96. if (sha1($password) === $password_hash) {
  97. if($active != false) {
  98. if($active == $user_data['id_client']) {
  99.  
  100. $session_key = $this->create_session($uid, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
  101. $this->app->login_error = 'Bonjour, bienvenue sur votre compte SoundRadio!';
  102. $this->app->mysql->query("UPDATE users SET actif = 1 WHERE email = '$email'");
  103. $this->app->Email->Send("ACCOUNT_ACTIVATION", array($email, $user_data['id_client']), $email, array('conditions.pdf'));
  104. return $this->auth_user_log($uid, "SUCCESS", NULL, $session_key);
  105.  
  106.  
  107.  
  108. } else {
  109. $this->app->login_error = 'Le code client entrée n\'est pas valide nous ne pouvons activer votre compte. ';
  110. return $this->auth_user_log($uid, "USER_AUTH_NO_ACTIV_ACCOUNT", "User try to log-in with an incorrect password");
  111. }
  112.  
  113. } else {
  114. $session_key = $this->create_session($uid, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
  115. $this->app->login_error = 'Bonjour, bienvenue sur votre compte SoundRadio!';
  116. return $this->auth_user_log($uid, "SUCCESS", NULL, $session_key);
  117. }
  118.  
  119.  
  120. } else {
  121. $this->app->login_error = 'La combinaison que vous avez saisie est incorrecte! ';
  122. return $this->auth_user_log($uid, "USER_AUTH_PWD", "User try to log-in with an incorrect password");
  123. }
  124. } else {
  125. $this->app->login_error = 'Votre compte est banni pendant 15 minutes.';
  126. return $this->auth_user_log($uid, "USER_AUTH_GRACE", "User try to log-in during the grace period");
  127. }
  128.  
  129. } else {
  130. $this->app->login_error = 'Vous n\'avez pas encore activé votre compte.';
  131. $this->app->login__first_co = true;
  132. return $this->auth_user_log($uid, "USER_NO_ACTIV_ACCOUNT", "Account is not activ.");
  133. }
  134. } else {
  135. $this->app->login_error = 'La combinaison que vous avez saisie est incorrect ! ';
  136. return "mdr";
  137. }
  138. }
  139.  
  140.  
  141.  
  142. function is_user_in_grace_period($uid,$grace_period = 900)
  143. {
  144. $uid = $this->app->Database->ft_escape($uid);
  145. $ip = $_SERVER['REMOTE_ADDR'];
  146. $grace_period = $this->app->Database->ft_escape($grace_period);
  147. return $this->app->Database->ft_num_rows("SELECT * FROM users_auth_log WHERE (uid = '$uid' OR ip_addr = '$ip') AND (action = 'USER_AUTH_PWD' OR action = 'USER_AUTH_USERNOTEXIST') AND timestamp >= '$grace_period'");
  148. }
  149.  
  150. /**
  151. * @param $uid Takes the user UID
  152. * @param $action Get the error ( or success ) code of the request
  153. * @param $comment If necessary to put a comment
  154. * @param bool $session_key If session has been reated
  155. * @return bool Returns the session_key if created or false if login not successfull
  156. */
  157. function auth_user_log($uid, $action, $comment, $session_key = false)
  158. {
  159. $ip = $_SERVER['REMOTE_ADDR'];
  160. if ($this->app->mysql->query("INSERT INTO users_auth_log (log_id, uid, ip_addr, timestamp, action, comment) VALUES (NULL, '$uid', '$ip', '$this->now', '$action', '$comment');"))
  161. return $session_key;
  162. else
  163. return false;
  164. }
  165.  
  166. // USER AUTHENTIFICATION FUNCTIONS
  167.  
  168. /**
  169. * @param $uid The user UID
  170. * @param $ip The user REMOTE_ADDR
  171. * @param $browser The user HTTP HEADER ( to save the browser ... RTFM )
  172. * @param int $expire The session duration, default 24H
  173. * @return bool|string If session created, returns the session_key, otherwise return false
  174. */
  175. function create_session($uid, $ip, $browser, $expire = 86400)
  176. {
  177. $revoke = $this->now + $expire;
  178. $session_data = json_encode(Array('SESS_CREATION' => $this->now, 'SESS_REVOKE' => $revoke, 'SESS_BROWSER' => $browser, 'SESS_USERIP' => $ip));
  179. $session_key = sha1(uniqid());
  180. if ($this->app->mysql->query("INSERT INTO users_auth_sessions (sid, uid, session_key, session_data, session_revoke) VALUES (NULL, '$uid', '$session_key', '$session_data', '$revoke');"))
  181. return $session_key;
  182. else
  183. return false;
  184. }
  185.  
  186.  
  187.  
  188.  
  189. /**
  190. * @param $data_array Takes an array composed of elements to create user ( in order to upgrade the code )
  191. * @return string Returns true if created or ERR_REASON if user creation has fail
  192. */
  193. function create_user($data_array)
  194. {
  195. $email = ($this->check_existing_email($data_array['email']) == false) ? $this->app->Database->ft_escape($data_array['email']) : 0;
  196. $firstname = $this->app->Database->ft_escape($data_array['firstname']);
  197. $lastname = $this->app->Database->ft_escape($data_array['lastname']);
  198. $pass_decrypt = $this->app->Database->ft_escape($data_array['password']);
  199.  
  200. $password = ($this->app->Database->ft_escape($data_array['password']) == $this->app->Database->ft_escape($data_array['password_repeat'])) ? $this->app->Database->ft_escape($data_array['password']) : 0;
  201. $password = (strlen($password)>=6) ? $password : 0;
  202. $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $this->app->Database->ft_escape($email) : 0;
  203.  
  204.  
  205. if ($password && $firstname && $lastname && $email) {
  206.  
  207. $time = __TIMESTAMP__;
  208. $password_hash = $this->app->Database->ft_escape(sha1($password));
  209. $id_client = $this->app->Database->ft_escape(strtoupper($this->random(6)));
  210. $token = uniqid().uniqid();
  211.  
  212.  
  213. $this->app->mysql->query("INSERT INTO users (password, prenom, nom, email, id_client, token) VALUES ('$password_hash', '$firstname', '$lastname', '$email', '$id_client', '$token');");
  214.  
  215. $this->app->Email->Send("NEW_ACCOUNT", array($email, $token), $email, array(''));
  216. $this->app->flash('sendError', 'Votre inscription a bien été prise en compte. Vous allez recevoir un mail de confirmation pour vous connecter.');
  217. $this->app->flash('success', true);
  218. $this->app->redirectTo('login');
  219.  
  220. return true;
  221. } else {
  222. if (!$email && $data_array['email']) {
  223. $this->app->register_error = 'Adresse e-mail invalide ou déjà utilisée.';
  224. $this->app->flash('sendError', $this->app->register_error);
  225. $this->app->redirectTo('login');
  226. return "ERR_INVALID_EMAIL";
  227. } else if (!$data_array['firstname'] || !$data_array['lastname']) {
  228. $this->app->register_error = 'Vous devez remplir tous les champs!';
  229. $this->app->flash('sendError', $this->app->register_error);
  230. $this->app->redirectTo('login');
  231. return "ERR_MISSING_USERDATA";
  232. }else if (!$password) {
  233. $this->app->register_error = 'Mot de passe invalide ou trop court (6 caractères minimum).';
  234. $this->app->flash('sendError', $this->app->register_error);
  235. $this->app->redirectTo('login');
  236. return "ERR_MISSING_USERPASS";
  237. }else {
  238. $this->app->register_error = 'Vous devez remplir tous les champs!';
  239. $this->app->flash('sendError', $this->app->register_error);
  240. $this->app->redirectTo('login');
  241. return "ERR";
  242. }
  243. }
  244. }
  245.  
  246.  
  247. function user_forgot($email)
  248. {
  249. $email = $this->app->Database->ft_escape($email);
  250. $user_data = $this->user_data('email', $email);
  251. if ($user_data) {
  252.  
  253.  
  254.  
  255. $password = $this->random(8);
  256. $password_hash = sha1($password);
  257.  
  258. $this->app->Email->Send('ACCOUNT_LOST_PASSWORD', array($password), $email, '');
  259.  
  260. return $this->app->mysql->query("UPDATE users SET password = '$password_hash' WHERE email = '$email'");
  261. } else {
  262.  
  263. return false;
  264. }
  265. }
  266.  
  267. // USER CREATION FUNCTIONS
  268.  
  269. /**
  270. * @param $username The username to check
  271. * @return int 1 if user found , 0 if not
  272. */
  273.  
  274.  
  275. function check_existing_email($email)
  276. {
  277. $email = $this->app->Database->ft_escape($email);
  278. return ($this->app->Database->ft_num_rows("SELECT * FROM users WHERE email = '$email'")) ? 1 : 0;
  279. }
  280.  
  281.  
  282.  
  283.  
  284.  
  285. function data_session($session_key)
  286. {
  287. $session_key = $this->app->Database->ft_escape($session_key);
  288. if (!$this->app->Database->ft_num_rows("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'"))
  289. return false;
  290. else
  291. $user_data_query = $this->app->mysql->query("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'");
  292. return mysqli_fetch_assoc($user_data_query);
  293. }
  294.  
  295. function add_notification($array)
  296. {
  297. $uid = $this->app->Database->ft_escape($array['uid']);
  298. $text = $this->app->Database->ft_escape($array['text']);
  299. $url = $this->app->Database->ft_escape($array['url']);
  300. $time_expire = $this->app->Database->ft_escape($array['expire']);
  301. $class = $this->app->Database->ft_escape($array['class']);
  302. $now = time();
  303. $time_expire = (!$time_expire) ? strtotime("+1 week") : $time_expire;
  304. if($this->app->mysql->query("INSERT INTO notifications (nid, uid, text, timestamp, notification_expire, url, notification_class) VALUES (NULL, '$uid', '$text', '$now', '$time_expire', '$url', '$class');"));
  305. return true;
  306. return false;
  307. }
  308.  
  309. function notify_users($array,$users)
  310. {
  311. $text = $this->app->Database->ft_escape($array['text']);
  312. $url = $this->app->Database->ft_escape($array['url']);
  313. $time_expire = $this->app->Database->ft_escape($array['expire']);
  314. $class = $this->app->Database->ft_escape($array['class']);
  315.  
  316. foreach($users as $uid => $data)
  317. $this->add_notification(Array('expire' => $time_expire, 'text' => $text, 'class' => $class, 'url' => $url, 'uid' => $uid));
  318. }
  319.  
  320. function see_notifications()
  321. {
  322. $uid = $this->app->user['uid'];
  323. $timestamp = time();
  324. return $this->app->mysql->query("UPDATE notifications SET seen = '$timestamp' WHERE (seen = '' || seen = '0') AND uid = '$uid'");
  325. }
  326.  
  327. function get_notifications($uid) {
  328. $uid = $this->app->Database->ft_escape($uid);
  329. $notifs= Array();
  330. $unseen = 0;
  331. $now = time();
  332. $notif_query = $this->app->mysql->query("SELECT * FROM notifications WHERE uid = '$uid' AND notification_expire > '$now' ORDER BY nid DESC");
  333. while($notif = mysqli_fetch_assoc($notif_query)) {
  334. if(!$notif['seen'])
  335. $unseen++;
  336. $notifs[$notif['nid']] = $notif;
  337. }
  338. return array('notifications' => $notifs, 'unseen' => $unseen);
  339. }
  340.  
  341. function random($length){
  342. $characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789azertyuiopqsdfghjklmwxcvbn";
  343. $name = "";
  344.  
  345. for($i = 0; $i < $length; $i++){
  346. $name .= $characters[mt_rand(0,strlen($characters) - 1)];
  347.  
  348. }
  349. return $name;
  350.  
  351. }
  352.  
  353. function edit_personnal_informations($data, $id)
  354. {
  355. $email = $this->app->Database->ft_escape($data['email']);
  356. $email_ancien = $this->app->Database->ft_escape($data['email_ancien']);
  357. if($email_ancien != $email)
  358. $email = ($this->check_existing_email($email) == false) ? $email : 0;
  359.  
  360. $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $email : 0;
  361. $pays = $this->app->Database->ft_escape($data['pays']);
  362. $ville = $this->app->Database->ft_escape($data['ville']);
  363. $codepostale = $this->app->Database->ft_escape($data['codepostale']);
  364. $adresse = $this->app->Database->ft_escape($data['adresse']);
  365. $id = $this->app->Database->ft_escape($id);
  366. if ($email && $pays && $ville && $codepostale && $adresse && $email_ancien) {
  367. if($email_ancien != $email) {
  368. $this->app->register_error = 'Vous allez recevoir un e-mail à '. $email . ' avec un lien pour valider le changement d\'e-mail.';
  369. $token = uniqid().uniqid();
  370. $url = "<a href='https://soundradio.fr/mon-compte/mes-informations/ma-nouvelle-adresse-email/$token/$email'>https://soundradio.fr/mon-compte/mes-informations/ma-nouvelle-adresse-email/$token/$email</a>";
  371. $this->app->Email->Send('ACCOUNT_NEW_EMAIL', array($url), $email, '');
  372. $this->app->flash('sendError', $this->app->register_error);
  373. $this->app->flash('success', $this->app->register_error);
  374. $this->app->mysql->query("UPDATE users SET email_new = '$email', email_new_code = '$token', lieux_pays = '$pays', lieux_ville = '$ville', lieux_code = '$codepostale', lieux_rue = '$adresse' WHERE uid = '$id'");
  375. $this->app->redirectTo('mes-informations');
  376. return "NEW_EMAIL";
  377. } else {
  378. $this->app->register_error = 'Vous venez de changer vos informations.';
  379. $this->app->flash('sendError', $this->app->register_error);
  380. $this->app->flash('success', $this->app->register_error);
  381. $this->app->mysql->query("UPDATE users SET lieux_pays = '$pays', lieux_ville = '$ville', lieux_code = '$codepostale', lieux_rue = '$adresse' WHERE uid = '$id'");
  382. $this->app->redirectTo('mes-informations');
  383. }
  384.  
  385. } else {
  386. if (!$email) {
  387. $this->app->register_error = 'Adresse e-mail invaldie ou déjà utilisée.';
  388. $this->app->flash('sendError', $this->app->register_error);
  389. $this->app->redirectTo('mes-informations');
  390. return "ERR_INVALID_EMAIL";
  391. } else if (!$pays || !$ville || !$codepostale || !$adresse) {
  392. $this->app->register_error = 'Vous devez remplir tous les champs.';
  393. $this->app->flash('sendError', $this->app->register_error);
  394. $this->app->redirectTo('mes-informations');
  395. return "ERR_MISSING_USERDATA";
  396. }else {
  397. $this->app->register_error = 'Vous devez remplir tous les champs.';
  398. $this->app->flash('sendError', $this->app->register_error);
  399. $this->app->redirectTo('mes-informations');
  400. return "ERR";
  401. }
  402. }
  403.  
  404. }
  405.  
  406.  
  407. function edit_password($data, $id)
  408. {
  409. $email = $this->app->Database->ft_escape($data['email']);
  410. $mypassword = $this->app->Database->ft_escape($data['mypassword']);
  411. $password = $this->app->Database->ft_escape($data['password']);
  412. $new_pass = $this->app->Database->ft_escape($data['new_pass']);
  413. $new_pass_2 = $this->app->Database->ft_escape($data['new_pass_2']);
  414.  
  415. $password = ($mypassword == sha1($password)) ? $password : 0;
  416. $new_pass = ($new_pass == $new_pass_2) ? $new_pass : 0;
  417. $lght = (strlen($new_pass)>=6) ? 1 : 0;
  418.  
  419. $id = $this->app->Database->ft_escape($id);
  420.  
  421. if ( $password && $new_pass && $new_pass_2 && $lght) {
  422. $new_pass = sha1($new_pass);
  423.  
  424. $this->app->register_error = 'Le changement de mot de passe à bien été pris en compte.';
  425.  
  426. $this->app->Email->Send('ACCOUNT_NEW_PASSWORD', array(''), $email, '');
  427. $this->app->flash('sendError', $this->app->register_error);
  428. $this->app->flash('success', $this->app->register_error);
  429. $this->app->mysql->query("UPDATE users SET password = '$new_pass' WHERE uid = '$id'");
  430. $this->app->redirectTo('mes-informations');
  431. return "NEW_EMAIL";
  432.  
  433.  
  434. } else {
  435. if (!$password) {
  436. $this->app->register_error = 'Vous n\'avez pas saissi le bon mot de passe.';
  437. $this->app->flash('sendError', $this->app->register_error);
  438. $this->app->redirectTo('mes-informations');
  439. return "ERR_INVALID_PASSWORD";
  440. } else if (!$new_pass) {
  441. $this->app->register_error = 'Vos mot de passe ne correspondentpas.';
  442. $this->app->flash('sendError', $this->app->register_error);
  443. $this->app->redirectTo('mes-informations');
  444. return "ERR_MISSING_PASSWORD";
  445. } else if (!$lght) {
  446. $this->app->register_error = 'Mot de passe trop cours, 6 caractères minimum.';
  447. $this->app->flash('sendError', $this->app->register_error);
  448. $this->app->redirectTo('mes-informations');
  449. return "ERR_MISSING_PASSWORD";
  450. } else {
  451. $this->app->register_error = 'Vous devez remplir tous les champs';
  452. $this->app->flash('sendError', $this->app->register_error);
  453. $this->app->redirectTo('mes-informations');
  454. return "ERR";
  455. }
  456. }
  457.  
  458. }
  459.  
  460.  
  461.  
  462. function change_email_token($email, $token)
  463. {
  464. $email = $this->app->Database->ft_escape($email);
  465. $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $email : 0;
  466. $token = $this->app->Database->ft_escape($token);
  467.  
  468.  
  469. if ($token && $email) {
  470.  
  471. $result = $this->app->Database->ft_num_rows("SELECT * FROM users WHERE email_new = '$email' AND email_new_code = '$token'");
  472. if($result == true) {
  473.  
  474. $this->app->Email->Send('ACCOUNT_NEW_EMAIL_VERIFIED', array(''), $email, '');
  475. $this->app->flash('sendError', 'Bravo, votre nouvelle adresse e-mail est bien activée.');
  476. $this->app->flash('success', true);
  477. $this->app->mysql->query("UPDATE users SET email = '$email', email_new_code = '' WHERE email_new = '$email'");
  478. $this->app->redirectTo('mon-compte');
  479. return "NEW_EMAIL";
  480.  
  481. } else {
  482. $this->app->register_error = 'Code invalide ou email invalide.';
  483. $this->app->flash('sendError', $this->app->register_error);
  484. $this->app->redirectTo('mon-compte');
  485. return "ERR_INVALID_EMAIL";
  486. }
  487.  
  488.  
  489. } else {
  490. $this->app->register_error = 'Code invalide ou email invalide.';
  491. $this->app->flash('sendError', $this->app->register_error);
  492. $this->app->redirectTo('mon-compte');
  493. return "ERR_INVALID_EMAIL";
  494. }
  495. }
  496.  
  497.  
  498. function change_number($uid, $number)
  499. {
  500. $number = $this->app->Database->ft_escape($number);
  501. $uid = $this->app->Database->ft_escape($uid);
  502.  
  503.  
  504. if ($uid && $number) {
  505.  
  506.  
  507.  
  508.  
  509. $this->app->flash('sendError', 'Vous allez recevoir un sms avec un code, merci de l\'indiquer dans la case prévue à cet effet.');
  510. $this->app->flash('success', true);
  511. $generate = strtoupper(substr(uniqid(),5,5));
  512.  
  513. $texte = urlencode("SOUNDRADIO \nPour activer votre numéro sur notre site, le code est : $generate");
  514. file_get_contents("https://sms.soundradio.fr/api.php?phone_number=$number&content=$texte&login=Florian&pass_api=8569325669");
  515.  
  516.  
  517.  
  518. $this->app->mysql->query("UPDATE users SET numero_portable = '$number', numero_code = '$generate', numero_etat = '1' WHERE uid = '$uid'");
  519. $this->app->redirectTo('api_mes-alertes-sms-activate');
  520. return "NEW_EMAIL";
  521.  
  522.  
  523. } else {
  524. $this->app->register_error = 'Le numéro saisie est invalide.';
  525. $this->app->flash('sendError', $this->app->register_error);
  526. $this->app->redirectTo('mes-alertes-sms');
  527. return false;
  528. }
  529. }
  530.  
  531.  
  532.  
  533. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement