Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Class Users_rights
- */
- class Users_rights
- {
- /**
- * @param $app Invoke SlimApp
- */
- function __construct($app)
- {
- $this->app = $app;
- $this->now = __TIMESTAMP__;
- }
- // GLOBAL FUNCTIONS
- /**
- * @param $session_key The session_key to revoke
- * @return mixed Return a boolean ( true / false ) depending on the success / failure of the revoke
- */
- function revoke_sessionkey($session_key)
- {
- $this->app->Database->ft_escape($session_key);
- return $this->app->mysql->query("UPDATE users_auth_sessions SET session_revoke = '$this->now' WHERE session_key = '$session_key'");
- }
- /**
- * @param $session_key The session_key to read
- * @return array|bool|null If session found ( and not revoked ) returns the user data associated , otherwise, return false
- */
- function read_sessionkey($session_key)
- {
- $session_key = $this->app->Database->ft_escape($session_key);
- $session_data_query = $this->app->mysql->query("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'");
- $session_data = mysqli_fetch_assoc($session_data_query);
- if ($session_data['session_revoke'] > __TIMESTAMP__)
- return $this->user_data('uid', $session_data['uid']);
- else
- return false;
- }
- // SESSIONS FUNCTIONS
- function list_users()
- {
- $array = Array();
- $users_query = $this->app->mysql->query("SELECT * FROM users");
- while($user = mysqli_fetch_array($users_query))
- $array[$user['uid']] = $user;
- return $array;
- }
- /**
- * @param $column The column of users table to perform search
- * @param $var The content to perform search
- * @return array|bool|null if user found, then return user datas, otherwise, return false
- */
- function user_data($column, $var)
- {
- $column = $this->app->Database->ft_escape($column);
- $var = $this->app->Database->ft_escape($var);
- $user_data_query = $this->app->mysql->query("SELECT * FROM users WHERE $column = '$var'");
- if(!$user_data_query->num_rows)
- return false;
- return mysqli_fetch_assoc($user_data_query);
- }
- function user_data_value($column, $var, $return)
- {
- return $this->user_data($column, $var)[$return];
- }
- /**
- * @param $username Takes the username to login
- * @param $password Takes the plain ( not hashed ) password to login
- * @param int $fail2ban Duration of the ban ( if 3 false attempts )
- * @return bool Return to function ( auth_user_log ) to log the attempt / redirect user or false if user not found
- */
- function auth_user($email, $password, $active ,$fail2ban = 900)
- {
- $email = $this->app->Database->ft_escape($email);
- $password = $this->app->Database->ft_escape($password);
- $active = $this->app->Database->ft_escape($active);
- $user_data = $this->user_data('email', $email);
- if ($user_data) {
- $password_hash = $user_data['password'];
- $uid = $user_data['uid'];
- $grace_period = __TIMESTAMP__ - $fail2ban;
- if($user_data['actif'] == true OR $active != false) {
- if ($this->is_user_in_grace_period($uid,$grace_period) < 3) {
- if (sha1($password) === $password_hash) {
- if($active != false) {
- if($active == $user_data['id_client']) {
- $session_key = $this->create_session($uid, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
- $this->app->login_error = 'Bonjour, bienvenue sur votre compte SoundRadio!';
- $this->app->mysql->query("UPDATE users SET actif = 1 WHERE email = '$email'");
- $this->app->Email->Send("ACCOUNT_ACTIVATION", array($email, $user_data['id_client']), $email, array('conditions.pdf'));
- return $this->auth_user_log($uid, "SUCCESS", NULL, $session_key);
- } else {
- $this->app->login_error = 'Le code client entrée n\'est pas valide nous ne pouvons activer votre compte. ';
- return $this->auth_user_log($uid, "USER_AUTH_NO_ACTIV_ACCOUNT", "User try to log-in with an incorrect password");
- }
- } else {
- $session_key = $this->create_session($uid, $_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']);
- $this->app->login_error = 'Bonjour, bienvenue sur votre compte SoundRadio!';
- return $this->auth_user_log($uid, "SUCCESS", NULL, $session_key);
- }
- } else {
- $this->app->login_error = 'La combinaison que vous avez saisie est incorrecte! ';
- return $this->auth_user_log($uid, "USER_AUTH_PWD", "User try to log-in with an incorrect password");
- }
- } else {
- $this->app->login_error = 'Votre compte est banni pendant 15 minutes.';
- return $this->auth_user_log($uid, "USER_AUTH_GRACE", "User try to log-in during the grace period");
- }
- } else {
- $this->app->login_error = 'Vous n\'avez pas encore activé votre compte.';
- $this->app->login__first_co = true;
- return $this->auth_user_log($uid, "USER_NO_ACTIV_ACCOUNT", "Account is not activ.");
- }
- } else {
- $this->app->login_error = 'La combinaison que vous avez saisie est incorrect ! ';
- return "mdr";
- }
- }
- function is_user_in_grace_period($uid,$grace_period = 900)
- {
- $uid = $this->app->Database->ft_escape($uid);
- $ip = $_SERVER['REMOTE_ADDR'];
- $grace_period = $this->app->Database->ft_escape($grace_period);
- return $this->app->Database->ft_num_rows("SELECT * FROM users_auth_log WHERE (uid = '$uid' OR ip_addr = '$ip') AND (action = 'USER_AUTH_PWD' OR action = 'USER_AUTH_USERNOTEXIST') AND timestamp >= '$grace_period'");
- }
- /**
- * @param $uid Takes the user UID
- * @param $action Get the error ( or success ) code of the request
- * @param $comment If necessary to put a comment
- * @param bool $session_key If session has been reated
- * @return bool Returns the session_key if created or false if login not successfull
- */
- function auth_user_log($uid, $action, $comment, $session_key = false)
- {
- $ip = $_SERVER['REMOTE_ADDR'];
- if ($this->app->mysql->query("INSERT INTO users_auth_log (log_id, uid, ip_addr, timestamp, action, comment) VALUES (NULL, '$uid', '$ip', '$this->now', '$action', '$comment');"))
- return $session_key;
- else
- return false;
- }
- // USER AUTHENTIFICATION FUNCTIONS
- /**
- * @param $uid The user UID
- * @param $ip The user REMOTE_ADDR
- * @param $browser The user HTTP HEADER ( to save the browser ... RTFM )
- * @param int $expire The session duration, default 24H
- * @return bool|string If session created, returns the session_key, otherwise return false
- */
- function create_session($uid, $ip, $browser, $expire = 86400)
- {
- $revoke = $this->now + $expire;
- $session_data = json_encode(Array('SESS_CREATION' => $this->now, 'SESS_REVOKE' => $revoke, 'SESS_BROWSER' => $browser, 'SESS_USERIP' => $ip));
- $session_key = sha1(uniqid());
- if ($this->app->mysql->query("INSERT INTO users_auth_sessions (sid, uid, session_key, session_data, session_revoke) VALUES (NULL, '$uid', '$session_key', '$session_data', '$revoke');"))
- return $session_key;
- else
- return false;
- }
- /**
- * @param $data_array Takes an array composed of elements to create user ( in order to upgrade the code )
- * @return string Returns true if created or ERR_REASON if user creation has fail
- */
- function create_user($data_array)
- {
- $email = ($this->check_existing_email($data_array['email']) == false) ? $this->app->Database->ft_escape($data_array['email']) : 0;
- $firstname = $this->app->Database->ft_escape($data_array['firstname']);
- $lastname = $this->app->Database->ft_escape($data_array['lastname']);
- $pass_decrypt = $this->app->Database->ft_escape($data_array['password']);
- $password = ($this->app->Database->ft_escape($data_array['password']) == $this->app->Database->ft_escape($data_array['password_repeat'])) ? $this->app->Database->ft_escape($data_array['password']) : 0;
- $password = (strlen($password)>=6) ? $password : 0;
- $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $this->app->Database->ft_escape($email) : 0;
- if ($password && $firstname && $lastname && $email) {
- $time = __TIMESTAMP__;
- $password_hash = $this->app->Database->ft_escape(sha1($password));
- $id_client = $this->app->Database->ft_escape(strtoupper($this->random(6)));
- $token = uniqid().uniqid();
- $this->app->mysql->query("INSERT INTO users (password, prenom, nom, email, id_client, token) VALUES ('$password_hash', '$firstname', '$lastname', '$email', '$id_client', '$token');");
- $this->app->Email->Send("NEW_ACCOUNT", array($email, $token), $email, array(''));
- $this->app->flash('sendError', 'Votre inscription a bien été prise en compte. Vous allez recevoir un mail de confirmation pour vous connecter.');
- $this->app->flash('success', true);
- $this->app->redirectTo('login');
- return true;
- } else {
- if (!$email && $data_array['email']) {
- $this->app->register_error = 'Adresse e-mail invalide ou déjà utilisée.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('login');
- return "ERR_INVALID_EMAIL";
- } else if (!$data_array['firstname'] || !$data_array['lastname']) {
- $this->app->register_error = 'Vous devez remplir tous les champs!';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('login');
- return "ERR_MISSING_USERDATA";
- }else if (!$password) {
- $this->app->register_error = 'Mot de passe invalide ou trop court (6 caractères minimum).';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('login');
- return "ERR_MISSING_USERPASS";
- }else {
- $this->app->register_error = 'Vous devez remplir tous les champs!';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('login');
- return "ERR";
- }
- }
- }
- function user_forgot($email)
- {
- $email = $this->app->Database->ft_escape($email);
- $user_data = $this->user_data('email', $email);
- if ($user_data) {
- $password = $this->random(8);
- $password_hash = sha1($password);
- $this->app->Email->Send('ACCOUNT_LOST_PASSWORD', array($password), $email, '');
- return $this->app->mysql->query("UPDATE users SET password = '$password_hash' WHERE email = '$email'");
- } else {
- return false;
- }
- }
- // USER CREATION FUNCTIONS
- /**
- * @param $username The username to check
- * @return int 1 if user found , 0 if not
- */
- function check_existing_email($email)
- {
- $email = $this->app->Database->ft_escape($email);
- return ($this->app->Database->ft_num_rows("SELECT * FROM users WHERE email = '$email'")) ? 1 : 0;
- }
- function data_session($session_key)
- {
- $session_key = $this->app->Database->ft_escape($session_key);
- if (!$this->app->Database->ft_num_rows("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'"))
- return false;
- else
- $user_data_query = $this->app->mysql->query("SELECT * FROM users_auth_sessions WHERE session_key = '$session_key'");
- return mysqli_fetch_assoc($user_data_query);
- }
- function add_notification($array)
- {
- $uid = $this->app->Database->ft_escape($array['uid']);
- $text = $this->app->Database->ft_escape($array['text']);
- $url = $this->app->Database->ft_escape($array['url']);
- $time_expire = $this->app->Database->ft_escape($array['expire']);
- $class = $this->app->Database->ft_escape($array['class']);
- $now = time();
- $time_expire = (!$time_expire) ? strtotime("+1 week") : $time_expire;
- if($this->app->mysql->query("INSERT INTO notifications (nid, uid, text, timestamp, notification_expire, url, notification_class) VALUES (NULL, '$uid', '$text', '$now', '$time_expire', '$url', '$class');"));
- return true;
- return false;
- }
- function notify_users($array,$users)
- {
- $text = $this->app->Database->ft_escape($array['text']);
- $url = $this->app->Database->ft_escape($array['url']);
- $time_expire = $this->app->Database->ft_escape($array['expire']);
- $class = $this->app->Database->ft_escape($array['class']);
- foreach($users as $uid => $data)
- $this->add_notification(Array('expire' => $time_expire, 'text' => $text, 'class' => $class, 'url' => $url, 'uid' => $uid));
- }
- function see_notifications()
- {
- $uid = $this->app->user['uid'];
- $timestamp = time();
- return $this->app->mysql->query("UPDATE notifications SET seen = '$timestamp' WHERE (seen = '' || seen = '0') AND uid = '$uid'");
- }
- function get_notifications($uid) {
- $uid = $this->app->Database->ft_escape($uid);
- $notifs= Array();
- $unseen = 0;
- $now = time();
- $notif_query = $this->app->mysql->query("SELECT * FROM notifications WHERE uid = '$uid' AND notification_expire > '$now' ORDER BY nid DESC");
- while($notif = mysqli_fetch_assoc($notif_query)) {
- if(!$notif['seen'])
- $unseen++;
- $notifs[$notif['nid']] = $notif;
- }
- return array('notifications' => $notifs, 'unseen' => $unseen);
- }
- function random($length){
- $characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789azertyuiopqsdfghjklmwxcvbn";
- $name = "";
- for($i = 0; $i < $length; $i++){
- $name .= $characters[mt_rand(0,strlen($characters) - 1)];
- }
- return $name;
- }
- function edit_personnal_informations($data, $id)
- {
- $email = $this->app->Database->ft_escape($data['email']);
- $email_ancien = $this->app->Database->ft_escape($data['email_ancien']);
- if($email_ancien != $email)
- $email = ($this->check_existing_email($email) == false) ? $email : 0;
- $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $email : 0;
- $pays = $this->app->Database->ft_escape($data['pays']);
- $ville = $this->app->Database->ft_escape($data['ville']);
- $codepostale = $this->app->Database->ft_escape($data['codepostale']);
- $adresse = $this->app->Database->ft_escape($data['adresse']);
- $id = $this->app->Database->ft_escape($id);
- if ($email && $pays && $ville && $codepostale && $adresse && $email_ancien) {
- if($email_ancien != $email) {
- $this->app->register_error = 'Vous allez recevoir un e-mail à '. $email . ' avec un lien pour valider le changement d\'e-mail.';
- $token = uniqid().uniqid();
- $url = "<a href='https://soundradio.fr/mon-compte/mes-informations/ma-nouvelle-adresse-email/$token/$email'>https://soundradio.fr/mon-compte/mes-informations/ma-nouvelle-adresse-email/$token/$email</a>";
- $this->app->Email->Send('ACCOUNT_NEW_EMAIL', array($url), $email, '');
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->flash('success', $this->app->register_error);
- $this->app->mysql->query("UPDATE users SET email_new = '$email', email_new_code = '$token', lieux_pays = '$pays', lieux_ville = '$ville', lieux_code = '$codepostale', lieux_rue = '$adresse' WHERE uid = '$id'");
- $this->app->redirectTo('mes-informations');
- return "NEW_EMAIL";
- } else {
- $this->app->register_error = 'Vous venez de changer vos informations.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->flash('success', $this->app->register_error);
- $this->app->mysql->query("UPDATE users SET lieux_pays = '$pays', lieux_ville = '$ville', lieux_code = '$codepostale', lieux_rue = '$adresse' WHERE uid = '$id'");
- $this->app->redirectTo('mes-informations');
- }
- } else {
- if (!$email) {
- $this->app->register_error = 'Adresse e-mail invaldie ou déjà utilisée.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR_INVALID_EMAIL";
- } else if (!$pays || !$ville || !$codepostale || !$adresse) {
- $this->app->register_error = 'Vous devez remplir tous les champs.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR_MISSING_USERDATA";
- }else {
- $this->app->register_error = 'Vous devez remplir tous les champs.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR";
- }
- }
- }
- function edit_password($data, $id)
- {
- $email = $this->app->Database->ft_escape($data['email']);
- $mypassword = $this->app->Database->ft_escape($data['mypassword']);
- $password = $this->app->Database->ft_escape($data['password']);
- $new_pass = $this->app->Database->ft_escape($data['new_pass']);
- $new_pass_2 = $this->app->Database->ft_escape($data['new_pass_2']);
- $password = ($mypassword == sha1($password)) ? $password : 0;
- $new_pass = ($new_pass == $new_pass_2) ? $new_pass : 0;
- $lght = (strlen($new_pass)>=6) ? 1 : 0;
- $id = $this->app->Database->ft_escape($id);
- if ( $password && $new_pass && $new_pass_2 && $lght) {
- $new_pass = sha1($new_pass);
- $this->app->register_error = 'Le changement de mot de passe à bien été pris en compte.';
- $this->app->Email->Send('ACCOUNT_NEW_PASSWORD', array(''), $email, '');
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->flash('success', $this->app->register_error);
- $this->app->mysql->query("UPDATE users SET password = '$new_pass' WHERE uid = '$id'");
- $this->app->redirectTo('mes-informations');
- return "NEW_EMAIL";
- } else {
- if (!$password) {
- $this->app->register_error = 'Vous n\'avez pas saissi le bon mot de passe.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR_INVALID_PASSWORD";
- } else if (!$new_pass) {
- $this->app->register_error = 'Vos mot de passe ne correspondentpas.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR_MISSING_PASSWORD";
- } else if (!$lght) {
- $this->app->register_error = 'Mot de passe trop cours, 6 caractères minimum.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR_MISSING_PASSWORD";
- } else {
- $this->app->register_error = 'Vous devez remplir tous les champs';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-informations');
- return "ERR";
- }
- }
- }
- function change_email_token($email, $token)
- {
- $email = $this->app->Database->ft_escape($email);
- $email = (filter_var($email, FILTER_VALIDATE_EMAIL)) ? $email : 0;
- $token = $this->app->Database->ft_escape($token);
- if ($token && $email) {
- $result = $this->app->Database->ft_num_rows("SELECT * FROM users WHERE email_new = '$email' AND email_new_code = '$token'");
- if($result == true) {
- $this->app->Email->Send('ACCOUNT_NEW_EMAIL_VERIFIED', array(''), $email, '');
- $this->app->flash('sendError', 'Bravo, votre nouvelle adresse e-mail est bien activée.');
- $this->app->flash('success', true);
- $this->app->mysql->query("UPDATE users SET email = '$email', email_new_code = '' WHERE email_new = '$email'");
- $this->app->redirectTo('mon-compte');
- return "NEW_EMAIL";
- } else {
- $this->app->register_error = 'Code invalide ou email invalide.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mon-compte');
- return "ERR_INVALID_EMAIL";
- }
- } else {
- $this->app->register_error = 'Code invalide ou email invalide.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mon-compte');
- return "ERR_INVALID_EMAIL";
- }
- }
- function change_number($uid, $number)
- {
- $number = $this->app->Database->ft_escape($number);
- $uid = $this->app->Database->ft_escape($uid);
- if ($uid && $number) {
- $this->app->flash('sendError', 'Vous allez recevoir un sms avec un code, merci de l\'indiquer dans la case prévue à cet effet.');
- $this->app->flash('success', true);
- $generate = strtoupper(substr(uniqid(),5,5));
- $texte = urlencode("SOUNDRADIO \nPour activer votre numéro sur notre site, le code est : $generate");
- file_get_contents("https://sms.soundradio.fr/api.php?phone_number=$number&content=$texte&login=Florian&pass_api=8569325669");
- $this->app->mysql->query("UPDATE users SET numero_portable = '$number', numero_code = '$generate', numero_etat = '1' WHERE uid = '$uid'");
- $this->app->redirectTo('api_mes-alertes-sms-activate');
- return "NEW_EMAIL";
- } else {
- $this->app->register_error = 'Le numéro saisie est invalide.';
- $this->app->flash('sendError', $this->app->register_error);
- $this->app->redirectTo('mes-alertes-sms');
- return false;
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement