/classes/MiradouAuth.php

https://github.com/cybfr/famille.miradou.com · PHP · 154 lines · 134 code · 0 blank · 20 comment · 14 complexity · 3bccb106a239533c40c693d6a62b9bdf MD5 · raw file 

    

  1. <?php
    2. 

  2. class MiradouAuth {
    3. 

  3. 	private $AuthRealm;
    4. 

  4. 	function __construct($authrealm) {
    5. 

  5. 		$this->AuthRealm = $authrealm;
    6. 

  6. 		if (isset ( $_SESSION ['miUser'] )) {
    7. 

  7. 			$session_user = unserialize ( $_SESSION ['miUser'] );
    8. 

  8. 		} else {
    9. 

  9. 			$session_user = new member ( array () );
    10. 

  10. 		}
    11. 

  11. 		foreach ( $session_user as $key => $value ) {
    12. 

  12. 			$this->$key = $value;
    13. 

  13. 		}
    14. 

  14. 	}
    15. 

  15. 	function loginMi($email, $password) {
    16. 

  16. 		$user = $this->AuthRealm->getMemberByMail ( $email );
    17. 

  17. 		if ($user) {
    18. 

  18. 			if ($user->checkPassword ( $password )) {
    19. 

  19. 				$_SESSION ['miUser'] = serialize ( $user );
    20. 

  20. 			} else {
    21. 

  21. 				$user = "wrong password";
    22. 

  22. 			}
    23. 

  23. 		} else {
    24. 

  24. 			$user = "wrong e-mail";
    25. 

  25. 		}
    26. 

  26. 		return ($user);
    27. 

  27. 	}
    28. 

  28. 	function getIdStyles() {
    29. 

  29. 		$style = " 	.unknownid{	background-position: 0 -10px; background-image: url(/images/fmly_ids.png);}
    30. 

  30. 				";
    31. 

  31. 		foreach ( $this->AuthRealm->members as $member ) {
    32. 

  32. 			$style .= "	." . $member->id . "{	background-position: 0 -" . $member->pictureIdx . "px; background-image: url(/images/fmly_ids.png);}
    33. 

  33. 					";
    34. 

  34. 		}
    35. 

  35. 		return ($style);
    36. 

  36. 	}
    37. 

  37. 	/**
    38. 

  38. 	 * Enter description here .
    39. 

  39. 	 *
    40. 

  40. 	 * ..
    41. 

  41. 	 *
    42. 

  42. 	 * @param string $fbId        	
    43. 

  43. 	 */
    44. 

  44. 	function loginFb($fbId) {
    45. 

  45. 		$user = $this->AuthRealm->getMemberByfbId ( $fbId );
    46. 

  46. 		if ($user) {
    47. 

  47. 			$_SESSION ['miUser'] = serialize ( $user );
    48. 

  48. 		} else {
    49. 

  49. 			$user = "wrong fbId";
    50. 

  50. 		}
    51. 

  51. 		return ($user);
    52. 

  52. 	}
    53. 

  53. 	/**
    54. 

  54. 	 * Enter description here .
    55. 

  55. 	 *
    56. 

  56. 	 * ..
    57. 

  57. 	 *
    58. 

  58. 	 * @param unknown_type $mailto_addr        	
    59. 

  59. 	 * @return Ambiguous
    60. 

  60. 	 */
    61. 

  61. 	function sendPwResetMail($mailToAddr) {
    62. 

  62. 		/* check e-mail addresse */
    63. 

  63. 		$member = $this->AuthRealm->getMemberByMail ( $mailToAddr );
    64. 

  64. 		error_log ( "sendPwResetMail($mailToAddr)" );
    65. 

  65. 		if ($member === false) {
    66. 

  66. 			return "Cette adresse ($mailToAddr) n'est pas enregistrée, contactez le ouaibmestre";
    67. 

  67. 		}
    68. 

  68. 		$key = sha1 ( $mailToAddr . microtime ( true ) . mt_rand ( 10000, 90000 ) );
    69. 

  69. 		$query = "
    70. 

  70. 			REPLACE INTO  `famille`.`pwresetrequests` SET
    71. 

  71. 			`key`='$key',
    72. 

  72. 			`date`='" . date ( DATE_ATOM ) . "',
    73. 

  73. 			`email`='" . $member->email . "',
    74. 

  74. 			`null`='0';
    75. 

  75. 		";
    76. 

  76. 		if (! mysql_query ( $query )) {
    77. 

  77. 			if (mysql_errno () == 1062) {
    78. 

  78. 				$msg = mysql_error ();
    79. 

  79. 				if (strpos ( $msg, 'email', 0 )) {
    80. 

  80. 					// TODO : cancel key then resend link
    81. 

  81. 					error_log ( "already send a link to this address" );
    82. 

  82. 					return "already send a link to this address";
    83. 

  83. 				}
    84. 

  84. 			}
    85. 

  85. 			error_log ( "Error inserting key record.<hr>$query<hr>" . mysql_error () . "<hr>" . mysql_errno () );
    86. 

  86. 			
    87. 

  87. 			return "Error inserting key record.<hr>$query<hr>" . mysql_error () . "<hr>" . mysql_errno ();
    88. 

  88. 		}
    89. 

  89. 		error_log ( "sending mail" );
    90. 

  90. 		$to = $mailToAddr;
    91. 

  91. 		$fromAddr = "admin@miradou.com";
    92. 

  92. 		$headers = "Reply-to: $fromAddr\n";
    93. 

  93. 		$headers .= "From: $fromAddr\n";
    94. 

  94. 		$headers .= "Errors-to: $fromAddr\n";
    95. 

  95. 		$headers .= "MIME-Version: 1.0\n";
    96. 

  96. 		$headers .= "Content-Transfer-Encoding: 8bit\n";
    97. 

  97. 		$headers .= "Content-Type: text/plain; charset=utf-8\n";
    98. 

  98. 		$site_url = "https://famille.miradou.com/Resetpw";
    99. 

  99. 		$subject = "=?UTF-8?B?" . base64_encode ( "Votre demande de changement de mot de passe sur famille.miradou.com" ) . "?=";
    100. 

  100. 		$url = $site_url . '?key=' . $key;
    101. 

  101. 		$msg_body = "		Bonjour François-Régis,
    102. 

    103. 

  103. 		Vous avez demandé la réinitialisation de votre mot de passe pour miradou.
    104. 

  104. 		Pour finaliser votre demande, veuillez cliquer sur ce lien :
    105. 

  105. 

  106. 		$url
    107. 

  107. 

  108. 		* Vous navez pas demandé ce changement ? *
    109. 

  109. 		Si vous navez pas demandé un nouveau mot de passe, informez-nous en à :
    110. 

  110. 

  111. 		$url
    112. 

  112. 

  113. 		Merci,
    114. 

  114. 

  115. 		--
    116. 

  116. 		l'équipe miradou
    117. 

  117. 		";
    118. 

  118. 		if (mail ( $mailToAddr, $subject, $msg_body, $headers )) {
    119. 

  119. 			$msg = "Un lien vous a été envoyé pour mettre à jour votre mot de passe. Vérifiez votre mail dans quelques instants";
    120. 

  120. 		} else {
    121. 

  121. 			$msg = "There is some system problem in sending login details to your address. Please contact site-admin.";
    122. 

  122. 		}
    123. 

  123. 		error_log ( $msg );
    124. 

  124. 		return ($msg);
    125. 

  125. 	}
    126. 

  126. 	function resetPassword($passwd, $key) {
    127. 

  127. 		// TODO
    128. 

  128. 		// check key validity=> get user
    129. 

  129. 		$user = $this->validateKey ( $key );
    130. 

  130. 		// update mysql : password for user
    131. 

  131. 		if ($user) {
    132. 

  132. 			$user->setPassword ( $passwd );
    133. 

  133. 			$this->deleteKey ( $key );
    134. 

  134. 		}
    135. 

  135. 		// return link to ? page
    136. 

  136. 		return $user;
    137. 

  137. 	}
    138. 

  138. 	function validateKey($key) {
    139. 

  139. 		$sql = "
    140. 

  140. 			SELECT * FROM famille.pwresetrequests WHERE `key` = \"$key\"";
    141. 

  141. 		$result = mysql_query ( $sql );
    142. 

  142. 		$keys = mysql_fetch_array ( $result );
    143. 

  143. 		if ($keys) {
    144. 

  144. 			return $this->AuthRealm->getMemberByMail ( $keys ['email'] );
    145. 

  145. 		} else {
    146. 

  146. 			return FALSE;
    147. 

  147. 		}
    148. 

  148. 	}
    149. 

  149. 	private function deleteKey($key) {
    150. 

  150. 		$query = "DELETE FROM famille.pwresetrequests WHERE `key` = \"$key\"";
    151. 

  151. 		mysql_query ( $query );
    152. 

  152. 	}
    153. 

  153. }
    154. 

  154. ?>
    155.