NOW();'); if (!isset($res[0]['user_id'])) return false; else { DB::uQuery('DELETE FROM user_secret_keys WHERE `key`="'.DB::escape($key).'";'); return array($res[0]['user_id'], $res[0]['content']); } } static public function makeLinkForRegistration($email) { $key = self::createSecretKey(0, 'registration', $email); return 'http://' . LENCRIER_ADMIN_HOST . '/_c.php?r=' . $key; } static public function makeLinkForNewPassword($id) { $key = self::createSecretKey($id, 'password_resend'); return 'http://' . LENCRIER_ADMIN_HOST . '/_c.php?p='.$key; } static public function sendNewPassword($key) { $return = self::checkSecretKey('password_resend', $key); if (!$return) return false; list($id, $content) = $return; $email = self::getEmailFromId($id); $pass = utils::generatePassword(mt_rand(7,10)); $user = new user; if ($user->is_logged()) { $user->set('password', $pass); } else { DB::uQuery('UPDATE membres SET password = "'.DB::esc(md5($pass)).'" WHERE id = "'.(int)$id.'";'); } notifications::sendNewPassword($email, $pass); return true; } static public function makeLinkForEmailChange($id, $email) { $key = self::createSecretKey($id, 'email_change', $email); return 'http://' . LENCRIER_ADMIN_HOST . '/_c.php?e=' . $key; } static public function changeEmail($key) { $return = self::checkSecretKey('email_change', $key); if (!$return) return false; list($id, $new_email) = $return; $old_email = self::getEmailFromId($id); $user = new user; if ($user->is_logged()) { $user->set('email', $new_email); } else { DB::uQuery('UPDATE membres SET email="'.DB::escape($new_email).'" WHERE id="'.(int)$id.'";'); } notifications::emailChanged($id, $new_email, $old_email); return true; } public static function register($key, $login_after=false) { $return = self::checkSecretKey('registration', $key); if (!$return) return false; list($id, $email) = $return; if (self::getIdFromEmail($email)) return false; $pass = utils::generatePassword(mt_rand(7,10)); DB::startMultipleQueries(); DB::uQuery('INSERT INTO membres (password, email, date_inscription, ip_inscription) VALUES ("'.DB::esc(md5($pass)).'", "'.DB::esc($email).'", "'.time().'", "'.utils::getIP().'");'); $id = DB::getInsertId(); if (self::userIsBanned()) { DB::uQuery('UPDATE membres SET banned = 2 WHERE id = "'.(int)$id.'";'); } DB::endMultipleQueries(); notifications::register($email, $pass); if ($login_after) { $user = new user; $user->login($email, $pass, false, false); } return $id; } static public function userIsBanned() { if (!empty($_COOKIE['COOKIES_ENABLED'])) return true; else return false; } static public function userSetBanned() { setcookie('COOKIES_ENABLED', '1', time() + (3600 * 24 * 365 * 10), '/', LENCRIER_COOKIE_DOMAIN, false, true); $_COOKIE['COOKIES_ENABLED'] = 1; return true; } public function answerPublicAction($key, $redir) { $reponse = md5(LENCRIER_SECRET_KEY . $key . $this->get('id') . $redir . date('dmYH')); setcookie('action_answer', $reponse, time() + 60, '/', LENCRIER_COOKIE_DOMAIN); return true; } public function __construct() { $this->cookie_prefix = md5(LENCRIER_ADMIN_HOST); } public function __destruct() { if (!empty($this->modified) && $this->is_logged()) { $this->saveDatas($this->get('id'), $this->modified); } } public function createLoginChallenge() { utils::sessionStart(true); $_SESSION['challenge'] = utils::generatePassword(32); return $_SESSION['challenge']; } // Connexion // $permanent = TRUE si session permanente (1 an) public function login($email, $password, $permanent=false, $useChallenge=false) { // On enlève les éventuels espaces sur le mail et le passe $email = trim($email); $password = trim($password); // On récupère le vrai mot de passe $res = DB::aQuery('SELECT * FROM membres WHERE email="'.DB::esc($email).'" LIMIT 1;', false, DB::FETCH_ASSOC); if(!$res) return false; // Si le mail n'existe pas if(empty($res[0]['id'])) { return false; } $res = $res[0]; if ($useChallenge) { utils::sessionStart(); if (empty($_SESSION['challenge'])) { return false; } $check = md5($_SESSION['challenge'] . $res['password']); if ($check != $password) { log::addForUser($res['id'], 'login_failed', $permanent ? 'Permanent' : ''); return false; } } // Si le pass donné n'est pas identique au pass enregistré c'est pas bon elseif($res['password'] != md5($password)) { log::addForUser($res['id'], 'login_failed', $permanent ? 'Permanent' : ''); return false; } log::addForUser($res['id'], 'login', $permanent ? 'Permanent' : ''); $time = 0; // Connexion permanente if($permanent) { // Pour les cookies permanents: pendant 365 jours (un an) $time = time() + (3600*24*365); $session_id = md5($email . time() . $password); DB::uQuery('UPDATE membres SET session_id="'.$session_id.'" WHERE id="'.(int)$res['id'].'";'); setcookie($this->cookie_prefix.'_permanent', $session_id, $time, '/', LENCRIER_COOKIE_DOMAIN, false, true); } if (self::userIsBanned() && empty($res['banned'])) { DB::uQuery('UPDATE membres SET banned = 2 WHERE id="'.(int)$res['id'].'";'); } elseif (!self::userIsBanned() && !empty($res['banned'])) { self::userSetBanned(); } $this->createSession($res, $time); DB::uQuery('UPDATE membres SET date="'.time().'", ip="'.utils::getIP().'" WHERE id="'.(int)$res['id'].'";'); return true; } private function createSession($user, $expire=0) { utils::sessionStart(true); $_SESSION['current_user'] = $user; return true; } public function login_admin($id) { $res = DB::aQuery('SELECT * FROM membres WHERE id="'.(int)$id.'";'); $res = $res[0]; $this->createSession($res); return true; } private function _getUserInfosFromSession($session) { // FIXME: temporaire à cause d'intégration dans vieilles pages, // c'est ça qui fait le redirect à la con quand on essaye d'accéder à une page interne // mais que la session a expiré if (!class_exists('DB')) return false; $res = DB::aQuery('SELECT * FROM membres WHERE session_id="'.DB::esc($session).'" LIMIT 0,1;'); if(empty($res[0]['id'])) return false; return $res[0]; } // Logue automatiquement le membre qui a une connexion permanente, s'il a perdu sa session private function _autoLogin() { if (empty($_COOKIE[$this->cookie_prefix.'_permanent'])) return true; if (!empty($_SESSION['current_user'])) return true; $session_id = $_COOKIE[$this->cookie_prefix.'_permanent']; $infos = $this->_getUserInfosFromSession($session_id); if(!$infos) return false; log::addForUser($infos['id'], 'login_auto', $session_id); $this->createSession($infos); return true; } // Le membre est-il connecté? public function is_logged() { utils::sessionStart(); // Essayons le login auto pour les sessions permanentes $ret = $this->_autoLogin(); if(empty($_SESSION['current_user'])) return false; $this->infos =& $_SESSION['current_user']; return true; } public function is_banned() { if ($this->is_logged() && !empty($this->infos['banned'])) { return true; } elseif (self::userIsBanned()) { return true; } return false; } public function logout() { $time = time()+(3600*24*365); utils::sessionStart(); $_SESSION = array(); setcookie(session_name(), '', 0, '/', LENCRIER_COOKIE_DOMAIN, false, true); if(!empty($_COOKIE[$this->cookie_prefix.'_permanent'])) { DB::uQuery('UPDATE membres SET session_id=NULL WHERE session_id="'. DB::esc($_COOKIE[$this->cookie_prefix.'_permanent']).'";'); setcookie($this->cookie_prefix.'_permanent', '', $time, '/', LENCRIER_COOKIE_DOMAIN, false, true); } return true; } public function get($key) { utils::sessionStart(); if(empty($_SESSION['current_user'])) return false; if(!isset($_SESSION['current_user'][$key])) return false; return $_SESSION['current_user'][$key]; } public function get_datas() { return $_SESSION['current_user']; } public function is_admin() { utils::sessionStart(); if (isset($_SESSION['current_user']['admin']) && $_SESSION['current_user']['admin'] == '1') return true; else return false; } public function can_create_journal() { $nb = $this->get_nb_journals(); if ($this->is_admin()) return 1000 - $nb; if (LENCRIER_QUOTA_JOURNAUX > $nb) return LENCRIER_QUOTA_JOURNAUX - $nb; else return false; } public function get_nb_journals() // FIXME: utiliser plutôt Journal::getNb($user_id) et cache cohérent { if ($this->get('nb_journals') !== false) { return $this->get('nb_journals'); } else { $nb = Journal::getNb($this->get('id')); $_SESSION['current_user']['nb_journals'] = $nb; return $nb; } } public function checkPassword($password) { if (md5($password) != $this->get('password')) return false; return true; } public function clear_cache($key) { if (isset($_SESSION['current_user'][$key])) unset($_SESSION['current_user'][$key]); return true; } public function set($key, $value) { if ($key == 'password') { $_SESSION['current_user'][$key] = md5($value); } else { $_SESSION['current_user'][$key] = $value; } $this->modified[$key] = $value; } public function save() { if (!empty($this->modified)) { $this->saveDatas($this->get('id'), $this->modified); } } public function saveDatas($id, $datas) { $sql = array(); foreach ($datas as $key=>$value) { if ($key == 'password') $value = md5($value); $sql[] = '`'.DB::esc($key).'`="'.DB::esc($value).'"'; } $sql = 'UPDATE membres SET ' . implode(', ', $sql) . ' WHERE id="'.(int)$id.'";'; DB::uQuery($sql); return true; } public function deleteMe() { if (!$this->is_logged()) return false; self::deleteUser($this->get('id')); $this->logout(); return true; } static public function deleteUser($id=false, $admin_delete = false) { $id = (int) $id; $liste = Journal::getList($id); if(!empty($liste)) { foreach($liste as $journal) { Journal::deleteJournal($journal['id'], $admin_delete ? false : $journal['statut']); } } DB::uQuery('DELETE FROM acces_prives WHERE membre = "'.$id.'";'); DB::uQuery('DELETE FROM membres WHERE id = "'.$id.'";'); return true; } } ?>