Composants de cette interface
Les classes
Les classes PHP5 suivantes fournissent la logique métier de cette interface :
Source de la classe user
<?php
/**
* Classe de gestion des utilisateurs
*
*/
class user extends database {
/**
* Table utilisateurs
*
* @var string
*/
protected $usersTable = 'project_users';
/**
* Table des pass temporaires
*
* @var string
*/
protected $tempPassTable = 'project_lost_pass';
/**
* Niveau de l'utilisateur
*
* @var int
*/
public $userLevel = 0;
/**
* Utilisateur
*
* @var int
*/
public $user = '';
/**
* Constructeur de la classe
*
*/
public function __construct() {
parent::__construct();
srand(microtime(true));
}
/**
* Insère un hash temporaire dans la table
*
* @param int $id ID de l'utilisateur
* @return hash inséré
*/
public function addTempPassVerif($id) {
$ch = md5(uniqid(rand()));
$d = date('Y-m-d H:i:s');
$sql = 'INSERT INTO '.$this->tempPassTable.'(user,controlhash,modification) VALUES( ';
$sql .= "'".$this->SQLescape($id)."', ";
$sql .= "'$ch', ";
$sql .= "'$d'";
$sql .= ')';
$this->conn->query($sql);
return $ch;
}
/**
* Met le pass à jour dans la table principale et envoie un mail a l'utilisateur
*
* @param int $id ID de l'utilisateur
* @param string $hash Hash md5 de controle
* @return boolean
*/
public function updatePassOnLost($id, $hash) {
$sql = 'SELECT B.email AS email,B.user AS login FROM '.$this->tempPassTable.' AS A ';
$sql .= 'LEFT JOIN '.$this->usersTable.' AS B ON A.user = B.id ';
$sql .= " WHERE A.user = '".$this->SQLescape($id)."' AND A.controlhash = '".$this->SQLescape($hash)."' ";
$r = $this->conn->query($sql);
if(!$r->numRows()) {
return false;
}
$result = $r->fetchAll(SQLITE_ASSOC);
$pass = $this->generatePassword(10);
$H = md5($pass);
include_once('classes/mail5.class.php');
$mail = new mailMain;
$mail -> model -> param['addHeaderNoCRLF'] = FALSE;
$mail -> sender -> set_mode = 'socket';
$mail -> model -> addTO ($result[0]['email'],$result[0]['login']);
$mail -> model -> addFROM ('mdp@phpworkgroup.org','Robot PHPWG');
$mail -> model -> addReturnPath('lost@phpworkgroup.org', 'PHPWG-return path');
$mail -> model -> addSubject('[PHPWG] Renouvellement de mot de passe');
$email = file_get_contents('templates/mdp-mail-confirm.tpl.txt');
$email = str_replace(
array('<$IP$>', '<$login$>', '<$pass$>'),
array(get_IP(), $result[0]['login'], $pass),
$email
);
$mail -> model -> addPlainText(iconv('UTF-8','ISO-8859-1',$email));
if ( !$mail -> sender -> send() ) {
return false;
}
$sql = "UPDATE ".$this->usersTable." SET passhash = '$H' WHERE id = '".$this->SQLescape($id)."' ";
$this->conn->query($sql);
$sql = "DELETE FROM ".$this->tempPassTable." WHERE user = $id";
$this->conn->query($sql);
return true;
}
/**
* Définie si l'utilisateur courant est membre ou non
*
* @return boolean
*/
public function isMember() {
return $this->userLevel;
}
/**
* Définie si l'utilisateur courant est administrateur
*
* @return bool
*/
public function isAdmin() {
if($this->userLevel > 5) {
return true;
}
return false;
}
/**
* Met le niveau de l'utilisateur à jour
*
* @param int $level Nouveau niveau
*/
public function setUserLevel($level) {
$this->userLevel = $level;
}
/**
* Récupère les infos d'un utilisateur selon son id
*
* @param int $id ID de l'utilisateur
* @return array Résultat
*/
public function getUserInfos($id) {
//$sql = 'SELECT * FROM '.$this->usersTable;
//$sql = 'SELECT mail,level FROM '.$this->usersTable;
$sql = 'SELECT id,user, email,firstname,lastname,inscription,level,passhash, controlhash
FROM '.$this->usersTable;
$sql .= " WHERE id = '".$this->SQLescape($id)."' ";
$r = $this->conn->arrayQuery($sql, SQLITE_ASSOC);
return $r;
}
/**
* Récupère les infos d'un utilisateur selon son login
*
* @param string $user Login de l'utilisateur
* @return array Résultat
*/
public function getUserInfos_($user) {
//$sql = "SELECT * FROM ".$this->usersTable;
$sql = 'SELECT id,user, email,firstname,lastname,inscription,level,passhash, controlhash
FROM '.$this->usersTable;
$sql .= " WHERE user = '".$this->SQLescape($user)."' ";
$r = $this->conn->arrayQuery($sql, SQLITE_ASSOC);
return $r;
}
/**
* Retourne le formulaire pour se logger
*
* @param string $action page de traitement du formulaire
* @return string code html
*/
public function loginForm($action='') {
$r = '';
$r .= '<form class="loginForm" method="post" action="'.$action.'">';
$r .= '<p><label for="login">Login</label> <input type="text" name="login" id="login" title="login" value="login" onfocus="getElementById(\'login\').value=\'\';getElementById(\'loginpass\').value=\'\';return true;"/>';
$r .= '<label for="loginpass">Mot de passe</label> <input type="password" name="loginpass" id="loginpass" title="password" value="password"/>';
$r .= '<input type="submit" name="log-in" value="Ok" /></p>';
$r .= '</form>';
return $r;
}
/**
* Génère une chaine aléatoire
*
* @param int $lenght taille de la chaine
* @return string chaine aleatoire
*/
public function generatePassword($lenght=10) {
$T = array_merge(range('a','z'), range(0,9));
shuffle($T);
$pass_ = '';
for($i=0;$i<$lenght;$i++) {
$pass_ .= $T[$i];
}
return $pass_;
}
/**
* Ajoute un nouvel utilisateur
*
* @param unknown_type $user
* @param unknown_type $pass
* @param unknown_type $email
* @param unknown_type $fn
* @param unknown_type $ln
* @param unknown_type $level
* @return unknown
*/
public function addUser($user,$pass,$email,$fn,$ln,$level) {
srand(time());
$control_hash = md5(uniqid(rand()));
if(!$pass) {
$pass = md5($this->generatePassword(10));
}else {
$pass = md5($pass);
}
$s2 = $this->conn->arrayQuery('SELECT id FROM '.$this->usersTable.' ORDER BY id DESC LIMIT 1');
$id = $s2[0]['id'] + 1;
$sql = 'INSERT INTO '.$this->usersTable.' (id,user,passhash,firstname,lastname,email,controlhash,inscription,level) ';
$sql .= 'VALUES ("'.$id.'", ';
$sql .= '"'.$this->SQLescape($user).'" , ' ;
$sql .= '"'.$pass.'" , ' ;
$sql .= '"'.$this->SQLescape($fn).'" , ' ;
$sql .= '"'.$this->SQLescape($ln).'" , ' ;
$sql .= '"'.$this->SQLescape($email).'" , ' ;
$sql .= '"'.$control_hash.'" , ' ;
$sql .= '"'.date('Y-m-d H:i:s').'" , ' ;
$sql .= '"'.(int)$level.'"' ;
$sql.= ')';
$r = $this->conn->query($sql);
//$id = $this->conn->lastInsertRowId();
/////////////////////////////////////////////////////////////////////
include_once('classes/mail5.class.php');
$mail = new mailMain;
#$mail->model->param['addHeaderNoCRLF'] = FALSE;
$mail->sender->set_mode = 'socket';
$mail -> model -> addTO ($email,$user);
$mail -> model -> addFROM ('inscription@phpworkgroup.org','Robot PHPWG');
$mail -> model -> addReturnPath('inscription@phpworkgroup.org');
$mail -> model -> addSubject(iconv('UTF-8','ISO-8859-1','[PHPWG] Inscription (étape 1)'));
$tpl = file_get_contents('templates/inscription-mail.tpl.txt');
$email_ = str_replace(
array('<$validation_url$>', '<$IP$>'),
array(PHPWG_SITE_URL . '?p=email-confirm&id='.$id.'&hash='.$control_hash, get_IP()),
$tpl);
$mail -> model -> addPlainText(iconv('UTF-8','ISO-8859-1',$email_));
if ( $mail -> sender -> send() ) {
return true;
} else {
return false;
}
}
/**
* Met des paramètres d'un utilisateur à jour
*
* @param int $id ID de l'utilisateur
* @param array $v parametres à mettre à jour
*/
public function updateUser($id, $v=array()) {
$sql = 'UPDATE '.$this->usersTable.' SET ';
$T = array();
foreach($v as $k => $v) {
$T[] = " $k = '".$this->SQLescape($v)."' ";
}
$sql .= implode(',', $T);
$sql .= " WHERE id = '".$this->SQLescape($id)."' ";
$this->conn->query($sql);
}
/**
* Efface un utilisateur
*
* @param int $id ID de l'utilisateur
*/
public function delUser($id) {
$sql = "DELETE FROM ".$this->usersTable." WHERE id = '".$this->SQLescape($id)."' ";
$this->conn->query($sql);
}
/**
* Vérifie si un utilisateur existe ou pas
*
* @param string $email email de l'utilisateur
* @param string $user login de l'utilisateur
* @return int
*/
public function userAlreadyExists($email,$user) {
$sql = "SELECT 1 FROM ".$this->usersTable." WHERE
user = '".$this->SQLescape($user)."'
OR email = '".$this->SQLescape($email)."'";
$r = $this->conn->query($sql);
return $r->numRows();
}
/**
* Affiche la boite de login ou les infos d'un membre
*
* @return string html
*/
public function memberBox() {
$r = '';
$end = '';
if(isset($_POST['log-in'])) {
$r_ = $this->getUserInfos_($_POST['login']);
if(isset($r_[0]['passhash']) && $r_[0]['passhash'] === md5($_POST['loginpass'])) {
//echo 'cool';
if($r_[0]['controlhash'] != '') {
$end .= '<div class="userMsg">Utilisateur non validé.</div>';
} else {
$_SESSION['user'] = $this->user = $r_[0]['user'];
$_SESSION['UserLevel'] = $this->userLevel = $r_[0]['level'];
$_SESSION['UserID'] = $r_[0]['id'];
if($_SESSION['UserLevel'] > 5) {
$_SESSION['IsAdmin'] = 1;
} else {
$_SESSION['IsAdmin'] = 0;
}
}
} else {
$end .= '<div class="userMsg">mauvais login/pass.</div>';
}
}
if(!empty($_SESSION['user']) && $_SESSION['user'] !== 'visiteur') {
$r .= '<div class="userName">Vous êtes '. htmlspecialchars($_SESSION['user']). '</div>';
$r .= '<div class="logOut"><a href="/member.html" title="fiche membre"><img src="/images/personal_16.png" alt="profil"/></a></div>';
$r .= '<div class="logOut"><a href="/logout.php" title="Se déconnecter"><img src="/images/stop_16.png" alt="deconnexion"/></a></div>';
} else {
$r .= $this->loginForm($_SERVER['REQUEST_URI']);
}
return $r . $end;
}
/**
* Liste les membres non administrateurs
*
* @return array
*/
public function listMembers() {
$sql = 'SELECT id,user,email,inscription,level FROM '.$this->usersTable;
$sql .= ' WHERE level > 0 AND level < 5 ';
$sql .= 'ORDER BY level DESC, id ASC';
$r = $this->conn->arrayQuery($sql);
return $r;
}
/**
* Liste les administrateurs
*
* @return array
*/
public function listAdmins() {
$sql = 'SELECT id,user,email,inscription,level FROM '.$this->usersTable;
$sql .= ' WHERE level > 4 ';
$sql .= 'ORDER BY level DESC, id ASC';
$r = $this->conn->arrayQuery($sql);
return $r;
}
/**
* Liste des utilisateurs
*
* @return array
*/
public function listUsers() {
//$sql = "SELECT * FROM project_users ORDER BY level DESC, id ASC ";
$sql = 'SELECT id,user,email,inscription,level,controlhash FROM project_users ORDER BY level DESC, id ASC ';
$r = $this->conn->arrayQuery($sql);
return $r;
}
public function inscriptionForm($action, $default_values=array(), $display_level=true) {
if(isset($default_values['pseudo'])) {
$pseudo = $default_values['pseudo'];
} else {
$pseudo = '';
}
if(isset($default_values['email'])) {
$email = $default_values['email'];
} else {
$email = '';
}
if(isset($default_values['nom'])) {
$nom = $default_values['nom'];
} else {
$nom = '';
}
if(isset($default_values['prenom'])) {
$prenom = $default_values['prenom'];
} else {
$prenom = '';
}
if(isset($default_values['id'])) {
$id = $default_values['id'];
} else {
$id = '';
}
$r = '';
$r .= '<form id="userChangeForm" method="post" action="'.htmlspecialchars($action).'" >';
$r .= '<p><input class="displayNone" type="hidden" name="id" value="'.htmlspecialchars($id).'" /></p>';
$r .= '<ul><li class="ok"><label for="pseudo"><input type="text" name="pseudo" value="'.htmlspecialchars($pseudo).'" id="pseudo" />Pseudo*</label></li>';
$r .= '<!--<div><label for="pass"><input type="password" name="password" value="" />Mot de passe*</label></div>';
$r .= '<li><label for="pass2"><input type="password" name="password2" value="" />Retaper Mot de passe*</label></li>-->';
$r .= '<li class="ok"><label for="email"><input type="text" name="email" value="'.htmlspecialchars($email).'" id="email" />Email*</label></li>';
/*
$r .= '<li class="info"><label for="nom"><input type="text" name="nom" value="'.htmlspecialchars($nom).'" id="nom" /> Nom</label></li>';
$r .= '<li class="info"><label for="prenom"><input type="text" name="prenom" value="'.htmlspecialchars($prenom).'" id="prenom" /> Prénom</label></li>';
*/
if($display_level) {
$r .= '<li class="ok"><label for="level"><select name="level">'."\n";
foreach(range(0,10) as $v) {
if(isset($default_values['level']) && $default_values['level'] == $v) {
$selected = ' selected="selected" ';
} else {
$selected = '';
}
$r .= '<option value="'.$v.'"'.$selected.'>'.$v.'</option>'."\n";
}
$r .= '</select>Level</label></li>';
$r .= '';
}
if(isset($_GET['action']) && $_GET['action'] === 'modif') {
$r .= '<li><input type="submit" value="Modifier cet utilisateur" name="modifuser" /></li>';
} else {
$r .= '<li><input type="submit" value="Nouvel utilisateur" name="newuser" /></li>';
}
$r .= '</ul></form>';
return $r;
}
public function emailExistsInDB($email) {
$sql = "SELECT id,user FROM project_users WHERE email = '".$this->SQLescape($email)."' ";
return $this->conn->arrayQuery($sql);
}
}
?>
Les tables SQLite
Cette interface utilise uniquement des bases de données SQLite, voici les tables utilisées :
CREATE TABLE project_users ( id INTEGER AUTOINCREMENT, user VARCHAR , email VARCHAR , firstname VARCHAR , lastname VARCHAR , passhash VARCHAR, controlhash VARCHAR, inscription DATETIME, level INT , description TEXT, PRIMARY KEY(id) )
CREATE TABLE project_lost_pass ( id INTEGER AUTOINCREMENT, user INTEGER , controlhash VARCHAR, modification DATETIME, PRIMARY KEY(id) )
CREATE TABLE pub ( id INTEGER AUTOINCREMENT, nom_site VARCHAR , url_site VARCHAR , description_site VARCHAR, contact_site VARCHAR, url_banniere VARCHAR, url_logo VARCHAR, date_debut DATETIME, date_fin DATETIME, affichages INT, limite_affichages INT, valide INT , PRIMARY KEY(id) )
CREATE TABLE project_faq ( id INTEGER AUTOINCREMENT, question VARCHAR , response VARCHAR , cat INTEGER, valide INT , PRIMARY KEY(id) )
CREATE TABLE project_faq_cat ( id INTEGER AUTOINCREMENT, name VARCHAR , description VARCHAR , PRIMARY KEY(id) )
CREATE TABLE project_files ( id INTEGER AUTOINCREMENT, user VARCHAR , file VARCHAR , directory VARCHAR, add_date DATETIME, hash VARCHAR, valide INT , PRIMARY KEY(id) )
CREATE TABLE old_project_files ( id INTEGER AUTOINCREMENT, user VARCHAR , file VARCHAR , directory VARCHAR, add_date DATETIME, del_date DATETIME, hash VARCHAR, PRIMARY KEY(id) )
CREATE TABLE project_wall ( id INTEGER AUTOINCREMENT, name VARCHAR , add_date DATETIME, description VARCHAR, code TEXT, valide INT , PRIMARY KEY(id) )
