Connexion system working

This commit is contained in:
Phyks 2013-08-09 00:44:43 +02:00
parent c72585c95b
commit d09760e3da
13 changed files with 201 additions and 19 deletions

2
TODO
View File

@ -1,2 +1,4 @@
* i18n
* Vérification des variables dans les classes + throw exception
* tokens + ban system
* TRUNCATE before CREATE TABLE in install.php

View File

@ -2,7 +2,6 @@
require_once('config.php');
class Storage {
private $host, $login, $password, $db;
private $connection = null;
public function __construct() {
@ -81,19 +80,50 @@ class Storage {
}
}
public function load($fields = NULL) {
$query = 'SELECT ';
$i = false;
foreach($this->fields as $field=>$type) {
if($i) { $query .= ','; } else { $i = true; }
$query .= $field;
}
$query .= ' FROM '.MYSQL_PREFIX.$this->TABLE_NAME;
if(!empty($fields) && is_array($fields)) {
$i = true;
foreach($fields as $field=>$value) {
if($i) { $query .= ' WHERE '; $i = false; } else { $query .= ' AND '; }
$query .= $field.'=:'.$field;
}
}
$query = $this->connection->prepare($query);
if(!empty($fields) && is_array($fields)) {
foreach($fields as $field=>$value) {
$query->bindParam(':'.$field, $value);
}
}
$query->execute();
return $query->fetchAll();
}
public function save() {
if(!empty($this->id)) {
$query = 'UPDATE `'.MYSQL_PREFIX.$this->TABLE_NAME.'` SET ';
$query = 'UPDATE '.MYSQL_PREFIX.$this->TABLE_NAME.' SET ';
$i = false;
foreach($this->fields as $field=>$type) {
if($i) { $query .= ','; } else { $i = true; }
$id = $this->$field;
$query .= '`'.$field.'` = "'.$this($id).'"';
$query .= $field.'=:'.$field;
}
$query .= 'WHERE `id`="'.$this->id.'"';
$query .= 'WHERE id='.$this->id;
}
else {
$query = 'INSERT INTO '.MYSQL_PREFIX.$this->TABLE_NAME.'(';
@ -116,6 +146,7 @@ class Storage {
$query .= ')';
}
$query = $this->connection->prepare($query);
foreach($this->fields as $field=>$type) {

View File

@ -27,13 +27,17 @@ class User extends Storage {
public function getAdmin() {
return $this->admin;
}
public function setId($id) {
$this->id = $id;
}
public function setLogin($login) {
$this->login = $login;
}
public function setPassword($password) {
$this->password = User::encrypt($password);
$this->password = $password;
}
public function setAdmin($admin) {
@ -44,7 +48,33 @@ class User extends Storage {
return crypt($text, SALT);
}
public function check_password($password) {
public function checkPassword($password) {
return User::encrypt($password) == $this->password;
}
public function exists() {
$user_data = $this->load(array('login'=>$this->login));
if(count($user_data) == 1) {
$this->setAdmin($user_data[0]['admin']);
$this->setPassword($user_data[0]['password']);
return true;
}
else {
return false;
}
}
public function sessionStore() {
return serialize(array('id'=>$this->id, 'login'=>$this->login, 'password'=>$this->password, 'admin'=>$this->admin));
}
public function sessionRestore($serialized_data) {
$user_data = unserialize($serialized_data);
$this->setId($user_data['id']);
$this->setLogin($user_data['login']);
$this->setPassword($user_data['password']);
$this->setAdmin($user_data['admin']);
}
}

View File

@ -7,4 +7,4 @@
define('MYSQL_PREFIX', 'bouffeatulm_');
define('INSTANCE_TITLE', 'Bouffe@Ulm');
define('BASE_URL', 'http://localhost/Bouffe@Ulm/');
define('SALT', '$2a$10$AXnaxClN4pYlcXGfafGZCA==');
define('SALT', '$2a$10$Cg7T08hTORaxZgfCua1xyQ==');

View File

@ -1,6 +0,0 @@
<?php
if(!file_exists('inc/config.php')) header('location: install.php');
session_start();
require_once('inc/config.php');

View File

@ -1,2 +1,50 @@
<?php
require_once('inc/header.php');
if(!file_exists('inc/config.php')) header('location: install.php');
require_once('inc/config.php');
require_once('inc/User.class.php');
require_once('inc/rain.tpl.class.php');
raintpl::$tpl_dir = 'tpl/';
raintpl::$cache_dir = 'tmp/';
$tpl = new raintpl();
$tpl->assign('instance_title', INSTANCE_TITLE);
session_start();
$current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false);
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page
header('location: index.php?do=connect');
}
if(empty($_GET['do'])) {
$_GET['do'] = '';
}
switch($_GET['do']) {
case 'connect':
if($current_user !== false) header('location: index.php');
if(!empty($_POST['login']) && !empty($_POST['password'])) {
$current_user = new User();
$current_user->setLogin($_POST['login']);
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
$_SESSION['current_user'] = $current_user->sessionStore();
header('location: index.php');
exit();
}
else {
$error = "Unknown username/password.";
}
}
$tpl->draw('connexion');
break;
case 'disconnect':
$current_user = false;
session_destroy();
header('location: index.php?do=connect');
exit();
default:
break;
}

View File

@ -57,7 +57,7 @@
require_once('inc/User.class.php');
$admin = new User();
$admin->setLogin($_POST['admin_login']);
$admin->setPassword($_POST['admin_password']);
$admin->setPassword($admin->encrypt($_POST['admin_password']));
$admin->setAdmin(true);
$admin->save();
header('location: index.php');

View File

@ -0,0 +1,10 @@
<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
<h1><?php echo $instance_title;?> - Connexion</h1>
<form method="post" action="index.php?do=connect">
<p><label for="login">Username : </label><input type="text" name="login" id="login"/></p>
<p><label for="password">Password : </label><input type="password" name="password" id="password"/></p>
<p><input type="submit" value="Connect"/></p>
</form>

View File

@ -0,0 +1,9 @@
<?php if(!class_exists('raintpl')){exit;}?><!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<title><?php echo $instance_title;?></title>
<link rel="stylesheet" media="screen" type="text/css" href="tpl/./misc/style.css" />
<link rel="icon" href="tpl/./favicon.ico" />
</head>
<body>

View File

@ -0,0 +1,49 @@
<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
<h1><?php echo $title;?></h1>
<?php echo $notice;?>
<div id="menu">
<ul>
<li><a href="modif.php">Ajouter une dépense</a></li>
<li><a href="modif_password.php">Modifier le mot de passe</a></li>
<li><a href="rbmt.php">Consulter les remboursements</a></li>
</ul>
<?php if( $admin ){ ?>
<ul>
<li><a href="rbmt_admin.php">Gérer les rembourements</a></li>
<li><a href="copains.php">Modifier les copains</a></li>
<li><a href="modif_annonce.php">Modifier l'annonce d'accueil</a></li>
<li><a href="connexion.php?deco=1">Déconnexion</a></li>
</ul>
<?php } ?>
</div>
<div id="quick_summary">
<h2>Qui doit quoi ?</h2>
<p>Lire <em>ligne</em> doit <em>case</em> à <em>colonne</em>. Les liens permettent de confirmer le paiement des dettes.</p>
<table>
<tr>
<th>Doit\À</th>
</tr>
</table>
</div>
<div id="detailed_summary">
<h2>Dépenses détaillées du mois actuel</h2>
<table>
<tr>
<th>Date</th>
<th>Payé par</th>
<th>Participants</th>
<th>Montant</th>
<th>Menu</th>
<th>Modifier</th>
<th>Supprimer</th>
</tr>
</table>
</div>

9
tpl/connexion.html Normal file
View File

@ -0,0 +1,9 @@
{include="header"}
<h1>{$instance_title} - Connexion</h1>
<form method="post" action="index.php?do=connect">
<p><label for="login">Username : </label><input type="text" name="login" id="login"/></p>
<p><label for="password">Password : </label><input type="password" name="password" id="password"/></p>
<p><input type="submit" value="Connect"/></p>
</form>

View File

@ -2,7 +2,7 @@
<html lang="fr">
<head>
<meta charset="utf-8">
<title>Bouffe@Ulm</title>
<title>{$instance_title}</title>
<link rel="stylesheet" media="screen" type="text/css" href="misc/style.css" />
<link rel="icon" href="favicon.ico" />
</head>

View File

@ -1,6 +1,6 @@
{include="header"}
<h1>{$title}</h1>
<h1>{$instance_title}</h1>
{$notice}