[Noalyss-commit] [noalyss] 06/08: recover password

noalyss-commit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Noalyss-commit] [noalyss] 06/08: recover password

From:	Dany De Bontridder
Subject:	[Noalyss-commit] [noalyss] 06/08: recover password
Date:	Fri, 12 Jun 2015 19:40:15 +0000

sparkyx pushed a commit to branch master
in repository noalyss.

commit a000afb0708ee7315d39eb7b372bbf4724938171
Author: Dany De Bontridder <address@hidden>
Date:   Fri Jun 12 20:46:45 2015 +0200

    recover password
---
 html/index.php      |   35 +++++++++++-
 include/recover.php |  157 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 191 insertions(+), 1 deletions(-)

diff --git a/html/index.php b/html/index.php
index 5cfd77e..80295ff 100644
--- a/html/index.php
+++ b/html/index.php
@@ -208,9 +208,13 @@ if ( strlen(domaine) > 0 )
     $my_domain="Domaine : ".domaine;
 }
 
+if (defined("RECOVER") && isset ($_REQUEST['recover']) )
+{
+    require_once '../include/recover.php';
+}
 echo '
 <span 
style="background-color:#879ed4;color:white;padding-left:4px;padding-right:4px;">
-version  6.8.0.3 - '.$my_domain.'
+version  6.8.1.0 - '.$my_domain.'
 </span>
 <BR>
 <BR>
@@ -272,6 +276,35 @@ echo '
 </table>
 
 </form>
+<?php if (defined("RECOVER")) : ?>
+    <a id="recover_link" href="#">Mot de passe oublié ? </a>
+    
+<div id="recover_box" 
style="display:none;position:absolute;top:40%;z-index:1;border:solid blue 
2px;width:30%;margin-left: 25%;background-color: whitesmoke">
+    <span style="display:block;font-size:120%">Indiquez votre login ou votre 
email <span style="cursor: pointer;background-color: 
blue;color:wheat;right:0%;float: right" id="close"><a ref="#" 
id="close_link"><?php echo SMALLX?></a></span></span>
+            <form method="POST">
+                <input type="hidden" value="send_email" name="id">
+                <input type="hidden" value="recover" name="recover" >
+                <p>
+                login <input type="text"     class="input_text" name="login" 
nohistory>
+                </p>
+                <p>or</p> 
+                <p>
+                email <input type="text"  class="input_text" name="email" 
nohistory>
+                </p>
+                <input type="submit" class="button" name="send_email" 
value="Envoi email">
+                
+            </form>
+</div>
+    <script>
+        document.getElementById('recover_link').onclick=function() {
+            document.getElementById('recover_box').style.display="block";
+        }
+        document.getElementById('close_link').onclick=function() {
+            document.getElementById('recover_box').style.display="none";
+        }
+    </script>
+<?php endif; ?>
+        
 <div style="position:absolute;bottom: 0px;width:80%;right:10%">
     <p>Nous conseillons d'utiliser Firefox ou chrome.</p>
     <p>We recommend to use Firefox or Chrome.</p>
diff --git a/include/recover.php b/include/recover.php
new file mode 100644
index 0000000..04512b4
--- /dev/null
+++ b/include/recover.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ *   This file is part of PhpCompta.
+ *
+ *   PhpCompta is free software; you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation; either version 2 of the License, or
+ *   (at your option) any later version.
+ *
+ *   PhpCompta is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with PhpCompta; if not, write to the Free Software
+ *   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+// Copyright (2014) Author Dany De Bontridder <address@hidden>
+
+if (!defined('RECOVER'))
+    die('Appel direct ne sont pas permis');
+define('SIZE_REQUEST', 70);
+
+
+require_once 'class_html_input.php';
+/**
+ * @brief generate a random string of char
+ * @param $car int length of the string
+ */
+function generate_random($car)
+{
+    $string="";
+    $chaine="abcdefghijklmnpqrstuvwxyABCDEFGHIJKLMNPQRSTUVWXY0123456789";
+    srand((double) microtime()*1020030);
+    for ($i=0; $i<$car; $i++)
+    {
+        $string .= $chaine[rand()%strlen($chaine)];
+    }
+    return $string;
+}
+
+/**
+ * @file
+ * @brief 
+ * @param type $name Descriptionara
+ */
+$action=HtmlInput::default_value_request("id", "");
+if ($action=="") :
+    /*
+     * Display dialog box
+     */
+    ?>
+    Donnez votre login ou votre email
+    <form method="POST">
+        <input type="hidden" value="send_email" name="id">
+        <input type="hidden" value="recover" name="recover">
+        login <input type="text"   name="login">
+        or 
+        email <input type="text" name="email">
+        <input type="submit" name="send_email" value="Envoi email">
+    </form>
+    <?php
+elseif ($action=="send_email") :
+    require_once 'class_sendmail.php';
+    require_once 'class_database.php';
+    /*
+     * Check if user exists, if yes save a recover request
+     */
+    $login_input=HtmlInput::default_value_request("login", "");
+    $email_input=HtmlInput::default_value_request("email", "");
+    $cn=new Database(0);
+    $valid=false;
+    if (trim($login_input)!=""):
+        $array=$cn->get_array("select use_id,use_email,use_login from ac_users 
where lower(use_login)=lower($1) "
+               , array($login_input));
+    elseif (trim($email_input)!=""):
+        $array=$cn->get_array("select use_id,use_email,use_login from ac_users 
where  "
+                ."  lower(use_email)=lower($1) ", array( $email_input));
+
+    else:
+       return;
+    endif;
+
+
+    if ($cn->size()!=0):
+        list($user_id, $user_email, $user_login)=array_values($array[0]);
+        if (trim($user_email)!=" ") :
+            $valid=true;
+        endif;
+    endif;
+
+
+    if ($valid==true):
+        $request_id=generate_random(SIZE_REQUEST);
+        $user_password=generate_random(10);
+        /*
+         * save the request into 
+         */
+        $cn->exec_sql("insert into 
recover_pass(use_id,request,password,created_on,created_host) "
+                ." values ($1,$2,$3,now(),$4)", array($user_id, $request_id, 
$user_password, $_SERVER['REMOTE_ADDR']));
+
+        /*
+         * send an email
+         */
+        $mail=new Sendmail();
+        $mail->set_from(ADMIN_WEB);
+        $mail->mailto($user_email);
+        $mail->set_subject("NOALYSS : Réinitialisation de mot de passe");
+        $message=<<<EOF
+     Bonjour,
+      
+Une demande de réinitialisation de votre mot de passe a été demandée par 
{$_SERVER['REMOTE_ADDR']}
+   
+Votre nom d'utilisateur est {$user_login}
+Votre mot de passe est {$user_password}
+
+Suivez ce lien pour activer le changement ou ignorer ce message si vous n'êtes 
pas l'auteur de cette demande.
+Ce lien ne sera actif que 12 heures.
+   
+   
+   
http://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?recover&id=req&req={$request_id}
+   
+   Merci d'utiliser NOALYSS
+   
+Cordialement,
+
+Noalyss team
+      
+EOF;
+        $mail->set_message($message);
+        $mail->compose();
+        $mail->send();
+        echo '<p style="position:absolute;z-index:2;top:25px;left: 50px; 
background-color:whitesmoke;">
+L\'email a été envoyé avec un lien et le nouveau mot de passe, vérifiez vos 
spams</p>';
+    endif;
+elseif ($action=="req") :
+    $request_id=HtmlInput::default_value_request("req", "");
+    if (strlen(trim($request_id))==SIZE_REQUEST) :
+        require_once 'class_database.php';
+        $cn=new Database(0);
+
+        $value=$cn->get_value("select password from recover_pass where 
request=$1 and created_on > now() - interval '12 hours' and recover_on is 
null", array($request_id));
+        if ($cn->get_affected()>0) :
+            $cn->exec_sql("update ac_users set use_pass=md5(rp.password) from 
recover_pass as rp where rp.use_id=ac_users.use_id and request=$1", 
array($request_id));
+            $cn->exec_sql("update recover_pass set recover_by=$1 , 
recover_on=now() where request=$2", array($_SERVER['REMOTE_ADDR'],$request_id));
+            ?>
+    <p style="position:absolute;z-index:2;top:25px;left: 50px; 
background-color:whitesmoke;">
+            Opération réussie , vous pouvez vous connecter avec votre nouveau 
mot de passe
+             
+    </p>
+            <?php
+        endif;
+    else:
+        die("Requête inconnue");
+    endif;
+endif;

[Prev in Thread]

Current Thread

[Next in Thread]

[Noalyss-commit] [noalyss] branch master updated (8a31fb3 -> 7ed39ae), Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 01/08: documentation, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 02/08: fix bug for too long accounting number, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 04/08: fix bug for too long accounting number, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 05/08: typo profile -> profil, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 08/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 06/08: recover password, Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 07/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 03/08: Traduction, Dany De Bontridder, 2015/06/12

Prev by Date: [Noalyss-commit] [noalyss] 08/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde
Next by Date: [Noalyss-commit] [noalyss] 07/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde
Previous by thread: [Noalyss-commit] [noalyss] 08/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde
Next by thread: [Noalyss-commit] [noalyss] 07/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde
Index(es):
- Date
- Thread