[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Noalyss-commit] [noalyss] 06/08: recover password
From: |
Dany De Bontridder |
Subject: |
[Noalyss-commit] [noalyss] 06/08: recover password |
Date: |
Fri, 12 Jun 2015 19:40:15 +0000 |
sparkyx pushed a commit to branch master
in repository noalyss.
commit a000afb0708ee7315d39eb7b372bbf4724938171
Author: Dany De Bontridder <address@hidden>
Date: Fri Jun 12 20:46:45 2015 +0200
recover password
---
html/index.php | 35 +++++++++++-
include/recover.php | 157 +++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 191 insertions(+), 1 deletions(-)
diff --git a/html/index.php b/html/index.php
index 5cfd77e..80295ff 100644
--- a/html/index.php
+++ b/html/index.php
@@ -208,9 +208,13 @@ if ( strlen(domaine) > 0 )
$my_domain="Domaine : ".domaine;
}
+if (defined("RECOVER") && isset ($_REQUEST['recover']) )
+{
+ require_once '../include/recover.php';
+}
echo '
<span
style="background-color:#879ed4;color:white;padding-left:4px;padding-right:4px;">
-version 6.8.0.3 - '.$my_domain.'
+version 6.8.1.0 - '.$my_domain.'
</span>
<BR>
<BR>
@@ -272,6 +276,35 @@ echo '
</table>
</form>
+<?php if (defined("RECOVER")) : ?>
+ <a id="recover_link" href="#">Mot de passe oublié ? </a>
+
+<div id="recover_box"
style="display:none;position:absolute;top:40%;z-index:1;border:solid blue
2px;width:30%;margin-left: 25%;background-color: whitesmoke">
+ <span style="display:block;font-size:120%">Indiquez votre login ou votre
email <span style="cursor: pointer;background-color:
blue;color:wheat;right:0%;float: right" id="close"><a ref="#"
id="close_link"><?php echo SMALLX?></a></span></span>
+ <form method="POST">
+ <input type="hidden" value="send_email" name="id">
+ <input type="hidden" value="recover" name="recover" >
+ <p>
+ login <input type="text" class="input_text" name="login"
nohistory>
+ </p>
+ <p>or</p>
+ <p>
+ email <input type="text" class="input_text" name="email"
nohistory>
+ </p>
+ <input type="submit" class="button" name="send_email"
value="Envoi email">
+
+ </form>
+</div>
+ <script>
+ document.getElementById('recover_link').onclick=function() {
+ document.getElementById('recover_box').style.display="block";
+ }
+ document.getElementById('close_link').onclick=function() {
+ document.getElementById('recover_box').style.display="none";
+ }
+ </script>
+<?php endif; ?>
+
<div style="position:absolute;bottom: 0px;width:80%;right:10%">
<p>Nous conseillons d'utiliser Firefox ou chrome.</p>
<p>We recommend to use Firefox or Chrome.</p>
diff --git a/include/recover.php b/include/recover.php
new file mode 100644
index 0000000..04512b4
--- /dev/null
+++ b/include/recover.php
@@ -0,0 +1,157 @@
+<?php
+/*
+ * This file is part of PhpCompta.
+ *
+ * PhpCompta is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * PhpCompta is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with PhpCompta; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ */
+// Copyright (2014) Author Dany De Bontridder <address@hidden>
+
+if (!defined('RECOVER'))
+ die('Appel direct ne sont pas permis');
+define('SIZE_REQUEST', 70);
+
+
+require_once 'class_html_input.php';
+/**
+ * @brief generate a random string of char
+ * @param $car int length of the string
+ */
+function generate_random($car)
+{
+ $string="";
+ $chaine="abcdefghijklmnpqrstuvwxyABCDEFGHIJKLMNPQRSTUVWXY0123456789";
+ srand((double) microtime()*1020030);
+ for ($i=0; $i<$car; $i++)
+ {
+ $string .= $chaine[rand()%strlen($chaine)];
+ }
+ return $string;
+}
+
+/**
+ * @file
+ * @brief
+ * @param type $name Descriptionara
+ */
+$action=HtmlInput::default_value_request("id", "");
+if ($action=="") :
+ /*
+ * Display dialog box
+ */
+ ?>
+ Donnez votre login ou votre email
+ <form method="POST">
+ <input type="hidden" value="send_email" name="id">
+ <input type="hidden" value="recover" name="recover">
+ login <input type="text" name="login">
+ or
+ email <input type="text" name="email">
+ <input type="submit" name="send_email" value="Envoi email">
+ </form>
+ <?php
+elseif ($action=="send_email") :
+ require_once 'class_sendmail.php';
+ require_once 'class_database.php';
+ /*
+ * Check if user exists, if yes save a recover request
+ */
+ $login_input=HtmlInput::default_value_request("login", "");
+ $email_input=HtmlInput::default_value_request("email", "");
+ $cn=new Database(0);
+ $valid=false;
+ if (trim($login_input)!=""):
+ $array=$cn->get_array("select use_id,use_email,use_login from ac_users
where lower(use_login)=lower($1) "
+ , array($login_input));
+ elseif (trim($email_input)!=""):
+ $array=$cn->get_array("select use_id,use_email,use_login from ac_users
where "
+ ." lower(use_email)=lower($1) ", array( $email_input));
+
+ else:
+ return;
+ endif;
+
+
+ if ($cn->size()!=0):
+ list($user_id, $user_email, $user_login)=array_values($array[0]);
+ if (trim($user_email)!=" ") :
+ $valid=true;
+ endif;
+ endif;
+
+
+ if ($valid==true):
+ $request_id=generate_random(SIZE_REQUEST);
+ $user_password=generate_random(10);
+ /*
+ * save the request into
+ */
+ $cn->exec_sql("insert into
recover_pass(use_id,request,password,created_on,created_host) "
+ ." values ($1,$2,$3,now(),$4)", array($user_id, $request_id,
$user_password, $_SERVER['REMOTE_ADDR']));
+
+ /*
+ * send an email
+ */
+ $mail=new Sendmail();
+ $mail->set_from(ADMIN_WEB);
+ $mail->mailto($user_email);
+ $mail->set_subject("NOALYSS : Réinitialisation de mot de passe");
+ $message=<<<EOF
+ Bonjour,
+
+Une demande de réinitialisation de votre mot de passe a été demandée par
{$_SERVER['REMOTE_ADDR']}
+
+Votre nom d'utilisateur est {$user_login}
+Votre mot de passe est {$user_password}
+
+Suivez ce lien pour activer le changement ou ignorer ce message si vous n'êtes
pas l'auteur de cette demande.
+Ce lien ne sera actif que 12 heures.
+
+
+
http://{$_SERVER['SERVER_NAME']}{$_SERVER['SCRIPT_NAME']}?recover&id=req&req={$request_id}
+
+ Merci d'utiliser NOALYSS
+
+Cordialement,
+
+Noalyss team
+
+EOF;
+ $mail->set_message($message);
+ $mail->compose();
+ $mail->send();
+ echo '<p style="position:absolute;z-index:2;top:25px;left: 50px;
background-color:whitesmoke;">
+L\'email a été envoyé avec un lien et le nouveau mot de passe, vérifiez vos
spams</p>';
+ endif;
+elseif ($action=="req") :
+ $request_id=HtmlInput::default_value_request("req", "");
+ if (strlen(trim($request_id))==SIZE_REQUEST) :
+ require_once 'class_database.php';
+ $cn=new Database(0);
+
+ $value=$cn->get_value("select password from recover_pass where
request=$1 and created_on > now() - interval '12 hours' and recover_on is
null", array($request_id));
+ if ($cn->get_affected()>0) :
+ $cn->exec_sql("update ac_users set use_pass=md5(rp.password) from
recover_pass as rp where rp.use_id=ac_users.use_id and request=$1",
array($request_id));
+ $cn->exec_sql("update recover_pass set recover_by=$1 ,
recover_on=now() where request=$2", array($_SERVER['REMOTE_ADDR'],$request_id));
+ ?>
+ <p style="position:absolute;z-index:2;top:25px;left: 50px;
background-color:whitesmoke;">
+ Opération réussie , vous pouvez vous connecter avec votre nouveau
mot de passe
+
+ </p>
+ <?php
+ endif;
+ else:
+ die("Requête inconnue");
+ endif;
+endif;
- [Noalyss-commit] [noalyss] branch master updated (8a31fb3 -> 7ed39ae), Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 01/08: documentation, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 02/08: fix bug for too long accounting number, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 04/08: fix bug for too long accounting number, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 05/08: typo profile -> profil, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 08/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 06/08: recover password,
Dany De Bontridder <=
- [Noalyss-commit] [noalyss] 07/08: Ajout PJ pour opérations diverses + correction procédure de sauvegarde, Dany De Bontridder, 2015/06/12
- [Noalyss-commit] [noalyss] 03/08: Traduction, Dany De Bontridder, 2015/06/12