· 8 years ago · Jul 18, 2017, 09:22 AM
1<?
2
3 /*
4
5 USERS_LOGIN :
6
7 id INT(11) NOT NULL AUTO_INCREMENT,
8 caps INT(5)
9 email VARCHAR(150) NOT NULL,
10 pwd VARCHAR(20) NOT NULL,
11
12
13 */
14
15 /*
16
17 USERS_INFORMATIONS :
18
19 hash VARCHAR(20) NOT NULL,
20 civility INT(1),
21 first_name VARCHAR(150), //PRENOM
22 last_name VARCHAR(200),
23 date_of_bird TIMESTAMP,
24 company VARCHAR(255),
25 mailing_address VARCHAR(255),
26 zip_code VARCHAR(5),
27 town VARCHAR(150),
28 country VARCHAR(255),
29 phone VARCHAR(20),
30 mobile VARCHAR(20),
31 fax VARCHAR(20),
32 newsletter BOOL,
33
34
35 */
36
37 //require_once($GLOBALS['e-commerce']['server-root'].'/inc/db.inc.php');
38 //require_once($GLOBALS['e-commerce']['server-root'].'/inc/class.errors.php');
39
40 // Création d'une session afin de stocker, si le loggin est réussi, les renseignements
41
42 header('Cache-control: private');
43
44 define('SECRET_KEY', "XUyJAJ");
45
46 // Droits des utilisateurs
47
48 define('CAP_USER_AUTH', 0x00000001);
49 define('CAP_USER_ADMIN', 0x00000002);
50
51 define('CAP_ITEM_ADD', 0x00000010);
52 define('CAP_ITEM_EDIT', 0x00000020);
53 define('CAP_ITEM_DELETE', 0x00000040);
54
55 // Classe des utilisateurs
56
57 class Users_Informations
58 {
59 var $civility;
60 var $first_name;
61 var $last_name;
62 var $date_of_birth;
63 var $company;
64 var $mailing_address;
65 var $zip_code;
66 var $town;
67 var $country;
68 var $phone;
69 var $mobile;
70 var $fax;
71 var $newsletter;
72
73 function __construct($data)
74 {
75 $this->civility = $data['civility'];
76 $this->first_name = $data['first_name'];
77 $this->last_name = $data['last_name'];
78 $this->date_of_birth = $data['date_of_birth'];
79 $this->company = $data['company'];
80 $this->mailing_address = $data['mailing_address'];
81 $this->zip_code = $data['zip_code'];
82 $this->town = $data['town'];
83 $this->country = $data['country'];
84 $this->phone = $data['phone'];
85 $this->mobile = $data['mobile'];
86 $this->fax = $data['fax'];
87
88 if (isset($data['newsletter']))
89 $this->newsletter = 1; //bool
90 else
91 $this->newsletter = 0; //bool
92 }
93
94 function &load_informations($hash)
95 {
96 $query = "SELECT * FROM " . USERS_INFORMATIONS . " WHERE hash = $hash";
97 $res = mysql_query($query, db());
98 if ($res == false)
99 return null;
100 $data = mysql_fetch_array($res);
101 $ret = &new Users_Informations($data);
102 return $ret;
103 }
104 }
105
106 class User
107 {
108 var $id;
109 var $caps;
110 var $email;
111
112 var $_pwd;
113
114 var $personnal_informations;
115
116 function __construct($data)
117 {
118 $this->id = $data['id'];
119 $this->_pwd = $data['pwd'];
120 $this->caps = $data['caps'];
121 $this->email = $data['email'];
122
123 $this->personnal_informations = null;
124 }
125
126 function logout()
127 {
128 foreach($this as $key => $value)
129 unset($this->$key);
130
131 $_SESSION = Array();
132 @session_destroy();
133 }
134
135 function authenticate($pwd)
136 {
137 if (!($this->caps & CAP_USER_AUTH))
138 return false;
139
140 return $this->_pwd == sha1($pwd);
141 }
142
143 function login()
144 {
145 $_SESSION['umail'] = $this->email;
146 }
147
148 function load_personnal_informations()
149 {
150 $hash = sha1( sha1($this->id) . SECRET_KEY . sha1($this->email) );
151 $this->personnal_informations = Users_Informations::load_informations($hash);
152 }
153
154 function unload_personnal_informations()
155 {
156 $this->personnal_informations = null;
157 }
158
159 function &load($id)
160 {
161 $id = db_format_value($id);
162 $query = "SELECT * FROM " . USERS_LOGIN . " WHERE id = $id";
163 $res = mysql_query($query, db());
164 if ($res === false)
165 return null;
166
167 $data = mysql_fetch_array($res);
168 return new User($data);
169 }
170
171 function &search($email = null)
172 {
173 $query = 'SELECT * FROM ' . USERS_LOGIN;
174 if ($email !== null)
175 {
176 $email = db_format_value($email);
177 $query .= " WHERE email = $email";
178 }
179 $res = mysql_query($query, db());
180 if ($res === false)
181 return null;
182
183 $users = Array();
184 while ($data = mysql_fetch_array($res))
185 $users[] = &new User($data);
186
187 return $users;
188 }
189
190 function ¤t()
191 {
192 static $user = null;
193
194 if ($user !== null)
195 return $user;
196
197 if (isset($_SESSION['umail']))
198 {
199 $users = &User::search($_SESSION['umail']);
200 if (count($users) > 0)
201 $user = $users[0];
202 }
203 return $user;
204 }
205
206 }
207
208 class Users_SQL extends User
209 {
210 var $_errors;
211
212 function verify()
213 {
214 $this->_errors = new Errors();
215
216 $exist = &parent::search($this->email);
217 if ($exist)
218 $this->_errors->add("email", $this->email, "L'adresse mail &value est déjà utilisée.");
219 else
220 {
221 if (empty($this->email))
222 $this->_errors->add("email", null, "L'adresse mail doit être renseignée!");
223
224 if (empty($this->_pwd))
225 $this->_errors->add("email", null, "Le mot de passe doit être renseigné!");
226
227 $validMail = "/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/";
228 $validPassword = "/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/";
229
230 if (!preg_match($validMail, $this->email))
231 $this->_errors->add("email", $this->email, "L'adresse mail &value n'est pas valide");
232
233 else
234 {
235 if (!preg_match($validPassword, $this->_pwd))
236 $this->_errors->add("pwd", $this->_pwd, "Le mot de passe n'est pas valide");
237 else
238 {
239 return null;
240 }
241
242 }
243 }
244
245 return $this->_errors; // NULL IF EMPTY
246 }
247
248 function insert()
249 {
250 $info = array(
251 "caps" => db_format_value(CAP_USER_AUTH),
252 "email" => db_format_value($this->email),
253 "pwd" => db_format_value(sha1($this->_pwd))
254 );
255 $query = db_insert_sql($info, USERS_LOGIN);
256 $res = mysql_query($query, db());
257
258 if (mysql_error())
259 {
260 $this->_errors->add("mysql", mysql_error(), "Erreur mySQL >> &value");
261 return $this->_errors;
262 }
263 else
264 return null;
265 }
266
267 }
268
269 class Users_Informations_SQL extends Users_Informations
270 {
271 var $_errors;
272
273 function verify()
274 {
275 $this->_errors = new Errors();
276
277 if (empty($this->first_name))
278 $this->_errors->add("first_name", null, "Le prénom doit être renseigné!");
279
280 if (empty($this->last_name))
281 $this->_errors->add("last_name", null, "Le nom doit être renseigné!");
282
283 if (empty($this->date_of_birth))
284 $this->_errors->add("date_of_birth", null, "La date de naissance doit être renseignée!");
285
286 if (empty($this->mailing_address))
287 $this->_errors->add("mailing_address", null, "L'adresse doit être renseignée!");
288
289 if (empty($this->zip_code))
290 $this->_errors->add("zip_code", null, "Le code postal doit être renseigné!");
291
292 if (empty($this->town))
293 $this->_errors->add("town", null, "La ville doit être renseignée!");
294
295 if (empty($this->country))
296 $this->_errors->add("country", null, "Le pays doit être renseigné!");
297
298 if ($this->_errors->count() == 0)
299 {
300 return null;
301 }
302 else
303 return $this->_errors;
304 }
305
306 function insert($email)
307 {
308
309 $currentUser = User::search($email);
310 $currentUser = $currentUser ? $currentUser[0] : exit;
311
312 $hash = sha1( sha1($currentUser->id) . SECRET_KEY . sha1($currentUser->email) );
313
314 date_default_timezone_set('Europe/Brussels');
315
316 $info = array(
317 "hash" => db_format_value($hash),
318 "civility" => db_format_value($this->civility),
319 "first_name" => db_format_value($this->first_name),
320 "last_name" => db_format_value($this->last_name),
321 "date_of_birth" => db_format_value(date("Y-m-d H:i:s", strtotime(preg_replace('/\//', '.', $this->date_of_birth)))),
322 "mailing_address" => db_format_value($this->mailing_address),
323 "zip_code" => db_format_value($this->zip_code),
324 "town" => db_format_value($this->town),
325 "country" => db_format_value($this->country),
326 "phone" => db_format_value($this->phone),
327 "mobile" => db_format_value($this->mobile),
328 "fax" => db_format_value($this->fax),
329 "newsletter" => db_format_value(true)
330 );
331 $query = db_insert_sql($info, USERS_INFORMATIONS);
332 $res = mysql_query($query, db());
333
334 if (mysql_error())
335 {
336 $this->_errors->add("mysql", mysql_error(), "Erreur mySQL >> &value");
337 return $this->_errors;
338 }
339 else
340 return null;
341 }
342 }
343
344?>