· 8 years ago · Jun 19, 2017, 07:08 PM
1<?
2
3 /*
4
5 USERS_LOGIN :
6
7 id INT(11) NOT NULL AUTO_INCREMENT,
8 caps INT(5)
9 email VARCHAR(150) NOT NULL,
10 pwd VARCHAR(20) NOT NULL,
11
12
13 */
14
15 /*
16
17 USERS_INFORMATIONS :
18
19 hash VARCHAR(20) NOT NULL,
20 civility INT(1),
21 first_name VARCHAR(150),
22 last_name VARCHAR(200),
23 date_of_bird TIMESTAMP,
24 company VARCHAR(255),
25 mailing_address VARCHAR(255),
26 zip_code VARCHAR(5),
27 town VARCHAR(150),
28 country VARCHAR(255),
29 phone VARCHAR(20),
30 mobile VARCHAR(20),
31 fax VARCHAR(20),
32 newsletter BOOL,
33
34
35 */
36
37 require_once($GLOBALS['e-commerce']['server-root'].'/inc/db.inc.php');
38 require_once($GLOBALS['e-commerce']['server-root'].'/inc/errors.inc.php');
39
40 // Création d'une session afin de stocker, si le loggin est réussi, les renseignements
41
42 session_start();
43 header('Cache-control: private');
44
45 define('SECRET_KEY', "XUyJAJ");
46
47 // Droits des utilisateurs
48
49 define('CAP_USER_AUTH', 0x00000001);
50 define('CAP_USER_ADMIN', 0x00000002);
51
52 define('CAP_ITEM_ADD', 0x00000010);
53 define('CAP_ITEM_EDIT', 0x00000020);
54 define('CAP_ITEM_DELETE', 0x00000040);
55
56 // Classe des utilisateurs
57
58 class Users_Informations
59 {
60 var $civility;
61 var $first_name;
62 var $last_name;
63 var $date_of_birth;
64 var $company;
65 var $mailing_address;
66 var $zip_code;
67 var $town;
68 var $country;
69 var $phone;
70 var $mobile;
71 var $fax;
72 var $newsletter;
73
74 function __construct($data)
75 {
76 $this->civility = $data['civility'];
77 $this->first_name = $data['first_name'];
78 $this->last_name = $data['last_name'];
79 $this->date_of_birth = $data['date_of_birth'];
80 $this->company = $data['company'];
81 $this->mailing_address = $data['mailing_address'];
82 $this->zip_code = $data['zip_code'];
83 $this->town = $data['town'];
84 $this->country = $data['country'];
85 $this->phone = $data['phone'];
86 $this->mobile = $data['mobile'];
87 $this->fax = $data['fax'];
88 $this->newsletter = $data['newsletter']; //bool
89 }
90
91 function &load_informations($hash)
92 {
93 $query = "SELECT * FROM USERS_INFORMATIONS WHERE hash = $hash";
94 $res = mysql_query(db(), $query);
95 if ($res == false)
96 return null;
97 $data = mysql_fetch_array($res);
98 return &new Users_Informations($data);
99 }
100 }
101
102 class User
103 {
104 var $id;
105 var $caps;
106 var $email;
107
108 var $_pwd;
109
110 var $personnal_informations;
111
112 function __construct($data)
113 {
114 $this->id = $data['id'];
115 $this->_pwd = $data['password'];
116 $this->caps = $data['caps'];
117 $this->email = $data['email'];
118
119 $this->personnal_informations = null;
120 }
121
122 function authenticate($pwd)
123 {
124 if (!($this->caps & CAP_USER_AUTH))
125 return false;
126
127 return $this->_pwd == sha1($pwd);
128 }
129
130 function login()
131 {
132 $_SESSION['umail'] = $this->email;
133 }
134
135 function __destruct()
136 {
137 $_SESSION = Array();
138 session_destroy();
139 }
140
141 function load_personnal_informations()
142 {
143 $hash = sha1( sha1($this->id) . SECRET_KEY . sha1($this->email) );
144 $this->personnal_informations = Users_Informations::load_informations($hash);
145 }
146
147 function unload_personnal_informations()
148 {
149 $this->personnal_informations = null;
150 }
151
152 function &load($id)
153 {
154 $id = db_format_value($id);
155 $query = "SELECT * FROM USERS_LOGIN WHERE id = $id";
156 $res = mysql_query(db(), $query);
157 if ($res === false)
158 return null;
159
160 $data = mysql_fetch_array($res);
161 return new User($data);
162 }
163
164 function &search($email = null)
165 {
166 $query = 'SELECT * FROM USERS_LOGIN';
167 if ($email !== null)
168 {
169 $email = db_format_value($email);
170 $query .= " WHERE email = $email";
171 }
172 $res = mysql_query(db(), $query);
173 if ($res === false)
174 return null;
175
176 $users = Array();
177 while ($data = mysql_fetch_array($res))
178 $users[] = &new User($data);
179
180 return $users;
181 }
182
183 function ¤t()
184 {
185 static $user = null;
186
187 if ($user !== null)
188 return $user;
189
190 if (isset($_SESSION['umail']))
191 {
192 $users = &User::search($_SESSION['umail']);
193 if (count($users) > 0)
194 $user = $users[0];
195 }
196
197 return $user;
198 }
199
200 }
201
202 class Users_SQL extends Users
203 {
204 var $_errors;
205
206 function create($data)
207 {
208 $_errors = new Errors();
209 $exist = &parrent::search($data['email']);
210 if ($exist)
211 $_errors->add("email", $data['email'], "L'adresse mail &value est déjà utilisée.");
212 else
213 {
214
215 if (empty($this->email))
216 $_errors->add("email", null, "L'adresse mail doit être renseignée!");
217
218 if (empty($this->pwd))
219 $_errors->add("email", null, "Le mot de passe doit être renseigné!");
220
221 $validMail = "/^[^0-9][A-z0-9_]+([.][A-z0-9_]+)*[@][A-z0-9_]+([.][A-z0-9_]+)*[.][A-z]{2,4}$/";
222 $validPassword = "/^.*(?=.{8,})(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).*$/";
223
224 if (!preg_match($validMail, $data['email']))
225 $_errors->add("email", $data['email'], "L'adresse mail &value n'est pas valide");
226
227 else
228 {
229 if (!preg_match($validPassword, $data['pwd']))
230 $_errors->add("pwd", $data['pwd'], "Le mot de passe n'est pas valide");
231 else
232 {
233 $email = db_format_value($data['email']);
234 $pwd = db_format_value($data['pwd']);
235
236 $pwd = sha1($pwd);
237
238 $query = 'INSERT into USERS_LOGIN ';
239 $query .= '(id, caps, email, pwd)';
240 $query .= "VALUES(NULL, 0, $this->email, $pwd)";
241
242 $res = mysql_query($query, db());
243
244 if (mysql_error())
245 $_errors->add("mysql", mysql_error(), "Erreur mySQL >> &value");
246 }
247
248 }
249 }
250
251 return $_errors; // NULL IF EMPTY
252 }
253 }
254
255?>