mougnibas/archinsa
2
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

presque finit la connection + validation de compte :D

Browse source
This commit is contained in:
thaaoblues 2024-08-15 23:57:12 +02:00
parent 414b460e20
commit dbc5f3bf28
21 changed files with 8150 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

62
api.php
View file

@ -14,6 +14,9 @@
include("bdd.php");
include('php-csrf.php');
include_once("utils/sendmail.php");
include_once("utils/token.php");
include_once("utils/inputs.php");
$csrf = new CSRF();
@ -140,6 +143,28 @@
break;
case "verification_inscription":
$succes = isset($_GET["token"]);
if(!$succes){
return $succes;
}
$token = htmlspecialchars($_GET["token"]);
$succes = verifier_utilisateur($token);
if($succes){
header("Location: utilisateur_valide.php");
//echo( json_encode(["status"=> 1,"msg"=> "Utilisateur verifié !" ]) );
}else{
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre vérification ou vous avez essayé de modifier le contenu de la requête :/" ]) );
}
break;
default:
echo(json_encode(['status'=> '2','msg'=> "Ce point d'arrivée n'existe pas dans l'api."]));
break;
@ -224,10 +249,12 @@
$password = $_POST['password'];
$succes = connecter_utilisateur(htmlspecialchars($username),$password);
if($succes){
echo( json_encode(["status"=> "1","msg"=> "Utilisateur connecté !" ]) );
}else{
echo( json_encode(["status"=> "0","msg"=> "Utilisateur inconnu ou informations d'identification erronées." ]) );
echo( json_encode(["status"=> "0","msg"=> "Utilisateur inconnu, non vérifié par mel ou informations d'identification erronées." ]) );
}
break;
@ -243,6 +270,9 @@
case "inscription":
if(!$csrf->validate($context='inscription',$_POST["jeton-csrf"])){
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) );
break;
@ -252,13 +282,35 @@
$password = $_POST['password'];
$nom_insa = $_POST['nom_insa'];
$username = assainir_et_valider_mel($username);
if($username == "[ERREUR_MEL_MALSAINT]"){
echo(json_encode(["status"=> "2","msg"=> "Votre adresse mel n'a pas passé les filtres de sécurité :/ ( MOUAHAHAHAHA )" ]));
break;
}
$password_hash = password_hash($password, PASSWORD_DEFAULT);
$succes = inscription_utilisateur(htmlspecialchars($username),$password_hash,$nom_insa);
$token = inscription_utilisateur(htmlspecialchars($username),$password_hash,$nom_insa);
$succes = $token != "[ERREUR]";
if($succes){
echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) );
$mailtest = new Mail();
$mailtest->setContent(
"Inscription sur Arch'INSA",
"https://127.0.0.1/archinsa/api.php/verification_inscription?token=".$token,
"Salut Salut !!",
"La validation du compte permettra de vous connecter et de publier du contenu sur Arch'INSA :D",
);
if(!$mailtest->send("mougnibas@insa-toulouse.fr", "Eh toi là !")) {
echo $mailtest->getError(); //si le mail n'a pas été envoyé
$succes = false;
}
}
if($succes){
echo( json_encode(["status"=> 1,"msg"=> "Pour finaliser l'inscription et pouvoir vous connecter, veuillez valider votre compte via le mel que nous vous avons envoyé :)" ]) );
}else{
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) );
echo( json_encode(["status"=> 0,"msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) );
}
break;
@ -271,5 +323,3 @@
}
?>

60
bdd.php
View file

@ -2,8 +2,9 @@
include("test_creds.php");
include_once("utils/token.php");
$conn = new mysqli($servername, $username, $password,$dbname);
$conn = new mysqli($servername, $db_username, $db_password,$dbname);
$uploadDir = 'archives/';
@ -396,6 +397,10 @@ function connecter_utilisateur($username,$password){
}
$stmt->close();
if($ret){
$ret=verifier_utilisateur($id);
}
return $ret;
}
@ -416,6 +421,12 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
$stmt->close();
$tok = new Token();
$user_id = mysqli_insert_id($conn);
$tok->Add($user_id);
/*
if($ret){
// met le statut de l'utilisateur à connecté pour lui eviter de se connecter just après l'inscription
$_SESSION["utilisateur_authentifie"] = true;
@ -423,9 +434,56 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
$_SESSION["admin"] = 0;
$_SESSION["nom_insa"] = $nom_insa;
$_SESSION["user_id"] = $conn->insert_id;
}*/
if($ret){
return $tok->getToken($user_id);
}else{
return "[ERREUR]";
}
}
function verifier_utilisateur($token){
global $conn;
$ret = 0;
$t_instance = new Token();
$user_id = $t_instance->getUserID($token);
if($t_instance->isValid($user_id, $token) && $user_id != -1) {
$t_instance->delete($user_id, $token);
$stmt = $conn->prepare("UPDATE users SET verifie=? WHERE id = ?");
$val=1;
$stmt->bind_param("ss",$val,$id_user);
$ret = $stmt->execute();
$stmt->close();
}
return $ret;
}
function utilisateur_est_verifie($user_id){
global $conn;
$stmt = $conn->prepare("SELECT verifie FROM users WHERE id = ?");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->store_result();
$ret = $stmt->num_rows > 0;
$verif = 0;
if($ret){
$stmt->bind_result($verif);
$ret = $stmt->fetch();
$stmt->close();
}
return $ret && ($verif == 1);
}
?>

12
index.php
View file

@ -35,7 +35,19 @@
<a href="connection.php" class="button color-red-tr" id="btn-connection">Se connecter</a>
<?php
}
if(isset($_SESSION["admin"]) && ($_SESSION["admin"] == 1)){
?>
<a href="validation.php" class="button color-red-tr" id="btn-validation">Validation des ensembles</a>
<a href="utilisateurs.php" class="button color-red-tr" id="btn-validation">Gestion des utilisateurs</a>
<?php
}?>
<br>
<br>
<div id="user_status">

11
init_db.php
View file

@ -3,7 +3,7 @@
include("test_creds.php");
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$conn = new mysqli($servername, $db_username, $db_password, $dbname);
// Check connection
if ($conn->connect_error) {
@ -12,13 +12,20 @@ if ($conn->connect_error) {
// Create tables
$sql = "
CREATE TABLE IF NOT EXISTS token(
id INT AUTO_INCREMENT PRIMARY KEY,
id_user INTEGER,
TOKEN VARCHAR(255),
create_time DATETIME DEFAULT CURRENT_TIMESTAMP
);
CREATE TABLE IF NOT EXISTS users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50) NOT NULL UNIQUE,
password_hash VARCHAR(255) NOT NULL,
nom_insa VARCHAR(25) NOT NULL,
admin BOOLEAN DEFAULT 0
admin BOOLEAN DEFAULT 0,
verifie BOOLEAN DEFAULT 0
);
CREATE TABLE IF NOT EXISTS themes (

20
inscription.php
View file

@ -23,7 +23,7 @@ session_start();
</div>
<div class="formulaire">
<input class="champ" id="username-input" type="text" name="username" placeholder="Nom d'utilisateur" required>
<input class="champ" id="username-input" type="text" name="username" placeholder="Ton adresse INSA" required>
<input class="champ" id="password-input" type="password" name="password" placeholder="Mot de passe" required>
<h4 class=" centre-txt label-input" for="insa-input">Selectionne ton INSA</h4>
@ -44,6 +44,24 @@ session_start();
</div>
<h2>Oui c'est vide oui ~\_(^-^)_/~</h2>
<pre>
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⠙⠻⢶⣄⡀⠀⠀⠀⢀⣤⠶⠛⠛⡇⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣇⠀⠀⣙⣿⣦⣤⣴⣿⣁⠀⠀⣸⠇⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⣡⣾⣿⣿⣿⣿⣿⣿⣿⣷⣌⠋⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⣿⣷⣄⡈⢻⣿⡟⢁⣠⣾⣿⣦⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿⣿⣿⠘⣿⠃⣿⣿⣿⣿⡏⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠀⠈⠛⣰⠿⣆⠛⠁⠀⡀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣦⠀⠘⠛⠋⠀⣴⣿⠁⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣶⣾⣿⣿⣿⣿⡇⠀⠀⠀⢸⣿⣏⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠀⠀⠀⠾⢿⣿⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⣠⣿⣿⣿⣿⣿⣿⡿⠟⠋⣁⣠⣤⣤⡶⠶⠶⣤⣄⠈⠀⠀⠀⠀⠀⠀
⠀⠀⠀⢰⣿⣿⣮⣉⣉⣉⣤⣴⣶⣿⣿⣋⡥⠄⠀⠀⠀⠀⠉⢻⣄⠀⠀⠀⠀⠀
⠀⠀⠀⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣟⣋⣁⣤⣀⣀⣤⣤⣤⣤⣄⣿⡄⠀⠀⠀⠀
⠀⠀⠀⠀⠙⠿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠛⠋⠉⠁⠀⠀⠀⠀⠈⠛⠃⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
</pre>
</body>
<?php
echo $csrf->script($context='inscription', $name='jeton_csrf', $declaration='var', $time2Live=-1, $max_hashes=5);

8
js/connection.js
View file

@ -14,10 +14,14 @@ function connection(){
.then(response => response.json())
.then(data => {
//console.log(data);
if(data.status == 1){
switch(data.status){
case 1:
window.location.href = "index.php";
}else{
break;
default:
alert("Une erreur s'est produite lors de votre connection : "+data.msg);
break;
}
})
.catch(error => {

2
js/index.js
View file

@ -253,7 +253,7 @@ document.addEventListener("DOMContentLoaded", (event)=>{
gen_chronologie();
test_auth();
document.getElementById("recherche_input").addEventListener("keypress", (event)=>{
document.getElementById("recherche_input").addEventListener("keydown", (event)=>{
console.log("???");
if (event.key === "Enter"){
event.preventDefault();

6
js/inscription.js
View file

@ -14,11 +14,7 @@ function inscription(){
})
.then(response => response.json())
.then(data => {
if(data.status == 1){
window.location.href = "index.php";
}else{
alert("Une erreur s'est produite lors de votre inscription. Ce nom d'utilisateur doit être déjà pris ! ");
}
alert(data.msg);
})
.catch(error => {
console.error('Error:', error);

7
televerser.php
View file

@ -6,9 +6,14 @@
?>
<body>
<?php
include("session_verif.php");
include('php-csrf.php');
session_start();
if (!isset($_SESSION["utilisateur_authentifie"]) || $_SESSION["utilisateur_authentifie"] !== true) {
header("Location: index.php");
exit;
}
$csrf = new CSRF();
?>

31
utilisateur_valide.php Normal file
View file

@ -0,0 +1,31 @@
<?php
session_start();
?>
<!DOCTYPE html>
<html lang="fr">
<?php
$titre_page = "Validation de votre compte Arch'INSA";
include "_partials/_head.php";
?>
<body>
<div class="centre-horizontal bulle-rouge" id="titre">
<pre class="centre-txt gros-titre">
__ ____ ___ _ _ /'/ ____ _ _ ___ __
/__\ ( _ \ / __)( )_( ) (_ _)( \( )/ __) /__\
/(__)\ ) /( (__ ) _ ( _)(_ ) ( \__ \ /(__)\
(__)(__)(_)\_) \___)(_) (_) (____)(_)\_)(___/(__)(__)
</pre>
</div>
<h1>Votre compte a bien été validé !!</h1>
<a hre="connection.php">Se connecter à Arch'INSA</a>
</body>
<?php
include "_partials/_footer.php";
?>
</html>

18
utils/inputs.php Normal file
View file

@ -0,0 +1,18 @@
<?php
function assainir_et_valider_mel($og_mel): string {
// Supprime les espaces en début et fin de chaîne
$mel = trim($og_mel);
// Assainit l'adresse e-mail en supprimant les caractères spéciaux
$mel = filter_var($mel, FILTER_SANITIZE_EMAIL);
// Vérifie si l'adresse e-mail est valide
if (filter_var($mel, FILTER_VALIDATE_EMAIL)) {
return $mel; // Si valide, renvoie l'adresse e-mail assainie
} else {
return "[ERREUR_MEL_MALSAINT]"; // Sinon, renvoie un message d'erreur
}
}
?>

245
utils/phpmailer/DSNConfigurator.php Normal file
View file

@ -0,0 +1,245 @@
<?php
/**
* PHPMailer - PHP email creation and transport class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2023 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* Configure PHPMailer with DSN string.
*
* @see https://en.wikipedia.org/wiki/Data_source_name
*
* @author Oleg Voronkovich <oleg-voronkovich@yandex.ru>
*/
class DSNConfigurator
{
/**
* Create new PHPMailer instance configured by DSN.
*
* @param string $dsn DSN
* @param bool $exceptions Should we throw external exceptions?
*
* @return PHPMailer
*/
public static function mailer($dsn, $exceptions = null)
{
static $configurator = null;
if (null === $configurator) {
$configurator = new DSNConfigurator();
}
return $configurator->configure(new PHPMailer($exceptions), $dsn);
}
/**
* Configure PHPMailer instance with DSN string.
*
* @param PHPMailer $mailer PHPMailer instance
* @param string $dsn DSN
*
* @return PHPMailer
*/
public function configure(PHPMailer $mailer, $dsn)
{
$config = $this->parseDSN($dsn);
$this->applyConfig($mailer, $config);
return $mailer;
}
/**
* Parse DSN string.
*
* @param string $dsn DSN
*
* @throws Exception If DSN is malformed
*
* @return array Configuration
*/
private function parseDSN($dsn)
{
$config = $this->parseUrl($dsn);
if (false === $config || !isset($config['scheme']) || !isset($config['host'])) {
throw new Exception('Malformed DSN');
}
if (isset($config['query'])) {
parse_str($config['query'], $config['query']);
}
return $config;
}
/**
* Apply configuration to mailer.
*
* @param PHPMailer $mailer PHPMailer instance
* @param array $config Configuration
*
* @throws Exception If scheme is invalid
*/
private function applyConfig(PHPMailer $mailer, $config)
{
switch ($config['scheme']) {
case 'mail':
$mailer->isMail();
break;
case 'sendmail':
$mailer->isSendmail();
break;
case 'qmail':
$mailer->isQmail();
break;
case 'smtp':
case 'smtps':
$mailer->isSMTP();
$this->configureSMTP($mailer, $config);
break;
default:
throw new Exception(
sprintf(
'Invalid scheme: "%s". Allowed values: "mail", "sendmail", "qmail", "smtp", "smtps".',
$config['scheme']
)
);
}
if (isset($config['query'])) {
$this->configureOptions($mailer, $config['query']);
}
}
/**
* Configure SMTP.
*
* @param PHPMailer $mailer PHPMailer instance
* @param array $config Configuration
*/
private function configureSMTP($mailer, $config)
{
$isSMTPS = 'smtps' === $config['scheme'];
if ($isSMTPS) {
$mailer->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
}
$mailer->Host = $config['host'];
if (isset($config['port'])) {
$mailer->Port = $config['port'];
} elseif ($isSMTPS) {
$mailer->Port = SMTP::DEFAULT_SECURE_PORT;
}
$mailer->SMTPAuth = isset($config['user']) || isset($config['pass']);
if (isset($config['user'])) {
$mailer->Username = $config['user'];
}
if (isset($config['pass'])) {
$mailer->Password = $config['pass'];
}
}
/**
* Configure options.
*
* @param PHPMailer $mailer PHPMailer instance
* @param array $options Options
*
* @throws Exception If option is unknown
*/
private function configureOptions(PHPMailer $mailer, $options)
{
$allowedOptions = get_object_vars($mailer);
unset($allowedOptions['Mailer']);
unset($allowedOptions['SMTPAuth']);
unset($allowedOptions['Username']);
unset($allowedOptions['Password']);
unset($allowedOptions['Hostname']);
unset($allowedOptions['Port']);
unset($allowedOptions['ErrorInfo']);
$allowedOptions = \array_keys($allowedOptions);
foreach ($options as $key => $value) {
if (!in_array($key, $allowedOptions)) {
throw new Exception(
sprintf(
'Unknown option: "%s". Allowed values: "%s"',
$key,
implode('", "', $allowedOptions)
)
);
}
switch ($key) {
case 'AllowEmpty':
case 'SMTPAutoTLS':
case 'SMTPKeepAlive':
case 'SingleTo':
case 'UseSendmailOptions':
case 'do_verp':
case 'DKIM_copyHeaderFields':
$mailer->$key = (bool) $value;
break;
case 'Priority':
case 'SMTPDebug':
case 'WordWrap':
$mailer->$key = (int) $value;
break;
default:
$mailer->$key = $value;
break;
}
}
}
/**
* Parse a URL.
* Wrapper for the built-in parse_url function to work around a bug in PHP 5.5.
*
* @param string $url URL
*
* @return array|false
*/
protected function parseUrl($url)
{
if (\PHP_VERSION_ID >= 50600 || false === strpos($url, '?')) {
return parse_url($url);
}
$chunks = explode('?', $url);
if (is_array($chunks)) {
$result = parse_url($chunks[0]);
if (is_array($result)) {
$result['query'] = $chunks[1];
}
return $result;
}
return false;
}
}

40
utils/phpmailer/Exception.php Normal file
View file

@ -0,0 +1,40 @@
<?php
/**
* PHPMailer Exception class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* PHPMailer exception handler.
*
* @author Marcus Bointon <phpmailer@synchromedia.co.uk>
*/
class Exception extends \Exception
{
/**
* Prettify error message output.
*
* @return string
*/
public function errorMessage()
{
return '<strong>' . htmlspecialchars($this->getMessage(), ENT_COMPAT | ENT_HTML401) . "</strong><br />\n";
}
}

139
utils/phpmailer/OAuth.php Normal file
View file

@ -0,0 +1,139 @@
<?php
/**
* PHPMailer - PHP email creation and transport class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
use League\OAuth2\Client\Grant\RefreshToken;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Token\AccessToken;
/**
* OAuth - OAuth2 authentication wrapper class.
* Uses the oauth2-client package from the League of Extraordinary Packages.
*
* @see https://oauth2-client.thephpleague.com
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
*/
class OAuth implements OAuthTokenProvider
{
/**
* An instance of the League OAuth Client Provider.
*
* @var AbstractProvider
*/
protected $provider;
/**
* The current OAuth access token.
*
* @var AccessToken
*/
protected $oauthToken;
/**
* The user's email address, usually used as the login ID
* and also the from address when sending email.
*
* @var string
*/
protected $oauthUserEmail = '';
/**
* The client secret, generated in the app definition of the service you're connecting to.
*
* @var string
*/
protected $oauthClientSecret = '';
/**
* The client ID, generated in the app definition of the service you're connecting to.
*
* @var string
*/
protected $oauthClientId = '';
/**
* The refresh token, used to obtain new AccessTokens.
*
* @var string
*/
protected $oauthRefreshToken = '';
/**
* OAuth constructor.
*
* @param array $options Associative array containing
* `provider`, `userName`, `clientSecret`, `clientId` and `refreshToken` elements
*/
public function __construct($options)
{
$this->provider = $options['provider'];
$this->oauthUserEmail = $options['userName'];
$this->oauthClientSecret = $options['clientSecret'];
$this->oauthClientId = $options['clientId'];
$this->oauthRefreshToken = $options['refreshToken'];
}
/**
* Get a new RefreshToken.
*
* @return RefreshToken
*/
protected function getGrant()
{
return new RefreshToken();
}
/**
* Get a new AccessToken.
*
* @return AccessToken
*/
protected function getToken()
{
return $this->provider->getAccessToken(
$this->getGrant(),
['refresh_token' => $this->oauthRefreshToken]
);
}
/**
* Generate a base64-encoded OAuth token.
*
* @return string
*/
public function getOauth64()
{
//Get a new token if it's not available or has expired
if (null === $this->oauthToken || $this->oauthToken->hasExpired()) {
$this->oauthToken = $this->getToken();
}
return base64_encode(
'user=' .
$this->oauthUserEmail .
"\001auth=Bearer " .
$this->oauthToken .
"\001\001"
);
}
}

44
utils/phpmailer/OAuthTokenProvider.php Normal file
View file

@ -0,0 +1,44 @@
<?php
/**
* PHPMailer - PHP email creation and transport class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* OAuthTokenProvider - OAuth2 token provider interface.
* Provides base64 encoded OAuth2 auth strings for SMTP authentication.
*
* @see OAuth
* @see SMTP::authenticate()
*
* @author Peter Scopes (pdscopes)
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
*/
interface OAuthTokenProvider
{
/**
* Generate a base64-encoded OAuth token ensuring that the access token has not expired.
* The string to be base 64 encoded should be in the form:
* "user=<user_email_address>\001auth=Bearer <access_token>\001\001"
*
* @return string
*/
public function getOauth64();
}

5248
utils/phpmailer/PHPMailer.php Normal file
View file

File diff suppressed because it is too large Load diff

467
utils/phpmailer/POP3.php Normal file
View file

@ -0,0 +1,467 @@
<?php
/**
* PHPMailer POP-Before-SMTP Authentication Class.
* PHP Version 5.5.
*
* @see https://github.com/PHPMailer/PHPMailer/ The PHPMailer GitHub project
*
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
* @author Brent R. Matzelle (original founder)
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2010 - 2012 Jim Jagielski
* @copyright 2004 - 2009 Andy Prevost
* @license https://www.gnu.org/licenses/old-licenses/lgpl-2.1.html GNU Lesser General Public License
* @note This program is distributed in the hope that it will be useful - WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE.
*/
namespace PHPMailer\PHPMailer;
/**
* PHPMailer POP-Before-SMTP Authentication Class.
* Specifically for PHPMailer to use for RFC1939 POP-before-SMTP authentication.
* 1) This class does not support APOP authentication.
* 2) Opening and closing lots of POP3 connections can be quite slow. If you need
* to send a batch of emails then just perform the authentication once at the start,
* and then loop through your mail sending script. Providing this process doesn't
* take longer than the verification period lasts on your POP3 server, you should be fine.
* 3) This is really ancient technology; you should only need to use it to talk to very old systems.
* 4) This POP3 class is deliberately lightweight and incomplete, implementing just
* enough to do authentication.
* If you want a more complete class there are other POP3 classes for PHP available.
*
* @author Richard Davey (original author) <rich@corephp.co.uk>
* @author Marcus Bointon (Synchro/coolbru) <phpmailer@synchromedia.co.uk>
* @author Jim Jagielski (jimjag) <jimjag@gmail.com>
* @author Andy Prevost (codeworxtech) <codeworxtech@users.sourceforge.net>
*/
class POP3
{
/**
* The POP3 PHPMailer Version number.
*
* @var string
*/
const VERSION = '6.9.1';
/**
* Default POP3 port number.
*
* @var int
*/
const DEFAULT_PORT = 110;
/**
* Default timeout in seconds.
*
* @var int
*/
const DEFAULT_TIMEOUT = 30;
/**
* POP3 class debug output mode.
* Debug output level.
* Options:
* @see POP3::DEBUG_OFF: No output
* @see POP3::DEBUG_SERVER: Server messages, connection/server errors
* @see POP3::DEBUG_CLIENT: Client and Server messages, connection/server errors
*
* @var int
*/
public $do_debug = self::DEBUG_OFF;
/**
* POP3 mail server hostname.
*
* @var string
*/
public $host;
/**
* POP3 port number.
*
* @var int
*/
public $port;
/**
* POP3 Timeout Value in seconds.
*
* @var int
*/
public $tval;
/**
* POP3 username.
*
* @var string
*/
public $username;
/**
* POP3 password.
*
* @var string
*/
public $password;
/**
* Resource handle for the POP3 connection socket.
*
* @var resource
*/
protected $pop_conn;
/**
* Are we connected?
*
* @var bool
*/
protected $connected = false;
/**
* Error container.
*
* @var array
*/
protected $errors = [];
/**
* Line break constant.
*/
const LE = "\r\n";
/**
* Debug level for no output.
*
* @var int
*/
const DEBUG_OFF = 0;
/**
* Debug level to show server -> client messages
* also shows clients connection errors or errors from server
*
* @var int
*/
const DEBUG_SERVER = 1;
/**
* Debug level to show client -> server and server -> client messages.
*
* @var int
*/
const DEBUG_CLIENT = 2;
/**
* Simple static wrapper for all-in-one POP before SMTP.
*
* @param string $host The hostname to connect to
* @param int|bool $port The port number to connect to
* @param int|bool $timeout The timeout value
* @param string $username
* @param string $password
* @param int $debug_level
*
* @return bool
*/
public static function popBeforeSmtp(
$host,
$port = false,
$timeout = false,
$username = '',
$password = '',
$debug_level = 0
) {
$pop = new self();
return $pop->authorise($host, $port, $timeout, $username, $password, $debug_level);
}
/**
* Authenticate with a POP3 server.
* A connect, login, disconnect sequence
* appropriate for POP-before SMTP authorisation.
*
* @param string $host The hostname to connect to
* @param int|bool $port The port number to connect to
* @param int|bool $timeout The timeout value
* @param string $username
* @param string $password
* @param int $debug_level
*
* @return bool
*/
public function authorise($host, $port = false, $timeout = false, $username = '', $password = '', $debug_level = 0)
{
$this->host = $host;
//If no port value provided, use default
if (false === $port) {
$this->port = static::DEFAULT_PORT;
} else {
$this->port = (int) $port;
}
//If no timeout value provided, use default
if (false === $timeout) {
$this->tval = static::DEFAULT_TIMEOUT;
} else {
$this->tval = (int) $timeout;
}
$this->do_debug = $debug_level;
$this->username = $username;
$this->password = $password;
//Reset the error log
$this->errors = [];
//Connect
$result = $this->connect($this->host, $this->port, $this->tval);
if ($result) {
$login_result = $this->login($this->username, $this->password);
if ($login_result) {
$this->disconnect();
return true;
}
}
//We need to disconnect regardless of whether the login succeeded
$this->disconnect();
return false;
}
/**
* Connect to a POP3 server.
*
* @param string $host
* @param int|bool $port
* @param int $tval
*
* @return bool
*/
public function connect($host, $port = false, $tval = 30)
{
//Are we already connected?
if ($this->connected) {
return true;
}
//On Windows this will raise a PHP Warning error if the hostname doesn't exist.
//Rather than suppress it with @fsockopen, capture it cleanly instead
set_error_handler([$this, 'catchWarning']);
if (false === $port) {
$port = static::DEFAULT_PORT;
}
//Connect to the POP3 server
$errno = 0;
$errstr = '';
$this->pop_conn = fsockopen(
$host, //POP3 Host
$port, //Port #
$errno, //Error Number
$errstr, //Error Message
$tval
); //Timeout (seconds)
//Restore the error handler
restore_error_handler();
//Did we connect?
if (false === $this->pop_conn) {
//It would appear not...
$this->setError(
"Failed to connect to server $host on port $port. errno: $errno; errstr: $errstr"
);
return false;
}
//Increase the stream time-out
stream_set_timeout($this->pop_conn, $tval, 0);
//Get the POP3 server response
$pop3_response = $this->getResponse();
//Check for the +OK
if ($this->checkResponse($pop3_response)) {
//The connection is established and the POP3 server is talking
$this->connected = true;
return true;
}
return false;
}
/**
* Log in to the POP3 server.
* Does not support APOP (RFC 2828, 4949).
*
* @param string $username
* @param string $password
*
* @return bool
*/
public function login($username = '', $password = '')
{
if (!$this->connected) {
$this->setError('Not connected to POP3 server');
return false;
}
if (empty($username)) {
$username = $this->username;
}
if (empty($password)) {
$password = $this->password;
}
//Send the Username
$this->sendString("USER $username" . static::LE);
$pop3_response = $this->getResponse();
if ($this->checkResponse($pop3_response)) {
//Send the Password
$this->sendString("PASS $password" . static::LE);
$pop3_response = $this->getResponse();
if ($this->checkResponse($pop3_response)) {
return true;
}
}
return false;
}
/**
* Disconnect from the POP3 server.
*/
public function disconnect()
{
// If could not connect at all, no need to disconnect
if ($this->pop_conn === false) {
return;
}
$this->sendString('QUIT' . static::LE);
// RFC 1939 shows POP3 server sending a +OK response to the QUIT command.
// Try to get it. Ignore any failures here.
try {
$this->getResponse();
} catch (Exception $e) {
//Do nothing
}
//The QUIT command may cause the daemon to exit, which will kill our connection
//So ignore errors here
try {
@fclose($this->pop_conn);
} catch (Exception $e) {
//Do nothing
}
// Clean up attributes.
$this->connected = false;
$this->pop_conn = false;
}
/**
* Get a response from the POP3 server.
*
* @param int $size The maximum number of bytes to retrieve
*
* @return string
*/
protected function getResponse($size = 128)
{
$response = fgets($this->pop_conn, $size);
if ($this->do_debug >= self::DEBUG_SERVER) {
echo 'Server -> Client: ', $response;
}
return $response;
}
/**
* Send raw data to the POP3 server.
*
* @param string $string
*
* @return int
*/
protected function sendString($string)
{
if ($this->pop_conn) {
if ($this->do_debug >= self::DEBUG_CLIENT) { //Show client messages when debug >= 2
echo 'Client -> Server: ', $string;
}
return fwrite($this->pop_conn, $string, strlen($string));
}
return 0;
}
/**
* Checks the POP3 server response.
* Looks for for +OK or -ERR.
*
* @param string $string
*
* @return bool
*/
protected function checkResponse($string)
{
if (strpos($string, '+OK') !== 0) {
$this->setError("Server reported an error: $string");
return false;
}
return true;
}
/**
* Add an error to the internal error store.
* Also display debug output if it's enabled.
*
* @param string $error
*/
protected function setError($error)
{
$this->errors[] = $error;
if ($this->do_debug >= self::DEBUG_SERVER) {
echo '<pre>';
foreach ($this->errors as $e) {
print_r($e);
}
echo '</pre>';
}
}
/**
* Get an array of error messages, if any.
*
* @return array
*/
public function getErrors()
{
return $this->errors;
}
/**
* POP3 connection error handler.
*
* @param int $errno
* @param string $errstr
* @param string $errfile
* @param int $errline
*/
protected function catchWarning($errno, $errstr, $errfile, $errline)
{
$this->setError(
'Connecting to the POP3 server raised a PHP warning:' .
"errno: $errno errstr: $errstr; errfile: $errfile; errline: $errline"
);
}
}

1499
utils/phpmailer/SMTP.php Normal file
View file

File diff suppressed because it is too large Load diff

38
utils/phpmailer/template_mel.html Normal file
View file

@ -0,0 +1,38 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Arch'INSA</title>
</head>
<body>
<h1>[titre]</h1>
<a href="[url_token]">Clickez ici pour valider votre compte !</a>
<p>[paragraphe]</p>
<pre>
__ ____ ___ _ _ /'/ ____ _ _ ___ __
/__\ ( _ \ / __)( )_( ) (_ _)( \( )/ __) /__\
/(__)\ ) /( (__ ) _ ( _)(_ ) ( \__ \ /(__)\
(__)(__)(_)\_) \___)(_) (_) (____)(_)\_)(___/(__)(__)
</pre>
<pre>
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⡀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣾⠙⠻⢶⣄⡀⠀⠀⠀⢀⣤⠶⠛⠛⡇⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣇⠀⠀⣙⣿⣦⣤⣴⣿⣁⠀⠀⣸⠇⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⣡⣾⣿⣿⣿⣿⣿⣿⣿⣷⣌⠋⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣴⣿⣷⣄⡈⢻⣿⡟⢁⣠⣾⣿⣦⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢹⣿⣿⣿⣿⠘⣿⠃⣿⣿⣿⣿⡏⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⠀⠈⠛⣰⠿⣆⠛⠁⠀⡀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣼⣿⣦⠀⠘⠛⠋⠀⣴⣿⠁⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣤⣶⣾⣿⣿⣿⣿⡇⠀⠀⠀⢸⣿⣏⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣠⣶⣿⣿⣿⣿⣿⣿⣿⣿⠿⠿⠀⠀⠀⠾⢿⣿⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⣠⣿⣿⣿⣿⣿⣿⡿⠟⠋⣁⣠⣤⣤⡶⠶⠶⣤⣄⠈⠀⠀⠀⠀⠀⠀
⠀⠀⠀⢰⣿⣿⣮⣉⣉⣉⣤⣴⣶⣿⣿⣋⡥⠄⠀⠀⠀⠀⠉⢻⣄⠀⠀⠀⠀⠀
⠀⠀⠀⠸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣟⣋⣁⣤⣀⣀⣤⣤⣤⣤⣄⣿⡄⠀⠀⠀⠀
⠀⠀⠀⠀⠙⠿⣿⣿⣿⣿⣿⣿⣿⡿⠿⠛⠋⠉⠁⠀⠀⠀⠀⠈⠛⠃⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠉⠉⠉⠉⠉⠀⠀⠀⠀⠀
</pre>
</body>
</html>

97
utils/sendmail.php Normal file
View file

@ -0,0 +1,97 @@
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
require_once "phpmailer/Exception.php";
require_once "phpmailer/PHPMailer.php";
require_once "phpmailer/SMTP.php";
include("test_creds.php");
class Mail
{
private static $mail = NULL;
private static $error = "";
private function readFile($file)
{
$real_path = $file;
$file = fopen($real_path, "r") or die("Unable to open file!");;
$password = fgets($file);
fclose($file);
return trim($password);
}
public function __construct()
{
global $mel_id,$mel_adr,$mel_mdp;
try {
$this::$mail = new PHPMailer(true);
$this::$mail->isSMTP();
$this::$mail->Host = "smtp.insa-toulouse.fr";
$this::$mail->SMTPAuth = true;
$this::$mail->Username = $mel_id;
$this::$mail->Password = $mel_mdp;
$this::$mail->setFrom($mel_adr, 'Club Info INSA Toulouse');
$this::$mail->isHTML(true);
$this::$mail->Subject = 'Inscription sur Arch\'INSA';
$this::$mail->Body = 'Message vide.';
$this::$mail->CharSet = 'UTF-8';
} catch (Exception $e) {
null;
}
}
public function setContent(string $subject,string $url,string $titre,string $paragraphe)
{
try {
//sécu et encodage en UTF-8 (n'échappe pas les ')
$subject = mb_convert_encoding($subject, 'UTF-8', 'auto');
$this::$mail->Subject = htmlspecialchars($subject, ENT_NOQUOTES, 'UTF-8');
$template = file_get_contents("utils/phpmailer/template_mel.html");
$content = str_replace("[url_token]", $url, $template);
$content = str_replace("[titre]", $titre, $content);
$content = str_replace("[paragraphe]", $paragraphe, $content);
$this::$mail->Body = $content;
} catch (Exception $e) {
null;
}
}
public function send(string $mail_dest, string $name_dest): bool
{
try {
$mail_dest=htmlspecialchars($mail_dest);
$name_dest=htmlspecialchars($name_dest);
$this::$mail->addAddress($mail_dest, $name_dest);
$this::$mail->Port = 465;
$this::$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$this::$mail->send();
} catch (Exception $e) {
$this::$error=$this::$mail->ErrorInfo;
return false;
}
return true;
}
public function getError(): string
{
return $this::$error;
}
}
/*
echo "test d'envoi de mail (sans token) ...";
$mailtest = new Mail();
$mailtest->setContent("sujet du mail", "titre du mail", "<p>ceci est un test</p><p>ceci est une seconde ligne</p>");
if(!$mailtest->send("mougnibas@insa-toulouse.fr", "test")) {
echo $mailtest->getError(); //si le mail n'a pas été envoyé
} else {
echo "coul coul coul"; // si le mail a été envoyé
}
*/
?>

112
utils/token.php Normal file
View file

@ -0,0 +1,112 @@
<?php
// Database connection parameters
include("test_creds.php");
class Token
{
private static $conn;
public function __construct()
{
global $servername,$db_username,$db_password,$dbname;
self::$conn = new mysqli($servername, $db_username, $db_password, $dbname);
// Check connection
if (self::$conn->connect_error) {
die("Connection failed: " . self::$conn->connect_error);
}
}
private function randomStr($str_len) : string
{
$random_str_tot = "";
$chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
for( $x = 0; $x < $str_len; $x++ ) {
$random_str= $chars[random_int(0, strlen($chars)-1)];
$random_str_tot = $random_str_tot.$random_str;
}
return $random_str_tot;
}
public function delete(int $id_user, string $token)
{
$token = htmlspecialchars($token);
$id_user = htmlspecialchars($id_user);
$deleteReq = self::$conn->prepare("DELETE FROM `token` WHERE `id_user` = ? AND `token` = ?");
$deleteReq->execute(array($id_user, $token));
}
public function isValid(int $id_user, string $token) : bool
{
$id_user = htmlspecialchars($id_user);
$token = htmlspecialchars($token);
$req = self::$conn->prepare("SELECT `TOKEN`, `create_time` FROM `token` WHERE `id_user` = ? AND `TOKEN` = ?");
$ret = $req->execute(array($id_user, $token));
if($ret){
$req->store_result();
$req->bind_result($dbToken,$createTime);
$req->fetch();
$createTime = strtotime($createTime);
$currentTime = time();
$oneDayInSeconds = 86400; // 1 jour = 86400 s
$ret = $currentTime - $createTime <= $oneDayInSeconds;
if(!$ret){
// OLD TOKEN (+ d'un jour donc expiré)
$deleteReq = self::$conn->prepare("DELETE FROM `token` WHERE `id_user` = ?");
$deleteReq->execute(array($id_user));
}
}
return $ret;
}
public function Add(int $id_user) : string
{
$id_user = (int) htmlspecialchars($id_user);
$token = $this->randomStr(50);
// supprimer les anciens token
$deleteReq = self::$conn->prepare("DELETE FROM `token` WHERE `id_user` = ?");
$deleteReq->execute(array($id_user));
$req = self::$conn->prepare("INSERT INTO `token`(`id_user`, `TOKEN`, `create_time`) VALUES(?, ?, ?)");
$req->execute(array($id_user, $token, date("Y-m-d H:i:s", time())));
return $token;
}
public function getUserID(string $token) : int
{
$token = htmlspecialchars($token);
$req = self::$conn->prepare("SELECT `id_user` FROM `token` WHERE `TOKEN` = ?");
$req->execute(array($token));
$req->store_result();
$req->bind_result($id_user);
$res = $req->fetch();
if ($res) {
return $id_user;
} else {
return -1;
}
}
public function getToken(string $user_id) : string
{
$req = self::$conn->prepare("SELECT `TOKEN` FROM `token` WHERE `id_user` = ?");
$req->execute(array($user_id));
$req->store_result();
$req->bind_result($token);
$res = $req->fetch();
if ($res) {
return $token;
} else {
return -1;
}
}
}
?>