<?php
#########################################################################################
# Oubli de mot de passe de Pnyx - scripts bdd #
# Auteur : V. Blais #
# Création : 2006-04-05 #
# Modification : 2008-08-12 #
# #
# Pnyx - une application Web (PHP/MySQL) d'élections virtuelles conçue pour des élèves #
# du primaire et du secondaire, dans lequel ils sont amenés à faire des propositions #
# en ligne et voter pour leur favorite, sous la supervision d'un enseignant. #
# #
# Copyright (C) <2008 - 2009> #
# <Service national du RÉCIT de l'univers social de la Commission scolaire de la #
# Pointe-de-l'Île> #
# #
# This program is free software; you can redistribute it and/or modify it under the #
# terms of the GNU General Public License as published by the Free Software Foundation. #
# This program is distributed in the hope that it will be useful, but WITHOUT ANY #
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A #
# PARTICULAR PURPOSE. See the GNU General Public License for more details. #
# You should have received a copy of the GNU General Public License along with this #
# program as the file LICENSE.txt; if not, please see #
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt. #
# #
# Service national du RÉCIT de l'univers social #
# http://www.recitus.qc.ca #
# Contact e-mail : steve-hide@address.com #
#########################################################################################
require "entete_php.php";
# verifier si la session est valide
# puis verifier si l'usager dispose des autorisations requises
# pour la saisie
verifier_session();
if(isset($_POST['action'])){
if($_POST['action'] == "nvmdp"){
if(strlen($_POST['nvmdp']) < 6){
$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe entré est trop court. Il doit contenir entre 6 et 15 caractères.";
$page = "oubli_pass.php?code=" . $_POST['code'];
header("Location: $page");
}
else{
if($_POST['nvmdp'] == $_POST['cmdp']){
$requete_sql = "UPDATE usager
SET password = '" . sha1($_POST['nvmdp']) . "',
oubli = NULL
WHERE oubli = '" . $_POST['code'] . "'
";
$reponse_change = mysql_query($requete_sql);
$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe a été changé avec succes.";
$requete_sql = "SELECT login FROM usager WHERE password = '" . sha1($_POST['nvmdp']) . "'";
$reponse_login = mysql_query($requete_sql);
$ligne_login = mysql_fetch_array($reponse_login);
global $HTTP_SESSION_VARS, $SESSION, $USAGER, $MOTPASSE;
echo $ligne_login['login'];
$requete_sql = "SELECT *
FROM usager
WHERE login = '" . $ligne_login['login'] . "'
AND password = '" . sha1($_POST['nvmdp']) . "'
";
$reponse_sql = bd_executer_sql($requete_sql);
$nb_res = mysql_num_rows($reponse_sql);
echo $nb_res;
if ($nb_res != 0) {
# si le login est valide
$ligne = mysql_fetch_array($reponse_sql);
# modifier les variables session
if ($ligne["type"] == "admin") {
# gen_variables_session();
$HTTP_SESSION_VARS['SESSION']["niveau"] = "admin";
header("Location: adm_projet.php");
} elseif ($ligne["type"] == "resp") {
$HTTP_SESSION_VARS['SESSION']["niveau"] = "resp";
$requete_sql = "SELECT nom, prenom, resp_id
FROM responsable
WHERE usager_id = \"$ligne[usager_id]\"
";
$reponse_sql = bd_executer_sql($requete_sql);
$ligne_resp = mysql_fetch_array($reponse_sql);
# echo $requete_sql;
$HTTP_SESSION_VARS['SESSION']["nom_complet"] = $ligne_resp['prenom']." ".$ligne_resp['nom'];
$HTTP_SESSION_VARS['SESSION']["usager_id"] = $ligne_resp['resp_id'];
header("Location: rsp_compte.php");
}
}
}
else{
$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe entré dans le champ de confirmation n'est pas identique à celui de l'autre champ.";
$page = "oubli_pass.php?code=" . $_POST['code'];
header("Location: $page");
}
}
}
}
else{
#CHERCHER LE MOT DE PASSE
$requete_sql = "SELECT courriel_admin FROM site_parametres WHERE courriel_admin = \"$HTTP_POST_VARS[login]\"";
$reponse_admin = bd_executer_sql($requete_sql);
$ligne_admin = mysql_fetch_array($reponse_admin);
if($ligne_admin['courriel_admin'] == ""){
$requete_sql = "SELECT login FROM usager WHERE login = \"$HTTP_POST_VARS[login]\" AND type = \"resp\"";
$reponse_log = bd_executer_sql($requete_sql);
$log = $HTTP_POST_VARS['login'];
}
else{
$requete_sql = "SELECT login FROM usager WHERE usager_id = 1";
$reponse_log = bd_executer_sql($requete_sql);
$log = $ligne_admin['courriel_admin'];
}
$character = array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","1","2","3","4","5","6","7","8","9","0");
$oubliCode = "";
for($i = 1; $i <= 20; $i++){
$position = rand(0,35);
$oubliCode = $oubliCode . $character[$position];
}
$ligne_log = mysql_fetch_array($reponse_log);
$requete_sql = "UPDATE usager
SET oubli = '" . $oubliCode . "'
WHERE login = \"$ligne_log[login]\"
";
$reponse_oubli = mysql_query($requete_sql);
#Courriel et titre
$requete_sql = "SELECT courriel_admin, titre
FROM site_parametres
";
$reponse_param = bd_executer_sql($requete_sql);
if (mysql_num_rows($reponse_log) >0){
#ENVOI D'UN EMAIL AU RESPONSABLE
$stringPage = $_SERVER['PHP_SELF'];
$stringPage = substr($stringPage, 0, -5);
$param = mysql_fetch_array($reponse_param);
$email = $log;
$dest = $email;
if($email == $param['courriel_admin']){
$email = "admin";
}
$sujet = "ADMIN " . $param['titre'] . " - Votre mot de passe";
$body = "Bonjour,\nVoici votre nom d'utilisateur ainsi qu'un lien pour pouvoir changer le mot de passe de votre compte " . $param['titre'] . ":\n\nNom d'utilisateur: ".$email."\nLien: " . $_SERVER['HTTP_HOST'] . $stringPage . ".php?code=".$oubliCode."\n\n";
$headers = 'From: ADMIN - ' . $param['titre'] . ' <' . $param['courriel_admin'] . '>' . "\r\n";
mail($dest, $sujet, $body, $headers);
$HTTP_SESSION_VARS['SESSION']['message'] = "Un courriel vous a été envoyé.";
$page = "oubli_pass.php";
header("Location: $page");
} else {
$HTTP_SESSION_VARS['SESSION']['message'] = "Désolé, il n'y a aucune inscription avec ce courriel <font color='#000000'>". $HTTP_POST_VARS['login']."</font> .";
$page = "oubli_pass.php";
header("Location: $page");
}
}
?>