Location: PHPKode > projects > Pnyx : des lections virtuelles! > pnyx1.0.1/oubli_pass2.php
<?php

	#########################################################################################
	# Oubli de mot de passe de Pnyx - scripts bdd											#
	# Auteur : V. Blais																		#
	# Création : 2006-04-05																	#
	# Modification : 2008-08-12																#
	# 																						#
	# Pnyx - une application Web (PHP/MySQL) d'élections virtuelles conçue pour	des	élèves	#
	# du primaire et du secondaire, dans lequel ils sont amenés à faire des	propositions	#
	# en ligne et voter pour leur favorite, sous la supervision d'un enseignant.			#
	#																						#
    # Copyright (C) <2008 - 2009>															#
	# <Service national du RÉCIT de l'univers social de la Commission scolaire de la		#
	# Pointe-de-l'Île>																		#
	#																						#
	# This program is free software; you can redistribute it and/or modify it under the 	#
	# terms of the GNU General Public License as published by the Free Software Foundation.	#
	# This program is distributed in the hope that it will be useful, but WITHOUT ANY 		#
	# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 		#
	# PARTICULAR PURPOSE.  See the GNU General Public License for more details.				#
	# You should have received a copy of the GNU General Public License along with this 	#
	# program as the file LICENSE.txt; if not, please see 									#
	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.									#
	# 																						#
	# Service national du RÉCIT de l'univers social											#
	# http://www.recitus.qc.ca																#
	# Contact e-mail : steve-hide@address.com												#
	#########################################################################################

	require "entete_php.php";

		# verifier si la session est valide 
		# puis verifier si l'usager dispose des autorisations requises
		# pour la saisie
		verifier_session();
	
	if(isset($_POST['action'])){
		if($_POST['action'] == "nvmdp"){
			if(strlen($_POST['nvmdp']) < 6){
				$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe entré est trop court. Il doit contenir entre 6 et 15 caractères."; 
			
				$page = "oubli_pass.php?code=" . $_POST['code'];
				header("Location: $page");	
			}
			else{
				if($_POST['nvmdp'] == $_POST['cmdp']){
					$requete_sql = "UPDATE usager
									SET password = '" . sha1($_POST['nvmdp']) . "',
									oubli = NULL
									WHERE oubli = '" . $_POST['code'] . "'
									";
					$reponse_change = mysql_query($requete_sql);
					
					$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe a été changé avec succes."; 
			
					$requete_sql = "SELECT login FROM usager WHERE password = '" . sha1($_POST['nvmdp']) . "'";
					$reponse_login = mysql_query($requete_sql);
					$ligne_login = mysql_fetch_array($reponse_login);
					
					global $HTTP_SESSION_VARS, $SESSION, $USAGER, $MOTPASSE;
					
					echo $ligne_login['login'];
					
					$requete_sql = "SELECT *
									FROM usager
									WHERE login = '" . $ligne_login['login'] . "'
									AND password = '" . sha1($_POST['nvmdp']) . "'
									";
					$reponse_sql = bd_executer_sql($requete_sql);
					$nb_res = mysql_num_rows($reponse_sql);
					
					echo $nb_res;
					
					if ($nb_res != 0) {
						
						# si le login est valide
						$ligne = mysql_fetch_array($reponse_sql);
						
						# modifier les variables session
						if ($ligne["type"] == "admin") {
				#			gen_variables_session();
							$HTTP_SESSION_VARS['SESSION']["niveau"] = "admin";
							
							header("Location: adm_projet.php");
							
						} elseif ($ligne["type"] == "resp") {
							
							$HTTP_SESSION_VARS['SESSION']["niveau"] = "resp";
							
							$requete_sql = "SELECT nom, prenom, resp_id
									FROM responsable
									WHERE usager_id = \"$ligne[usager_id]\"
									";
							$reponse_sql = bd_executer_sql($requete_sql);
							$ligne_resp = mysql_fetch_array($reponse_sql);
				#			echo $requete_sql;
								
							$HTTP_SESSION_VARS['SESSION']["nom_complet"] = $ligne_resp['prenom']." ".$ligne_resp['nom'];
							$HTTP_SESSION_VARS['SESSION']["usager_id"] = $ligne_resp['resp_id'];
							
								header("Location: rsp_compte.php");
										
						}
					}
				}
				else{
					$HTTP_SESSION_VARS['SESSION']['message'] = "Le mot de passe entré dans le champ de confirmation n'est pas identique à celui de l'autre champ."; 
			
					$page = "oubli_pass.php?code=" . $_POST['code'];
					header("Location: $page");
				}
			}
		}
	}
	else{	
	
		#CHERCHER LE MOT DE PASSE
		$requete_sql = "SELECT courriel_admin FROM site_parametres WHERE courriel_admin = \"$HTTP_POST_VARS[login]\"";
		$reponse_admin = bd_executer_sql($requete_sql);
		$ligne_admin = mysql_fetch_array($reponse_admin);
			
		if($ligne_admin['courriel_admin'] == ""){
			$requete_sql = "SELECT login FROM usager WHERE login = \"$HTTP_POST_VARS[login]\" AND type = \"resp\"";
			$reponse_log = bd_executer_sql($requete_sql);
			$log = $HTTP_POST_VARS['login'];			
		}
		else{
			$requete_sql = "SELECT login FROM usager WHERE usager_id = 1";
			$reponse_log = bd_executer_sql($requete_sql);
			$log = $ligne_admin['courriel_admin'];
		}
		
		$character = array("a","b","c","d","e","f","g","h","i","j","k","l","m","n","o","p","q","r","s","t","u","v","w","x","y","z","1","2","3","4","5","6","7","8","9","0");
		
		$oubliCode = "";
		
		for($i = 1; $i <= 20; $i++){
			$position = rand(0,35);
			$oubliCode = $oubliCode . $character[$position];
		}
		
		$ligne_log = mysql_fetch_array($reponse_log);
		
		$requete_sql = "UPDATE usager
						SET oubli = '" . $oubliCode . "'
						WHERE login = \"$ligne_log[login]\"
						";
		$reponse_oubli = mysql_query($requete_sql);
		
		#Courriel et titre
			
		$requete_sql = "SELECT courriel_admin, titre
						FROM site_parametres
						";
		$reponse_param = bd_executer_sql($requete_sql);
		
		if (mysql_num_rows($reponse_log) >0){
		
			#ENVOI D'UN EMAIL AU RESPONSABLE 
			
			$stringPage = $_SERVER['PHP_SELF'];
			$stringPage = substr($stringPage, 0, -5);

			$param = mysql_fetch_array($reponse_param);
			
			$email = $log;
			 
			$dest = $email;
			if($email == $param['courriel_admin']){
				$email = "admin";
			}
			$sujet = "ADMIN " . $param['titre'] . " - Votre mot de passe";
			$body = "Bonjour,\nVoici votre nom d'utilisateur ainsi qu'un lien pour pouvoir changer le mot de passe de votre compte " . $param['titre'] . ":\n\nNom d'utilisateur: ".$email."\nLien: " . $_SERVER['HTTP_HOST'] . $stringPage . ".php?code=".$oubliCode."\n\n";
			$headers = 'From: ADMIN - ' . $param['titre'] . ' <' . $param['courriel_admin'] . '>' . "\r\n";
			
			mail($dest, $sujet, $body, $headers);
		
			$HTTP_SESSION_VARS['SESSION']['message'] = "Un courriel vous a été envoyé."; 
			
			$page = "oubli_pass.php";
			header("Location: $page");
		
		} else {
		
			$HTTP_SESSION_VARS['SESSION']['message'] = "Désolé, il n'y a aucune inscription avec ce courriel <font color='#000000'>". $HTTP_POST_VARS['login']."</font> ."; 
			
			$page = "oubli_pass.php";
			header("Location: $page");	
		}
	}
	
?>
Return current item: Pnyx : des lections virtuelles!