1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148
| <?php
session_start();
$bdd = new PDO('mysql:host=localhost;dbname=db', 'user', 'mdp');
if(isset($_POST['recup_submit'],$_POST['recup_mail'])) {
if(!empty($_POST['recup_mail'])) {
$recup_mail = htmlspecialchars($_POST['recup_mail']);
if(filter_var($recup_mail,FILTER_VALIDATE_EMAIL)) {
$mailexist = $bdd->prepare('SELECT id,pseudo FROM membres WHERE mail = ?');
$mailexist->execute(array($recup_mail));
$mailexist_count = $mailexist->rowCount();
if($mailexist_count == 1) {
$pseudo = $mailexist->fetch();
$pseudo = $pseudo['pseudo'];
$_SESSION['recup_mail'] = $recup_mail;
$recup_code = "";
for($i=0; $i < 8; $i++) {
$recup_code .= mt_rand(0,9);
}
$mail_recup_exist = $bdd->prepare('SELECT id FROM recuperation WHERE mail = ?');
$mail_recup_exist->execute(array($recup_mail));
$mail_recup_exist = $mail_recup_exist->rowCount();
if($mail_recup_exist == 1) {
$recup_insert = $bdd->prepare('UPDATE recuperation SET code = ? WHERE mail = ?');
$recup_insert->execute(array($recup_code,$recup_mail));
} else {
$recup_insert = $bdd->prepare('INSERT INTO recuperation(mail,code) VALUES (?, ?)');
$recup_insert->execute(array($recup_mail,$recup_code));
}
$header="MIME-Version: 1.0\r\n";
$header.='From:"machin"<support@machin.machin.com>'."\n";
$header.='Content-Type:text/html; charset="utf-8"'."\n";
$header.='Content-Transfer-Encoding: 8bit';
$message = '
<html>
<head>
<title>Mot de passe - machin</title>
<meta charset="utf-8" />
</head>
<body>
<font color="#303030";>
<div align="center">
<table width="600px">
<tr>
<td>
<center><img src="http://machin.machin.com/images/logo.png" /> <br /><br /><div align="center">Bonjour <b>'.$pseudo.'</b>,</div>
Voici votre code de récupération: <b>'.$recup_code.'</b><br />
A bientôt sur <a href="http://machin.machin.com/">machin</a> !</center>
<h3 align="right">L\'équipe machin</h3>
</td>
</tr>
<tr>
<td align="center">
<font size="2">
Ceci est un email automatique, merci de ne pas y répondre
</font>
</td>
</tr>
</table>
</div>
</font>
</body>
</html>
';
mail($recup_mail, "Mot de passe - machin", $message, $header);
header("Location:http://machin.machin.com/recuperation.php?section=code");
} else {
$error = "Cette adresse mail n'est pas enregistrée";
}
} else {
$error = "Adresse mail invalide";
}
} else {
$error = "Veuillez entrer votre adresse mail";
}
}
if(isset($_POST['verif_submit'],$_POST['verif_code'])) {
if(!empty($_POST['verif_code'])) {
$verif_code = htmlspecialchars($_POST['verif_code']);
$verif_req = $bdd->prepare('SELECT id FROM recuperation WHERE mail = ? AND code = ?');
$verif_req->execute(array($_SESSION['recup_mail'],$verif_code));
$verif_req = $verif_req->rowCount();
if($verif_req == 1) {
$up_req = $bdd->prepare('UPDATE recuperation SET confirme = 1 WHERE mail = ?');
$up_req->execute(array($_SESSION['recup_mail']));
header('Location:http://machin.machin.com/recuperation.php?section=changemdp');
} else {
$error = "Code invalide";
}
} else {
$error = "Veuillez entrer votre code de confirmation";
}
}
if(isset($_POST['change_submit'])) {
if(isset($_POST['change_mdp'],$_POST['change_mdpc'])) {
$verif_confirme = $bdd->prepare('SELECT confirme FROM recuperation WHERE mail = ?');
$verif_confirme->execute(array($_SESSION['recup_mail']));
$verif_confirme = $verif_confirme->fetch();
$verif_confirme = $verif_confirme['confirme'];
if($verif_confirme == 1) {
$mdp = htmlspecialchars($_POST['change_mdp']);
$mdpc = htmlspecialchars($_POST['change_mdpc']);
if(!empty($mdp) AND !empty($mdpc)) {
if($mdp == $mdpc) {
$mdp = sha1($mdp);
$ins_mdp = $bdd->prepare('UPDATE membres SET motdepasse = ? WHERE mail = ?');
$ins_mdp->execute(array($mdp,$_SESSION['recup_mail']));
$del_req = $bdd->prepare('DELETE FROM recuperation WHERE mail = ?');
$del_req->execute(array($_SESSION['recup_mail']));
header('Location:http://machin.machin.com/path/connexion/');
} else {
$error = "Vos mots de passes ne correspondent pas";
}
} else {
$error = "Veuillez remplir tous les champs";
}
} else {
$error = "Veuillez valider votre mail grâce au code de vérification qui vous a été envoyé par mail";
}
} else {
$error = "Veuillez remplir tous les champs";
}
}
?>
<h4 class="title-element">Récupération de mot de passe</h4>
<?php if($section == 'code') { ?>
Un code de vérification vous a été envoyé par mail: <?= $_SESSION['recup_mail'] ?>
<br/>
<form method="post">
<input type="text" placeholder="Code de vérification" name="verif_code"/><br/>
<input type="submit" value="Valider" name="verif_submit"/>
</form>
<?php } elseif($section == "changemdp") { ?>
Nouveau mot de passe pour <?= $_SESSION['recup_mail'] ?>
<form method="post">
<input type="password" placeholder="Nouveau mot de passe" name="change_mdp"/><br/>
<input type="password" placeholder="Confirmation du mot de passe" name="change_mdpc"/><br/>
<input type="submit" value="Valider" name="change_submit"/>
</form>
<?php } else { ?>
<form method="post">
<input type="email" placeholder="Votre adresse mail" name="recup_mail"/><br/>
<input type="submit" value="Valider" name="recup_submit"/>
</form>
<?php } ?>
<?php if(isset($error)) { echo '<span style="color:red">'.$error.'</span>'; } else { echo ""; } ?> |
Partager