From a87911e76f938e209ace5ed451cde31f9355415c Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Thu, 19 Oct 2017 14:07:38 +0200 Subject: [PATCH] Renamed authentification/authentication + authenticationDefault::update_admin + iface to update admin password --- ...nDefault.php => authenticationDefault.php} | 86 ++++++++++++++++- config/modules.json | 13 ++- public_html/index.php | 4 +- public_html/view/admin.php | 4 +- public_html/view/js/profile.js | 93 +++++++++++++++++++ public_html/view/profile.php | 21 +++-- public_html/view/warehouse.php | 2 +- 7 files changed, 208 insertions(+), 15 deletions(-) rename build/api/module/{authentificationDefault.php => authenticationDefault.php} (56%) diff --git a/build/api/module/authentificationDefault.php b/build/api/module/authenticationDefault.php similarity index 56% rename from build/api/module/authentificationDefault.php rename to build/api/module/authenticationDefault.php index 01276b5..b441090 100755 --- a/build/api/module/authentificationDefault.php +++ b/build/api/module/authenticationDefault.php @@ -5,15 +5,17 @@ use \api\core\Authentification; use \database\core\Repo; use \manager\repo\cluster as clusterRepo; + use \error\core\Error; + use \error\core\Err; - class authentificationDefault{ + class authenticationDefault{ public function __construct(){ - // Routine to execute before each call to authentificationDefault's method + // Routine to execute before each call to authenticationDefault's method } public function __destruct(){ - // Routine to execute after each call to authentificationDefault's method + // Routine to execute after each call to authenticationDefault's method } /* CONNEXION A UN ENTREPOT @@ -116,6 +118,84 @@ return [ 'status' => true ]; } + + + + + + + + + + + + + /* MODIFICATION MOT DE PASSE ADMINISTRATEUR + * + * @old Ancien mot de passe (actuel) + * @new Nouveau mot de passe + * @confirm Confirmation mot de passe + * + * @return status TRUE si les crédits sont bons, sinon FALSE + * + */ + public function update_admin($params){ + extract($params); + + + + /* [1] On vérifie la confirmation de mot de passe + =========================================================*/ + if( $new !== $confirm ) + return [ 'error' => new Error(Err::WrongParam, 'confirm') ]; + + + /* [2] On vérifie le mot de passe actuel + =========================================================*/ + /* (1) On hash le mot de passe actuel */ + $hash_old = secure_hash($old, $_SESSION['ADMIN']['username']); + + /* (2) On vérifie que le mot de passe est correct */ + $checkPassword = new Repo('admin/getById', [ + $_SESSION['WAREHOUSE']['id'], + $_SESSION['ADMIN']['id'] + ]); + + $adminFetched = $checkPassword->answer(); + + // Si aucun résultat -> erreur + if( $adminFetched === false ) + return [ 'error' => new Error(Err::NoMatchFound) ]; + + + /* [3] On vérifie le mot de passe actuel + =========================================================*/ + // Si mot de passe faux, on retourne une erreur + if( $adminFetched['password'] != $hash_old ) + return [ 'error' => new Error(Err::WrongParam, 'old') ]; + + + /* [3] On met à jour le mot de passe + =========================================================*/ + /* (1) On hash le nouveau mot de passe */ + $hash_new = secure_hash($new, $adminFetched['username']); + + /* (w) Requête */ + $update = new Repo('admin/edit', [ + $adminFetched['id_admin'], + $adminFetched['username'], + $adminFetched['mail'], + $hash_new + ]); + + /* (3) Gestion erreur */ + if( !$update->answer() ) + return [ 'error' => new Error(Err::RepoError) ]; + + /* (4) Succès si tout ok */ + return [ 'error' => new Error(Err::Success) ]; + } + } diff --git a/config/modules.json b/config/modules.json index c0a2b40..c3c433a 100755 --- a/config/modules.json +++ b/config/modules.json @@ -36,7 +36,7 @@ }, - "authentificationDefault": { + "authenticationDefault": { "POST::warehouse": { "description": "Connexion de premier niveau : entrepot.", "permissions": [], @@ -59,6 +59,17 @@ "output": { "status": { "description": "Status de la connexion.", "type": "boolean" } } + }, + + "POST::update_admin": { + "description": "Changement de mot de passe administrateur", + "permissions": [["admin"]], + "parameters": { + "old": { "description": "Mot de passe actuel", "type": "text" }, + "new": { "description": "Nouveau mot de passe", "type": "text" }, + "confirm": { "description": "Confirmation du nouveau mot de passe", "type": "text" } + }, + "output": {} } }, diff --git a/public_html/index.php b/public_html/index.php index 048612d..839f3b0 100755 --- a/public_html/index.php +++ b/public_html/index.php @@ -84,7 +84,7 @@ // logout from admin $R->get('logout/?', function(){ $_SERVER['REQUEST_METHOD'] = 'POST'; - $req = new Request('authentificationDefault/admin', ['username' => '-', 'password' => '']); + $req = new Request('authenticationDefault/admin', ['username' => '-', 'password' => '']); $res = $req->dispatch(); header('Location: /'); }); @@ -108,7 +108,7 @@ // warehouse logout $R->get('logout/?', function(){ $_SERVER['REQUEST_METHOD'] = 'POST'; - (new Request('authentificationDefault/warehouse', ['name' => '---', 'password' => '']))->dispatch(); + (new Request('authenticationDefault/warehouse', ['name' => '---', 'password' => '']))->dispatch(); header('Location: /'); }); diff --git a/public_html/view/admin.php b/public_html/view/admin.php index 869f0dc..64e1957 100755 --- a/public_html/view/admin.php +++ b/public_html/view/admin.php @@ -144,7 +144,7 @@ /* (2) On effectue la requête pour voir si tout fonctionne bien */ var request = { - path: 'authentificationDefault/admin', + path: 'authenticationDefault/admin', username: aName.value, password: aPassword.value }; @@ -182,7 +182,7 @@ logout.addEventListener('click', function(){ /* (1) On rédige une requête fausse (pour déconnecter) */ var request = { - path: 'authentificationDefault/warehouse', + path: 'authenticationDefault/warehouse', name: '-.-', password: '' }; diff --git a/public_html/view/js/profile.js b/public_html/view/js/profile.js index e69de29..cdd16dc 100755 --- a/public_html/view/js/profile.js +++ b/public_html/view/js/profile.js @@ -0,0 +1,93 @@ +// On referencie toutes les sections +var section = { + view: { + text: '#CONTAINER > section[data-sublink="view"] ', + element: document.querySelector('#CONTAINER > section[data-sublink="view"]') + }, + + password: { + text: '#CONTAINER > section[data-sublink="password"] ', + element: document.querySelector('#CONTAINER > section[data-sublink="password"]') + } + +}; + + + + +/* [1] view -> Visualisation profil +=========================================================*/ +if( section.view.element != null ){ + // TODO: Profil admin +} + + + + + +/* [2] password -> Changement de mot de passe +=========================================================*/ +if( section.password.element != null ){ + + // On récupère les champs + section.password.input = { + old: document.querySelector(section.password.text + '#old_pwd'), + new: document.querySelector(section.password.text + '#new_pwd'), + confirm: document.querySelector(section.password.text + '#confirm_pwd'), + + submit: document.querySelector(section.password.text + '#update_pwd') + }; + + // On recupere tous les messages d'erreur + section.password.errmsg = { + old: document.querySelector(section.password.text + '.error-msg.old_pwd'), + new: document.querySelector(section.password.text + '.error-msg.new_pwd'), + confirm: document.querySelector(section.password.text + '.error-msg.confirm_pwd') + }; + + /* (n) Gestion de l'envoi du formulaire */ + section.password.input.submit.addEventListener('click', function(e){ + // On annule l'envoi de base (PHP) + e.preventDefault(); + + // On vide les messages erreurs + section.password.errmsg.old.innerHTML = + section.password.errmsg.new.innerHTML = + section.password.errmsg.confirm.innerHTML = ''; + + var request = { + path: 'authenticationDefault/update_admin', // On veut modifier le mot de passe admin + old: section.password.input.old.value, + new: section.password.input.new.value, + confirm: section.password.input.confirm.value + }; + + api.send(request, function(answer){ + if( answer.error == 0 ){ // Tout s'est bien deroule + console.log('Mot de passe mis à jour!'); + + section.password.input.submit.anim('active', 1500); + + // on vide les champs + section.password.input.old.value = ''; + section.password.input.new.value = ''; + section.password.input.confirm.value = ''; + + }else{ // Erreur + console.error('ModuleError::'+answer.error); + + // if missing or incorrect param + if( answer.error == 16 || answer.error == 17 ){ + if( section.password.errmsg[answer.ErrorArguments[0]] != null ) + section.password.errmsg[answer.ErrorArguments[0]].innerHTML = 'Le champ est manquant ou incorrect !'; + } + } + + }); + + + + }, false); + +} + diff --git a/public_html/view/profile.php b/public_html/view/profile.php index 38e9a42..c901aae 100755 --- a/public_html/view/profile.php +++ b/public_html/view/profile.php @@ -54,15 +54,24 @@ - /* CHANGER MOT DE PASSE + /* CHANGEMENT MOT DE PASSE * */ - // if( $sublink == 'password' ){ + echo "
"; - echo "
"; - echo 'Changement de mot de passe'; - echo '
'; + echo ""; + + echo '
'; ?> diff --git a/public_html/view/warehouse.php b/public_html/view/warehouse.php index 0a20db2..74ec9a7 100755 --- a/public_html/view/warehouse.php +++ b/public_html/view/warehouse.php @@ -131,7 +131,7 @@ /* (2) On effectue la requête pour voir si tout fonctionne bien */ var request = { - path: 'authentificationDefault/warehouse', + path: 'authenticationDefault/warehouse', name: wName.value, password: wPassword.value };