From 811794f7f6e51e93addd2dba74451395e3d11fec Mon Sep 17 00:00:00 2001
From: Razshal <fontenille.mathieu@gmail.com>
Date: Fri, 11 May 2018 17:28:22 +0200
Subject: [PATCH] verification fixed

---
 config/setup.php         |  2 +-
 controller/C_signin.php  | 17 -----------
 controller/C_verify.php  | 14 ---------
 index.php                | 64 ++++++++++++++++++++++++++++++----------
 model/class_database.php | 34 +++++++++++++--------
 views/login.php          |  6 ++--
 views/signin.php         | 62 ++++++++++++++++----------------------
 views/verify.php         | 30 +++++++------------
 8 files changed, 108 insertions(+), 121 deletions(-)
 delete mode 100644 controller/C_signin.php
 delete mode 100644 controller/C_verify.php

diff --git a/config/setup.php b/config/setup.php
index 218090a..f6a5655 100644
--- a/config/setup.php
+++ b/config/setup.php
@@ -1,4 +1,4 @@
-<? ob_start(); ?>
+<?php ob_start(); ?>
 <div>
     <h2>Setup tried, Site status :</h2>
     <?php
diff --git a/controller/C_signin.php b/controller/C_signin.php
deleted file mode 100644
index 66fe5c4..0000000
--- a/controller/C_signin.php
+++ /dev/null
@@ -1,17 +0,0 @@
-<?php
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/model/checks.php");
-include_once($_SERVER["DOCUMENT_ROOT"] . "/model/class_database.php");
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/config/database.php");
-
-if ($DB_ERROR === false && isset($_POST)
-    && isset($_POST["submit"]) && $_POST["submit"] === "Sign-in")
-{
-    $validMail = validNewMail($database, $_POST["mail"]);
-    $validPass = validNewPassword($_POST["password"]);
-    $validLogin = validNewLogin($database, $_POST["login"]);
-    if ($validMail && $validPass && $validLogin)
-        $querySuccess = $database->newUser($_POST["login"],
-            $_POST["mail"], $_POST["password"]);
-}
-else if (isset($_POST["submit"]))
-    $querySuccess = false;
\ No newline at end of file
diff --git a/controller/C_verify.php b/controller/C_verify.php
deleted file mode 100644
index e13541d..0000000
--- a/controller/C_verify.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/model/checks.php");
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/controller/tools.php");
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/config/site.php");
-
-$done = 0;
-$success = false;
-
-if (isset($_GET)
-    && isset($_GET["action"]) && $_GET["action"] === "verify"
-    && isset($_GET["user"]) && isset($_GET["token"]))
-    $done = $database->verify_user($_POST["login"]);
-else
-    $done = false;
\ No newline at end of file
diff --git a/index.php b/index.php
index b879303..9c1fe01 100644
--- a/index.php
+++ b/index.php
@@ -20,30 +20,62 @@
 
 /************* Router ************/
 
-if (isset($_GET["action"]) && $_GET["action"] === "login") {
+if (isset($_GET) && isset($_GET["action"])) {
+    if ($_GET["action"] === "login")
+    {
         if (isset($_POST)
             && isset($_POST["submit"]) && $_POST["submit"] === "Login"
             && isset($_POST["login"]) && isset($_POST["password"])
             && ($auth = $database->authenticate($_POST["login"], $_POST["password"])))
             $_SESSION["user"] = $_POST["login"];
-    require ("views/login.php");
-}
+        require ("views/login.php");
+    }
 
-else if (isset($_GET["action"]) && $_GET["action"] === "logout") {
-    if ($database !== NULL) {
-        if (isset($_SESSION)
-            && isset($_SESSION["user"]) && $_SESSION["user"] != "")
-            $_SESSION["user"] = "";
+    else if ($_GET["action"] === "logout")
+    {
+        if ($database !== NULL) {
+            if (isset($_SESSION)
+                && isset($_SESSION["user"]) && $_SESSION["user"] != "")
+                $_SESSION["user"] = "";
+        }
+        require ("views/structure/template.php");
     }
-}
 
-else if (isset($_GET["action"]) && $_GET["action"] === "setup") {
-    if ($database !== NULL)
-        $success = $database->initiate();
-    else
-        $success= false;
-    require ("config/setup.php");
-}
+    else if ($_GET["action"] === "setup")
+    {
+        if ($database !== NULL)
+            $success = $database->initiate();
+        else
+            $success = false;
+        require ("config/setup.php");
+    }
 
+    else if ($_GET["action"] === "signin") {
+        if ($database !== NULL && isset($_POST)
+            && isset($_POST["submit"]) && $_POST["submit"] === "Sign-in")
+        {
+            $validMail = validNewMail($database, $_POST["mail"]);
+            $validPass = validNewPassword($_POST["password"]);
+            $validLogin = validNewLogin($database, $_POST["login"]);
+            if ($validMail && $validPass && $validLogin)
+            {
+                $querySuccess = $database->newUser($_POST["login"],
+                    $_POST["mail"], $_POST["password"]);
+            }
+        }
+        else if (isset($_POST["submit"]))
+            $querySuccess = false;
+        require ("views/signin.php");
+    }
 
+    else if ($_GET["action"] === "verify")
+    {
+        $done = 0;
+        if (isset($_GET) && isset($_GET["user"]) && isset($_GET["token"]))
+            $done = $database->verify_user($_GET["user"], $_GET["token"]);
+        else
+            $done = false;
+        require ("views/verify.php");
+    }
+}
 require ("views/structure/template.php");
\ No newline at end of file
diff --git a/model/class_database.php b/model/class_database.php
index 9a746a9..7e0fed7 100644
--- a/model/class_database.php
+++ b/model/class_database.php
@@ -74,7 +74,7 @@ public function initiate() {
             ");
             return true;
         } catch (Exception $e) {
-            return $e;
+            return false;
         }
     }
 
@@ -85,7 +85,7 @@ private function hash_pw($pw) {
     private function sendUserCheckMail($login, $mail, $token)
     {
         $token =
-            "http://{$this->SITE_ADDRESS}/views/verify.php" .
+            "http://{$this->SITE_ADDRESS}/index.php" .
             "?action=verify&user={$login}&token={$token}";
         $subject = 'Activate your Camagru account';
         $message =
@@ -101,8 +101,8 @@ private function sendUserCheckMail($login, $mail, $token)
             "<a style='color: whitesmoke' href=\"{$token}\">Validate account</a><br>" .
             "Or access this page on a web browser<br>{$token}</div>";
         $headers =
-            "From: noreply@{$this->SITE_ADDRESS}.com" . "\r\n" .
-            "Reply-To: noreply@{$this->SITE_ADDRESS}.com" . "\r\n" .
+            "From: noreply@{$this->SITE_ADDRESS}" . "\r\n" .
+            "Reply-To: noreply@{$this->SITE_ADDRESS}" . "\r\n" .
             'X-Mailer: PHP/' . phpversion() .
             'MIME-Version: 1.0' . "\r\n" .
             'Content-type: text/html; charset=iso-8859-1' . "\r\n";
@@ -138,16 +138,24 @@ public function newUser($login, $mail, $password)
         }
     }
 
-    public function verify_user ($login) {
-        if (validChars($login) && !empty($this->get_user($login))) {
-            $query = $this->PDO->prepare("
-            UPDATE user 
-            SET is_verified = 1 
-            WHERE login = :login");
-            $query->execute(array(':login' => $_GET["user"]));
-            return (!empty($query->fetchAll()));
+    public function verify_user ($login, $token) {
+        try {
+            if (validChars($login)
+                && !empty($user = $this->get_user($login)[0])
+                && !$user["is_verified"] == 1) {
+                $query = $this->PDO->prepare("
+                    UPDATE user SET is_verified = 1 
+                    WHERE login = :login 
+                    AND check_token = :token");
+                $query->execute(array(
+                    ':login' => $login,
+                    ':token' => $token));
+                return ($query->rowCount() > 0);
+            } else if (isset($user) && $user["is_verified"] == 1)
+                return true;
+        } catch (Exception $e) {
+            return false;
         }
-        return false;
     }
 
     public function get_user($login) {
diff --git a/views/login.php b/views/login.php
index 6e64801..0fc191b 100644
--- a/views/login.php
+++ b/views/login.php
@@ -14,13 +14,13 @@
 if (!isset($_SESSION) || !isset($_SESSION["user"])
     || $_SESSION["user"] === "") {
     ?>
-    <form class="loginForm" method="post" action="/index.php">
+    <form class="loginForm" method="post" action="/index.php?action=login">
         <p>Login</p><br/>
         <input type="text" placeholder="Login" title="login" name="login"><br/>
         <input type="password" placeholder="Password" title="password" name="password"><br/>
         <input class="submit" type="submit" title="send" name="submit" value="Login"><br/>
-        <a class="link" href="signin.php">Don't have an account ? Sign in</a>
-        <a class="link" href="password_reset.php">Forgot your password ? Reset password</a>
+        <a class="link" href="index.php?action=signin">Don't have an account ? Sign in</a>
+        <a class="link" href="index.php?action=reset">Forgot your password ? Reset password</a>
     </form>
     <?php
 }
diff --git a/views/signin.php b/views/signin.php
index 8c4b7bf..dbf7a9a 100644
--- a/views/signin.php
+++ b/views/signin.php
@@ -1,37 +1,25 @@
-<?php
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/views/structure/head.php");
-require_once ($_SERVER["DOCUMENT_ROOT"] . "/controller/C_signin.php"); ?>
-<html lang="en">
-    <body>
-        <?php include("structure/header.php") ?>
-        <main>
-            <div id="errorPlace">
-            <?php
-                if ($DB_ERROR !== false)
-                    echo $DB_ERROR;
-                if (isset($validMail) && !$validMail)
-                    echo ("<h2 class='error'>Mail is already in use or not valid</h2>");
-                if (isset($validLogin) && !$validLogin)
-                    echo ("<h2 class='error'>Login is already in use or not valid 
-                    (4 chars >= login <= 20 chars)</h2>");
-                if (isset($validPass) && !$validPass)
-                    echo ("<h2 class='error'>Password should be at least 8 chars and
-                    contains at least one letter and one digit</h2>");
-                if (isset($querySuccess) && $querySuccess === false)
-                    echo ("<h2 class='error'>Error during user creation, please retry</h2>");
-                else if (isset($querySuccess) && $querySuccess === true)
-                    echo ("<h2 class='success'>Account created</h2>");
-            ?>
-            </div>
-            <form class="loginForm" method="post" action="signin.php">
-                <p>Sign-in</p><br/>
-                <input type="text" placeholder="Login" title="login" name="login"><br/>
-                <input type="email" placeholder="Mail" title="mail" name="mail"><br/>
-                <input type="password" placeholder="Password" title="password" name="password"><br/>
-                <input class="submit" type="submit" title="send" name="submit" value="Sign-in"><br/>
-            </form>
-        </main>
-    </body>
-    <?php include("structure/footer.php") ?>
-</html>
-<script src="style/style.js"></script>
\ No newline at end of file
+<?php ob_start(); ?>
+<div id="errorPlace"><?php
+    if ($database === NULL)
+        echo $DB_ERROR;
+    if (isset($validMail) && !$validMail)
+        echo ("<h2 class='error'>Mail is already in use or not valid</h2>");
+    if (isset($validLogin) && !$validLogin)
+        echo ("<h2 class='error'>Login is already in use or not valid 
+                   (4 chars >= login <= 20 chars)</h2>");
+    if (isset($validPass) && !$validPass)
+        echo ("<h2 class='error'>Password should be at least 8 chars and
+                   contains at least one letter and one digit</h2>");
+    if (isset($querySuccess) && $querySuccess === false)
+        echo ("<h2 class='error'>Error during user creation, please retry</h2>");
+    else if (isset($querySuccess) && $querySuccess === true)
+        echo ("<h2 class='success'>Account created</h2>");?>
+</div>
+<form class="loginForm" method="post" action="index.php?action=signin">
+    <p>Sign-in</p><br/>
+    <input type="text" placeholder="Login" title="login" name="login"><br/>
+    <input type="email" placeholder="Mail" title="mail" name="mail"><br/>
+    <input type="password" placeholder="Password" title="password" name="password"><br/>
+    <input class="submit" type="submit" title="send" name="submit" value="Sign-in"><br/>
+</form>
+<?php $content = ob_get_clean(); ?>
\ No newline at end of file
diff --git a/views/verify.php b/views/verify.php
index b42987a..93937e6 100644
--- a/views/verify.php
+++ b/views/verify.php
@@ -1,20 +1,10 @@
-<?php
-include_once ($_SERVER["DOCUMENT_ROOT"] . "/views/structure/head.php");
-require_once ($_SERVER["DOCUMENT_ROOT"] . "/controller/C_verify.php");
-?>
-<html lang="en">
-    <body>
-        <?php include($_SERVER["DOCUMENT_ROOT"] . "/views/structure/header.php") ?>
-        <main>
-            <div id="errorPlace">
-                <?php
-                if ($done === false)
-                    echo ("<h2 class='error'>Error wrong token/login</h2>");
-                if ($done === true)
-                    echo ("<h2 class='success'>Account activated</h2>");
-                ?>
-            </div>
-        </main>
-    </body>
-<?php include($_SERVER["DOCUMENT_ROOT"] . "/views/structure/footer.php") ?>
-</html>
\ No newline at end of file
+<?php ob_start(); ?>
+    <div id="errorPlace">
+        <?php
+        if ($done === false)
+            echo ("<h2 class='error'>Error wrong token/login</h2>");
+        if ($done === true)
+            echo ("<h2 class='success'>Account activated</h2>");
+        ?>
+    </div>
+<?php $content = ob_get_clean() ?>
\ No newline at end of file