From 100ca0784aef71f0677522e2ceb1aa644578fef1 Mon Sep 17 00:00:00 2001
From: Erwann PHILIPPE <erwann.philippe2@gmail.com>
Date: Tue, 10 Mar 2026 19:54:16 +0100
Subject: [PATCH] =?UTF-8?q?continuation=20de=20la=20cr=C3=A9ation=20de=20c?=
 =?UTF-8?q?omptes?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Assets/functions.php | 51 ++++++++++++++++++++++++++++++++++++++++++++
 Assets/sendMail.php  | 17 +++++++++++++--
 activate.php         |  2 +-
 createPassword.php   | 20 +++++++++++++++++
 validate.php         | 20 +++++++++++++++++
 5 files changed, 107 insertions(+), 3 deletions(-)
 create mode 100644 createPassword.php
 create mode 100644 validate.php

diff --git a/Assets/functions.php b/Assets/functions.php
index da955f8..09e89ad 100644
--- a/Assets/functions.php
+++ b/Assets/functions.php
@@ -440,3 +440,54 @@ function getEventDate($bdd, $event)
 
     return $row ? $row['date'] : null;
 }
+
+function createValidationCode($bdd, $user, $ttlMinutes = 60)
+{
+    $table = "codes";
+    $colCode = "code";
+    $colUser = "utilisateur";
+    $colExpire = "peremption";
+
+    $code = "";
+    $exists = true;
+
+    while ($exists) {
+        $code = bin2hex(random_bytes(16));
+        
+        $checkStmt = mysqli_prepare($bdd, "SELECT id FROM `$table` WHERE `$colCode` = ? LIMIT 1");
+        if ($checkStmt) {
+            mysqli_stmt_bind_param($checkStmt, "s", $code);
+            mysqli_stmt_execute($checkStmt);
+            mysqli_stmt_store_result($checkStmt);
+            
+            if (mysqli_stmt_num_rows($checkStmt) == 0) {
+                $exists = false;
+            }
+            mysqli_stmt_close($checkStmt);
+        } else {
+            return false;
+        }
+    }
+
+    $expiresAt = date('Y-m-d H:i:s', time() + ($ttlMinutes * 60));
+
+    $insertSql = "INSERT INTO `$table` (`$colCode`, `$colUser`, `$colExpire`) VALUES (?, ?, ?)";
+    $insertStmt = mysqli_prepare($bdd, $insertSql);
+    
+    if ($insertStmt) {
+        mysqli_stmt_bind_param($insertStmt, "sss", $code, $user, $expiresAt);
+        $success = mysqli_stmt_execute($insertStmt);
+        $insertId = mysqli_insert_id($bdd);
+        mysqli_stmt_close($insertStmt);
+
+        if ($success) {
+            return [
+                'id'    => $insertId,
+                'code'  => $code,
+                'expire' => $expiresAt
+            ];
+        }
+    }
+
+    return false;
+}
\ No newline at end of file
diff --git a/Assets/sendMail.php b/Assets/sendMail.php
index 29c85ce..a6c6621 100644
--- a/Assets/sendMail.php
+++ b/Assets/sendMail.php
@@ -12,7 +12,7 @@ $message = ["
 <h1>Validation de création de compte</h1>
 <p>L'utilisateur {user} a demandé la création de son compte.</p>
 Le mail de validation sera envoyé à l'adresse : {mail}<br>
-Si vous voulez accepter, cliquez <a href='http://172.17.0.224/validate.php'>ici</a><br>
+Si vous voulez accepter, cliquez <a href='http://172.17.0.224/validate.php?user={user}&email={email}'>ici</a><br>
 <p>Sinon, vous pouvez simplement ignorer ce message</p><br>
 <p>Des bisous</p>
 ","
@@ -23,6 +23,11 @@ Merci de ne pas répondre à cet email.
 </p>
 {lien}
 "];
+
+include('./functions.php');
+$config = json_decode(file_get_contents("./config.json"), true);
+$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
+
 if(isset($_GET['type'])){
     $type = $_GET['type'];
 }else{
@@ -32,8 +37,16 @@ if(isset($_GET['type'])){
 if($type == 0){
     $user = $_GET['user'];
     $email = $_GET['email'];
+    $sendto = "blemaire@apeimbge.fr";
     $message[0] = str_replace("{user}", $user, $message[0]);
     $message[0] = str_replace('{mail}', $email, $message[0]);
+}else{
+    $user = $_GET['user'];
+    $email = $_GET['email'];
+    $sendto = $email;
+    $validationCode = createValidationCode($bdd, $user, 10080);
+
+    $message[1] = str_replace("{lien}", "http://172.17.0.224/validate.php?code=" . $validationCode["code"], $message[1]);
 }
 
 $mail = new PHPMailer(true);
@@ -52,7 +65,7 @@ try {
     $mail->isHTML(true);
 
     $mail->setFrom('intranet-apei@apeimbge.fr', 'Demande de connexion');
-    //$mail->addAddress('blemaire@apeimbge.fr');
+    $mail->addAddress($sendto);
     $mail->addAddress('erwann.philippe2@gmail.com');
 
     $mail->Subject = $objet[$type];
diff --git a/activate.php b/activate.php
index e60a5eb..ed8c6df 100644
--- a/activate.php
+++ b/activate.php
@@ -13,7 +13,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 <body>
     <h1>Activer mon compte sur l'intranet</h1>
     <form action="" method="post">
-        <label for="user">Veuillez le nom d'utilisateur de votre pc (APEIXXXX)</label>
+        <label for="user">Veuillez entrer le nom d'utilisateur (APEIXXXX)</label>
         <input type="text" name="user" id="user" placeholder="APEIXXXX" required><br>
         <label for="mail">Veuillez entrer votre adresse mail (pcharlot@apeimbge.fr)</label>
         <input type="text" name="mail" id="mail" placeholder="pcharlot@apeimbge.fr" required><br>
diff --git a/createPassword.php b/createPassword.php
new file mode 100644
index 0000000..30817b9
--- /dev/null
+++ b/createPassword.php
@@ -0,0 +1,20 @@
+<?php
+?>
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Activer mon compte</title>
+</head>
+<body>
+    <h1>Activer mon compte sur l'intranet</h1>
+    <form action="" method="post">
+        <label for="password1">Entrez votre nouveau mot de passe</label>
+        <input type="password" name="password1" id="password1" required><br>
+        <label for="password2">Confirmez votre mot de passe</label>
+        <input type="password" name="password2" id="password2" required><br>
+        <button type="submit">Créer mon mot de passe</button>
+    </form>
+</body>
+</html>
\ No newline at end of file
diff --git a/validate.php b/validate.php
new file mode 100644
index 0000000..da6861d
--- /dev/null
+++ b/validate.php
@@ -0,0 +1,20 @@
+<?php
+$user = $_GET['user'] ?? null;
+$email = $_GET['email'] ?? null;
+if($user && $email){
+    header('location: ./Assets/sendMail.php?type=1&user='.$user .'&email='. htmlspecialchars($email));
+}
+//TODO : Activer le compte en bdd, supprimer le code de validation, et rediriger vers la page de création de mot de passe
+?>
+<!DOCTYPE html>
+<html lang="fr">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Validation de compte</title>
+</head>
+<body>
+    <h1>Validation de compte sur l'intranet</h1>
+    <p>Le mail de validation va être envoyé à l'utilisateur.</p>
+</body>
+</html>
\ No newline at end of file