From 8d270ebbacf7dae21d70b62e98853673f785c10a Mon Sep 17 00:00:00 2001 From: majean5 Date: Thu, 22 Dec 2022 22:21:50 +0100 Subject: [PATCH] Add: validation --- config/Validation.php | 54 +++++++++++++++++------------- config/config.php | 2 +- controleurs/ControleurVisiteur.php | 7 +++- 3 files changed, 38 insertions(+), 25 deletions(-) diff --git a/config/Validation.php b/config/Validation.php index 1640f47..2543e86 100644 --- a/config/Validation.php +++ b/config/Validation.php @@ -5,16 +5,16 @@ if (!isset($usrName)||$usrName=="") { $dataVueEreur[] ="Username or password missing"; } - $usrName = Validation::clear_string($usrName); - if($usrName == false){ - $dataVueEreur[] = "Sanitizing error"; + if ($usrName != Validation::clear_string($usrName)){ + $dataVueEreur[] = "Forbidden characters"; + $usrName=""; } if (!isset($mdp)||$mdp=="") { $dataVueEreur[] ="Username or password missing"; } - $mdp = Validation::clear_string($mdp); - if($mdp == false){ - $dataVueEreur[] = "Sanitizing error"; + if($mdp != Validation::clear_string($mdp)){ + $dataVueEreur[] = "Forbidden characters"; + $mdp=""; } return $dataVueEreur; } @@ -23,24 +23,23 @@ if (!isset($username)||$username==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['username'] = Validation::clear_string($_POST['username']); - if($_POST['username'] == false){ - $dataVueEreur[] = "Sanitizing error"; - throw new Exception('sanitizing fail'); + if($username != Validation::clear_string($username)){ + $dataVueEreur[] = "Forbidden characters"; + $username=""; } if (!isset($pwd1)||$pwd1==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['password'] = Validation::clear_string($_POST['password']); - if($_POST['password'] == false){ - $dataVueEreur[] = "Sanitizing error"; + if($pwd1 != Validation::clear_string($pwd1)){ + $dataVueEreur[] = "Forbidden characters"; + $pwd1=""; } if (!isset($pwd2)||$pwd2==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['confirmpassword'] = Validation::clear_string($_POST['confirmpassword']); - if($_POST['confirmpassword'] == false){ - $dataVueEreur[] = "Sanitizing error"; + if($pwd2 != Validation::clear_string($pwd2)){ + $dataVueEreur[] = "Forbidden characters"; + $pwd2=""; } if($pwd1 !== $pwd2){ $dataVueEreur[]="Invalid confirmation"; @@ -48,15 +47,24 @@ return $dataVueEreur; } - static function val_intitule($dataVueEreur){ - if (!isset($_POST['name'])||$_POST['name']==="") { + static function val_intitule($name, $dataVueEreur){ + if (!isset($name)||$name==="") { $dataVueEreur[] ="Intitulé manquant"; - throw new Exception('pas d\'intitule'); } - $_POST['name'] = Validation::clear_string($_POST['name']); - if($_POST['name'] == false){ - $dataVueEreur[] = "Sanitizing error"; - throw new Exception('sanitizing fail'); + if($name != Validation::clear_string($name)){ + $dataVueEreur[] = "Forbidden characters"; + $name=""; + } + return $dataVueEreur; + } + + static function val_id($id, $dataVueEreur){ + if (!isset($id)||$id=""){ + $dataVueEreur[] = "Id error"; + } + if($id != filter_var($id, FILTER_VALIDATE_INT)){ + $dataVueEreur[] = "Id validation error"; + $id = 0; } return $dataVueEreur; } diff --git a/config/config.php b/config/config.php index f6edb98..c00a21b 100644 --- a/config/config.php +++ b/config/config.php @@ -3,7 +3,7 @@ //Prefixe $rep=__DIR__.'/../'; //BD -$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=dbPhp"; +$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=bdPhp"; $bd['user'] = "root"; $bd['pswd'] = "root"; //Vues diff --git a/controleurs/ControleurVisiteur.php b/controleurs/ControleurVisiteur.php index 3d9df18..0815d12 100644 --- a/controleurs/ControleurVisiteur.php +++ b/controleurs/ControleurVisiteur.php @@ -84,6 +84,7 @@ class ControleurVisiteur { public function accessListInfos($arrayErrorViews){ global $rep,$vues,$dataView; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $dataView = $model->pullListById($idListe); require($rep.$vues['infosListe']); @@ -91,9 +92,10 @@ class ControleurVisiteur { public function addTache($arrayErrorViews){ global $rep,$vues,$dataView; - $arrayErrorViews = Validation::val_intitule($arrayErrorViews); $nom=$_POST['name']; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_intitule($name, $arrayErrorViews); + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $model->addTache($nom,$idListe); $_REQUEST['action']="accessListInfos"; @@ -103,6 +105,7 @@ class ControleurVisiteur { public function delTache($arrayErrorViews){ global $rep,$vues,$dataView; $idTache=$_POST['tache']; + $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews); $model= new ListeModel(); $model->delTache($idTache); $_REQUEST['action']="accessListInfos"; @@ -112,6 +115,7 @@ class ControleurVisiteur { public function changeCompletedTache($arrayErrorViews){ global $rep,$vues,$dataView; $idTache=$_POST['tache']; + $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews); $model = new ListeModel(); $model->changeCompletedTache($idTache); $_REQUEST['action']="accessListInfos"; @@ -185,6 +189,7 @@ class ControleurVisiteur { public function delListe(array $vues_erreur){ global $rep, $vues; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $model->delListe($idListe); $_REQUEST['action']=null;