Add: validation

config/Validation.php

@@ -5,16 +5,16 @@
             if (!isset($usrName)||$usrName=="") {
                 $dataVueEreur[] ="Username or password missing";
             }
-            $usrName = Validation::clear_string($usrName);
-            if($usrName == false){
-                $dataVueEreur[] = "Sanitizing error";
+            if ($usrName != Validation::clear_string($usrName)){
+                $dataVueEreur[] = "Forbidden characters";
+                $usrName="";
             }
             if (!isset($mdp)||$mdp=="") {
                 $dataVueEreur[] ="Username or password missing";
             }
-            $mdp = Validation::clear_string($mdp);
-            if($mdp == false){
-                $dataVueEreur[] = "Sanitizing error";
+            if($mdp != Validation::clear_string($mdp)){
+                $dataVueEreur[] = "Forbidden characters";
+                $mdp="";
             }
             return $dataVueEreur;
         }
@@ -23,24 +23,23 @@
             if (!isset($username)||$username==="") {
                 $dataVueEreur[] ="All fields are required";
             }
-            $_POST['username'] = Validation::clear_string($_POST['username']);
-            if($_POST['username'] == false){
-                $dataVueEreur[] = "Sanitizing error";
-                throw new Exception('sanitizing fail');
+            if($username != Validation::clear_string($username)){
+                $dataVueEreur[] = "Forbidden characters";
+                $username="";
             }
             if (!isset($pwd1)||$pwd1==="") {
                 $dataVueEreur[] ="All fields are required";
             }
-            $_POST['password'] = Validation::clear_string($_POST['password']);
-            if($_POST['password'] == false){
-                $dataVueEreur[] = "Sanitizing error";
+            if($pwd1 != Validation::clear_string($pwd1)){
+                $dataVueEreur[] = "Forbidden characters";
+                $pwd1="";
             }
             if (!isset($pwd2)||$pwd2==="") {
                 $dataVueEreur[] ="All fields are required";
             }
-            $_POST['confirmpassword'] = Validation::clear_string($_POST['confirmpassword']);
-            if($_POST['confirmpassword'] == false){
-                $dataVueEreur[] = "Sanitizing error";
+            if($pwd2 != Validation::clear_string($pwd2)){
+                $dataVueEreur[] = "Forbidden characters";
+                $pwd2="";
             }
             if($pwd1 !== $pwd2){
                 $dataVueEreur[]="Invalid confirmation";
@@ -48,15 +47,24 @@
             return $dataVueEreur;
         }
 
-        static function val_intitule($dataVueEreur){
-            if (!isset($_POST['name'])||$_POST['name']==="") {
+        static function val_intitule($name, $dataVueEreur){
+            if (!isset($name)||$name==="") {
                 $dataVueEreur[] ="Intitulé manquant";
-                throw new Exception('pas d\'intitule');
             }
-            $_POST['name'] = Validation::clear_string($_POST['name']);
-            if($_POST['name'] == false){
-                $dataVueEreur[] = "Sanitizing error";
-                throw new Exception('sanitizing fail');
+            if($name != Validation::clear_string($name)){
+                $dataVueEreur[] = "Forbidden characters";
+                $name="";
+            }
+            return $dataVueEreur;
+        }
+
+        static function val_id($id, $dataVueEreur){
+            if (!isset($id)||$id=""){
+                $dataVueEreur[] = "Id error";
+            }
+            if($id != filter_var($id, FILTER_VALIDATE_INT)){
+                $dataVueEreur[] = "Id validation error";
+                $id = 0;
             }
             return $dataVueEreur;
         }

config/config.php

@@ -3,7 +3,7 @@
 //Prefixe
 $rep=__DIR__.'/../';
 //BD
-$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=dbPhp";
+$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=bdPhp";
 $bd['user'] = "root";
 $bd['pswd'] = "root";
 //Vues

controleurs/ControleurVisiteur.php

@@ -84,6 +84,7 @@ class ControleurVisiteur {
     public function accessListInfos($arrayErrorViews){
         global $rep,$vues,$dataView;
         $idListe=$_POST['liste'];
+        $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews);
         $model = new ListeModel();
         $dataView = $model->pullListById($idListe);
         require($rep.$vues['infosListe']);
@@ -91,9 +92,10 @@ class ControleurVisiteur {
 
     public function addTache($arrayErrorViews){
         global $rep,$vues,$dataView;
-        $arrayErrorViews = Validation::val_intitule($arrayErrorViews);
         $nom=$_POST['name'];
         $idListe=$_POST['liste'];
+        $arrayErrorViews = Validation::val_intitule($name, $arrayErrorViews);
+        $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews);
         $model = new ListeModel();
         $model->addTache($nom,$idListe);
         $_REQUEST['action']="accessListInfos";
@@ -103,6 +105,7 @@ class ControleurVisiteur {
     public function delTache($arrayErrorViews){
         global $rep,$vues,$dataView;
         $idTache=$_POST['tache'];
+        $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews);
         $model= new ListeModel();
         $model->delTache($idTache);
         $_REQUEST['action']="accessListInfos";
@@ -112,6 +115,7 @@ class ControleurVisiteur {
     public function changeCompletedTache($arrayErrorViews){
         global $rep,$vues,$dataView;
         $idTache=$_POST['tache'];
+        $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews);
         $model = new ListeModel();
         $model->changeCompletedTache($idTache);
         $_REQUEST['action']="accessListInfos";
@@ -185,6 +189,7 @@ class ControleurVisiteur {
     public function delListe(array $vues_erreur){
         global $rep, $vues;
         $idListe=$_POST['liste'];
+        $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews);
         $model = new ListeModel();
         $model->delListe($idListe);
         $_REQUEST['action']=null;