From e83bb15831688b19470692af8ae7d8b683fad3d3 Mon Sep 17 00:00:00 2001 From: majean5 Date: Thu, 22 Dec 2022 21:07:14 +0100 Subject: [PATCH 1/2] suite validation --- config/Autoload.php | 3 +- config/Validation.php | 30 +++++++++--------- config/config.php | 4 +-- controleurs/ControleurVisiteur.php | 12 +++---- index.php | 7 ++-- .../Modele/{ListModel.php => ListeModel.php} | 0 {vues/styles => styles}/.DS_Store | Bin {vues/styles => styles}/commonStyles.css | 0 {vues/styles => styles}/connectionStyle.css | 0 vues/acceuil.php | 2 +- 10 files changed, 29 insertions(+), 29 deletions(-) rename modeles/Modele/{ListModel.php => ListeModel.php} (100%) rename {vues/styles => styles}/.DS_Store (100%) rename {vues/styles => styles}/commonStyles.css (100%) rename {vues/styles => styles}/connectionStyle.css (100%) diff --git a/config/Autoload.php b/config/Autoload.php index 87afab1..6e2b533 100644 --- a/config/Autoload.php +++ b/config/Autoload.php @@ -38,10 +38,9 @@ class Autoload { global $rep; $filename = $class.'.php'; - $dir = array('./','config/','controleurs/','modeles/Gateways/','modeles/Métier/','modeles/Modele'); + $dir = array('./','config/','controleurs/','modeles/Gateways/','modeles/Métier/','modeles/Modele/'); foreach ($dir as $d){ $file=$rep.$d.$filename; - echo $file; if (file_exists($file)) { include $file; diff --git a/config/Validation.php b/config/Validation.php index eecc2f7..5b9685f 100644 --- a/config/Validation.php +++ b/config/Validation.php @@ -23,48 +23,48 @@ return $dataVueEreur; } - static function val_inscription($username,$pwd1,$pwd2,$dataVueEreur){ - if (!isset($username)||$username==="") { + static function val_inscription($dataVueEreur){ + if (!isset($_POST['username'])||$_POST['username']==="") { $dataVueEreur[] ="Nom d'utilisateur manquant"; throw new Exception('pas de username'); } - $username = Validation::clear_string($username); - if($username == false){ + $_POST['username'] = Validation::clear_string($_POST['username']); + if($_POST['username'] == false){ $dataVueEreur[] = "Sanitizing error"; throw new Exception('sanitizing fail'); } - if (!isset($pwd1)||$pwd1==="") { + if (!isset($_POST['username'])||$_POST['username']==="") { $dataVueEreur[] ="Mot de passe manquant"; throw new Exception('pas de password'); } - $pwd1 = Validation::clear_string($pwd1); - if($pwd1 == false){ + $_POST['password'] = Validation::clear_string($_POST['password']); + if($_POST['password'] == false){ $dataVueEreur[] = "Sanitizing error"; throw new Exception('sanitizing fail'); } - if (!isset($pwd2)||$pwd2==="") { + if (!isset($_POST['confirmpassword'])||$_POST['confirmpassword']==="") { $dataVueEreur[] ="Confirmation mot de passe manquant"; throw new Exception('pas de confirmation password'); } - $pwd2 = Validation::clear_string($pwd2); - if($pwd2 == false){ + $_POST['confirmpassword'] = Validation::clear_string($_POST['confirmpassword']); + if($_POST['confirmpassword'] == false){ $dataVueEreur[] = "Sanitizing error"; throw new Exception('sanitizing fail'); } - if($pwd1 !== $pwd2){ + if($_POST['password'] !== $_POST['confirmpassword']){ $dataVueEreur[]="Mot de passe et confirmation différents"; throw new Exception("Mot de passe et confirmation différents"); } return $dataVueEreur; } - static function val_intitule($intitule, $dataVueEreur){ - if (!isset($intitule)||$intitule==="") { + static function val_intitule($dataVueEreur){ + if (!isset($_POST['name'])||$_POST['name']==="") { $dataVueEreur[] ="Intitulé manquant"; throw new Exception('pas d\'intitule'); } - $intitule = Validation::clear_string($intitule); - if($intitule == false){ + $_POST['name'] = Validation::clear_string($_POST['name']); + if($_POST['name'] == false){ $dataVueEreur[] = "Sanitizing error"; throw new Exception('sanitizing fail'); } diff --git a/config/config.php b/config/config.php index 55d6596..93d6107 100644 --- a/config/config.php +++ b/config/config.php @@ -17,8 +17,8 @@ $vues['creationListe']='vues/creationListe.php'; $vues['infosListe']='vues/infosListe.php'; $vues['creationTache']='vues/creationTache.php'; // Styles -$styles['commun']='vues/styles/commonStyles.css'; -$styles['connection']='vues/styles/connectionStyle.css'; +$styles['commun']='styles/commonStyles.css'; +$styles['connection']='styles/connectionStyle.css'; // Assets $assets['logo']='assets/chekliste.png'; diff --git a/controleurs/ControleurVisiteur.php b/controleurs/ControleurVisiteur.php index cd8b231..dbd9467 100644 --- a/controleurs/ControleurVisiteur.php +++ b/controleurs/ControleurVisiteur.php @@ -62,7 +62,7 @@ class ControleurVisiteur { } public function reinit(){ - global $rep,$vues,$dataView; + global $rep,$vues,$dataView,$styles; $model = new VisiteurModel(); $dataView = $model->pullPublicLists(); require($rep.$vues['acceuil']); @@ -79,6 +79,7 @@ class ControleurVisiteur { public function addTache($arrayErrorViews){ global $rep,$vues,$dataView; + $arrayErrorViews = Validation::val_intitule($arrayErrorViews); $nom=$_POST['name']; $idListe=$_POST['liste']; $model = new ListeModel(); @@ -118,11 +119,13 @@ class ControleurVisiteur { $this->reinit(); } else{ + echo 'mauvais passwd verify'; $arrayErrorViews =array('username'=>$usrname,'password'=>$pwd); require($rep.$vues['erreur']); } } else{ + echo 'mauvais user'; $arrayErrorViews =array('username'=>$usrname,'password'=>$pwd); require($rep.$vues['erreur']); } @@ -130,14 +133,11 @@ class ControleurVisiteur { public function inscription(array $vues_erreur){ global $rep,$vues,$dataView; - $usrname=$_POST['username']; - $pwd=$_POST['password']; - $confirm=$_POST['confirmpassword']; - $vues_erreur=Validation::val_inscription($usrname,$pwd,$confirm,$vues_erreur); + $vues_erreur=Validation::val_inscription($vues_erreur); if($vues_erreur == []){ $hash= password_hash($pwd,PASSWORD_DEFAULT); $model = new VisiteurModel(); - $model->inscription($usrname,$hash); + $model->inscription($_POST['username'],$hash); } $_REQUEST['action']=null; new ControleurVisiteur(); diff --git a/index.php b/index.php index 1acc24c..780d010 100644 --- a/index.php +++ b/index.php @@ -5,9 +5,10 @@ require_once(__DIR__.'/controleurs/FrontControleur.php'); require_once(__DIR__.'/config/config.php'); // Autoload des classes -//require_once(__DIR__.'/config/Autoload.php'); -//Autoload::charger(); +require_once(__DIR__.'/config/Autoload.php'); +Autoload::charger(); +/* require_once(__DIR__.'/config/Validation.php'); require_once(__DIR__.'/controleurs/ControleurUtilisateur.php'); require_once(__DIR__.'/controleurs/ControleurVisiteur.php'); @@ -21,7 +22,7 @@ require_once(__DIR__.'/modeles/Métier/Utilisateur.php'); require_once(__DIR__.'/modeles/Modele/UserModel.php'); require_once(__DIR__.'/modeles/Modele/VisiteurModel.php'); require_once(__DIR__.'/modeles/Modele/ListModel.php'); - +*/ // Construction du controleur diff --git a/modeles/Modele/ListModel.php b/modeles/Modele/ListeModel.php similarity index 100% rename from modeles/Modele/ListModel.php rename to modeles/Modele/ListeModel.php diff --git a/vues/styles/.DS_Store b/styles/.DS_Store similarity index 100% rename from vues/styles/.DS_Store rename to styles/.DS_Store diff --git a/vues/styles/commonStyles.css b/styles/commonStyles.css similarity index 100% rename from vues/styles/commonStyles.css rename to styles/commonStyles.css diff --git a/vues/styles/connectionStyle.css b/styles/connectionStyle.css similarity index 100% rename from vues/styles/connectionStyle.css rename to styles/connectionStyle.css diff --git a/vues/acceuil.php b/vues/acceuil.php index bdb4909..47d1592 100644 --- a/vues/acceuil.php +++ b/vues/acceuil.php @@ -3,7 +3,7 @@ Acceuil - +
From 8d270ebbacf7dae21d70b62e98853673f785c10a Mon Sep 17 00:00:00 2001 From: majean5 Date: Thu, 22 Dec 2022 22:21:50 +0100 Subject: [PATCH 2/2] Add: validation --- config/Validation.php | 54 +++++++++++++++++------------- config/config.php | 2 +- controleurs/ControleurVisiteur.php | 7 +++- 3 files changed, 38 insertions(+), 25 deletions(-) diff --git a/config/Validation.php b/config/Validation.php index 1640f47..2543e86 100644 --- a/config/Validation.php +++ b/config/Validation.php @@ -5,16 +5,16 @@ if (!isset($usrName)||$usrName=="") { $dataVueEreur[] ="Username or password missing"; } - $usrName = Validation::clear_string($usrName); - if($usrName == false){ - $dataVueEreur[] = "Sanitizing error"; + if ($usrName != Validation::clear_string($usrName)){ + $dataVueEreur[] = "Forbidden characters"; + $usrName=""; } if (!isset($mdp)||$mdp=="") { $dataVueEreur[] ="Username or password missing"; } - $mdp = Validation::clear_string($mdp); - if($mdp == false){ - $dataVueEreur[] = "Sanitizing error"; + if($mdp != Validation::clear_string($mdp)){ + $dataVueEreur[] = "Forbidden characters"; + $mdp=""; } return $dataVueEreur; } @@ -23,24 +23,23 @@ if (!isset($username)||$username==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['username'] = Validation::clear_string($_POST['username']); - if($_POST['username'] == false){ - $dataVueEreur[] = "Sanitizing error"; - throw new Exception('sanitizing fail'); + if($username != Validation::clear_string($username)){ + $dataVueEreur[] = "Forbidden characters"; + $username=""; } if (!isset($pwd1)||$pwd1==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['password'] = Validation::clear_string($_POST['password']); - if($_POST['password'] == false){ - $dataVueEreur[] = "Sanitizing error"; + if($pwd1 != Validation::clear_string($pwd1)){ + $dataVueEreur[] = "Forbidden characters"; + $pwd1=""; } if (!isset($pwd2)||$pwd2==="") { $dataVueEreur[] ="All fields are required"; } - $_POST['confirmpassword'] = Validation::clear_string($_POST['confirmpassword']); - if($_POST['confirmpassword'] == false){ - $dataVueEreur[] = "Sanitizing error"; + if($pwd2 != Validation::clear_string($pwd2)){ + $dataVueEreur[] = "Forbidden characters"; + $pwd2=""; } if($pwd1 !== $pwd2){ $dataVueEreur[]="Invalid confirmation"; @@ -48,15 +47,24 @@ return $dataVueEreur; } - static function val_intitule($dataVueEreur){ - if (!isset($_POST['name'])||$_POST['name']==="") { + static function val_intitule($name, $dataVueEreur){ + if (!isset($name)||$name==="") { $dataVueEreur[] ="Intitulé manquant"; - throw new Exception('pas d\'intitule'); } - $_POST['name'] = Validation::clear_string($_POST['name']); - if($_POST['name'] == false){ - $dataVueEreur[] = "Sanitizing error"; - throw new Exception('sanitizing fail'); + if($name != Validation::clear_string($name)){ + $dataVueEreur[] = "Forbidden characters"; + $name=""; + } + return $dataVueEreur; + } + + static function val_id($id, $dataVueEreur){ + if (!isset($id)||$id=""){ + $dataVueEreur[] = "Id error"; + } + if($id != filter_var($id, FILTER_VALIDATE_INT)){ + $dataVueEreur[] = "Id validation error"; + $id = 0; } return $dataVueEreur; } diff --git a/config/config.php b/config/config.php index f6edb98..c00a21b 100644 --- a/config/config.php +++ b/config/config.php @@ -3,7 +3,7 @@ //Prefixe $rep=__DIR__.'/../'; //BD -$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=dbPhp"; +$bd['dsn'] = "mysql:host=localhost;port=8888;dbname=bdPhp"; $bd['user'] = "root"; $bd['pswd'] = "root"; //Vues diff --git a/controleurs/ControleurVisiteur.php b/controleurs/ControleurVisiteur.php index 3d9df18..0815d12 100644 --- a/controleurs/ControleurVisiteur.php +++ b/controleurs/ControleurVisiteur.php @@ -84,6 +84,7 @@ class ControleurVisiteur { public function accessListInfos($arrayErrorViews){ global $rep,$vues,$dataView; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $dataView = $model->pullListById($idListe); require($rep.$vues['infosListe']); @@ -91,9 +92,10 @@ class ControleurVisiteur { public function addTache($arrayErrorViews){ global $rep,$vues,$dataView; - $arrayErrorViews = Validation::val_intitule($arrayErrorViews); $nom=$_POST['name']; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_intitule($name, $arrayErrorViews); + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $model->addTache($nom,$idListe); $_REQUEST['action']="accessListInfos"; @@ -103,6 +105,7 @@ class ControleurVisiteur { public function delTache($arrayErrorViews){ global $rep,$vues,$dataView; $idTache=$_POST['tache']; + $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews); $model= new ListeModel(); $model->delTache($idTache); $_REQUEST['action']="accessListInfos"; @@ -112,6 +115,7 @@ class ControleurVisiteur { public function changeCompletedTache($arrayErrorViews){ global $rep,$vues,$dataView; $idTache=$_POST['tache']; + $arrayErrorViews = Validation::val_id($idTache, $arrayErrorViews); $model = new ListeModel(); $model->changeCompletedTache($idTache); $_REQUEST['action']="accessListInfos"; @@ -185,6 +189,7 @@ class ControleurVisiteur { public function delListe(array $vues_erreur){ global $rep, $vues; $idListe=$_POST['liste']; + $arrayErrorViews = Validation::val_id($idListe, $arrayErrorViews); $model = new ListeModel(); $model->delListe($idListe); $_REQUEST['action']=null;