diff --git a/config/Validation.php b/config/Validation.php
new file mode 100644
index 0000000..97aa788
--- /dev/null
+++ b/config/Validation.php
@@ -0,0 +1,33 @@
+<?php
+
+    class Validation {
+
+        static function val_form_texte(&$texte, &$TMessage) {
+            if (!isset($texte)||$texte=="") {
+                $TMessage[] ="Empty fields";
+                $texte="";
+            }
+
+            if ($texte != filter_var($texte, FILTER_SANITIZE_STRING))
+            {
+                $TMessage[]="Attempt to inject code (security attack)";
+                $texte="";
+            }
+
+        }
+
+        static function val_form_mdp(&$mdp, &$TMessage) {
+            if (!isset($mdp)||$mdp=="") {
+                $TMessage[] ="Password not specified";
+                $mdp="";
+            }
+
+            if ($mdp != filter_var($mdp, FILTER_SANITIZE_SPECIAL_CHARS))
+            {
+                $TMessage[] ="Password must not contain special characters";
+                $mdp="";
+            }
+
+        }
+    }
+?>
\ No newline at end of file
diff --git a/config/config.php b/config/config.php
index 421f998..d192ac5 100644
--- a/config/config.php
+++ b/config/config.php
@@ -3,8 +3,17 @@
     
     $rep=__DIR__.'/../';
 
-    $con = new Connection('mysql:host=localhost;dbname=phpproject', 'nifranco', 'achanger'); 
-    //$con = new Connection('mysql:host=localhost;dbname=dbanboudoul', 'anboudoul', 'mdpMYSQL');
+    //$con = new Connection('mysql:host=localhost;dbname=phpproject', 'nifranco', 'achanger'); 
+    $con = new Connection('mysql:host=localhost;dbname=dbanboudoul', 'anboudoul', 'mdpMYSQL');
 
     $TMessage = array();
+
+    $TabVues = array();
+    $TabVues["erreur"] = "view/erreur.php";
+    $TabVues["home"] = "view/home.php";
+    $TabVues["connection"] = "view/connection.php";
+    $TabVues["register"] = "view/register.php";
+    $TabVues["newList"] = "view/newList.php";
+    $TabVues["liste"] = "view/liste.php";
+    
 ?>
\ No newline at end of file
diff --git a/controller/FrontCtrl.php b/controller/FrontCtrl.php
index b6951e2..c5040b8 100644
--- a/controller/FrontCtrl.php
+++ b/controller/FrontCtrl.php
@@ -1,4 +1,5 @@
 <?php
+require_once("config/config.php");
 require("model/UserModel.php");
 
 class FrontCtrl
@@ -6,23 +7,22 @@ class FrontCtrl
     private UserModel $usrMdl;
     private $action_User;
     private bool $isUser;
+    private $TabVues;
 
-    function __construct(&$con){
+    function __construct(&$con, $TabVues){
         session_start();
+        $this->TabVues = $TabVues;
         $this->usrMdl = new UserModel($con);
         $this->action_User = array('deconnexion','loadListePriv','newListPrivate');
         try{
             $this->isUser = $this->usrMdl->isConnected(); // cette fonction retourne quoi?
-            if(isset($_REQUEST['action']))
-                $action = $_REQUEST['action'];
-            else
-                $action = null;
+            $action = $_REQUEST['action'] ?? null;
     
             if(($i = array_search($action,$this->action_User)) !== false){ # si action dans la liste d'actions user
                 if(!$this->isUser){ # si pas conncter
                     # appel controlleur visiteur avec action connecter
                     require("VisitorCtrl.php");
-                    $visitCtrl = new VisitorCtrl($con);
+                    $visitCtrl = new VisitorCtrl($con, $this->TabVues);
                     $visitCtrl->goconnexion();
                 } else { # sinon
                     # handle action avec controlleur user
@@ -33,10 +33,10 @@ class FrontCtrl
             } else { # sinon forcement action visiteur
                 # appel controlleur visiteur avec l'action
                 require("VisitorCtrl.php"); 
-                $visitCtrl = new VisitorCtrl($con,$this->isUser);
+                $visitCtrl = new VisitorCtrl($con, $this->TabVues, $this->isUser);
             }
         } catch (Exception $e){ // verifier si catch bon
-            require("../view/erreur.php"); 
+            require($this->TabVues["erreur"]); 
         }
     }
 }
diff --git a/controller/UserCtrl.php b/controller/UserCtrl.php
index 1dfa5c6..f7150f9 100644
--- a/controller/UserCtrl.php
+++ b/controller/UserCtrl.php
@@ -7,32 +7,38 @@ class UserCtrl
     private $con;
     private $taskModel;
     private $userModel;
+    private $TabVues;
 
-    public function __construct(Connection $con){
+    public function __construct(Connection $con, $TabVues){
+        $this->TabVues = $TabVues;
         $this->con = $con;
         $this->userModel = new UserModel($this->con);
         $this->taskModel = new TaskModel($this->con);
-        // try{
-        //     $action=$_REQUEST['action'];
-        //     switch($action){
+        try{
+            $action=$_REQUEST['action'];
+            switch($action){
 
-        //         // voir les listes privees 
-        //         case 'voirListePriv': 
-        //             $this->loadListePriv();
-        //             break;
+                // voir les listes privees 
+                case 'voirListePriv': 
+                    $this->loadListePriv();
+                    break;
                 
-        //         // ajouter une liste privee
-        //         case 'creerListePriv': 
-        //             $this->newListPrivate();
-        //             break;
-        //         case 'deconnecter': 
-        //             $this->deconnexion();
-        //             break;
+                // ajouter une liste privee
+                case 'creerListePriv': 
+                    $this->newListPrivate();
+                    break;
+                case 'deconnecter': 
+                    $this->deconnexion();
+                    break;
+                default:
+                $TMessage[] = 'Unexpected error';
+                require($this->TabVues["erreur"]); 
+                break;
     
-        //     }
-        // } catch(Exception $e) {
-        //     require("../view/erreur.php");
-        // }
+            }
+        } catch(Exception $e) {
+            require($this->TabVues["erreur"]); 
+        }
     }
 
     public function loadListePriv(){
@@ -40,7 +46,7 @@ class UserCtrl
         // $TabList[] = new ListTask(0, "Projet PHP");
         // $TabList[] = new ListTask(1, "Projet Blazor");
         $TabList = $this->taskModel->loadPrivateLists($_SESSION['login']);
-        require("../view/liste.php");
+        require($this->TabVues["liste"]); 
     }
 
     public function newListPrivate(){
@@ -52,7 +58,7 @@ class UserCtrl
     function loadHome(){
         $user = false;
         $public_lists = $this->taskModel->loadPublicLists();
-        require("../view/home.php");
+        require($this->TabVues["home"]); 
     }
 
     public function deconnexion(){
diff --git a/controller/VisitorCtrl.php b/controller/VisitorCtrl.php
index ccd3e7e..7545e30 100644
--- a/controller/VisitorCtrl.php
+++ b/controller/VisitorCtrl.php
@@ -1,12 +1,15 @@
 <?php
 require("model/TaskModel.php");
+
 class VisitorCtrl
 {
     private $taskModel;
     private $userModel;
     private $isUser;
+    private $TabVues;
 
-    function __construct($con,$isUser){
+    function __construct($con, $TabVues, $isUser){
+        $this->TabVues = $TabVues;
         $this->isUser = $isUser;
         $dvueErreur = array();
         $this->taskModel = new TaskModel($con);
@@ -71,24 +74,24 @@ class VisitorCtrl
                 
                 default:
                     # 
-                    $dvueErreur[] = 'Erreur inattendue';
-                    require($rep.$vues['']);
+                    $TMessage[] = 'Unexpected error';
+                    require($this->TabVues["erreur"]); 
                     break;
             }
             
         } catch (Exception $e) {
-            require("view/erreur.php");
+            require($this->TabVues["erreur"]); 
         }
     }
     function loadHome(){
         $public_lists = $this->taskModel->loadPublicLists();
         $user = $this->isUser;
-        require("view/home.php");
+        require($this->TabVues["home"]); 
     }
 
     function go_connection(){
         $user = $this->isUser;
-        require("view/connection.php");
+        require($this->TabVues["connection"]);
     }
 
     function connection(){
@@ -98,7 +101,7 @@ class VisitorCtrl
 
     function go_register(){
         $user = $this->isUser;
-        require("view/register.php");
+        require($this->TabVues["register"]);
     }
 
     function register(){
@@ -107,7 +110,6 @@ class VisitorCtrl
     
     function go_list(){
         $user = $this->isUser;
-        $dataVue['newList'] = null;
         require("view/newList.php");
     }
 
diff --git a/index.php b/index.php
index f6ab28f..8cec805 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,9 @@
 <?php
-    require_once("config/config.php");
+    require("config/config.php");
+    require('config/Validation.php');
+    require("view/erreur.php");
     require_once("controller/FrontCtrl.php");
-    //var_dump($_GET);
-    $fc = new FrontCtrl($con);
-
+    
+    $fc = new FrontCtrl($con, $TabVues);
 ?>
 
diff --git a/model/TaskModel.php b/model/TaskModel.php
index b34832c..1a63606 100644
--- a/model/TaskModel.php
+++ b/model/TaskModel.php
@@ -43,7 +43,8 @@ class TaskModel
     /* LIST FUNCTIONS */
     public function addList($nom,$owner="",$dc=0,$id=0)
     {
-        $l = new ListTask($nom,$owner,$dc); 
+        Validation::val_form_texte($owner, $TMessage);
+        $l = new ListTask($nom,$owner,$dc);
         $this->gtw->insertL($l);
         // retourne quoi? con->lastInsertId() ?? 
     }
diff --git a/model/UserModel.php b/model/UserModel.php
index cdbddd4..9123dd6 100644
--- a/model/UserModel.php
+++ b/model/UserModel.php
@@ -1,6 +1,8 @@
 <?php
     require('business/User.php');
     require('dal/UserGateway.php');
+    require_once("config/config.php");
+
     class UserModel{
         private $con; 
         private $gat;
@@ -11,12 +13,14 @@
         }
         
         function connexion($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $result = $this->gat->findUser($login, $mdp);
             if(!isset($result)) echo 'not set works';
-            // if (isset($result))
-            // {
-            //     $_SESSION['login'] = $result;
-            // }  
+            else
+            {
+                $_SESSION['login'] = $result;
+            }  
         }
 
         function deconnexion(){
@@ -25,7 +29,8 @@
             $_SESSION = array();
         }
 
-        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen 
+        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen
+            Validation::val_form_texte($_SESSION['login'], $TMessage);
             if(isset($_SESSION['login'])){
                 return true;
             } else {
@@ -34,20 +39,26 @@
         }
 
         function ajouter($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $user = $this->findByLogin($login);
             if (empty($user))
                 $this->gat->create($login, $mdp);
         }
 
         function supprimer($login){
+            Validation::val_form_texte($login, $TMessage);
             $this->gat->delete($login);
         }
 
         function modifMdp($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $this->gat->updateMdp($login, $mdp);
         }
 
         function findByLogin($login){
+            Validation::val_form_texte($login, $TMessage);
             $user = null;
             if ($login !== " " && $login != null )
             {
@@ -60,6 +71,8 @@
         }
 
         function modifLogin($oldLogin, $newLogin){
+            Validation::val_form_texte($oldLogin, $TMessage);
+            Validation::val_form_texte($newLogin, $TMessage);
             $user = $this->findByLogin($oldLogin);
             if (empty($user))
                 $this->gat->updateLogin($oldLogin, $newLogin);
diff --git a/view/about.php b/view/about.php
new file mode 100644
index 0000000..cfafb0d
--- /dev/null
+++ b/view/about.php
@@ -0,0 +1,74 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+        <meta name="description" content="" />
+        <meta name="author" content="" />
+        <!-- Core theme CSS (includes Bootstrap)-->
+        <link href="../view/css/home.css" rel="stylesheet" />
+    </head>
+    <body>
+        <div class="d-flex" id="wrapper">
+            <!-- Sidebar-->
+            <div class="border-end bg-white" id="sidebar-wrapper">
+                <div class="sidebar-heading border-bottom bg-light">2do</div>
+                <div class="list-group list-group-flush">
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">Home</a>
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">New List +</a>
+                <?php
+                    if($user){
+                        echo '<a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">My Lists &#128274;</a>';
+                    }               
+                ?>
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">About</a>
+                </div>
+            </div>
+            <!-- Page content wrapper-->
+            <div id="page-content-wrapper">
+                <!-- Top navigation-->
+                <nav class="navbar navbar-expand-lg navbar-light bg-light border-bottom">
+                    <div class="container-fluid">
+                        <button class="btn btn-primary" id="sidebarToggle">Toggle Menu</button>
+                        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>
+                        <div class="collapse navbar-collapse" id="navbarSupportedContent">
+                            <ul class="navbar-nav ms-auto mt-2 mt-lg-0">
+                                <?php
+                                    if($user){
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Log out</a></li>';
+                                    } else {
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Log In</a></li>';
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Register</a></li>';
+                                    }
+                                ?>
+                            </ul>
+                        </div>
+                    </div>
+                </nav>
+                <!--Contenu de la page ici-->
+                <div class="container-fluid">
+                    <center>
+                        <div class="col-lg-4 mb-5 mb-lg-0 text-center">
+                            <div>
+                            <div class="rounded-5 shadow-3-soft p-4" style="background-color: #fff9f2">
+                                <div class="border-top border-dark mx-auto" style="width: 100px"></div>
+                                <p class="text-muted mt-4 mb-2">2Do</p>
+                                <p class="h5 mb-4" style="color: #344e41">A PHP project</p>
+                                <p class="pb-4 mb-4">
+                                    A little PHP project realised by two french students studying Computer Science at the IUT of
+                                    Clermont Auvergne in France. The main goal of this project was to create a little To Do List
+                                    using the PHP language. We hope that you will find it useful.
+                                </p>
+                                </div>
+                            </div>
+                        </div>
+                    </center>
+                </div>
+
+            </div>
+        </div>
+        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
+        <!-- Core theme JS-->
+        <script src="../view/js/home.js"></script>
+    </body>
+</html>
\ No newline at end of file
diff --git a/view/erreur.php b/view/erreur.php
new file mode 100644
index 0000000..5998524
--- /dev/null
+++ b/view/erreur.php
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8" />
+        <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css" 
+              rel="stylesheet" integrity="sha384-rbsA2VBKQhggwzxH7pPCaAqO46MgnOM80zW1RWuH61DGLwZJEdK2Kadq2F9CUG65" 
+              crossorigin="anonymous">
+    </head>
+    <body>
+        <?php
+            foreach($TMessage as $err) {
+                echo '<div class="alert alert-danger alert-dismissible d-flex align-items-center fade show">
+                <i class="bi-exclamation-octagon-fill"></i>
+                <strong class="mx-2">Error!</strong>' . $err . "</div>";
+            }
+        ?>
+    </body>
+</html>
\ No newline at end of file
diff --git a/view/newTask.php b/view/newTask.php
new file mode 100644
index 0000000..03e3436
--- /dev/null
+++ b/view/newTask.php
@@ -0,0 +1,87 @@
+<!DOCTYPE html>
+<html lang="en">
+    <head>
+        <meta charset="utf-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
+        <meta name="description" content="" />
+        <meta name="author" content="" />
+        <!-- Core theme CSS (includes Bootstrap)-->
+        <link href="../view/css/home.css" rel="stylesheet" />
+    </head>
+    <body>
+        <div class="d-flex" id="wrapper">
+            <!-- Sidebar-->
+            <div class="border-end bg-white" id="sidebar-wrapper">
+                <div class="sidebar-heading border-bottom bg-light">2do</div>
+                <div class="list-group list-group-flush">
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">Home</a>
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">New List +</a>
+                <?php
+                    if($user){
+                        echo '<a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">My Lists &#128274;</a>';
+                    }               
+                ?>
+                <a class="list-group-item list-group-item-action list-group-item-light p-3" href="#!">About</a>
+                </div>
+            </div>
+            <!-- Page content wrapper-->
+            <div id="page-content-wrapper">
+                <!-- Top navigation-->
+                <nav class="navbar navbar-expand-lg navbar-light bg-light border-bottom">
+                    <div class="container-fluid">
+                        <button class="btn btn-primary" id="sidebarToggle">Toggle Menu</button>
+                        <button class="navbar-toggler" type="button" data-bs-toggle="collapse" data-bs-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"><span class="navbar-toggler-icon"></span></button>
+                        <div class="collapse navbar-collapse" id="navbarSupportedContent">
+                            <ul class="navbar-nav ms-auto mt-2 mt-lg-0">
+                                <?php
+                                    if($user){
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Log out</a></li>';
+                                    } else {
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Log In</a></li>';
+                                        echo '<li class="nav-item"><a class="nav-link" href="#!">Register</a></li>';
+                                    }
+                                ?>
+                            </ul>
+                        </div>
+                    </div>
+                </nav>
+                <!--Contenue de la page ici-->
+                <div class="container-fluid">
+                <h4 class="text-center my-3 pb-3">New Task</h4>
+                <form>
+                        <div class="form-outline mb-4 align-items-center">
+                            <input type="title" id="form2title" class="form-control" required minlength="0" maxlength="250"/>
+                            <label class="form-label" for="form2title">Title</label>
+                        </div>
+
+                        <div class="form-outline mb-4">
+                            <input type="text" id="form2description" class="form-control" minlength="0" maxlength="250">
+                            <label class="form-label" for="form2description">Description</label>
+                        </div>
+
+                        <div class="form-outline mb-4">
+                            <input type="date" id="form2dateDeb" class="form-control">
+                            <label class="form-label" for="form2dateDeb">Starting date</label>
+                        </div>
+
+                        <div class="form-outline mb-4">
+                            <input type="date" id="form2dateFin" class="form-control">
+                            <label class="form-label" for="form2dateFin">Ending date</label>
+                        </div>
+
+                        <div class="form-outline mb-4">
+                            <input type="text" id="form2importance" class="form-control" />
+                            <label class="form-label" for="form2importance">Importance</label>
+                        </div>
+
+                        <!-- Submit button -->
+                        <button type="button" class="btn btn-primary btn-block mb-4" action="connecter">Save</button>
+                    </form>
+                </div>
+            </div>
+        </div>
+        <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.1.3/dist/js/bootstrap.bundle.min.js"></script>
+        <!-- Core theme JS-->
+        <script src="../view/js/home.js"></script>
+    </body>
+</html>
\ No newline at end of file