From 62924b327d945996b336409883fb985cce76c53f Mon Sep 17 00:00:00 2001
From: Anna BOUDOUL <Anna.BOUDOUL@etu.uca.fr>
Date: Thu, 22 Dec 2022 21:42:03 +0100
Subject: [PATCH] Validation start

---
 config/Validation.php    | 33 +++++++++++++++++++++++++++++++++
 controller/FrontCtrl.php |  5 +----
 index.php                |  3 +--
 model/TaskModel.php      |  1 +
 model/UserModel.php      | 22 +++++++++++++++++-----
 5 files changed, 53 insertions(+), 11 deletions(-)
 create mode 100644 config/Validation.php

diff --git a/config/Validation.php b/config/Validation.php
new file mode 100644
index 0000000..030adde
--- /dev/null
+++ b/config/Validation.php
@@ -0,0 +1,33 @@
+<?php
+
+    class Validation {
+
+        static function val_form_texte(string &$texte, array &$TMessage) {
+            if (!isset($texte)||$texte=="") {
+                $TMessage[] ="champs vide";
+                $texte="";
+            }
+
+            if ($texte != filter_var($texte, FILTER_SANITIZE_STRING))
+            {
+                $TMessage[] ="testative d'injection de code (attaque sécurité)";
+                $texte="";
+            }
+
+        }
+
+        static function val_form_mdp(string &$mdp, array &$TMessage) {
+            if (!isset($mdp)||$mdp=="") {
+                $TMessage[] ="pas de mdp";
+                $mdp="";
+            }
+
+            if ($mdp != filter_var($mdp, FILTER_SANITIZE_SPECIAL_CHARS))
+            {
+                $TMessage[] ="Le mot de passe ne doit pas contenir de caractères spéciaux";
+                $mdp="";
+            }
+
+        }
+    }
+?>
\ No newline at end of file
diff --git a/controller/FrontCtrl.php b/controller/FrontCtrl.php
index b6951e2..f072dd9 100644
--- a/controller/FrontCtrl.php
+++ b/controller/FrontCtrl.php
@@ -13,10 +13,7 @@ class FrontCtrl
         $this->action_User = array('deconnexion','loadListePriv','newListPrivate');
         try{
             $this->isUser = $this->usrMdl->isConnected(); // cette fonction retourne quoi?
-            if(isset($_REQUEST['action']))
-                $action = $_REQUEST['action'];
-            else
-                $action = null;
+            $action = $_REQUEST['action'] ?? null;
     
             if(($i = array_search($action,$this->action_User)) !== false){ # si action dans la liste d'actions user
                 if(!$this->isUser){ # si pas conncter
diff --git a/index.php b/index.php
index cdc44cb..833ab83 100644
--- a/index.php
+++ b/index.php
@@ -1,10 +1,9 @@
 <?php
     require_once("config/config.php");
     require_once("controller/FrontCtrl.php");
+    require('config/Validation.php');
     require("view/erreur.php");
     
     $fc = new FrontCtrl($con);
-    $TMessage = array();
-
 ?>
 
diff --git a/model/TaskModel.php b/model/TaskModel.php
index c0b05ec..1a63606 100644
--- a/model/TaskModel.php
+++ b/model/TaskModel.php
@@ -43,6 +43,7 @@ class TaskModel
     /* LIST FUNCTIONS */
     public function addList($nom,$owner="",$dc=0,$id=0)
     {
+        Validation::val_form_texte($owner, $TMessage);
         $l = new ListTask($nom,$owner,$dc);
         $this->gtw->insertL($l);
         // retourne quoi? con->lastInsertId() ?? 
diff --git a/model/UserModel.php b/model/UserModel.php
index cdbddd4..5f2a3ae 100644
--- a/model/UserModel.php
+++ b/model/UserModel.php
@@ -1,6 +1,7 @@
 <?php
     require('business/User.php');
     require('dal/UserGateway.php');
+
     class UserModel{
         private $con; 
         private $gat;
@@ -11,12 +12,14 @@
         }
         
         function connexion($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $result = $this->gat->findUser($login, $mdp);
             if(!isset($result)) echo 'not set works';
-            // if (isset($result))
-            // {
-            //     $_SESSION['login'] = $result;
-            // }  
+            else
+            {
+                $_SESSION['login'] = $result;
+            }  
         }
 
         function deconnexion(){
@@ -25,7 +28,8 @@
             $_SESSION = array();
         }
 
-        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen 
+        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen
+            Validation::val_form_texte($_SESSION['login'], $TMessage);
             if(isset($_SESSION['login'])){
                 return true;
             } else {
@@ -34,20 +38,26 @@
         }
 
         function ajouter($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $user = $this->findByLogin($login);
             if (empty($user))
                 $this->gat->create($login, $mdp);
         }
 
         function supprimer($login){
+            Validation::val_form_texte($login, $TMessage);
             $this->gat->delete($login);
         }
 
         function modifMdp($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $this->gat->updateMdp($login, $mdp);
         }
 
         function findByLogin($login){
+            Validation::val_form_texte($login, $TMessage);
             $user = null;
             if ($login !== " " && $login != null )
             {
@@ -60,6 +70,8 @@
         }
 
         function modifLogin($oldLogin, $newLogin){
+            Validation::val_form_texte($oldLogin, $TMessage);
+            Validation::val_form_texte($newLogin, $TMessage);
             $user = $this->findByLogin($oldLogin);
             if (empty($user))
                 $this->gat->updateLogin($oldLogin, $newLogin);