From 62924b327d945996b336409883fb985cce76c53f Mon Sep 17 00:00:00 2001
From: Anna BOUDOUL <Anna.BOUDOUL@etu.uca.fr>
Date: Thu, 22 Dec 2022 21:42:03 +0100
Subject: [PATCH 1/2] Validation start

---
 config/Validation.php    | 33 +++++++++++++++++++++++++++++++++
 controller/FrontCtrl.php |  5 +----
 index.php                |  3 +--
 model/TaskModel.php      |  1 +
 model/UserModel.php      | 22 +++++++++++++++++-----
 5 files changed, 53 insertions(+), 11 deletions(-)
 create mode 100644 config/Validation.php

diff --git a/config/Validation.php b/config/Validation.php
new file mode 100644
index 0000000..030adde
--- /dev/null
+++ b/config/Validation.php
@@ -0,0 +1,33 @@
+<?php
+
+    class Validation {
+
+        static function val_form_texte(string &$texte, array &$TMessage) {
+            if (!isset($texte)||$texte=="") {
+                $TMessage[] ="champs vide";
+                $texte="";
+            }
+
+            if ($texte != filter_var($texte, FILTER_SANITIZE_STRING))
+            {
+                $TMessage[] ="testative d'injection de code (attaque sécurité)";
+                $texte="";
+            }
+
+        }
+
+        static function val_form_mdp(string &$mdp, array &$TMessage) {
+            if (!isset($mdp)||$mdp=="") {
+                $TMessage[] ="pas de mdp";
+                $mdp="";
+            }
+
+            if ($mdp != filter_var($mdp, FILTER_SANITIZE_SPECIAL_CHARS))
+            {
+                $TMessage[] ="Le mot de passe ne doit pas contenir de caractères spéciaux";
+                $mdp="";
+            }
+
+        }
+    }
+?>
\ No newline at end of file
diff --git a/controller/FrontCtrl.php b/controller/FrontCtrl.php
index b6951e2..f072dd9 100644
--- a/controller/FrontCtrl.php
+++ b/controller/FrontCtrl.php
@@ -13,10 +13,7 @@ class FrontCtrl
         $this->action_User = array('deconnexion','loadListePriv','newListPrivate');
         try{
             $this->isUser = $this->usrMdl->isConnected(); // cette fonction retourne quoi?
-            if(isset($_REQUEST['action']))
-                $action = $_REQUEST['action'];
-            else
-                $action = null;
+            $action = $_REQUEST['action'] ?? null;
     
             if(($i = array_search($action,$this->action_User)) !== false){ # si action dans la liste d'actions user
                 if(!$this->isUser){ # si pas conncter
diff --git a/index.php b/index.php
index cdc44cb..833ab83 100644
--- a/index.php
+++ b/index.php
@@ -1,10 +1,9 @@
 <?php
     require_once("config/config.php");
     require_once("controller/FrontCtrl.php");
+    require('config/Validation.php');
     require("view/erreur.php");
     
     $fc = new FrontCtrl($con);
-    $TMessage = array();
-
 ?>
 
diff --git a/model/TaskModel.php b/model/TaskModel.php
index c0b05ec..1a63606 100644
--- a/model/TaskModel.php
+++ b/model/TaskModel.php
@@ -43,6 +43,7 @@ class TaskModel
     /* LIST FUNCTIONS */
     public function addList($nom,$owner="",$dc=0,$id=0)
     {
+        Validation::val_form_texte($owner, $TMessage);
         $l = new ListTask($nom,$owner,$dc);
         $this->gtw->insertL($l);
         // retourne quoi? con->lastInsertId() ?? 
diff --git a/model/UserModel.php b/model/UserModel.php
index cdbddd4..5f2a3ae 100644
--- a/model/UserModel.php
+++ b/model/UserModel.php
@@ -1,6 +1,7 @@
 <?php
     require('business/User.php');
     require('dal/UserGateway.php');
+
     class UserModel{
         private $con; 
         private $gat;
@@ -11,12 +12,14 @@
         }
         
         function connexion($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $result = $this->gat->findUser($login, $mdp);
             if(!isset($result)) echo 'not set works';
-            // if (isset($result))
-            // {
-            //     $_SESSION['login'] = $result;
-            // }  
+            else
+            {
+                $_SESSION['login'] = $result;
+            }  
         }
 
         function deconnexion(){
@@ -25,7 +28,8 @@
             $_SESSION = array();
         }
 
-        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen 
+        function isConnected(){ //teste rôle dans la session, retourne instance d’objet ou booleen
+            Validation::val_form_texte($_SESSION['login'], $TMessage);
             if(isset($_SESSION['login'])){
                 return true;
             } else {
@@ -34,20 +38,26 @@
         }
 
         function ajouter($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $user = $this->findByLogin($login);
             if (empty($user))
                 $this->gat->create($login, $mdp);
         }
 
         function supprimer($login){
+            Validation::val_form_texte($login, $TMessage);
             $this->gat->delete($login);
         }
 
         function modifMdp($login, $mdp){
+            Validation::val_form_texte($login, $TMessage);
+            Validation::val_form_mdp($mdp, $TMessage);
             $this->gat->updateMdp($login, $mdp);
         }
 
         function findByLogin($login){
+            Validation::val_form_texte($login, $TMessage);
             $user = null;
             if ($login !== " " && $login != null )
             {
@@ -60,6 +70,8 @@
         }
 
         function modifLogin($oldLogin, $newLogin){
+            Validation::val_form_texte($oldLogin, $TMessage);
+            Validation::val_form_texte($newLogin, $TMessage);
             $user = $this->findByLogin($oldLogin);
             if (empty($user))
                 $this->gat->updateLogin($oldLogin, $newLogin);

From f04cfc060b9abc62edb9211c2d431b70c2542053 Mon Sep 17 00:00:00 2001
From: Anna BOUDOUL <Anna.BOUDOUL@etu.uca.fr>
Date: Thu, 22 Dec 2022 21:55:10 +0100
Subject: [PATCH 2/2] Validation correction

---
 config/Validation.php      | 12 ++++++------
 controller/UserCtrl.php    | 40 +++++++++++++++++++++-----------------
 controller/VisitorCtrl.php |  2 +-
 model/UserModel.php        |  1 +
 4 files changed, 30 insertions(+), 25 deletions(-)

diff --git a/config/Validation.php b/config/Validation.php
index 030adde..97aa788 100644
--- a/config/Validation.php
+++ b/config/Validation.php
@@ -2,29 +2,29 @@
 
     class Validation {
 
-        static function val_form_texte(string &$texte, array &$TMessage) {
+        static function val_form_texte(&$texte, &$TMessage) {
             if (!isset($texte)||$texte=="") {
-                $TMessage[] ="champs vide";
+                $TMessage[] ="Empty fields";
                 $texte="";
             }
 
             if ($texte != filter_var($texte, FILTER_SANITIZE_STRING))
             {
-                $TMessage[] ="testative d'injection de code (attaque sécurité)";
+                $TMessage[]="Attempt to inject code (security attack)";
                 $texte="";
             }
 
         }
 
-        static function val_form_mdp(string &$mdp, array &$TMessage) {
+        static function val_form_mdp(&$mdp, &$TMessage) {
             if (!isset($mdp)||$mdp=="") {
-                $TMessage[] ="pas de mdp";
+                $TMessage[] ="Password not specified";
                 $mdp="";
             }
 
             if ($mdp != filter_var($mdp, FILTER_SANITIZE_SPECIAL_CHARS))
             {
-                $TMessage[] ="Le mot de passe ne doit pas contenir de caractères spéciaux";
+                $TMessage[] ="Password must not contain special characters";
                 $mdp="";
             }
 
diff --git a/controller/UserCtrl.php b/controller/UserCtrl.php
index 1dfa5c6..b488c7c 100644
--- a/controller/UserCtrl.php
+++ b/controller/UserCtrl.php
@@ -12,27 +12,31 @@ class UserCtrl
         $this->con = $con;
         $this->userModel = new UserModel($this->con);
         $this->taskModel = new TaskModel($this->con);
-        // try{
-        //     $action=$_REQUEST['action'];
-        //     switch($action){
+        try{
+            $action=$_REQUEST['action'];
+            switch($action){
 
-        //         // voir les listes privees 
-        //         case 'voirListePriv': 
-        //             $this->loadListePriv();
-        //             break;
+                // voir les listes privees 
+                case 'voirListePriv': 
+                    $this->loadListePriv();
+                    break;
                 
-        //         // ajouter une liste privee
-        //         case 'creerListePriv': 
-        //             $this->newListPrivate();
-        //             break;
-        //         case 'deconnecter': 
-        //             $this->deconnexion();
-        //             break;
+                // ajouter une liste privee
+                case 'creerListePriv': 
+                    $this->newListPrivate();
+                    break;
+                case 'deconnecter': 
+                    $this->deconnexion();
+                    break;
+                default:
+                $TMessage[] = 'Unexpected error';
+                require($rep.$vues['']);
+                break;
     
-        //     }
-        // } catch(Exception $e) {
-        //     require("../view/erreur.php");
-        // }
+            }
+        } catch(Exception $e) {
+            require("../view/erreur.php");
+        }
     }
 
     public function loadListePriv(){
diff --git a/controller/VisitorCtrl.php b/controller/VisitorCtrl.php
index fa61be4..fa68399 100644
--- a/controller/VisitorCtrl.php
+++ b/controller/VisitorCtrl.php
@@ -71,7 +71,7 @@ class VisitorCtrl
                 
                 default:
                     # 
-                    $dvueErreur[] = 'Erreur inattendue';
+                    $TMessage[] = 'Unexpected error';
                     require($rep.$vues['']);
                     break;
             }
diff --git a/model/UserModel.php b/model/UserModel.php
index 5f2a3ae..9123dd6 100644
--- a/model/UserModel.php
+++ b/model/UserModel.php
@@ -1,6 +1,7 @@
 <?php
     require('business/User.php');
     require('dal/UserGateway.php');
+    require_once("config/config.php");
 
     class UserModel{
         private $con;