ajout d'une fonction pour ne pas pouvoir utilisé un id qui n'est pas dans la base de donnée et ,j'ai fait les is pour admin et student (a revoir)

1 year ago · 017c661b0e
parent dbb85c2c68
commit 017c661b0e
5 changed files with 88 additions and 3 deletions
--- a/Project/php/controller/FrontController.php
+++ b/Project/php/controller/FrontController.php
@ -38,6 +38,10 @@ class FrontController
                $controller = $match['target'] ?? null;
                $action = Validation::val_action($match['params']['action'] ?? null);
                $id = $match['params']['id'] ?? null;
+                if(!$this->checkIdExist($id)) {
+                    throw new Exception("L'identifiant est invalide");
+                }
+
                print 'user Id received ' . $id . '<br>';
                print 'controleur appelé ' . $controller . '<br>';
                print $action . '<br>';
@ -93,4 +97,11 @@ class FrontController
        $user = $model->connection($login, $password);
        $this->home();
    }
+    public function checkIdExist($id):bool
+    {
+        $mdl = new MdlStudent();
+        $res = $mdl->checkIdExist($id);
+        return $res;
+    }
+
 }
--- a/Project/php/controller/StudentController.php
+++ b/Project/php/controller/StudentController.php
@ -8,6 +8,8 @@ use Exception;
 class StudentController
 {

+
+
    public function affAllVocab(): void
    {
        global $twig;
@ -17,6 +19,7 @@ class StudentController

    }

+
    public function affAllStudent(): void
    {
        global $twig;
--- a/Project/php/gateway/UserGateway.php
+++ b/Project/php/gateway/UserGateway.php
@ -296,4 +296,17 @@ class UserGateway extends AbsGateway
            throw new Exception($e->getMessage());
        }
    }
+    public function checkIdExist(int $id): bool {
+        $query = "SELECT COUNT(*) AS count FROM User_ WHERE id = :id";
+        $args = array(':id' => array($id, PDO::PARAM_INT));
+        $this->con->executeQuery($query, $args);
+        $results = $this->con->getResults();
+
+        if (is_array($results) && count($results) > 0) {
+            $count = $results[0]['count'];
+            return ($count > 0);
+        }
+
+        return false;
+    }
 }
--- a/Project/php/model/MdlAdmin.php
+++ b/Project/php/model/MdlAdmin.php
@ -74,6 +74,33 @@ class MdlAdmin extends AbsModel

    public function is()
    {
-        // TODO: Implement is() method.
+        if (
+            isset($_SESSION['id']) &&
+            isset($_SESSION['password']) &&
+            isset($_SESSION['email']) &&
+            isset($_SESSION['name']) &&
+            isset($_SESSION['surname']) &&
+            isset($_SESSION['nickname']) &&
+            isset($_SESSION['image']) &&
+            isset($_SESSION['extraTime']) &&
+            isset($_SESSION['group']) &&
+            isset($_SESSION['roles']) &&
+            $_SESSION['roles'] === 'admin'
+        ) {
+            $id = (int)$_SESSION['id'];
+            $password = $_SESSION['password'];
+            $email = $_SESSION['email'];
+            $name = $_SESSION['name'];
+            $surname = $_SESSION['surname'];
+            $nickname = $_SESSION['nickname'];
+            $image = $_SESSION['image'];
+            $extraTime = (bool)$_SESSION['extraTime'];
+            $group = (int)$_SESSION['group'];
+            $roles = $_SESSION['roles'];
+
+            return new User($id, $password, $email, $name, $surname, $nickname, $image, $extraTime, $group, $roles);
+        } else {
+            return null;
+        }
    }
 }
--- a/Project/php/model/MdlStudent.php
+++ b/Project/php/model/MdlStudent.php
@ -13,9 +13,12 @@ class MdlStudent extends AbsModel
    {
        parent::__construct("student");
    }
+    public function checkIdExist(int $id):bool {
+        $gtw = new UserGateway();
+        return $gtw->checkIdExist($id);
+    }

    public function getAll():array{
-        global $twig;
        $gtw = new VocabularyListGateway();
        return  $gtw->findAll();
        /*
@ -49,7 +52,35 @@ class MdlStudent extends AbsModel

    public function is()
    {
-        // TODO: Implement is() method.
+        if (
+            isset($_SESSION['id']) &&
+            isset($_SESSION['password']) &&
+            isset($_SESSION['email']) &&
+            isset($_SESSION['name']) &&
+            isset($_SESSION['surname']) &&
+            isset($_SESSION['nickname']) &&
+            isset($_SESSION['image']) &&
+            isset($_SESSION['extraTime']) &&
+            isset($_SESSION['group']) &&
+            isset($_SESSION['roles']) &&
+            $_SESSION['roles'] === 'student'
+        ) {
+            $id = (int)$_SESSION['id'];
+            $password = $_SESSION['password'];
+            $email = $_SESSION['email'];
+            $name = $_SESSION['name'];
+            $surname = $_SESSION['surname'];
+            $nickname = $_SESSION['nickname'];
+            $image = $_SESSION['image'];
+            $extraTime = (bool)$_SESSION['extraTime'];
+            $group = (int)$_SESSION['group'];
+            $roles = $_SESSION['roles'];
+
+            return new User($id, $password, $email, $name, $surname, $nickname, $image, $extraTime, $group, $roles);
+        } else {
+            return null;
+        }
    }
+
 }