diff --git a/Project/php/controller/AdminController.php b/Project/php/controller/AdminController.php
index 0b12251..b5dab87 100755
--- a/Project/php/controller/AdminController.php
+++ b/Project/php/controller/AdminController.php
@@ -107,7 +107,7 @@ class AdminController
public function removeUser(): void {
try {
- $id = Validation::filter_int($_GET['id']);
+ $id = Validation::filter_int($_GET['id'] ?? null);
$model = new MdlAdmin();
$model->removeUser($id);
$this->showAllUsers();
@@ -142,7 +142,7 @@ class AdminController
public function removeUserFromGroup(): void {
try {
- $id = Validation::filter_int($_GET['id']);
+ $id = Validation::filter_int($_GET['id'] ?? null);
$model = new MdlAdmin();
$model->removeUserFromGroup($id);
$this->showGroupDetails();
@@ -154,7 +154,7 @@ class AdminController
public function removeGroup(): void {
try {
- $selectedGroup = Validation::filter_int($_GET['selectedGroup']);
+ $selectedGroup = Validation::filter_int($_GET['selectedGroup'] ?? null);
$model = new MdlAdmin();
$model->removeGroup($selectedGroup);
$this->showAllGroups();
@@ -166,9 +166,9 @@ class AdminController
public function addGroup(): void {
try {
- $num = Validation::filter_int($_GET['num']);
- $year = Validation::filter_int($_GET['year']);
- $sector = Validation::filter_str_simple($_GET['sector']);
+ $num = Validation::filter_int($_GET['num'] ?? null);
+ $year = Validation::filter_int($_GET['year'] ?? null);
+ $sector = Validation::filter_str_simple($_GET['sector'] ?? null);
$model = new MdlAdmin();
$groupID = $model->addGroup($num, $year, $sector);
@@ -182,8 +182,8 @@ class AdminController
public function addUserToGroup(): void {
try {
- $user = Validation::filter_int($_GET['userID']);
- $group = Validation::filter_int($_GET['groupID']);
+ $user = Validation::filter_int($_GET['userID'] ?? null);
+ $group = Validation::filter_int($_GET['groupID'] ?? null);
$model = new MdlAdmin();
$model->addUserToGroup($user, $group);
$_GET['selectedGroup'] = $group;
diff --git a/Project/php/controller/StudentController.php b/Project/php/controller/StudentController.php
index fc6dfe7..65e7703 100755
--- a/Project/php/controller/StudentController.php
+++ b/Project/php/controller/StudentController.php
@@ -1,6 +1,7 @@
getUser($userID);
- echo $twig->render('myAccountView.html', ['user' => $user]);
+ try {
+ global $twig;
+ $userID = Validation::filter_int($_GET['user'] ?? null);
+ $mdl = new MdlStudent();
+ $user = $mdl->getUser($userID);
+ echo $twig->render('myAccountView.html', ['user' => $user]);
+ }
+ catch (Exception $e){
+ throw new Exception("invalid user ID");
+ }
}
public function modifyNickname(): void {
- global $twig;
- $userID = $_GET['user'];
- $newNickname = $_GET['newNickname'];
- $mdl = new MdlStudent();
- $mdl->modifyNickname($userID, $newNickname);
- $_GET['user'] = $userID;
- $this->showAccountInfos();
+ try {
+ $userID = Validation::filter_int($_GET['user']);
+ $newNickname = Validation::filter_str_nospecialchar($_GET['newNickname'] ?? null);
+ $mdl = new MdlStudent();
+ $mdl->modifyNickname($userID, $newNickname);
+ $_GET['user'] = $userID;
+ $this->showAccountInfos();
+ }
+ catch (Exception $e){
+ throw new Exception("invalid entries");
+ }
}
public function modifyPassword(): void {
- global $twig;
- $userID = $_GET['user'];
- $currentPassword = $_GET['currentPassword'];
- $newPassword = $_GET['newPassword'];
- $confirmNewPassword = $_GET['confirmNewPassword'];
- $mdl = new MdlStudent();
- $user = $mdl->getUser($userID);
+ try {
+ $userID = $_GET['user'];
+ $currentPassword = Validation::val_password($_GET['currentPassword'] ?? null);
+ $newPassword = Validation::val_password($_GET['newPassword'] ?? null);
+ $confirmNewPassword = Validation::val_password($_GET['confirmNewPassword'] ?? null);
+ $mdl = new MdlStudent();
+ $user = $mdl->getUser($userID);
- if ($user->getPassword() == $currentPassword && $newPassword == $confirmNewPassword)
- $mdl->ModifyPassword($userID, $newPassword);
+ if ($user->getPassword() != $currentPassword || $newPassword != $confirmNewPassword)
+ throw new Exception("");
- $_GET['user'] = $userID;
- $_REQUEST['action'] = 'showAccountInfos';
- $this->showAccountInfos();
+ $mdl->ModifyPassword($userID, $newPassword);
+ $_GET['user'] = $userID;
+ $this->showAccountInfos();
+ }
+ catch (Exception $e){
+ throw new Exception("invalid entries");
+ }
}
}
\ No newline at end of file
diff --git a/Project/php/templates/myAccountView.html b/Project/php/templates/myAccountView.html
index 7b667dc..8cd6fab 100644
--- a/Project/php/templates/myAccountView.html
+++ b/Project/php/templates/myAccountView.html
@@ -28,7 +28,7 @@
My account
{% if user is defined %}
- | Image : | {{user.image}} |
//modifier todo
+ | Image : | {{user.image}} |
| ID : | {{user.id}} |
| Nickname : | {{user.nickname}} |
|