validation myaccountview et ses actions

Project/php/controller/AdminController.php

@@ -107,7 +107,7 @@ class AdminController
 
     public function removeUser(): void {
         try {
-            $id = Validation::filter_int($_GET['id']);
+            $id = Validation::filter_int($_GET['id'] ?? null);
             $model = new MdlAdmin();
             $model->removeUser($id);
             $this->showAllUsers();
@@ -142,7 +142,7 @@ class AdminController
 
     public function removeUserFromGroup(): void {
         try {
-            $id = Validation::filter_int($_GET['id']);
+            $id = Validation::filter_int($_GET['id'] ?? null);
             $model = new MdlAdmin();
             $model->removeUserFromGroup($id);
             $this->showGroupDetails();
@@ -154,7 +154,7 @@ class AdminController
 
     public function removeGroup(): void {
         try {
-            $selectedGroup = Validation::filter_int($_GET['selectedGroup']);
+            $selectedGroup = Validation::filter_int($_GET['selectedGroup'] ?? null);
             $model = new MdlAdmin();
             $model->removeGroup($selectedGroup);
             $this->showAllGroups();
@@ -166,9 +166,9 @@ class AdminController
 
     public function addGroup(): void {
         try {
-            $num = Validation::filter_int($_GET['num']);
-            $year = Validation::filter_int($_GET['year']);
-            $sector = Validation::filter_str_simple($_GET['sector']);
+            $num = Validation::filter_int($_GET['num'] ?? null);
+            $year = Validation::filter_int($_GET['year'] ?? null);
+            $sector = Validation::filter_str_simple($_GET['sector'] ?? null);
 
             $model = new MdlAdmin();
             $groupID = $model->addGroup($num, $year, $sector);
@@ -182,8 +182,8 @@ class AdminController
 
     public function addUserToGroup(): void {
         try {
-            $user = Validation::filter_int($_GET['userID']);
-            $group = Validation::filter_int($_GET['groupID']);
+            $user = Validation::filter_int($_GET['userID'] ?? null);
+            $group = Validation::filter_int($_GET['groupID'] ?? null);
             $model = new MdlAdmin();
             $model->addUserToGroup($user, $group);
             $_GET['selectedGroup'] = $group;

Project/php/controller/StudentController.php

@@ -1,6 +1,7 @@
 <?php
 
 namespace controller;
+use config\Validation;
 use model\MdlStudent;
 use Exception;
 
@@ -76,37 +77,50 @@ class StudentController
     }
 
     public function showAccountInfos(): void {
-        global $twig;
-        $userID = $_GET['user'];
-        $mdl = new MdlStudent();
-        $user = $mdl->getUser($userID);
-        echo $twig->render('myAccountView.html', ['user' => $user]);
+        try {
+            global $twig;
+            $userID = Validation::filter_int($_GET['user'] ?? null);
+            $mdl = new MdlStudent();
+            $user = $mdl->getUser($userID);
+            echo $twig->render('myAccountView.html', ['user' => $user]);
+        }
+        catch (Exception $e){
+            throw new Exception("invalid user ID");
+        }
     }
 
     public function modifyNickname(): void {
-        global $twig;
-        $userID = $_GET['user'];
-        $newNickname = $_GET['newNickname'];
-        $mdl = new MdlStudent();
-        $mdl->modifyNickname($userID, $newNickname);
-        $_GET['user'] = $userID;
-        $this->showAccountInfos();
+        try {
+            $userID = Validation::filter_int($_GET['user']);
+            $newNickname = Validation::filter_str_nospecialchar($_GET['newNickname'] ?? null);
+            $mdl = new MdlStudent();
+            $mdl->modifyNickname($userID, $newNickname);
+            $_GET['user'] = $userID;
+            $this->showAccountInfos();
+        }
+        catch (Exception $e){
+            throw new Exception("invalid entries");
+        }
     }
 
     public function modifyPassword(): void {
-        global $twig;
-        $userID = $_GET['user'];
-        $currentPassword = $_GET['currentPassword'];
-        $newPassword = $_GET['newPassword'];
-        $confirmNewPassword = $_GET['confirmNewPassword'];
-        $mdl = new MdlStudent();
-        $user = $mdl->getUser($userID);
+        try {
+            $userID = $_GET['user'];
+            $currentPassword = Validation::val_password($_GET['currentPassword'] ?? null);
+            $newPassword = Validation::val_password($_GET['newPassword'] ?? null);
+            $confirmNewPassword = Validation::val_password($_GET['confirmNewPassword'] ?? null);
+            $mdl = new MdlStudent();
+            $user = $mdl->getUser($userID);
 
-        if ($user->getPassword() == $currentPassword && $newPassword == $confirmNewPassword)
-            $mdl->ModifyPassword($userID, $newPassword);
+            if ($user->getPassword() != $currentPassword || $newPassword != $confirmNewPassword)
+                throw new Exception("");
 
-        $_GET['user'] = $userID;
-        $_REQUEST['action'] = 'showAccountInfos';
-        $this->showAccountInfos();
+            $mdl->ModifyPassword($userID, $newPassword);
+            $_GET['user'] = $userID;
+            $this->showAccountInfos();
+        }
+        catch (Exception $e){
+            throw new Exception("invalid entries");
+        }
     }
 }

Project/php/templates/myAccountView.html

@@ -28,7 +28,7 @@
     <h1>My account</h1>
     {% if user is defined %}
         <table>
-            <tr><td>Image : </td><td>{{user.image}}</td></tr> //modifier todo
+            <tr><td>Image : </td><td>{{user.image}}</td></tr>
             <tr><td>ID : </td><td>{{user.id}}</td></tr>
             <tr><td>Nickname : </td><td>{{user.nickname}}</td>
                 <td>