Merge branch 'php' of https://codefirst.iut.uca.fr/git/antoine.jourdain/SAE_2A_Anglais into php

merge encore (mrc pour les commit).
1 year ago · 42402faa05
parent f9cec2d223 7a13dc682b
commit 42402faa05
6 changed files with 48 additions and 28 deletions
--- a/Project/db/defaultinsert.sql
+++ b/Project/db/defaultinsert.sql
@ -18,23 +18,29 @@ INSERT INTO User_ VALUES (1, "Password*123", "francois.dupont@etu.uca.fr", "Fran
 INSERT INTO User_ VALUES (2, "Password*123", "sylvain.volvic@etu.uca.fr", "Sylvain", "Volvic", "sylvaincpt", "", true, 1);
 INSERT INTO User_ VALUES (3, "Password*123", "jean.bombeur@etu.uca.fr", "Jean", "Bombeur", "jambombeurre", "", false, 2);
 INSERT INTO User_ VALUES (6, "Password*123", "tony.tonic@etu.uca.fr", "Tony", "Tonic", "tonytonic", "", false, 3);
+INSERT INTO User_ VALUES (10, "$2y$10$RHgtbmnMWixD/ztTz55L9elDisjiyDy.NobsWa8L8pzYDgQYJGL.y", "student@uca.fr", "Student", "UCA", "student", "", NULL, NULL);

 -- User : teacher
 INSERT INTO User_ VALUES (5, "Password*123", "michel.singinou@ext.uca.fr", "Michel", "Singinou", "mich", "", NULL, NULL);
+INSERT INTO User_ VALUES (20, "$2y$10$vvY7Dny2Qt0LdRgIxcZ.5uZ3LygRd1hMhqtjjj/v5tF57yos0JEmG", "teacher@uca.fr", "Teacher", "UCA", "teacher", "", NULL, NULL);

 -- User : admin
-INSERT INTO User_ VALUES (4, "admin", "admin@uca.fr", "Admin", "UCA", "admin", "", NULL, NULL);
+INSERT INTO User_ VALUES (30, "$2y$10$STTT3uR83dcwduiqqyKRde3b02LQi9iavkzn47NbA.xUrt92PalgW", "admin@uca.fr", "Admin", "UCA", "admin", "", NULL, NULL);

 -- Role attribution
 INSERT INTO Be VALUES (1, 3);
 INSERT INTO Be VALUES (2, 3);
 INSERT INTO Be VALUES (3, 3);
 INSERT INTO Be VALUES (6, 3);
+INSERT INTO Be VALUES (10, 3);
+

 INSERT INTO Be VALUES (4, 1);
 INSERT INTO Be VALUES (4, 2);
+INSERT INTO Be VALUES (20, 2);

 INSERT INTO Be VALUES (5, 2);
+INSERT INTO Be VALUES (30, 1);

 -- Vocabulary list
 INSERT INTO VocabularyList VALUES (1, "Animaux", "", 5);
--- a/Project/php/config/config.php
+++ b/Project/php/config/config.php
@ -18,4 +18,4 @@ global $password;
 $password = 'achanger';

 global $altorouterPath;
-$altorouterPath = "/~anrichard7/SAE_2A_Anglais/Project/php";
+$altorouterPath = "/SAE_2A_Anglais/Project/php";
--- a/Project/php/controller/FrontController.php
+++ b/Project/php/controller/FrontController.php
@ -4,6 +4,7 @@ namespace controller;

 use config\Validation;
 use Exception;
+use model\MdlStudent;

 class FrontController
 {
@ -16,11 +17,6 @@ class FrontController
        var_dump($_SESSION['login']);
        var_dump($_SESSION['roles']);

-        if (!is_writable(session_save_path())) {
-            echo 'Session path "'.session_save_path().'" is not writable for PHP!';
-        }
-        else echo "good";
-
        try {
            $router = new \AltoRouter();
            $router->setBasePath($altorouterPath);
@ -40,11 +36,11 @@ class FrontController

            switch ($action) {
                case null:
-                    echo $twig->render('home.html');
+                    $this->home();
                    break;

                case 'login':
-                    echo $twig->render('login.html');
+                    $this->login();
                    break;

                case 'confirmLogin':
@ -67,7 +63,21 @@ class FrontController
        }
    }

-    public function confirmLogin(): void {
+    public function home(): void {
+        global $twig;
+        echo $twig->render('home.html');
+    }

+    public function login(): void {
+        global $twig;
+        echo $twig->render('login.html');
+    }
+
+    public function confirmLogin(): void {
+        $model = new MdlStudent();
+        $login = strip_tags($_POST['logemail']);
+        $password = strip_tags($_POST['logpass']);
+        $user = $model->connection($login, $password);
+        $this->home();
    }
 }
--- a/Project/php/gateway/UserGateway.php
+++ b/Project/php/gateway/UserGateway.php
@ -147,12 +147,12 @@ class UserGateway extends AbsGateway
        }
    }

-    public function login(string $login) : array{
+    public function login(string $login) : string{
        try {
            $query = "SELECT password FROM User_ WHERE email=:email";
            $args = array(':email' => array($login, PDO::PARAM_STR));
            $this->con->executeQuery($query, $args);
-            return $this->con->getResults();
+            return $this->con->getResults()[0]['password'];
        }
        catch(PDOException $e ){
            throw new Exception($e->getMessage());
--- a/Project/php/model/AbsModel.php
+++ b/Project/php/model/AbsModel.php
@ -17,18 +17,20 @@ abstract class AbsModel
    }

    public function connection(string $login, string $password){
-        $cleanedLogin = strip_tags($login);
-        $cleanedPassword = strip_tags($password);
        $gtw = new UserGateway();
+        $hash = $gtw->login($login) ?? null;
+
+        if ($hash != null && password_verify($password, $hash)) {
+            $user = $gtw->findUserByEmail($login);
+            $_SESSION['login'] = $login;

-        if (password_verify($cleanedPassword, $gtw->login($cleanedLogin)[0][0])) {
-            $user = $gtw->findUserByEmail($cleanedLogin);
-            $_SESSION['login'] = $cleanedLogin;
            $roles = array();
-            foreach ($roles as $role) $roles[] = $role;
+            foreach ($user->getRoles() as $role) $roles[] = $role;
            $_SESSION['roles'] = $roles;
+
            return $user;
        }
+
        return null;
    }

--- a/Project/php/templates/login.html
+++ b/Project/php/templates/login.html
@ -24,16 +24,18 @@
                                    <div class="center-wrap">
                                        <div class="section text-center">
                                            <h4 class="mb-4 pb-3">Log In</h4>
-                                            <div class="form-group">
-                                                <input type="email" name="logemail" class="form-style" placeholder="Your Email" id="logemail" autocomplete="off">
-                                                <i class="input-icon uil uil-at"></i>
-                                            </div>	
-                                            <div class="form-group mt-2">
-                                                <input type="password" name="logpass" class="form-style" placeholder="Your Password" id="logpass" autocomplete="off">
-                                                <i class="input-icon uil uil-lock-alt"></i>
-                                            </div>
-                                            <a href="confirmLogin" class="btn mt-4">submit</a>
-                                            <p class="mb-0 mt-4 text-center"><a href="#0" class="link">Forgot your password?</a></p>
+                                            <form action="confirmLogin" method="POST">
+                                                <div class="form-group">
+                                                    <input type="email" name="logemail" class="form-style" placeholder="Your Email" id="logemail" autocomplete="off">
+                                                    <i class="input-icon uil uil-at"></i>
+                                                </div>
+                                                <div class="form-group mt-2">
+                                                    <input type="password" name="logpass" class="form-style" placeholder="Your Password" id="logpass" autocomplete="off">
+                                                    <i class="input-icon uil uil-lock-alt"></i>
+                                                </div>
+                                                <input type="submit" class="btn mt-4" value="submit">
+                                                <p class="mb-0 mt-4 text-center"><a href="#0" class="link">Forgot your password?</a></p>
+                                            </form>
                                          </div>
                                      </div>
                                  </div>