From 44a829eac212b9b2557835f46646c1985f8af920 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?No=C3=A9=20Garnier?= <Noe.GARNIER@etu.uca.fr>
Date: Mon, 5 Dec 2022 14:31:40 +0100
Subject: [PATCH] ajout d'un sel de hashage

---
 WEB/Model/Model.php   |  99 ++++++++++++++++++++++--------------------
 WEB/Model/scripted.db | Bin 53248 -> 53248 bytes
 WEB/index.php         |  14 ------
 3 files changed, 52 insertions(+), 61 deletions(-)

diff --git a/WEB/Model/Model.php b/WEB/Model/Model.php
index 8dadab10..a58a4cc4 100644
--- a/WEB/Model/Model.php
+++ b/WEB/Model/Model.php
@@ -19,44 +19,44 @@ class Model
         }
     }
 
-    public function signUp() {
+    public function signUp()
+    {
         global $rep, $vues, $sel, $error;
         try {
             $validation = new Validation();
-            if (! $validation->ValidateEmail($_REQUEST['email'])) {
+            if (!$validation->ValidateEmail($_REQUEST['email'])) {
                 $error = "Email invalides.";
                 throw (new Exception("Email non valide"));
             }
-            if(! $validation->ValidateUsername($_REQUEST['username'])){
+            if (!$validation->ValidateUsername($_REQUEST['username'])) {
                 $error = "Nom d'utilisateur invalides. Il ne doit pas contenir de caractère spéciaux.";
-                throw(new Exception("Pseudo non valide"));
+                throw (new Exception("Pseudo non valide"));
             }
-            if(! $validation->ValidatePassword($_REQUEST['password'])){
+            if (!$validation->ValidatePassword($_REQUEST['password'])) {
                 $error = "Mots de passe invalides. Il ne doit pas dépasser 100 caractères.";
-                throw(new Exception("Mot de passe non valide"));
+                throw (new Exception("Mot de passe non valide"));
             }
             $j = $this->utilisateur_gateway->getUtilisateurByEmail($_REQUEST['email']);
             if ($j->getEmail() != "null") {
                 $error = "Email déjà utilisé.";
                 throw (new Exception("Email déjà utilisé"));
             }
-            $password = password_hash($_REQUEST['password'], PASSWORD_DEFAULT);
+            $password = password_hash($_REQUEST['password'] . $sel, PASSWORD_DEFAULT);
             $Utilisateur = new Utilisateur($_REQUEST['email'], $_REQUEST['username'], $password, false);
             $this->utilisateur_gateway->insert($Utilisateur);
             $_SESSION['connected'] = 'true';
             $_SESSION['role'] = 'utilisateur';
-            require ($rep.$vues['main']);
-        }catch (PDOException $e)
-        {
+            require($rep . $vues['main']);
+        } catch (PDOException $e) {
             $error = "Erreur de connexion à la base de données.";
-            require ($rep.$vues['erreur']);
-        }
-        catch (Exception $e){
-            $error = $e->getMessage(); 
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
+        } catch (Exception $e) {
+            $error = $e->getMessage();
+            require($rep . $vues['erreur']);
         }
     }
-    public function login(){
+    public function login()
+    {
         global $rep, $vues, $sel, $error;
         try {
             $Utilisateur = $this->utilisateur_gateway->getUtilisateurByEmail($_REQUEST['email']);
@@ -65,82 +65,87 @@ class Model
                 throw new Exception("Utilisateur introuvable");
             }
             $mdp = $this->utilisateur_gateway->getMdpByEmail($_REQUEST['email']);
-            if (password_verify($mdp, $_REQUEST['password'])){
+            if (password_verify($mdp, $_REQUEST['password'] . $sel)) {
                 $error = "Mot de passe incorrect.";
                 throw new Exception("Mot de passe invalide");
             }
             $estAdmin = $this->utilisateur_gateway->getEstAdminByEmail($_REQUEST['email']);
             if ($estAdmin == true) {
                 $_SESSION['role'] = "admin";
-            }
-            else{
+            } else {
                 $_SESSION['role'] = "utilisateur";
             }
 
-            $_SESSION['connected'] = 'true';    
-            require ($rep.$vues['main']);
-        }catch (Exception $e){
-            require($rep.$vues['erreur']);
+            $_SESSION['connected'] = 'true';
+            require($rep . $vues['main']);
+        } catch (Exception $e) {
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToPresentation() {
+    public function goToPresentation()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['presentation']);
-        }catch (Exception $e){
+            require($rep . $vues['presentation']);
+        } catch (Exception $e) {
             $error = "Erreur Inconnue";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToHome() {
+    public function goToHome()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['main']);
-        }catch (Exception $e){
+            require($rep . $vues['main']);
+        } catch (Exception $e) {
             $error = "404";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToLogin() {
+    public function goToLogin()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['login']);
-        }catch (Exception $e){
+            require($rep . $vues['login']);
+        } catch (Exception $e) {
             $error = "404";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToSignUp() {
+    public function goToSignUp()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['signUp']);
-        }catch (Exception $e){
+            require($rep . $vues['signUp']);
+        } catch (Exception $e) {
             $error = "404";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToEnigme() {
+    public function goToEnigme()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['enigme']);
-        }catch (Exception $e){
+            require($rep . $vues['enigme']);
+        } catch (Exception $e) {
             $error = "404";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 
-    public function goToQueue() {
+    public function goToQueue()
+    {
         global $rep, $vues, $error;
         try {
-            require ($rep.$vues['Queue']);
-        }catch (Exception $e){
+            require($rep . $vues['Queue']);
+        } catch (Exception $e) {
             $error = "404";
-            require($rep.$vues['erreur']);
+            require($rep . $vues['erreur']);
         }
     }
 }
\ No newline at end of file
diff --git a/WEB/Model/scripted.db b/WEB/Model/scripted.db
index 34dc7d52b9de0eeb6e2d70f0d1e12798676dd22f..3ab47f7796e837594fd90fa0cfdd45b2e814a8f4 100644
GIT binary patch
delta 256
zcmZozz}&Ead4e>f&_o$$Mxl)f3;B5&7#JA&moe}!<E!GU+AOG$!^grukKxqhI=KW8
zBW>~{xg-{#qCJy6<l{0T7}<0s8(BG0N(=JyN*vO26Ek!4lJj$2z<d>>N)<x`mCS%B
z=i=ljx6Htl{3r{9LL=vF{p?axqZ|`|&!U{D&@{i|9N&W6<UsQ%ucRy!%ZkLZ0B0_+
zL*6j(zu`Z}|9G>Y!BT!-{>Kc`e)*|-?v6ozo~}U-sU@X)rOAnUX+<Cx8KFCZ2`DI=
R2UMRf%&g0aF1yHJ0RTw>PI>?U

delta 256
zcmZozz}&Ead4e<}|3n#QM*fWn3;B8Z=P@wzRWb0p@ZIC9+AOG$!^e`u!e%+SPA-8Z
zg_+HE@*}w<mIx*`-N_#EaT!_p8Hss0iOCtoscGq{>1hr{sTn1edTB*j`BkZDDn^wm
zh6XCWiRpTImU(5R*-`pAx&CfGB__^+dg&ELNgn<oWxgSym6auBK~83+K2G{Mh9yO&
zX?i98Tnr2h%>0`f_&4*P<A1za&|oRQuN1Q-qhEfip1Wg^pQme(LuyH>UTJb7&^i_o
vW?jaV(t`ZF5{LBM#LOJM<osMF8D?9?JfQmY#G<^+)FQpSbc7`HB7+40+&fQe

diff --git a/WEB/index.php b/WEB/index.php
index 54c2996e..1b8647e6 100644
--- a/WEB/index.php
+++ b/WEB/index.php
@@ -3,20 +3,6 @@ require_once('./Config/Config.php');
 require_once('./Config/Autoload.php');
 Autoload::charger();
 
-// $db = new Connection();
-// $stm=$db->prepare("INSERT INTO Utilisateur VALUES (:email, :password, :pseudo, :admin)");
-// $stm->bindValue(':email', "e",SQLITE3_TEXT);
-// $stm->bindValue(':password', "e" ,SQLITE3_TEXT);
-// $stm->bindValue(':pseudo', "e", SQLITE3_TEXT);
-// $stm->bindValue(':admin', 0, SQLITE3_INTEGER);
-// $stm->execute();
-
-// $res = $db->query('SELECT * FROM Utilisateur');
-// Select all the users in the database
-// while ($row = $res->fetchArray()) {
-//     echo $row['email'] . " " . $row['password'] . " " . $row['pseudo'] . " " . $row['admin'] . " ";
-// }
-
 $control = new FrontController();
 
 //session_regenerate_id(true);