Merge branch 'master' of https://codefirst.iut.uca.fr/git/nathan.boileau/Scripted
continuous-integration/drone/push Build is passing Details

ServeurDeTest
Johan LACHENAL 3 years ago
commit bbabf963b9

@ -3,7 +3,6 @@
$rep = __DIR__ . '/../';
//BD
$dsn = 'mysql:host=londres.uca.local; dbname=dbnogarnier1';
$user = 'nogarnier1';
$password = 'achanger';
@ -12,6 +11,9 @@ $password = 'achanger';
// $user = 'root';
// $password = 'p';
//Sel de hashage
$sel = "JeSuisUnSeldeHashageEtJeSuisUniqueEtTresSecuriseEtJeSuisTresLong";
//View
//Page
$vues['main'] = 'View/src/pages/Main.php';

@ -30,7 +30,7 @@ class Validation
return true;
}
public function ValidateUsername(string $username) : bool{
if(!preg_match("/^[^&='\-\+;\.<>]{1,18}$/",$username))
if(!filter_var($username,FILTER_VALIDATE_REGEXP,array("options" => array( "regexp" => "^[^&=_'\-+;<>.]{1,18}$" ))))
{
return false;
}

@ -46,20 +46,20 @@ class Controller
}
private function signUp() {
global $rep, $vues;
global $rep, $vues, $sel;
try {
$gateway = new JoueurGateway($this->con);
$validation = new Validation();
if (! $validation->ValidateEmail($_REQUEST['email'])) {
throw (new Exception("Email non valide"));
}
$password = password_hash($_REQUEST['password'], PASSWORD_DEFAULT);
if(! $validation->ValidateUsername($_REQUEST['username'])){
throw(new Exception("Pseudo non valide"));
}
if(! $validation->ValidatePassword($_REQUEST['password'])){
throw(new InvalidMdpException("Mot de passe non valide"));
}
$password = password_hash($_REQUEST['password']+$selNoHash, PASSWORD_DEFAULT);
$joueur = new Joueur($_REQUEST['email'], $_REQUEST['username'], $password);
$gateway->insert($joueur);
$_SESSION['connected'] = 'true';
@ -69,7 +69,7 @@ class Controller
}
}
private function login(){
global $rep, $vues;
global $rep, $vues, $sel;
try {
$gateway = new JoueurGateway($this->con);
$joueur = $gateway->getJoueurByEmail($_REQUEST['email']);
@ -77,7 +77,7 @@ class Controller
throw new JoueurNotFoundException("Joueur introuvable");
}
$mdp = $gateway->getMdpByEmail($_REQUEST['email']);
if (password_verify($mdp, $_REQUEST['password'])){
if (password_verify($mdp, $_REQUEST['password']+$sel)){
throw new InvalidMdpException("Mot de passe invalide");
}
$_SESSION['connected'] = 'true';

@ -6,6 +6,9 @@ Autoload::charger();
$con = new Connection($dsn, $user, $password);
$control = new Controller($con);
session_unset();
session_destroy();
$_SESSION = null;
session_regenerate_id(true);
// session_unset();
// session_destroy();
// $_SESSION = null;
//https://a-pellegrini.developpez.com/temp/tutoriels/php/security/session/#III.2
Loading…
Cancel
Save