Merge branch 'master' of https://codefirst.iut.uca.fr/git/nathan.boileau/Scripted

3 years ago · bbabf963b9
parent c06c60efa7 7c588bb476
commit bbabf963b9
4 changed files with 14 additions and 9 deletions
--- a/WEB/Config/Config.php
+++ b/WEB/Config/Config.php
@ -3,7 +3,6 @@
 $rep = __DIR__ . '/../';

 //BD
-
 $dsn = 'mysql:host=londres.uca.local; dbname=dbnogarnier1';
 $user = 'nogarnier1';
 $password = 'achanger';
@ -12,6 +11,9 @@ $password = 'achanger';
 // $user = 'root';
 // $password = 'p';

+//Sel de hashage
+$sel = "JeSuisUnSeldeHashageEtJeSuisUniqueEtTresSecuriseEtJeSuisTresLong";
+
 //View
 //Page
 $vues['main'] = 'View/src/pages/Main.php';
--- a/WEB/Config/Validation.php
+++ b/WEB/Config/Validation.php
@ -30,7 +30,7 @@ class Validation
        return true;
    }
    public function ValidateUsername(string $username) : bool{
-        if(!preg_match("/^[^&='\-\+;\.<>]{1,18}$/",$username))
+        if(!filter_var($username,FILTER_VALIDATE_REGEXP,array("options" => array( "regexp" => "^[^&=_'\-+;<>.]{1,18}$" ))))
        {
            return false;
        }
--- a/WEB/Controller/Controller.php
+++ b/WEB/Controller/Controller.php
@ -46,20 +46,20 @@ class Controller
    }

    private function signUp() {
-        global $rep, $vues;
+        global $rep, $vues, $sel;
        try {
            $gateway = new JoueurGateway($this->con);
            $validation = new Validation();
            if (! $validation->ValidateEmail($_REQUEST['email'])) {
                throw (new Exception("Email non valide"));
            }
-            $password = password_hash($_REQUEST['password'], PASSWORD_DEFAULT);
            if(! $validation->ValidateUsername($_REQUEST['username'])){
                throw(new Exception("Pseudo non valide"));
            }
            if(! $validation->ValidatePassword($_REQUEST['password'])){
                throw(new InvalidMdpException("Mot de passe non valide"));
            }
+            $password = password_hash($_REQUEST['password']+$selNoHash, PASSWORD_DEFAULT);
            $joueur = new Joueur($_REQUEST['email'], $_REQUEST['username'], $password);
            $gateway->insert($joueur);
            $_SESSION['connected'] = 'true';
@ -69,7 +69,7 @@ class Controller
        }
    }
    private function login(){
-        global $rep, $vues;
+        global $rep, $vues, $sel;
        try {
            $gateway = new JoueurGateway($this->con);
            $joueur = $gateway->getJoueurByEmail($_REQUEST['email']);
@ -77,7 +77,7 @@ class Controller
                throw new JoueurNotFoundException("Joueur introuvable");
            }
            $mdp = $gateway->getMdpByEmail($_REQUEST['email']);
-            if (password_verify($mdp, $_REQUEST['password'])){
+            if (password_verify($mdp, $_REQUEST['password']+$sel)){
                throw new InvalidMdpException("Mot de passe invalide");
            }
            $_SESSION['connected'] = 'true';
--- a/WEB/index.php
+++ b/WEB/index.php
@ -6,6 +6,9 @@ Autoload::charger();
 $con = new Connection($dsn, $user, $password);
 $control = new Controller($con);

-session_unset();
-session_destroy();
-$_SESSION = null;
+session_regenerate_id(true);
+// session_unset();
+// session_destroy();
+// $_SESSION = null;
+
+//https://a-pellegrini.developpez.com/temp/tutoriels/php/security/session/#III.2