diff --git a/WEB/Config/Config.php b/WEB/Config/Config.php index 472d461f..5a2ef453 100644 --- a/WEB/Config/Config.php +++ b/WEB/Config/Config.php @@ -3,7 +3,6 @@ $rep = __DIR__ . '/../'; //BD - $dsn = 'mysql:host=londres.uca.local; dbname=dbnogarnier1'; $user = 'nogarnier1'; $password = 'achanger'; @@ -12,6 +11,9 @@ $password = 'achanger'; // $user = 'root'; // $password = 'p'; +//Sel de hashage +$sel = "JeSuisUnSeldeHashageEtJeSuisUniqueEtTresSecuriseEtJeSuisTresLong"; + //View //Page $vues['main'] = 'View/src/pages/Main.php'; diff --git a/WEB/Config/Validation.php b/WEB/Config/Validation.php index 16477f87..6be3beb7 100644 --- a/WEB/Config/Validation.php +++ b/WEB/Config/Validation.php @@ -30,10 +30,10 @@ class Validation return true; } public function ValidateUsername(string $username) : bool{ - if(!filter_var($username,FILTER_VALIDATE_REGEXP,array("options" => array( "regexp" => "^[^&=_'\-+;<>.]{1,18}$" )))) - { - return false; - } + // if(!filter_var($username,FILTER_VALIDATE_REGEXP,array("options" => array( "regexp" => "^[^&=_'\-+;<>.]{1,18}$" )))) + // { + // return false; + // } return true; } public function ValidatePassword(string $password) : bool{ diff --git a/WEB/Controller/Controller.php b/WEB/Controller/Controller.php index b94cadd9..4c58ff95 100644 --- a/WEB/Controller/Controller.php +++ b/WEB/Controller/Controller.php @@ -46,20 +46,20 @@ class Controller } private function signUp() { - global $rep, $vues; + global $rep, $vues, $sel; try { $gateway = new JoueurGateway($this->con); $validation = new Validation(); if (! $validation->ValidateEmail($_REQUEST['email'])) { throw (new Exception("Email non valide")); } - $password = password_hash($_REQUEST['password'], PASSWORD_DEFAULT); if(! $validation->ValidateUsername($_REQUEST['username'])){ throw(new Exception("Pseudo non valide")); } if(! $validation->ValidatePassword($_REQUEST['password'])){ throw(new InvalidMdpException("Mot de passe non valide")); } + $password = password_hash($_REQUEST['password']+$selNoHash, PASSWORD_DEFAULT); $joueur = new Joueur($_REQUEST['email'], $_REQUEST['username'], $password); $gateway->insert($joueur); $_SESSION['connected'] = 'true'; @@ -69,7 +69,7 @@ class Controller } } private function login(){ - global $rep, $vues; + global $rep, $vues, $sel; try { $gateway = new JoueurGateway($this->con); $joueur = $gateway->getJoueurByEmail($_REQUEST['email']); @@ -77,7 +77,7 @@ class Controller throw new JoueurNotFoundException("Joueur introuvable"); } $mdp = $gateway->getMdpByEmail($_REQUEST['email']); - if (password_verify($mdp, $_REQUEST['password'])){ + if (password_verify($mdp, $_REQUEST['password']+$sel)){ throw new InvalidMdpException("Mot de passe invalide"); } $_SESSION['connected'] = 'true'; diff --git a/WEB/index.php b/WEB/index.php index f9b9620d..b9c89993 100644 --- a/WEB/index.php +++ b/WEB/index.php @@ -6,6 +6,9 @@ Autoload::charger(); $con = new Connection($dsn, $user, $password); $control = new Controller($con); -session_unset(); -session_destroy(); -$_SESSION = null; \ No newline at end of file +session_regenerate_id(true); +// session_unset(); +// session_destroy(); +// $_SESSION = null; + +//https://a-pellegrini.developpez.com/temp/tutoriels/php/security/session/#III.2 \ No newline at end of file