Roxane
2 years ago
parent
3bf35f1ee3
commit
085c121573
@ -1,14 +1,34 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<project version="4">
|
||||
<component name="MessDetectorOptionsConfiguration">
|
||||
<option name="transferred" value="true" />
|
||||
</component>
|
||||
<component name="PHPCSFixerOptionsConfiguration">
|
||||
<option name="transferred" value="true" />
|
||||
</component>
|
||||
<component name="PHPCodeSnifferOptionsConfiguration">
|
||||
<option name="highlightLevel" value="WARNING" />
|
||||
<option name="transferred" value="true" />
|
||||
</component>
|
||||
<component name="PhpIncludePathManager">
|
||||
<include_path>
|
||||
<path value="$PROJECT_DIR$/vendor/composer" />
|
||||
<path value="$PROJECT_DIR$/vendor/twig/twig" />
|
||||
<path value="$PROJECT_DIR$/vendor/symfony/polyfill-mbstring" />
|
||||
<path value="$PROJECT_DIR$/vendor/symfony/polyfill-ctype" />
|
||||
<path value="$PROJECT_DIR$/mvc_PSR4_twig/vendor/symfony/polyfill-mbstring" />
|
||||
<path value="$PROJECT_DIR$/mvc_PSR4_twig/vendor/symfony/polyfill-ctype" />
|
||||
<path value="$PROJECT_DIR$/mvc_PSR4_twig/vendor/composer" />
|
||||
<path value="$PROJECT_DIR$/mvc_PSR4_twig/vendor/twig/twig" />
|
||||
</include_path>
|
||||
</component>
|
||||
<component name="PhpProjectSharedConfiguration" php_language_level="8.0">
|
||||
<option name="suggestChangeDefaultLanguageLevel" value="false" />
|
||||
</component>
|
||||
<component name="PhpStanOptionsConfiguration">
|
||||
<option name="transferred" value="true" />
|
||||
</component>
|
||||
<component name="PsalmOptionsConfiguration">
|
||||
<option name="transferred" value="true" />
|
||||
</component>
|
||||
</project>
|
||||
@ -1,34 +1,34 @@
|
||||
<?php
|
||||
namespace config;
|
||||
|
||||
class Validation
|
||||
{
|
||||
public static function val_action($action)
|
||||
{
|
||||
if (!isset($action)) {
|
||||
throw new \Exception('pas d\'action');
|
||||
//on pourrait aussi utiliser
|
||||
//$action = $_GET['action'] ?? 'no';
|
||||
// This is equivalent to:
|
||||
//$action = if (isset($_GET['action'])) $action=$_GET['action'] else $action='no';
|
||||
}
|
||||
}
|
||||
|
||||
public static function val_form(string &$nom, string &$age, &$dVueEreur)
|
||||
{
|
||||
if (!isset($nom) || $nom == '') {
|
||||
$dVueEreur[] = 'pas de nom';
|
||||
$nom = '';
|
||||
}
|
||||
|
||||
if ( strlen(htmlspecialchars($nom, ENT_QUOTES)) != strlen($nom) ) {
|
||||
$dVueEreur[] = "testative d'injection de code (attaque sécurité)";
|
||||
$nom = '';
|
||||
}
|
||||
|
||||
if (!isset($age) || $age == '' || !filter_var($age, FILTER_VALIDATE_INT)) {
|
||||
$dVueEreur[] = "pas d'age ";
|
||||
$age = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
<?php
|
||||
namespace config;
|
||||
|
||||
class Validation
|
||||
{
|
||||
public static function val_action($action)
|
||||
{
|
||||
if (!isset($action)) {
|
||||
throw new \Exception('pas d\'action');
|
||||
//on pourrait aussi utiliser
|
||||
//$action = $_GET['action'] ?? 'no';
|
||||
// This is equivalent to:
|
||||
//$action = if (isset($_GET['action'])) $action=$_GET['action'] else $action='no';
|
||||
}
|
||||
}
|
||||
|
||||
public static function val_form(string &$nom, string &$age, &$dVueEreur)
|
||||
{
|
||||
if (!isset($nom) || $nom == '') {
|
||||
$dVueEreur[] = 'pas de nom';
|
||||
$nom = '';
|
||||
}
|
||||
|
||||
if ( strlen(htmlspecialchars($nom, ENT_QUOTES)) != strlen($nom) ) {
|
||||
$dVueEreur[] = "testative d'injection de code (attaque sécurité)";
|
||||
$nom = '';
|
||||
}
|
||||
|
||||
if (!isset($age) || $age == '' || !filter_var($age, FILTER_VALIDATE_INT)) {
|
||||
$dVueEreur[] = "pas d'age ";
|
||||
$age = 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,14 +1,14 @@
|
||||
<?php
|
||||
|
||||
//gen
|
||||
$rep = __DIR__ . '/../';
|
||||
|
||||
// liste des modules à inclure
|
||||
|
||||
//$dConfig['includes']= array('controleur/Validation.php');
|
||||
|
||||
//BD
|
||||
|
||||
$base = 'sasa';
|
||||
$login = '';
|
||||
$mdp = '';
|
||||
<?php
|
||||
|
||||
//gen
|
||||
$rep = __DIR__ . '/../';
|
||||
|
||||
// liste des modules à inclure
|
||||
|
||||
//$dConfig['includes']= array('controleur/Validation.php');
|
||||
|
||||
//BD
|
||||
|
||||
$base = 'sasa';
|
||||
$login = '';
|
||||
$mdp = '';
|
||||
@ -1,83 +1,83 @@
|
||||
<?php
|
||||
namespace controleur;
|
||||
|
||||
use model\ArticleModel;
|
||||
|
||||
class Controleur
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
session_start();
|
||||
$tabArticle[] = ArticleModel::getArticles();
|
||||
//debut
|
||||
|
||||
//on initialise un tableau d'erreur
|
||||
$dVueEreur = [];
|
||||
|
||||
try {
|
||||
$action = $_REQUEST['action'] ?? null;
|
||||
|
||||
switch($action) {
|
||||
//pas d'action, on réinitialise 1er appel
|
||||
case null:
|
||||
$this->Reinit();
|
||||
break;
|
||||
|
||||
case 'validationFormulaire':
|
||||
$this->ValidationFormulaire($dVueEreur);
|
||||
break;
|
||||
|
||||
//mauvaise action
|
||||
default:
|
||||
$dVueEreur[] = "Erreur d'appel php";
|
||||
$dataview = ['Article'=> $tabArticle];
|
||||
echo $twig->render('listArticle.html', ['tabArticle' => $dataview, 'dVueErreur'=>$dVueEreur]);
|
||||
break;
|
||||
}
|
||||
} catch (\PDOException $e) {
|
||||
//si erreur BD, pas le cas ici
|
||||
$dVueEreur[] = 'Erreur inattendue!!! ';
|
||||
} catch (\Exception $e2) {
|
||||
$dVueEreur[] = 'Erreur inattendue!!! ';
|
||||
echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
|
||||
}
|
||||
|
||||
//fin
|
||||
exit(0);
|
||||
}//fin constructeur
|
||||
|
||||
public function Reinit()
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
|
||||
$dVue = [
|
||||
'nom' => '',
|
||||
'age' => 0,
|
||||
];
|
||||
echo $twig->render('vuephp1.html', [
|
||||
'dVue' => $dVue
|
||||
]);
|
||||
}
|
||||
|
||||
public function ValidationFormulaire(array $dVueEreur)
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
|
||||
//si exception, ca remonte !!!
|
||||
$nom = $_POST['txtNom']; // txtNom = nom du champ texte dans le formulaire
|
||||
$age = $_POST['txtAge'];
|
||||
\config\Validation::val_form($nom, $age, $dVueEreur);
|
||||
|
||||
$model = new \metier\Simplemodel();
|
||||
$data = $model->get_data();
|
||||
|
||||
$dVue = [
|
||||
'nom' => $nom,
|
||||
'age' => $age,
|
||||
'data' => $data,
|
||||
];
|
||||
|
||||
echo $twig->render('vuephp1.html', ['dVue' => $dVue, 'dVueEreur' => $dVueEreur]);
|
||||
}
|
||||
}//fin class
|
||||
<?php
|
||||
namespace controleur;
|
||||
|
||||
use model\ArticleModel;
|
||||
|
||||
class Controleur
|
||||
{
|
||||
public function __construct()
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
session_start();
|
||||
$tabArticle[] = ArticleModel::getArticles();
|
||||
//debut
|
||||
|
||||
//on initialise un tableau d'erreur
|
||||
$dVueEreur = [];
|
||||
|
||||
try {
|
||||
$action = $_REQUEST['action'] ?? null;
|
||||
|
||||
switch($action) {
|
||||
//pas d'action, on réinitialise 1er appel
|
||||
case null:
|
||||
$this->Reinit();
|
||||
break;
|
||||
|
||||
case 'validationFormulaire':
|
||||
$this->ValidationFormulaire($dVueEreur);
|
||||
break;
|
||||
|
||||
//mauvaise action
|
||||
default:
|
||||
$dVueEreur[] = "Erreur d'appel php";
|
||||
$dataview = ['Article'=> $tabArticle];
|
||||
echo $twig->render('listArticle.html', ['tabArticle' => $dataview, 'dVueErreur'=>$dVueEreur]);
|
||||
break;
|
||||
}
|
||||
} catch (\PDOException $e) {
|
||||
//si erreur BD, pas le cas ici
|
||||
$dVueEreur[] = 'Erreur inattendue!!! ';
|
||||
} catch (\Exception $e2) {
|
||||
$dVueEreur[] = 'Erreur inattendue!!! ';
|
||||
echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
|
||||
}
|
||||
|
||||
//fin
|
||||
exit(0);
|
||||
}//fin constructeur
|
||||
|
||||
public function Reinit()
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
|
||||
$dVue = [
|
||||
'nom' => '',
|
||||
'age' => 0,
|
||||
];
|
||||
echo $twig->render('vuephp1.html', [
|
||||
'dVue' => $dVue
|
||||
]);
|
||||
}
|
||||
|
||||
public function ValidationFormulaire(array $dVueEreur)
|
||||
{
|
||||
global $twig; // nécessaire pour utiliser variables globales
|
||||
|
||||
//si exception, ca remonte !!!
|
||||
$nom = $_POST['txtNom']; // txtNom = nom du champ texte dans le formulaire
|
||||
$age = $_POST['txtAge'];
|
||||
\config\Validation::val_form($nom, $age, $dVueEreur);
|
||||
|
||||
$model = new \metier\Simplemodel();
|
||||
$data = $model->get_data();
|
||||
|
||||
$dVue = [
|
||||
'nom' => $nom,
|
||||
'age' => $age,
|
||||
'data' => $data,
|
||||
];
|
||||
|
||||
echo $twig->render('vuephp1.html', ['dVue' => $dVue, 'dVueEreur' => $dVueEreur]);
|
||||
}
|
||||
}//fin class
|
||||
@ -1,16 +1,16 @@
|
||||
<?php
|
||||
|
||||
//chargement config
|
||||
require_once __DIR__ . '/config/config.php';
|
||||
|
||||
require __DIR__ . '/vendor/autoload.php';
|
||||
|
||||
use controleur\Controleur;
|
||||
|
||||
//twig
|
||||
$loader = new \Twig\Loader\FilesystemLoader('templates');
|
||||
$twig = new \Twig\Environment($loader, [
|
||||
'cache' => false,
|
||||
]);
|
||||
|
||||
$cont = new Controleur();
|
||||
<?php
|
||||
|
||||
//chargement config
|
||||
require_once __DIR__ . '/config/config.php';
|
||||
|
||||
require __DIR__ . '/vendor/autoload.php';
|
||||
|
||||
use controleur\Controleur;
|
||||
|
||||
//twig
|
||||
$loader = new \Twig\Loader\FilesystemLoader('templates');
|
||||
$twig = new \Twig\Environment($loader, [
|
||||
'cache' => false,
|
||||
]);
|
||||
|
||||
$cont = new Controleur();
|
||||
@ -1,17 +1,17 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Erreur</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>ERREUR page !!!!!</h1>
|
||||
{% if dVueEreur is defined %}
|
||||
{% for value in dVueEreur %}
|
||||
<p>{{value}}</p>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
</body>
|
||||
</html>
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Erreur</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>ERREUR page !!!!!</h1>
|
||||
{% if dVueEreur is defined %}
|
||||
{% for value in dVueEreur %}
|
||||
<p>{{value}}</p>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
</body>
|
||||
</html>
|
||||
@ -1,105 +1,105 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Personne - formulaire</title>
|
||||
<script type="text/javascript">
|
||||
function clearForm(oForm) {
|
||||
const elements = oForm.elements;
|
||||
oForm.reset();
|
||||
|
||||
for (i = 0; i < elements.length; i++) {
|
||||
field_type = elements[i].type.toLowerCase();
|
||||
|
||||
switch (field_type) {
|
||||
case "text":
|
||||
case "password":
|
||||
case "textarea":
|
||||
case "hidden":
|
||||
elements[i].value = "";
|
||||
break;
|
||||
|
||||
case "radio":
|
||||
case "checkbox":
|
||||
if (elements[i].checked) {
|
||||
elements[i].checked = false;
|
||||
}
|
||||
break;
|
||||
|
||||
case "select-one":
|
||||
case "select-multi":
|
||||
elements[i].selectedIndex = -1;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<!-- on vérifie les données provenant du modèle -->
|
||||
{% if dVue is defined %}
|
||||
<div align="center">
|
||||
{% if dVueEreur is defined and dVueEreur|length >0 %}
|
||||
<h2>ERREUR !!!!!</h2>
|
||||
{% for value in dVueEreur %}
|
||||
<p>{{value}}</p>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
<h2>Personne - formulaire</h2>
|
||||
<hr />
|
||||
<!-- affichage de données provenant du modèle -->
|
||||
{{dVue.data}}
|
||||
|
||||
<form method="post" name="myform" id="myform">
|
||||
<table>
|
||||
<tr>
|
||||
<td>Nom</td>
|
||||
<td>
|
||||
<input name="txtNom" value="{{dVue.nom}}" type="text" size="20" />
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Age</td>
|
||||
<td>
|
||||
<input
|
||||
name="txtAge"
|
||||
value="{{dVue.age}}"
|
||||
type="text"
|
||||
size="3"
|
||||
required
|
||||
/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr></tr>
|
||||
</table>
|
||||
<table>
|
||||
<tr>
|
||||
<td><input type="submit" value="Envoyer" /></td>
|
||||
<td><input type="reset" value="Rétablir" /></td>
|
||||
<td>
|
||||
<input
|
||||
type="button"
|
||||
value="Effacer"
|
||||
onclick="clearForm(this.form);"
|
||||
/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<!-- action !!!!!!!!!! -->
|
||||
<input type="hidden" name="action" value="validationFormulaire" />
|
||||
</form>
|
||||
</div>
|
||||
{% else %}
|
||||
<p>Erreur !!<br />utilisation anormale de la vuephp</p>
|
||||
{% endif %}
|
||||
<p>
|
||||
Essayez de mettre du code html dans nom -> Correspond à une attaque de type injection
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
|
||||
<title>Personne - formulaire</title>
|
||||
<script type="text/javascript">
|
||||
function clearForm(oForm) {
|
||||
const elements = oForm.elements;
|
||||
oForm.reset();
|
||||
|
||||
for (i = 0; i < elements.length; i++) {
|
||||
field_type = elements[i].type.toLowerCase();
|
||||
|
||||
switch (field_type) {
|
||||
case "text":
|
||||
case "password":
|
||||
case "textarea":
|
||||
case "hidden":
|
||||
elements[i].value = "";
|
||||
break;
|
||||
|
||||
case "radio":
|
||||
case "checkbox":
|
||||
if (elements[i].checked) {
|
||||
elements[i].checked = false;
|
||||
}
|
||||
break;
|
||||
|
||||
case "select-one":
|
||||
case "select-multi":
|
||||
elements[i].selectedIndex = -1;
|
||||
break;
|
||||
|
||||
default:
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
</script>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<!-- on vérifie les données provenant du modèle -->
|
||||
{% if dVue is defined %}
|
||||
<div align="center">
|
||||
{% if dVueEreur is defined and dVueEreur|length >0 %}
|
||||
<h2>ERREUR !!!!!</h2>
|
||||
{% for value in dVueEreur %}
|
||||
<p>{{value}}</p>
|
||||
{% endfor %}
|
||||
{% endif %}
|
||||
|
||||
<h2>Personne - formulaire</h2>
|
||||
<hr />
|
||||
<!-- affichage de données provenant du modèle -->
|
||||
{{dVue.data}}
|
||||
|
||||
<form method="post" name="myform" id="myform">
|
||||
<table>
|
||||
<tr>
|
||||
<td>Nom</td>
|
||||
<td>
|
||||
<input name="txtNom" value="{{dVue.nom}}" type="text" size="20" />
|
||||
</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td>Age</td>
|
||||
<td>
|
||||
<input
|
||||
name="txtAge"
|
||||
value="{{dVue.age}}"
|
||||
type="text"
|
||||
size="3"
|
||||
required
|
||||
/>
|
||||
</td>
|
||||
</tr>
|
||||
<tr></tr>
|
||||
</table>
|
||||
<table>
|
||||
<tr>
|
||||
<td><input type="submit" value="Envoyer" /></td>
|
||||
<td><input type="reset" value="Rétablir" /></td>
|
||||
<td>
|
||||
<input
|
||||
type="button"
|
||||
value="Effacer"
|
||||
onclick="clearForm(this.form);"
|
||||
/>
|
||||
</td>
|
||||
</tr>
|
||||
</table>
|
||||
<!-- action !!!!!!!!!! -->
|
||||
<input type="hidden" name="action" value="validationFormulaire" />
|
||||
</form>
|
||||
</div>
|
||||
{% else %}
|
||||
<p>Erreur !!<br />utilisation anormale de la vuephp</p>
|
||||
{% endif %}
|
||||
<p>
|
||||
Essayez de mettre du code html dans nom -> Correspond à une attaque de type injection
|
||||
</p>
|
||||
</body>
|
||||
</html>
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in new issue