From 5ac8cfe0628335aafcf431bdef3f3924639dffd4 Mon Sep 17 00:00:00 2001
From: Rossetto <roxane.rossetto@etu.uca.fr>
Date: Mon, 20 Nov 2023 17:19:57 +0100
Subject: [PATCH] Validation class done, project is ready for the presentation

---
 fluxRSS/src/config/Validation.php          | 28 ++++++++++++++++++++--
 fluxRSS/src/controleur/AdminControleur.php |  6 ++++-
 fluxRSS/src/model/AdminModel.php           | 21 +++++++++-------
 3 files changed, 43 insertions(+), 12 deletions(-)

diff --git a/fluxRSS/src/config/Validation.php b/fluxRSS/src/config/Validation.php
index e01c142..e8b968b 100755
--- a/fluxRSS/src/config/Validation.php
+++ b/fluxRSS/src/config/Validation.php
@@ -1,6 +1,8 @@
 <?php
 namespace config;
 
+use http\Exception\InvalidArgumentException;
+
 class Validation
 {
     public static function val_action($action)
@@ -8,7 +10,7 @@ class Validation
         if (!isset($action)) {
             throw new \Exception('pas d\'action');
             //on pourrait aussi utiliser
-            //$action = $_GET['action'] ?? 'no';
+            $action = $_GET['action'] ?? '';
             // This is equivalent to:
             //$action =  if (isset($_GET['action'])) $action=$_GET['action']  else $action='no';
         }
@@ -31,5 +33,27 @@ class Validation
             $age         = 0;
         }
     }
-    
+    public static function validationLogin(string &$username)
+    {
+        $username = trim($username);
+        if (!isset($username) || !filter_var($username, FILTER_SANITIZE_STRING) || !filter_var($username, FILTER_FLAG_EMPTY_STRING_NULL)){
+            return false;
+        }
+        return true;
+    }
+    public static function validationMdp(string &$mdp)
+    {
+        $mdp = trim($mdp);
+        if (!isset($mdp) || !filter_var($mdp, FILTER_SANITIZE_STRING) || !filter_var($mdp, FILTER_FLAG_EMPTY_STRING_NULL)){
+            return false;
+        }
+        return true;
+    }
+    public static function ValidationFlux(string &$flux)
+    {
+        if (!isset($flux) || !filter_var($flux, FILTER_SANITIZE_URL) || !filter_var($flux, FILTER_VALIDATE_URL)){
+            return false;
+        }
+        return true;
+    }
 }
diff --git a/fluxRSS/src/controleur/AdminControleur.php b/fluxRSS/src/controleur/AdminControleur.php
index c99383c..81c13c6 100755
--- a/fluxRSS/src/controleur/AdminControleur.php
+++ b/fluxRSS/src/controleur/AdminControleur.php
@@ -2,10 +2,12 @@
 
 namespace controleur;
 
+use config\Validation;
 use DAL\ArticleGateway;
 use DAL\Connection;
 use DAL\FluxGateway;
 use http\Exception;
+use http\Url;
 use metier\Flux;
 use model\AdminModel;
 use model\ArticleModel;
@@ -143,7 +145,9 @@ class AdminControleur
     public function ajoutFlux(){
         if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['fluxAdd'])){
             $fluxModel = new FluxModel();
-            $fluxModel->addFluxBySrc($_POST['fluxAdd']);
+            if(Validation::ValidationFlux($_POST['fluxAdd'])){
+                $fluxModel->addFluxBySrc($_POST['fluxAdd']);
+            }
             $_REQUEST['action'] = 'listFlux';
             unset($_POST['fluxAdd']);
             $this->init();
diff --git a/fluxRSS/src/model/AdminModel.php b/fluxRSS/src/model/AdminModel.php
index ec74fc9..1694125 100755
--- a/fluxRSS/src/model/AdminModel.php
+++ b/fluxRSS/src/model/AdminModel.php
@@ -2,6 +2,7 @@
 
 namespace model;
 
+use config\Validation;
 use DAL\AdminGateway;
 use DAL\Connection;
 use metier\Admin;
@@ -12,17 +13,19 @@ class AdminModel
      * @throws \Exception
      */
     public function connection (string $username, string $mdp){
-        //Validation::validationLogin($username);
-        //Validation::validationMdp($mdp);
 
-        $gwArticle = new AdminGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto','rorossetto','tpphp'));
-        $lmdp = $gwArticle->login($username);
 
-        foreach ($lmdp as $motDePasse){
-            if (password_verify($mdp,$motDePasse['password']) or $mdp == $motDePasse['password']){
-                $_SESSION['role'] = 'admin';
-                $_SESSION['pseudo'] = $username;
-                return new Admin($username,$motDePasse['mail']);
+        $gwArticle = new AdminGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto','rorossetto','tpphp'));
+        if (Validation::validationLogin($username)){
+            $lmdp = $gwArticle->login($username);
+        }
+        if(Validation::validationMdp($mdp)){
+            foreach ($lmdp as $motDePasse){
+                if (password_verify($mdp,$motDePasse['password']) or $mdp == $motDePasse['password']){
+                    $_SESSION['role'] = 'admin';
+                    $_SESSION['pseudo'] = $username;
+                    return new Admin($username,$motDePasse['mail']);
+                }
             }
         }
         return null;