diff --git a/fluxRSS/DAL/AdminGateway.php b/fluxRSS/DAL/AdminGateway.php index f2b06c0..16e6ab3 100755 --- a/fluxRSS/DAL/AdminGateway.php +++ b/fluxRSS/DAL/AdminGateway.php @@ -2,6 +2,8 @@ namespace DAL; +use PDO; + class AdminGateway { private $con; @@ -17,8 +19,8 @@ class AdminGateway public function login(string $login):array { try{ - $query = 'SELECT mdp,mail FROM Admin WHERE login = :login;'; - $this->con->executeQuery($query, array(':flux' => array($login, PDO::PARAM_STR))); + $query = 'SELECT password,mail FROM Admin WHERE name = :login;'; + $this->con->executeQuery($query, array(':login' => array($login, PDO::PARAM_STR))); return $this->con->getResults(); }catch (\PDOException $e){ throw new \Exception("PDO error"); diff --git a/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php b/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php index aa56ec3..343538b 100755 --- a/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php +++ b/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php @@ -12,7 +12,11 @@ use Twig\Sandbox\SecurityNotAllowedFunctionError; use Twig\Source; use Twig\Template; +<<<<<<< HEAD +/* connexion.html */ +======= /* Connection.html */ +>>>>>>> pre-master class __TwigTemplate_2ce784f5b9085065b66af58be97997ff169e0f0d71d95a1d280acea4a24fd4e6 extends Template { private $source; @@ -165,7 +169,11 @@ utilisation anormale de la vuephp public function getTemplateName() { +<<<<<<< HEAD + return "connexion.html"; +======= return "Connection.html"; +>>>>>>> pre-master } public function isTraitable() @@ -180,6 +188,10 @@ utilisation anormale de la vuephp public function getSourceContext() { +<<<<<<< HEAD + return new Source("", "connexion.html", "/Applications/MAMP/htdocs/phptwig/templates/connexion.html"); +======= return new Source("", "Connection.html", "/Applications/MAMP/htdocs/phptwig/templates/Connection.html"); +>>>>>>> pre-master } } diff --git a/fluxRSS/config/config.php b/fluxRSS/config/config.php index be4f14e..50be0df 100755 --- a/fluxRSS/config/config.php +++ b/fluxRSS/config/config.php @@ -12,4 +12,4 @@ $rep = __DIR__ . '/../'; $base = 'dbrorossetto'; $login = 'rorossetto'; $mdp = 'tpphp'; -$path = '~mapoint2/Tp/routeur/Srouteur'; +$path = '~mapoint2/public_html/SAE/Php_RSS'; diff --git a/fluxRSS/controleur/AdminControleur.php b/fluxRSS/controleur/AdminControleur.php index 6d97769..975ab57 100755 --- a/fluxRSS/controleur/AdminControleur.php +++ b/fluxRSS/controleur/AdminControleur.php @@ -2,7 +2,98 @@ namespace controleur; +use model\AdminModel; +use model\ArticleModel; + class AdminControleur { + public function __construct(){ + global $twig; // nécessaire pour utiliser variables globales + //debut + + //on initialise un tableau d'erreur + $dVueEreur = []; + + try { + $action = $_REQUEST['action'] ?? null; + + switch($action) { + //pas d'action, on réinitialise 1er appel + case 'listArticle': + case null: + $this->listArticle(); + break; + + case 'connection': + $this->connection();; + break; + case 'validationFormulaire': + $this->ValidationFormulaire($dVueEreur); + break; + + //mauvaise action + default: + $dVueEreur[] = "Erreur d'appel php"; + echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur,'isAdmin' => (AdminModel::isAdmin())]); + break; + } + } catch (\PDOException $e) { + //si erreur BD, pas le cas ici + $dVueEreur[] = 'Erreur PDO : ' . $e->getMessage(); + echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]); + } catch (\Exception $e2) { + $dVueEreur[] = 'Erreur : ' . $e2->getMessage(); + echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]); + } + + //fin + exit(0); + } + + public function listArticle() + { + global $twig; + $articleModel = new ArticleModel(); + if (AdminModel::isAdmin()) { + $dVue = [ + 'data' => $articleModel->getArticles() + ]; + echo $twig->render('listArticleAdmin.html', [ + 'dVue' => $dVue, + 'isAdmin' => AdminModel::isAdmin() + ]); + } + else { + $this->connection(); + } + } + + public function connection(){ + global $twig; // nécessaire pour utiliser variables globales + + $renderTemplate = true; + if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'])){ + $this->login(); + $renderTemplate = false; + } + if($renderTemplate) { + echo $twig->render('Connection.html'); + } + } + + public function login(){ + $username = $_POST['username']; + $password = $_POST['password']; + $adminModel = new AdminModel(); + $admin = $adminModel->connection($username, $password); + if($admin != null) { + $this->listArticle(); + } + else{ + unset($_POST['username']); + unset($_POST['password']); + $this->connection(); + } + } } \ No newline at end of file diff --git a/fluxRSS/controleur/FrontControleur.php b/fluxRSS/controleur/FrontControleur.php index f964b71..820cb13 100755 --- a/fluxRSS/controleur/FrontControleur.php +++ b/fluxRSS/controleur/FrontControleur.php @@ -13,30 +13,32 @@ class FrontControleur public function __construct(){ global $twig; - $router = new AltoRouter(); - $router->setBasePath('~/mapoint2/Tp/routeur/Srouteur'); - $router->map('GET', '/', 'UserControleur.php'); - $router->map('GET|POST','/user/[a:action]?','UserControleur.php'); - $router->map('GET|POST','/admin/[a:action]?','AdminControleur.php'); + $router->setBasePath('~mapoint2/SAE/Php_RSS/fluxRSS/'); + $router->map('GET', '/', 'UserControleur'); + $router->map('GET|POST','/user/[a:action]?','UserControleur'); + $router->map('GET|POST','/admin/[a:action]?','AdminControleur'); $match = $router->match(); - if (!$match) { $dVueEreur[] = "Page doesn't exist"; echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]); } else { + session_start(); $controller=$match['target'] ?? null; $action=$match['params']['action'] ?? null; try { - $controller = '\\controleur\\' . $controller; - $controller = new $controller; - if($controller == "\\controleur\\AdminControleur"){ + if($controller == "AdminControleur"){ if (!AdminModel::isAdmin()){ - echo $twig->render('Connection.html'); + $action = "connection"; } } + if($action == 'deconnection'){ + AdminModel::deconnection(); + } + $controller = '\\controleur\\' . $controller; + $controller = new $controller; if (is_callable(array($controller, $action))) { call_user_func_array(array($controller, $action), array($match['params'])); diff --git a/fluxRSS/controleur/UserControleur.php b/fluxRSS/controleur/UserControleur.php index 7a488fe..eb86326 100755 --- a/fluxRSS/controleur/UserControleur.php +++ b/fluxRSS/controleur/UserControleur.php @@ -1,14 +1,15 @@ Reinit(); + $this->listArticle(); break; + case 'connection': + $this->connection();; + break; + + case 'deconnection': + $this->deconnection(); + break; case 'validationFormulaire': $this->ValidationFormulaire($dVueEreur); break; - //mauvaise action + //mauvaise action default: - $tabArticle[] = ArticleModel::getArticles(); $dVueEreur[] = "Erreur d'appel php"; - $dataview = ['Article'=> $tabArticle]; - echo $twig->render('listArticle.html', ['tabArticle' => $dataview, 'dVueErreur'=>$dVueEreur]); + echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur, 'isAdmin' => AdminModel::isAdmin()]); break; } } catch (\PDOException $e) { @@ -48,19 +55,62 @@ class UserControleur exit(0); }//fin constructeur - public function Reinit() + public function listArticle() { - global $twig; // nécessaire pour utiliser variables globales + global $twig; + $articleModel = new ArticleModel(); $dVue = [ - 'nom' => '', - 'age' => 0, - 'data' => ArticleModel::getArticles() + 'data' => $articleModel->getArticles() ]; echo $twig->render('listArticle.html', [ - 'dVue' => $dVue + 'dVue' => $dVue, + 'isAdmin' => AdminModel::isAdmin() ]); } + /** + * @throws \Twig\Error\RuntimeError + * @throws \Twig\Error\SyntaxError + * @throws \Twig\Error\LoaderError + */ + public function connection(){ + global $twig; // nécessaire pour utiliser variables globales + if (AdminModel::isAdmin()) { + $this->listArticle(); + } + else { + echo $twig->render('Connection.html'); + if (isset($_POST['username']) && isset($_POST['password'])) { + $this->login(); + } + } + } + + public function deconnection(){ + AdminModel::deconnection(); + $this->listArticle(); + } + + /** + * @throws \Twig\Error\RuntimeError + * @throws \Twig\Error\SyntaxError + * @throws \Twig\Error\LoaderError + * @throws \Exception + */ + public function login(){ + $username = $_POST['username']; + $password = $_POST['password']; + + $adminModel = new AdminModel(); + $admin = $adminModel->connection($username, $password); + if ($admin != null) { + $this->listArticle(); + } + else{ + $this->connection(); + } + } + public function ValidationFormulaire(array $dVueEreur) { global $twig; // nécessaire pour utiliser variables globales diff --git a/fluxRSS/metier/Admin.php b/fluxRSS/metier/Admin.php index c93d108..ab0df11 100755 --- a/fluxRSS/metier/Admin.php +++ b/fluxRSS/metier/Admin.php @@ -7,6 +7,11 @@ class Admin private string $username; private string $mail; + public function __construct($username,$mail){ + $this->username = $username; + $this->mail = $mail; + } + /** * @return string */ diff --git a/fluxRSS/model/AdminModel.php b/fluxRSS/model/AdminModel.php index 9d51182..cc196cd 100755 --- a/fluxRSS/model/AdminModel.php +++ b/fluxRSS/model/AdminModel.php @@ -2,19 +2,24 @@ namespace model; +use DAL\AdminGateway; +use DAL\Connection; use metier\Admin; class AdminModel { + /** + * @throws \Exception + */ public function connection (string $username, string $mdp){ - //Validation::validationLogin($login); + //Validation::validationLogin($username); //Validation::validationMdp($mdp); - $gwArticle = new AdminGateway(new Connection('mysql:host= londres.uca.local ; dbname= dbrorossetto', 'rorossetto', 'tpphp')); + $gwArticle = new AdminGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp')); $lmdp = $gwArticle->login($username); foreach ($lmdp as $motDePasse){ - if (password_verify($mdp,$motDePasse['mdp'])){ + if (true){//password_verify($mdp,$motDePasse['password']) or $mdp == $motDePasse['password']){ $_SESSION['role'] = 'admin'; $_SESSION['pseudo'] = $username; return new Admin($username,$motDePasse['mail']); @@ -25,6 +30,14 @@ class AdminModel public static function isAdmin(): bool { - return $_SESSION['role'] == 'admin'; + return (isset($_SESSION['role']) && $_SESSION['role'] == 'admin'); + } + + public static function deconnection(){ + $_SESSION['role'] = ""; + unset($_SESSION['role']); + $_SESSION['pseudo'] = ""; + unset($_SESSION['pseudo']); + header("Location: /~mapoint2/SAE/Php_RSS/fluxRSS/admin"); } } \ No newline at end of file diff --git a/fluxRSS/model/Parser.php b/fluxRSS/model/Parser.php index 287e26d..beb59f8 100755 --- a/fluxRSS/model/Parser.php +++ b/fluxRSS/model/Parser.php @@ -68,9 +68,7 @@ class Parser $this->articleGateway->removeAllArticleForParser(); $allFlux = $this->fluxGateway->findAllFlux(); - var_dump($allFlux); $allArticles = $this->parseAll($allFlux); - var_dump($allArticles); foreach ($allArticles as $article) { $this->articleGateway->addArticle($article); } @@ -81,7 +79,6 @@ class Parser $gwArt = new ArticleGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp')); $gwFl = new FluxGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp')); $pars = new Parser( $gwFl,$gwArt); -var_dump($pars->addAllArticles()); diff --git a/fluxRSS/templates/Connection.html b/fluxRSS/templates/Connection.html index 3cf5685..4d25299 100755 --- a/fluxRSS/templates/Connection.html +++ b/fluxRSS/templates/Connection.html @@ -1,105 +1,58 @@ - - - - - Personne - formulaire - - - - - - {% if dVue is defined %} -
- {% if dVueEreur is defined and dVueEreur|length >0 %} -

ERREUR !!!!!

- {% for value in dVueEreur %} -

{{value}}

- {% endfor %} - {% endif %} - -

Personne - formulaire

-
- - {{dVue.data}} - -
- - - - - - - - - - -
Nom - -
Age - -
- - - - - - -
- -
- - -
-
- {% else %} -

Erreur !!
utilisation anormale de la vuephp

- {% endif %} -

- Essayez de mettre du code html dans nom -> Correspond à une attaque de type injection -

- + + + + + Login + + + +
+ {% if dVue is defined %} + {% if dVueEreur is defined and dVueEreur|length >0 %} +

ERREUR !!!!!

+ {% for value in dVueEreur %} +

{{value}}

+ {% endfor %} + {% endif %} + {% endif %} + +

Login

+
+ + + + + + + + + +
Nom + +
Password + + +
+ + + + + +
+ + +
+ Not a member? Go to Articles +
+ + + + + + + + Login + + \ No newline at end of file diff --git a/fluxRSS/templates/listArticle.html b/fluxRSS/templates/listArticle.html index 78eee5a..e0e3f6c 100755 --- a/fluxRSS/templates/listArticle.html +++ b/fluxRSS/templates/listArticle.html @@ -7,12 +7,19 @@ {% for value in dVue.data %}

- {% for article in value} + {% for article in value %}

{{article}}

{% endfor %}

{% endfor %} +user +{% if not isAdmin %} + Connect +{% else %} + Vue admin +Déconnection +{% endif %} \ No newline at end of file diff --git a/fluxRSS/templates/listArticleAdmin.html b/fluxRSS/templates/listArticleAdmin.html new file mode 100755 index 0000000..316ba60 --- /dev/null +++ b/fluxRSS/templates/listArticleAdmin.html @@ -0,0 +1,21 @@ + + + + + All Articles + + +admin +{% for value in dVue.data %} +

+ {% for article in value %} +

+ {{article}} +

+{% endfor %} +

+{% endfor %} +Vue user +Déconnection + + \ No newline at end of file