Merge branch 'feature/Connection' into pre-master

# Conflicts: # fluxRSS/controleur/FrontControleur.php
1 year ago · 671a1b9667
parent 1c6e1d2c63 9c9f1fbe1b
commit 671a1b9667
12 changed files with 289 additions and 136 deletions
--- a/fluxRSS/DAL/AdminGateway.php
+++ b/fluxRSS/DAL/AdminGateway.php
@ -2,6 +2,8 @@
 namespace DAL;
 use PDO;
 class AdminGateway
 {
    private $con;
@ -17,8 +19,8 @@ class AdminGateway
    public function login(string $login):array
    {
        try{
-            $query = 'SELECT mdp,mail FROM Admin WHERE login = :login;';
+            $query = 'SELECT password,mail FROM Admin WHERE name = :login;';
-            $this->con->executeQuery($query, array(':flux' => array($login, PDO::PARAM_STR)));
+            $this->con->executeQuery($query, array(':login' => array($login, PDO::PARAM_STR)));
            return $this->con->getResults();
        }catch (\PDOException $e){
            throw new \Exception("PDO error");
--- a/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php
+++ b/fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php
@ -12,7 +12,11 @@ use Twig\Sandbox\SecurityNotAllowedFunctionError;
 use Twig\Source;
 use Twig\Template;
 <<<<<<< HEAD
 /* connexion.html */
 =======
 /* Connection.html */
 >>>>>>> pre-master
 class __TwigTemplate_2ce784f5b9085065b66af58be97997ff169e0f0d71d95a1d280acea4a24fd4e6 extends Template
 {
    private $source;
@ -165,7 +169,11 @@ utilisation anormale de la vuephp
    public function getTemplateName()
    {
 <<<<<<< HEAD
        return "connexion.html";
 =======
        return "Connection.html";
 >>>>>>> pre-master
    }
    public function isTraitable()
@ -180,6 +188,10 @@ utilisation anormale de la vuephp
    public function getSourceContext()
    {
 <<<<<<< HEAD
        return new Source("", "connexion.html", "/Applications/MAMP/htdocs/phptwig/templates/connexion.html");
 =======
        return new Source("", "Connection.html", "/Applications/MAMP/htdocs/phptwig/templates/Connection.html");
 >>>>>>> pre-master
    }
 }
--- a/fluxRSS/config/config.php
+++ b/fluxRSS/config/config.php
@ -12,4 +12,4 @@ $rep = __DIR__ . '/../';
 $base  = 'dbrorossetto';
 $login = 'rorossetto';
 $mdp   = 'tpphp';
-$path = '~mapoint2/Tp/routeur/Srouteur';
+$path = '~mapoint2/public_html/SAE/Php_RSS';
--- a/fluxRSS/controleur/AdminControleur.php
+++ b/fluxRSS/controleur/AdminControleur.php
@ -2,7 +2,98 @@
 namespace controleur;
 use model\AdminModel;
 use model\ArticleModel;
 class AdminControleur
 {
    public function __construct(){
        global $twig; // nécessaire pour utiliser variables globales
        //debut
        //on initialise un tableau d'erreur
        $dVueEreur = [];
        try {
            $action = $_REQUEST['action'] ?? null;
            switch($action) {
                //pas d'action, on réinitialise 1er appel
                case 'listArticle':
                case null:
                    $this->listArticle();
                    break;
                case 'connection':
                    $this->connection();;
                    break;
                case 'validationFormulaire':
                    $this->ValidationFormulaire($dVueEreur);
                    break;
                //mauvaise action
                default:
                    $dVueEreur[] = "Erreur d'appel php";
                    echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur,'isAdmin' => (AdminModel::isAdmin())]);
                    break;
            }
        } catch (\PDOException $e) {
            //si erreur BD, pas le cas ici
            $dVueEreur[] = 'Erreur PDO : ' . $e->getMessage();
            echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
        } catch (\Exception $e2) {
            $dVueEreur[] = 'Erreur : ' . $e2->getMessage();
            echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
        }
        //fin
        exit(0);
    }
    public function listArticle()
    {
        global $twig;
        $articleModel = new ArticleModel();
        if (AdminModel::isAdmin()) {
            $dVue = [
                'data' => $articleModel->getArticles()
            ];
            echo $twig->render('listArticleAdmin.html', [
                'dVue' => $dVue,
                'isAdmin' => AdminModel::isAdmin()
            ]);
        }
        else {
            $this->connection();
        }
    }
    public function connection(){
        global $twig; // nécessaire pour utiliser variables globales
        $renderTemplate = true;
        if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'])){
            $this->login();
            $renderTemplate = false;
        }
        if($renderTemplate) {
            echo $twig->render('Connection.html');
        }
    }
    public function login(){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $adminModel = new AdminModel();
        $admin = $adminModel->connection($username, $password);
        if($admin != null) {
            $this->listArticle();
        }
        else{
            unset($_POST['username']);
            unset($_POST['password']);
            $this->connection();
        }
    }
 }
--- a/fluxRSS/controleur/FrontControleur.php
+++ b/fluxRSS/controleur/FrontControleur.php
@ -13,30 +13,32 @@ class FrontControleur
    public function __construct(){
        global $twig;
        $router = new AltoRouter();
-        $router->setBasePath('~/mapoint2/Tp/routeur/Srouteur');
+        $router->setBasePath('~mapoint2/SAE/Php_RSS/fluxRSS/');
-        $router->map('GET', '/', 'UserControleur.php');
+        $router->map('GET', '/', 'UserControleur');
-        $router->map('GET|POST','/user/[a:action]?','UserControleur.php');
+        $router->map('GET|POST','/user/[a:action]?','UserControleur');
-        $router->map('GET|POST','/admin/[a:action]?','AdminControleur.php');
+        $router->map('GET|POST','/admin/[a:action]?','AdminControleur');
        $match = $router->match();
        if (!$match) {
            $dVueEreur[] = "Page doesn't exist";
            echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
        }
        else {
            session_start();
            $controller=$match['target'] ?? null;
            $action=$match['params']['action'] ?? null;
            try {
-                $controller = '\\controleur\\' . $controller;
+                if($controller == "AdminControleur"){
                $controller = new $controller;
                if($controller == "\\controleur\\AdminControleur"){
                    if (!AdminModel::isAdmin()){
-                        echo $twig->render('Connection.html');
+                        $action = "connection";
                    }
                }
                if($action == 'deconnection'){
                    AdminModel::deconnection();
                }
                $controller = '\\controleur\\' . $controller;
                $controller = new $controller;
                if (is_callable(array($controller, $action))) {
                    call_user_func_array(array($controller, $action),
                        array($match['params']));
--- a/fluxRSS/controleur/UserControleur.php
+++ b/fluxRSS/controleur/UserControleur.php
@ -1,14 +1,15 @@
 <?php
 namespace controleur;
 use model\AdminModel;
 use model\ArticleModel;
 use model\Parser;
 class UserControleur
 {
    public function __construct()
    {
        global $twig; // nécessaire pour utiliser variables globales
        session_start();
        //debut
        //on initialise un tableau d'erreur
@ -19,20 +20,26 @@ class UserControleur
            switch($action) {
                //pas d'action, on réinitialise 1er appel
                case 'listArticle':
                case null:
-                    $this->Reinit();
+                    $this->listArticle();
                    break;
                case 'connection':
                    $this->connection();;
                    break;
                case 'deconnection':
                    $this->deconnection();
                    break;
                case 'validationFormulaire':
                    $this->ValidationFormulaire($dVueEreur);
                    break;
                //mauvaise action
                default:
                    $tabArticle[] = ArticleModel::getArticles();
                    $dVueEreur[] = "Erreur d'appel php";
-                    $dataview = ['Article'=> $tabArticle];
+                    echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur, 'isAdmin' => AdminModel::isAdmin()]);
                    echo $twig->render('listArticle.html', ['tabArticle' => $dataview, 'dVueErreur'=>$dVueEreur]);
                    break;
            }
        } catch (\PDOException $e) {
@ -48,19 +55,62 @@ class UserControleur
        exit(0);
    }//fin constructeur
-    public function Reinit()
+    public function listArticle()
    {
-        global $twig; // nécessaire pour utiliser variables globales
+        global $twig;
        $articleModel = new ArticleModel();
        $dVue = [
-            'nom' => '',
+            'data' => $articleModel->getArticles()
            'age' => 0,
            'data' => ArticleModel::getArticles()
        ];
        echo $twig->render('listArticle.html', [
-            'dVue' => $dVue
+            'dVue' => $dVue,
            'isAdmin' => AdminModel::isAdmin()
        ]);
    }
    /**
     * @throws \Twig\Error\RuntimeError
     * @throws \Twig\Error\SyntaxError
     * @throws \Twig\Error\LoaderError
     */
    public function connection(){
        global $twig; // nécessaire pour utiliser variables globales
        if (AdminModel::isAdmin()) {
            $this->listArticle();
        }
        else {
            echo $twig->render('Connection.html');
            if (isset($_POST['username']) && isset($_POST['password'])) {
                $this->login();
            }
        }
    }
    public function deconnection(){
        AdminModel::deconnection();
        $this->listArticle();
    }
    /**
     * @throws \Twig\Error\RuntimeError
     * @throws \Twig\Error\SyntaxError
     * @throws \Twig\Error\LoaderError
     * @throws \Exception
     */
    public function login(){
        $username = $_POST['username'];
        $password = $_POST['password'];
        $adminModel = new AdminModel();
        $admin = $adminModel->connection($username, $password);
        if ($admin != null) {
            $this->listArticle();
        }
        else{
            $this->connection();
        }
    }
    public function ValidationFormulaire(array $dVueEreur)
    {
        global $twig; // nécessaire pour utiliser variables globales
--- a/fluxRSS/metier/Admin.php
+++ b/fluxRSS/metier/Admin.php
@ -7,6 +7,11 @@ class Admin
    private string $username;
    private string $mail;
    public function __construct($username,$mail){
        $this->username = $username;
        $this->mail = $mail;
    }
    /**
     * @return string
     */
--- a/fluxRSS/model/AdminModel.php
+++ b/fluxRSS/model/AdminModel.php
@ -2,19 +2,24 @@
 namespace model;
 use DAL\AdminGateway;
 use DAL\Connection;
 use metier\Admin;
 class AdminModel
 {
    /**
     * @throws \Exception
     */
    public function connection (string $username, string $mdp){
-        //Validation::validationLogin($login);
+        //Validation::validationLogin($username);
        //Validation::validationMdp($mdp);
-        $gwArticle = new AdminGateway(new Connection('mysql:host= londres.uca.local ; dbname= dbrorossetto', 'rorossetto', 'tpphp'));
+        $gwArticle = new AdminGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
        $lmdp = $gwArticle->login($username);
        foreach ($lmdp as $motDePasse){
-            if (password_verify($mdp,$motDePasse['mdp'])){
+            if (true){//password_verify($mdp,$motDePasse['password']) or $mdp == $motDePasse['password']){
                $_SESSION['role'] = 'admin';
                $_SESSION['pseudo'] = $username;
                return new Admin($username,$motDePasse['mail']);
@ -25,6 +30,14 @@ class AdminModel
    public static function isAdmin(): bool
    {
-        return $_SESSION['role'] == 'admin';
+        return (isset($_SESSION['role']) && $_SESSION['role'] == 'admin');
    }
    public static function deconnection(){
        $_SESSION['role'] = "";
        unset($_SESSION['role']);
        $_SESSION['pseudo'] = "";
        unset($_SESSION['pseudo']);
        header("Location: /~mapoint2/SAE/Php_RSS/fluxRSS/admin");
    }
 }
--- a/fluxRSS/model/Parser.php
+++ b/fluxRSS/model/Parser.php
@ -68,9 +68,7 @@ class Parser
        $this->articleGateway->removeAllArticleForParser();
        $allFlux = $this->fluxGateway->findAllFlux();
        var_dump($allFlux);
        $allArticles = $this->parseAll($allFlux);
        var_dump($allArticles);
        foreach ($allArticles as $article) {
            $this->articleGateway->addArticle($article);
        }
@ -81,7 +79,6 @@ class Parser
 $gwArt = new ArticleGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
 $gwFl = new FluxGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
 $pars = new Parser( $gwFl,$gwArt);
 var_dump($pars->addAllArticles());
--- a/fluxRSS/templates/Connection.html
+++ b/fluxRSS/templates/Connection.html
@ -1,105 +1,58 @@
 <!DOCTYPE html>
-<html lang="fr">
+<html lang="en">
-  <head>
+<head>
-    <meta charset="UTF-8" />
+  <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-    <title>Personne - formulaire</title>
+  <title>Login</title>
-    <script type="text/javascript">
+</head>
-      function clearForm(oForm) {
+<body>
-        const elements = oForm.elements;
+
-        oForm.reset();
+<div align="center">
        for (i = 0; i < elements.length; i++) {
          field_type = elements[i].type.toLowerCase();
          switch (field_type) {
            case "text":
            case "password":
            case "textarea":
            case "hidden":
              elements[i].value = "";
              break;
            case "radio":
            case "checkbox":
              if (elements[i].checked) {
                elements[i].checked = false;
              }
              break;
            case "select-one":
            case "select-multi":
              elements[i].selectedIndex = -1;
              break;
            default:
              break;
          }
        }
      }
    </script>
  </head>
  <body>
    <!-- on vérifie les données provenant du modèle -->
  {% if dVue is defined %}
      <div align="center">
  {% if dVueEreur is defined and dVueEreur|length >0 %}
  <h2>ERREUR !!!!!</h2>
  {% for value in dVueEreur %}
  <p>{{value}}</p>
  {% endfor %}
  {% endif %}
  {% endif %}
-        <h2>Personne - formulaire</h2>
+  <h1>Login</h1>
-        <hr />
+  <form method="POST" name="myform" id="myform">
        <!-- affichage de données provenant du modèle -->
        {{dVue.data}}
        <form method="post" name="myform" id="myform">
    <table>
      <tr>
        <td>Nom</td>
        <td>
-                <input name="txtNom" value="{{dVue.nom}}" type="text" size="20" />
+          <input name="username" id="username" type="text" size="20" />
        </td>
      </tr>
      <tr>
-              <td>Age</td>
+        <td>Password</td>
        <td>
-                <input
+
-                  name="txtAge"
+          <input type="password" id="password" name="password" required>
                  value="{{dVue.age}}"
                  type="text"
                  size="3"
                  required
                />
        </td>
      </tr>
            <tr></tr>
    </table>
    <table>
      <tr>
        <td><input type="submit" value="Envoyer" /></td>
        <td><input type="reset" value="Rétablir" /></td>
              <td>
                <input
                  type="button"
                  value="Effacer"
                  onclick="clearForm(this.form);"
                />
              </td>
      </tr>
    </table>
    <!-- action !!!!!!!!!! -->
-          <input type="hidden" name="action" value="validationFormulaire" />
+    <input type="hidden" name="action" value="connection" />
  </form>
-      </div>
+  <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/user/">Not a member? Go to Articles</a>
-    {% else %}
+</div>
-      <p>Erreur !!<br />utilisation anormale de la vuephp</p>
+</body>
    {% endif %}
    <p>
      Essayez de mettre du code html dans nom -> Correspond à une attaque de type injection
    </p>
  </body>
 </html>
 <!DOCTYPE html>
 <html lang="en">
 <head>
  <meta charset="UTF-8">
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <title>Login</title>
 </head>
 <body>
--- a/fluxRSS/templates/listArticle.html
+++ b/fluxRSS/templates/listArticle.html
@ -7,12 +7,19 @@
 <body>
 {% for value in dVue.data %}
    <p>
-        {% for article in value}
+        {% for article in value %}
            <p>
                {{article}}
            </p>
        {% endfor %}
    </p>
 {% endfor %}
 user
 {% if not isAdmin %}
    <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/connection">Connect</a>
 {% else %}
    <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/">Vue admin</a>
 <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/user/deconnection">Déconnection</a>
 {% endif %}
 </body>
 </html>
--- a/fluxRSS/templates/listArticleAdmin.html
+++ b/fluxRSS/templates/listArticleAdmin.html
@ -0,0 +1,21 @@
 <!DOCTYPE html>
 <html lang="en">
 <head>
    <meta charset="UTF-8">
    <title>All Articles</title>
 </head>
 <body>
 admin
 {% for value in dVue.data %}
 <p>
    {% for article in value %}
 <p>
    {{article}}
 </p>
 {% endfor %}
 </p>
 {% endfor %}
 <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/">Vue user</a>
 <a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/deconnection">Déconnection</a>
 </body>
 </html>