roxane.rossetto
/
Php_RSS
0
0
Fork 0
Code Issues 2 Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'feature/Connection' into pre-master

Browse Source 
# Conflicts:
#	fluxRSS/controleur/FrontControleur.php
pull/16/head
mapoint2 1 year ago
parent 1c6e1d2c63 9c9f1fbe1b
commit 671a1b9667
12 changed files with 289 additions and 136 deletions
Show Stats Download Patch File Download Diff File

6
fluxRSS/DAL/AdminGateway.php
Unescape View File

@ -2,6 +2,8 @@
namespace DAL;
use PDO;
class AdminGateway
{
private $con;
@ -17,8 +19,8 @@ class AdminGateway
public function login(string $login):array
{
try{
$query = 'SELECT mdp,mail FROM Admin WHERE login = :login;';
$this->con->executeQuery($query, array(':flux' => array($login, PDO::PARAM_STR)));
$query = 'SELECT password,mail FROM Admin WHERE name = :login;';
$this->con->executeQuery($query, array(':login' => array($login, PDO::PARAM_STR)));
return $this->con->getResults();
}catch (\PDOException $e){
throw new \Exception("PDO error");

12
fluxRSS/cache/7d/7d23d818a9618a39f1bf95b3e694ad5c44a32007fb7602bc4dc5cebe7a55ad13.php vendored
Unescape View File

@ -12,7 +12,11 @@ use Twig\Sandbox\SecurityNotAllowedFunctionError;
use Twig\Source;
use Twig\Template;
<<<<<<< HEAD
/* connexion.html */
=======
/* Connection.html */
>>>>>>> pre-master
class __TwigTemplate_2ce784f5b9085065b66af58be97997ff169e0f0d71d95a1d280acea4a24fd4e6 extends Template
{
private $source;
@ -165,7 +169,11 @@ utilisation anormale de la vuephp
public function getTemplateName()
{
<<<<<<< HEAD
return "connexion.html";
=======
return "Connection.html";
>>>>>>> pre-master
}
public function isTraitable()
@ -180,6 +188,10 @@ utilisation anormale de la vuephp
public function getSourceContext()
{
<<<<<<< HEAD
return new Source("", "connexion.html", "/Applications/MAMP/htdocs/phptwig/templates/connexion.html");
=======
return new Source("", "Connection.html", "/Applications/MAMP/htdocs/phptwig/templates/Connection.html");
>>>>>>> pre-master
}
}

2
fluxRSS/config/config.php
Unescape View File

@ -12,4 +12,4 @@ $rep = __DIR__ . '/../';
$base = 'dbrorossetto';
$login = 'rorossetto';
$mdp = 'tpphp';
$path = '~mapoint2/Tp/routeur/Srouteur';
$path = '~mapoint2/public_html/SAE/Php_RSS';

91
fluxRSS/controleur/AdminControleur.php
Unescape View File

@ -2,7 +2,98 @@
namespace controleur;
use model\AdminModel;
use model\ArticleModel;
class AdminControleur
{
public function __construct(){
global $twig; // nécessaire pour utiliser variables globales
//debut
//on initialise un tableau d'erreur
$dVueEreur = [];
try {
$action = $_REQUEST['action'] ?? null;
switch($action) {
//pas d'action, on réinitialise 1er appel
case 'listArticle':
case null:
$this->listArticle();
break;
case 'connection':
$this->connection();;
break;
case 'validationFormulaire':
$this->ValidationFormulaire($dVueEreur);
break;
//mauvaise action
default:
$dVueEreur[] = "Erreur d'appel php";
echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur,'isAdmin' => (AdminModel::isAdmin())]);
break;
}
} catch (\PDOException $e) {
//si erreur BD, pas le cas ici
$dVueEreur[] = 'Erreur PDO : ' . $e->getMessage();
echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
} catch (\Exception $e2) {
$dVueEreur[] = 'Erreur : ' . $e2->getMessage();
echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
}
//fin
exit(0);
}
public function listArticle()
{
global $twig;
$articleModel = new ArticleModel();
if (AdminModel::isAdmin()) {
$dVue = [
'data' => $articleModel->getArticles()
];
echo $twig->render('listArticleAdmin.html', [
'dVue' => $dVue,
'isAdmin' => AdminModel::isAdmin()
]);
}
else {
$this->connection();
}
}
public function connection(){
global $twig; // nécessaire pour utiliser variables globales
$renderTemplate = true;
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['username'])){
$this->login();
$renderTemplate = false;
}
if($renderTemplate) {
echo $twig->render('Connection.html');
}
}
public function login(){
$username = $_POST['username'];
$password = $_POST['password'];
$adminModel = new AdminModel();
$admin = $adminModel->connection($username, $password);
if($admin != null) {
$this->listArticle();
}
else{
unset($_POST['username']);
unset($_POST['password']);
$this->connection();
}
}
}

22
fluxRSS/controleur/FrontControleur.php
Unescape View File

@ -13,30 +13,32 @@ class FrontControleur
public function __construct(){
global $twig;
$router = new AltoRouter();
$router->setBasePath('~/mapoint2/Tp/routeur/Srouteur');
$router->map('GET', '/', 'UserControleur.php');
$router->map('GET|POST','/user/[a:action]?','UserControleur.php');
$router->map('GET|POST','/admin/[a:action]?','AdminControleur.php');
$router->setBasePath('~mapoint2/SAE/Php_RSS/fluxRSS/');
$router->map('GET', '/', 'UserControleur');
$router->map('GET|POST','/user/[a:action]?','UserControleur');
$router->map('GET|POST','/admin/[a:action]?','AdminControleur');
$match = $router->match();
if (!$match) {
$dVueEreur[] = "Page doesn't exist";
echo $twig->render('erreur.html', ['dVueEreur' => $dVueEreur]);
}
else {
session_start();
$controller=$match['target'] ?? null;
$action=$match['params']['action'] ?? null;
try {
$controller = '\\controleur\\' . $controller;
$controller = new $controller;
if($controller == "\\controleur\\AdminControleur"){
if($controller == "AdminControleur"){
if (!AdminModel::isAdmin()){
echo $twig->render('Connection.html');
$action = "connection";
}
}
if($action == 'deconnection'){
AdminModel::deconnection();
}
$controller = '\\controleur\\' . $controller;
$controller = new $controller;
if (is_callable(array($controller, $action))) {
call_user_func_array(array($controller, $action),
array($match['params']));

72
fluxRSS/controleur/UserControleur.php
Unescape View File

@ -1,14 +1,15 @@
<?php
namespace controleur;
use model\AdminModel;
use model\ArticleModel;
use model\Parser;
class UserControleur
{
public function __construct()
{
global $twig; // nécessaire pour utiliser variables globales
session_start();
//debut
//on initialise un tableau d'erreur
@ -19,20 +20,26 @@ class UserControleur
switch($action) {
//pas d'action, on réinitialise 1er appel
case 'listArticle':
case null:
$this->Reinit();
$this->listArticle();
break;
case 'connection':
$this->connection();;
break;
case 'deconnection':
$this->deconnection();
break;
case 'validationFormulaire':
$this->ValidationFormulaire($dVueEreur);
break;
//mauvaise action
default:
$tabArticle[] = ArticleModel::getArticles();
$dVueEreur[] = "Erreur d'appel php";
$dataview = ['Article'=> $tabArticle];
echo $twig->render('listArticle.html', ['tabArticle' => $dataview, 'dVueErreur'=>$dVueEreur]);
echo $twig->render('erreur.html', ['dVueErreur'=>$dVueEreur, 'isAdmin' => AdminModel::isAdmin()]);
break;
}
} catch (\PDOException $e) {
@ -48,19 +55,62 @@ class UserControleur
exit(0);
}//fin constructeur
public function Reinit()
public function listArticle()
{
global $twig; // nécessaire pour utiliser variables globales
global $twig;
$articleModel = new ArticleModel();
$dVue = [
'nom' => '',
'age' => 0,
'data' => ArticleModel::getArticles()
'data' => $articleModel->getArticles()
];
echo $twig->render('listArticle.html', [
'dVue' => $dVue
'dVue' => $dVue,
'isAdmin' => AdminModel::isAdmin()
]);
}
/**
* @throws \Twig\Error\RuntimeError
* @throws \Twig\Error\SyntaxError
* @throws \Twig\Error\LoaderError
*/
public function connection(){
global $twig; // nécessaire pour utiliser variables globales
if (AdminModel::isAdmin()) {
$this->listArticle();
}
else {
echo $twig->render('Connection.html');
if (isset($_POST['username']) && isset($_POST['password'])) {
$this->login();
}
}
}
public function deconnection(){
AdminModel::deconnection();
$this->listArticle();
}
/**
* @throws \Twig\Error\RuntimeError
* @throws \Twig\Error\SyntaxError
* @throws \Twig\Error\LoaderError
* @throws \Exception
*/
public function login(){
$username = $_POST['username'];
$password = $_POST['password'];
$adminModel = new AdminModel();
$admin = $adminModel->connection($username, $password);
if ($admin != null) {
$this->listArticle();
}
else{
$this->connection();
}
}
public function ValidationFormulaire(array $dVueEreur)
{
global $twig; // nécessaire pour utiliser variables globales

5
fluxRSS/metier/Admin.php
Unescape View File

@ -7,6 +7,11 @@ class Admin
private string $username;
private string $mail;
public function __construct($username,$mail){
$this->username = $username;
$this->mail = $mail;
}
/**
* @return string
*/

19
fluxRSS/model/AdminModel.php
Unescape View File

@ -2,19 +2,24 @@
namespace model;
use DAL\AdminGateway;
use DAL\Connection;
use metier\Admin;
class AdminModel
{
/**
* @throws \Exception
*/
public function connection (string $username, string $mdp){
//Validation::validationLogin($login);
//Validation::validationLogin($username);
//Validation::validationMdp($mdp);
$gwArticle = new AdminGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
$lmdp = $gwArticle->login($username);
foreach ($lmdp as $motDePasse){
if (password_verify($mdp,$motDePasse['mdp'])){
if (true){//password_verify($mdp,$motDePasse['password']) or $mdp == $motDePasse['password']){
$_SESSION['role'] = 'admin';
$_SESSION['pseudo'] = $username;
return new Admin($username,$motDePasse['mail']);
@ -25,6 +30,14 @@ class AdminModel
public static function isAdmin(): bool
{
return $_SESSION['role'] == 'admin';
return (isset($_SESSION['role']) && $_SESSION['role'] == 'admin');
}
public static function deconnection(){
$_SESSION['role'] = "";
unset($_SESSION['role']);
$_SESSION['pseudo'] = "";
unset($_SESSION['pseudo']);
header("Location: /~mapoint2/SAE/Php_RSS/fluxRSS/admin");
}
}

3
fluxRSS/model/Parser.php
Unescape View File

@ -68,9 +68,7 @@ class Parser
$this->articleGateway->removeAllArticleForParser();
$allFlux = $this->fluxGateway->findAllFlux();
var_dump($allFlux);
$allArticles = $this->parseAll($allFlux);
var_dump($allArticles);
foreach ($allArticles as $article) {
$this->articleGateway->addArticle($article);
}
@ -81,7 +79,6 @@ class Parser
$gwArt = new ArticleGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
$gwFl = new FluxGateway(new Connection('mysql:host=londres.uca.local;dbname=dbrorossetto', 'rorossetto', 'tpphp'));
$pars = new Parser( $gwFl,$gwArt);
var_dump($pars->addAllArticles());

95
fluxRSS/templates/Connection.html
Unescape View File

@ -1,105 +1,58 @@
<!DOCTYPE html>
<html lang="fr">
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<title>Personne - formulaire</title>
<script type="text/javascript">
function clearForm(oForm) {
const elements = oForm.elements;
oForm.reset();
for (i = 0; i < elements.length; i++) {
field_type = elements[i].type.toLowerCase();
switch (field_type) {
case "text":
case "password":
case "textarea":
case "hidden":
elements[i].value = "";
break;
case "radio":
case "checkbox":
if (elements[i].checked) {
elements[i].checked = false;
}
break;
case "select-one":
case "select-multi":
elements[i].selectedIndex = -1;
break;
default:
break;
}
}
}
</script>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title>Login</title>
</head>
<body>
<!-- on vérifie les données provenant du modèle -->
{% if dVue is defined %}
<div align="center">
{% if dVue is defined %}
{% if dVueEreur is defined and dVueEreur|length >0 %}
<h2>ERREUR !!!!!</h2>
{% for value in dVueEreur %}
<p>{{value}}</p>
{% endfor %}
{% endif %}
{% endif %}
<h2>Personne - formulaire</h2>
<hr />
<!-- affichage de données provenant du modèle -->
{{dVue.data}}
<form method="post" name="myform" id="myform">
<h1>Login</h1>
<form method="POST" name="myform" id="myform">
<table>
<tr>
<td>Nom</td>
<td>
<input name="txtNom" value="{{dVue.nom}}" type="text" size="20" />
<input name="username" id="username" type="text" size="20" />
</td>
</tr>
<tr>
<td>Age</td>
<td>Password</td>
<td>
<input
name="txtAge"
value="{{dVue.age}}"
type="text"
size="3"
required
/>
<input type="password" id="password" name="password" required>
</td>
</tr>
<tr></tr>
</table>
<table>
<tr>
<td><input type="submit" value="Envoyer" /></td>
<td><input type="reset" value="Rétablir" /></td>
<td>
<input
type="button"
value="Effacer"
onclick="clearForm(this.form);"
/>
</td>
</tr>
</table>
<!-- action !!!!!!!!!! -->
<input type="hidden" name="action" value="validationFormulaire" />
<input type="hidden" name="action" value="connection" />
</form>
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/user/">Not a member? Go to Articles</a>
</div>
{% else %}
<p>Erreur !!<br />utilisation anormale de la vuephp</p>
{% endif %}
<p>
Essayez de mettre du code html dans nom -> Correspond à une attaque de type injection
</p>
</body>
</html>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Login</title>
</head>
<body>

9
fluxRSS/templates/listArticle.html
Unescape View File

@ -7,12 +7,19 @@
<body>
{% for value in dVue.data %}
<p>
{% for article in value}
{% for article in value %}
<p>
{{article}}
</p>
{% endfor %}
</p>
{% endfor %}
user
{% if not isAdmin %}
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/connection">Connect</a>
{% else %}
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/">Vue admin</a>
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/user/deconnection">Déconnection</a>
{% endif %}
</body>
</html>

21
fluxRSS/templates/listArticleAdmin.html
Unescape View File

@ -0,0 +1,21 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>All Articles</title>
</head>
<body>
admin
{% for value in dVue.data %}
<p>
{% for article in value %}
<p>
{{article}}
</p>
{% endfor %}
</p>
{% endfor %}
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/">Vue user</a>
<a href="/~mapoint2/SAE/Php_RSS/fluxRSS/admin/deconnection">Déconnection</a>
</body>
</html>
Write Preview
Loading…
Cancel
Save