From 0070f84ea4b526614c6ae007cd2392adc7bc41ee Mon Sep 17 00:00:00 2001
From: Loris BALOCCHI <loris.balocchi@etu.u-pec.fr>
Date: Mon, 10 Jun 2024 23:23:51 +0200
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=A7=20modification=20du=20login/regist?=
 =?UTF-8?q?er=20+=20impl=C3=A9mentation=20du=20cookie=20de=20session=20Co-?=
 =?UTF-8?q?authored-by:=20Charpentier=20Juliette=20<juliette.charpentier1@?=
 =?UTF-8?q?etu.u-pec.fr>?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 account/login/index.php       |   4 +-
 account/login/login.php       | 123 +++++++++++++++++------------
 account/profile/index.php     |  40 +++++++++-
 account/register/index.php    |   4 +-
 account/register/register.php | 142 ++++++++++++++++++++++++++--------
 base.html                     |  18 ++++-
 tools/logout.php              |  36 +++++++++
 views/footer.php              |  24 +++++-
 views/header.php              |  26 ++++++-
 9 files changed, 321 insertions(+), 96 deletions(-)
 create mode 100644 tools/logout.php

diff --git a/account/login/index.php b/account/login/index.php
index 1fcb6d0..36a9460 100644
--- a/account/login/index.php
+++ b/account/login/index.php
@@ -22,7 +22,7 @@
         <img src="https://cdn-icons-png.flaticon.com/512/4139/4139948.png" alt="Avatar">
         <h2 class="login-title">Connexion à votre compte</h2>
         <p class="login-subtitle">Connectez-vous afin d'accéder à l'entièreté du site.</p>
-        <form action="login/login.php" method="post">
+        <form action="/account/login/login.php" method="post">
             <div class="form-group">
                 <label for="email">Adresse mail</label>
                 <input type="email" id="email" name="email" placeholder="username@example.com" required placeholder=" ">
@@ -34,7 +34,7 @@
 
             <div class="form-group forgot-password">
             </div>
-            <button type="submit" class="submit-button" action="../../tools"><i class="fas fa-sign-in-alt"></i>
+            <button type="submit" class="submit-button"><i class="fas fa-sign-in-alt"></i>
                 Connexion</i></button>
         </form>
         <p class="no-account">Vous n'avez pas de compte ? <a href="../account/register">Créez un compte pour commencer
diff --git a/account/login/login.php b/account/login/login.php
index 7ddde1d..7e62959 100644
--- a/account/login/login.php
+++ b/account/login/login.php
@@ -5,19 +5,6 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
     $email = htmlspecialchars($_POST["email"]);
     $password = htmlspecialchars($_POST["password"]);
 }
-?>
-
-
-<?php
-/*
-if (isset($_COOKIE["savemdp"])) {
-    $savemdp = $_COOKIE["savemdp"];
-} else {
-    $savemdp = null;
-
-    setcookie("savemdp", $savemdp, time() + 3600);
-}*/
-?>
 
 /*
 hasher le mdp
@@ -26,47 +13,81 @@ hasher le mdp
 - créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
 une fois bien connecté, on redirige vers /account/profile
 */
-<html>
+?>
+<?php
+$hashedPassword = sha1($password);
+$resultat = mysqli_query($db, "SELECT *
+                               FROM user 
+                               WHERE mail = $email AND password = $hashedPassword");
 
-<head>
-    <meta charset="UTF-8" />
-</head>
+$query = "SELECT mail, password              
+                  FROM user 
+                  WHERE mail = '$email'";
+$result = mysqli_query($db, $query);
 
-<body container>
-    <form method="POST" action="https://but.lbalocchi.fr/account/login">
-        <?php
-        $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-        $resultat = mysqli_query($db, "SELECT mail, password 
-                                           FROM user 
-                                           WHERE mail = $email AND password = $hashedPassword");
-        echo "adresse mail : " . $email . "<br>";
-        echo "mot de passe : " . $password . "<br>";
-        /*test loris*/
-        $query = "SELECT mail, password                           FROM user 
-                      WHERE mail = '$email'";
-        $result = mysqli_query($db, $query);
+if (!$result) {
+    die("Erreur lors de l'exécution de la requête.");
+}
 
-        if (!$result) {
-            die("Erreur lors de l'exécution de la requête.");
-        }
+if (!$password) {
+    die("Combinaison email/mot de passe incorrecte.");
+}
+if (!$email) {
+    die("Combinaison email/mot de passe incorrecte.");
+} else {
+    echo "<p>Connexion réussie</p>";
 
-        $row = mysqli_fetch_assoc($result);
-        $storedPassword = $row['password'];
+    // Requête pour récupérer les informations de l'utilisateur
+    $query = "SELECT name, family_name, role FROM user WHERE mail = '$email'";
+    $result = mysqli_query($db, $query);
 
-        if (password_verify($password, $storedPassword)) {
-            // Authentication successful
-            // Set the necessary cookies and redirect to /account/profile
-            // ...
-        } else {
-            die("Combinaison email/mot de passe incorrecte.");
-        }
-        ?>
+    if (!$result) {
+        die('Erreur de requête : ' . mysqli_error($db));
+    }
 
-        Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that
-        corresponds to
-        your MariaDB server version for the right syntax to use near '@fesse.fr AND password =
-        $2y$10$whzDnlmJvcSJdXqkr7SoAu5B7gmxJgcVPNT3Nr9oAPMAd...' at line 3 in
-        C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php:28 Stack trace: #0
-        C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php(28): mysqli_query(Object(mysqli), 'SELECT
-        mail,
-        pa...') #1 {main} thrown in C:\Users\Loris\Documents\DEV\gitea\SAE_web\account\login\login.php on line 28
\ No newline at end of file
+    // Récupération des données
+    if ($row = mysqli_fetch_assoc($result)) {
+        $nameFetched = $row['name'];
+        $familyNameFetched = $row['family_name'];
+        $roleFetched = $row['role'];
+    } else {
+        echo "Aucun utilisateur trouvé avec cet email.";
+    }
+
+
+    $userData = array(
+        "email" => $email,
+        "name" => $nameFetched,
+        "familyName" => $familyNameFetched,
+        "role" => $roleFetched
+    );
+
+    $userDataEncoded = json_encode($userData);
+
+    setcookie("userData", $userDataEncoded, time() + 3600, "/");
+
+
+    if (isset($_COOKIE['userData'])) {
+        $userDataEncoded = $_COOKIE['userData'];
+        $userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
+
+        echo "Email : " . $userData['email'] . "<br>";
+        echo "Prénom : " . $userData['name'] . "<br>";
+        echo "Nom : " . $userData['familyName'] . "<br>";
+        echo "Rôle : " . $userData['role'] . "<br>";
+    } else {
+        echo "Cookie 'userData' non trouvé.";
+    }
+
+
+
+
+}
+
+
+$newURL = "/account/profile";
+header("Location: " . $newURL);
+die();
+
+
+?>
\ No newline at end of file
diff --git a/account/profile/index.php b/account/profile/index.php
index cec9851..8f2e209 100644
--- a/account/profile/index.php
+++ b/account/profile/index.php
@@ -1,3 +1,26 @@
+<?php
+header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
+header("Cache-Control: post-check=0, pre-check=0", false);
+header("Pragma: no-cache");
+
+require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
+session_start();
+
+if (isset($_COOKIE['userData'])) {
+    $userDataEncoded = $_COOKIE['userData'];
+    $userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
+
+    $email = $userData['email'];
+    $name = $userData['name'];
+    $familyName = $userData['familyName'];
+    $role = $userData['role'];
+} else {
+    echo "Cookie 'userData' non trouvé.";
+    header("Location: /account/login");
+}
+?>
+
+
 <!DOCTYPE html>
 <html lang="fr">
 
@@ -11,14 +34,27 @@
 
     <link rel="icon" type="image/png" sizes="32x32"
         href="https://tickets.paris2024.org/obj/media/FR-Paris2024/specialLogos/favicons/favicon-32x32.png" />
-    <script src="https://kit.fontawesome.com/f16a36bad3.js" crossorigin="anonymous"></script>
+    <script src="https://kit.fontawesome.com/f16a36bad3.js"
+        crossorigin="anonymous">if (!document.cookie.includes("userData")) { window.location.href = '/account/login'; }</script>
+
     <title>Mon profil | Jeux Olympiques - Paris 2024</title>
 </head>
 
 <body>
     <?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/header.php') ?>
 
-    <!-- code de la page ici -->
+    <h1>Mon profil :</h1>
+    <?php
+    echo "<p class='text'>Email : " . $userData['email'] . "</p>";
+    echo "<p class='text'>Prénom : " . $userData['name'] . "</p>";
+    echo "<p class='text'>Nom : " . $userData['familyName'] . "</p>";
+    echo "<p class='text'>Rôle : " . $userData['role'] . "</p>";
+
+
+    ?>
+    <form action="/tools/logout.php" method="post">
+        <button type="submit">Déconnexion</button>
+    </form>
 
     <?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/footer.php') ?>
 </body>
diff --git a/account/register/index.php b/account/register/index.php
index 106bf69..325d0e3 100644
--- a/account/register/index.php
+++ b/account/register/index.php
@@ -29,7 +29,7 @@
         <img src="https://cdn-icons-png.flaticon.com/512/4139/4139948.png" alt="Avatar">
         <h2>Créer un compte</h2>
         <p>Créez un nouveau compte afin d'accéder à l'entièreté du site.</p>
-        <form>
+        <form action="register/register.php" method="post">
             <div class="form-group">
                 <label for="name"><span style="color:red;"><abbr title="Requis">*</abbr></span> Prénom</label>
                 <input type="text" id="name" name="name" placeholder="Jean" required placeholder=" ">
@@ -50,7 +50,7 @@
 
             <div class="form-group">
                 <label for="code-role">Code rôle :</label>
-                <input type="text" id="code-role" name="code-role" placeholder="M25QP" placeholder=" ">
+                <input type="text" id="code-role" name="code-role" placeholder="A69DP" placeholder=" ">
             </div>
 
             <button type="submit" class="submit-button"><i class="fas fa-sign-in-alt"></i>
diff --git a/account/register/register.php b/account/register/register.php
index 0919ebd..fb1579d 100644
--- a/account/register/register.php
+++ b/account/register/register.php
@@ -1,5 +1,6 @@
 <?php
-require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');
+require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
+
 /* 
 - prénom, nom, mail, mdp, code rôle
 - vérifier que le mail n'existe pas déjà
@@ -8,40 +9,113 @@ require_once ($_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php');
 - enregistrer le nouvel utilisateur dans la bdd
 - créer un cookie avec mail, nom, prénom, rôle. Qui expire dans 1h
 */
-
-if ($_SERVER["REQUEST_METHOD"] == "POST") {
-    $name = htmlspecialchars($_POST["name"]);
-    $familyName = htmlspecialchars($_POST["family-name"]);
-    $email = htmlspecialchars($_POST["email"]);
-    $password = htmlspecialchars($_POST["password"]);
-    $codeRole = htmlspecialchars($_POST["code-role"]);
-}
-
-$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
-
-$query = "SELECT mail FROM user WHERE mail = '$email'";
-$result = mysqli_query($db, $query);
-
-if (!$result) {
-    die("Erreur lors de l'exécution de la requête.");
-}
-
-$row = mysqli_fetch_assoc($result);
-
-if ($row) {
-    die("Un utilisateur avec cette adresse mail existe déjà.");
-}
-
-if ($codeRole == "M25QP") {
-    $role = "admin";
-} else if ($codeRole == "TF53K") {
-    $role = "sportif";
-} else if ($codeRole == "VJC6V") {
-    $role = "organisateur";
-} else {
-    $role = "member";
-}
+?>
 
 
 
+<!DOCTYPE html>
+<html lang="fr">
+
+<head>
+    <meta charset="UTF-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <link rel="stylesheet" href="../../styles/main.css" />
+    <link rel="stylesheet" href="../../styles/header.css" />
+    <link rel="stylesheet" href="../../styles/footer.css" />
+    <link href="https://maxcdn.bootstrapcdn.com/bootstrap/4.5.2/css/bootstrap.min.css" rel="stylesheet" />
+
+    <link rel="icon" type="image/png" sizes="32x32"
+        href="https://tickets.paris2024.org/obj/media/FR-Paris2024/specialLogos/favicons/favicon-32x32.png" />
+    <script src="https://kit.fontawesome.com/f16a36bad3.js" crossorigin="anonymous"></script>
+    <title>Jeux Olympiques - Paris 2024</title>
+</head>
+
+<body>
+    <?php include ($_SERVER['DOCUMENT_ROOT'] . '/views/header.php');
+
+    if ($_SERVER["REQUEST_METHOD"] == "POST") {
+        $name = htmlspecialchars($_POST["name"]);
+        $familyName = htmlspecialchars($_POST["family_name"]);
+        $email = htmlspecialchars($_POST["email"]);
+        $password = htmlspecialchars($_POST["password"]);
+        $codeRole = htmlspecialchars($_POST["code-role"]);
+    }
+
+    $hashedPassword = sha1($password);
+
+    $query = "SELECT mail FROM user WHERE mail = '$email'";
+    $result = mysqli_query($db, $query);
+
+    if (!$result) {
+        die("Erreur lors de l'exécution de la requête.");
+    }
+
+    $row = mysqli_fetch_assoc($result);
+
+    if ($row) {
+        die("<p>Un utilisateur avec cette adresse mail existe déjà.</p>");
+    }
+
+    if ($codeRole == "M25QP") {
+        $role = "Administrateur";
+    } else if ($codeRole == "TF53K") {
+        $role = "Sportif";
+    } else if ($codeRole == "VJC6V") {
+        $role = "Organisateur";
+    } else {
+        $role = "Membre";
+    }
+
+
+
+
+
+    $addUser = "INSERT INTO `user`(`mail`, `name`, `family_name`, `role`, `password`) VALUES ('$email', '$name', '$familyName', '$role', '$hashedPassword')";
+
+
+    $resultAddUser = mysqli_query($db, $addUser);
+    if (!$resultAddUser) {
+        echo "<p class='text'>Erreur lors de l'exécution de la requête.</p>";
+    } else {
+        if (mysqli_affected_rows($db) > 0) {
+            echo "<p class='text'>Utilisateur créé avec succès. </p>";
+        } else {
+            echo "<p class='text'>Aucun utilisateur n\'a été ajouté.</p>";
+        }
+    }
+    echo "<p class='text'>Prénom : " . $name . "</p>";
+    echo "<p class='text'>Nom : " . $familyName . "</p>";
+    echo "<p class='text'>Adresse mail : " . $email . "</p>";
+    echo "<p class='text'>Mot de passe : " . $password . "</p>";
+    echo "<p class='text'>Mot de passe hashé : " . $hashedPassword . "</p>";
+    echo "<p class='text'>Rôle : " . $role . "</p>";
+
+
+    // Créer un tableau avec les données utilisateur
+    $userData = array(
+        "email" => $email,
+        "name" => $name,
+        "familyName" => $familyName,
+        "role" => $role,
+    );
+    // Sérialiser le tableau en JSON
+    $userDataEncoded = json_encode($userData);
+    // Stocker les données sérialisées dans un cookie
+    setcookie("userData", $userDataEncoded, time() + 3600, "/");
+
+    echo "<p class='text'>Cookie créé avec succès. Contenu du cookie :</p>";
+    echo "<p class='text'>" . $userDataEncoded . "</p>";
+
+    include ($_SERVER['DOCUMENT_ROOT'] . '/views/footer.php');
+    ?>
+
+
+</body>
+
+</html>
+
+<?php
+$newURL = "/account/profile";
+header("Location: " . $newURL);
+die();
 ?>
\ No newline at end of file
diff --git a/base.html b/base.html
index 05e09f9..0a90166 100644
--- a/base.html
+++ b/base.html
@@ -1,3 +1,19 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
+
+if (isset($_COOKIE['userData'])) {
+    $userDataEncoded = $_COOKIE['userData'];
+    $userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
+
+    $email = $userData['email'];
+    $name = $userData['name'];
+    $familyName = $userData['familyName'];
+    $role = $userData['role'];
+} else {
+    echo "Cookie 'userData' non trouvé.";
+}
+?>
+
 <!DOCTYPE html>
 <html lang="fr">
   <head>
@@ -25,7 +41,7 @@
   </head>
 
   <body>
-    <?php include($_SERVER['DOCUMENT_ROOT'].'/views/header.php')?>
+    <?php include?>
 
     <!-- code de la page ici -->
 
diff --git a/tools/logout.php b/tools/logout.php
new file mode 100644
index 0000000..0872951
--- /dev/null
+++ b/tools/logout.php
@@ -0,0 +1,36 @@
+<?php
+// Démarrage de la session pour accéder aux variables de session
+session_start();
+
+// Vérifier et détruire le cookie utilisateur
+if (isset($_COOKIE['userData'])) {
+    // Effacer la valeur du cookie
+    unset($_COOKIE['userData']);
+    // Demander au navigateur de supprimer le cookie
+    setcookie('userData', '', time() - 3600, '/');  // Définit l'expiration du cookie à une heure dans le passé
+}
+
+// Nettoyer toutes les données de session
+$_SESSION = array();  // Efface toutes les données stockées dans la session
+
+// Si vous voulez détruire complètement la session, supprimez également le cookie de session
+if (ini_get("session.use_cookies")) {
+    $params = session_get_cookie_params();
+    setcookie(
+        session_name(),
+        '',
+        time() - 42000,
+        $params["path"],
+        $params["domain"],
+        $params["secure"],
+        $params["httponly"]
+    );
+}
+
+// Finalement, détruire la session
+session_destroy();
+
+// Rediriger l'utilisateur vers la page de connexion ou la page d'accueil
+header("Location: /account/login");
+exit();  // Assurez-vous de terminer le script après la redirection
+?>
\ No newline at end of file
diff --git a/views/footer.php b/views/footer.php
index d41220a..bad09f0 100644
--- a/views/footer.php
+++ b/views/footer.php
@@ -1,4 +1,19 @@
-<!-- Site footer -->
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
+
+if (isset($_COOKIE['userData'])) {
+    $userDataEncoded = $_COOKIE['userData'];
+    $userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
+
+    $email = $userData['email'];
+    $name = $userData['name'];
+    $familyName = $userData['familyName'];
+    $role = $userData['role'];
+} else {
+    echo "Cookie 'userData' non trouvé.";
+}
+?>
+
 <footer class="site-footer">
     <div class="container">
         <div class="row">
@@ -23,6 +38,13 @@
                 <ul class="footer-links">
                     <li><a href="https://grond.iut-fbleau.fr/balocchi/SAE_web" target="_blank">Code source du site</a>
                     </li>
+                    <li>
+                        <?php if (isset($_COOKIE['userData'])) {
+                            echo "<a href='/account/profile'>Mon profil</a>";
+                        } else {
+                            echo "<a href='/account/login'>Connexion</a>";
+                        } ?>
+                    </li>
                 </ul>
             </div>
         </div>
diff --git a/views/header.php b/views/header.php
index 74ff40b..429e14b 100644
--- a/views/header.php
+++ b/views/header.php
@@ -1,3 +1,17 @@
+<?php
+require_once $_SERVER['DOCUMENT_ROOT'] . '/tools/dbConnect.php';
+
+if (isset($_COOKIE['userData'])) {
+    $userDataEncoded = $_COOKIE['userData'];
+    $userData = json_decode($userDataEncoded, true); // 'true' pour obtenir un tableau associatif
+
+    $email = $userData['email'];
+    $name = $userData['name'];
+    $familyName = $userData['familyName'];
+    $role = $userData['role'];
+}
+?>
+
 <nav class="menu-container">
     <!-- burger menu -->
     <input type="checkbox" aria-label="Toggle menu" />
@@ -21,9 +35,15 @@
         </ul>
         <ul>
             <li>
-                <a href="/account/login">
-                    Connexion
-                </a>
+                <?php
+                if (isset($_COOKIE['userData'])) {
+                    echo "<a href='/account/profile'>Mon profil</a>";
+                } else {
+                    echo "<a href='/account/login'>Connexion</a>";
+                }
+
+                ?>
+
                 <!-- script php qui vérifie le cookie. Si cookie, propose déconnexion, si pas cookie propose connexion -->
             </li>
         </ul>