ghouar-t/SaeDEV2.2
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sécurité

Browse Source
This commit is contained in:
Alexis HADJEM--BRANCHER 2024-06-16 17:25:25 +02:00
parent c526f65782
commit c9d69f8df5
4 changed files with 183 additions and 111 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

105
php/connexion.php
View File

@ -1,99 +1,76 @@
<html lang="fr" > <!DOCTYPE html>
<html lang="fr">
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<link rel="icon" href="../img/jo2024.jpg" > <link rel="icon" href="../img/jo2024.jpg">
<link rel="stylesheet" href="../css/style.css"> <link rel="stylesheet" href="../css/style.css">
<title>Connexion - Jeux Olympiques</title> <title>Connexion - Jeux Olympiques</title>
</head> </head>
<body> <body>
<?php <?php
// Informations de connexion à la base de données
require_once 'common.php'; require_once 'common.php';
session_start(); session_start();
if (!empty($_POST['login']) && !empty($_POST['password'])) { if (!empty($_POST['login']) && !empty($_POST['password'])) {
$db = initDatabase(); $db = initDatabase();
$login = $_POST['login']; $login = htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8');
$password = $_POST['password']; $password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
// Use prepared statements to prevent SQL injection
$stmt = $db->prepare("SELECT * FROM user WHERE login = ?");
$stmt->bind_param("s", $login);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
$result=mysqli_query($db,"SELECT * FROM user WHERE login = '$login' "); $row = $result->fetch_assoc();
if (mysqli_num_rows($result) > 0) {
$row = mysqli_fetch_assoc($result);
$hash = $row['mdp']; $hash = $row['mdp'];
$mail = $row['mail']; $mail = $row['mail'];
$nom = $row['nom']; $nom = $row['nom'];
$prenom = $row['prenom']; $prenom = $row['prenom'];
$genre = $row['genre']; $genre = $row['genre'];
$role = $row ['Role']; $role = $row['Role'];
if (password_verify($password, $hash)) { if (password_verify($password, $hash)) {
if ($login) { $_SESSION['login'] = $login;
$_SESSION['login'] = $login; $_SESSION['mail'] = $mail;
$_SESSION['mail'] = $mail; $_SESSION['nom'] = $nom;
$_SESSION['nom'] = $nom; $_SESSION['prenom'] = $prenom;
$_SESSION['prenom'] = $prenom; $_SESSION['genre'] = $genre;
$_SESSION['genre'] = $genre; $_SESSION['role'] = $role;
$_SESSION['role'] = $role;
header('Location: ../index.php');
exit();
}
header('Location: ../index.php');
exit();
} else { } else {
$error_verif2 = "Mot de passe incorrect"; $error_verif2 = "Mot de passe incorrect";
} }
} else { } else {
$error_verif = "Ce login n'existe pas"; $error_verif = "Ce login n'existe pas";
}
$stmt->close();
} }
}
// Récupération des données du formulaire
?> ?>
<header>
<h1 class='Hello'>Page de connexion</h1>
<nav>
<a href="../" class="categorie">Page d'accueil</a>
<header> </nav>
<h1 class='Hello'> Page de connexion </h1> </header>
<nav> <div class="connexion">
<a href="../" class="categorie">Page d'accueil</a> <u><i><h2>Connexion</h2></i></u><br>
</nav> <form action="" method="post">
</header> <label for="login">Login :</label><br>
<input type="text" id="login" name="login" required value="<?php if (isset($_POST['login'])) { echo htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
<div class="connexion"> <?php if (isset($error_verif)) { echo "<div class='error-message'>$error_verif</div>"; } ?>
<br><br><label for="password">Mot de passe :</label><br>
<u><i><h2>Connexion</h2></i></u><br> <input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_POST['password'])) { echo htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
<?php if (isset($error_verif2)) { echo "<div class='error-message'>$error_verif2</div>"; } ?>
<form action="" method="post"> <br><br><button type="submit" class="submit">Se connecter</button>
<label for="login">Login :</label><br>
<input type="text" id="login" name="login" required value="<?php if (isset($_REQUEST['login'])) { echo $_REQUEST['login']; } ?>"><br>
<?php if (isset($error_verif)) {echo "<div class='error-message'>$error_verif</div>";} ?>
<br><br><label for="password">Mot de passe :</label><br>
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_REQUEST['password'])) { echo $_REQUEST['password']; } ?>"><br>
<?php if (isset($error_verif2)) {echo "<div class='error-message'>$error_verif2</div>";} ?>
<br><br><button type="submit" class="submit">Se connecter </button>
</form> </form>
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p> <p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
</div> </div>
<footer> <footer>
<?php require_once('footer.php'); ?> <?php require_once('footer.php'); ?>
</footer> </footer>
</body> </body>
</html> </html>

111
php/créer_commentaire.php
View File

@ -4,46 +4,81 @@ session_start();
$db = initDatabase(); $db = initDatabase();
if (empty($_REQUEST['id_article'])) { if (empty($_REQUEST['id_event'])) {
header('Location: evenement.php'); header('Location: evenement.php');
exit(); exit();
} }
if (!empty($_GET['tit']) && !empty($_GET['content'])) {
$title = $_GET['title'];
$content = htmlspecialchars($_GET['content']);
if (empty($_GET['id_comment'])) { // nouveau ou modif ?
$sql = "INSERT INTO comment (id_article, title, content, id_user) "
."VALUES (".$_GET['id_article'].", '$title', '$content', ".$_SESSION['user']['id'].")";
} else {
$sql = "UPDATE comment SET title='$title', content='$content', id_user=". $_SESSION['user']['id']
." WHERE id = " . $_GET['id_comment'];
}
if (mysqli_query($db,$sql)) {
header('Location: article_view.php?id=' . $_GET['id_article']);
exit();
} else {
die("Erreur : $sql");
}
}
?>
<?php
include './templates/header.php';
?>
<body container>
<h1>Ajouter/modifier un commentaire</h1> if (!empty($_GET['content'])) {
<form action="" method="get"> $content = htmlspecialchars($_GET['content'], ENT_QUOTES, 'UTF-8');
<fieldset> $id_event = intval($_GET['id_event']); // Ensure id_event is an integer
<?php if (!empty($_REQUEST['id_comment'])) { $login = $_SESSION['login']; // Assuming login is a string
echo '<input name="id_comment" type="hidden" value="' . $_REQUEST['id_comment'] ."\" />\n";
} ?> if (empty($_GET['id_comment'])) { // new comment
<input name="id_article" type="hidden" value="<?php echo $_REQUEST['id_article']; ?>" /> // Use prepared statements for security
<div> <label> Texte <textarea name="content" cols="60" rows="6"></textarea></label></div> $recupid = mysqli_query($db, "SELECT MAX(id_comment) AS max_id FROM commentaire");
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button> $row = mysqli_fetch_assoc($recupid);
</fieldset> $id = $row['max_id'] + 1;
</form> $stmt = $db->prepare("INSERT INTO commentaire (id_comment, id_event, login, contenu) VALUES ($id,?, ?, ?)");
<?php $stmt->bind_param('iss', $id_event, $login, $content);
include './templates/footer.php'; } else { // update existing comment
$id_comment = intval($_GET['id_comment']); // Ensure id_comment is an integer
$stmt = $db->prepare("UPDATE commentaire SET contenu = ?, login = ? WHERE id_comment = ?");
$stmt->bind_param('ssi', $content, $login, $id_comment);
}
if ($stmt->execute()) {
header('Location: event.php?id=' . $id_event);
exit();
} else {
// Output SQL error for debugging
echo "Error: " . $stmt->error;
}
$stmt->close();
}
?> ?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<link rel="icon" href="../img/jo2024.jpg">
<link rel="stylesheet" href="../css/style.css">
<title>Évènements - Jeux Olympiques</title>
</head>
<body>
<header>
<h1 class='Hello'>Évènement</h1>
<nav>
<?php
if (isset($_SESSION['login'])) {
echo "<a href='../' class='categorie'>Page d'accueil</a>";
echo "<a href='profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
echo "<a href='deconnexion.php' class='categorie'>Déconnexion</a>";
} else {
echo "<a href='../' class='categorie'>Page d'accueil</a>";
echo "<a href='connexion.php' class='categorie'>Connexion</a>";
echo "<a href='inscription.php' class='categorie'>Inscription</a>";
}
?>
</nav>
</header>
<div class="commentaire">
<u><i><h1>Ajouter/modifier un commentaire</h1></i></u>
<form action="" method="get">
<?php if (!empty($_GET['id_comment'])): ?>
<input name="id_comment" type="hidden" value="<?php echo htmlspecialchars($_GET['id_comment'], ENT_QUOTES, 'UTF-8'); ?>" />
<?php endif; ?>
<input name="id_event" type="hidden" value="<?php echo htmlspecialchars($_GET['id_event'], ENT_QUOTES, 'UTF-8'); ?>" />
<label>Commentaire<textarea name="content" cols="50" rows="6"></textarea></label>
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
</form>
</div>
<footer>
<?php include 'footer.php'; ?>
</footer>
</body> </body>
</html> </html>

15
php/evenement.php
View File

@ -76,13 +76,7 @@ $event = mysqli_stmt_get_result($stmt);
?> ?>
</nav> </nav>
</header> </header>
<?php
if (isset($_SESSION['role'])) {
if ($_SESSION['role']=='organizer') {
echo "<a href='creer_event.php' class='categorie'>Connexion</a>";
}
}
?>
<div class="ListeEvenement"> <div class="ListeEvenement">
<div> <div>
@ -114,6 +108,13 @@ if (isset($_SESSION['role'])) {
?> ?>
</tbody> </tbody>
</table> </table>
<?php
if (isset($_SESSION['role'])) {
if ($_SESSION['role']=='organizer') {
echo "<a href='creer_event.php' class='categorie'>Créer un évènement</a>";
}
}
?>
</div> </div>
<footer> <footer>
<?php require_once('footer.php'); ?> <?php require_once('footer.php'); ?>

59
php/index.php Normal file
View File

@ -0,0 +1,59 @@
<?php
session_start();
?>
<html lang="fr" >
<head>
<meta charset="utf-8">
<link rel="icon" href="img/jo2024.jpg" >
<link rel="stylesheet" href="css/style.css">
<title> Accueil - Jeux Olympiques</title>
</head>
<body>
<div id="content index">
<header>
<?php
if (isset($_SESSION['login'])) {
if ($_SESSION['genre']=='homme') {
echo "<h1 class='Hello'>Bienvenue Mr ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
}
if ($_SESSION['genre']=='femme') {
echo "<h1 class='Hello'>Bienvenue Mme ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
}
if($_SESSION['genre']=='autre') {
echo "<h1 class='Hello'>Bienvenue ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
}
echo "<nav>";
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
echo "<a href='php/profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
echo "<a href='php/deconnexion.php' class='categorie'>Déconnexion</a>";
echo "</nav>";
}
else {
echo "<h1 class='Hello'>Bienvenue sur le site des JO ! </h1>";
echo "<nav>";
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
echo "<a href='php/connexion.php' class='categorie'>Connexion</a>";
echo "<a href='php/inscription.php' class='categorie'>Inscription</a>";
echo "</nav>";
}
?>
</header>
<p class="coco"><b>Les Jeux Olympiques de Paris 2024 seront le plus grand événement jamais organisé en France. Ils se tiendront du 26 juillet au 11 août 2024, durant 16 jours hors du temps pendant lesquels Paris 2024 sera le cœur du monde. Les Jeux, cest du sport, mais tellement plus encore… Une combinaison de rendez-vous culturels, de programmation artistique, et de performances diverses qui créent une expérience unique en son genre. Les Jeux, cest un festival populaire et multiculturel qui sadresse au monde entier. Cest une aventure qui va embarquer la France entière pour une expérience inédite.</b></p>
</div>
<footer>
<?php require_once('php/footer.php'); ?>
</footer>
</body>
</html>