forked from ghouar-t/SaeDEV2.2
sécurité
This commit is contained in:
parent
c526f65782
commit
c9d69f8df5
@ -1,40 +1,37 @@
|
|||||||
<html lang="fr" >
|
<!DOCTYPE html>
|
||||||
|
<html lang="fr">
|
||||||
<head>
|
<head>
|
||||||
<meta charset="utf-8">
|
<meta charset="utf-8">
|
||||||
<link rel="icon" href="../img/jo2024.jpg" >
|
<link rel="icon" href="../img/jo2024.jpg">
|
||||||
<link rel="stylesheet" href="../css/style.css">
|
<link rel="stylesheet" href="../css/style.css">
|
||||||
<title>Connexion - Jeux Olympiques</title>
|
<title>Connexion - Jeux Olympiques</title>
|
||||||
</head>
|
</head>
|
||||||
|
|
||||||
<body>
|
<body>
|
||||||
|
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
// Informations de connexion à la base de données
|
|
||||||
require_once 'common.php';
|
require_once 'common.php';
|
||||||
session_start();
|
session_start();
|
||||||
|
|
||||||
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||||
$db = initDatabase();
|
$db = initDatabase();
|
||||||
$login = $_POST['login'];
|
$login = htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8');
|
||||||
$password = $_POST['password'];
|
$password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
|
||||||
|
|
||||||
|
// Use prepared statements to prevent SQL injection
|
||||||
|
$stmt = $db->prepare("SELECT * FROM user WHERE login = ?");
|
||||||
|
$stmt->bind_param("s", $login);
|
||||||
|
$stmt->execute();
|
||||||
|
$result = $stmt->get_result();
|
||||||
|
|
||||||
|
if ($result->num_rows > 0) {
|
||||||
$result=mysqli_query($db,"SELECT * FROM user WHERE login = '$login' ");
|
$row = $result->fetch_assoc();
|
||||||
|
|
||||||
if (mysqli_num_rows($result) > 0) {
|
|
||||||
|
|
||||||
$row = mysqli_fetch_assoc($result);
|
|
||||||
$hash = $row['mdp'];
|
$hash = $row['mdp'];
|
||||||
$mail = $row['mail'];
|
$mail = $row['mail'];
|
||||||
$nom = $row['nom'];
|
$nom = $row['nom'];
|
||||||
$prenom = $row['prenom'];
|
$prenom = $row['prenom'];
|
||||||
$genre = $row['genre'];
|
$genre = $row['genre'];
|
||||||
$role = $row ['Role'];
|
$role = $row['Role'];
|
||||||
|
|
||||||
if (password_verify($password, $hash)) {
|
if (password_verify($password, $hash)) {
|
||||||
if ($login) {
|
|
||||||
$_SESSION['login'] = $login;
|
$_SESSION['login'] = $login;
|
||||||
$_SESSION['mail'] = $mail;
|
$_SESSION['mail'] = $mail;
|
||||||
$_SESSION['nom'] = $nom;
|
$_SESSION['nom'] = $nom;
|
||||||
@ -44,56 +41,36 @@ if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
|||||||
|
|
||||||
header('Location: ../index.php');
|
header('Location: ../index.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$error_verif2 = "Mot de passe incorrect";
|
$error_verif2 = "Mot de passe incorrect";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$error_verif = "Ce login n'existe pas";
|
$error_verif = "Ce login n'existe pas";
|
||||||
|
}
|
||||||
|
$stmt->close();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
// Récupération des données du formulaire
|
|
||||||
|
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
<header>
|
||||||
|
<h1 class='Hello'>Page de connexion</h1>
|
||||||
|
|
||||||
|
|
||||||
<header>
|
|
||||||
<h1 class='Hello'> Page de connexion </h1>
|
|
||||||
<nav>
|
<nav>
|
||||||
<a href="../" class="categorie">Page d'accueil</a>
|
<a href="../" class="categorie">Page d'accueil</a>
|
||||||
</nav>
|
</nav>
|
||||||
</header>
|
</header>
|
||||||
|
<div class="connexion">
|
||||||
<div class="connexion">
|
|
||||||
|
|
||||||
<u><i><h2>Connexion</h2></i></u><br>
|
<u><i><h2>Connexion</h2></i></u><br>
|
||||||
|
<form action="" method="post">
|
||||||
<form action="" method="post">
|
|
||||||
<label for="login">Login :</label><br>
|
<label for="login">Login :</label><br>
|
||||||
<input type="text" id="login" name="login" required value="<?php if (isset($_REQUEST['login'])) { echo $_REQUEST['login']; } ?>"><br>
|
<input type="text" id="login" name="login" required value="<?php if (isset($_POST['login'])) { echo htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
||||||
<?php if (isset($error_verif)) {echo "<div class='error-message'>$error_verif</div>";} ?>
|
<?php if (isset($error_verif)) { echo "<div class='error-message'>$error_verif</div>"; } ?>
|
||||||
<br><br><label for="password">Mot de passe :</label><br>
|
<br><br><label for="password">Mot de passe :</label><br>
|
||||||
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_REQUEST['password'])) { echo $_REQUEST['password']; } ?>"><br>
|
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_POST['password'])) { echo htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
||||||
<?php if (isset($error_verif2)) {echo "<div class='error-message'>$error_verif2</div>";} ?>
|
<?php if (isset($error_verif2)) { echo "<div class='error-message'>$error_verif2</div>"; } ?>
|
||||||
<br><br><button type="submit" class="submit">Se connecter </button>
|
<br><br><button type="submit" class="submit">Se connecter</button>
|
||||||
</form>
|
</form>
|
||||||
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
|
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
|
||||||
|
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
|
||||||
<footer>
|
<footer>
|
||||||
<?php require_once('footer.php'); ?>
|
<?php require_once('footer.php'); ?>
|
||||||
</footer>
|
</footer>
|
||||||
|
|
||||||
|
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
@ -4,46 +4,81 @@ session_start();
|
|||||||
|
|
||||||
$db = initDatabase();
|
$db = initDatabase();
|
||||||
|
|
||||||
if (empty($_REQUEST['id_article'])) {
|
if (empty($_REQUEST['id_event'])) {
|
||||||
header('Location: evenement.php');
|
header('Location: evenement.php');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
if (!empty($_GET['tit']) && !empty($_GET['content'])) {
|
|
||||||
$title = $_GET['title'];
|
if (!empty($_GET['content'])) {
|
||||||
$content = htmlspecialchars($_GET['content']);
|
$content = htmlspecialchars($_GET['content'], ENT_QUOTES, 'UTF-8');
|
||||||
if (empty($_GET['id_comment'])) { // nouveau ou modif ?
|
$id_event = intval($_GET['id_event']); // Ensure id_event is an integer
|
||||||
$sql = "INSERT INTO comment (id_article, title, content, id_user) "
|
$login = $_SESSION['login']; // Assuming login is a string
|
||||||
."VALUES (".$_GET['id_article'].", '$title', '$content', ".$_SESSION['user']['id'].")";
|
|
||||||
} else {
|
if (empty($_GET['id_comment'])) { // new comment
|
||||||
$sql = "UPDATE comment SET title='$title', content='$content', id_user=". $_SESSION['user']['id']
|
// Use prepared statements for security
|
||||||
." WHERE id = " . $_GET['id_comment'];
|
$recupid = mysqli_query($db, "SELECT MAX(id_comment) AS max_id FROM commentaire");
|
||||||
|
$row = mysqli_fetch_assoc($recupid);
|
||||||
|
$id = $row['max_id'] + 1;
|
||||||
|
$stmt = $db->prepare("INSERT INTO commentaire (id_comment, id_event, login, contenu) VALUES ($id,?, ?, ?)");
|
||||||
|
$stmt->bind_param('iss', $id_event, $login, $content);
|
||||||
|
} else { // update existing comment
|
||||||
|
$id_comment = intval($_GET['id_comment']); // Ensure id_comment is an integer
|
||||||
|
$stmt = $db->prepare("UPDATE commentaire SET contenu = ?, login = ? WHERE id_comment = ?");
|
||||||
|
$stmt->bind_param('ssi', $content, $login, $id_comment);
|
||||||
}
|
}
|
||||||
if (mysqli_query($db,$sql)) {
|
|
||||||
header('Location: article_view.php?id=' . $_GET['id_article']);
|
if ($stmt->execute()) {
|
||||||
|
header('Location: event.php?id=' . $id_event);
|
||||||
exit();
|
exit();
|
||||||
} else {
|
} else {
|
||||||
die("Erreur : $sql");
|
// Output SQL error for debugging
|
||||||
|
echo "Error: " . $stmt->error;
|
||||||
}
|
}
|
||||||
|
$stmt->close();
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
<?php
|
<!DOCTYPE html>
|
||||||
include './templates/header.php';
|
<html>
|
||||||
?>
|
<head>
|
||||||
<body container>
|
<meta charset="utf-8">
|
||||||
|
<link rel="icon" href="../img/jo2024.jpg">
|
||||||
|
<link rel="stylesheet" href="../css/style.css">
|
||||||
|
<title>Évènements - Jeux Olympiques</title>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
<header>
|
||||||
|
<h1 class='Hello'>Évènement</h1>
|
||||||
|
<nav>
|
||||||
|
<?php
|
||||||
|
if (isset($_SESSION['login'])) {
|
||||||
|
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
||||||
|
echo "<a href='profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
|
||||||
|
echo "<a href='deconnexion.php' class='categorie'>Déconnexion</a>";
|
||||||
|
} else {
|
||||||
|
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
||||||
|
echo "<a href='connexion.php' class='categorie'>Connexion</a>";
|
||||||
|
echo "<a href='inscription.php' class='categorie'>Inscription</a>";
|
||||||
|
}
|
||||||
|
?>
|
||||||
|
</nav>
|
||||||
|
</header>
|
||||||
|
<div class="commentaire">
|
||||||
|
|
||||||
<h1>Ajouter/modifier un commentaire</h1>
|
<u><i><h1>Ajouter/modifier un commentaire</h1></i></u>
|
||||||
<form action="" method="get">
|
<form action="" method="get">
|
||||||
<fieldset>
|
|
||||||
<?php if (!empty($_REQUEST['id_comment'])) {
|
<?php if (!empty($_GET['id_comment'])): ?>
|
||||||
echo '<input name="id_comment" type="hidden" value="' . $_REQUEST['id_comment'] ."\" />\n";
|
<input name="id_comment" type="hidden" value="<?php echo htmlspecialchars($_GET['id_comment'], ENT_QUOTES, 'UTF-8'); ?>" />
|
||||||
} ?>
|
<?php endif; ?>
|
||||||
<input name="id_article" type="hidden" value="<?php echo $_REQUEST['id_article']; ?>" />
|
<input name="id_event" type="hidden" value="<?php echo htmlspecialchars($_GET['id_event'], ENT_QUOTES, 'UTF-8'); ?>" />
|
||||||
<div> <label> Texte <textarea name="content" cols="60" rows="6"></textarea></label></div>
|
|
||||||
|
<label>Commentaire<textarea name="content" cols="50" rows="6"></textarea></label>
|
||||||
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
|
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
|
||||||
</fieldset>
|
|
||||||
</form>
|
</form>
|
||||||
<?php
|
</div>
|
||||||
include './templates/footer.php';
|
<footer>
|
||||||
?>
|
<?php include 'footer.php'; ?>
|
||||||
|
</footer>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
@ -76,13 +76,7 @@ $event = mysqli_stmt_get_result($stmt);
|
|||||||
?>
|
?>
|
||||||
</nav>
|
</nav>
|
||||||
</header>
|
</header>
|
||||||
<?php
|
|
||||||
if (isset($_SESSION['role'])) {
|
|
||||||
if ($_SESSION['role']=='organizer') {
|
|
||||||
echo "<a href='creer_event.php' class='categorie'>Connexion</a>";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
|
|
||||||
<div class="ListeEvenement">
|
<div class="ListeEvenement">
|
||||||
<div>
|
<div>
|
||||||
@ -114,6 +108,13 @@ if (isset($_SESSION['role'])) {
|
|||||||
?>
|
?>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
<?php
|
||||||
|
if (isset($_SESSION['role'])) {
|
||||||
|
if ($_SESSION['role']=='organizer') {
|
||||||
|
echo "<a href='creer_event.php' class='categorie'>Créer un évènement</a>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
?>
|
||||||
</div>
|
</div>
|
||||||
<footer>
|
<footer>
|
||||||
<?php require_once('footer.php'); ?>
|
<?php require_once('footer.php'); ?>
|
||||||
|
59
php/index.php
Normal file
59
php/index.php
Normal file
@ -0,0 +1,59 @@
|
|||||||
|
<?php
|
||||||
|
session_start();
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
|
<html lang="fr" >
|
||||||
|
<head>
|
||||||
|
|
||||||
|
<meta charset="utf-8">
|
||||||
|
<link rel="icon" href="img/jo2024.jpg" >
|
||||||
|
<link rel="stylesheet" href="css/style.css">
|
||||||
|
<title> Accueil - Jeux Olympiques</title>
|
||||||
|
</head>
|
||||||
|
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="content index">
|
||||||
|
<header>
|
||||||
|
<?php
|
||||||
|
if (isset($_SESSION['login'])) {
|
||||||
|
if ($_SESSION['genre']=='homme') {
|
||||||
|
echo "<h1 class='Hello'>Bienvenue Mr ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||||
|
}
|
||||||
|
if ($_SESSION['genre']=='femme') {
|
||||||
|
echo "<h1 class='Hello'>Bienvenue Mme ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||||
|
}
|
||||||
|
if($_SESSION['genre']=='autre') {
|
||||||
|
echo "<h1 class='Hello'>Bienvenue ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||||
|
}
|
||||||
|
echo "<nav>";
|
||||||
|
|
||||||
|
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
|
||||||
|
echo "<a href='php/profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
|
||||||
|
echo "<a href='php/deconnexion.php' class='categorie'>Déconnexion</a>";
|
||||||
|
echo "</nav>";
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
echo "<h1 class='Hello'>Bienvenue sur le site des JO ! </h1>";
|
||||||
|
echo "<nav>";
|
||||||
|
|
||||||
|
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
|
||||||
|
echo "<a href='php/connexion.php' class='categorie'>Connexion</a>";
|
||||||
|
echo "<a href='php/inscription.php' class='categorie'>Inscription</a>";
|
||||||
|
echo "</nav>";
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
</header>
|
||||||
|
<p class="coco"><b>Les Jeux Olympiques de Paris 2024 seront le plus grand événement jamais organisé en France. Ils se tiendront du 26 juillet au 11 août 2024, durant 16 jours hors du temps pendant lesquels Paris 2024 sera le cœur du monde. Les Jeux, c’est du sport, mais tellement plus encore… Une combinaison de rendez-vous culturels, de programmation artistique, et de performances diverses qui créent une expérience unique en son genre. Les Jeux, c’est un festival populaire et multiculturel qui s’adresse au monde entier. C’est une aventure qui va embarquer la France entière pour une expérience inédite.</b></p>
|
||||||
|
|
||||||
|
</div>
|
||||||
|
|
||||||
|
<footer>
|
||||||
|
<?php require_once('php/footer.php'); ?>
|
||||||
|
</footer>
|
||||||
|
</body>
|
||||||
|
</html>
|
Loading…
Reference in New Issue
Block a user