forked from ghouar-t/SaeDEV2.2
sécurité
This commit is contained in:
parent
c526f65782
commit
c9d69f8df5
@ -1,3 +1,4 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
@ -5,27 +6,24 @@
|
||||
<link rel="stylesheet" href="../css/style.css">
|
||||
<title>Connexion - Jeux Olympiques</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
|
||||
<?php
|
||||
|
||||
// Informations de connexion à la base de données
|
||||
require_once 'common.php';
|
||||
session_start();
|
||||
|
||||
if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
$db = initDatabase();
|
||||
$login = $_POST['login'];
|
||||
$password = $_POST['password'];
|
||||
$login = htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8');
|
||||
$password = htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8');
|
||||
|
||||
// Use prepared statements to prevent SQL injection
|
||||
$stmt = $db->prepare("SELECT * FROM user WHERE login = ?");
|
||||
$stmt->bind_param("s", $login);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
|
||||
$result=mysqli_query($db,"SELECT * FROM user WHERE login = '$login' ");
|
||||
|
||||
if (mysqli_num_rows($result) > 0) {
|
||||
|
||||
$row = mysqli_fetch_assoc($result);
|
||||
if ($result->num_rows > 0) {
|
||||
$row = $result->fetch_assoc();
|
||||
$hash = $row['mdp'];
|
||||
$mail = $row['mail'];
|
||||
$nom = $row['nom'];
|
||||
@ -34,7 +32,6 @@ if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
$role = $row['Role'];
|
||||
|
||||
if (password_verify($password, $hash)) {
|
||||
if ($login) {
|
||||
$_SESSION['login'] = $login;
|
||||
$_SESSION['mail'] = $mail;
|
||||
$_SESSION['nom'] = $nom;
|
||||
@ -44,56 +41,36 @@ if (!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
|
||||
header('Location: ../index.php');
|
||||
exit();
|
||||
}
|
||||
|
||||
|
||||
} else {
|
||||
$error_verif2 = "Mot de passe incorrect";
|
||||
}
|
||||
} else {
|
||||
$error_verif = "Ce login n'existe pas";
|
||||
}
|
||||
|
||||
|
||||
$stmt->close();
|
||||
}
|
||||
|
||||
// Récupération des données du formulaire
|
||||
|
||||
|
||||
?>
|
||||
|
||||
|
||||
|
||||
|
||||
<header>
|
||||
<h1 class='Hello'>Page de connexion</h1>
|
||||
<nav>
|
||||
<a href="../" class="categorie">Page d'accueil</a>
|
||||
</nav>
|
||||
</header>
|
||||
|
||||
<div class="connexion">
|
||||
|
||||
<u><i><h2>Connexion</h2></i></u><br>
|
||||
|
||||
<form action="" method="post">
|
||||
<label for="login">Login :</label><br>
|
||||
<input type="text" id="login" name="login" required value="<?php if (isset($_REQUEST['login'])) { echo $_REQUEST['login']; } ?>"><br>
|
||||
<input type="text" id="login" name="login" required value="<?php if (isset($_POST['login'])) { echo htmlspecialchars($_POST['login'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
||||
<?php if (isset($error_verif)) { echo "<div class='error-message'>$error_verif</div>"; } ?>
|
||||
<br><br><label for="password">Mot de passe :</label><br>
|
||||
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_REQUEST['password'])) { echo $_REQUEST['password']; } ?>"><br>
|
||||
<input type="password" id="password" name="password" required placeholder="••••••••" value="<?php if (isset($_POST['password'])) { echo htmlspecialchars($_POST['password'], ENT_QUOTES, 'UTF-8'); } ?>"><br>
|
||||
<?php if (isset($error_verif2)) { echo "<div class='error-message'>$error_verif2</div>"; } ?>
|
||||
<br><br><button type="submit" class="submit">Se connecter</button>
|
||||
</form>
|
||||
<p class="compteUser">Vous ne possédez pas de compte ? <br><a href="inscription.php">Inscrivez-vous !</a></p>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<footer>
|
||||
<?php require_once('footer.php'); ?>
|
||||
</footer>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
@ -4,46 +4,81 @@ session_start();
|
||||
|
||||
$db = initDatabase();
|
||||
|
||||
if (empty($_REQUEST['id_article'])) {
|
||||
if (empty($_REQUEST['id_event'])) {
|
||||
header('Location: evenement.php');
|
||||
exit();
|
||||
}
|
||||
if (!empty($_GET['tit']) && !empty($_GET['content'])) {
|
||||
$title = $_GET['title'];
|
||||
$content = htmlspecialchars($_GET['content']);
|
||||
if (empty($_GET['id_comment'])) { // nouveau ou modif ?
|
||||
$sql = "INSERT INTO comment (id_article, title, content, id_user) "
|
||||
."VALUES (".$_GET['id_article'].", '$title', '$content', ".$_SESSION['user']['id'].")";
|
||||
} else {
|
||||
$sql = "UPDATE comment SET title='$title', content='$content', id_user=". $_SESSION['user']['id']
|
||||
." WHERE id = " . $_GET['id_comment'];
|
||||
|
||||
if (!empty($_GET['content'])) {
|
||||
$content = htmlspecialchars($_GET['content'], ENT_QUOTES, 'UTF-8');
|
||||
$id_event = intval($_GET['id_event']); // Ensure id_event is an integer
|
||||
$login = $_SESSION['login']; // Assuming login is a string
|
||||
|
||||
if (empty($_GET['id_comment'])) { // new comment
|
||||
// Use prepared statements for security
|
||||
$recupid = mysqli_query($db, "SELECT MAX(id_comment) AS max_id FROM commentaire");
|
||||
$row = mysqli_fetch_assoc($recupid);
|
||||
$id = $row['max_id'] + 1;
|
||||
$stmt = $db->prepare("INSERT INTO commentaire (id_comment, id_event, login, contenu) VALUES ($id,?, ?, ?)");
|
||||
$stmt->bind_param('iss', $id_event, $login, $content);
|
||||
} else { // update existing comment
|
||||
$id_comment = intval($_GET['id_comment']); // Ensure id_comment is an integer
|
||||
$stmt = $db->prepare("UPDATE commentaire SET contenu = ?, login = ? WHERE id_comment = ?");
|
||||
$stmt->bind_param('ssi', $content, $login, $id_comment);
|
||||
}
|
||||
if (mysqli_query($db,$sql)) {
|
||||
header('Location: article_view.php?id=' . $_GET['id_article']);
|
||||
|
||||
if ($stmt->execute()) {
|
||||
header('Location: event.php?id=' . $id_event);
|
||||
exit();
|
||||
} else {
|
||||
die("Erreur : $sql");
|
||||
// Output SQL error for debugging
|
||||
echo "Error: " . $stmt->error;
|
||||
}
|
||||
$stmt->close();
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<link rel="icon" href="../img/jo2024.jpg">
|
||||
<link rel="stylesheet" href="../css/style.css">
|
||||
<title>Évènements - Jeux Olympiques</title>
|
||||
</head>
|
||||
<body>
|
||||
<header>
|
||||
<h1 class='Hello'>Évènement</h1>
|
||||
<nav>
|
||||
<?php
|
||||
include './templates/header.php';
|
||||
if (isset($_SESSION['login'])) {
|
||||
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
||||
echo "<a href='profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
|
||||
echo "<a href='deconnexion.php' class='categorie'>Déconnexion</a>";
|
||||
} else {
|
||||
echo "<a href='../' class='categorie'>Page d'accueil</a>";
|
||||
echo "<a href='connexion.php' class='categorie'>Connexion</a>";
|
||||
echo "<a href='inscription.php' class='categorie'>Inscription</a>";
|
||||
}
|
||||
?>
|
||||
<body container>
|
||||
</nav>
|
||||
</header>
|
||||
<div class="commentaire">
|
||||
|
||||
<h1>Ajouter/modifier un commentaire</h1>
|
||||
<u><i><h1>Ajouter/modifier un commentaire</h1></i></u>
|
||||
<form action="" method="get">
|
||||
<fieldset>
|
||||
<?php if (!empty($_REQUEST['id_comment'])) {
|
||||
echo '<input name="id_comment" type="hidden" value="' . $_REQUEST['id_comment'] ."\" />\n";
|
||||
} ?>
|
||||
<input name="id_article" type="hidden" value="<?php echo $_REQUEST['id_article']; ?>" />
|
||||
<div> <label> Texte <textarea name="content" cols="60" rows="6"></textarea></label></div>
|
||||
|
||||
<?php if (!empty($_GET['id_comment'])): ?>
|
||||
<input name="id_comment" type="hidden" value="<?php echo htmlspecialchars($_GET['id_comment'], ENT_QUOTES, 'UTF-8'); ?>" />
|
||||
<?php endif; ?>
|
||||
<input name="id_event" type="hidden" value="<?php echo htmlspecialchars($_GET['id_event'], ENT_QUOTES, 'UTF-8'); ?>" />
|
||||
|
||||
<label>Commentaire<textarea name="content" cols="50" rows="6"></textarea></label>
|
||||
<button type="submit" name="ok" value="1">Ajouter ce commentaire</button>
|
||||
</fieldset>
|
||||
|
||||
</form>
|
||||
<?php
|
||||
include './templates/footer.php';
|
||||
?>
|
||||
</div>
|
||||
<footer>
|
||||
<?php include 'footer.php'; ?>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
@ -76,13 +76,7 @@ $event = mysqli_stmt_get_result($stmt);
|
||||
?>
|
||||
</nav>
|
||||
</header>
|
||||
<?php
|
||||
if (isset($_SESSION['role'])) {
|
||||
if ($_SESSION['role']=='organizer') {
|
||||
echo "<a href='creer_event.php' class='categorie'>Connexion</a>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<div class="ListeEvenement">
|
||||
<div>
|
||||
@ -114,6 +108,13 @@ if (isset($_SESSION['role'])) {
|
||||
?>
|
||||
</tbody>
|
||||
</table>
|
||||
<?php
|
||||
if (isset($_SESSION['role'])) {
|
||||
if ($_SESSION['role']=='organizer') {
|
||||
echo "<a href='creer_event.php' class='categorie'>Créer un évènement</a>";
|
||||
}
|
||||
}
|
||||
?>
|
||||
</div>
|
||||
<footer>
|
||||
<?php require_once('footer.php'); ?>
|
||||
|
59
php/index.php
Normal file
59
php/index.php
Normal file
@ -0,0 +1,59 @@
|
||||
<?php
|
||||
session_start();
|
||||
?>
|
||||
|
||||
|
||||
<html lang="fr" >
|
||||
<head>
|
||||
|
||||
<meta charset="utf-8">
|
||||
<link rel="icon" href="img/jo2024.jpg" >
|
||||
<link rel="stylesheet" href="css/style.css">
|
||||
<title> Accueil - Jeux Olympiques</title>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
||||
<div id="content index">
|
||||
<header>
|
||||
<?php
|
||||
if (isset($_SESSION['login'])) {
|
||||
if ($_SESSION['genre']=='homme') {
|
||||
echo "<h1 class='Hello'>Bienvenue Mr ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||
}
|
||||
if ($_SESSION['genre']=='femme') {
|
||||
echo "<h1 class='Hello'>Bienvenue Mme ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||
}
|
||||
if($_SESSION['genre']=='autre') {
|
||||
echo "<h1 class='Hello'>Bienvenue ". $_SESSION['nom']." ".$_SESSION['prenom']." sur le site des JO !</h1>";
|
||||
}
|
||||
echo "<nav>";
|
||||
|
||||
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
|
||||
echo "<a href='php/profil.php'><img class='profil' src='https://dwarves.iut-fbleau.fr/~ghouar-t/SaeDEV2.2/img/photo-profil.png' alt='profil'></a>";
|
||||
echo "<a href='php/deconnexion.php' class='categorie'>Déconnexion</a>";
|
||||
echo "</nav>";
|
||||
}
|
||||
else {
|
||||
echo "<h1 class='Hello'>Bienvenue sur le site des JO ! </h1>";
|
||||
echo "<nav>";
|
||||
|
||||
echo "<a href='php/evenement.php' class='categorie'>Évènements</a>";
|
||||
echo "<a href='php/connexion.php' class='categorie'>Connexion</a>";
|
||||
echo "<a href='php/inscription.php' class='categorie'>Inscription</a>";
|
||||
echo "</nav>";
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
|
||||
</header>
|
||||
<p class="coco"><b>Les Jeux Olympiques de Paris 2024 seront le plus grand événement jamais organisé en France. Ils se tiendront du 26 juillet au 11 août 2024, durant 16 jours hors du temps pendant lesquels Paris 2024 sera le cœur du monde. Les Jeux, c’est du sport, mais tellement plus encore… Une combinaison de rendez-vous culturels, de programmation artistique, et de performances diverses qui créent une expérience unique en son genre. Les Jeux, c’est un festival populaire et multiculturel qui s’adresse au monde entier. C’est une aventure qui va embarquer la France entière pour une expérience inédite.</b></p>
|
||||
|
||||
</div>
|
||||
|
||||
<footer>
|
||||
<?php require_once('php/footer.php'); ?>
|
||||
</footer>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user