diff --git a/codeigniter/application/controllers/ConnexionController.php b/codeigniter/application/controllers/ConnexionController.php
index b813b03..738e1aa 100644
--- a/codeigniter/application/controllers/ConnexionController.php
+++ b/codeigniter/application/controllers/ConnexionController.php
@@ -18,19 +18,22 @@ class ConnexionController extends CI_Controller {
}
public function authentifier() {
-
- if($_SERVER["REQUEST_METHOD"] == "POST"){
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
$email = $_POST['email'];
$password = $_POST['password'];
- if($email != "" && $password != ""){
+ if (!empty($email) && !empty($password)) {
$this->load->database();
- $query = $this->db->query("SELECT * FROM users WHERE email = '$email' AND mdp = '$password'");
+ // Utilisation d'une requête préparée pour éviter les injections SQL
+ $query = $this->db->query("SELECT * FROM users WHERE email = ?", array($email));
$result = $query->row(); // Récupérer la première ligne de résultat
-
- if($result){ // Vérifier si l'utilisateur existe
- $this->session->set_userdata('user_id', $result->id);
- $this->session->set_userdata('pseudo', $result->pseudo);
- redirect('../index.php');
+ if ($result) { // Vérifier si l'utilisateur existe
+ if (password_verify($password, $result->mdp)) { // Vérifier si le mot de passe est correct
+ $this->session->set_userdata('user_id', $result->id);
+ $this->session->set_userdata('pseudo', $result->pseudo);
+ redirect('../index.php');
+ } else {
+ $data['error_msg'] = "Email ou mot de passe incorrect.";
+ }
} else {
$data['error_msg'] = "Email ou mot de passe incorrect.";
$this->error_co = "Email ou mot de passe incorrect.";
@@ -40,13 +43,9 @@ class ConnexionController extends CI_Controller {
}
}
-
- echo "<pre>";
- print_r($this->session->userdata());
- echo "</pre>";
-
+
$this->load->view('layout/header');
- $this->load->view('connexion', $data);
+ $this->load->view('connexion', isset($data) ? $data : []);
$this->load->view('layout/footer');
}
}
@@ -62,22 +61,18 @@ class ConnexionController extends CI_Controller {
$nom = strtoupper($this->input->post('nom'));
$pseudo = $this->input->post('pseudo');
$mdp = $this->input->post('pass');
+ $mdpcrypte = password_hash($mdp, PASSWORD_DEFAULT);
$email = $this->input->post('email');
-
$data = array(
'pseudo' => $pseudo,
'nom' => $nom,
'prenom' => $prenom,
- 'mdp' => $mdp,
+ 'mdp' => $mdpcrypte,
'email' => $email
);
$this->db->insert('users', $data);
-
- $this->session->set_userdata('pseudo', $pseudo);
- redirect('../index.php');
-
-
+ $data['confirmation_message'] = "Inscription réussie ! Vous êtes maintenant inscrit.";
$this->load->view('layout/header');
$this->load->view('connexion', $data);
$this->load->view('layout/footer');
diff --git a/codeigniter/application/controllers/InscriptionController.php b/codeigniter/application/controllers/InscriptionController.php
index b99d932..b112768 100644
--- a/codeigniter/application/controllers/InscriptionController.php
+++ b/codeigniter/application/controllers/InscriptionController.php
@@ -23,13 +23,14 @@ class InscriptionController extends CI_Controller {
$nom = strtoupper($this->input->post('nom'));
$pseudo = $this->input->post('pseudo');
$mdp = $this->input->post('pass');
+ $mdpcrypte = password_hash($mdp, PASSWORD_DEFAULT);
$email = $this->input->post('email');
$data = array(
'pseudo' => $pseudo,
'nom' => $nom,
'prenom' => $prenom,
- 'mdp' => $mdp,
+ 'mdp' => $mdpcrypte,
'email' => $email
);
diff --git a/codeigniter/application/controllers/Playlist.php b/codeigniter/application/controllers/Playlist.php
index dd3f219..1379960 100644
--- a/codeigniter/application/controllers/Playlist.php
+++ b/codeigniter/application/controllers/Playlist.php
@@ -12,6 +12,11 @@ class Playlist extends CI_Controller {
}
public function index(){
+
+ if (!$this->session->userdata('user_id')) {
+ // Redirigez vers la page de connexion
+ redirect('connexion');
+ }
$userId = $this->session->userdata('user_id');
$playlists = $this->model_music->getPlaylistsByUser($userId);
$this->load->view('layout/header');
@@ -48,6 +53,11 @@ class Playlist extends CI_Controller {
}
public function view($id) {
+
+ if (!$this->session->userdata('user_id')) {
+ // Redirigez vers la page de connexion
+ redirect('connexion');
+ }
$songs = $this->model_music->getSongsByPlaylist($id);
$playlist = $this->model_music->getPlaylistById($id);
if ($playlist) {
@@ -88,6 +98,10 @@ class Playlist extends CI_Controller {
}
public function choose_playlist($songId) {
+ if (!$this->session->userdata('user_id')) {
+ // Redirigez vers la page de connexion
+ redirect('connexion');
+ }
$playlists = $this->model_music->getPlaylistsByUser($this->session->userdata('user_id'));
$this->load->view('layout/header');
$this->load->view('choose_playlist', ['playlists' => $playlists, 'songId' => $songId]);
@@ -96,6 +110,10 @@ class Playlist extends CI_Controller {
public function choix_playlist($albumId) {
+ if (!$this->session->userdata('user_id')) {
+ // Redirigez vers la page de connexion
+ redirect('connexion');
+ }
$playlists = $this->model_music->getPlaylistsByUser($this->session->userdata('user_id'));
$this->load->view('layout/header');
$this->load->view('choix_playlist', ['playlists' => $playlists, 'albumId' => $albumId]);
@@ -124,6 +142,10 @@ public function choix_playlist($albumId) {
}
public function generate(){
+ if (!$this->session->userdata('user_id')) {
+ // Redirigez vers la page de connexion
+ redirect('connexion');
+ }
$this->load->view('layout/header');
$this->load->view('playlist_generate');
$this->load->view('layout/footer');