ex3
This commit is contained in:
JARNOUEN DE VILLARTAY Ulysse (SAFRAN AIRCRAFT ENGINES)
parent
553b30bdcc
commit
17a16feb2d
@@ -19,6 +19,14 @@ SET time_zone = "+00:00";
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `user` (
|
||||
login VARCHAR(50) NOT NULL,
|
||||
email VARCHAR(255) NOT NULL,
|
||||
password VARCHAR(255) NOT NULL,
|
||||
PRIMARY KEY (login)
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
|
||||
--
|
||||
-- Table structure for table `Artiste`
|
||||
--
|
||||
|
||||
@@ -0,0 +1,46 @@
|
||||
<?php
|
||||
$login = isset($_GET['login']) ? trim($_GET['login']) : '';
|
||||
$error = isset($_GET['error']);
|
||||
$registered = isset($_GET['registered']);
|
||||
$loggedOut = isset($_GET['logged_out']);
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Authentification</title>
|
||||
<link
|
||||
rel="stylesheet"
|
||||
href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css"
|
||||
/>
|
||||
</head>
|
||||
<body>
|
||||
<main class="container">
|
||||
<h1>Authentification</h1>
|
||||
|
||||
<?php if ($registered) { ?>
|
||||
<article>Inscription réussie. Vous pouvez maintenant vous connecter.</article>
|
||||
<?php } ?>
|
||||
|
||||
<?php if ($loggedOut) { ?>
|
||||
<article>Vous avez été déconnecté.</article>
|
||||
<?php } ?>
|
||||
|
||||
<?php if ($error) { ?>
|
||||
<article aria-invalid="true">Login ou mot de passe incorrect.</article>
|
||||
<?php } ?>
|
||||
|
||||
<form action="./verification.php" method="post">
|
||||
<label for="login">Login</label>
|
||||
<input id="login" name="login" value="<?php echo htmlspecialchars($login, ENT_QUOTES); ?>">
|
||||
|
||||
<label for="password">Mot de passe</label>
|
||||
<input id="password" name="password" type="password">
|
||||
|
||||
<button type="submit">Se connecter</button>
|
||||
</form>
|
||||
|
||||
<p><a href="./inscription.php">Créer un compte</a></p>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,14 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
$_SESSION = array();
|
||||
|
||||
if (ini_get('session.use_cookies')) {
|
||||
$params = session_get_cookie_params();
|
||||
setcookie(session_name(), '', time() - 3600, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
|
||||
}
|
||||
|
||||
session_destroy();
|
||||
|
||||
header('Location: ./authentification.php?logged_out=1');
|
||||
exit;
|
||||
@@ -1,14 +1,14 @@
|
||||
<?php
|
||||
include './modeles/modeleFilms.php';
|
||||
include_once './securite.php';
|
||||
include_once './modeles/modeleFilms.php';
|
||||
|
||||
$films = getFilms();
|
||||
|
||||
//
|
||||
// on "charge" la vue
|
||||
// On charge les fichiers de vue une fois les données prêtes.
|
||||
//
|
||||
|
||||
include './vues/header.php';
|
||||
include './vues/vueFilms.php';
|
||||
include './vues/footer.php';
|
||||
?>
|
||||
include_once './vues/header.php';
|
||||
include_once './vues/vueFilms.php';
|
||||
include_once './vues/footer.php';
|
||||
|
||||
|
||||
@@ -0,0 +1,98 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include_once './modeles/modeleUtilisateurs.php';
|
||||
|
||||
$errors = array();
|
||||
$values = array(
|
||||
'login' => '',
|
||||
'email' => '',
|
||||
);
|
||||
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$values['login'] = isset($_POST['login']) ? trim($_POST['login']) : '';
|
||||
$values['email'] = isset($_POST['email']) ? trim($_POST['email']) : '';
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
||||
|
||||
// On valide champ par champ pour pouvoir réafficher proprement le formulaire.
|
||||
if ($values['login'] === '') {
|
||||
$errors['login'] = 'Le login est obligatoire.';
|
||||
} elseif (!preg_match('/^[a-zA-Z0-9_-]{3,30}$/', $values['login'])) {
|
||||
$errors['login'] = 'Le login doit contenir entre 3 et 30 caractères alphanumériques, _ ou -.';
|
||||
}
|
||||
|
||||
if ($values['email'] === '') {
|
||||
$errors['email'] = 'L\'email est obligatoire.';
|
||||
} elseif (!filter_var($values['email'], FILTER_VALIDATE_EMAIL)) {
|
||||
$errors['email'] = 'Le format de l\'email est invalide.';
|
||||
}
|
||||
|
||||
if ($password === '') {
|
||||
$errors['password'] = 'Le mot de passe est obligatoire.';
|
||||
} elseif (strlen($password) < 8) {
|
||||
$errors['password'] = 'Le mot de passe doit contenir au moins 8 caractères.';
|
||||
}
|
||||
|
||||
if ($values['login'] !== '' && findUserByLogin($values['login']) !== null) {
|
||||
$errors['login'] = 'Ce login est déjà utilisé.';
|
||||
}
|
||||
|
||||
if (empty($errors)) {
|
||||
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
|
||||
createUser($values['login'], $values['email'], $passwordHash);
|
||||
|
||||
header('Location: ./authentification.php?registered=1');
|
||||
exit;
|
||||
}
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<title>Inscription</title>
|
||||
<link
|
||||
rel="stylesheet"
|
||||
href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css"
|
||||
/>
|
||||
</head>
|
||||
<body>
|
||||
<main class="container">
|
||||
<h1>Inscription</h1>
|
||||
<p>Créez un compte avant d'accéder aux pages du site.</p>
|
||||
|
||||
<form method="post">
|
||||
<label for="login">Login</label>
|
||||
<input
|
||||
id="login"
|
||||
name="login"
|
||||
value="<?php echo htmlspecialchars($values['login'], ENT_QUOTES); ?>"
|
||||
>
|
||||
<?php if (isset($errors['login'])) { ?>
|
||||
<small><?php echo htmlspecialchars($errors['login'], ENT_QUOTES); ?></small>
|
||||
<?php } ?>
|
||||
|
||||
<label for="email">Email</label>
|
||||
<input
|
||||
id="email"
|
||||
name="email"
|
||||
type="email"
|
||||
value="<?php echo htmlspecialchars($values['email'], ENT_QUOTES); ?>"
|
||||
>
|
||||
<?php if (isset($errors['email'])) { ?>
|
||||
<small><?php echo htmlspecialchars($errors['email'], ENT_QUOTES); ?></small>
|
||||
<?php } ?>
|
||||
|
||||
<label for="password">Mot de passe</label>
|
||||
<input id="password" name="password" type="password">
|
||||
<?php if (isset($errors['password'])) { ?>
|
||||
<small><?php echo htmlspecialchars($errors['password'], ENT_QUOTES); ?></small>
|
||||
<?php } ?>
|
||||
|
||||
<button type="submit">S'inscrire</button>
|
||||
</form>
|
||||
|
||||
<p><a href="./authentification.php">Déjà inscrit ? Se connecter</a></p>
|
||||
</main>
|
||||
</body>
|
||||
</html>
|
||||
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
function getConnection()
|
||||
{
|
||||
static $conn = null;
|
||||
|
||||
if ($conn !== null) {
|
||||
return $conn;
|
||||
}
|
||||
|
||||
// On autorise deux modes de configuration :
|
||||
// 1) via des variables d'environnement ;
|
||||
// 2) en remplaçant directement les valeurs par votre login/mot de passe.
|
||||
$host = getenv('CINEMA_DB_HOST') ? getenv('CINEMA_DB_HOST') : 'localhost';
|
||||
$user = getenv('CINEMA_DB_USER') ? getenv('CINEMA_DB_USER') : '';
|
||||
$password = getenv('CINEMA_DB_PASSWORD') ? getenv('CINEMA_DB_PASSWORD') : '';
|
||||
$database = getenv('CINEMA_DB_NAME') ? getenv('CINEMA_DB_NAME') : '';
|
||||
|
||||
if ($user === '' || $database === '') {
|
||||
die(
|
||||
"Configurez d'abord l'accès MySQL dans modeles/connexion.php " .
|
||||
"ou via les variables d'environnement CINEMA_DB_HOST, CINEMA_DB_USER, CINEMA_DB_PASSWORD et CINEMA_DB_NAME."
|
||||
);
|
||||
}
|
||||
var_dump($host, $user, $password, $database);
|
||||
$conn = mysqli_connect($host, $user, $password, $database, 3306);
|
||||
if ($conn === false) {
|
||||
die('Connexion MySQL impossible : ' . mysqli_connect_error());
|
||||
}
|
||||
|
||||
mysqli_set_charset($conn, 'utf8mb4');
|
||||
|
||||
return $conn;
|
||||
}
|
||||
@@ -1,16 +1,28 @@
|
||||
<?php
|
||||
function _getConnection()
|
||||
{
|
||||
static $_conn = NULL;
|
||||
if ($_conn === NULL){
|
||||
$_conn = mysqli_connect("localhost","","","");
|
||||
}
|
||||
return $_conn;
|
||||
}
|
||||
|
||||
include_once __DIR__ . '/connexion.php';
|
||||
|
||||
function getFilms()
|
||||
{
|
||||
// A completer
|
||||
$conn = getConnection();
|
||||
$sql = "
|
||||
SELECT Film.idFilm, Film.titre, Film.annee, Genre.code AS genre, Artiste.nom, Artiste.prenom
|
||||
FROM Film
|
||||
JOIN Genre ON Genre.code = Film.genre
|
||||
JOIN Artiste ON Artiste.idArtiste = Film.idMes
|
||||
ORDER BY Film.titre ASC
|
||||
";
|
||||
|
||||
$result = mysqli_query($conn, $sql);
|
||||
if ($result === false) {
|
||||
die('Erreur SQL lors de la récupération des films : ' . mysqli_error($conn));
|
||||
}
|
||||
|
||||
$films = array();
|
||||
while ($film = mysqli_fetch_assoc($result)) {
|
||||
$films[] = $film;
|
||||
}
|
||||
|
||||
mysqli_free_result($result);
|
||||
|
||||
return $films;
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
include_once __DIR__ . '/connexion.php';
|
||||
|
||||
function findUserByLogin($login)
|
||||
{
|
||||
$conn = getConnection();
|
||||
$stmt = mysqli_prepare($conn, 'SELECT login, email, password FROM `user` WHERE login = ?');
|
||||
if ($stmt === false) {
|
||||
die('Préparation SQL impossible : ' . mysqli_error($conn));
|
||||
}
|
||||
|
||||
mysqli_stmt_bind_param($stmt, 's', $login);
|
||||
mysqli_stmt_execute($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $dbLogin, $dbEmail, $dbPassword);
|
||||
|
||||
$user = null;
|
||||
if (mysqli_stmt_fetch($stmt)) {
|
||||
$user = array(
|
||||
'login' => $dbLogin,
|
||||
'email' => $dbEmail,
|
||||
'password' => $dbPassword,
|
||||
);
|
||||
}
|
||||
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
return $user;
|
||||
}
|
||||
|
||||
function createUser($login, $email, $passwordHash)
|
||||
{
|
||||
$conn = getConnection();
|
||||
$stmt = mysqli_prepare($conn, 'INSERT INTO `user` (login, email, password) VALUES (?, ?, ?)');
|
||||
if ($stmt === false) {
|
||||
die('Préparation SQL impossible : ' . mysqli_error($conn));
|
||||
}
|
||||
|
||||
mysqli_stmt_bind_param($stmt, 'sss', $login, $email, $passwordHash);
|
||||
$success = mysqli_stmt_execute($stmt);
|
||||
$errorCode = mysqli_errno($conn);
|
||||
mysqli_stmt_close($stmt);
|
||||
|
||||
// 1062 = violation de clé unique (login déjà pris).
|
||||
if (!$success && $errorCode === 1062) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!$success) {
|
||||
die('Insertion SQL impossible : ' . mysqli_error($conn));
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
@@ -0,0 +1,11 @@
|
||||
<?php
|
||||
if (session_status() === PHP_SESSION_NONE) {
|
||||
session_start();
|
||||
}
|
||||
|
||||
// Ce fichier est inclus en tête de chaque page protégée.
|
||||
// Si l'utilisateur n'est pas connecté, on le renvoie vers le formulaire.
|
||||
if (!isset($_SESSION['user_login'])) {
|
||||
header('Location: ./authentification.php');
|
||||
exit;
|
||||
}
|
||||
@@ -0,0 +1,35 @@
|
||||
<?php
|
||||
session_start();
|
||||
|
||||
include_once './modeles/modeleUtilisateurs.php';
|
||||
|
||||
$login = isset($_POST['login']) ? trim($_POST['login']) : '';
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
||||
|
||||
// Cette temporisation ralentit volontairement les tentatives répétées,
|
||||
// ce qui rend les attaques par force brute moins efficaces.
|
||||
usleep(500000);
|
||||
|
||||
if ($login === '' || $password === '') {
|
||||
header('Location: ./authentification.php?error=1&login=' . urlencode($login));
|
||||
exit;
|
||||
}
|
||||
|
||||
$user = findUserByLogin($login);
|
||||
|
||||
if ($user === null) {
|
||||
header('Location: ./authentification.php?error=1&login=' . urlencode($login));
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!password_verify($password, $user['password'])) {
|
||||
header('Location: ./authentification.php?error=1&login=' . urlencode($login));
|
||||
exit;
|
||||
}
|
||||
|
||||
session_regenerate_id(true);
|
||||
$_SESSION['user_login'] = $user['login'];
|
||||
$_SESSION['user_email'] = $user['email'];
|
||||
|
||||
header('Location: ./films.php');
|
||||
exit;
|
||||
@@ -1,14 +1,24 @@
|
||||
<!DOCTYPE html>
|
||||
<html lang="fr">
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<title>Films</title>
|
||||
<link
|
||||
rel="stylesheet"
|
||||
href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css"
|
||||
/>
|
||||
<head>
|
||||
<meta charset="UTF-8" />
|
||||
<title>Films</title>
|
||||
<link
|
||||
rel="stylesheet"
|
||||
href="https://cdn.jsdelivr.net/npm/@picocss/pico@2/css/pico.min.css"
|
||||
/>
|
||||
|
||||
<link rel="stylesheet" href="./css/style.css">
|
||||
</head>
|
||||
<body>
|
||||
<main class="container">
|
||||
<link rel="stylesheet" href="./css/style.css">
|
||||
</head>
|
||||
<body>
|
||||
<main class="container">
|
||||
<nav>
|
||||
<ul>
|
||||
<li><strong>Cinema</strong></li>
|
||||
</ul>
|
||||
<ul>
|
||||
<li><a href="./films.php">Films</a></li>
|
||||
<li>Connecté : <?php echo htmlspecialchars(isset($_SESSION['user_login']) ? $_SESSION['user_login'] : 'inconnu', ENT_QUOTES); ?></li>
|
||||
<li><a href="./deconnexion.php">Déconnexion</a></li>
|
||||
</ul>
|
||||
</nav>
|
||||
|
||||
Reference in New Issue
Block a user