fix security, css

This commit is contained in:
Flavien Haas 2019-05-22 17:12:09 +02:00
parent 9801d58650
commit 101d9dd428
4 changed files with 45 additions and 76 deletions

View File

@ -1,67 +1,16 @@
<?php
session_start();
require_once('../connexionBD.php');
require_once ('../ressources/user.php');
require_once ('../ressources/verifconnecte.php');
require_once ('../ressources/user.php');
$user = getUser($db, $mail);
if (!$user){
header('Location: profil.php?error=3');
exit();
$user = getUser($mail);
if(!$user['estadmin']){
header('Location: ../index.php');
exit();
}
if (isset($_POST['login']) || isset($_FILES['avatar'])){
if (isset($_FILES['avatar']) and !empty($_FILES['avatar']['name'])) {
$fic = $_FILES['avatar'];
supprimerAvatar($mail);
$res = uploadAvatar($mail, $fic);
switch ($res){
case -1:
header('Location: profil.php?error=4');
exit();
case -2:
header('Location: profil.php?error=5');
exit();
case -3:
header('Location: profil.php?error=6');
exit();
}
}
if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['confirmation']) && isset($_POST['prenom']) && isset($_POST['nom']) && isset($_POST['phone'])) {
$login = htmlentities(pg_escape_string($_POST['login']));
$password = htmlentities(pg_escape_string($_POST['password']));
$confirmation = htmlentities(pg_escape_string($_POST['confirmation']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (loginChange($user, $login)) {
if (!isLoginUniqueModifier($db, $mail, $login)) {
header('Location: profil.php?error=1');
exit();
} else {
if (!modifierLogin($db, $mail, $login)) {
header('Location: profil.php?error=6');
exit();
}
}
}
if (strcmp($password, $confirmation) != 0) {
header('Location: profil.php?error=2');
exit();
}
if (!modifierUtilisateur($db, $mail, $prenom, $nom, $password, $phone)) {
header('Location: profil.php?error=6');
exit();
}
}
sleep(0.85);
header('Location: profil.php');
exit();
}
$delmail = $_POST['delmail'];
$delmail = isset($_POST['delmail']) ? $_POST['delmail'] : NULL;
?>
<!DOCTYPE html>
<html lang="fr">

View File

@ -1,11 +1,12 @@
#menuDiv{
#menuDiv {
width: 100%;
display: block;
}
#menuDiv a{
font-family: "Arial";
#menuDiv a {
font-family: Ubuntu, Helvetica, sans-serif;
font-size: 1em;
height: 20%;
}
#menu {
@ -13,13 +14,28 @@
flex-direction: row;
flex-wrap: wrap;
justify-content: center;
background-color: rgb(65, 154, 28);
align-items: center;
background-color: rgb(35, 35, 35);
}
#logo {
width: 50%;
height: auto;
}
#divFlex{
display: flex;
flex-wrap: nowrap;
width: 10%;
min-width: 5em;
padding: 0;
text-align: center;
align-items: center;
}
.menuItem {
display: flex;
flex-wrap: nowrap;
align-items: center;
justify-content: center;
color: white;
width: 10%;
@ -27,13 +43,17 @@
font-weight: bold;
text-decoration: none;
padding: 0.8em;
border-bottom: 4px solid rgb(65, 154, 28);
border-top: 4px solid rgb(65, 154, 28);
border-bottom: 4px solid rgb(35, 35, 35);
border-top: 4px solid rgb(35, 35, 35);
font-size: 1.1em;
text-align: center;
align-items: baseline;
}
.menuItem:hover{
cursor: pointer;
border-bottom: 4px solid orange;
}
.menuItem:hover {
border-bottom: 4px solid rgb(65, 154, 28);
}
#colorAdmin{
background-color: red;
}

View File

@ -6,13 +6,13 @@ if (file_exists("./inscription.php")) {
?>
<div id="menuDiv">
<nav id="menu">
<a class="menuItem" href="<?php echo $path ; ?>/tableauBord/tableauBord.php">Tableau de bord</a>
<div id="divFlex"><div id="divlogo"><img src="../ressources/logo.png" alt="logo Upssi'Covoit" id="logo"/></div></div>
<a class="menuItem" href="<?php echo $path ; ?>../tableauBord/tableauBord.php">Tableau de bord</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Messagerie</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis laissés</a>
<a class="menuItem" href="<?php echo $path ; ?>/admin/admin.php">Administration</a>
<a class="menuItem" href="<?php echo $path ; ?>/deconnexion.php">Se déconnecter</a>
<a class="menuItem" href="<?php echo $path ; ?>../avis_recus/avis_recus.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>../avis_laisses/avis_laisses.php">Avis laissés</a>
<a id="colorAdmin" class="menuItem" href="<?php echo $path ; ?>../profil/admin.php">Administration</a>
<a class="menuItem" href="<?php echo $path ; ?>../deconnexion.php">Se déconnecter</a>
</nav>
</div>

View File

@ -10,8 +10,8 @@ if (file_exists("./inscription.php")) {
<a class="menuItem" href="<?php echo $path ; ?>../tableauBord/tableauBord.php">Tableau de bord</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis laissés</a>
<a class="menuItem" href="<?php echo $path ; ?>../avis_recus/avis_recus.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>../avis_laisses/avis_laisses.php">Avis laissés</a>
<a class="menuItem" href="<?php echo $path ; ?>../profil/profil.php">Profil</a>
<a class="menuItem" href="<?php echo $path ; ?>../deconnexion.php">Se déconnecter</a>
</nav>