flavien
/
PROJET-WEB_STRI1A
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Modification agencement des fonctions et fichiers appelant la bd

Browse Source
admin
remi.biette 5 years ago
parent 31196609a4
commit a81a2169fe
4 changed files with 115 additions and 147 deletions
Show Stats Download Patch File Download Diff File

2
WEB/deconnexion.php
Unescape Escape View File

@ -1,6 +1,6 @@
<?php <?php
require_once 'connectionBD.php'; require_once ('connexionBD.php');
session_start(); session_start();

62
WEB/index.php
Unescape Escape View File

@ -1,7 +1,30 @@
<?php <?php
require_once("connectionBD.php"); require_once("connexionBD.php");
init();
session_start();
if(!isset($_SESSION['mail'])){
if (isset($_POST['mail_field'])){
$mail = strtolower(htmlentities(pg_escape_string ($_POST['mail_field'])));
$password = htmlentities(pg_escape_string($_POST['password']));
$result = authentification($db, $mail, $password);
if($result) {
$_SESSION['mail'] = $mail;
header('Location: tableauBord/tableauBord.php');
exit();
}
else {
header('Location: index.php?error=1');
exit();
}
}
}
else{
header('Location: tableauBord/tableauBord.php');
exit();
}
function printError(){ function printError(){
if(isset($_GET['error'])){ if(isset($_GET['error'])){
@ -17,8 +40,7 @@ function getError($code){
} }
} }
function authentification($mail, $password){ function authentification($db, $mail, $password){
global $db;
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail)); $result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
if ($result){ if ($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -27,38 +49,6 @@ function authentification($mail, $password){
return false; return false;
} }
function init(){
global $db;
session_start();
/*if(isset($_COOKIE['mail']) && isset($_COOKIE['password'])){
if (authentification($_COOKIE['mail'], $_COOKIE['mail'])){
$_SESSION['mail'] = $_COOKIE['mail'];
}
}*/
if(!isset($_SESSION['mail'])){
if (isset($_POST['mail_field'])){
$mail = strtolower(htmlentities(pg_escape_string ($_POST['mail_field'])));
$password = htmlentities(pg_escape_string($_POST['password']));
$result = authentification($mail, $password);
if($result) {
$_SESSION['mail'] = $mail;
header('Location: tableauBord/tableauBord.php');
exit();
}
else {
header('Location: index.php?error=1');
exit();
}
}
}
else{
header('Location: tableauBord/tableauBord.php');
exit();
}
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="fr"> <html lang="fr">

131
WEB/inscription.php
Unescape Escape View File

@ -1,17 +1,58 @@
<?php <?php
require_once ('connectionBD.php'); require_once('connexionBD.php');
init();
function printError(){ session_start();
if(isset($_GET['error'])){
if (!isset($_SESSION['mail'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0) {
echo "<p class='error'>PHP a ignoré les données POST à cause d'une requête dépassant post_max_size (" . ini_get('post_max_size') . ").</p>";
exit();
}
if (isset($_POST['mail_field'])) {
$login = htmlentities(pg_escape_string($_POST['login_field']));
$password = htmlentities(pg_escape_string($_POST['password']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$dateN = htmlentities(pg_escape_string($_POST['dateN']));
$mail = strtolower(htmlentities(pg_escape_string($_POST['mail_field'])));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
header('Location: inscription.php?error=1');
exit();
} elseif (!isMailUnique($db, $mail)) {
header('Location: inscription.php?error=2');
exit();
} elseif (!isLoginUnique($db, $login)) {
header('Location: inscription.php?error=3');
exit();
} else {
uploadAvatar($mail);
$result = creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN);
if ($result) {
header('Location: index.php');
} else {
header('Location: inscription.php?error=6');
}
}
}
} else {
header('Location: tableauBord/tableauBord.php');
}
function printError()
{
if (isset($_GET['error'])) {
$erreur = getError($_GET['error']); $erreur = getError($_GET['error']);
echo "<p class = 'error'>$erreur</p>"; echo "<p class = 'error'>$erreur</p>";
} }
} }
function getError($code){ function getError($code)
switch ($code){ {
switch ($code) {
case 1: case 1:
return "L'adresse mail est invalide."; return "L'adresse mail est invalide.";
case 2: case 2:
@ -28,99 +69,51 @@ function getError($code){
} }
} }
function isMailUnique($mail){ function isMailUnique($db, $mail)
global $db; {
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail)); $result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
if($result){ if ($result) {
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
return (strcmp($row['mail'], $mail) != 0); return (strcmp($row['mail'], $mail) != 0);
} }
return false; return false;
} }
function isLoginUnique($login){ function isLoginUnique($db, $login)
global $db; {
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE login = $1;", array($login)); $result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE login = $1;", array($login));
if($result){ if ($result) {
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
return (strcmp($row['login'], $login) != 0); return (strcmp($row['login'], $login) != 0);
} }
return false; return false;
} }
function creerUtilisateur($mail, $password, $prenom, $nom, $login, $phone, $dateN){ function creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN)
global $db; {
$result = pg_query_params($db, "INSERT INTO Utilisateur VALUES ($1, $2, $3, $4, $5, $6, to_date($7, 'YYYY/MM/DD'), false);", array($mail, $password, $prenom, $nom, $login, $phone, $dateN)); $result = pg_query_params($db, "INSERT INTO Utilisateur VALUES ($1, $2, $3, $4, $5, $6, to_date($7, 'YYYY/MM/DD'), false);", array($mail, $password, $prenom, $nom, $login, $phone, $dateN));
return $result; return $result;
} }
function uploadAvatar($mail){ function uploadAvatar($mail)
if(isset($_FILES['avatar']) and $_FILES['avatar']['name'] != "") { {
if (isset($_FILES['avatar']) and $_FILES['avatar']['name'] != "") {
$target_file = "imageProfil/$mail.png"; $target_file = "imageProfil/$mail.png";
$file_tmp = $_FILES['avatar']['tmp_name']; $file_tmp = $_FILES['avatar']['tmp_name'];
$extension = end(explode('.', $_FILES['avatar']['name'])); $extension = end(explode('.', $_FILES['avatar']['name']));
$check = getimagesize($file_tmp); $check = getimagesize($file_tmp);
if($check === false or !in_array($extension, array('png'))) { if ($check === false or !in_array($extension, array('png'))) {
header('Location: inscription.php?error=4'); header('Location: inscription.php?error=4');
exit(); exit();
} } else if ($_FILES['avatar']['size'] > 2 * 1024 * 1024) {
else if ($_FILES['avatar']['size'] > 2 * 1024 * 1024){
header('Location: inscription.php?error=5'); header('Location: inscription.php?error=5');
exit(); exit();
} } else {
else{
move_uploaded_file($file_tmp, $target_file); move_uploaded_file($file_tmp, $target_file);
} }
} }
} }
function init(){
session_start();
if(!isset($_SESSION['mail'])){
if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0 ){
echo "<p class='error'>PHP a ignoré les données POST à cause d'une requête dépassant post_max_size (".ini_get('post_max_size').").</p>";
exit();
}
if(isset($_POST['mail_field'])){
$login = htmlentities(pg_escape_string ($_POST['login_field']));
$password = htmlentities(pg_escape_string ($_POST['password']));
$prenom = htmlentities(pg_escape_string ($_POST['prenom']));
$nom = htmlentities(pg_escape_string ($_POST['nom']));
$dateN = htmlentities(pg_escape_string ($_POST['dateN']));
$mail = strtolower(htmlentities(pg_escape_string ($_POST['mail_field'])));
$phone = htmlentities(pg_escape_string ($_POST['phone']));
if(!filter_var($mail, FILTER_VALIDATE_EMAIL)){
header('Location: inscription.php?error=1');
exit();
}
elseif(!isMailUnique($mail)){
header('Location: inscription.php?error=2');
exit();
}
elseif(!isLoginUnique($login)){
header('Location: inscription.php?error=3');
exit();
}
else{
uploadAvatar($mail);
$result = creerUtilisateur($mail, $password, $prenom, $nom, $login, $phone, $dateN);
if($result){
header('Location: index.php');
}
else{
header('Location: inscription.php?error=6');
}
}
}
}
else{
header('Location: tableauBord/tableauBord.php');
}
}
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="fr"> <html lang="fr">
@ -171,7 +164,7 @@ function init(){
<input type="file" id="avatar" class="form" name="avatar" accept="image/png"> <input type="file" id="avatar" class="form" name="avatar" accept="image/png">
</div> </div>
<?php <?php
printError(); printError();
?> ?>
<input id="submit" class="button" type="submit" value="S'inscrire"> <input id="submit" class="button" type="submit" value="S'inscrire">
</form> </form>

67
WEB/tableauBord/tableauBord.php
Unescape Escape View File

@ -3,9 +3,15 @@
include '../ressources/navbarHTML.php'; include '../ressources/navbarHTML.php';
navbarHTML("Tableau de bord"); navbarHTML("Tableau de bord");
require_once ('../connectionBD.php'); require_once('../connexionBD.php');
$mail = null; session_start();
init();
//Si on est pas connecté redirection vers la page de connexion
if(!isset($_SESSION['mail'])){
header('Location: ../index.php');
exit();
}
$mail = $_SESSION['mail'];
$matricule = isset($_POST['matricule']) ? $_POST['matricule'] : NULL; //recuperation valeur formulaire, isset pour eviter l'erreur "Notice: Undefined index" $matricule = isset($_POST['matricule']) ? $_POST['matricule'] : NULL; //recuperation valeur formulaire, isset pour eviter l'erreur "Notice: Undefined index"
$marque = isset($_POST['marque']) ? $_POST['marque'] : NULL; $marque = isset($_POST['marque']) ? $_POST['marque'] : NULL;
@ -14,30 +20,16 @@ $nbplaces = isset($_POST['nbplaces']) ? $_POST['nbplaces'] : NULL;
$anneefab = isset($_POST['anneefab']) ? $_POST['anneefab'] : NULL; $anneefab = isset($_POST['anneefab']) ? $_POST['anneefab'] : NULL;
if(isset($_POST['submitadd'])){ if(isset($_POST['submitadd'])){
addVoiture($matricule, $marque, $modele, $nbplaces, $anneefab); addVoiture($db, $matricule, $marque, $modele, $nbplaces, $anneefab);
} }
if(isset($_POST['submitchange'])){ if(isset($_POST['submitchange'])){
changeVoiture($matricule, $marque, $modele, $nbplaces, $anneefab); changeVoiture($db, $matricule, $marque, $modele, $nbplaces, $anneefab);
} }
if(isset($_POST['submitshow'])){ if(isset($_POST['submitshow'])){
showVoiture(); showVoiture($db);
}
function init(){
session_start();
global $mail;
//Si on est pas connecté redirection vers la page de connexion
if(!isset($_SESSION['mail'])){
header('Location: ../index.php');
exit();
}
else{
$mail = $_SESSION['mail'];
}
} }
function getPrenom($mail){ function getPrenom($db, $mail){
global $db;
$result = pg_query_params($db, "SELECT prenom from Utilisateur WHERE mail = $1;", array($mail)); $result = pg_query_params($db, "SELECT prenom from Utilisateur WHERE mail = $1;", array($mail));
if($result){ if($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -47,8 +39,7 @@ function getPrenom($mail){
return null; return null;
} }
function getLogin($mail){ function getLogin($db, $mail){
global $db;
$result = pg_query_params($db, "SELECT login from Utilisateur WHERE mail = $1;", array($mail)); $result = pg_query_params($db, "SELECT login from Utilisateur WHERE mail = $1;", array($mail));
if($result){ if($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -58,8 +49,7 @@ function getLogin($mail){
return null; return null;
} }
function getTrajetsProposes($mail){ function getTrajetsProposes($db, $mail){
global $db;
$result = pg_query_params($db, "SELECT COUNT(*) from Trajet WHERE mailProposition = $1 AND estAnnule = false AND datedepart >= current_date;", array($mail)); $result = pg_query_params($db, "SELECT COUNT(*) from Trajet WHERE mailProposition = $1 AND estAnnule = false AND datedepart >= current_date;", array($mail));
if($result){ if($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -68,8 +58,7 @@ function getTrajetsProposes($mail){
return 0; return 0;
} }
function getTrajetsReserves($mail){ function getTrajetsReserves($db, $mail){
global $db;
$result = pg_query_params($db, "SELECT COUNT(*) FROM trajet tr, reserver r WHERE r.codetrajet = tr.codetrajet AND mailutilisateur = $1 AND etatres != 'Annulée' AND estAnnule = false AND datedepart >= current_date;", array($mail)); $result = pg_query_params($db, "SELECT COUNT(*) FROM trajet tr, reserver r WHERE r.codetrajet = tr.codetrajet AND mailutilisateur = $1 AND etatres != 'Annulée' AND estAnnule = false AND datedepart >= current_date;", array($mail));
if($result){ if($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -78,8 +67,7 @@ function getTrajetsReserves($mail){
return 0; return 0;
} }
function getMessagesNonLus($mail){ function getMessagesNonLus($db, $mail){
global $db;
$result = pg_query_params($db, "SELECT COUNT(*) from Message WHERE mailRecepteur = $1 AND estLu = FALSE;", array($mail)); $result = pg_query_params($db, "SELECT COUNT(*) from Message WHERE mailRecepteur = $1 AND estLu = FALSE;", array($mail));
if($result){ if($result){
$row = pg_fetch_array($result); $row = pg_fetch_array($result);
@ -88,7 +76,7 @@ function getMessagesNonLus($mail){
} }
} }
function getAvisNonLus($mail){ function getAvisNonLus($db, $mail){
global $db; global $db;
$result = pg_query_params($db, "SELECT COUNT(tr.mailProposition) FROM Trajet tr, Avis av WHERE tr.codeTrajet = av.codeTrajet AND av.estLu = false AND tr.mailProposition = $1;", array($mail)); $result = pg_query_params($db, "SELECT COUNT(tr.mailProposition) FROM Trajet tr, Avis av WHERE tr.codeTrajet = av.codeTrajet AND av.estLu = false AND tr.mailProposition = $1;", array($mail));
if($result){ if($result){
@ -105,21 +93,18 @@ function getPathImgProfil($mail){
return "../imageProfil/default.svg"; return "../imageProfil/default.svg";
} }
function addVoiture($matricule, $marque, $modele, $nbplaces, $anneefab){ function addVoiture($db, $matricule, $marque, $modele, $nbplaces, $anneefab){
global $db;
$requete = "INSERT INTO public.voiture (matricule, marque, modele, nbplaces, anneefab, mail) VALUES ('".$matricule."','".$marque."','".$modele."','".$nbplaces."','".$anneefab."','".$_SESSION['mail']."');"; $requete = "INSERT INTO public.voiture (matricule, marque, modele, nbplaces, anneefab, mail) VALUES ('".$matricule."','".$marque."','".$modele."','".$nbplaces."','".$anneefab."','".$_SESSION['mail']."');";
pg_query($db, $requete); pg_query($db, $requete);
} }
function changeVoiture($matricule, $marque, $modele, $nbplaces, $anneefab){ function changeVoiture($db, $matricule, $marque, $modele, $nbplaces, $anneefab){
global $db;
$requete = "UPDATE public.voiture SET (matricule, marque, modele, nbplaces, anneefab) = ('".$matricule."','".$marque."','".$modele."','".$nbplaces."','".$anneefab."') WHERE mail = '".$_SESSION['mail']."';"; $requete = "UPDATE public.voiture SET (matricule, marque, modele, nbplaces, anneefab) = ('".$matricule."','".$marque."','".$modele."','".$nbplaces."','".$anneefab."') WHERE mail = '".$_SESSION['mail']."';";
echo "requete =".$requete; echo "requete =".$requete;
pg_query($db, $requete); pg_query($db, $requete);
} }
function showVoiture(){ function showVoiture($db){
global $db;
$requete = "SELECT * FROM public.voiture WHERE voiture.mail = '".$_SESSION['mail']."';"; $requete = "SELECT * FROM public.voiture WHERE voiture.mail = '".$_SESSION['mail']."';";
if($donnees = pg_query($db, $requete)){ if($donnees = pg_query($db, $requete)){
while($res = pg_fetch_assoc($donnees)){ while($res = pg_fetch_assoc($donnees)){
@ -142,7 +127,7 @@ function showVoiture(){
</script> </script>
<div id="content"> <div id="content">
<div id="tableauBord"> <div id="tableauBord">
<h1>Bienvenue <?php echo getLogin($mail); ?></h1> <h1>Bienvenue <?php echo getLogin($db, $mail); ?></h1>
<div id="divImgProfil"> <div id="divImgProfil">
<img id="imgProfil" src="<?php echo getPathImgProfil($mail); ?>"> <img id="imgProfil" src="<?php echo getPathImgProfil($mail); ?>">
</div> </div>
@ -153,19 +138,19 @@ function showVoiture(){
<div id="recap"> <div id="recap">
<div class="recapLine"> <div class="recapLine">
<img class="recapIcon" src="../car.png"> <img class="recapIcon" src="../car.png">
<p>Vous avez <?php echo getTrajetsProposes($mail); ?> trajets proposés à effectuer.</p> <p>Vous avez <?php echo getTrajetsProposes($db, $mail); ?> trajets proposés à effectuer.</p>
</div> </div>
<div class="recapLine"> <div class="recapLine">
<img class="recapIcon" src="../car.png"> <img class="recapIcon" src="../car.png">
<p>Vous avez <?php echo getTrajetsReserves($mail); ?> trajets réservés à effectuer.</p> <p>Vous avez <?php echo getTrajetsReserves($db, $mail); ?> trajets réservés à effectuer.</p>
</div> </div>
<div class="recapLine"> <div class="recapLine">
<img class="recapIcon" src="../mail.svg"> <img class="recapIcon" src="../mail.svg">
<p>Vous avez <?php echo getMessagesNonLus($mail); ?> messages non lus.</p> <p>Vous avez <?php echo getMessagesNonLus($db, $mail); ?> messages non lus.</p>
</div> </div>
<div class="recapLine"> <div class="recapLine">
<img class="recapIcon" src="../star.png"> <img class="recapIcon" src="../star.png">
<p>Vous avez <?php echo getAvisNonLus($mail); ?> avis non lus.</p> <p>Vous avez <?php echo getAvisNonLus($db, $mail); ?> avis non lus.</p>
</div> </div>
</div> </div>
<form id="choixFormeTestVoiture"> <form id="choixFormeTestVoiture">

Write Preview
Loading…
Cancel
Save