flavien
/
PROJET-WEB_STRI1A
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Finalisation page profil et creation de la bibliotheque user.php

Browse Source
admin
remi.biette 5 years ago
parent c50c46e1d2
commit fe89b5b7f6
5 changed files with 248 additions and 217 deletions
Show Stats Download Patch File Download Diff File

148
WEB/inscription.php
Unescape Escape View File

@ -1,45 +1,62 @@
<?php
require_once('connexionBD.php');
require_once('ressources/user.php');
session_start();
if (!isset($_SESSION['mail'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && empty($_FILES) && $_SERVER['CONTENT_LENGTH'] > 0) {
echo "<p class='error'>PHP a ignoré les données POST à cause d'une requête dépassant post_max_size (" . ini_get('post_max_size') . ").</p>";
exit();
}
if (isset($_POST['mail_field'])) {
$login = htmlentities(pg_escape_string($_POST['login_field']));
$password = htmlentities(pg_escape_string($_POST['password']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$dateN = htmlentities(pg_escape_string($_POST['dateN']));
$mail = strtolower(htmlentities(pg_escape_string($_POST['mail_field'])));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (isset($_POST['login']) || isset($_FILES['avatar'])) {
if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['confirmation']) && isset($_POST['prenom']) && isset($_POST['nom']) && isset($_POST['phone'])) {
$login = htmlentities(pg_escape_string($_POST['login']));
$password = htmlentities(pg_escape_string($_POST['password']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$dateN = htmlentities(pg_escape_string($_POST['dateN']));
$mail = strtolower(htmlentities(pg_escape_string($_POST['mail'])));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
header('Location: inscription.php?error=1');
exit();
} elseif (!isMailUnique($db, $mail)) {
header('Location: inscription.php?error=2');
exit();
} elseif (!isLoginUnique($db, $login)) {
header('Location: inscription.php?error=3');
exit();
} else {
uploadAvatar($mail);
$result = creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN);
if ($result) {
header('Location: index.php');
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
header('Location: inscription.php?error=1');
exit();
} elseif (!isMailUnique($db, $mail)) {
header('Location: inscription.php?error=2');
exit();
} elseif (!isLoginUnique($db, $login)) {
header('Location: inscription.php?error=3');
exit();
} else {
header('Location: inscription.php?error=6');
if (isset($_FILES['avatar']) and !empty($_FILES['avatar']['name'])) {
$fic = $_FILES['avatar'];
$res = uploadAvatar($mail, $fic);
switch ($res){
case -1:
header('Location: inscription.php?error=4');
exit();
case -2:
header('Location: inscription.php?error=5');
exit();
case -3:
header('Location: inscription.php?error=6');
exit();
}
}
$result = creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN);
if ($result) {
header('Location: index.php');
exit();
} else {
header('Location: inscription.php?error=6');
exit();
}
}
}
}
}
} else {
}
else {
header('Location: tableauBord/tableauBord.php');
exit();
}
function printError()
@ -69,51 +86,6 @@ function getError($code)
}
}
function isMailUnique($db, $mail)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['mail'], $mail) != 0);
}
return false;
}
function isLoginUnique($db, $login)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE login = $1;", array($login));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['login'], $login) != 0);
}
return false;
}
function creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN)
{
$result = pg_query_params($db, "INSERT INTO Utilisateur VALUES ($1, $2, $3, $4, $5, $6, to_date($7, 'YYYY/MM/DD'), false);", array($mail, $password, $prenom, $nom, $login, $phone, $dateN));
return $result;
}
function uploadAvatar($mail)
{
if (isset($_FILES['avatar']) and $_FILES['avatar']['name'] != "") {
$target_file = "imageProfil/$mail.png";
$file_tmp = $_FILES['avatar']['tmp_name'];
$extension = end(explode('.', $_FILES['avatar']['name']));
$check = getimagesize($file_tmp);
if ($check === false or !in_array($extension, array('png'))) {
header('Location: inscription.php?error=4');
exit();
} else if ($_FILES['avatar']['size'] > 2 * 1024 * 1024) {
header('Location: inscription.php?error=5');
exit();
} else {
move_uploaded_file($file_tmp, $target_file);
}
}
}
?>
<!DOCTYPE html>
<html lang="fr">
@ -121,19 +93,18 @@ function uploadAvatar($mail)
<meta charset="UTF-8">
<link rel="stylesheet" href="index_inscription.css">
<title>Inscription</title>
<script src="inscription.js"></script>
</head>
<body>
<div id="formulaire">
<h1>Inscription</h1>
<form method="post" enctype="multipart/form-data" action="inscription.php">
<div class="line">
<label for="mail_field">Adresse mail : </label>
<input id="mail_field" class="form" name="mail_field" type="email" maxlength="100" required>
<label for="mail">Adresse mail : </label>
<input id="mail" class="form" name="mail" type="email" maxlength="100" required>
</div>
<div class="line">
<label for="login_field">Login : </label>
<input id="login_field" class="form" name="login_field" type="text" maxlength="50" required>
<label for="login">Login : </label>
<input id="login" class="form" name="login" type="text" maxlength="50" required>
</div>
<div class="line">
<label for="password">Mot de passe : </label>
@ -144,24 +115,24 @@ function uploadAvatar($mail)
<input class="form" id="confirmation" name="confirmation" type="password" maxlength="16">
</div>
<div class="line">
<label for="prenom_field">Prénom : </label>
<input id="prenom_field" class="form" name="prenom" type="text" maxlength="50" required>
<label for="prenom">Prénom : </label>
<input id="prenom" class="form" name="prenom" type="text" maxlength="50" required>
</div>
<div class="line">
<label for="nom_field">Nom : </label>
<input id="nom_field" class="form" name="nom" type="text" maxlength="50" required>
<label for="nom">Nom : </label>
<input id="nom" class="form" name="nom" type="text" maxlength="50" required>
</div>
<div class="line">
<label for="dateN_field">Date de naissance : </label>
<input id="dateN_field" class="form" name="dateN" type="date" required>
<label for="dateN">Date de naissance : </label>
<input id="dateN" class="form" name="dateN" type="date" required>
</div>
<div class="line">
<label for="phone_field">Numéro de téléphone : </label>
<input id="phone_field" class="form" name="phone" type="tel" pattern="[0-9]{10}" maxlength="10" required>
<label for="phone">Numéro de téléphone : </label>
<input id="phone" class="form" name="phone" type="tel" pattern="[0-9]{10}" maxlength="10" required>
</div>
<div class="line">
<label for="avatar">Image du Profil :</label>
<input type="file" id="avatar" class="form" name="avatar" accept="image/png">
<input type="file" id="avatar" class="form" name="avatar" accept="image/png, image/jpeg">
</div>
<?php
printError();
@ -170,5 +141,6 @@ function uploadAvatar($mail)
</form>
<p id="enregistrer">Si vous avez déjà un compte <a href="index.php" title="S'identifier">cliquez ici</a>.</p>
</div>
<script src="inscription.js"></script>
</body>
</html>

4
WEB/profil.css
Unescape Escape View File

@ -1,7 +1,7 @@
*{
margin: 0;
padding: 0;
font-family: Arial;
font-family: "Arial", sans-serif;
}
#divImgProfil{
@ -11,7 +11,7 @@
justify-content: center;
}
#mail_field, #dateN_field{
#mail, #dateN{
background-color: lightgray;
}

145
WEB/profil.php
Unescape Escape View File

@ -1,6 +1,7 @@
<?php
require_once('connexionBD.php');
require_once ('ressources/user.php');
session_start();
@ -11,23 +12,48 @@ if (!isset($_SESSION['mail'])) {
$mail = $_SESSION['mail'];
if (isset($_POST['login_field']) || isset($_FILES['avatar'])) {
if (isset($_FILES['avatar']) and $_FILES['avatar']['name'] != "") {
$user = getUser($db, $mail);
if (!$user) {
header('Location: profil.php?error=3');
exit();
}
if (isset($_POST['login']) || isset($_FILES['avatar'])){
if (isset($_FILES['avatar']) and !empty($_FILES['avatar']['name'])) {
$fic = $_FILES['avatar'];
supprimerAvatar($mail);
uploadAvatar($mail, $fic);
$res = uploadAvatar($mail, $fic);
switch ($res){
case -1:
header('Location: profil.php?error=4');
exit();
case -2:
header('Location: profil.php?error=5');
exit();
case -3:
header('Location: profil.php?error=6');
exit();
}
}
if (isset($_POST['login_field']) && isset($_POST['password']) && isset($_POST['confirmation']) && isset($_POST['prenom']) && isset($_POST['nom']) && isset($_POST['phone'])) {
$login = htmlentities(pg_escape_string($_POST['login_field']));
if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['confirmation']) && isset($_POST['prenom']) && isset($_POST['nom']) && isset($_POST['phone'])) {
$login = htmlentities(pg_escape_string($_POST['login']));
$password = htmlentities(pg_escape_string($_POST['password']));
$confirmation = htmlentities(pg_escape_string($_POST['confirmation']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (!isLoginUniqueModifier($db, $mail, $login)) {
header('Location: profil.php?error=1');
exit();
if (loginChange($user, $login)) {
if (!isLoginUniqueModifier($db, $mail, $login)) {
header('Location: profil.php?error=1');
exit();
} else {
if (!modifierLogin($db, $mail, $login)) {
header('Location: profil.php?error=6');
exit();
}
}
}
if (strcmp($password, $confirmation) != 0) {
@ -35,77 +61,16 @@ if (isset($_POST['login_field']) || isset($_FILES['avatar'])) {
exit();
}
if (!modifierUtilisateur($db, $prenom, $nom, $login, $phone)) {
if (!modifierUtilisateur($db, $mail, $prenom, $nom, $password, $phone)) {
header('Location: profil.php?error=6');
exit();
}
}
sleep(0.85);
header('Location: profil.php');
exit();
}
$user = getUser($db, $_SESSION['mail']);
if (!$user) {
header('Location: profil.php?error=3');
exit();
}
function getPathImgProfil($mail)
{
$protocol = "https";
if (!isset($_SERVER['HTTPS_HOST'])) {
$protocol = "http";
}
$list = scandir($_SERVER['DOCUMENT_ROOT'] . "/imageProfil");
foreach ($list as $entry) {
if (strpos($entry, $mail) !== false) {
return "$protocol://" . $_SERVER['HTTP_HOST'] . "/imageProfil/$entry";
}
}
return "$protocol://" . $_SERVER['HTTP_HOST'] . "/imageProfil/default.svg";
}
function supprimerAvatar($mail)
{
$list = scandir($_SERVER['DOCUMENT_ROOT'] . "/imageProfil");
foreach ($list as $entry) {
if (strpos($entry, $mail) !== false) {
unlink($_SERVER['DOCUMENT_ROOT'] . "/imageProfil/$entry");
}
}
}
function uploadAvatar($mail, $fic)
{
$tmp = explode('.', $fic['name']);
$extension = end($tmp);
$target_file = "imageProfil/$mail.$extension";
$file_tmp = $fic['tmp_name'];
$check = getimagesize($file_tmp);
if ($check === false or !in_array($extension, array('png', 'jpg', 'jpeg', 'pjpeg', 'jfif', 'pjp'))) {
header('Location: inscription.php?error=4');
exit();
} else if ($fic['size'] > 2 * 1024 * 1024) {
header('Location: inscription.php?error=5');
exit();
} else {
move_uploaded_file($file_tmp, $target_file);
}
}
function modifierUtilisateur($db, $prenom, $nom, $login, $phone)
{
$result = pg_query_params($db, "UPDATE Utilisateur SET prenom = $1, nom = $2, login = $3, telephone = $4;", array($prenom, $nom, $login, $phone));
return $result;
}
function getUser($db, $mail)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
return pg_fetch_array($result);
}
function printError()
{
if (isset($_GET['error'])) {
@ -114,16 +79,6 @@ function printError()
}
}
function isLoginUniqueModifier($db, $mail, $login)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE login = $1 AND mail != $2;", array($login, $mail));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['login'], $login) != 0);
}
return false;
}
function getErrorProfil($code)
{
switch ($code) {
@ -144,7 +99,6 @@ function getErrorProfil($code)
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
@ -162,15 +116,14 @@ function getErrorProfil($code)
<div id="divImgProfil">
<img id="imgProfil" src="<?php echo getPathImgProfil($mail); ?>">
</div>
<form method="post" enctype="multipart/form-data" action="profil.php">
<form method="post" action="profil.php" enctype="multipart/form-data">
<div class="line">
<label for="mail_field">Adresse mail : </label>
<input id="mail_field" class="form" type="email" maxlength="100" readonly
value="<?php echo $user['mail']; ?>">
<label for="mail">Adresse mail : </label>
<input id="mail" class="form" type="email" maxlength="100" readonly value="<?php echo $user['mail']; ?>">
</div>
<div class="line">
<label for="login_field">Login : </label>
<input id="login_field" class="form" name="login_field" type="text" maxlength="50"
<label for="login">Login : </label>
<input id="login" class="form" name="login" type="text" maxlength="50"
value="<?php echo $user['login']; ?>" required>
</div>
<div class="line">
@ -184,23 +137,23 @@ function getErrorProfil($code)
value="<?php echo $user['passwd']; ?>" required>
</div>
<div class="line">
<label for="prenom_field">Prénom : </label>
<input id="prenom_field" class="form" name="prenom" type="text" maxlength="50"
<label for="prenom">Prénom : </label>
<input id="prenom" class="form" name="prenom" type="text" maxlength="50"
value="<?php echo $user['prenom']; ?>" required>
</div>
<div class="line">
<label for="nom_field">Nom : </label>
<input id="nom_field" class="form" name="nom" type="text" maxlength="50" value="<?php echo $user['nom']; ?>"
<label for="nom">Nom : </label>
<input id="nom" class="form" name="nom" type="text" maxlength="50" value="<?php echo $user['nom']; ?>"
required>
</div>
<div class="line">
<label for="dateN_field">Date de naissance : </label>
<input id="dateN_field" class="form" readonly="readonly" type="date"
<label for="dateN">Date de naissance : </label>
<input id="dateN" class="form" readonly="readonly" type="date"
value="<?php echo $user['datenaissance']; ?>" required>
</div>
<div class="line">
<label for="phone_field">Numéro de téléphone : </label>
<input id="phone_field" class="form" name="phone" type="tel" pattern="[0-9]{10}" maxlength="10"
<label for="phone">Numéro de téléphone : </label>
<input id="phone" class="form" name="phone" type="tel" pattern="[0-9]{10}" maxlength="10"
value="<?php echo $user['telephone']; ?>" required>
</div>
<div class="line">

133
WEB/ressources/user.php
Unescape Escape View File

@ -0,0 +1,133 @@
<?php
function loginChange($user, $login)
{
return strcmp($user['login'], $login);
}
function isLoginUniqueModifier($db, $mail, $login)
{
$result = pg_query_params($db, "SELECT login FROM Utilisateur WHERE login = $1 AND mail != $2;", array($login, $mail));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['login'], $login) != 0);
}
return false;
}
function modifierLogin($db, $mail, $login)
{
$result = pg_query_params($db, "UPDATE Utilisateur SET login = $1 WHERE mail = $2;", array($login, $mail));
return $result;
}
function modifierUtilisateur($db, $mail, $prenom, $nom, $password, $phone)
{
$result = pg_query_params($db, "UPDATE Utilisateur SET prenom = $1, nom = $2, telephone = $3 , passwd = $4 WHERE mail = $5;", array($prenom, $nom, $phone, $password, $mail));
return $result;
}
function getUser($db, $mail)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
return pg_fetch_array($result);
}
function getPrenom($db, $mail)
{
$result = pg_query_params($db, "SELECT prenom from Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
$prenom = $row[0];
return $prenom;
}
return false;
}
function getLogin($db, $mail)
{
$result = pg_query_params($db, "SELECT login from Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
$login = $row[0];
return $login;
}
return false;
}
function getPathImgProfilTableau($mail)
{
$list = scandir($_SERVER['DOCUMENT_ROOT'] . "/imageProfil");
foreach ($list as $entry) {
if (strpos($entry, $mail) !== false) {
return "../imageProfil/$entry";
}
}
return "../imageProfil/default.svg";
}
function getPathImgProfil($mail)
{
$list = scandir($_SERVER['DOCUMENT_ROOT'] . "/imageProfil");
foreach ($list as $entry) {
if (strpos($entry, $mail) !== false) {
return "./imageProfil/$entry";
}
}
return "./imageProfil/default.svg";
}
function supprimerAvatar($mail)
{
$list = scandir($_SERVER['DOCUMENT_ROOT'] . "/imageProfil");
foreach ($list as $entry) {
if (strpos($entry, $mail) !== false) {
unlink($_SERVER['DOCUMENT_ROOT'] . "/imageProfil/$entry");
}
}
}
function isMailUnique($db, $mail)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['mail'], $mail) != 0);
}
return false;
}
function isLoginUnique($db, $login)
{
$result = pg_query_params($db, "SELECT * FROM Utilisateur WHERE login = $1;", array($login));
if ($result) {
$row = pg_fetch_array($result);
return (strcmp($row['login'], $login) != 0);
}
return false;
}
function creerUtilisateur($db, $mail, $password, $prenom, $nom, $login, $phone, $dateN)
{
$result = pg_query_params($db, "INSERT INTO Utilisateur VALUES ($1, $2, $3, $4, $5, $6, to_date($7, 'YYYY/MM/DD'), false);", array($mail, $password, $prenom, $nom, $login, $phone, $dateN));
return $result;
}
function uploadAvatar($mail, $fic)
{
$tmp = explode('.', $fic['name']);
$extension = end($tmp);
$target_file = "./imageProfil/$mail.$extension";
$file_tmp = $fic['tmp_name'];
$check = getimagesize($file_tmp);
if ($check === false or !in_array($extension, array('png', 'jpg', 'jpeg', 'pjpeg', 'jfif', 'pjp'))) {
return -1;
} else if ($fic['size'] > 2 * 1024 * 1024) {
return -2;
} else {
if(!move_uploaded_file($file_tmp, $target_file)){
return -3;
}
}
return 0;
}

35
WEB/tableauBord/tableauBord.php
Unescape Escape View File

@ -1,5 +1,8 @@
<?php
require_once('../connexionBD.php');
require_once ('../ressources/user.php');
session_start();
//Si on est pas connecté redirection vers la page de connexion
@ -25,28 +28,6 @@ if (isset($_POST['submitshow'])) {
showVoiture($db);
}
function getPrenom($db, $mail)
{
$result = pg_query_params($db, "SELECT prenom from Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
$prenom = $row[0];
return $prenom;
}
return null;
}
function getLogin($db, $mail)
{
$result = pg_query_params($db, "SELECT login from Utilisateur WHERE mail = $1;", array($mail));
if ($result) {
$row = pg_fetch_array($result);
$login = $row[0];
return $login;
}
return null;
}
function getTrajetsProposes($db, $mail)
{
$result = pg_query_params($db, "SELECT COUNT(*) from Trajet WHERE mailProposition = $1 AND estAnnule = false AND datedepart >= current_date;", array($mail));
@ -88,14 +69,6 @@ function getAvisNonLus($db, $mail)
}
}
function getPathImgProfil($mail)
{
if (file_exists("../imageProfil/$mail.png")) {
return "../imageProfil/$mail.png";
}
return "../imageProfil/default.svg";
}
function addVoiture($db, $matricule, $marque, $modele, $nbplaces, $anneefab)
{
$requete = "INSERT INTO public.voiture (matricule, marque, modele, nbplaces, anneefab, mail) VALUES ('" . $matricule . "','" . $marque . "','" . $modele . "','" . $nbplaces . "','" . $anneefab . "','" . $_SESSION['mail'] . "');";
@ -146,7 +119,7 @@ function showVoiture($db)
<div id="tableauBord">
<h1>Bienvenue <?php echo getLogin($db, $mail); ?></h1>
<div id="divImgProfil">
<img id="imgProfil" src="<?php echo getPathImgProfil($mail); ?>">
<img id="imgProfil" src="<?php echo getPathImgProfilTableau($mail); ?>">
</div>
<div id="trajet">
<a class="btnTrajet" href="../ah.php">Déposer un trajet</a>

Write Preview
Loading…
Cancel
Save