LouisD/a2-projet-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

correction of little bug in auth using cookies

Browse Source
This commit is contained in:
Louis DUMONT 2022-03-24 15:31:35 +01:00
parent 22c807570c
commit bcf207bbff
14 changed files with 55 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
assets/js/parameters.js
View File

@ -29,6 +29,7 @@ $(document).ready(function(){
new_pass: sha1($(input[1]).val().trim()), new_pass: sha1($(input[1]).val().trim()),
confirm_pass: sha1($(input[2]).val().trim())}, confirm_pass: sha1($(input[2]).val().trim())},
function(data, status, jqXHR) { function(data, status, jqXHR) {
console.log(data.trim());
if (data.trim() == "true"){ if (data.trim() == "true"){
$(".info_message").html("Mot de passe modifié avec succès"); $(".info_message").html("Mot de passe modifié avec succès");
$(".info_message").css("background-color", "#90ee90"); $(".info_message").css("background-color", "#90ee90");
@ -36,7 +37,7 @@ $(document).ready(function(){
for (let pas = 0; pas < 3; pas++) { for (let pas = 0; pas < 3; pas++) {
$(input[pas]).val(""); $(input[pas]).val("");
} }
setTimeout(function() { $(".info_message").css("display", "none"); }, 4000); setTimeout(function() { location.href='/controller/Disconnect.php'; }, 1000);
} else if (data.trim() == "new_not_match"){ } else if (data.trim() == "new_not_match"){
$(".info_message").html("Le nouveau mot de passe ne correpond pas avec le champ confirmation"); $(".info_message").html("Le nouveau mot de passe ne correpond pas avec le champ confirmation");

58
controller/Edit_password.php
View File

@ -1,38 +1,40 @@
<?php <?php
session_start(); if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
require "ConnexionBDD.php";
if (!$error) {
$query_check_cookie = $bdd->prepare('SELECT * FROM users NATURAL JOIN roles NATURAL JOIN roles_has_permissions NATURAL JOIN permissions WHERE code_permission="SFx1" AND username=:user AND password_user=:password_user;');
$query_check_cookie->execute(['user' => $_COOKIE['username'], 'password_user' => $_COOKIE['pass']]);
if ($query_check_cookie->rowCount() == 1){
if (isset($_SESSION["username"])){ if ($_SERVER['REQUEST_METHOD'] === 'POST') { /*Seulement si la method est en POST*/
if ($_SERVER['REQUEST_METHOD'] === 'POST') { /*Seulement si la method est en POST*/ if (isset($_POST["actual_pass"]) && isset($_POST["new_pass"]) && isset($_POST["confirm_pass"])){ /*Vérification de l'existance des paramètres*/
if (isset($_POST["actual_pass"]) && isset($_POST["new_pass"]) && isset($_POST["confirm_pass"])){ /*Vérification de l'existance des paramètres*/ $actual_pass = $_POST["actual_pass"]; /*Récupération des paramètres*/
$actual_pass = $_POST["actual_pass"]; /*Récupération des paramètres*/ $new_pass = $_POST["new_pass"];
$new_pass = $_POST["new_pass"]; $confirm_pass = $_POST["confirm_pass"];
$confirm_pass = $_POST["confirm_pass"];
require "ConnexionBDD.php"; /*Inclusion de la partie connexion*/ $query = $bdd->prepare('SELECT password_user FROM users WHERE username=:user;');
$query->execute(['user' => $_COOKIE["username"]]); /*Remplissage de la requete avec les données*/
$results = $query->fetchALL(PDO::FETCH_OBJ); /*Retour un résultat sous forme d'objet*/
if (!$error) { /*Si la connexion a été établie sans erreur*/ if ($query->rowCount() == 1){
$query = $bdd->prepare('SELECT password_user FROM users WHERE username=:user;'); if ($results[0]->password_user == $actual_pass){
$query->execute(['user' => $_SESSION["username"]]); /*Remplissage de la requete avec les données*/ if ($new_pass == $confirm_pass){
$results = $query->fetchALL(PDO::FETCH_OBJ); /*Retour un résultat sous forme d'objet*/ $query_update_pass = $bdd->prepare('UPDATE users SET password_user = :pass WHERE username=:user;');
$query_update_pass->execute(['user' => $_COOKIE["username"], 'pass' => $new_pass]);
if ($query->rowCount() == 1){ echo "true";
if ($results[0]->password_user == $actual_pass){ } else {
if ($new_pass == $confirm_pass){ echo "new_not_match";
$query_update_pass = $bdd->prepare('UPDATE users SET password_user = :pass WHERE username=:user;'); }
$query_update_pass->execute(['user' => $_SESSION["username"], 'pass' => $new_pass]);
echo "true";
} else {
echo "new_not_match";
} }
} else { echo "actual_not_match";} /*false si mot de passe non correct*/
else { echo "actual_not_match";} /*false si mot de passe non correct*/ } else { echo "false";}
} else { echo "false";} $bdd = null; /*Fin de connexion*/
$bdd = null; /*Fin de connexion*/ }
} else {echo "false";} /*Dans le cas d'une erreur de connexion à la BDD, retour false (erreur d'authentification)*/ }
} else {
echo "<script>location.href='/';</script>";
} }
} }
} else {
echo "<script>location.href='/';</script>";
} }
?> ?>

38
controller/Postuler.php
View File

@ -16,17 +16,20 @@ if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
$query_check_cookie->execute(['user' => $_COOKIE['username'], 'password_user' => $_COOKIE['pass']]); $query_check_cookie->execute(['user' => $_COOKIE['username'], 'password_user' => $_COOKIE['pass']]);
if ($query_check_cookie->rowCount() == 1){ if ($query_check_cookie->rowCount() == 1){
if (is_uploaded_file($_FILES['cv']['tmp_name']) && is_uploaded_file($_FILES['lm']['tmp_name']) && isset($_POST["ID_internship"])) { if (is_uploaded_file($_FILES['cv']['tmp_name']) && is_uploaded_file($_FILES['lm']['tmp_name']) && isset($_POST["ID_internship"])) {
$query_ID_user = $bdd->prepare('SELECT ID_user FROM users WHERE username=:user;'); $query_user = $bdd->prepare('SELECT ID_user, firstname_user, lastname_user, email_user FROM users WHERE username=:user;');
$query_ID_user->execute(['user' => $_COOKIE["username"]]); $query_user->execute(['user' => $_COOKIE["username"]]);
$ID_user = $query_ID_user->fetchALL(PDO::FETCH_OBJ)[0]->ID_user; $results_user = $query_user->fetchALL(PDO::FETCH_OBJ);
$location_cv = "/documents/users/".$ID_user."/"."candidatures/".$_POST["ID_internship"]."/".$_FILES['cv']['name']; $query_pilots_of_user = $bdd->prepare('SELECT * FROM users NATURAL JOIN user_belong_promo NATURAL JOIN promotions INNER JOIN roles ON roles.ID_role=users.ID_role WHERE (name_role="Pilote" OR name_role="Délégué(e)") AND ID_promotion=(SELECT ID_promotion FROM users NATURAL JOIN user_belong_promo NATURAL JOIN promotions WHERE username:user);');
$location_lm = "/documents/users/".$ID_user."/"."candidatures/".$_POST["ID_internship"]."/".$_FILES['lm']['name']; $query_pilots_of_user->execute(['user' => $_COOKIE["username"]]);
$results_pilots_of_user = $query_pilots_of_user->fetchALL(PDO::FETCH_OBJ);
echo $location_cv; $location_cv = "/documents/users/".$results_user[0]->ID_user."/"."candidatures/".$_POST["ID_internship"]."/".$_FILES['cv']['name'];
echo "<br>"; $location_lm = "/documents/users/".$results_user[0]->ID_user."/"."candidatures/".$_POST["ID_internship"]."/".$_FILES['lm']['name'];
echo $location_lm;
try { try {
if (!is_dir('../documents/')){ if (!is_dir('../documents/')){
@ -35,21 +38,21 @@ if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
if (!is_dir('../documents/users')){ if (!is_dir('../documents/users')){
mkdir("../documents/users", 0700); mkdir("../documents/users", 0700);
} }
if (!is_dir("../documents/users/".$ID_user."/")){ if (!is_dir("../documents/users/".$results_user[0]->ID_user."/")){
mkdir("../documents/users/".$ID_user."/", 0700); mkdir("../documents/users/".$results_user[0]->ID_user."/", 0700);
} }
if (!is_dir("../documents/users/".$ID_user."/"."candidatures/")){ if (!is_dir("../documents/users/".$results_user[0]->ID_user."/"."candidatures/")){
mkdir("../documents/users/".$ID_user."/"."candidatures/", 0700); mkdir("../documents/users/".$results_user[0]->ID_user."/"."candidatures/", 0700);
} }
if (!is_dir("../documents/users/".$ID_user."/"."candidatures/".$_POST["ID_internship"])){ if (!is_dir("../documents/users/".$results_user[0]->ID_user."/"."candidatures/".$_POST["ID_internship"])){
mkdir("../documents/users/".$ID_user."/"."candidatures/".$_POST["ID_internship"], 0700); mkdir("../documents/users/".$results_user[0]->ID_user."/"."candidatures/".$_POST["ID_internship"], 0700);
} }
move_uploaded_file($_FILES['cv']['tmp_name'], "..".$location_cv); move_uploaded_file($_FILES['cv']['tmp_name'], "..".$location_cv);
move_uploaded_file($_FILES['lm']['tmp_name'], "..".$location_lm); move_uploaded_file($_FILES['lm']['tmp_name'], "..".$location_lm);
$query_ID_user = $bdd->prepare('INSERT INTO candidatures VALUES (NULL, "1", :location_cv, :location_lm, NULL, NULL, :ID_user, :ID_internship);'); $query_ID_user = $bdd->prepare('INSERT INTO candidatures VALUES (NULL, "1", :location_cv, :location_lm, NULL, NULL, :ID_user, :ID_internship);');
$query_ID_user->execute(['location_cv' => $location_cv, 'location_lm' => $location_lm, 'ID_user' => $ID_user, 'ID_internship' => $_POST["ID_internship"]]); $query_ID_user->execute(['location_cv' => $location_cv, 'location_lm' => $location_lm, 'ID_user' => $results_user[0]->ID_user, 'ID_internship' => $_POST["ID_internship"]]);
try { try {
$mail->SMTPDebug = SMTP::DEBUG_SERVER; $mail->SMTPDebug = SMTP::DEBUG_SERVER;
@ -62,11 +65,11 @@ if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
$mail->Username = 'teamspeakcompte@gmail.com'; $mail->Username = 'teamspeakcompte@gmail.com';
$mail->Password = 'wptjusfmrxurmgcf'; $mail->Password = 'wptjusfmrxurmgcf';
$mail->setFrom('teamspeakcompte@gmail.com', 'CTS'); $mail->setFrom('teamspeakcompte@gmail.com', 'Ceci Ton Stage');
$mail->addAddress('louisdumont4@gmail.com', 'Louis'); $mail->addAddress('louisdumont4@gmail.com', 'Louis');
$mail->IsHTML(true); $mail->IsHTML(true);
$mail->Subject = "Send email using Gmail SMTP and PHPMailer"; $mail->Subject = "CTS - ";
$mail->Body = 'HTML message body. <b>Gmail</b> SMTP email body.'; $mail->Body = 'HTML message body. <b>Gmail</b> SMTP email body.';
$mail->AltBody = 'Plain text message body for non-HTML email client. Gmail SMTP email body.'; $mail->AltBody = 'Plain text message body for non-HTML email client. Gmail SMTP email body.';
@ -75,7 +78,6 @@ if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
} catch (Exception $e) { } catch (Exception $e) {
echo "Error in sending email. Mailer Error: {$mail->ErrorInfo}"; echo "Error in sending email. Mailer Error: {$mail->ErrorInfo}";
} }
echo "<script>location.href='/offres_stages.php';</script>"; echo "<script>location.href='/offres_stages.php';</script>";
} }
catch (Exception $e) { catch (Exception $e) {

BIN
documents/users/1/candidatures/3/CV.pdf
View File

Binary file not shown.

BIN
documents/users/1/candidatures/3/LM.pdf
View File

Binary file not shown.

BIN
documents/users/1/candidatures/4/CV.pdf
View File

Binary file not shown.

BIN
documents/users/1/candidatures/4/LM.pdf
View File

Binary file not shown.

0
documents/users/1/candidatures/2/CV.pdf → documents/users/2/candidatures/2/CV.pdf
View File

0
documents/users/1/candidatures/2/LM.pdf → documents/users/2/candidatures/2/LM.pdf
View File

BIN
documents/users/8/candidatures/3/CV.pdf
View File

Binary file not shown.

BIN
documents/users/8/candidatures/3/LM.pdf
View File

Binary file not shown.

BIN
documents/users/candidatures/3/CV.pdf
View File

Binary file not shown.

BIN
documents/users/candidatures/3/LM.pdf
View File

Binary file not shown.

1
index.php
View File

@ -6,6 +6,7 @@ if (isset($_COOKIE['username']) && isset($_COOKIE['pass'])) {
$query = $bdd->prepare('SELECT * FROM users NATURAL JOIN roles NATURAL JOIN roles_has_permissions NATURAL JOIN permissions WHERE code_permission="SFx1" AND username=:user AND password_user=:password_user;'); $query = $bdd->prepare('SELECT * FROM users NATURAL JOIN roles NATURAL JOIN roles_has_permissions NATURAL JOIN permissions WHERE code_permission="SFx1" AND username=:user AND password_user=:password_user;');
$query->execute(['user' => $_COOKIE['username'], 'password_user' => $_COOKIE['pass']]); $query->execute(['user' => $_COOKIE['username'], 'password_user' => $_COOKIE['pass']]);
if ($query->rowCount() == 1){echo "<script>location.href='/accueil.php';</script>";} if ($query->rowCount() == 1){echo "<script>location.href='/accueil.php';</script>";}
else {echo "<script>location.href='/controller/Disconnect.php';</script>";}
} }
} else { } else {
?> ?>