From ee108ab907803eb87ff85675c9cb2f22305d2fbc Mon Sep 17 00:00:00 2001 From: Lucas Mascaro Date: Wed, 2 Dec 2015 11:58:45 +0100 Subject: [PATCH 1/3] ajout de la BDD --- Docs/BDD.sql | 84 +++++++++++++++++++++++++++++++++++++++++++++++++ Docs/Model.mwb | Bin 0 -> 8294 bytes 2 files changed, 84 insertions(+) create mode 100644 Docs/BDD.sql create mode 100644 Docs/Model.mwb diff --git a/Docs/BDD.sql b/Docs/BDD.sql new file mode 100644 index 0000000..b90db3e --- /dev/null +++ b/Docs/BDD.sql @@ -0,0 +1,84 @@ +-- MySQL Workbench Forward Engineering + +SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS=0; +SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS=0; +SET @OLD_SQL_MODE=@@SQL_MODE, SQL_MODE='TRADITIONAL,ALLOW_INVALID_DATES'; + +-- ----------------------------------------------------- +-- Schema projetphp +-- ----------------------------------------------------- + +-- ----------------------------------------------------- +-- Schema projetphp +-- ----------------------------------------------------- +CREATE SCHEMA IF NOT EXISTS `projetphp` DEFAULT CHARACTER SET utf8 ; +USE `projetphp` ; + +-- ----------------------------------------------------- +-- Table `projetphp`.`Medecin` +-- ----------------------------------------------------- +CREATE TABLE IF NOT EXISTS `projetphp`.`Medecin` ( + `id` INT NOT NULL AUTO_INCREMENT, + `Civilite` CHAR(1) NOT NULL, + `Prenom` VARCHAR(45) NOT NULL, + `Nom` VARCHAR(45) NOT NULL, + PRIMARY KEY (`id`), + UNIQUE INDEX `id_UNIQUE` (`id` ASC)) +ENGINE = InnoDB; + + +-- ----------------------------------------------------- +-- Table `projetphp`.`Patient` +-- ----------------------------------------------------- +CREATE TABLE IF NOT EXISTS `projetphp`.`Patient` ( + `Civilite` CHAR(1) NOT NULL, + `Nom` VARCHAR(45) CHARACTER SET 'big5' NOT NULL, + `Prenom` VARCHAR(45) NOT NULL, + `Adresse` VARCHAR(100) NOT NULL, + `Ville` VARCHAR(50) NOT NULL, + `CodePostal` SMALLINT(4) NOT NULL, + `DateNaissance` DATE NOT NULL, + `LieuNaissance` VARCHAR(50) NOT NULL, + `NumSecuriteSociale` INT(15) NOT NULL, + `Id` INT NOT NULL AUTO_INCREMENT, + `MedecinTraitant` INT NULL, + UNIQUE INDEX `NumSecuriteSociale_UNIQUE` (`NumSecuriteSociale` ASC), + PRIMARY KEY (`Id`), + UNIQUE INDEX `Id_UNIQUE` (`Id` ASC), + INDEX `fk_Patient_Medecin_idx` (`MedecinTraitant` ASC), + CONSTRAINT `fk_Patient_Medecin` + FOREIGN KEY (`MedecinTraitant`) + REFERENCES `projetphp`.`Medecin` (`id`) + ON DELETE NO ACTION + ON UPDATE NO ACTION) +ENGINE = InnoDB; + + +-- ----------------------------------------------------- +-- Table `projetphp`.`RDV` +-- ----------------------------------------------------- +CREATE TABLE IF NOT EXISTS `projetphp`.`RDV` ( + `id` INT NOT NULL, + `DateRDV` TIMESTAMP NULL, + `Duree` TIME NULL, + `Patient_Id` INT NOT NULL, + `Medecin_id` INT NOT NULL, + PRIMARY KEY (`id`), + INDEX `fk_RDV_Patient1_idx` (`Patient_Id` ASC), + INDEX `fk_RDV_Medecin1_idx` (`Medecin_id` ASC), + CONSTRAINT `fk_RDV_Patient1` + FOREIGN KEY (`Patient_Id`) + REFERENCES `projetphp`.`Patient` (`Id`) + ON DELETE NO ACTION + ON UPDATE NO ACTION, + CONSTRAINT `fk_RDV_Medecin1` + FOREIGN KEY (`Medecin_id`) + REFERENCES `projetphp`.`Medecin` (`id`) + ON DELETE NO ACTION + ON UPDATE NO ACTION) +ENGINE = InnoDB; + + +SET SQL_MODE=@OLD_SQL_MODE; +SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS; +SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS; diff --git a/Docs/Model.mwb b/Docs/Model.mwb new file mode 100644 index 0000000000000000000000000000000000000000..d74694941a95d9079e0272a64f828adadd215450 GIT binary patch literal 8294 zcmZ`%_o};;<_+<<-Aa{~etla(aSic9tSusWQ6FGf2COA(dKgt+tbdo7vh|=eM z<&=cmgVKIiVuxwOQiA7wWlUbMgIY}DjobTAzMJ2?ehlQ>&S9jB1^9oJy7A`&;3!900P=J|vE?p}f?NL_kgg=+8vmwPkra z*sVFMCnq+L1pI;vn`Q4?3~~$Up9+D8RA5g;`;F!Pa^ME=5Op71OKJ%P;tAGrrW zEKri!Knvz|?otCzO1;uA`}R-Lvol{xi3|GD5M6H>c-}kHp-1j-Y2d48ekZpKX(osV zI?@tRRLQPfS3bX@uO2%wD!z*DURl9ErDDc7Pc6vWejS-(E}Cy$b-E3`9r9Tv{-E)E zyBeFxxe-izci#?`Hwn05kgFM)kzn#dq}ifUC4V@YiF(u!iLB8*CK5%m6Ac^WP@OT$ z>D=iXMiQ8{2WSLi&Xu-7{g0oHV zt1V@D%K9Tuo#1T8a)ghfED@Hvq0nOxTit6R95~Ezu@3ODvg{j0pXd$2;%}Pi_uHgk z-#h4QhM4-DNe@|K9Bj*ASYcT2%9&w8!dOT=wzz%$(sP>bbSpi|{ow_X+%oNr1t{#1 z5L`c35WVVG&=1H0JA9Ke;%QlN9k*K>R<-)w2qTm1$OsgYPXX={?~|qN^4yZc`W5wl zVzqICQ--^&;p8GI~K*_ZuV`2VQ zc4t5=4ecz7WL!Wi4h|SD==OmkGwBKPxXl;8ODC>2M}YAWnojC*XHg2T!Oknc(v~j^ z@%U4IBt~!p^(fprEpHBx}KzzUW!dyn8azk>YiXr&+l2)%y76YM@Q@=Ot?u;Kd=t9YAq8? zdoMBmTt*olR1Ghge0ZATt}=P~+Q&?C`AyJwbo>1gMk27TDN5HYE=o|ouy#PDsdax( zIlOQ5eko;h4tzi9dk-y0(KIINuPsYwRh?1c=eL-0|!g!rjmN`KBNl`uTK4exnKhMi)dN-?oR$ zuF@(-G}dqwgh01cV7%6Xb5mH7^n|!nzDcC7eRE4iQ4rEkw0UEe*-yxzmQo~9jD@~K zQ4an*=PTv)wv;}>F@7W)Oe@*?ckMtxJAVR<5p;LNf0Phi@ zb9ydihqW3Z+Le+=)E9wbGrny~xZUwbiqgLZ?axm}A&9gPnC>?S0YVH!uX8AYr6x4G z(K7Hkd^aJ2ot{Y`Z$QJU{FrW#H+joLYh0|s=3+9QNe0Zf9NKt!^6Rfc92D10$WO=3`6YI;tiqEwEC;#C&G_$a-8vwxxGX!<6+b7s1dK4616qEYIZqD zkC)`mw^UfjN7``p9CVKt zJsfqR!j~c2CiUSYk-*_fv>Rt!m7k$VWa=u?!U~O*e)ZA_m?aTxr}k=I7z*2@Ea{tX2uQ&+sGuHwUsFH}?F)3bbwk){y7B(AkfaN9m@L{xr2;*iZKs+FXCv{w6*kL+B5aI9oL;1^Y_VbUH$%I<1+c4W^}(5!F|# zJS{&yY)7k9u5CZ$cu4ZOTXR|-V0+$5CFz%Ueb+BUjAOxDdCDS1ojnTHD!|940xfbO z2kgG>dzp&&rCh3aeRy3i8;!`@82b99yML{4nIcZNO9_6@p>Ne#KqQjKvae|n_je$` z0t?sOY;iQp)$JL4JFRrr6+%Q#4f1Ae7H~)wV!*%Y--t!fPL39ph8uv77(`uc`_-IW zI#m!LBd#-0us4sH3TWU5@h~`zg;~+2o8it=tY^xo9YD;=br`EUDYqNXQ)r(gY;N2$ z%G>(do+Xya(kXE6814GgSl{;opo-v^(aa7ImN%=z}e)HrJ%Dd z`a2C4lBunIs>sin|CAWBT0JuCanU!@ud~isNJVJ`oY1MIrDAazfej=Y#rPC;*| zxIu4l>a*-Hn38w3UW2vrk(O>ZfIknotDf%YvEGE%<|Dq{?x+dH$8B()Nx9JA-Kdkz zw$|<+>5Q)wGxXE5El4f2vBG?iVk!(_u@>3!Y@HTJ#rQJ-M~EeAxt*k#{F7976xWw11H2>XrH9HoI$$iB73;Jj4u8pv_QYzbQGF zCy-Tzo|LZ4Ny!<|m(HHBPZ2TkmH~dk88Rv!_*7s28XNMGRk0Quf0@m13dCAqDT-$& znKeM#JwC9)Mpw{XNGzn5O}pO0jDp$-8b=MsD)&3x=uk!Uiy9;}l=9#zok7E;;|MdB zLv^gL`~fR6mDDUL74-Y_2}fK;QjsjPAb2A-BknlFThQ3X30M3`AG|Q;-1Cje6+47B zdW6qM1M1J7!2OFixG}ozt9L~J*3ipn%`OT%HTr z?G6xPftH_;a*HULYteyB1GQ)(_br&XJXB)D-P+xtQN;3OzL$Ct72)J^#EVdL#=AW| zZBW#T`X&ulPM;`a6cZT9BeKkaT%jV>lSnc6%TYZ5?jYHX?+)2zN1E@yZ$-U?hdDFb+cZvQq3y4ORrYsfQxE){{4mCd`74lD(Xyj%QRgA+4!3%hr&F zWBPiida@e5#2)PMPs!$hE;##tMvRQ*G|n??4~K$VGO^UexJ=~ICJ__w;$3)A0c=h` zlbJ3I!`~`n3%{w~)LJ$Ud|J@?f>jY6gNtv9E-3-{Zb%TL0lS$Lljbz&(j}1K`{ynm zd()BqB)n+=EAixk_05OuWuZt%+ODpFT_rm+I&D7VUtZt(#lV z(Uz~)&v#FA;tdL`h{P*rv~Z;+S@6opZM?Y~cI}9nq7Z*6d`J9b_oEx(>a%5GI^U3apW>Epbm5 zCqHZYbngOjRiB0t?#kyDs$!V;{Y#Wo=els`0>2C#`+C!)a@-Ng*V!aU*$eEdt0@V7 zNdGBt<2~XF!9s5YS)Hw*NG6hSeZTp{vPZF@1?CI+{Ssf-Es3FW&G)L!0Rhb@apS*r zm5u(cAaah~1sJhdBICBXE0}2fFF32B_1&HM6M8bYg!u0&Mu2wI-m9~I7LXiW=S zDJilQ*?dybd{)DN^BZAXz7kSEz6t9IgalSe#HHh$dvd}*sINF4ckM6z$xrZ&6qaboDqJzUiF<7GeqHo0X&t}VHoF;T!W3NDIpW?WK@+6=1i}`lUR987 zN&1{572JICD`f)xRJ&{%HoPd!6uH8&4(NiK?3-rdT>WdQt=u^8+{w9`wwEKRysNhSzJiG9tduO$913L~J*P9u-KUs1H7y@+tXvbUc|cf}SvfArA7x1j zgT7iLz?Z#pwr}?E6ObHMJ98QmvLeZW6iV;1s^T|b6$Qp4m93bkVkB#vhCtmrMo&N^ z4z2jb#V%ZZl;*bu!@(?gCo8Yp(6GN#FLCKjyg6JQhH}A+DVX>e5VJcdmL=d;qK!zn-u9yY2mS`$O2e=Ez(RJyZ|ZD60g2&~YdnP_fu4!9uaunpoZClVpR)Kh zNhg4TCF#%XJPu1CQD}ghM}!yM=N}QmIFUw31+as&(t2SuA(+y&myzF+-*%`1+Nq-E z$?OfUNki1YRB#yNXXFF&b=>wdgK=P9A!XQbb3w{|sib&Ce`>k~*KC;b21aQ_cmOKw zT2H(uV-TjCA9E%%itx4EZvvnfD#oxVZW%XTt^z?Vlz)OHl8Trr3BwN(24QcfSBxRs zfJxNwghiY~&>9{_h@dYDd^mR?n_VumVfnYH#rmuAdg}Tx#J1`tY~>pnp{g3`rL#X| zUvu5Z_slrFb$LgA*mSe>|wpc*N!;MjFC zibLyaU(qY-4#)az|2}+s*EyLgyvndO{8&Sm%$dB`lh{hlx~k-Rg)L8XpT&m0nhA{7 zEj(sCy34GDDhR}6jX;iWJiPS1eC^Wf>*6siux{yS@O5R9cdx!!3=r z>gj|D02}TfO*f4)RGl1`J_}cIzo3aaIcBK}GUj(&A=n6{vUvnvRwObN-Y zpn?*t{Rli8V6|Z!z7KjrJ3N%=Gq&?(991LwJ{u5=w|Z?+&EE?XQC^%KB66ZPqI z7cAyM?}#VG40fFF5jL?Cx0SMSz=F&aCAL6K2$vvq0_NYEa4yX;u5`cdsxR7GIDTzz z-FJJR{%%G#SV;@?hSoUzyl!v_u{?8QPTpxltd})6)J+Uqlk%e(riN2t>T@4mT~%PP zdX^RsG9giCwfW=Q;p=Vp#MVWoOKsyOTK^N?O@r^LiSo+m?>-)ieNTs`PH*l|BoSg< z!jNK82$fUO(6x-s`(B;3bK_hp1_R}=uslYqky~j6S_)gbYS=1ahOfCK7!onk**U0# zb665%S1-F^?!rN$bNS6o7^36RtYD5vQt?_rjA1-pZJIC@>bPaL2r&oBl*};bp`mP~ zqLE1jX+1Fue<39@eDXL0j9~A0-6FChn0PX2>A`rs=uDvi&^}DU3t6~`;&QZy`(LyQ z7~^+?LPSbz@t0KUZ+{dI(v%)nPss06VCM&BohOChYJyq5blwG9 zfQ|R=q0`5p?_jw3#1!yilLS5MS@uo8~jU?5u{EJHfm`hrffbvWyd{k z)-%xYl_!g^$|nw8raa_ynRBuzV$-AUXmZ-|sjUU`lGIx2M%bn28DNK1^z71W7kNU0 zsW{XgZa0HjBd8v_Dz-e;AAFTRT1<@(ChqRU0_`G3C8gi&ysYg>sgp48ATgKtyS@YR zu3y!6FR~?*gXlO(l#VtVejl6+ZK)i5B(*EuH9crQyb75_3@vP5ATEt_Z^4OzPlxVK zymb`~t#=?N5}E?xEKTfOu=@K`wNORp*+R)S(6&PPj2%Z^m#KilGdR*B!b-{WT)J+4;P?+% zOK6?|csdE*C1|~rS!_s-BL>daY>85hk8j%4{>8$9Tu>I*03Um!x}Jn(b2QXg*i^Sb9Fp35tmPY4(dWNYzX%L8{o`x!UX4K|N?{oPGeldAy zc6CW}5G#=%PjdU2&yJ>?UA%I6maS4X&ba0$$->p~9#6CUe0%1Tx`&!Pold$g6g`vv zc{+`f;$T}ndH~%;nXv=tk%@ERvAV}}ZAdEW>qsT?$VaJ_Z`|OePIUwQK#R`}LJ}xD zy=#c0jeHN=l~T^CC?cNL!sBBw!o*05^FV3H2yRGzK&(l8xzb^TiB# z%+~Oq;MWawofF-Ig$LqO+~m=@RDj3Kd^(tiRG}3$0}M(=Kj&{6eLC*>Ow)Pyi6fL! zM=xJRxocqbh9D3(**+2eoU{1#kiJh8#>s|aA zqD%#AW^6zbtF?xvxQQ5-_*EnCycuSHyYT$4A0mYD+&HYQV$vMsrlypexLq5l&^@>F zcTHGqtiJkhKA#hRipKWjK>TO|tWQPmR&*{X?JYfR1N5uEhCokPF>-i4@qy&LQjwU| zr9PWE-kni(W6cVbah!=*oafWZ^tWS}d`osq)5r)d{rf`0N>ic`kn;NVU4TWk)@dT) zu~GZ+_6nm8FNYn9p0(N;iCn-MGKXMc5qoGAO&~f|9y5nr;2c7Lr+CKzS=uY%lqy_a z_A1=5rH=wJ=8d(Z!A-qx=ezVm?!m^Q=hGMAzHv`ANG}nAST!}f#*`I77Zpinml(Pk zj+g)t2Ic0;HzeK9@M`WHo~F3SDy`>%#O(r3roB zBr2JUvquFwS0h*HdvSSBdNLRmYr#nD9WTSF$woGJ1}KwSKXHP1vT$|PleK>D`m8%N z72sDj9H^Bu)6(%-jI|hytqmIdfQ%ksc`+ZWx_3YDkXTwb zo4AVsar9fBW#_VrRB1YlFY-Tj(*7`$ zN(i&!tX0|Cy=5$tu}NiR>6?%9$(#X{)pkxP>)L3F><=Q22{O&3=!~9dp5c&ADcN2) z)EMU*KczaaafWT1T$o&c-p$~?esx`0V$9oi(<>-TYe1m^=O~JuNz}=^IXWRV7C+2` z@v8SU45N>qS#oSYC}dU%>Bi=)KVw{lJ8x9Gn-DU{QL0tKrDPYDI>tUXwCyjHn)pRD za2GSB^Hl~{P9$vTG(A&PO(ZNLrFJfh4*soMvbsgW?AkWcqwJIjs8%N^ef;rQt%OtRpMF*tkq+t(y+!khkC~X3@!LMbIqu z^H@X?^bd7^SP)LB-}4lnE{0W{w=!tTxVm18QyaOaeKfU4JanG=osERu-^5%<)jH$7 zFb&DO@Mj8e@^_(K*NIDG{?=f{#oDh&Xg&6vE24&mFGed~xI-3EuSx3L68REM2R>@D z#@ugucCq@Ia_@XhqygK!xf;%sIAqP3%e*>-+7X`X>YENkCB(k(la^JPueTrnCKHwZ zl8FH|u=mqYe_2Fw2ngiAO32ud$r$JaWHdHBPm{G>V8$KEDlDp08Zt3Vce%3oRqRY& zeNN7+SWblTW4-<2JgGgVKovY;UeCfv0LS}B>XBXN3C%7PnZRy7rmJoWUXT1R2edMM zW-1Jdtq@=;rVfUj>pLa zaf2h)-anv>=giq%{qs4jqndl-vp?oCJwJvpO#S*=R31iv`3R>=oC0H`8$DrP?2F9N`_|^t|?6%I;@N+!g|fNCH=E@ z7B>(d{v?v#cwMi!I+`L6l$sZvO3;`Dmlv2C-gDMkw5wBwz=p=VYcgxbACH!Pmvy*n zVVr}i$#gva#3T{JxvaiT^My1oEP(z}+PF4H2Wux#PyRMhf3kVm?YZ;UYVZuWp)>FM!MX1V zYW>?tZazwo4ziK^zF?&N7$ebEpZzV$E0*T8?MO`2n;&L9%<%3Gqs?PQZ2UB@I*@-d z`KZMD_i%g_Uk^TMNSuu7T>w_<>Y~~bnNl7a1?f`3`t8lH4=Z-p)sG2Fyc+)}JtM5+pR#Uj^@uqBd~()K3-T=yrn~vF3Q}!`ShezPTWI`6M&wH^G^9Sp6=42;T`+RF z3xLq}pdSD3zHd}safEDetb4L;TAs!nDfKl;WL#D7K&*Pk+r@F7r;D98({0=X6#D6J z7F8YvAq3SX=;eIiO%Wc#E66}XVMG7_Z2RB4|KHN=|Bw2Id;fRD|INGqk3R%Nvp@A; z^MAAO{~7&%CECBEo&R$A|B-eIGO+*r0Dyr0JIelQ5HSP Date: Wed, 2 Dec 2015 12:32:57 +0100 Subject: [PATCH 2/3] mise en place de l'authentification --- autoloader.php | 27 ++++-- login.php | 43 ++++----- src/Authentification.php | 87 +++++++++++++++++ src/Response.php | 202 +++++++++++++++++++++++++++++++++++++++ src/config/users.json | 6 ++ 5 files changed, 331 insertions(+), 34 deletions(-) create mode 100755 src/Authentification.php create mode 100644 src/Response.php create mode 100755 src/config/users.json diff --git a/autoloader.php b/autoloader.php index dbfecc3..da6f80f 100755 --- a/autoloader.php +++ b/autoloader.php @@ -4,18 +4,27 @@ * fonction d'autoloading : prend en paramètre le nom de la classe et s'occupe d'inclure les fichiers correspondant aux classes */ +//pour l'inclusion dans le dossier src +$GLOBALS['managers_dir'] = dirname(__FILE__).DIRECTORY_SEPARATOR.'src'; + function autoloader($class) { - //si on charge le StaticRepo - if(strpos($class, 'StaticRepo') !== FALSE){ - require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'repositories'.DIRECTORY_SEPARATOR.$class . '.php'; - } - //si on charge un Repo - elseif(strpos($class, 'Repo') !== FALSE){ - require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'repositories'.DIRECTORY_SEPARATOR.'repos'.DIRECTORY_SEPARATOR.$class . '.php'; + //si on charge le StaticRepo + if(strpos($class, 'StaticRepo') !== FALSE){ + require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'repositories'.DIRECTORY_SEPARATOR.$class . '.php'; + } + //si on charge un Repo + elseif(strpos($class, 'Repo') !== FALSE){ + require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'repositories'.DIRECTORY_SEPARATOR.'repos'.DIRECTORY_SEPARATOR.$class . '.php'; - //cas particuliers pas identifiable par nom de classe - } + //cas particuliers pas identifiable par nom de classe + }else{ + //si on charge un manager + if(is_file(dirname(__FILE__).DIRECTORY_SEPARATOR.'src'.DIRECTORY_SEPARATOR.$class . '.php')){ + require_once dirname(__FILE__).DIRECTORY_SEPARATOR.'src'.DIRECTORY_SEPARATOR.$class . '.php'; + + } + } } //enregistrememnt de la fonction tout en bas de la pile pour ne pas casser l'autoloader de phpUnit diff --git a/login.php b/login.php index 84e8407..c07c582 100755 --- a/login.php +++ b/login.php @@ -1,29 +1,23 @@ - 1 && strlen($_POST['mail']) > 1 && strlen($_POST['password']) > 1 && strlen($_POST['co']) > 1; // si au moins 1 caractère - $usernameCheck = $postVariablesNEmpty && preg_match("/^[\w -]{3,10}$/i", $_POST['username']); // utilisateur -> "alphanum_- " -> 3 à 10 caractères - $mailCheck = $usernameCheck && preg_match("/^[\w\.-]+@[\w\.-]+\.[a-z]{2,4}$/i", $_POST['mail']); // mail -> bon format - $passwordCheck = $mailCheck && preg_match("/^[\w -]{8,50}$/i", $_POST['password']); // password -> "alphanum_- " -> 8 à 50 caractères - $coCheck = $passwordCheck && $_POST['co'] == 'Me connecter'; - -if( $coCheck ){ // si toutes les valeurs sont correctes - - $user = array(); // on définit l'utilisateur - $user['name'] = $_POST['username']; - $user['mail'] = $_POST['mail']; - $user['password'] = $_POST['password']; - $user['hash'] = sha1($_POST['password']); +authentification($_POST['username'],$_POST['password']); } - -// retourne VRAI si l'utilisateur est connecté -function connected($user){ return ($user != null); } - +if(Authentification::checkUser(0)){ + header("Location: http://".$_SERVER['HTTP_HOST']."/Dashboard.php"); + die(); +}; ?> @@ -59,14 +53,13 @@ function connected($user){ return ($user != null); } echo 'Vous êtes connectés.'; } - echo ""; - echo ""; - echo ""; + echo ""; + echo ""; echo ""; echo ""; ?> - + \ No newline at end of file diff --git a/src/Authentification.php b/src/Authentification.php new file mode 100755 index 0000000..a81fd19 --- /dev/null +++ b/src/Authentification.php @@ -0,0 +1,87 @@ +users = json_decode(file_get_contents($GLOBALS['managers_dir'].DIRECTORY_SEPARATOR.'config'.DIRECTORY_SEPARATOR.'users.json'),true); + } + + /** + * méthode d'authentification, utilise param['identifiant'] et param['mdp'] et les comparent à + * nos utilisateurs enregistrés puis créer une session securisée par token + * @param array $param contiens les infomations de connection + * @return json json contenant le résultat de l'authentification (true si authentification correcte, sinon non) + */ + public function authentification($user,$mdp){ + foreach($this->users as $utilisateur=>$infos){ + if($utilisateur == $user and $infos['password'] == $mdp){ + $this->createSecureSession($user,$infos['role']); + return true; + } + } + return false; + } + + /** + * déconnecte l'utilisateur en détruisant la session et le cookie + * @return json renvoie true, il n'y aucune raison que ça foire + */ + public function deconnection(){ + $this->destroySecureSession(); + Response::quickResponse(200,json_encode(['result' => true])); + } + + /** + * créer une session sécurisé , protégé du vol de session par identification de l'utilisateur par navigateur/ip/cookie + * @param String $user nom d'utilisateur + * @param String $role role de l'utilisateur (0=administrateur, 1= prof, 2=scolarité,3=élève) + * @return void + */ + private function createSecureSession($user,$role){ + $id = uniqid(); + $_SESSION['id'] = $id; + $_SESSION['token'] = sha1($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR'].$id); + setcookie('UserId',$id,time()+10*60,'/'); + + $_SESSION['user'] = $user; + $_SESSION['role'] = $role; + + } + + /** + * Détruit une session + * @return void + */ + private function destroySecureSession(){ + session_destroy(); + setcookie('token',time()-1); + } + + /** + * Vérifie qu'un utilisateur donné a les droits demandés (passés en paramètres) + * @param int $role role minimum + * @param boolean $strict si strict vaut true, seul les utilisateurs avec le role précis seront acceptés, sinon tout les utilisateurs + * avec un role superieur le seront + * @return boolean + */ + public static function checkUser($role, $strict=false){ + if(isset($_SESSION['token'])){ + foreach($_SESSION['role'] as $roleUser){ + if(($strict and $roleUser == $role) or (!$strict and $roleUser<= $role)){ + if($_SESSION['token'] == sha1($_SERVER['HTTP_USER_AGENT'].$_SERVER['REMOTE_ADDR'].$_SESSION['id'])){ + setcookie('UserId',$_COOKIE['UserId'],time()+10*60,'/'); + return true; + }; + } + } + } + return false; + } + + public static function getCurrentUser(){ + return $_SESSION['user']; + } +} +?> diff --git a/src/Response.php b/src/Response.php new file mode 100644 index 0000000..23e3971 --- /dev/null +++ b/src/Response.php @@ -0,0 +1,202 @@ + '100 Continue', + 101 => '101 Switching Protocols', + //Successful 2xx + 200 => '200 OK', + 201 => '201 Created', + 202 => '202 Accepted', + 203 => '203 Non-Authoritative Information', + 204 => '204 No Content', + 205 => '205 Reset Content', + 206 => '206 Partial Content', + 226 => '226 IM Used', + //Redirection 3xx + 300 => '300 Multiple Choices', + 301 => '301 Moved Permanently', + 302 => '302 Found', + 303 => '303 See Other', + 304 => '304 Not Modified', + 305 => '305 Use Proxy', + 306 => '306 (Unused)', + 307 => '307 Temporary Redirect', + //Client Error 4xx + 400 => '400 Bad Request', + 401 => '401 Unauthorized', + 402 => '402 Payment Required', + 403 => '403 Forbidden', + 404 => '404 Not Found', + 405 => '405 Method Not Allowed', + 406 => '406 Not Acceptable', + 407 => '407 Proxy Authentication Required', + 408 => '408 Request Timeout', + 409 => '409 Conflict', + 410 => '410 Gone', + 411 => '411 Length Required', + 412 => '412 Precondition Failed', + 413 => '413 Request Entity Too Large', + 414 => '414 Request-URI Too Long', + 415 => '415 Unsupported Media Type', + 416 => '416 Requested Range Not Satisfiable', + 417 => '417 Expectation Failed', + 418 => '418 I\'m a teapot', + 422 => '422 Unprocessable Entity', + 423 => '423 Locked', + 426 => '426 Upgrade Required', + 428 => '428 Precondition Required', + 429 => '429 Too Many Requests', + 431 => '431 Request Header Fields Too Large', + //Server Error 5xx + 500 => '500 Internal Server Error', + 501 => '501 Not Implemented', + 502 => '502 Bad Gateway', + 503 => '503 Service Unavailable', + 504 => '504 Gateway Timeout', + 505 => '505 HTTP Version Not Supported', + 506 => '506 Variant Also Negotiates', + 510 => '510 Not Extended', + 511 => '511 Network Authentication Required' + ); + + /** + * Constructeur de la Response + * @param int $status status HTTP de la réponse (404,200,500, etc) + * @param bool|false $stream Si la réponse est un stream (avtive/désactive les méthodes send/stream() + * @param string $type type HTTP des données de retour + * @param bool|true $clearBuffer si activé, vide le buffer avant chaque envoi de donnée (a pour effet de ne pas afficher les echo/printf) + */ + public function __construct($status = 200,$stream = false,$type = 'application/json', $clearBuffer = false) + { + $this->status = $status; + array_push($this->headers,['Content-Type',$type]); + + $this->config['clearBuffer'] = $clearBuffer; + $this->config['stream'] = $stream; + } + + /** Ajoute du contenu a la réponse qui sera envoyé (par stream() ou par send() ) + * @param $content contenu a ajouter a la réponse + */ + public function write($content){ + $this->response .= $content; + } + + /** Envoie une partie de réponse au client (doit être récupéré en ajax, aucun intéret sinon), chaque bloc de donéne envoyé est séparé par + * un délimiteur ("//Block//" par défaut).ATTENTION: stream() vide la réponse (si on write() puis stream(), la réponse qu'il restera dans l'objet sera vide) + * @param string $content contenu a envoyer (optionnel car on peut utiliser la méthode write pour le faire) + * @throws Exception si la réponse n'est pas un stream + */ + public function stream($content="",$delimiter = "//Block//"){ + //vérification que la réponse est un stream + if(!$this->config['stream']){ + throw new Exception("Stream d'une réponse synchrone"); + } + //si les headers ne sont pas encore envoyés, on le fait + if(!headers_sent()){ + $this->sendHeader(); + } + //si demandé, on clear le buffer avant d'envoyer + if($this->config['clearBuffer']){ + ob_end_clean(); + if($GLOBALS['compression']){ + ob_start("ob_gzhandler"); + }else{ + ob_start(); + } + } + //on envoi le contenu de response et la variable content + if($this->response!=""){ + echo $delimiter.$this->response; + }if($content != ""){ + echo $delimiter.$content; + } + ob_flush();flush(); + $this->response = ''; + } + + /** + * Envoi les headers de la réponse (status et ceux potentiellement défnini par l'utilisateur) + */ + public function sendHeader(){ + //envoie le status de la requete (petit trick suivant l'architecture de PHP) + if (strpos(PHP_SAPI, 'cgi') === 0) { + header(sprintf('Status: %s', $this->Messages[$this->status])); + } else { + header(sprintf('HTTP/1.1 %s', $this->Messages[$this->status])); + } + //les autres headers + foreach($this->headers as $header){ + header(sprintf('%s: %s',$header[0],$header[1])); + } + } + + /** + * Défini un header qui sera envoyé + * @param $header Nom du header + * @param $value Valeur du header + */ + public function setHeader($header,$value){ + array_push($this->headers,[$header,$value]); + } + + /** Envoi la réponse et ferme la communication + * @throws Exception si la réponse est un stream + */ + public function send(){ + //vérification que la réponse n'est pas un stream + if($this->config['stream']){ + throw new Exception("Envoi synchrone d'une réponse stream"); + } + //si les headers ne sont pas encore envoyés, on le fait + if(!headers_sent()){ + $this->sendHeader(); + } + //si demandé, on clear le buffer avant d'envoyer + if($this->config['clearBuffer']){ + ob_end_clean(); + if($GLOBALS['compression']){ + ob_start("ob_gzhandler"); + }else{ + ob_start(); + } + } + //envoi de la réponse + echo $this->response; + //fermeture de la communication + header('Connection: close'); + header('Content-Length: '.ob_get_length()); + ob_end_flush(); + ob_flush(); + flush(); + //permet au reste du script de s'executer même si la réponse a été envoyé et que l'utilisateur interromp le script (changement de page, etc...) + ignore_user_abort(true); + } + + /** + * @param int $status status HTTP de la réponse (404,200,500, etc) + * @param $content + * @param string $type + */ + public static function quickResponse($status,$content,$type = 'application/json'){ + $response = new Response($status,false,$type); + $response->write($content); + $response->send(); + } +} diff --git a/src/config/users.json b/src/config/users.json new file mode 100755 index 0000000..310a83a --- /dev/null +++ b/src/config/users.json @@ -0,0 +1,6 @@ +{ + "secretaire": { + "password":"thecakeisalie", + "role":[0] + } +} From a78bbc29a1da27ebbb27d029e8f90855f2e65932 Mon Sep 17 00:00:00 2001 From: Lucas Mascaro Date: Wed, 2 Dec 2015 12:34:24 +0100 Subject: [PATCH 3/3] rename de fichier --- login.php => index.php | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename login.php => index.php (100%) diff --git a/login.php b/index.php similarity index 100% rename from login.php rename to index.php