diff --git a/automate.php b/automate.php index ed33567..31ced1a 100755 --- a/automate.php +++ b/automate.php @@ -282,4 +282,5 @@ }//testDatabaseChecker(); + ?> \ No newline at end of file diff --git a/index.php b/index.php index 6dcb999..26e675b 100755 --- a/index.php +++ b/index.php @@ -1,4 +1,5 @@ = 0 && $value <= 100; + break; + } return $checker; diff --git a/manager/autoloader.php b/manager/autoloader.php index 66b81a6..7e8f94e 100755 --- a/manager/autoloader.php +++ b/manager/autoloader.php @@ -1,5 +1,10 @@ Nom de la classe appelee + * + */ function autoloader($className){ $path = ''; @@ -29,4 +36,11 @@ spl_autoload_register('autoloader', false, true); + + + /* On demarre la session securisee PHP + =========================================================*/ + // Condition ajoutee pour PHPUNIT + if( isset($_SERVER['REMOTE_ADDR']) ) + \manager\sessionManager::session_start(); ?> \ No newline at end of file diff --git a/manager/module/userDefault.php b/manager/module/userDefault.php index 1f68b29..8344d54 100755 --- a/manager/module/userDefault.php +++ b/manager/module/userDefault.php @@ -37,14 +37,15 @@ public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){ /* [1] Normalisation + verification des donnees =========================================================*/ - $password_hash = sha1($password); + $password_hash = \manager\sessionManager::secure_sha1($password); $correct_param = \manager\Database::check('user.code', $code); $correct_param = $correct_param && \manager\Database::check('user.username', $username); $correct_param = $correct_param && \manager\Database::check('user.firstname', $firstname); $correct_param = $correct_param && \manager\Database::check('user.lastname', $lastname); $correct_param = $correct_param && \manager\Database::check('user.mail', $mail); - $correct_param = $correct_param && \manager\Database::check('user.password', $password); + $correct_param = $correct_param && \manager\Database::check('user.password', $password_hash); + $correct_param = $correct_param && \manager\Database::check('user.status', $status); $request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) ); diff --git a/manager/sessionManager.php b/manager/sessionManager.php index b622008..3963e00 100644 --- a/manager/sessionManager.php +++ b/manager/sessionManager.php @@ -11,7 +11,7 @@ /*************************/ /* SECURE SHA1 ALGORITHM */ /*************************/ - private static function secure_sha1($data){ + public static function secure_sha1($data){ return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') ); } @@ -94,7 +94,7 @@ // On verifie que le token est valide $valid_token = $session_token != null; // verification de l'existence du cookie $valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles - $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe + $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe $valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente /* [4] Si token inexistant @@ -111,11 +111,4 @@ } - - // Override du namespace - function session_start(){ - sessionManager::session_start(); - } - - ?> diff --git a/phpunit/coverage/Database.php.html b/phpunit/coverage/Database.php.html index 3b02af0..f1a3610 100755 --- a/phpunit/coverage/Database.php.html +++ b/phpunit/coverage/Database.php.html @@ -56,11 +56,11 @@
3 / 6
CRAP
-
+
-
95.16%
-
59 / 62
+
95.31%
+
61 / 64
@@ -77,13 +77,13 @@
50.00%
3 / 6
- 47 + 52
-
+
-
95.16%
-
59 / 62
+
95.31%
+
61 / 64
@@ -179,13 +179,13 @@
0.00%
0 / 1
- 25.11 + 30
-
+
-
94.44%
-
17 / 18
+
95.00%
+
19 / 20
@@ -374,48 +374,52 @@
179
*
180
*/
181
public static function check($type, $value){ -
182
$checker = !is_null($value); +
182
$checker = !is_null($value);
183
184
switch($type){
185
/* (1) Global */ -
186
case 'auto_increment_id': +
186
case 'auto_increment_id':
187
return $checker && is_numeric($value) && $value <= 2147483647 && $value >= -2147483647;
188
break;
189
190
/* (2) Utilisateur */ -
191
case 'user.code': -
192
case 'machine.code': +
191
case 'user.code': +
192
case 'machine.code':
193
return $checker && is_string($value) && preg_match('/^[\dA-F]{2}(\-[\dA-F]{2}){3,5}$/i', $value);
194
break;
195
-
196
case 'user.username': -
197
case 'machine.name': -
198
case 'group.name': +
196
case 'user.username': +
197
case 'machine.name': +
198
case 'group.name':
199
return $checker && is_string($value) && preg_match('/^[\w-]{1,30}$/i', $value);
200
break;
201
-
202
case 'user.firstname': -
203
case 'user.lastname': +
202
case 'user.firstname': +
203
case 'user.lastname':
204
return $checker && is_string($value) && preg_match('/^[a-z -]{3,30}$/i', $value);
205
break;
206
-
207
case 'user.mail': +
207
case 'user.mail':
208
return $checker && is_string($value) && strlen($value) <= 50 && preg_match('/^[\w\.-]+@[\w\.-]+\.[a-z]{2,4}$/i', $value);
209
break;
210
-
211
case 'user.password': +
211
case 'user.password':
212
return $checker && is_string($value) && preg_match('/^[\da-f]{40}$/i', $value);
213
break;
214
-
215
} -
216
-
217
return $checker; +
215
case 'user.status': +
216
return $checker && is_numeric($value) && floor($value) == $value && $value >= 0 && $value <= 100; +
217
break;
218
-
219
} +
219
}
220
-
221
-
222
} -
223
?> +
221
return $checker; +
222
+
223
} +
224
+
225
+
226
} +
227
?> @@ -427,7 +431,7 @@ Dead Code

- Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 22:01:41 CET 2016. + Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 23:21:09 CET 2016.

diff --git a/phpunit/coverage/ManagerError.php.html b/phpunit/coverage/ManagerError.php.html index eb5c9be..32bc08c 100644 --- a/phpunit/coverage/ManagerError.php.html +++ b/phpunit/coverage/ManagerError.php.html @@ -203,7 +203,7 @@ Dead Code

- Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 22:01:41 CET 2016. + Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 23:21:09 CET 2016.

diff --git a/phpunit/coverage/ResourceDispatcher.php.html b/phpunit/coverage/ResourceDispatcher.php.html index c2500a2..5cb940c 100644 --- a/phpunit/coverage/ResourceDispatcher.php.html +++ b/phpunit/coverage/ResourceDispatcher.php.html @@ -450,7 +450,7 @@ Dead Code

- Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 22:01:41 CET 2016. + Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 23:21:09 CET 2016.

diff --git a/phpunit/coverage/autoloader.php.html b/phpunit/coverage/autoloader.php.html index 39c0b9f..1e5c090 100755 --- a/phpunit/coverage/autoloader.php.html +++ b/phpunit/coverage/autoloader.php.html @@ -58,7 +58,7 @@ - debug() + debug()
@@ -75,7 +75,7 @@ - autoloader($className) + autoloader($className)
@@ -98,35 +98,49 @@
1
<?php define('__ROOT__', dirname(dirname(__FILE__)) );
2
-
3
function debug(){ -
4
ini_set('display_errors',1); -
5
ini_set('display_startup_errors',1); -
6
error_reporting(-1); -
7
} -
8
-
9
-
10
-
11
-
12
+
3
+
4
+
5
/* ACTIVE LE DEBUGGAGE (WARNING + EXCEPTION) +
6
* +
7
*/ +
8
function debug(){ +
9
ini_set('display_errors',1); +
10
ini_set('display_startup_errors',1); +
11
error_reporting(-1); +
12
}
13
-
14
function autoloader($className){ -
15
$path = ''; -
16
-
17
/* [1] On utilise le namespace pour localiser -
18
===============================================*/ -
19
// On remplace les '\' par des '/' -
20
$path = str_replace('\\', '/', $className) . '.php'; -
21
$path = __ROOT__.'/'.$path; -
22
-
23
// Si le fichier existe, on l'inclut -
24
if( file_exists($path) ) -
25
require_once $path; -
26
} -
27
-
28
// On definit l'autoloader comme autoloader (obvious) -
29
spl_autoload_register('autoloader', false, true); -
30
-
31
+
14
+
15
+
16
/* AUTOLOADER +
17
* +
18
* @className<String> Nom de la classe appelee +
19
* +
20
*/ +
21
function autoloader($className){ +
22
$path = ''; +
23
+
24
/* [1] On utilise le namespace pour localiser +
25
===============================================*/ +
26
// On remplace les '\' par des '/' +
27
$path = str_replace('\\', '/', $className) . '.php'; +
28
$path = __ROOT__.'/'.$path; +
29
+
30
// Si le fichier existe, on l'inclut +
31
if( file_exists($path) ) +
32
require_once $path; +
33
} +
34
+
35
// On definit l'autoloader comme autoloader (obvious) +
36
spl_autoload_register('autoloader', false, true); +
37
+
38
+
39
+
40
+
41
/* On demarre la session securisee PHP +
42
=========================================================*/ +
43
// Condition ajoutee pour PHPUNIT +
44
if( isset($_SERVER['REMOTE_ADDR']) ) +
45
\manager\sessionManager::session_start(); @@ -138,7 +152,7 @@ Dead Code

- Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 22:01:41 CET 2016. + Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 23:21:09 CET 2016.

diff --git a/phpunit/coverage/index.dashboard.html b/phpunit/coverage/index.dashboard.html index 9e06cbb..4f9b37f 100755 --- a/phpunit/coverage/index.dashboard.html +++ b/phpunit/coverage/index.dashboard.html @@ -41,7 +41,8 @@

Top Project Risks

@@ -49,19 +50,22 @@

Least Tested Methods

@@ -92,7 +96,7 @@ $(document).ready(function() { min: 0 }, series: [{ - data: [1,0,0,0,0,0,0,0,1,0,1,0] + data: [1,1,0,0,0,0,0,0,1,0,1,0] }], }); @@ -120,7 +124,7 @@ $(document).ready(function() { } }, series: [{ - data: [[95.161290322581,47,"DataBase<\/a>"],[0,13,"ManagerError<\/a>"],[75.925925925926,24,"ResourceDispatcher<\/a>"]], + data: [[95.3125,52,"DataBase<\/a>"],[0,13,"ManagerError<\/a>"],[75.925925925926,24,"ResourceDispatcher<\/a>"],[3.3333333333333,11,"sessionManager<\/a>"]], marker: { symbol: 'diamond' } diff --git a/phpunit/coverage/index.html b/phpunit/coverage/index.html index c7ce2c0..d37c6b2 100755 --- a/phpunit/coverage/index.html +++ b/phpunit/coverage/index.html @@ -41,35 +41,35 @@ - Total -
-
-
- -
75.71%
-
106 / 140
+ Total
-
+
-
53.85%
-
7 / 13
+
63.37%
+
109 / 172
+
+
+
+ +
47.06%
+
8 / 17
0.00%
-
0 / 3
+
0 / 4
Database.php
-
+
-
95.16%
-
59 / 62
+
95.31%
+
61 / 64
@@ -144,6 +144,28 @@
 
+ + sessionManager.php +
+
+
+ +
3.33%
+
1 / 30
+
+
+
+ +
25.00%
+
1 / 4
+
+
+
+ +
0.00%
+
0 / 1
+ + @@ -155,7 +177,7 @@ High: 70% to 100%

- Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 22:01:41 CET 2016. + Generated by PHP_CodeCoverage 1.2.13 using PHP 5.5.9-1ubuntu4.14 and PHPUnit 3.7.28 at Fri Feb 12 23:21:09 CET 2016.

diff --git a/phpunit/coverage/sessionManager.php.html b/phpunit/coverage/sessionManager.php.html new file mode 100644 index 0000000..695f607 --- /dev/null +++ b/phpunit/coverage/sessionManager.php.html @@ -0,0 +1,295 @@ + + + + + Code Coverage for /var/www/stefproject/manager/sessionManager.php + + + + + + + +
+
+
+
+ +
+
+
+
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
 
Code Coverage
 
Classes and Traits
Functions and Methods
Lines
Total
+
+
+
0.00%
0 / 1
+
+
+
25.00%
1 / 4
CRAP
+
+
+
3.33%
1 / 30
sessionManager
+
+
+
0.00%
0 / 1
+
+
+
25.00%
1 / 4
120.30
+
+
+
3.33%
1 / 30
 secure_sha1($data)
+
+
+
100.00%
1 / 1
1
+
+
+
100.00%
1 / 1
 reset_session($session_id=null)
+
+
+
0.00%
0 / 1
6
+
+
+
0.00%
0 / 8
 update_token()
+
+
+
0.00%
0 / 1
2
+
+
+
0.00%
0 / 5
 session_start()
+
+
+
0.00%
0 / 1
56
+
+
+
0.00%
0 / 16
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
<?php
namespace manager;
class sessionManager{
private static $prefix;
/*************************/
/* SECURE SHA1 ALGORITHM */
/*************************/
public static function secure_sha1($data){
return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') );
}
/*****************************/
/* INITIALISATION DE SESSION */
/*****************************/
private static function reset_session($session_id=null){
// On ferme la session
session_destroy();
// On definit l'id session si donne en argument
if( $session_id != null )
session_id( $session_id );
// Precaution: on met a jour le cookie
setcookie('PHPSESSID', session_id(), time()+60*30 );
// On redemarre la session avec le bon id session
\session_start();
// On met a jour le token
self::update_token();
header('Refresh: 0');
}
/*******************/
/* GENERE UN TOKEN */
/*******************/
private static function update_token(){
$token = self::$prefix.self::secure_sha1(uniqid());
// On definit le token en session
$_SESSION['session_token'] = $token;
// On definit le token en cookie
$_COOKIE['session_token'] = $_SESSION['session_token'];
setcookie('session_token', $_COOKIE['session_token'], time()+60*30 );
}
/************/
/* AMORCEUR */
/************/
public static function session_start(){
/* [1] Génération et Gestion des donnees a utiliser
==============================================================*/
// On genere le hash a partir des donnees personnelles
self::$prefix = self::secure_sha1( $_SERVER['REMOTE_ADDR'].$_SERVER['HTTP_USER_AGENT'] );
// On cree un id session associe a ces donnees personnelles
$sessid = substr(self::$prefix,0,5) . substr(self::secure_sha1(uniqid()),0,24);
// On genere un token pour l'execution suivante
$token = self::$prefix.self::secure_sha1(uniqid());
// On definit/recupere le token
$session_token = (isset($_COOKIE['session_token'])) ? $_COOKIE['session_token'] : null;
/* [2] Verification de l'id session
==============================================================*/
\session_start();
// On verifie l'id session (5 premiers chars du hash des donnees perso)
$valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0;
// Si id session incorrect ou pas de token
if( !$valid_sessid )
self::reset_session( $sessid ); // On initialise la session (bon id session)
// si id session invalide
/* [3] Verification du token
==============================================================*/
// On verifie que le token est valide
$valid_token = $session_token != null; // verification de l'existence du cookie
$valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles
$valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe
$valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente
/* [4] Si token inexistant
==============================================================*/
if( !$valid_token )
self::reset_session($sessid); // On initialise la session
else
self::update_token(); // Dans tous les cas, on cree un nouveau token
}
}
?>
+ +
+ + + + + diff --git a/phpunit/phpunit.xml b/phpunit/phpunit.xml index 0746731..8a984d4 100755 --- a/phpunit/phpunit.xml +++ b/phpunit/phpunit.xml @@ -2,9 +2,7 @@ - tests/Database_check.php - tests/Database_delNumeric.php - tests/Database_construct.php + ./tests/ diff --git a/phpunit/tests/Database_check.php b/phpunit/tests/Database_check.php index ea3322d..39292ee 100755 --- a/phpunit/tests/Database_check.php +++ b/phpunit/tests/Database_check.php @@ -185,7 +185,7 @@ /* [5] Mot de passe =========================================================*/ public function testPasswordSizeEqCorrect(){ - $password_hash = sha1('monmotdepasse'); + $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse'); $this->assertEquals( 40, strlen($password_hash) ); $this->assertTrue( \manager\Database::check('user.password', $password_hash) ); @@ -199,7 +199,7 @@ } public function testPasswordSizeSupIncorrect(){ - $password_hash = sha1('monmotdepasse').'a'; + $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse').'a'; $this->assertGreaterThan( 40, strlen($password_hash) ); $this->assertFalse( \manager\Database::check('user.password', $password_hash) ); @@ -214,6 +214,50 @@ $this->assertContains( 'g', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g' ); $this->assertFalse( \manager\Database::check('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g') ); } + + + + /* [6] Status de l'utilisateur + =========================================================*/ + /* (1) Type */ + public function testStatusTypeIntCorrect(){ + $this->assertTrue( \manager\Database::check('user.status', 1) ); + } + + public function testStatusTypeStringCorrect(){ + $this->assertTrue( \manager\Database::check('user.status', '1') ); + } + + public function testStatusTypeIntIncorrect(){ + $this->assertFalse( \manager\Database::check('user.status', 1.03) ); + } + + public function testStatusTypeStringIncorrect(){ + $this->assertFalse( \manager\Database::check('user.status', '1.03') ); + } + + + /* (2) Size */ + public function testStatusSizeInfCorrect(){ + $this->assertGreaterThanOrEqual( 0, 0 ); + $this->assertTrue( \manager\Database::check('user.status', 0) ); + } + + public function testStatusSizeSupCorrect(){ + $this->assertLessThanOrEqual( 100, 100 ); + $this->assertTrue( \manager\Database::check('user.status', 100) ); + } + + + public function testStatusSizeInfIncorrect(){ + $this->assertLessThan( 0, -1 ); + $this->assertFalse( \manager\Database::check('user.status', -1) ); + } + + public function testStatusSizeSupIncorrect(){ + $this->assertGreaterThan( 100, 101 ); + $this->assertFalse( \manager\Database::check('user.status', 101) ); + } diff --git a/todo.md b/todo.md index 1d84385..08cb501 100755 --- a/todo.md +++ b/todo.md @@ -42,6 +42,8 @@ - [x] [sessionManager] Import de sessionManager - [x] [phpunit/tests/Database_*] Tests unitaire de delNumeric() - [x] [Database] Mise a jour des methodes de Database + - [x] [Database::check] Suite de l'implementation ajout de "user.status" + - [x] [phpunit/tests/Database_check] Tests associes - [x] [Database::construct] Gestion du singleton et de la config - [x] [Database::check] Suite de l'implementation (couverture des types de la BDD actuelle: 100%) - [x] [Database::delNumeric] Prevention si oubli @oneDimension + ne supprime plus les indices numeriques associees a aucun indice textuel