diff --git a/automate.php b/automate.php index ed33567..31ced1a 100755 --- a/automate.php +++ b/automate.php @@ -282,4 +282,5 @@ }//testDatabaseChecker(); + ?> \ No newline at end of file diff --git a/index.php b/index.php index 6dcb999..26e675b 100755 --- a/index.php +++ b/index.php @@ -1,4 +1,5 @@ = 0 && $value <= 100; + break; + } return $checker; diff --git a/manager/autoloader.php b/manager/autoloader.php index 66b81a6..7e8f94e 100755 --- a/manager/autoloader.php +++ b/manager/autoloader.php @@ -1,5 +1,10 @@ Nom de la classe appelee + * + */ function autoloader($className){ $path = ''; @@ -29,4 +36,11 @@ spl_autoload_register('autoloader', false, true); + + + /* On demarre la session securisee PHP + =========================================================*/ + // Condition ajoutee pour PHPUNIT + if( isset($_SERVER['REMOTE_ADDR']) ) + \manager\sessionManager::session_start(); ?> \ No newline at end of file diff --git a/manager/module/userDefault.php b/manager/module/userDefault.php index 1f68b29..8344d54 100755 --- a/manager/module/userDefault.php +++ b/manager/module/userDefault.php @@ -37,14 +37,15 @@ public static function create($code, $username, $firstname, $lastname, $mail, $password, $status){ /* [1] Normalisation + verification des donnees =========================================================*/ - $password_hash = sha1($password); + $password_hash = \manager\sessionManager::secure_sha1($password); $correct_param = \manager\Database::check('user.code', $code); $correct_param = $correct_param && \manager\Database::check('user.username', $username); $correct_param = $correct_param && \manager\Database::check('user.firstname', $firstname); $correct_param = $correct_param && \manager\Database::check('user.lastname', $lastname); $correct_param = $correct_param && \manager\Database::check('user.mail', $mail); - $correct_param = $correct_param && \manager\Database::check('user.password', $password); + $correct_param = $correct_param && \manager\Database::check('user.password', $password_hash); + $correct_param = $correct_param && \manager\Database::check('user.status', $status); $request = new \manager\Repo('user/create', array($code, $username, $firstname, $lastname, $mail, $password, $status) ); diff --git a/manager/sessionManager.php b/manager/sessionManager.php index b622008..3963e00 100644 --- a/manager/sessionManager.php +++ b/manager/sessionManager.php @@ -11,7 +11,7 @@ /*************************/ /* SECURE SHA1 ALGORITHM */ /*************************/ - private static function secure_sha1($data){ + public static function secure_sha1($data){ return sha1( '">\[..|{@#))'.sha1($data.'_)Q@#((%*_$%(@#') ); } @@ -94,7 +94,7 @@ // On verifie que le token est valide $valid_token = $session_token != null; // verification de l'existence du cookie $valid_token = $valid_token && strpos($session_token, self::$prefix) === 0; // verification des donnes personnelles - $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe + $valid_token = $valid_token && isset($_SESSION['session_token']); // verification que la variable session associee existe $valid_token = $valid_token && $_SESSION['session_token'] == $_COOKIE['session_token']; // verification que la session est coherente /* [4] Si token inexistant @@ -111,11 +111,4 @@ } - - // Override du namespace - function session_start(){ - sessionManager::session_start(); - } - - ?> diff --git a/phpunit/phpunit.xml b/phpunit/phpunit.xml index 0746731..8a984d4 100755 --- a/phpunit/phpunit.xml +++ b/phpunit/phpunit.xml @@ -2,9 +2,7 @@ - tests/Database_check.php - tests/Database_delNumeric.php - tests/Database_construct.php + ./tests/ diff --git a/phpunit/tests/Database_check.php b/phpunit/tests/Database_check.php index ea3322d..39292ee 100755 --- a/phpunit/tests/Database_check.php +++ b/phpunit/tests/Database_check.php @@ -185,7 +185,7 @@ /* [5] Mot de passe =========================================================*/ public function testPasswordSizeEqCorrect(){ - $password_hash = sha1('monmotdepasse'); + $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse'); $this->assertEquals( 40, strlen($password_hash) ); $this->assertTrue( \manager\Database::check('user.password', $password_hash) ); @@ -199,7 +199,7 @@ } public function testPasswordSizeSupIncorrect(){ - $password_hash = sha1('monmotdepasse').'a'; + $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse').'a'; $this->assertGreaterThan( 40, strlen($password_hash) ); $this->assertFalse( \manager\Database::check('user.password', $password_hash) ); @@ -214,6 +214,50 @@ $this->assertContains( 'g', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g' ); $this->assertFalse( \manager\Database::check('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g') ); } + + + + /* [6] Status de l'utilisateur + =========================================================*/ + /* (1) Type */ + public function testStatusTypeIntCorrect(){ + $this->assertTrue( \manager\Database::check('user.status', 1) ); + } + + public function testStatusTypeStringCorrect(){ + $this->assertTrue( \manager\Database::check('user.status', '1') ); + } + + public function testStatusTypeIntIncorrect(){ + $this->assertFalse( \manager\Database::check('user.status', 1.03) ); + } + + public function testStatusTypeStringIncorrect(){ + $this->assertFalse( \manager\Database::check('user.status', '1.03') ); + } + + + /* (2) Size */ + public function testStatusSizeInfCorrect(){ + $this->assertGreaterThanOrEqual( 0, 0 ); + $this->assertTrue( \manager\Database::check('user.status', 0) ); + } + + public function testStatusSizeSupCorrect(){ + $this->assertLessThanOrEqual( 100, 100 ); + $this->assertTrue( \manager\Database::check('user.status', 100) ); + } + + + public function testStatusSizeInfIncorrect(){ + $this->assertLessThan( 0, -1 ); + $this->assertFalse( \manager\Database::check('user.status', -1) ); + } + + public function testStatusSizeSupIncorrect(){ + $this->assertGreaterThan( 100, 101 ); + $this->assertFalse( \manager\Database::check('user.status', 101) ); + } diff --git a/todo.md b/todo.md index 1d84385..08cb501 100755 --- a/todo.md +++ b/todo.md @@ -42,6 +42,8 @@ - [x] [sessionManager] Import de sessionManager - [x] [phpunit/tests/Database_*] Tests unitaire de delNumeric() - [x] [Database] Mise a jour des methodes de Database + - [x] [Database::check] Suite de l'implementation ajout de "user.status" + - [x] [phpunit/tests/Database_check] Tests associes - [x] [Database::construct] Gestion du singleton et de la config - [x] [Database::check] Suite de l'implementation (couverture des types de la BDD actuelle: 100%) - [x] [Database::delNumeric] Prevention si oubli @oneDimension + ne supprime plus les indices numeriques associees a aucun indice textuel