From c7d96076035045dffbec3117f79139506357259e Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Tue, 12 Apr 2016 17:46:34 +0200 Subject: [PATCH] =?UTF-8?q?Nouveau=20hotfix=20->=20gestion=20des=20session?= =?UTF-8?q?s=20qui=20d=C3=A9conne?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Pas meme session_id en Javascript et en PHP + ni quand on lance un form sur la page courante --- css/layout.css | 2 +- css/layout.scss | 4 +-- doc/bdd.sql | 74 +++++++++++++++++++++++++++++++++++--- index.php | 32 ++++++++++++++++- js/action-script.js | 28 ++------------- manager/ModuleAnswer.php | 8 ++++- manager/autoloader.php | 24 ++++++------- manager/sessionManager.php | 6 ++-- view.php | 18 +++------- 9 files changed, 133 insertions(+), 63 deletions(-) diff --git a/css/layout.css b/css/layout.css index d2d03ca..a66f5a5 100755 --- a/css/layout.css +++ b/css/layout.css @@ -1,2 +1,2 @@ -body{font-family:'Open Sans';font-size:15px}#WRAPPER{display:block;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#e8e8e8;overflow-x:hidden;overflow-y:auto;z-index:1}#WRAPPER>#HEADER{display:block;position:fixed;top:0;left:0;width:100%;height:calc( 4em - 1px );border-bottom:1px solid #cfcfcf;background-color:#fff;z-index:9}#WRAPPER>#MENU-SIDE{display:block;position:fixed;top:4em;left:0;width:15em;height:calc( 100% - 4em );box-shadow:2px 1px 3px #ddd;background-color:#32323a;transition:all .3s;z-index:10}#WRAPPER>#CONTAINER{display:flex;position:absolute;top:4em;left:15em;width:calc( 100% - 15em - 2*1em );min-height:calc( 100% - 4em - 2*1em );padding:1em;flex-direction:row;justify-content:space-between;overflow-x:none;overflow-y:auto}#LOGIN{display:flex;position:fixed;top:0;left:-100%;width:100%;height:100%;flex-direction:row;flex-wrap:nowrap;justify-content:space-around;align-items:center;background-color:#32323a;transition:left .3s ease-in-out;z-index:101}#LOGIN.active{left:0}#LOGIN>#login-icon{width:35em;height:10em;background:url("/f/svg/icon/st") center center no-repeat;background-size:auto 100%}#LOGIN>#login-form{display:block}#LOGIN>#login-form>input[type='text'],#LOGIN>#login-form>input[type='password'],#LOGIN>#login-form>input[type='button']{display:flex;width:20em;margin:2em 0;padding:1em 2em;flex-direction:column;justify-content:space-around;flex-wrap:nowrap;align-items:middle;border-radius:5px;border:1px solid #6b6b6b;background-color:#32323a;color:#fff;font-weight:bold;letter-spacing:.07em;transition:border .2s ease-in-out;cursor:default}#LOGIN>#login-form>input[type='text']:hover,#LOGIN>#login-form>input[type='text']:focus,#LOGIN>#login-form>input[type='password']:hover,#LOGIN>#login-form>input[type='password']:focus,#LOGIN>#login-form>input[type='button']:hover,#LOGIN>#login-form>input[type='button']:focus{border-color:#53d192}#LOGIN>#login-form>input[type='button']{margin:2em auto;border:0;background-color:#53d192;color:#fff;font-weight:bold;cursor:pointer}#LOGIN>#login-form>input[type='button']:hover{background-color:#33be79;box-shadow:0 0 1em #1a1a1f}#LOGIN>#login-form>#lost-password{color:#ddd;cursor:pointer}#LOGIN>#login-form>#lost-password:hover{color:#53d192;text-decoration:underline}#LOGIN>#login-close{display:block;position:absolute;top:2em;right:2em;min-width:2em;height:2em;background:url("/f/svg/back/st/container/ffffff") right center no-repeat;background-size:1em;color:#fff;padding-right:2em;line-height:2em;font-weight:bold;cursor:pointer} +body{font-family:'Open Sans';font-size:15px}#WRAPPER{display:block;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#e8e8e8;overflow-x:hidden;overflow-y:auto;z-index:1}#WRAPPER>#HEADER{display:block;position:fixed;top:0;left:0;width:100%;height:calc( 4em - 1px );border-bottom:1px solid #cfcfcf;background-color:#fff;z-index:9}#WRAPPER>#MENU-SIDE{display:block;position:fixed;top:4em;left:0;width:15em;height:calc( 100% - 4em );box-shadow:2px 1px 3px #ddd;background-color:#32323a;transition:all .3s;z-index:10}#WRAPPER>#CONTAINER{display:flex;position:absolute;top:4em;left:15em;width:calc( 100% - 15em - 2*1em );min-height:calc( 100% - 4em - 2*1em );padding:1em;flex-direction:row;justify-content:space-between;overflow-x:none;overflow-y:auto}#LOGIN{display:flex;position:fixed;top:0;left:-100%;width:100%;height:100%;flex-direction:row;flex-wrap:nowrap;justify-content:space-around;align-items:center;background-color:#32323a;transition:left .3s ease-in-out;z-index:101}#LOGIN.active{left:0}#LOGIN>#login-icon{width:35em;height:10em;background:url("/f/svg/icon/st") center center no-repeat;background-size:auto 100%}#LOGIN>#login-form{display:block}#LOGIN>#login-form>input[type='text'],#LOGIN>#login-form>input[type='password'],#LOGIN>#login-form>input[type='submit']{display:flex;width:20em;margin:2em 0;padding:1em 2em;flex-direction:column;justify-content:space-around;flex-wrap:nowrap;align-items:middle;border-radius:5px;border:1px solid #6b6b6b;background-color:#32323a;color:#fff;font-weight:bold;letter-spacing:.07em;transition:border .2s ease-in-out;cursor:default}#LOGIN>#login-form>input[type='text']:hover,#LOGIN>#login-form>input[type='text']:focus,#LOGIN>#login-form>input[type='password']:hover,#LOGIN>#login-form>input[type='password']:focus,#LOGIN>#login-form>input[type='submit']:hover,#LOGIN>#login-form>input[type='submit']:focus{border-color:#53d192}#LOGIN>#login-form>input[type='submit']{margin:2em auto;border:0;background-color:#53d192;color:#fff;font-weight:bold;cursor:pointer}#LOGIN>#login-form>input[type='submit']:hover{background-color:#33be79;box-shadow:0 0 1em #1a1a1f}#LOGIN>#login-form>#lost-password{color:#ddd;cursor:pointer}#LOGIN>#login-form>#lost-password:hover{color:#53d192;text-decoration:underline}#LOGIN>#login-close{display:block;position:absolute;top:2em;right:2em;min-width:2em;height:2em;background:url("/f/svg/back/st/container/ffffff") right center no-repeat;background-size:1em;color:#fff;padding-right:2em;line-height:2em;font-weight:bold;cursor:pointer} /*# sourceMappingURL=layout.css.map */ diff --git a/css/layout.scss b/css/layout.scss index ac9aff7..3232a29 100755 --- a/css/layout.scss +++ b/css/layout.scss @@ -136,7 +136,7 @@ body{ /* (2.1) Champs de texte (login/password) */ & > input[type='text'], & > input[type='password'], - & > input[type='button']{ + & > input[type='submit']{ display: flex; width: 20em; @@ -173,7 +173,7 @@ body{ /* (2.2) Bouton de connexion */ - & > input[type='button']{ + & > input[type='submit']{ margin: 2em auto; border: 0; diff --git a/doc/bdd.sql b/doc/bdd.sql index cd75497..403366d 100644 --- a/doc/bdd.sql +++ b/doc/bdd.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Generation Time: Apr 10, 2016 at 12:22 PM +-- Generation Time: Apr 12, 2016 at 05:32 PM -- Server version: 5.6.28-0ubuntu0.15.10.1 -- PHP Version: 5.6.11-1ubuntu3.1 @@ -22,13 +22,35 @@ SET time_zone = "+00:00"; -- -------------------------------------------------------- +-- +-- Table structure for table `api_token` +-- + +CREATE TABLE IF NOT EXISTS `api_token` ( + `id_token` int(11) NOT NULL, + `token` varchar(40) NOT NULL, + `name` varchar(50) NOT NULL, + `expires` date NOT NULL +) ENGINE=InnoDB AUTO_INCREMENT=49 DEFAULT CHARSET=latin1; + +-- +-- Dumping data for table `api_token` +-- + +INSERT INTO `api_token` (`id_token`, `token`, `name`, `expires`) VALUES +(38, '48e701d4e72e4e35bc37c9a800b49d5400734d7b', 'test', '2016-04-11'), +(39, '935fe104d0e64d36e466c7a0a1c9773e3d7521c5', 'user#1', '2016-04-22'), +(48, 'bba06e9b01f5ac00798d6cf241d8bf105da0f25a', 'user#2', '2016-05-02'); + +-- -------------------------------------------------------- + -- -- Table structure for table `Categories` -- CREATE TABLE IF NOT EXISTS `Categories` ( `idCategorie` int(11) NOT NULL, - `intitule` varchar(32) NOT NULL + `intitule` varchar(40) NOT NULL ) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1; -- @@ -75,7 +97,7 @@ CREATE TABLE IF NOT EXISTS `Personnes` ( `nom` varchar(255) DEFAULT NULL, `prenom` varchar(255) DEFAULT NULL, `id_facebook` int(11) DEFAULT NULL, - `telephone` int(11) DEFAULT NULL + `telephone` varchar(10) DEFAULT NULL ) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1; -- @@ -136,10 +158,38 @@ CREATE TABLE IF NOT EXISTS `ReponsesUtilisateurs` ( `idUtilisateur` int(11) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; +-- -------------------------------------------------------- + +-- +-- Table structure for table `users` +-- + +CREATE TABLE IF NOT EXISTS `users` ( + `id_user` int(11) NOT NULL, + `login` varchar(30) NOT NULL, + `password` varchar(40) NOT NULL, + `mail` varchar(255) NOT NULL, + `reference` int(11) DEFAULT NULL, + `permission` text NOT NULL +) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1; + +-- +-- Dumping data for table `users` +-- + +INSERT INTO `users` (`id_user`, `login`, `password`, `mail`, `reference`, `permission`) VALUES +(1, 'xdrm', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 'xdrm@xdrm.io', NULL, 'admin,user'); + -- -- Indexes for dumped tables -- +-- +-- Indexes for table `api_token` +-- +ALTER TABLE `api_token` + ADD PRIMARY KEY (`id_token`); + -- -- Indexes for table `Categories` -- @@ -201,10 +251,21 @@ ALTER TABLE `ReponsesUtilisateurs` ADD KEY `index_ReponsesUtilisateurs` (`idQuestion`), ADD KEY `index_ReponsesUtilisateurs_idPersonne` (`idUtilisateur`); +-- +-- Indexes for table `users` +-- +ALTER TABLE `users` + ADD PRIMARY KEY (`id_user`); + -- -- AUTO_INCREMENT for dumped tables -- +-- +-- AUTO_INCREMENT for table `api_token` +-- +ALTER TABLE `api_token` + MODIFY `id_token` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=49; -- -- AUTO_INCREMENT for table `Categories` -- @@ -236,6 +297,11 @@ ALTER TABLE `ReponsesAttendues` ALTER TABLE `ReponsesUtilisateurs` MODIFY `idReponseUtilisateur` int(11) NOT NULL AUTO_INCREMENT; -- +-- AUTO_INCREMENT for table `users` +-- +ALTER TABLE `users` + MODIFY `id_user` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=3; +-- -- Constraints for dumped tables -- @@ -275,4 +341,4 @@ ALTER TABLE `ReponsesUtilisateurs` /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */; /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */; -/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; \ No newline at end of file +/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; diff --git a/index.php b/index.php index 8ba482a..76ff807 100755 --- a/index.php +++ b/index.php @@ -5,6 +5,10 @@ use \router\Router; use \manager\ResourceDispatcher; use \manager\ModuleRequest; + use \manager\ManagerError; + use \manager\Database; + + /*******************************************/ /* DEBUGGER */ @@ -13,7 +17,33 @@ /*******************************************/ - + /* [1] Gestion des utilisateurs + =========================================================*/ + /* (1) Valeurs par defaut */ + if( !isset($_SESSION['userid']) ) $_SESSION['userid'] = null; + if( !isset($_SESSION['username']) ) $_SESSION['username'] = null; + if( !isset($_SESSION['permission']) ) $_SESSION['permission'] = array(); + + /* (2) Gestion de la connection */ + $login_vars = isset($_POST['login']) && Database::check('varchar(255)', $_POST['login']); + $login_vars = $login_vars && isset($_POST['password']) && Database::check('text', $_POST['password']); + + // Status de login + $_SESSION['login_status'] = 'no'; + + // Si les parametres de connection, on essaie de connecter + if( $login_vars ){ + $login = new ModuleRequest('users/login', array('login' => $login, 'password' => $password)); + $login_ans = $login->dispatch(); + + // Si aucune erreur, on dit qu'on vient de se connecter + if( $login_ans->ModuleError == ManagerError::Success ) + $_SESSION['login_status'] = 'logged'; + + // Si on n'a pas les bonnes donnees + else + $_SESSION['login_status'] = 'error'; + } /* [0] On initialise le routeur diff --git a/js/action-script.js b/js/action-script.js index cd74f80..048ff70 100755 --- a/js/action-script.js +++ b/js/action-script.js @@ -205,13 +205,9 @@ /* [7] Gestion du toggle de la page de login =========================================================*/ var LOGIN = { - show: document.getElementById('user-data'), - hide: document.getElementById('login-close'), - page: document.getElementById('LOGIN'), - - login: document.getElementById('login-login'), - password: document.getElementById('login-password'), - submit: document.getElementById('login-submit') + show: document.getElementById('user-data'), + hide: document.getElementById('login-close'), + page: document.getElementById('LOGIN') }; /* (1) Gestion de l'affichage de la page de login */ @@ -220,22 +216,4 @@ /* (2) Gestion de la fermeture de la page de login */ LOGIN.hide.addEventListener('click', function(e){ LOGIN.page.className = ''; }, false); - /* (3) Gestion du login */ - LOGIN.submit.addEventListener('click', function(e){ - // Creation de la requete de connexion - var request = { - path: 'users/login', - login: LOGIN.login.value, - password: LOGIN.password.value - }; - - // On lance la requete et recupere la reponse - api.send(request, function(answer){ - console.log( answer ); - if( answer.ModuleError == 0 ) // Si on est bien connecte, on recharge la page - document.location = '/'; - }, js_access_token); - - }, false); - // } \ No newline at end of file diff --git a/manager/ModuleAnswer.php b/manager/ModuleAnswer.php index 7869be7..c914b2f 100755 --- a/manager/ModuleAnswer.php +++ b/manager/ModuleAnswer.php @@ -137,7 +137,13 @@ public function serialize(){ // On rajoute l'erreur au message - $returnData = array_merge( array('ModuleError' => $this->error, 'ErrorDescription' => ManagerError::explicit($this->error)), $this->data ); + $returnData = array_merge( + array( + 'ModuleError' => $this->error, + 'ErrorDescription' => ManagerError::explicit($this->error) + ), + $this->data + ); return json_encode($returnData); diff --git a/manager/autoloader.php b/manager/autoloader.php index e3fb28f..3d05f74 100755 --- a/manager/autoloader.php +++ b/manager/autoloader.php @@ -18,19 +18,6 @@ error_reporting(-1); } - /* [1] Gestion des droits des utilisateurs - =========================================================*/ - /* (1) Retourne si l'utilisateur est connecte ou non */ - function connected(){ return isset($_SESSION['permission']) && count($_SESSION['permission']) > 0; } - - /* (2) Retourne si l'utilisateur a le status en question */ - function permission($type){ return connected() && in_array($type, $_SESSION['permission']); } - - - - - - @@ -63,4 +50,15 @@ /* On demarre la session securisee PHP =========================================================*/ \manager\sessionManager::session_start(); + + + + /* [1] Gestion des droits des utilisateurs + =========================================================*/ + /* (1) Retourne si l'utilisateur est connecte ou non */ + function connected(){ return isset($_SESSION['permission']) && count($_SESSION['permission']) > 0; } + + /* (2) Retourne si l'utilisateur a le status en question */ + function permission($type){ return connected() && in_array($type, $_SESSION['permission']); } + ?> \ No newline at end of file diff --git a/manager/sessionManager.php b/manager/sessionManager.php index 94e0212..b9f3364 100755 --- a/manager/sessionManager.php +++ b/manager/sessionManager.php @@ -29,7 +29,7 @@ session_id( $session_id ); // Precaution: on met a jour le cookie - setcookie('PHPSESSID', session_id(), time()+60*30 ); + setcookie( 'PHPSESSID', session_id(), time()+60*30 ); // On redemarre la session avec le bon id session \session_start(); @@ -51,7 +51,7 @@ // On definit le token en cookie $_COOKIE['session_token'] = $_SESSION['session_token']; - setcookie('session_token', $_COOKIE['session_token'], time()+60*30 ); + setcookie( 'session_token', $_COOKIE['session_token'], time()+60*30 ); } /************/ @@ -79,7 +79,7 @@ \session_start(); // On verifie l'id session (5 premiers chars du hash des donnees perso) - $valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0; + $valid_sessid = strpos( session_id(), substr(self::$prefix,0,5) ) === 0; // Si id session incorrect ou pas de token if( !$valid_sessid ) diff --git a/view.php b/view.php index 6139500..6a30bc2 100755 --- a/view.php +++ b/view.php @@ -1,14 +1,6 @@ - -?> @@ -44,17 +36,17 @@ "; else echo "
"; ?> - +
Accéder à la plateforme
-
+
- + Mot de passe oublié ? -
+