Nouveau hotfix -> gestion des sessions qui déconne
Pas meme session_id en Javascript et en PHP + ni quand on lance un form sur la page courante
This commit is contained in:
parent
3db436d596
commit
c7d9607603
|
@ -1,2 +1,2 @@
|
|||
body{font-family:'Open Sans';font-size:15px}#WRAPPER{display:block;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#e8e8e8;overflow-x:hidden;overflow-y:auto;z-index:1}#WRAPPER>#HEADER{display:block;position:fixed;top:0;left:0;width:100%;height:calc( 4em - 1px );border-bottom:1px solid #cfcfcf;background-color:#fff;z-index:9}#WRAPPER>#MENU-SIDE{display:block;position:fixed;top:4em;left:0;width:15em;height:calc( 100% - 4em );box-shadow:2px 1px 3px #ddd;background-color:#32323a;transition:all .3s;z-index:10}#WRAPPER>#CONTAINER{display:flex;position:absolute;top:4em;left:15em;width:calc( 100% - 15em - 2*1em );min-height:calc( 100% - 4em - 2*1em );padding:1em;flex-direction:row;justify-content:space-between;overflow-x:none;overflow-y:auto}#LOGIN{display:flex;position:fixed;top:0;left:-100%;width:100%;height:100%;flex-direction:row;flex-wrap:nowrap;justify-content:space-around;align-items:center;background-color:#32323a;transition:left .3s ease-in-out;z-index:101}#LOGIN.active{left:0}#LOGIN>#login-icon{width:35em;height:10em;background:url("/f/svg/icon/st") center center no-repeat;background-size:auto 100%}#LOGIN>#login-form{display:block}#LOGIN>#login-form>input[type='text'],#LOGIN>#login-form>input[type='password'],#LOGIN>#login-form>input[type='button']{display:flex;width:20em;margin:2em 0;padding:1em 2em;flex-direction:column;justify-content:space-around;flex-wrap:nowrap;align-items:middle;border-radius:5px;border:1px solid #6b6b6b;background-color:#32323a;color:#fff;font-weight:bold;letter-spacing:.07em;transition:border .2s ease-in-out;cursor:default}#LOGIN>#login-form>input[type='text']:hover,#LOGIN>#login-form>input[type='text']:focus,#LOGIN>#login-form>input[type='password']:hover,#LOGIN>#login-form>input[type='password']:focus,#LOGIN>#login-form>input[type='button']:hover,#LOGIN>#login-form>input[type='button']:focus{border-color:#53d192}#LOGIN>#login-form>input[type='button']{margin:2em auto;border:0;background-color:#53d192;color:#fff;font-weight:bold;cursor:pointer}#LOGIN>#login-form>input[type='button']:hover{background-color:#33be79;box-shadow:0 0 1em #1a1a1f}#LOGIN>#login-form>#lost-password{color:#ddd;cursor:pointer}#LOGIN>#login-form>#lost-password:hover{color:#53d192;text-decoration:underline}#LOGIN>#login-close{display:block;position:absolute;top:2em;right:2em;min-width:2em;height:2em;background:url("/f/svg/back/st/container/ffffff") right center no-repeat;background-size:1em;color:#fff;padding-right:2em;line-height:2em;font-weight:bold;cursor:pointer}
|
||||
body{font-family:'Open Sans';font-size:15px}#WRAPPER{display:block;position:fixed;top:0;left:0;width:100%;height:100%;background-color:#e8e8e8;overflow-x:hidden;overflow-y:auto;z-index:1}#WRAPPER>#HEADER{display:block;position:fixed;top:0;left:0;width:100%;height:calc( 4em - 1px );border-bottom:1px solid #cfcfcf;background-color:#fff;z-index:9}#WRAPPER>#MENU-SIDE{display:block;position:fixed;top:4em;left:0;width:15em;height:calc( 100% - 4em );box-shadow:2px 1px 3px #ddd;background-color:#32323a;transition:all .3s;z-index:10}#WRAPPER>#CONTAINER{display:flex;position:absolute;top:4em;left:15em;width:calc( 100% - 15em - 2*1em );min-height:calc( 100% - 4em - 2*1em );padding:1em;flex-direction:row;justify-content:space-between;overflow-x:none;overflow-y:auto}#LOGIN{display:flex;position:fixed;top:0;left:-100%;width:100%;height:100%;flex-direction:row;flex-wrap:nowrap;justify-content:space-around;align-items:center;background-color:#32323a;transition:left .3s ease-in-out;z-index:101}#LOGIN.active{left:0}#LOGIN>#login-icon{width:35em;height:10em;background:url("/f/svg/icon/st") center center no-repeat;background-size:auto 100%}#LOGIN>#login-form{display:block}#LOGIN>#login-form>input[type='text'],#LOGIN>#login-form>input[type='password'],#LOGIN>#login-form>input[type='submit']{display:flex;width:20em;margin:2em 0;padding:1em 2em;flex-direction:column;justify-content:space-around;flex-wrap:nowrap;align-items:middle;border-radius:5px;border:1px solid #6b6b6b;background-color:#32323a;color:#fff;font-weight:bold;letter-spacing:.07em;transition:border .2s ease-in-out;cursor:default}#LOGIN>#login-form>input[type='text']:hover,#LOGIN>#login-form>input[type='text']:focus,#LOGIN>#login-form>input[type='password']:hover,#LOGIN>#login-form>input[type='password']:focus,#LOGIN>#login-form>input[type='submit']:hover,#LOGIN>#login-form>input[type='submit']:focus{border-color:#53d192}#LOGIN>#login-form>input[type='submit']{margin:2em auto;border:0;background-color:#53d192;color:#fff;font-weight:bold;cursor:pointer}#LOGIN>#login-form>input[type='submit']:hover{background-color:#33be79;box-shadow:0 0 1em #1a1a1f}#LOGIN>#login-form>#lost-password{color:#ddd;cursor:pointer}#LOGIN>#login-form>#lost-password:hover{color:#53d192;text-decoration:underline}#LOGIN>#login-close{display:block;position:absolute;top:2em;right:2em;min-width:2em;height:2em;background:url("/f/svg/back/st/container/ffffff") right center no-repeat;background-size:1em;color:#fff;padding-right:2em;line-height:2em;font-weight:bold;cursor:pointer}
|
||||
/*# sourceMappingURL=layout.css.map */
|
||||
|
|
|
@ -136,7 +136,7 @@ body{
|
|||
/* (2.1) Champs de texte (login/password) */
|
||||
& > input[type='text'],
|
||||
& > input[type='password'],
|
||||
& > input[type='button']{
|
||||
& > input[type='submit']{
|
||||
display: flex;
|
||||
width: 20em;
|
||||
|
||||
|
@ -173,7 +173,7 @@ body{
|
|||
|
||||
|
||||
/* (2.2) Bouton de connexion */
|
||||
& > input[type='button']{
|
||||
& > input[type='submit']{
|
||||
margin: 2em auto;
|
||||
|
||||
border: 0;
|
||||
|
|
72
doc/bdd.sql
72
doc/bdd.sql
|
@ -3,7 +3,7 @@
|
|||
-- http://www.phpmyadmin.net
|
||||
--
|
||||
-- Host: localhost
|
||||
-- Generation Time: Apr 10, 2016 at 12:22 PM
|
||||
-- Generation Time: Apr 12, 2016 at 05:32 PM
|
||||
-- Server version: 5.6.28-0ubuntu0.15.10.1
|
||||
-- PHP Version: 5.6.11-1ubuntu3.1
|
||||
|
||||
|
@ -22,13 +22,35 @@ SET time_zone = "+00:00";
|
|||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Table structure for table `api_token`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `api_token` (
|
||||
`id_token` int(11) NOT NULL,
|
||||
`token` varchar(40) NOT NULL,
|
||||
`name` varchar(50) NOT NULL,
|
||||
`expires` date NOT NULL
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=49 DEFAULT CHARSET=latin1;
|
||||
|
||||
--
|
||||
-- Dumping data for table `api_token`
|
||||
--
|
||||
|
||||
INSERT INTO `api_token` (`id_token`, `token`, `name`, `expires`) VALUES
|
||||
(38, '48e701d4e72e4e35bc37c9a800b49d5400734d7b', 'test', '2016-04-11'),
|
||||
(39, '935fe104d0e64d36e466c7a0a1c9773e3d7521c5', 'user#1', '2016-04-22'),
|
||||
(48, 'bba06e9b01f5ac00798d6cf241d8bf105da0f25a', 'user#2', '2016-05-02');
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Table structure for table `Categories`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `Categories` (
|
||||
`idCategorie` int(11) NOT NULL,
|
||||
`intitule` varchar(32) NOT NULL
|
||||
`intitule` varchar(40) NOT NULL
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=latin1;
|
||||
|
||||
--
|
||||
|
@ -75,7 +97,7 @@ CREATE TABLE IF NOT EXISTS `Personnes` (
|
|||
`nom` varchar(255) DEFAULT NULL,
|
||||
`prenom` varchar(255) DEFAULT NULL,
|
||||
`id_facebook` int(11) DEFAULT NULL,
|
||||
`telephone` int(11) DEFAULT NULL
|
||||
`telephone` varchar(10) DEFAULT NULL
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=2 DEFAULT CHARSET=latin1;
|
||||
|
||||
--
|
||||
|
@ -136,10 +158,38 @@ CREATE TABLE IF NOT EXISTS `ReponsesUtilisateurs` (
|
|||
`idUtilisateur` int(11) NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
-- Table structure for table `users`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `users` (
|
||||
`id_user` int(11) NOT NULL,
|
||||
`login` varchar(30) NOT NULL,
|
||||
`password` varchar(40) NOT NULL,
|
||||
`mail` varchar(255) NOT NULL,
|
||||
`reference` int(11) DEFAULT NULL,
|
||||
`permission` text NOT NULL
|
||||
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=latin1;
|
||||
|
||||
--
|
||||
-- Dumping data for table `users`
|
||||
--
|
||||
|
||||
INSERT INTO `users` (`id_user`, `login`, `password`, `mail`, `reference`, `permission`) VALUES
|
||||
(1, 'xdrm', '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8', 'xdrm@xdrm.io', NULL, 'admin,user');
|
||||
|
||||
--
|
||||
-- Indexes for dumped tables
|
||||
--
|
||||
|
||||
--
|
||||
-- Indexes for table `api_token`
|
||||
--
|
||||
ALTER TABLE `api_token`
|
||||
ADD PRIMARY KEY (`id_token`);
|
||||
|
||||
--
|
||||
-- Indexes for table `Categories`
|
||||
--
|
||||
|
@ -201,10 +251,21 @@ ALTER TABLE `ReponsesUtilisateurs`
|
|||
ADD KEY `index_ReponsesUtilisateurs` (`idQuestion`),
|
||||
ADD KEY `index_ReponsesUtilisateurs_idPersonne` (`idUtilisateur`);
|
||||
|
||||
--
|
||||
-- Indexes for table `users`
|
||||
--
|
||||
ALTER TABLE `users`
|
||||
ADD PRIMARY KEY (`id_user`);
|
||||
|
||||
--
|
||||
-- AUTO_INCREMENT for dumped tables
|
||||
--
|
||||
|
||||
--
|
||||
-- AUTO_INCREMENT for table `api_token`
|
||||
--
|
||||
ALTER TABLE `api_token`
|
||||
MODIFY `id_token` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=49;
|
||||
--
|
||||
-- AUTO_INCREMENT for table `Categories`
|
||||
--
|
||||
|
@ -236,6 +297,11 @@ ALTER TABLE `ReponsesAttendues`
|
|||
ALTER TABLE `ReponsesUtilisateurs`
|
||||
MODIFY `idReponseUtilisateur` int(11) NOT NULL AUTO_INCREMENT;
|
||||
--
|
||||
-- AUTO_INCREMENT for table `users`
|
||||
--
|
||||
ALTER TABLE `users`
|
||||
MODIFY `id_user` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=3;
|
||||
--
|
||||
-- Constraints for dumped tables
|
||||
--
|
||||
|
||||
|
|
30
index.php
30
index.php
|
@ -5,6 +5,10 @@
|
|||
use \router\Router;
|
||||
use \manager\ResourceDispatcher;
|
||||
use \manager\ModuleRequest;
|
||||
use \manager\ManagerError;
|
||||
use \manager\Database;
|
||||
|
||||
|
||||
|
||||
/*******************************************/
|
||||
/* DEBUGGER */
|
||||
|
@ -13,7 +17,33 @@
|
|||
/*******************************************/
|
||||
|
||||
|
||||
/* [1] Gestion des utilisateurs
|
||||
=========================================================*/
|
||||
/* (1) Valeurs par defaut */
|
||||
if( !isset($_SESSION['userid']) ) $_SESSION['userid'] = null;
|
||||
if( !isset($_SESSION['username']) ) $_SESSION['username'] = null;
|
||||
if( !isset($_SESSION['permission']) ) $_SESSION['permission'] = array();
|
||||
|
||||
/* (2) Gestion de la connection */
|
||||
$login_vars = isset($_POST['login']) && Database::check('varchar(255)', $_POST['login']);
|
||||
$login_vars = $login_vars && isset($_POST['password']) && Database::check('text', $_POST['password']);
|
||||
|
||||
// Status de login
|
||||
$_SESSION['login_status'] = 'no';
|
||||
|
||||
// Si les parametres de connection, on essaie de connecter
|
||||
if( $login_vars ){
|
||||
$login = new ModuleRequest('users/login', array('login' => $login, 'password' => $password));
|
||||
$login_ans = $login->dispatch();
|
||||
|
||||
// Si aucune erreur, on dit qu'on vient de se connecter
|
||||
if( $login_ans->ModuleError == ManagerError::Success )
|
||||
$_SESSION['login_status'] = 'logged';
|
||||
|
||||
// Si on n'a pas les bonnes donnees
|
||||
else
|
||||
$_SESSION['login_status'] = 'error';
|
||||
}
|
||||
|
||||
|
||||
/* [0] On initialise le routeur
|
||||
|
|
|
@ -207,11 +207,7 @@
|
|||
var LOGIN = {
|
||||
show: document.getElementById('user-data'),
|
||||
hide: document.getElementById('login-close'),
|
||||
page: document.getElementById('LOGIN'),
|
||||
|
||||
login: document.getElementById('login-login'),
|
||||
password: document.getElementById('login-password'),
|
||||
submit: document.getElementById('login-submit')
|
||||
page: document.getElementById('LOGIN')
|
||||
};
|
||||
|
||||
/* (1) Gestion de l'affichage de la page de login */
|
||||
|
@ -220,22 +216,4 @@
|
|||
/* (2) Gestion de la fermeture de la page de login */
|
||||
LOGIN.hide.addEventListener('click', function(e){ LOGIN.page.className = ''; }, false);
|
||||
|
||||
/* (3) Gestion du login */
|
||||
LOGIN.submit.addEventListener('click', function(e){
|
||||
// Creation de la requete de connexion
|
||||
var request = {
|
||||
path: 'users/login',
|
||||
login: LOGIN.login.value,
|
||||
password: LOGIN.password.value
|
||||
};
|
||||
|
||||
// On lance la requete et recupere la reponse
|
||||
api.send(request, function(answer){
|
||||
console.log( answer );
|
||||
if( answer.ModuleError == 0 ) // Si on est bien connecte, on recharge la page
|
||||
document.location = '/';
|
||||
}, js_access_token);
|
||||
|
||||
}, false);
|
||||
|
||||
// }
|
|
@ -137,7 +137,13 @@
|
|||
public function serialize(){
|
||||
|
||||
// On rajoute l'erreur au message
|
||||
$returnData = array_merge( array('ModuleError' => $this->error, 'ErrorDescription' => ManagerError::explicit($this->error)), $this->data );
|
||||
$returnData = array_merge(
|
||||
array(
|
||||
'ModuleError' => $this->error,
|
||||
'ErrorDescription' => ManagerError::explicit($this->error)
|
||||
),
|
||||
$this->data
|
||||
);
|
||||
|
||||
return json_encode($returnData);
|
||||
|
||||
|
|
|
@ -18,19 +18,6 @@
|
|||
error_reporting(-1);
|
||||
}
|
||||
|
||||
/* [1] Gestion des droits des utilisateurs
|
||||
=========================================================*/
|
||||
/* (1) Retourne si l'utilisateur est connecte ou non */
|
||||
function connected(){ return isset($_SESSION['permission']) && count($_SESSION['permission']) > 0; }
|
||||
|
||||
/* (2) Retourne si l'utilisateur a le status en question */
|
||||
function permission($type){ return connected() && in_array($type, $_SESSION['permission']); }
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
@ -63,4 +50,15 @@
|
|||
/* On demarre la session securisee PHP
|
||||
=========================================================*/
|
||||
\manager\sessionManager::session_start();
|
||||
|
||||
|
||||
|
||||
/* [1] Gestion des droits des utilisateurs
|
||||
=========================================================*/
|
||||
/* (1) Retourne si l'utilisateur est connecte ou non */
|
||||
function connected(){ return isset($_SESSION['permission']) && count($_SESSION['permission']) > 0; }
|
||||
|
||||
/* (2) Retourne si l'utilisateur a le status en question */
|
||||
function permission($type){ return connected() && in_array($type, $_SESSION['permission']); }
|
||||
|
||||
?>
|
|
@ -29,7 +29,7 @@
|
|||
session_id( $session_id );
|
||||
|
||||
// Precaution: on met a jour le cookie
|
||||
setcookie('PHPSESSID', session_id(), time()+60*30 );
|
||||
setcookie( 'PHPSESSID', session_id(), time()+60*30 );
|
||||
|
||||
// On redemarre la session avec le bon id session
|
||||
\session_start();
|
||||
|
@ -51,7 +51,7 @@
|
|||
|
||||
// On definit le token en cookie
|
||||
$_COOKIE['session_token'] = $_SESSION['session_token'];
|
||||
setcookie('session_token', $_COOKIE['session_token'], time()+60*30 );
|
||||
setcookie( 'session_token', $_COOKIE['session_token'], time()+60*30 );
|
||||
}
|
||||
|
||||
/************/
|
||||
|
|
18
view.php
18
view.php
|
@ -1,14 +1,6 @@
|
|||
<?php use \manager\ResourceDispatcher;
|
||||
|
||||
/* [1] Gestion des utilisateurs
|
||||
=========================================================*/
|
||||
/* (1) Valeurs par defaut */
|
||||
if( !isset($_SESSION['userid']) ) $_SESSION['userid'] = null;
|
||||
if( !isset($_SESSION['username']) ) $_SESSION['username'] = null;
|
||||
if( !isset($_SESSION['permission']) ) $_SESSION['permission'] = array();
|
||||
<?php use \manager\ResourceDispatcher; ?>
|
||||
|
||||
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
|
@ -44,17 +36,17 @@
|
|||
<?php if( connected() ) echo "<div id='LOGIN'>";
|
||||
else echo "<div id='LOGIN' class='active'>"; ?>
|
||||
|
||||
|
||||
<?php var_dump(session_id()); ?>
|
||||
<div id='login-icon'></div>
|
||||
<div id='login-close'>Accéder à la plateforme</div>
|
||||
|
||||
<div id='login-form'>
|
||||
<form method='POST' action='/' id='login-form'>
|
||||
<input type='text' placeholder='Identifiant ou adresse mail' id='login-login'>
|
||||
<input type='password' placeholder='Mot de passe' id='login-password'>
|
||||
<input type='button' value='Connexion' id='login-submit'>
|
||||
<input type='submit' value='Connexion' id='login-submit'>
|
||||
|
||||
<span id='lost-password'>Mot de passe oublié ?</span>
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
|
||||
|
|
Loading…
Reference in New Issue