From 76d746937840239f43065a7623478bb2706489ac Mon Sep 17 00:00:00 2001 From: sebdivinity <38128077+sebdivinity@users.noreply.github.com> Date: Fri, 27 Apr 2018 15:36:22 +0200 Subject: [PATCH] Add files via upload --- bOffice - Users.php | 326 +++++++++++++++--------------- bOffice - footer.php | 5 +- bOffice - header.php | 21 +- bOffice - ticket.php | 176 ++++++++++++++++ bOffice - ticketsClosed.php | 67 ++++++ bOffice - ticketsMenu.php | 48 +++++ bOffice - ticketsOpen.php | 51 +++++ bOffice - ticketsToDo.php | 45 +++++ conf.inc.php | 12 +- contact.php | 10 +- css/styleBO.css | 87 +++++++- functions.php | 117 +++++++---- header.php | 92 ++------- logPromotion.txt | 13 ++ script/bOffice - updateTicket.php | 182 +++++++++++++++++ script/newTicket.php | 8 +- script/updateTicket.php | 28 +-- script/updateUser.php | 159 +++++++-------- signup.php | 35 +++- 19 files changed, 1089 insertions(+), 393 deletions(-) create mode 100644 bOffice - ticket.php create mode 100644 bOffice - ticketsClosed.php create mode 100644 bOffice - ticketsMenu.php create mode 100644 bOffice - ticketsOpen.php create mode 100644 bOffice - ticketsToDo.php create mode 100644 logPromotion.txt create mode 100644 script/bOffice - updateTicket.php diff --git a/bOffice - Users.php b/bOffice - Users.php index 289a69e..eb34986 100644 --- a/bOffice - Users.php +++ b/bOffice - Users.php @@ -2,7 +2,7 @@ require "bOffice - header.php"; $time = getTimeForLog(); -if(isset($_POST["cancelDelete"])){ +if(isset($_POST["cancelDelete"]) && isset($_SESSION["cancelDelete"])){ foreach ($_SESSION["cancelDelete"] as $key2 => $value2) { @@ -28,10 +28,10 @@ $query = $connection->prepare("INSERT INTO member(".$columnName.") VALUES(".$valuesInserted.")"); $query->execute(); $file = fopen('logDelete.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a annulé la suppression du membre ".$_SESSION["cancelDelete"]["member_lastname"]." ".$_SESSION["cancelDelete"]["member_firstname"]." email : ".$_SESSION["cancelDelete"]["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); - echo '

Action effectué : La suppression du membre '.$_SESSION["cancelDelete"]["member_lastname"].' '.$_SESSION["cancelDelete"]["member_firstname"].' à bien été annuler

'; - + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a annulé la suppression du membre ".$_SESSION["cancelDelete"]["member_lastname"]." ".$_SESSION["cancelDelete"]["member_firstname"]." email : ".$_SESSION["cancelDelete"]["member_email"]." le : ".$time."\r\n"); + fclose($file); + echo '

Action effectué : La suppression du membre '.$_SESSION["cancelDelete"]["member_lastname"].' '.$_SESSION["cancelDelete"]["member_firstname"].' a bien été annulé$_POST["emailOfUserDelete"] ]); $result = $query->fetch(PDO::FETCH_ASSOC); - $cancel = '
'; - $_SESSION["cancelDelete"] = $result; - if($result["member_status"] != 2 && $_SESSION["admin"]){ - $query = $connection->prepare("DELETE FROM member where member_email= :email"); - $query->execute([ - "email"=>$_POST["emailOfUserDelete"] - ]); - $file = fopen('logDelete.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a supprimé le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); - echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' à bien été supprimé

'.$cancel.'
'; + if(!empty($result)){ + $_SESSION["cancelDelete"] = $result; + $cancel = '
'; + + if($result["member_status"] != 2 && $_SESSION["admin"]){ + $query = $connection->prepare("DELETE FROM member where member_email= :email"); + $query->execute([ + "email"=>$_POST["emailOfUserDelete"] + ]); + $file = fopen('logDelete.txt', 'a+'); + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a supprimé le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$time."\r\n"); + fclose($file); + echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' a bien été supprimé

'.$cancel.'
'; + } + + else{ + echo '

Erreur: Vous n\'avez pas les droits pour effectuer cette action

'; + } } else{ -?> -

Erreur: Vous n'avez pas les droits pour effectuer cette action

-

Erreur: Vous n\'avez pas les droits pour effectuer cette action

'; } } - if(isset($_POST["emailOfUserPromote"])){ $connection = connectDB(); @@ -75,14 +81,14 @@ "email"=>$_POST["emailOfUserPromote"] ]); $file = fopen('logPromotion.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a promu le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a promu le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$time."\r\n"); + fclose($file); echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' à bien été promu Modérateur

'; } else{ -?> -

Erreur: Vous n'avez pas les droits pour effectuer cette action

- +

Erreur: Vous n'avez pas les droits pour effectuer cette action

+ $_POST["emailOfUserDemote"] ]); $file = fopen('logPromotion.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a déchu le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a déchu le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$time."\r\n"); + fclose($file); echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' à bien été déchu Membre

'; } else{ -?> -

Erreur: Vous n'avez pas les droits pour effectuer cette action

- +

Erreur: Vous n'avez pas les droits pour effectuer cette action

+ $_POST["emailOfUserUnban"] ]); $file = fopen('logBan.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a débanni le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a débanni le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$time."\r\n"); + fclose($file); echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' à bien été débanni

'; } else{ -?> -

Erreur: Vous n'avez pas les droits pour effectuer cette action

- +

Erreur: Vous n'avez pas les droits pour effectuer cette action

+ $_POST["emailOfUserBan"] ]); $file = fopen('logBan.txt', 'a+'); - fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a banni le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$actualDate."\r\n"); - fclose($file); + fwrite($file, $_SESSION["status"]." : ".$_SESSION["name"]." ".$_SESSION["firstName"]." a banni le membre ".$result["member_lastname"]." ".$result["member_firstname"]." email : ".$result["member_email"]." le : ".$time."\r\n"); + fclose($file); echo '

Action effectué : Le membre '.$result["member_lastname"].' '.$result["member_firstname"].' à bien été banni

'; } else{ -?> -

Erreur: Vous n'avez pas les droits pour effectuer cette action

- +

Erreur: Vous n'avez pas les droits pour effectuer cette action

+ -
- - - - - - - - - - +
+
Nom de famillePrénomEmailStatutActions
+ + + + + + + + + + - prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member WHERE member_status = :status"); + if(empty($_POST["searchLastname"]) && empty($_POST["searchFirstname"]) && empty($_POST["searchEmail"]) && isset($_POST["searchStatus"])){ - $query->execute([ - "status"=>$_POST["searchStatus"] - ]); - } + $connection = connectDB(); - elseif(!empty($_POST["searchLastname"]) || !empty($_POST["searchFirstname"]) || !empty($_POST["searchEmail"]) || !empty($_POST["searchStatus"])){ - $connection = connectDB(); - $query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member WHERE member_lastname= :lastName OR member_firstname= :firstName OR member_email= :email OR member_status= :status"); + $query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member WHERE member_status = :status"); - $query->execute([ - "lastName"=>$_POST["searchLastname"], - "firstName"=>$_POST["searchFirstname"], - "email"=>$_POST["searchEmail"], - "status"=>$_POST["searchStatus"] - ]); - } - - else{ - $connection = connectDB(); - - $query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member"); + $query->execute([ + "status"=>$_POST["searchStatus"] + ]); + } - $query->execute(); - } + elseif(!empty($_POST["searchLastname"]) || !empty($_POST["searchFirstname"]) || !empty($_POST["searchEmail"]) || !empty($_POST["searchStatus"])){ + $connection = connectDB(); + $query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member WHERE member_lastname= :lastName OR member_firstname= :firstName OR member_email= :email OR member_status= :status"); - $result = $query->fetchAll(PDO::FETCH_ASSOC); + $query->execute([ + "lastName"=>$_POST["searchLastname"], + "firstName"=>$_POST["searchFirstname"], + "email"=>$_POST["searchEmail"], + "status"=>$_POST["searchStatus"] + ]); + } - foreach ($result as $value){ - echo ""; - foreach ($value as $key => $value2){ - if($key == "member_status"){ - echo ""; + foreach ($value as $key => $value2){ + if($key == "member_status"){ + echo ""; + $statusOfMember = $value2; + } - default: - echo "erreur - statut non existant"; + else{ + echo ""; } - echo ""; - $statusOfMember = $value2; - } - else{ - echo ""; + if($key == "member_email"){ + $emailOfMember = $value2; + } } + $beginButton = ''; - if($key == "member_email"){ - $emailOfMember = $value2; - } - } - $beginButton = ''; - - $eraseButton = ($_SESSION["admin"])? '
-
- - - + $eraseButton = ($_SESSION["admin"])? '
+
+ + +
': ""; - if(($_SESSION["moderateur"] && $statusOfMember != 1 && $statusOfMember != 3) || ($_SESSION["admin"] && $statusOfMember != 2 && $statusOfMember !=3)){ - $banButton ='
+ if(($_SESSION["moderateur"] && $statusOfMember != 1 && $statusOfMember != 3) || ($_SESSION["admin"] && $statusOfMember != 2 && $statusOfMember !=3)){ + $banButton ='
- - + + -
'; - } - elseif ($statusOfMember == 3) { - $banButton = '
+
'; + } + elseif ($statusOfMember == 3) { + $banButton = '
- - + + -
'; - } - else{ - $banButton = ""; - } +
'; + } + else{ + $banButton = ""; + } - if($statusOfMember == 0 && $_SESSION["admin"]){ - $rankButton = '
+ if($statusOfMember == 0 && $_SESSION["admin"]){ + $rankButton = '
- - + + -
'; - } +
'; + } - elseif($statusOfMember == 1 && $_SESSION["admin"]){ - $rankButton = '
+ elseif($statusOfMember == 1 && $_SESSION["admin"]){ + $rankButton = '
- - + + -
'; - } - - else{ - $rankButton =""; - } - echo ($statusOfMember==2)? "
": $beginButton.$banButton.$eraseButton.$rankButton.$endButton; + '; + } + + else{ + $rankButton =""; + } + echo ($statusOfMember==2)? "": $beginButton.$banButton.$rankButton.$eraseButton.$endButton; } - echo "
Nom de famillePrénomEmailStatutActions
-
+
-
+
-
+
-
+
-
-
+
+
"; - switch ($value2){ - case 0: - echo "Membre"; - break; + else{ + $connection = connectDB(); - case 1: - echo "Modérateur"; - break; + $query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member"); - case 2: - echo "Administrateur"; - break; + $query->execute(); + } - case 3: - echo "Banni"; - break; + $result = $query->fetchAll(PDO::FETCH_ASSOC); + + foreach ($result as $value){ + echo "
"; + switch ($value2){ + case 0: + echo "Membre"; + break; + + case 1: + echo "Modérateur"; + break; + + case 2: + echo "Administrateur"; + break; + + case 3: + echo "Banni"; + break; + + default: + echo "erreur - statut non existant"; + } + echo "".$value2."".$value2."
'; + $endButton = '
'; - $endButton = '
"; -?> -
+ ?> + + + \ No newline at end of file diff --git a/bOffice - footer.php b/bOffice - footer.php index b60a88d..70acdd2 100644 --- a/bOffice - footer.php +++ b/bOffice - footer.php @@ -1,3 +1,6 @@ - + + + + \ No newline at end of file diff --git a/bOffice - header.php b/bOffice - header.php index f8e547a..688b23c 100644 --- a/bOffice - header.php +++ b/bOffice - header.php @@ -3,6 +3,9 @@ require "conf.inc.php"; require "functions.php"; preventXSS($_POST); +// echo "
";
+// print_r($_SESSION);
+// echo "
"; if(isset($_SESSION["token"])){ $result = getinfo("*"); @@ -50,11 +53,19 @@
Vous êtes :
diff --git a/bOffice - ticket.php b/bOffice - ticket.php new file mode 100644 index 0000000..372094d --- /dev/null +++ b/bOffice - ticket.php @@ -0,0 +1,176 @@ +prepare("SELECT category_name,member_lastname,member_firstname,ticket.* FROM ticket,member,t_category where ticket_id= :id AND member_id=member AND t_category = category_id"); + $query->execute([ + "id"=>$_GET["ticket_id"] + ]); + $ticket = $query->fetch(PDO::FETCH_ASSOC); + + if(empty($ticket)){ + $_SESSION["falseTicket"] = true; + isset($_SESSION["location"])? Header("Location: ".$_SESSION["location"]) : Header("Location: bOffice - ticketsTodo.php"); + } + + $query = $connect->prepare("SELECT member_lastname, member_firstname FROM ticket,member where :author_last_update = member_id"); + $query->execute([ + "author_last_update"=> $ticket["author_last_update"] + ]); + $lastUpdate = $query->fetch(PDO::FETCH_ASSOC); + ?> +
+
+ "> +
+
+
+ +
+
Informations du ticket
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ID :
Statut : + +
Catégorie :
Auteur :
Auteur dernière MAJ :
Dernière mise à jour :
Date de création :
+
+
+ +
+
+
Titre :
+
+ $value) { + echo "
".$ticketErrorBackOffice[$value]."
"; + } + unset($_SESSION["ticketError"]); + } + ?> + + + + + + + + +
+
+ > + + +
+
+
+ +
+
+
+
Actions
+
+ + +
+
+ + + + + + + +
+
+
+
+ value=""> + +
+
+ +
+
+ "> + +
+
+ +
+
+ "> + +
+
+
+
+
+ + + + + + + + + + + + + + + + + + $ticket) { + if($ticket["state"] == 1 || $ticket["state"] == 2){ + $query = $connect->prepare("SELECT member_lastname, member_firstname FROM ticket,member where :author_last_update = member_id"); + $query->execute([ + "author_last_update"=> $ticket["author_last_update"] + ]); + $lastUpdate = $query->fetch(PDO::FETCH_ASSOC); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + ?> + + "; + } + ?> + +
IDCatégorieAuteurTitreAuteur dernière MAJMis à jourCréationStatutActions
".$ticket["ticket_id"]."".$ticket["category_name"]."".$ticket["member_firstname"]." ".$ticket["member_lastname"]."".$ticket["ticket_label"]."".$lastUpdate["member_firstname"]." ".$lastUpdate["member_lastname"]."".$ticket["last_update"]."".$ticket["ticket_date"].""; + switch ($ticket["state"]){ + case 1: + echo "Fermé"; + break; + + case 2: + echo "Fermé définitivement"; + break; + + default: + echo "erreur"; + } + echo " +
"> + +
+
+ + \ No newline at end of file diff --git a/bOffice - ticketsMenu.php b/bOffice - ticketsMenu.php new file mode 100644 index 0000000..fbdd3e2 --- /dev/null +++ b/bOffice - ticketsMenu.php @@ -0,0 +1,48 @@ + + +
+
+
+ +
+
+ +
+
+
+
+ +
+
+ +
+
+
+
+Ce ticket n'existe pas

"; + unset($_SESSION["falseTicket"]); +} + +if(isset($_GET["ticket_id"])){ + $connect = connectDB(); + $query = $connect->prepare("SELECT ticket_id,author_last_update, member_firstname, member_lastname,category_name,last_update,ticket_date,ticket_label,state,member FROM TICKET,MEMBER,T_CATEGORY where member = member_id AND category_id = t_category AND ticket_id= :ticket_id ORDER BY last_update DESC"); + $query->execute([ + "ticket_id"=>$_GET["ticket_id"] + ]); + $tickets = $query->fetchAll(PDO::FETCH_ASSOC); +} + +else{ + $connect = connectDB(); + $query = $connect->prepare("SELECT ticket_id,author_last_update, member_firstname, member_lastname,category_name,last_update,ticket_date,ticket_label,state,member FROM TICKET,MEMBER,T_CATEGORY where member = member_id AND category_id = t_category ORDER BY last_update DESC"); + $query->execute(); + $tickets = $query->fetchAll(PDO::FETCH_ASSOC); +} ?> \ No newline at end of file diff --git a/bOffice - ticketsOpen.php b/bOffice - ticketsOpen.php new file mode 100644 index 0000000..87cccea --- /dev/null +++ b/bOffice - ticketsOpen.php @@ -0,0 +1,51 @@ + + + + + + + + + + + + + + + + + $ticket) { + if($ticket["state"] == 0 && ($ticket["author_last_update"] != $ticket["member"])){ + $query = $connect->prepare("SELECT member_lastname, member_firstname FROM ticket,member where :author_last_update = member_id"); + $query->execute([ + "author_last_update"=> $ticket["author_last_update"] + ]); + $lastUpdate = $query->fetch(PDO::FETCH_ASSOC); + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + ?> + + "; + } + ?> + +
IDCatégorieAuteurTitreAuteur dernière MAJMis à jourCréationActions
".$ticket["ticket_id"]."".$ticket["category_name"]."".$ticket["member_firstname"]." ".$ticket["member_lastname"]."".$ticket["ticket_label"]."".$lastUpdate["member_firstname"]." ".$lastUpdate["member_lastname"]."".$ticket["last_update"]."".$ticket["ticket_date"]." +
"> + +
+
+ + \ No newline at end of file diff --git a/bOffice - ticketsToDo.php b/bOffice - ticketsToDo.php new file mode 100644 index 0000000..e51137c --- /dev/null +++ b/bOffice - ticketsToDo.php @@ -0,0 +1,45 @@ + + + + + + + + + + + + + + + + $ticket) { + if(($ticket["state"] == 0 && ($ticket["author_last_update"] == $ticket["member"])) || $ticket["state"] == 3){ + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + echo ""; + ?> + + "; + } + ?> + +
IDCatégorieAuteurTitreMis à jourCréationActions
".$ticket["ticket_id"]."".$ticket["category_name"]."".$ticket["member_firstname"]." ".$ticket["member_lastname"]."".$ticket["ticket_label"]."".$ticket["last_update"]."".$ticket["ticket_date"]." +
"> + +
+
+ + \ No newline at end of file diff --git a/conf.inc.php b/conf.inc.php index bd5c3ce..57edcea 100644 --- a/conf.inc.php +++ b/conf.inc.php @@ -47,11 +47,21 @@ $categoryOfContact = [ 1=>"Idée", 2=>"Problème", - 3=>"Commerciale" + 3=>"Commercial" ]; $listOfTicketError = [ 1=>"La catégorie n'est pas valide.", 2=>"Le titre doit faire entre 4 et 60 caractères.", 3=>"Le contenu du ticket doit faire entre 10 et 1 000 caractères.", +]; + +$ticketErrorBackOffice =[ + 1=>"Ce ticket est fermé.", + 2=>"Ce ticket est définitivement fermé.", + 3=>"Ce ticket est déjà ouvert.", + 4=>"Le message est vide.", + 5=>"Ce ticket est déjà fermé.", + 6=>"Ce ticket est définitivement fermé, aucune action n'est possible dessus.", + 7=>"Ce ticket est déjà en traitement" ]; \ No newline at end of file diff --git a/contact.php b/contact.php index 4a88c1f..2d906d4 100644 --- a/contact.php +++ b/contact.php @@ -61,15 +61,13 @@
-
+
-
+
- + $value) { @@ -77,8 +75,8 @@ } } ?> -
+
diff --git a/css/styleBO.css b/css/styleBO.css index 148eb86..857e206 100644 --- a/css/styleBO.css +++ b/css/styleBO.css @@ -1,3 +1,4 @@ +/* CSS bOffice - Header */ .title{ margin-top:10px; text-align: center; @@ -17,14 +18,87 @@ header{ padding-top:10px; } +.bOfficeTitle{ + margin-top:0; +} + +.bOfficeNavigation{ + padding:0; +} + +.dropmenu{ + background-color:#DED9D9; +} + +.dropmenu a:hover{ + color:white; + background-color:grey; +} + +/* CSS Users.php */ +.table-striped tbody tr:nth-of-type(1) { + background-color:dimgray +} + +.erreur{ + color:red; +} + .actionButton{ padding-right:5px; } -.erreur{ +.deleteButton:hover{ + background-color:red; + color:white; +} + +.button:hover{ + background-color:black; + color:white; +} + +.cancelButton{ + background-color:red; + color:white; +} + +.cancelButton:hover{ + background-color:white; color:red; + border:2px solid red; +} + +/*CSS Tickets.php*/ +.openButton:hover{ + background-color:white; + border:1px solid grey; +} + +.ticketInfo{ + position:fixed; } +.locationMenu button{ + background-color:blue; + color:white; +} + +.button[disabled]:hover{ + background-color:buttonface; + color:grey; +} + +.actions{ + padding-right:0px; +} + +.research{ + margin-left:5px; + margin-bottom:5px; +} + +/* CSS ALL PAGES */ .succes{ color:green; } @@ -33,10 +107,7 @@ h5{ color:red; } -.bOfficeTitle{ - margin-top:0; -} - -.bOfficeNavigation{ - padding:0; -} +thead{ + color:white; + background-color:#211F2B; +} \ No newline at end of file diff --git a/functions.php b/functions.php index 43c5f49..573bedd 100644 --- a/functions.php +++ b/functions.php @@ -3,14 +3,14 @@ require_once "conf.inc.php"; function connectDB(){ - try{ - $connection = new PDO(DBDRIVER.":host=".DBHOST.";dbname=".DBNAME.";charset=".CHARSET,DBUSER,DBPWD); - $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - } - catch(Exception $e){ - die("Erreur SQL :".$e->getMessage()); - } - return $connection; + try{ + $connection = new PDO(DBDRIVER.":host=".DBHOST.";dbname=".DBNAME.";charset=".CHARSET,DBUSER,DBPWD); + $connection->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); + } + catch(Exception $e){ + die("Erreur SQL :".$e->getMessage()); + } + return $connection; } function isConnected(){ @@ -26,9 +26,9 @@ function createToken(){ function preventXSS(){ foreach ($_POST as $key => $value) { - $_POST[$key] = htmlspecialchars($_POST[$key]); -} - return $_POST; + $_POST[$key] = htmlspecialchars($_POST[$key]); + } + return $_POST; } /*function findLocation(){ @@ -43,28 +43,28 @@ function preventXSS(){ function Location(){ if(isset($_SESSION["previousLocation"]) && !empty($_SESSION["previousLocation"])){ - $newLocation = $_SESSION["previousLocation"]; - unset($_SESSION["previousLocation"]); - - if(isset($_SESSION["signUp"])){ - unset($_SESSION["signUp"]); - return header("Location: ../".$newLocation); - } - else{ - return header("Location: ".$newLocation); - } - } - else{ - if(isset($_SESSION["signUp"]) && $_SESSION["signUp"]){ - unset($_SESSION["signUp"]); - return header("Location: ../index.php"); - } - elseif(isset($_SESSION["signUp"]) && !$_SESSION["signUp"]){ - return header("Location: ../signup.php"); - } - else - return header("Location: index.php"); - } + $newLocation = $_SESSION["previousLocation"]; + unset($_SESSION["previousLocation"]); + + if(isset($_SESSION["signUp"])){ + unset($_SESSION["signUp"]); + return header("Location: ../".$newLocation); + } + else{ + return header("Location: ".$newLocation); + } + } + else{ + if(isset($_SESSION["signUp"]) && $_SESSION["signUp"]){ + unset($_SESSION["signUp"]); + return header("Location: ../index.php"); + } + elseif(isset($_SESSION["signUp"]) && !$_SESSION["signUp"]){ + return header("Location: ../signup.php"); + } + else + return header("Location: index.php"); +} } function connectUser() @@ -91,12 +91,12 @@ function connectUser() unset($_SESSION["pwdConnect"]); unset($_SESSION["emailConnect"]); return location(); - }else{ - echo "NOK"; - $file = fopen('log.txt', 'a+'); - fwrite($file, $_POST["emailConnect"] . " -> " . $_POST["pwdConnect"] . "\r\n"); - fclose($file); - } + }else{ + echo "NOK"; + $file = fopen('log.txt', 'a+'); + fwrite($file, $_POST["emailConnect"] . " -> " . $_POST["pwdConnect"] . "\r\n"); + fclose($file); + } } function getInfo($column){ @@ -104,10 +104,10 @@ function getInfo($column){ if(isset($column)){ $connection = connectDB(); $query = $connection->prepare("SELECT ".$column." FROM member WHERE member_id = :id AND member_token = :token;"); - $query->execute([ - "id"=> $_SESSION["id"], - "token" => $_SESSION["token"] - ]); + $query->execute([ + "id"=> $_SESSION["id"], + "token" => $_SESSION["token"] + ]); $result = $query->fetch(PDO::FETCH_ASSOC); return $result; } @@ -132,7 +132,7 @@ function unsetAdmin(){ unset($_SESSION["firstName"]); } -function ticketInformation(){ +function ticketID(){ if(isset($_POST["closeTicket"])){ $ticketID = $_POST["closeTicket"]; } @@ -145,6 +145,23 @@ function ticketInformation(){ $ticketID = $_POST["reopenTicket"]; } + elseif(isset($_POST["defCloseTicket"])){ + $ticketID = $_POST["defCloseTicket"]; + } + + elseif(isset($_POST["backToTreatment"])){ + $ticketID = $_POST["backToTreatment"]; + } + + else{ + return; + } + + return $ticketID; +} + +function ticketInformation(){ + $ticketID = ticketID($_POST); $userInfo = getInfo("member_id"); $connection = connectDB(); $query = $connection->prepare("SELECT * FROM ticket WHERE member= :member_id AND ticket_id= :id"); @@ -156,6 +173,18 @@ function ticketInformation(){ return $result; } +function ticketInformationBackOffice(){ + $ticketID = ticketID($_POST); + $userInfo = getInfo("member_id"); + $connection = connectDB(); + $query = $connection->prepare("SELECT * FROM ticket WHERE ticket_id= :id"); + $query->execute([ + "id"=>$ticketID + ]); + $result = $query->fetch(PDO::FETCH_ASSOC); + return $result; +} + function getTimeForLog(){ $time = time(); $date = new DateTime("now", new DateTimeZone('Europe/Paris')); diff --git a/header.php b/header.php index f42d860..254a2d4 100644 --- a/header.php +++ b/header.php @@ -3,13 +3,7 @@ require_once "functions.php"; preventXSS($_POST); unsetAdmin(); - -if (count($_POST) == 2 && isset($_POST["emailConnect"]) && isset($_POST["pwdConnect"])) { - $_SESSION["emailConnect"] = strtolower($_POST["emailConnect"]); - $_SESSION["pwdConnect"] = $_POST["pwdConnect"]; - connectUser(); - -} +print_r($_SESSION); if(isset($_POST["disconnect"]) && $_POST["disconnect"] == "disconnect"){ session_unset(); @@ -71,78 +65,36 @@
  • Forum
    • - -
  • - S'inscrire -
    • -
  • - -
    • - -
  • - Admin -
    • -
  • - -
    - -
    - Mon profil - Mes tickets - Mes événements (TODO) -
    -
    - -
    -
    -
    + Admin +
    • + +
  • + S'inscrire/Se connecter +
    • + +
  • +
    + +
    • -
    - - - + diff --git a/logPromotion.txt b/logPromotion.txt new file mode 100644 index 0000000..3e0ad9c --- /dev/null +++ b/logPromotion.txt @@ -0,0 +1,13 @@ +Administrateur : MIREAU Sébastien a promu le membre ONE Paul email : p.one@gmail.com le : +Administrateur : MIREAU Sébastien a déchu le membre ONE Paul email : p.one@gmail.com le : +Administrateur : MIREAU Sébastien a promu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:17m:54s +Administrateur : MIREAU Sébastien a déchu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:17m:55s +Administrateur : MIREAU Sébastien a promu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:20m:54s +Administrateur : MIREAU Sébastien a déchu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:20m:55s +Administrateur : MIREAU Sébastien a promu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:20m:56s +Administrateur : MIREAU Sébastien a déchu le membre TEXIER Antonin email : antonin-texier@gmail.com le : 23/04/2018 à 14h:20m:56s +Administrateur : MIREAU Sébastien a promu le membre MIREAU Sébastien email : sebastien.mireau@moderateur.fr le : 23/04/2018 à 16h:00m:40s +Administrateur : MIREAU Sébastien a promu le membre MIREAU Sébastien email : sebastien.mireau@moderateur.fr le : 23/04/2018 à 16h:01m:49s +Administrateur : MIREAU Sébastien a promu le membre MIREAU Sébastien email : sebastien.mireau@moderateur.fr le : 23/04/2018 à 16h:23m:03s +Administrateur : MIREAU Sébastien a promu le membre MIREAU Sébastien email : sebastien.mireau@moderateur.fr le : 23/04/2018 à 16h:24m:35s +Administrateur : MIREAU Sébastien a promu le membre MODéRATEUR Seb email : sebastien.mireau@moderateur.fr le : 25/04/2018 à 13h:32m:19s diff --git a/script/bOffice - updateTicket.php b/script/bOffice - updateTicket.php new file mode 100644 index 0000000..c961951 --- /dev/null +++ b/script/bOffice - updateTicket.php @@ -0,0 +1,182 @@ +prepare("UPDATE ticket SET ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE ticket_id= :id"); + $query->execute([ + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." le ".$time." :
    ".$_POST["updateTicket"]."
    ", + "id"=>$_POST["ticketId"], + "author_last_update"=>$userInfo["member_id"] + ]); + + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["ticketId"]); + } + } + + elseif($ticket["state"] == 1){ + $listOfError[]= 2; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["ticketId"]); + } + + else{ + $listOfError[] = 3; + header("Location :../bOffice - ticket.php?ticket_id=".$_POST["ticketId"]); + } +} + +elseif(isset($_POST["reopenTicket"])){ + $ticket = ticketInformationBackOffice($_POST); + if(empty($ticket)){ + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["reopenTicket"]); + } + + elseif($ticket["state"] == 2){ + $listOfError[] = 6; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["reopenTicket"]); + } + + elseif($ticket["state"] == 0){ + $listOfError[] = 4; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["reopenTicket"]); + } + + else{ + $time = getTimeForLog(); + $userInfo = getInfo("member_id,member_firstname,member_lastname"); + $connection = connectDB(); + $query = $connection->prepare("UPDATE TICKET set state= :state, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE ticket_id= :id"); + $query->execute([ + "state"=>0, + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a réouvert le ticket le ".$time."
    ", + "id"=>$_POST["reopenTicket"], + "author_last_update"=>$userInfo["member_id"] + ]); + + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["reopenTicket"]); + } +} + +elseif(isset($_POST["closeTicket"])){ + $ticket = ticketInformationBackOffice($_POST); + if(empty($ticket)){ + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["closeTicket"]); + } + + elseif($ticket["state"] == 2){ + $listOfError[] = 6; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["closeTicket"]); + } + + elseif($ticket["state"] == 1){ + $listOfError[] = 5; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["closeTicket"]); + } + + else{ + $time = getTimeForLog(); + $userInfo = getInfo("member_id, member_lastname, member_firstname"); + $connection = connectDB(); + $query = $connection->prepare("UPDATE ticket SET state= :status, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE ticket_id= :id"); + $query->execute([ + "status"=>1, + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a fermé le ticket le ".$time."
    ", + "id"=>$_POST["closeTicket"], + "author_last_update"=>$userInfo["member_id"] + ]); + + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["closeTicket"]); + } +} + + +elseif(isset($_POST["defCloseTicket"])){ + $ticket = ticketInformationBackOffice($_POST); + if(empty($ticket)){ + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["defCloseTicket"]); + } + + elseif($ticket["state"] == 2){ + $listOfError[] = 6; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["defCloseTicket"]); + } + + else{ + $time = getTimeForLog(); + $userInfo = getInfo("member_id, member_lastname, member_firstname"); + $connection = connectDB(); + $query = $connection->prepare("UPDATE ticket SET state= :status, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE ticket_id= :id"); + $query->execute([ + "status"=>2, + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a définitivement fermé ce ticket le ".$time."
    ", + "id"=>$_POST["defCloseTicket"], + "author_last_update"=>$userInfo["member_id"] + ]); + + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["defCloseTicket"]); + } +} + +elseif(isset($_POST["backToTreatment"])){ + $ticket = ticketInformationBackOffice($_POST); + if(empty($ticket)){ + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["backToTreatment"]); + } + + elseif($ticket["state"] == 2){ + $listOfError[] = 6; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["backToTreatment"]); + } + + elseif($ticket["state"] == 3 || ($ticket["state"] == 0 && $ticket["author_last_update"] == $ticket["member"])){ + $listOfError[] = 7; + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["backToTreatment"]); + } + + else{ + $time = getTimeForLog(); + $userInfo = getInfo("member_id, member_lastname, member_firstname"); + $connection = connectDB(); + $query = $connection->prepare("UPDATE ticket SET state= :status, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE ticket_id= :id"); + $query->execute([ + "status"=>3, + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a définitivement fermé ce ticket le ".$time."
    ", + "id"=>$_POST["backToTreatment"], + "author_last_update"=>$userInfo["member_id"] + ]); + + header("Location: ../bOffice - ticket.php?ticket_id=".$_POST["backToTreatment"]); + } +} + +else{ + $_SESSION["falseTicket"] = true; + isset($_SESSION["location"])? Header("Location: ../".$_SESSION["location"]): Header("Location: ../bOffice - ticketsToDo.php"); +} + +$_SESSION["ticketError"] = $listOfError; \ No newline at end of file diff --git a/script/newTicket.php b/script/newTicket.php index 8ac9334..bc931d6 100644 --- a/script/newTicket.php +++ b/script/newTicket.php @@ -22,6 +22,7 @@ } $_POST["ticket_label"] = ucfirst(trim(mb_strtolower($_POST["ticket_label"]))); + $_POST["ticket_content"] = trim($_POST["ticket_content"]); if(strlen($_POST["ticket_content"]) > 1000 || strlen($_POST["ticket_content"]) < 10){ $error=true; @@ -51,17 +52,20 @@ } $time = getTimeForlog(); $result = getInfo("member_id, member_firstname, member_lastname"); + echo $result["member_id"]."
    "; + echo $ticketId."
    "; $connection = connectDB(); $ticketContent = "".$result["member_firstname"]." ".$result["member_lastname"]." le ".$time." :
    ".$_POST["ticket_content"]."
    "; echo $ticketContent."
    "; - $query = $connection->prepare("INSERT INTO ticket(ticket_id,t_category,ticket_label,ticket_content, member,ticket_date,state, last_update) VALUES(:id, :category, :label, :ticket_content, :member, NOW(), :state, NOW())"); + $query = $connection->prepare("INSERT INTO ticket(ticket_id,t_category,ticket_label,ticket_content, member,ticket_date,state, last_update, author_last_update) VALUES(:id, :category, :label, :ticket_content, :member, NOW(), :state, NOW(), :author_last_update)"); $query->execute([ "id"=>$ticketId, "category"=>$_POST["t_category"], "label"=>$_POST["ticket_label"], "ticket_content"=>$ticketContent, "member"=> $result["member_id"], - "state"=>0 + "state"=>0, + "author_last_update"=>$result["member_id"] ]); $_SESSION["ticketSubmitted"] = true; diff --git a/script/updateTicket.php b/script/updateTicket.php index b20689b..25962c7 100644 --- a/script/updateTicket.php +++ b/script/updateTicket.php @@ -22,12 +22,13 @@ $time = getTimeForLog(); $userInfo = getInfo("member_id, member_lastname, member_firstname"); $connection = connectDB(); - $query = $connection->prepare("UPDATE ticket SET state= :status, ticket_content= :content, last_update= NOW() WHERE member= :member_id AND ticket_id= :id"); + $query = $connection->prepare("UPDATE ticket SET state= :status, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE member= :member_id AND ticket_id= :id"); $query->execute([ "status"=>1, - "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a fermé le ticket le ".$time."
    ", + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a fermé le ticket le ".$time."
    ", "member_id"=>$userInfo["member_id"], - "id"=>$_POST["closeTicket"] + "id"=>$_POST["closeTicket"], + "author_last_update"=>$userInfo["member_id"] ]); header("Location: ../userTicket.php?ticket_id=".$_POST["closeTicket"]); @@ -40,16 +41,17 @@ $_SESSION["ticketError"] = true; header("Location: ../userTicket.php"); } - - elseif(strlen($_POST["updateTicket"]) > 10 || strlen($_POST["updateTicket"]) < 1000){ + elseif((strlen($_POST["updateTicket"]) > 10 || strlen($_POST["updateTicket"]) < 1000) && $ticket["state"] == 0){ + $_POST["updateTicket"] = trim($_POST["updateTicket"]); $time = getTimeForLog(); $userInfo = getInfo("member_id, member_lastname, member_firstname"); $connection = connectDB(); - $query = $connection->prepare("UPDATE ticket SET ticket_content= :content, last_update= NOW() WHERE member= :member_id AND ticket_id= :id"); + $query = $connection->prepare("UPDATE ticket SET ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE member= :member_id AND ticket_id= :id"); $query->execute([ "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." le ".$time." :
    ".$_POST["updateTicket"]."
    ", "member_id"=>$userInfo["member_id"], - "id"=>$_POST["ticketId"] + "id"=>$_POST["ticketId"], + "author_last_update"=>$userInfo["member_id"] ]); header("Location: ../userTicket.php?ticket_id=".$_POST["ticketId"]); @@ -58,8 +60,7 @@ else{ $_SESSION["postForm"] = $_POST["updateTicket"]; $_SESSION["errorUpdateTicket"] = true; - echo strlen($_POST["updateTicket"]); - //header("Location: ../userTicket.php?ticket_id=".$_POST["ticketId"]); + header("Location: ../userTicket.php?ticket_id=".$_POST["ticketId"]); } } @@ -79,12 +80,13 @@ $time = getTimeForLog(); $userInfo = getInfo("member_id,member_firstname,member_lastname"); $connection = connectDB(); - $query = $connection->prepare("UPDATE TICKET set state= :state, ticket_content= :content, last_update= NOW() WHERE member= :member_id AND ticket_id= :id"); + $query = $connection->prepare("UPDATE TICKET set state= :state, ticket_content= :content, last_update= NOW(), author_last_update= :author_last_update WHERE member= :member_id AND ticket_id= :id"); $query->execute([ "state"=>0, - "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a réouvert le ticket le".$time."
    ", + "content"=>$ticket["ticket_content"]."
    ".$userInfo["member_firstname"]." ".$userInfo["member_lastname"]." a réouvert le ticket le ".$time."
    ", "member_id"=>$userInfo["member_id"], - "id"=>$_POST["reopenTicket"] + "id"=>$_POST["reopenTicket"], + "author_last_update"=>$userInfo["member_id"] ]); header("Location: ../userTicket.php?ticket_id=".$_POST["reopenTicket"]); @@ -93,5 +95,5 @@ else{ $_SESSION["ticketError"] = true; - //header("Location: ../userTicket.php"); + header("Location: ../userTicket.php"); } \ No newline at end of file diff --git a/script/updateUser.php b/script/updateUser.php index 5acd872..b4a2761 100644 --- a/script/updateUser.php +++ b/script/updateUser.php @@ -7,105 +7,98 @@ //print_r( $_SESSION ); //echo ""; //die(); -$db = connectDB(); if (count($_POST) == 5) { //values not empty - - $errorInfo = false; - $listOfErrorsInfo = []; - - //clean values - $_POST["firstname"] = ucfirst(trim(mb_strtolower($_POST["firstname"]))); - $_POST["lastname"] = trim(strtoupper($_POST["lastname"])); - $_POST["email"] = trim(mb_strtolower($_POST["email"])); - $_POST["address"] = trim(mb_strtoupper($_POST["address"])); - - if (empty($_POST["lastname"]) - || empty($_POST["firstname"]) - || empty($_POST["email"]) - || empty($_POST["address"]) - || empty($_POST["zipcode"])) + if (!empty($_POST["lastname"]) + && !empty($_POST["firstname"]) + && !empty($_POST["email"]) + && !empty($_POST["address"]) + && !empty($_POST["zipcode"])) { - $errorInfo = true; - $listOfErrorsInfo[] = 7; - } + $errorInfo = false; + $listOfErrorsInfo = []; +// $regexAddress = "#^[1-9][0-9]?[0-9]?*[a-z]$#i"; +// $address = $_POST["address"]; - if (empty($_POST["lastname"]) || empty($_POST["firstname"]) - || empty($_POST["email"]) || empty($_POST["address"]) || empty($_POST["zipcode"])) - { - $errorInfo = true; - $listeOfErrorsInfo[] = 7; - } + //clean values + $_POST["firstname"] = ucfirst(trim(mb_strtolower($_POST["firstname"]))); + $_POST["lastname"] = trim(strtoupper($_POST["lastname"])); + $_POST["email"] = trim(mb_strtolower($_POST["email"])); + $_POST["address"] = trim(mb_strtoupper($_POST["address"])); - if (!verif_alpha($_POST["lastname"])){ - $errorInfo = true; - $listOfErrorsInfo[] = 8; - } - if (!verif_alpha($_POST["firstname"])){ - $errorInfo = true; - $listOfErrorsInfo[] = 9; - } - //lastname : min 2 max 50 - if (strlen($_POST["lastname"]) < 2 || strlen($_POST["lastname"]) > 50) { - $errorInfo = true; - $listOfErrorsInfo[] = 1; - } - //firstname : min 2 max 32 - if (strlen($_POST["firstname"]) < 2 || strlen($_POST["firstname"]) > 32) { - $errorInfo = true; - $listOfErrorsInfo[] = 2; - } - //email : format valide - if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { - $errorInfo = true; - $listOfErrorsInfo[] = 3; - } else {//verifie que l'email n'existe pas déja - $query = $db->prepare("SELECT 1 FROM member WHERE member_email = :email AND member_id <> :id;"); - $query->execute([ - "email" => $_POST["email"], - "id"=>$_SESSION["id"] - ]); - $result = $query->fetch(); - if (!empty($result)) { + if (!verif_alpha($_POST["lastname"])){ $errorInfo = true; - $listOfErrorsInfo[] = 6; + $listOfErrorsInfo[] = 8; + } + if (!verif_alpha($_POST["firstname"])){ + $errorInfo = true; + $listOfErrorsInfo[] = 9; + } + //lastname : min 2 max 50 + if (strlen($_POST["lastname"]) < 2 || strlen($_POST["lastname"]) > 50 || is_numeric($_POST["lastname"])) { + $errorInfo = true; + $listOfErrorsInfo[] = 1; + } + //firstname : min 2 max 32 + if (strlen($_POST["firstname"]) < 2 || strlen($_POST["firstname"]) > 32 || is_numeric($_POST["firstname"])) { + $errorInfo = true; + $listOfErrorsInfo[] = 2; + } + //email : format valide + if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) { + $errorInfo = true; + $listOfErrorsInfo[] = 3; + } else {//verifie que l'email n'existe pas déja + $db=connectDB(); + $query = $db->prepare("SELECT 1 FROM member WHERE member_email = :email"); + $query->execute(["email" => $_POST["email"]]); + $result = $query->fetch(); + if (!empty($result)) { + $errorInfo = true; + $listOfErrorsInfo[] = 6; + } } - } // if (preg_match($regexAddress, $address) != 1){ // $errorInfo = true; // $listOfErrorsInfo["address"] = 4; // // } - if (!is_numeric($_POST["zipcode"]) || strlen($_POST["zipcode"]) != 5) { - $errorInfo = true; - $listOfErrorsInfo[] = 5; - } - if ($errorInfo) { + if (!is_numeric($_POST["zipcode"]) || strlen($_POST["zipcode"]) != 5) { + $errorInfo = true; + $listOfErrorsInfo[] = 5; + } + if ($errorInfo) { + $_SESSION["update"] = false; + $_SESSION["errorFormInfo"] = $listOfErrorsInfo; + $_SESSION["postFormInfo"] = $_POST; + header("Location: ../userSettings.php"); + } else { + $query = $db->prepare("UPDATE member + SET member_lastname = :lastname, + member_firstname = :firstname, + member_email = :email, + member_address = :address, + member_zip_code = :zipcode + WHERE member_id = :id AND member_token = :token;"); + $query->execute([ + "lastname" => $_POST["lastname"], + "firstname" => $_POST["firstname"], + "email" => $_POST["email"], + "address" => $_POST["address"], + "zipcode" => $_POST["zipcode"], + "id" => $_SESSION["id"], + "token" => $_SESSION["token"], + ]); + header("Location: ../userSettings.php"); + } + }else{ + $listeOfErrorsInfo[] = 7; $_SESSION["update"] = false; - $_SESSION["errorFormInfo"] = $listOfErrorsInfo; + $_SESSION["errorFormInfo"] = $listeOfErrorsInfo; $_SESSION["postFormInfo"] = $_POST; header("Location: ../userSettings.php"); - } else { - $query = $db->prepare("UPDATE member - SET member_lastname = :lastname, - member_firstname = :firstname, - member_email = :email, - member_address = :address, - member_zip_code = :zipcode - WHERE member_id = :id AND member_token = :token;"); - $query->execute([ - "lastname" => $_POST["lastname"], - "firstname" => $_POST["firstname"], - "email" => $_POST["email"], - "address" => $_POST["address"], - "zipcode" => $_POST["zipcode"], - "id" => $_SESSION["id"], - "token" => $_SESSION["token"], - ]); - header("Location: ../userSettings.php"); } }else{ - die("Tentative de hack"); + die("Tentative de hack"); } - diff --git a/signup.php b/signup.php index c8a3425..e234780 100644 --- a/signup.php +++ b/signup.php @@ -3,6 +3,13 @@ require_once "conf.inc.php"; require_once "functions.php"; +if (count($_POST) == 2 && isset($_POST["emailConnect"]) && isset($_POST["pwdConnect"])) { + $_SESSION["emailConnect"] = strtolower($_POST["emailConnect"]); + $_SESSION["pwdConnect"] = $_POST["pwdConnect"]; + connectUser(); + +} + if(isset($_SESSION["connexionNeeded"])){ echo "

    ".$_SESSION["connexionNeeded"]."

    "; unset($_SESSION["connexionNeeded"]); @@ -10,7 +17,7 @@ ?>
    -
    +

    S'inscrire

    + +
    +

    Se connecter

    + +
    +
    + + + + +
    + + +
    + + +
    + + + + +
    + +
    +