Skip to content

Commit

Permalink
resolved error form issues
Browse files Browse the repository at this point in the history
  • Loading branch information
@chukitipok
chukitipok committed Apr 21, 2018
1 parent 17fedf2 commit b911584
Show file tree
Hide file tree
Showing 5 changed files with 265 additions and 186 deletions.
5 changes: 4 additions & 1 deletion conf.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,13 +32,16 @@
4=>"L'adresse n'est pas valide",
5=>"Le code postal n'est pas valide",
6=>"L'email existe déjà",
7=>"Tous les champs doivent être remplis"
7=>"Tous les champs doivent être remplis",
8=>"Le nom est invalide",
9=>"Le prénom est invalide"
];

$listOfErrorsPwd = [
1=>"Le mot de passe ne correspond pas au mot de passe actuel",
2=>"Le mot de passe doit faire entre 8 et 20 caractères",
3=>"Le mot de passe de confirmation ne correspond pas",
4=>"Tous les champs doivent être remplis"
];

$categoryOfContact = [
Expand Down
41 changes: 23 additions & 18 deletions functions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,38 +66,43 @@ function Location(){
}
}

function connectUser(){

$connection = connectDB();
function connectUser()
{
$connection = connectDB();
$query = $connection->prepare("SELECT * FROM member WHERE member_email = :email;");
$query->execute([
"email" => $_SESSION["emailConnect"]
]);
$result = $query->fetch();
if($result["member_status"] == 3){
session_unset();
session_destroy();
if ($result["member_status"] == 3) {
session_unset();
session_destroy();
echo "Ce compte est bannit";
}

elseif (password_verify($_SESSION["pwdConnect"], $result["member_password"])) {
} elseif (password_verify($_SESSION["pwdConnect"], $result["member_password"])) {
$_SESSION["auth"] = true;
$_SESSION["id"] = $result["member_id"];
$_SESSION["token"] = createToken();
$query = $connection->prepare("UPDATE member SET member_token = :token WHERE member_id = :id;");
$query->execute([
"token"=>$_SESSION["token"],
"id"=>$_SESSION["id"]
"token" => $_SESSION["token"],
"id" => $_SESSION["id"]
]);
unset($_SESSION["pwdConnect"]);
unset($_SESSION["emailConnect"]);
return location();
}

else{
echo "NOK";
$file = fopen('log.txt', 'a+');
fwrite($file, $_POST["emailConnect"] . " -> " . $_POST["pwdConnect"] . "\r\n");
fclose($file);
} else {
echo "NOK";
$file = fopen('log.txt', 'a+');
fwrite($file, $_POST["emailConnect"] . " -> " . $_POST["pwdConnect"] . "\r\n");
fclose($file);
}
}

function verif_alpha($str){
preg_match("/([^A-Za-z])/",$str,$result);
//On cherche tt les caractères autre que [A-z]
if(!empty($result)){//si on trouve des caractère autre que A-z
return false;
}
return true;
}
7 changes: 6 additions & 1 deletion script/changePwd.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,13 @@
]);
header("Location: ../userSettings.php");
}
}else
}else {
$listeOfErrorsPwd[] = 4;
$_SESSION["changePwd"] = false;
$_SESSION["errorFormPwd"] = $listeOfErrorsPwd;
$_SESSION["postFormPwd"] = $_POST;
header("Location: ../userSettings.php");
}
}else{
die("Tentative hack");
}
Expand Down
137 changes: 81 additions & 56 deletions script/updateUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,69 +6,94 @@
$db = connectDB();

if (count($_POST) == 5) {
//values not empty
if (!empty($_POST["lastname"])
&& !empty($_POST["firstname"])
&& !empty($_POST["email"])
&& !empty($_POST["address"])
&& !empty($_POST["zipcode"]))
{
$errorInfo = false;
$listOfErrorsInfo = [];
// $regexAddress = "#^[1-9][0-9]?[0-9]?*[a-z]$#i";
// $address = $_POST["address"];

$errorInfo = false;
$listOfErrorsInfo = [];

//clean values
$_POST["PRENOM"] = ucfirst(trim(mb_strtolower($_POST["PRENOM"])));
$_POST["NOM"] = trim(strtoupper($_POST["NOM"]));
$_POST["EMAIL"] = trim(mb_strtolower($_POST["EMAIL"]));
$_POST["ADRESSE"] = trim(mb_strtoupper($_POST["ADRESSE"]));
//clean values
$_POST["firstname"] = ucfirst(trim(mb_strtolower($_POST["firstname"])));
$_POST["lastname"] = trim(strtoupper($_POST["lastname"]));
$_POST["email"] = trim(mb_strtolower($_POST["email"]));
$_POST["address"] = trim(mb_strtoupper($_POST["address"]));

//values not empty
if (empty($_POST["NOM"]) || empty($_POST["PRENOM"]) || empty($_POST["EMAIL"]) || empty($_POST["ADRESSE"]) || empty($_POST["CODE"])) {
$errorInfo = true;
$listOfErrorsInfo[] = 7;
}
//firstname : min 2 max 32
if (strlen($_POST["PRENOM"]) < 2 || strlen($_POST["PRENOM"]) > 32 || is_numeric($_POST["PRENOM"])) {
$errorInfo = true;
$listOfErrorsInfo[] = 2;
}
//lastname : min 2 max 50
if (strlen($_POST["NOM"]) < 2 || strlen($_POST["NOM"]) > 50 || is_numeric($_POST["NOM"])) {
$errorInfo = true;
$listOfErrorsInfo[] = 1;
}
//email : format valide
if (!filter_var($_POST["EMAIL"], FILTER_VALIDATE_EMAIL)) {
$errorInfo = true;
$listOfErrorsInfo[] = 3;
} else {//verifie que l'email n'existe pas déja
$query = $db->prepare("SELECT 1 FROM member WHERE EMAIL = :email");
$query->execute(["email" => $_POST["EMAIL"]]);
$result = $query->fetch();
if (!empty($result)) {
if (!verif_alpha($_POST["lastname"])){
$errorInfo = true;
$listOfErrorsInfo[] = 6;
$listOfErrorsInfo[] = 8;
}
}
if (!is_numeric($_POST["CODE"]) || strlen($_POST["CODE"]) != 5){
$errorInfo = true;
$listOfErrorsInfo[] = 5;
}
if ($errorInfo) {
if (!verif_alpha($_POST["firstname"])){
$errorInfo = true;
$listOfErrorsInfo[] = 9;
}
//lastname : min 2 max 50
if (strlen($_POST["lastname"]) < 2 || strlen($_POST["lastname"]) > 50 || is_numeric($_POST["lastname"])) {
$errorInfo = true;
$listOfErrorsInfo[] = 1;
}
//firstname : min 2 max 32
if (strlen($_POST["firstname"]) < 2 || strlen($_POST["firstname"]) > 32 || is_numeric($_POST["firstname"])) {
$errorInfo = true;
$listOfErrorsInfo[] = 2;
}
//email : format valide
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$errorInfo = true;
$listOfErrorsInfo[] = 3;
} else {//verifie que l'email n'existe pas déja
$query = $db->prepare("SELECT 1 FROM member WHERE email = :email");
$query->execute(["email" => $_POST["email"]]);
$result = $query->fetch();
if (!empty($result)) {
$errorInfo = true;
$listOfErrorsInfo[] = 6;
}
}
// if (preg_match($regexAddress, $address) != 1){
// $errorInfo = true;
// $listOfErrorsInfo["address"] = 4;
//
// }
if (!is_numeric($_POST["zipcode"]) || strlen($_POST["zipcode"]) != 5) {
$errorInfo = true;
$listOfErrorsInfo[] = 5;
}
if ($errorInfo) {
$_SESSION["update"] = false;
$_SESSION["errorFormInfo"] = $listOfErrorsInfo;
$_SESSION["postFormInfo"] = $_POST;
header("Location: ../userSettings.php");
} else {
$query = $db->prepare("UPDATE member
SET member_lastname = :lastname,
member_firstname = :firstname,
member_email = :email,
member_address = :address,
member_zip_code = :zipcode
WHERE member_id = :id AND member_token = :token;");
$query->execute([
"lastname" => $_POST["lastname"],
"firstname" => $_POST["firstname"],
"email" => $_POST["email"],
"address" => $_POST["address"],
"zipcode" => $_POST["zipcode"],
"id" => $_SESSION["id"],
"token" => $_SESSION["token"],
]);
header("Location: ../userSettings.php");
}
}else{
$listeOfErrorsInfo[] = 7;
$_SESSION["update"] = false;
$_SESSION["errorFormInfo"] = $listOfErrorsInfo;
$_SESSION["errorFormInfo"] = $listeOfErrorsInfo;
$_SESSION["postFormInfo"] = $_POST;
header("Location: ../userSettings.php");
} else {
$query = $db->prepare("UPDATE member
SET member_lastname = :lastname,
member_firstname = :firstname,
member_email = :email,
member_zip_code = :zip_code
WHERE member_id = :id AND member_token = :token;");
$query->execute([
"lastname" => $_POST["NOM"],
"firstname" => $_POST["PRENOM"],
"email" => $_POST["EMAIL"],
"zip_code" => $_POST["CODE"],
"id" => $_SESSION["id"],
"token" => $_SESSION["token"],
]);
header("Location: ../userSettings.php");
}
}else {
die("Tentative de hack");
Expand Down
Loading

0 comments on commit b911584

Please sign in to comment.