commit 99b780ba034f88db98e01b53144ed3d4b8b4f606
Author: adriy <>
Date:   Sun May 21 14:59:04 2017 +0200

    first commit

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4f4773f
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+config.php
diff --git a/config.php.sample b/config.php.sample
new file mode 100644
index 0000000..5cb0ab5
--- /dev/null
+++ b/config.php.sample
@@ -0,0 +1,15 @@
+<?php
+
+return array(
+    'host' => 'localhost',
+    'username' => 'root',
+    'password' => 'root',
+    'dbname' => 'root',
+    'timestampDeadLine' => 1488229200,
+    'IP_LOCAL' => '192.168.0.86',
+    'recaptcha_private' => '',
+    'recaptcha_public' => '',
+    'main_pw' => '1223T',
+);
+
+?>
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..8988bee
--- /dev/null
+++ b/index.php
@@ -0,0 +1,249 @@
+<?php
+session_start();
+date_default_timezone_set("Europe/Brussels");
+$config = include('config.php');
+
+$timestampDeadLine = $config['timestampDeadLine'];
+$_SESSION['deadLine'] = (time()>$timestampDeadLine)?1:0;
+
+if(isset($_SESSION['accesOk']) || $_SERVER['HTTP_HOST'] == $config['IP_LOCAL'])
+{
+  try
+  {
+      $bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbname'].';charset=utf8', $config['username'], $config['password']);
+  }
+  catch (Exception $e)
+  {
+          die('Erreur : ' . $e->getMessage());
+  }
+  ?>
+  <!doctype html>
+  <html lang="fr">
+  <head>
+    <meta charset="utf-8">
+    <title>Titre de la page</title>
+    <link rel="stylesheet" href="style.css">
+    <script src="script.js"></script>
+    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+
+  </head>
+  <body>
+    <div id="error" style="background-color:red"></div>
+    <?php
+    if(isset($_SESSION['idEtudiant']))
+    {
+      $sommeParEtudian = array();
+      $idEtudianMax = 0;
+      echo "<strong><div style='color:red'>BETA</div></strong><br>";
+      echo "<h1>".$_SESSION['nomPanier'];
+      if($_SESSION['deadLine'])
+        echo "(Dead Line passée)";
+      echo "</h1>";
+      echo "Dead Line : ".date('d/m/y H:i', $timestampDeadLine)."<br/><br/>";
+    ?>
+    <input type="button" onclick="logout()" value="Se Deconnecter" style="float:right"/>
+        <table id="ownCMD">
+          <tr><th colspan="6">Ma commande (<?php echo $_SESSION["pseudo"]; ?>)</th></tr>
+          <tr><th>ref</th><th>Description</th><th>Prix</th><th>Quantité</th><th>Prix totale</th></tr>
+          <?php
+          $ssTotal = 0;
+            $rep = $bdd->query('SELECT * FROM panier WHERE idEtudiant='.$_SESSION['idEtudiant'].' AND panierId='.$_SESSION['panierId']); //vas chercher les produit de l'etudiant
+            while ($data = $rep->fetch())
+            {
+              $rep2 = $bdd->query('SELECT * FROM article WHERE id='.$data['idArticle'].' AND panierId='.$_SESSION['panierId']);
+              $data2 = $rep2->fetch();
+              if($data['nombre'] > 0)
+              {
+               ?>
+              <tr><td><?php echo $data2['ref'];?></td><td><?php echo $data2['description']; ?></td><td><?php echo $data2['prix']; ?>€</td><td><input type="number" name="need" value="<?php echo $data['nombre'];
+                ?>" onchange="updatePanier(<?php echo $data['id'];?>, this,0)"/></td><td><?php echo ($data2['prix']*$data['nombre']); ?>€</td><tr>
+                  <?php
+                  $ssTotal = $ssTotal + ($data2['prix']*$data['nombre']);
+              }
+            }
+            if(!$_SESSION['deadLine'])
+            { ?>
+          <tr id="addArticle"><td><input type="text" name="ref"class="col"  id="ref" placeholder="Ref." /></td>
+              <td><input type="text" name="description" class="col" id="description" placeholder="Description" /></td>
+              <td><input type="number" name="prix" class="col" id="prix" placeholder="Prix" step="0.01"/></td>
+              <td><input type="number" name="quantite" class="col" id="quantite" placeholder="Quantité" /></td>
+              <td class="prix tot"></td><tr>
+          <tr><td colspan="7"><input type="button" value="ajouter" onclick="sendForm()"/></td></tr><?php } ?>
+        </table>
+        Sous total HTVA : <?php echo $ssTotal; ?><br />
+        Sous total TTC (21%) : <?php echo $ssTotal*1.21; ?><br />
+      <br>
+      <table id="grpCMD">
+        <tr><th colspan="7">Commande de groupe</th></tr>
+        <tr><th>ref</th><th>Description</th><th>Prix</th><th>Quantité</th><th>Prix totale</th><th>J'en veux</th><th>Etudiant qui a commander</th><tr>
+        <?php
+          $rep = $bdd->query('SELECT * FROM article WHERE panierId='.$_SESSION['panierId']); //va chercher tt les article
+          $ssTotal = 0;
+          while ($data = $rep->fetch())
+          {
+
+            $rep2 = $bdd->query('SELECT * FROM panier WHERE idArticle='.$data['id']); //chercher les elem du panier qui appartienne a l'article en cours
+            $nbr = 0;
+            $meNbr = 0;
+            $student = "";
+            while($data2 = $rep2->fetch())
+            {
+
+              //if($data2['idEtudiant'] == $_SESSION['idEtudiant'])
+                //$meNbr = $data2['nombre'];
+              //$nbr = $nbr+$data2['nombre'];
+              if($data2['nombre']>0)
+              {
+                  $rep3 = $bdd->query('SELECT * FROM etudiant WHERE id='.$data2['idEtudiant']); //Va voir le nom etudiant qui le commande
+                  $data3 = $rep3->fetch();
+                  if($data3['enable'])
+                  {
+
+                  	if($data2['idEtudiant'] == $_SESSION['idEtudiant'])
+                    	$meNbr = $data2['nombre'];
+                  	$nbr = $nbr+$data2['nombre'];
+
+                   $student = $student."".$data3['pseudo']."(".$data2['nombre']."); ";
+                    if(isset($sommeParEtudian[$data3['id']]['somme']))
+                    {
+                      $sommeParEtudian[$data3['id']]['somme'] += $data['prix']*$data2['nombre'];
+                    }
+                    else
+                    {
+                      $sommeParEtudian[$data3['id']]['somme'] = $data['prix']*$data2['nombre'];
+                      $sommeParEtudian[$data3['id']]['pseudo'] = $data3['pseudo'];
+                      if($data3['id']>$idEtudianMax)
+                        $idEtudianMax = $data3['id'];
+                    }
+                  }
+                  else
+                  {
+
+                    if(isset($sommeParEtudian[$data3['id']]['somme']))
+                    {
+                      $sommeParEtudian[$data3['id']]['somme'] += $data['prix']*$data2['nombre'];
+                    }
+                    else
+                    {
+                      $sommeParEtudian[$data3['id']]['somme'] = $data['prix']*$data2['nombre'];
+                      $sommeParEtudian[$data3['id']]['pseudo'] = $data3['pseudo'].'<span style="color:red">(NP)</span>';
+                      if($data3['id']>$idEtudianMax)
+                        $idEtudianMax = $data3['id'];
+                    }
+
+
+                  }
+                }
+
+            };
+            $ssTotal = $ssTotal + ($data['prix']*$nbr);
+            if($_SESSION['deadLine'] && $nbr > 0 || !$_SESSION['deadLine'])
+            {
+            ?>
+
+            <tr><td><?php echo $data['ref']; ?></td><td><?php echo $data['description']; ?></td><td><?php echo $data['prix']; ?>€</td><td><?php echo $nbr; ?></td><td><?php echo ($data['prix']*$nbr); ?>€</td>
+              <td><input type="number" name="need" value="<?php echo $meNbr; ?>" onchange="updatePanier(<?php echo $data['id'];?>, this,1)"/></td><td><?php echo $student; ?></td><tr>
+              <?php
+            }
+        } ?>
+      </table>
+      Sous total HTVA : <?php echo $ssTotal; ?><br />
+      Sous total TTC (21%) : <?php echo $ssTotal*1.21; ?><br />
+
+      <br />
+      <table>
+        <tr><th colspan="3">Récapitulatif de la commande par étudiant</th><tr>
+        <tr><th>Pseudo</th><th>Prix HTVA</th><th>Prix TTC</th></tr>
+        <?php
+        for($i=0; $i<= $idEtudianMax ; $i++)
+        {
+          if(isset($sommeParEtudian[$i]['somme']))
+          {
+          //  var_dump($sommeParEtudian);
+            echo "<tr><td>".$sommeParEtudian[$i]['pseudo']."</td><td>".$sommeParEtudian[$i]['somme']."</td><td>".round($sommeParEtudian[$i]['somme']*1.21,2)."</td></tr>";
+          }
+        }
+         ?>
+      </table>
+
+    <?php
+    }
+    else {
+        echo "<strong><h1 style='color:red'>BETA</h1></strong>";
+        ?>
+
+        <form action="index.php#" method="post" onsubmit="return false">
+          <table><tr><td>Pseudo* :</td><td><input type="text" id="pseudo"/></td><tr>
+            <tr><td>Mot de passe (vous pouvez laisser vide)</td><td><input type="password" id="password"></td></tr>
+            <tr><td colspan="2"><input type="submit" value="se connecter" onclick="login();return false;"/></td></table>
+        </form>
+        <div id="status" style="float:right"></div>
+        <?php
+    } ?>
+    <!-- Le reste du contenu -->
+  </body>
+  </html>
+<?php
+}
+else if(isset($_POST['pw']))
+{
+  $ch = curl_init("");
+  $params=array('secret'=>urlencode($config['recaptcha_private']), 'response'=>urlencode($_POST['g-recaptcha-response']));
+  $defaults = array(
+  CURLOPT_URL => 'https://www.google.com/recaptcha/api/siteverify',
+  CURLOPT_POST => true,
+  CURLOPT_RETURNTRANSFER => true,
+  CURLOPT_POSTFIELDS => $params,
+  );
+  curl_setopt_array($ch, $defaults);
+  $data = curl_exec($ch);
+  $result = json_decode($data, true);
+  if($result["success"] && $_POST['pw']== $config['main_pw'])
+  {
+    $_SESSION['accesOk'] = "";
+    header("Refresh:0");
+  }
+  else {
+    ?>
+    <!doctype html>
+    <html lang="fr">
+    <head>
+      <meta charset="utf-8">
+      <title></title>
+      <script src='https://www.google.com/recaptcha/api.js'></script>
+
+
+    </head>
+    <body>
+      <form action="" method="post">
+      <input type="password" name="pw" />
+
+      <div class="g-recaptcha" data-sitekey="<?php echo $config['recaptcha_public'];?>"></div>
+      <input type="submit" />
+    </form>
+    </body>
+    <?php
+  }
+}
+else
+{
+?>
+
+<!doctype html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <title></title>
+  <script src='https://www.google.com/recaptcha/api.js'></script>
+
+
+</head>
+<body>
+  <form action="" method="post">
+  <input type="password" name="pw" />
+
+  <div class="g-recaptcha" data-sitekey="<?php echo $config['recaptcha_public'];?>"></div>
+  <input type="submit" />
+</form>
+</body>
+<?php } ?>
diff --git a/post.php b/post.php
new file mode 100644
index 0000000..df471e5
--- /dev/null
+++ b/post.php
@@ -0,0 +1,151 @@
+<?php
+ini_set('display_errors', 1);
+ini_set('display_startup_errors', 1);
+error_reporting(E_ALL);
+session_start();
+$config = include('config.php');
+$deadLine = $_SESSION['deadLine'];
+
+try
+{
+    $bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbname'].';charset=utf8', $config['username'], $config['password']);
+}
+catch (Exception $e)
+{
+        die('Erreur : ' . $e->getMessage());
+}
+if(isset($_POST['quant']) && isset($_POST['ref']) && isset($_POST['description']) && isset($_POST['prix']) && !$deadLine)
+{
+  $req = $bdd->prepare('SELECT * FROM article WHERE ref=:ref');
+  $data = $req->execute(array(
+    'ref' => $_POST['ref']
+  ));
+  $id;
+  $data = $req->fetch();
+  if(isset($data['ref']))
+  {
+    $req = $bdd->prepare('UPDATE panier SET nombre=:nbr WHERE id=:id');
+    $req->execute(array(
+      'nbr' => $_POST['quant'],
+      'id' => $data['id']
+    ));
+  }
+  else
+  {
+    $req = $bdd->prepare('INSERT INTO article(ref, description, prix, panierId) VALUES(:ref, :description, :prix, :panierId)');
+    $req->execute(array(
+      'ref' => $_POST["ref"],
+      'description' => $_POST['description'],
+      'prix' => $_POST['prix'],
+      'panierId' => $_SESSION['panierId']
+      ));
+
+    $id = $bdd->lastInsertId();
+    $req = $bdd->prepare('INSERT INTO panier(idEtudiant, idArticle, nombre, panierId) VALUES(:idEtudiant, :idAdrticle, :nombre, :panierId)');
+    $req->execute(array(
+      'idEtudiant' => $_SESSION["idEtudiant"],
+      'idAdrticle' => $id,
+      'nombre' => $_POST['quant'],
+      'panierId' => $_SESSION['panierId']
+      ));
+  }
+
+}
+else if(isset($_POST['user']) && isset($_POST['pw']))
+{
+    $req = $bdd->prepare('SELECT * FROM  etudiant WHERE lower(pseudo)=:pseudo');
+    $data = $req->execute(array(
+      'pseudo' => strtolower($_POST['user'])
+    ));
+    $data = $req->fetch();
+    if($data)
+    {
+      if($data['pw'] == (empty($_POST['pw'])?'':md5($_POST['pw'])))
+      {
+        $_SESSION['idEtudiant'] = $data['id'];
+        $_SESSION['pseudo'] = $data['pseudo'];
+        $_SESSION['admin'] = $data['admin'];
+        $_SESSION['panierId'] = 1;
+        $_SESSION['nomPanier'] = "farnell projet 1";
+        echo json_encode(array('loggin'=> '1'));
+      }
+      else
+      {
+        echo json_encode(array('loggin'=> '2'));
+      }
+    }
+    else
+    {
+      $req = $bdd->prepare('INSERT INTO etudiant(pseudo,pw) VALUE(:pseudo,:pw)');
+      $req->execute(array(
+        'pseudo' => htmlspecialchars($_POST['user']),
+        'pw' => empty($_POST['pw'])?'':md5($_POST['pw'])
+      ));
+      $id = $bdd->lastInsertId();
+      $_SESSION['idEtudiant'] = $id;
+      $_SESSION['admin'] = 0;
+      $_SESSION['pseudo'] = $_POST['user'];
+      $_SESSION['admin'] = 0;
+      $_SESSION['panierId'] = 1;
+      $_SESSION['nomPanier'] = "farnell projet 1";
+      echo json_encode(array('loggin'=> '3'));
+    }
+}
+else if(isset($_POST['quant']) && !$deadLine){
+  if(isset($_POST['idarticle'])) //Pour ma commande j'envois un id
+  {
+    $req = $bdd->prepare('SELECT * FROM panier WHERE id=:id');
+    $rep = $req->execute(array(
+      'id' => $_POST['idarticle']
+    ));
+    $data = $req->fetch();
+    if(isset($data['idEtudiant']) && $data['idEtudiant'] == $_SESSION['idEtudiant'])//C'est bien le bonne etudiant
+    {
+      $req = $bdd->prepare('UPDATE panier SET nombre=:nbr WHERE id=:id');
+      $req->execute(array(
+        'nbr' => $_POST['quant'],
+        'id' => $_POST['idarticle']
+      ));
+    }
+    else {
+      echo json_encode("err");
+    }
+  }
+  else if(isset($_POST['refId']))//quand je passe par la commande globale je passe par la identifiant de la ref
+  {
+    $req = $bdd->prepare('SELECT * FROM panier WHERE idArticle=:refId AND idEtudiant=:idEtudiant');//Tchek si l'etudiant a déja l'article
+    $rep = $req->execute(array(
+      'refId' => $_POST['refId'],
+      'idEtudiant' => $_SESSION['idEtudiant']
+    ));
+    $data = $req->fetch();
+    if($data)
+    {
+      $req = $bdd->prepare('UPDATE panier SET nombre=:nbr WHERE id=:id');
+      $req->execute(array(
+        'nbr' => $_POST['quant'],
+        'id' => $data['id']
+      ));
+    }
+    else {
+      $req = $bdd->prepare('INSERT INTO panier(idEtudiant, idArticle, nombre, panierId) VALUES(:idEtudiant, :idAdrticle, :nombre, :panierId)');
+      $req->execute(array(
+      	'idEtudiant' => $_SESSION["idEtudiant"],
+      	'idAdrticle' => $_POST['refId'],
+      	'nombre' => $_POST['quant'],
+      	'panierId' => $_SESSION['panierId']
+      	));
+    }
+  }
+}
+else if(isset($_POST['quant']) && $deadLine)
+{
+  http_response_code(401);
+  echo "N'est plus autorisé ! DeadLine Dépaséé !";
+}
+else {
+  session_destroy();
+  session_start();
+  $_SESSION['accesOk'] = "";
+}
+?>