register+login with secur ok

This commit is contained in:
adri 2019-01-02 19:50:36 +01:00
parent 227827b913
commit 100b22a0c1
9 changed files with 66 additions and 97 deletions

View File

@ -4,21 +4,18 @@ if (session_status() == PHP_SESSION_NONE) {
session_start(); session_start();
} }
$template = $twig->load('login.html.twig');
echo $template->render(array());
if(isset($_POST["login"], $_POST["pw"])) if(isset($_POST["login"], $_POST["pw"]))
{ {
try { try {
$config = include(SITE_ROOT.'config.php'); $config = include('../config.php');
$bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbName'].';charset=utf8', $config['username'], $config['pw']); $bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbName'].';charset=utf8', $config['username'], $config['pw']);
} catch (Exception $e) { } catch (Exception $e) {
die('Erreur : '.$e->getMessage()); die('Erreur : '.$e->getMessage());
} }
$req = $bdd->prepare('SELECT * FROM projetphp WHERE login = ? AND mot_de_passe = ?'); $req = $bdd->prepare('SELECT * FROM projetphp WHERE login = ? AND mot_de_passe = ?');
$req->exexute(array(htmlspecialchars($_POST["login"]),md5($_POST["pw"]))); $req->execute(array(htmlspecialchars($_POST["login"]),md5($_POST["pw"])));
if($req->rowCount() > 0) if($req->rowCount() > 0)
{ {
$data = $req->fetch(); $data = $req->fetch();
@ -29,5 +26,11 @@ if(isset($_POST["login"], $_POST["pw"]))
else else
echo json_encode((object)array("login"=>false)); echo json_encode((object)array("login"=>false));
} }
elseif(isset($twig)) {
$template = $twig->load('login.html.twig');
echo $template->render(array());
}
?> ?>

View File

@ -15,6 +15,6 @@ for($i=0;$data = $reponse->fetch();$i++) {
$datas[$i] = $data; $datas[$i] = $data;
} }
$reponse->closeCursor(); $reponse->closeCursor();
echo $template->render(array('datas' => $datas)); echo $template->render(array('datas' => $datas, "session" => $_SESSION));
?> ?>

View File

@ -6,6 +6,12 @@ error_reporting(E_ALL);
session_start(); session_start();
if(!isset($_SESSION["sl"]))
{
$_SESSION["sl"] = "1";
$_SESSION["login"] = "";
}
require_once SITE_ROOT.'/vendor/autoload.php'; require_once SITE_ROOT.'/vendor/autoload.php';
$loader = new Twig_Loader_Filesystem( SITE_ROOT.'/views'); $loader = new Twig_Loader_Filesystem( SITE_ROOT.'/views');
@ -23,12 +29,26 @@ if(isset($_GET["page"]))
include './control/login.php'; include './control/login.php';
break; break;
default: default:
include './control/table.php'; include './control/login.php';
break; break;
} }
} }
else { else {
if(isset($_SESSION["sl"]))
switch ($_SESSION["sl"]) {
case '5':
case '10':
include './control/table.php'; include './control/table.php';
break;
default:
if(!empty($_SESSION["login"]))
include './control/table.php';
else
include './control/login.php';
break;
}
else
include './control/login.php';
} }

View File

@ -1,40 +0,0 @@
<!--/*https://codepen.io/colorlib/pen/rxddKy*/-->
<html>
<head>
<link rel="stylesheet" href="//fonts.googleapis.com/css?family=Roboto:300,300italic,700,700italic">
<link rel="stylesheet" href="//cdn.rawgit.com/necolas/normalize.css/master/normalize.css">
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.6.3/css/all.css" integrity="sha384-UHRtZLI+pbxtHCWp1t77Bi1L4ZtiqrqD80Kn4Z8NTSRyMA2Fd33n5dQ8lWUE00s/" crossorigin="anonymous">
<script src="https://cdnjs.cloudflare.com/ajax/libs/sweetalert/2.1.2/sweetalert.min.js" integrity="sha256-KsRuvuRtUVvobe66OFtOQfjP8WA2SzYsmm4VPfMnxms=" crossorigin="anonymous"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
<link rel="stylesheet" href="./css/login.css" />
<!--My features-->
<link rel="stylesheet" href="style.css?<?php echo date('l jS \of F Y h:i:s A'); ?>">
<script src="script.js?<?php echo date('l jS \of F Y h:i:s A'); ?>"></script>
<script type="text/javascript">
$('.message a').click(function(){
$('form').animate({height: "toggle", opacity: "toggle"}, "slow");
});</script>
</head>
<body>
<div class="login-page">
<div class="form">
<form class="register-form">
<input type="text" placeholder="name"/>
<input type="password" placeholder="password"/>
<input type="text" placeholder="email address"/>
<button>create</button>
<p class="message">Already registered? <a href="#">Sign In</a></p>
</form>
<form class="login-form">
<input type="text" placeholder="username"/>
<input type="password" placeholder="password"/>
<button>login</button>
<button>Enter withouth login</button>
<p class="message">Not registered? <a href="#">Create an account</a></p>
</form>
</div>
</div>
</body>
</html>

View File

@ -1,5 +1,9 @@
<?php <?php
require_once("function.php"); require_once("function.php");
if (session_status() == PHP_SESSION_NONE) {
session_start();
}
//var_dump($_POST);
$emailPatern = '/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/'; $emailPatern = '/^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/';
$pwPatern = '/^[a-z]{8,16}$/'; $pwPatern = '/^[a-z]{8,16}$/';
$loginPatern = '/^[a-z]{8,16}$/'; $loginPatern = '/^[a-z]{8,16}$/';
@ -40,7 +44,7 @@ elseif (isset($_POST["newUser"],$_POST["datene"], $_POST["email"], $_POST["pw"])
} }
else else
{ {
$sl = isset($_POST["sl"])?$_POST["sl"]:"1"; $sl = isset($_POST["sl"])?$_POST["sl"]:"5";
$ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')); $ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'));
$req = $bdd->prepare('INSERT INTO `projetphp` (`login`, `date_naissance`, `e_mail`, `mot_de_passe`, `security_level`) VALUES (:login, :datene, :email, :pw, :slvl)'); $req = $bdd->prepare('INSERT INTO `projetphp` (`login`, `date_naissance`, `e_mail`, `mot_de_passe`, `security_level`) VALUES (:login, :datene, :email, :pw, :slvl)');
$req->execute(array( $req->execute(array(
@ -70,7 +74,7 @@ else if (isset($_POST["newUser"], $_POST["updatePW"], $_POST["datene"], $_POST["
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'), 'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'), 'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')), 'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'), 'sl' => ($_SESSION["sl"]=="10"?htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'):$_SESSION["sl"]),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'), 'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
)); ));
$req->closeCursor(); $req->closeCursor();
@ -81,7 +85,7 @@ $req->closeCursor();
$req->execute(array( $req->execute(array(
'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'), 'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'),
'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'), 'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'),
'sl' => htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'), 'sl' => ($_SESSION["sl"]=="10"?htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'):$_SESSION["sl"]),
'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'), 'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'),
)); ));
$req->closeCursor(); $req->closeCursor();

View File

@ -35,6 +35,13 @@ $(function() {
$('div', $(this).parent()).css("display", "block"); $('div', $(this).parent()).css("display", "block");
} }
}); });
$("body").on("keyup change", ".pw2 input", function() {
if ($(this).val() == $(".pw input").val()) {
$(this).css("background-color", "");
} else {
$(this).css("background-color", "red");
}
});
$("body").on("keyup change", ".email input", function() { $("body").on("keyup change", ".email input", function() {
if (mailPatern.test($(this).val())) { if (mailPatern.test($(this).val())) {
$(this).css("background-color", ""); $(this).css("background-color", "");
@ -151,7 +158,8 @@ $(function() {
className = j.attr('class'); className = j.attr('class');
if (className == "sl") { if (className == "sl") {
val = ltrim(j.html()); val = ltrim(j.html());
j.html('<select>\ opt = ($("#slVal").val()=="10"?"":"disabled")
j.html('<select '+opt+'>\
<option value="1" ' + (val == "1" ? 'selected' : '') + '>1</option>\ <option value="1" ' + (val == "1" ? 'selected' : '') + '>1</option>\
<option value="5" ' + (val == "5" ? 'selected' : '') + '>5</option>\ <option value="5" ' + (val == "5" ? 'selected' : '') + '>5</option>\
<option value="10" ' + (val == "10" ? 'selected' : '') + '>10</option>\ <option value="10" ' + (val == "10" ? 'selected' : '') + '>10</option>\

View File

@ -1,35 +0,0 @@
<?php
define('SITE_ROOT', dirname(__FILE__));
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
session_start();
require_once SITE_ROOT.'/vendor/autoload.php';
$loader = new Twig_Loader_Filesystem( SITE_ROOT.'/views');
$twig = new Twig_Environment($loader, array(
'cache' => /*SITE_ROOT.'/twig/compilation_cache'*/false,
));
if(isset($_GET["page"]))
{
switch ($_GET["page"]) {
case 'table':
include './control/table.php';
break;
case 'login':
include './control/login.php';
break;
default:
include './control/table.php';
break;
}
}
else {
include './control/table.php';
}
?>

View File

@ -8,7 +8,8 @@
<body> <body>
<div class="login-page"> <div class="login-page">
<div class="form"> <div class="form">
<form class="register-form"> <form class="register-form" action="./post.php" method="post">
<input type="hidden" name="newUser" value="true">
<div class="login"> <div class="login">
<div for="login"class="userExist infoRules">L'utilisateur existe déja !</div> <div for="login"class="userExist infoRules">L'utilisateur existe déja !</div>
<div for="login" class="ruleExcept infoRules">le login comporte entre 8 et 16 caractères parmi a..z</div> <div for="login" class="ruleExcept infoRules">le login comporte entre 8 et 16 caractères parmi a..z</div>
@ -19,15 +20,16 @@
<div class="pw"> <div class="pw">
<div for"pw" class="infoRules">le mot de passe comporte entre 8 et 16 caractères parmi a..z A..Z 0..9</div> <div for"pw" class="infoRules">le mot de passe comporte entre 8 et 16 caractères parmi a..z A..Z 0..9</div>
<input type="password" name="pw" placeholder="password"/></div> <input type="password" name="pw" placeholder="password"/></div>
<div class="pw"><input type="pw2" name="password2" placeholder="password"/></div> <div class="pw2"><input type="password" name="pw2" placeholder="retape password"/></div>
<button>create</button> <button class="createUser">create</button>
<p class="message">Already registered? <a href="#">Sign In</a></p> <p class="message">Already registered? <a href="#">Sign In</a></p>
</form> </form>
<form class="login-form"> <form class="login-form" action="./control/login.php" method="post">
<input type="text" placeholder="username"/> <input name="login" type="text" placeholder="username"/>
<input type="password" placeholder="password"/> <input name="pw" type="password" placeholder="password"/>
<button>login</button> <button>login</button>
<button>Enter withouth login</button> <button onclick="window.location.href='?page=table';return false;">Enter withouth login</button>
<p class="message">Not registered? <a href="#">Create an account</a></p> <p class="message">Not registered? <a href="#">Create an account</a></p>
</form> </form>
</div> </div>

View File

@ -5,6 +5,7 @@
<body> <body>
<input type="text" id="myInput" onkeyup="myFunction()" placeholder="Search for names.."> <input type="text" id="myInput" onkeyup="myFunction()" placeholder="Search for names..">
<input type="hidden" id="slVal" value="{{ session["sl"] }}" />
<table id="allRecord"> <table id="allRecord">
<thead> <thead>
<tr> <tr>
@ -13,7 +14,9 @@
<th>email</th> <th>email</th>
<th>PW</th> <th>PW</th>
<th>slvl</th> <th>slvl</th>
{% if (session["sl"] == "5" or session["sl"] == "10") %}
<th><i class="fas fa-cogs"></i></th> <th><i class="fas fa-cogs"></i></th>
{% endif %}
</tr> </tr>
</thead> </thead>
<tbody> <tbody>
@ -33,13 +36,17 @@
</td> </td>
<td class="sl"> <td class="sl">
{{ data["security_level"] }} {{ data["security_level"] }}
</td> </td>{% if (session["sl"] == "5" or session["sl"] == "10") %}
<td><i class="fas fa-edit click editUser"></i><i class="fas fa-trash-alt click delUser"></i></td> <td>{% if ((session["sl"] == "5" and session["login"] == data["login"]) or session["sl"] == "10") %}
<i class="fas fa-edit click editUser"></i><i class="fas fa-trash-alt click delUser"></i>
{% endif %}
</td>{% endif %}
</tr> </tr>
{% endfor %} {% endfor %}
{% if (session["sl"] == "10") %}
<tr rowspan="2"> <tr rowspan="2">
<td colspan="6" style="text-align:center"><i class="fas fa-user-plus fa-4x click"></i></td> <td colspan="6" style="text-align:center"><i class="fas fa-user-plus fa-4x click"></i></td>
</tr> </tr>{% endif %}
</tbody> </tbody>
</table> </table>
</body> </body>