()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/'; $pwPatern = '/^[a-z]{8,16}$/'; $loginPatern = '/^[a-z]{8,16}$/'; $ret["return"] = false; $ret["pw"] = null; try { $config = include('config.php'); $bdd = new PDO('mysql:host='.$config['host'].';dbname='.$config['dbName'].';charset=utf8', $config['username'], $config['pw']); } catch (Exception $e) { die('Erreur : '.$e->getMessage()); } //DELETE FROM `projetphp` WHERE `projetphp`.`login` = \'caprout\' if (isset($_POST["userToDel"])) { $req = $bdd->prepare('DELETE FROM `projetphp` WHERE `projetphp`.`login`=:login'); $req->execute(array( 'login' => htmlspecialchars($_POST["userToDel"]))); $req->closeCursor(); } elseif (isset($_POST["userExist"])) { if(userExist($_POST["userExist"])) { $ret["return"] = "userExist"; } else { $ret["return"] = "userNotExist"; } } //INSERT INTO `projetphp` (`login`, `date_naissance`, `e_mail`, `mot_de_passe`, `security_level`) VALUES ('blipblop', '2019-01-09', 'aaaaa@aaa.cc', MD5('sdfqsdfsfd'), '5'); elseif (isset($_POST["newUser"],$_POST["datene"], $_POST["email"], $_POST["pw"]) && $_POST["newUser"] == "true") { if(preg_match($loginPatern, $_POST["login"]) && preg_match($emailPatern, $_POST["email"]) && preg_match($pwPatern, $_POST["pw"])) { if(userExist($_POST["login"])) { $ret["return"] = "userExist"; $ret["register"] = false; } else { $sl = isset($_POST["sl"])?$_POST["sl"]:"5"; $ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')); $req = $bdd->prepare('INSERT INTO `projetphp` (`login`, `date_naissance`, `e_mail`, `mot_de_passe`, `security_level`) VALUES (:login, :datene, :email, :pw, :slvl)'); $req->execute(array( 'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'), 'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'), 'email' => (htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8')), 'pw' => $ret["pw"], 'slvl' => htmlspecialchars($sl, ENT_QUOTES, 'UTF-8'), )); $req->closeCursor(); $ret["return"] = true; $ret["register"] = true; } } else { $ret["return"] = "patern mismatch !".preg_match($loginPatern, $_POST["login"]) ."_". preg_match($emailPatern, $_POST[email]) ."_". preg_match($pwPatern, $_POST["pw"]); } } //UPDATE `projetphp` SET `security_level` = '6' WHERE `projetphp`.`login` = 'aaazzze'; else if (isset($_POST["newUser"], $_POST["updatePW"], $_POST["datene"], $_POST["email"], $_POST["pw"], $_POST["sl"], $_POST["login"]) && $_POST["newUser"] == "false" && (isset($_SESSION["login"]) && $_SESSION["login"] == $_POST["login"] || isset($_SESSION["sl"]) && $_SESSION["sl"] == "10")){ if (preg_match($emailPatern, $_POST["email"])) { if (htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "true" && preg_match($pwPatern, $_POST["pw"])) { $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `mot_de_passe` = :pw, `security_level` = :sl WHERE `projetphp`.`login` = :login'); $req->execute(array( 'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'), 'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'), 'pw' => md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')), 'sl' => ($_SESSION["sl"]=="10"?htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'):$_SESSION["sl"]), 'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'), )); $req->closeCursor(); $ret["return"] = true; $ret["pw"] = md5(htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8')); } elseif (htmlspecialchars($_POST["updatePW"], ENT_QUOTES, 'UTF-8') == "false") { $req = $bdd->prepare('UPDATE `projetphp` SET `date_naissance` = :datene, `e_mail` = :email, `security_level` = :sl WHERE `projetphp`.`login` = :login'); $req->execute(array( 'datene' => htmlspecialchars($_POST["datene"], ENT_QUOTES, 'UTF-8'), 'email' => htmlspecialchars($_POST["email"], ENT_QUOTES, 'UTF-8'), 'sl' => ($_SESSION["sl"]=="10"?htmlspecialchars($_POST["sl"], ENT_QUOTES, 'UTF-8'):$_SESSION["sl"]), 'login' => htmlspecialchars($_POST["login"], ENT_QUOTES, 'UTF-8'), )); $req->closeCursor(); $ret["return"] = true; $ret["pw"] = htmlspecialchars($_POST["pw"], ENT_QUOTES, 'UTF-8'); } else ; } else ; } echo json_encode((object)$ret);