Properly separate the HTTP GET requests from the POST requests

treatement.

Signed-off-by: Jérôme Benoit <jerome.benoit@piment-noir.org>

diff --git a/formlogin.php b/formlogin.php
new file mode 100644 (file)
index 0000000..99db023
--- /dev/null
+++ b/formlogin.php
@@ -0,0 +1,11 @@
+<?php
+$form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL);
+$form_password = filter_input(INPUT_POST, "password", FILTER_VALIDATE_STRING);
+
+if (!form_email) {
+    echo "The email " .$form_email . " is not valid";
+} else {
+    $sql_pquery = "select count() from Client where EmailCI = ?";
+}
+
+?>

diff --git a/index.php b/index.php
index 2829b2676d9a720de486008b50984ba1f355fb97..125f62049964198da07139d78e5286c4990abb5b 100644 (file)
--- a/index.php
+++ b/index.php
@@ -1,7 +1,7 @@
 <?php
 require('header.php');
 
-include('libs/db.php');
+include('lib/db.php');
 /**
  * Let's use an array as the list of tunables.
  * Put in a variable the inclusion of this file:
@@ -14,25 +14,32 @@ $configs = include('config.php');
  */
 session_start();
 
-//$page = filter_input(INPUT_GET, $_GET['page'], FILTER_SANITIZE_URL);
-$page = $_GET['page'];
-
+$page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_URL);
+$isPage = true;
 if (!isset($page)) {
+    $isPage = false;
     $page = "";
 }
 
+$form = filter_input(INPUT_POST, 'form', FILTER_SANITIZE_URL);
+$isForm = true;
+if (!isset($form)) {
+    $isForm = false;
+    $form = "";
+}
+
 /**
- * [valid_page validate if the current page is a valid site actions]
+ * [validate_url_action validate if the current page is a valid site actions]
  * @param  [string] $page [the viewed page name]
  * @return [string]       [the valid matching action or the default action
  *                         if the action name do not exist ]
  */
-function valid_page($page_name)
+function validate_url_action($action_name)
 {
     global $configs;
 
     foreach ($configs['actions'] as $action) {
-        if (strcmp($page_name, $action) === 0) {
+        if (strcmp($action_name, $action) === 0) {
             // The actions list can't have duplicated entries
             return $action;
         }
@@ -41,14 +48,34 @@ function valid_page($page_name)
     return $configs['actions'][0];
 }
 
+function get_action_type() {
+    global $page, $form, $isPage, $isForm;
+
+    if ($isPage && !$isForm) {
+        return "page";
+    } elseif ($isForm && !$isPage) {
+        return "form";
+    } elseif (!$isPage && !$isForm){
+        return "empty";
+    } else {
+        return "unknown";
+    }
+}
+
 function display_action($action_name)
 {
-    global $configs;
+    global $configs, $isPage, $isForm;
 
     $found_action = false;
     foreach ($configs['actions'] as $action) {
         if (strcmp($action_name, $action) === 0) {
-            include("$action.php");
+            if (get_action_type() === "page" || get_action_type() === "empty") {
+                include($action . ".php");
+            } elseif (get_action_type() === "form") {
+                include("form" . $action . ".php");
+            } else {
+                echo "Impossible error";
+            }
             $found_action = true;
             break;
         }
@@ -58,7 +85,22 @@ function display_action($action_name)
     }
 }
 
-$action = valid_page($page);
+function get_url_action() {
+    global $page, $form, $isPage, $isForm;
+
+    if (get_action_type() === "page") {
+        return $page;
+    } elseif (get_action_type() === "form") {
+        return $form;
+    } elseif (get_action_type() === "empty") {
+        return "";
+    } elseif (get_action_type() === "unknown") {
+        die('Cannot get a valid action from URL parameters');
+    }
+}
+
+$url_action = get_url_action();
+$action = validate_url_action($url_action);
 display_action($action);
 
 session_destroy();

diff --git a/libs/db.php b/lib/db.php
similarity index 100%
rename from libs/db.php
rename to lib/db.php

diff --git a/lib/utils.php b/lib/utils.php
new file mode 100644 (file)
index 0000000..e6e0365
--- /dev/null
+++ b/lib/utils.php
@@ -0,0 +1,9 @@
+<?php
+function isPostRequest() {
+    if (filter_input(INPUT_SERVER, 'REQUEST_METHOD') === 'POST') {
+        return true;
+    } else {
+        return false;
+    }
+}
+?>

diff --git a/login.php b/login.php
index 89b3b2d468f972a37961dc32c1badba389c340f1..f797a7eac23fbc25c1ba7eb15a1e2f4a061d00bf 100644 (file)
--- a/login.php
+++ b/login.php
@@ -1,4 +1,4 @@
-<form action="action.php" method="post">
+<form action="index.php?form=login" method="post">
  <p>Email : <input type="text" name="email" /></p>
  <p>Mot de passe : <input type="text" name="password" /></p>
  <p><input type="submit" value="OK"></p>