From a96fefe119b8c91c2f5ae6ad04e11af676e5540b Mon Sep 17 00:00:00 2001 From: =?utf8?q?J=C3=A9r=C3=B4me=20Benoit?= Date: Mon, 15 Jan 2018 18:03:20 +0100 Subject: [PATCH] Add the following features: MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit * Account registration; * User login and logout; * Search form for flights; * CSS to polish the webapp; * Safe guard to protected pages. And also a bunch of bugs fixed. Signed-off-by: JÃ©rÃ´me Benoit --- includes/account.php | 7 ++++ includes/booking.php | 7 ++++ includes/config.php | 3 +- includes/formlogin.php | 32 +++++++++++---- includes/formregister.php | 40 +++++++++++------- includes/header.html | 1 + includes/header.php | 35 ++++++++++++---- includes/home.php | 32 ++++++--------- includes/login.php | 12 ++++-- includes/logout.php | 7 ++++ includes/register.php | 35 ++++++++++------ includes/search.php | 14 +++++++ index.php | 32 ++++++--------- js/airpolytech.js | 0 lib/db.php | 37 +++++++++++++---- lib/utils.php | 55 ++++++++++++++++++++++++- styles/airpolytech.css | 86 +++++++++++++++++++++++++++++++++++++-- 17 files changed, 333 insertions(+), 102 deletions(-) create mode 100644 includes/logout.php create mode 100644 js/airpolytech.js diff --git a/includes/account.php b/includes/account.php index e69de29..74fbddb 100644 --- a/includes/account.php +++ b/includes/account.php @@ -0,0 +1,7 @@ + diff --git a/includes/booking.php b/includes/booking.php index e69de29..74fbddb 100644 --- a/includes/booking.php +++ b/includes/booking.php @@ -0,0 +1,7 @@ + diff --git a/includes/config.php b/includes/config.php index 35fc43c..ef215ae 100644 --- a/includes/config.php +++ b/includes/config.php @@ -6,9 +6,10 @@ 'username' => 'fraggle', 'password' => '$Love79!', 'database' => 'bdVols', - 'actions' => array ( + 'actions' => array( 'home', 'login', + 'logout', 'register', 'booking', 'search', diff --git a/includes/formlogin.php b/includes/formlogin.php index 8da2e2c..73cdff0 100644 --- a/includes/formlogin.php +++ b/includes/formlogin.php @@ -3,14 +3,28 @@ $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING); if (!$form_email) { - echo "The email is not valid
"; -} else { - $sql_pquery = "select count(NumCI) from CLIENTS where EmailCI = ?"; - - echo "This email do not belong to a registred client, please register first
"; - - if (password_verify($form_password, $stored_password)) { - + echo "The email is not valid.
"; +} elseif (isset($form_email) && isset($form_password)) { + if (chk_account($form_email)) { + if (chk_password($form_email, $form_password)) { + // authentification okay, setup session + session_regenerate_id(true); + $_SESSION['email'] = $form_email; + $_SESSION['IP_address'] = $_SERVER['REMOTE_ADDR']; + // redirect to required page + echo "You're successfully authenticated.
"; + redirect("index.php", 3); + } else { + echo "Your password is incorrect for the account email" . $form_email . ".
"; + echo "Retour"; + } + } else { + echo "You do not have an account for the email " . $form_email . ".
"; + echo "Please register first."; + redirect("index.php?page=register", 3); } +} else { + // didn't authenticate, go back to login form + echo "Fail to authenticate.
"; + redirect("index.php?page=login", 3); } -?> diff --git a/includes/formregister.php b/includes/formregister.php index 53b5f6d..6cb9223 100644 --- a/includes/formregister.php +++ b/includes/formregister.php @@ -4,7 +4,7 @@ $form_firstname = filter_input(INPUT_POST, "firstname", FILTER_SANITIZE_STRING); $form_numstreet = filter_input(INPUT_POST, "numstreet", FILTER_VALIDATE_INT); $form_street = filter_input(INPUT_POST, "street", FILTER_SANITIZE_STRING); $form_postalcode = filter_input(INPUT_POST, "postalcode", FILTER_VALIDATE_INT); -$form_town = filter_input(INPUT_POST, "postalcode", FILTER_SANITIZE_STRING); +$form_city = filter_input(INPUT_POST, "city", FILTER_SANITIZE_STRING); $form_email = filter_input(INPUT_POST, "email", FILTER_VALIDATE_EMAIL); $form_password = filter_input(INPUT_POST, "password", FILTER_SANITIZE_STRING); $form_confirmpassword = filter_input(INPUT_POST, "confirmpassword", FILTER_SANITIZE_STRING); @@ -15,30 +15,42 @@ $error_email = false; $error_password = false; if (!$form_numstreet) { - echo "The street number is not valid
" ; + echo "The street number is not valid.
" ; $error_numstreet = true; } if (!$form_postalcode) { - echo "The postal code is not valid
"; + echo "The postal code is not valid.
"; $error_postalcode = true; } if (!$form_email) { - echo "The email is not valid
"; + echo "The email is not valid.
"; $error_email = true; } -if (strcmp($form_password, $form_confirmpassword) === 0) { - echo "Password do not match
"; +if (strcmp($form_password, $form_confirmpassword) !== 0) { + echo "Password do not match.
"; $error_password = true; } if (!empty($form_name) && !empty($form_firstname) && !empty($form_numstreet) && !empty($form_street) && - !empty($form_postalcode) && !empty($form_town) && !empty($form_email) && !empty($form_password)){ - global $connection; - $sql_pquery = "select count(NumCl) from CLIENTS where EmailCl = ?"; - $stmt = $connection->prepare_query($sql_pquery); - $stmt->bind_param("s", $form_email); - //$connection->prepared_query_bind_param("s", $form_email); - $connection->run_prepared_query(); - $connection->close_prepared_query(); + !empty($form_postalcode) && !empty($form_city) && !empty($form_email) && !empty($form_password) && + !$error_numstreet && !$error_postalcode && !$error_email && !$error_password) { + if (!chk_account($form_email)) { + global $connection; + $hashed_password = password_hash($form_password, PASSWORD_DEFAULT); + $sql_pquery = "insert into CLIENTS (NomCl, PrenomCl, EmailCl, PasswordCl, NumRueCl, NomRueCl, CodePosteCl, VilleCl) + values (?, ?, ?, ?, ?, ?, ?, ?)"; + $connection->prepare_query($sql_pquery); + $connection->prepared_query_bind_param("ssssisis", array($form_name, $form_firstname, $form_email, $hashed_password, $form_numstreet, $form_street, $form_postalcode, $form_city)); + $connection->run_prepared_query(); + $connection->close_prepared_query(); + echo "You've successfully registered, you will be redirected to the login form in 3 seconds.
"; + redirect("index.php?page=login", 3); + } else { + echo "You're already registered, you will be redirected to the login form in 3 seconds.
"; + redirect("index.php?page=login", 3); + } +} else { + echo "There's a required non filled field or the input in a field do not match the required pattern.
"; + echo "Retour"; } ?> diff --git a/includes/header.html b/includes/header.html index 602e0cf..557bf59 100644 --- a/includes/header.html +++ b/includes/header.html @@ -6,5 +6,6 @@ + diff --git a/includes/header.php b/includes/header.php index ac394bf..1aa4c02 100644 --- a/includes/header.php +++ b/includes/header.php @@ -1,25 +1,44 @@ +

+ Mon espace client +
+ "; + echo "Se déconnecter"; + } else { + echo "S'identifier"; + } + ?> +

+ + + diff --git a/includes/home.php b/includes/home.php index cc378a2..fa15da8 100644 --- a/includes/home.php +++ b/includes/home.php @@ -1,24 +1,16 @@ +query($requete); - echo "

\n"; - echo "\n"; - while ($ligne = $result->fetch_row()) { - $code = htmlentities($ligne[0]); - $nom = htmlentities($ligne[1]); - $rue = htmlentities($ligne[2]); - $ville = htmlentities($ligne[3]); - echo "\n"; - } - echo "

Code_CL	Nom	Rue	Ville
$code	$nom	$rue	$ville

\n"; - $result->close(); +if (!$is_logged_in) { + $root_url = $configs['root_url']; + echo "\n"; + echo " S'identifier\n"; + echo " Créer un compte\n"; + echo "\n"; } - -home(); - ?> + + >Rechercher un vol + + diff --git a/includes/login.php b/includes/login.php index 19c74da..cc7fd92 100644 --- a/includes/login.php +++ b/includes/login.php @@ -1,6 +1,10 @@ - diff --git a/includes/logout.php b/includes/logout.php new file mode 100644 index 0000000..689d777 --- /dev/null +++ b/includes/logout.php @@ -0,0 +1,7 @@ +"; +redirect("index.php", 2); +?> diff --git a/includes/register.php b/includes/register.php index 72b9884..8db3bc0 100644 --- a/includes/register.php +++ b/includes/register.php @@ -1,15 +1,24 @@ - diff --git a/includes/search.php b/includes/search.php index e69de29..2a1b947 100644 --- a/includes/search.php +++ b/includes/search.php @@ -0,0 +1,14 @@ +

Rechercher un vol

+ + diff --git a/index.php b/index.php index 8bceb64..9dc9e0b 100644 --- a/index.php +++ b/index.php @@ -2,19 +2,13 @@ require('includes/header.php'); include('lib/db.php'); -include('lib/utils.php'); - -/** - * [session_start start a unique session for the current browser client] - */ -session_start(); $connection = new CustomDB($configs['host'], $configs['username'], $configs['password'], $configs['database']); $page = filter_input(INPUT_GET, 'page', FILTER_SANITIZE_URL); -$isPage = true; +$is_page = true; if (!isset($page)) { - $isPage = false; + $is_page = false; $page = ""; } @@ -22,20 +16,20 @@ if (!isset($page)) { * form MUST have an hidden field named 'form' to enable proper routing */ $form = filter_input(INPUT_POST, 'form', FILTER_SANITIZE_URL); -$isForm = true; +$is_form = true; if (!isset($form)) { - $isForm = false; + $is_form = false; $form = ""; } function get_action_type() { - global $isPage, $isForm; + global $is_page, $is_form; - if ($isPage && !$isForm && is_get_request()) { + if ($is_page && !$is_form && is_get_request()) { return "page"; - } elseif ($isForm && !$isPage && is_post_request()) { + } elseif ($is_form && !$is_page && is_post_request()) { return "form"; - } elseif (!$isPage && !$isForm && is_get_request()){ + } elseif (!$is_page && !$is_form && is_get_request()){ return "empty"; } else { return "unknown"; @@ -52,7 +46,7 @@ function get_url_action($action_type) { } elseif ($action_type === "empty") { return ""; } elseif ($action_type === "unknown") { - die('Cannot get a valid action from URL parameters or form fields'); + die('Cannot get a valid action from URL parameters or form fields.'); } } @@ -91,19 +85,17 @@ function display_action($action_name, $action_type) } elseif ($action_type === "form") { include($includes_rpath . "/form" . $action . ".php"); } else { - echo "Unknown error in action displaying
"; + echo "Unknown error in action displaying.
"; } $found_action = true; break; } } if (!$found_action) { - echo "Action to display do not exist
"; + echo "Action to display do not exist.
"; } } -//password_hash('12345678', PASSWORD_DEFAULT); - $action_type = get_action_type(); $url_action = get_url_action($action_type); $action = validate_url_action($url_action); @@ -111,7 +103,7 @@ display_action($action, $action_type); $connection->close(); -session_destroy(); +session_write_close(); require('includes/footer.html'); ?> diff --git a/js/airpolytech.js b/js/airpolytech.js new file mode 100644 index 0000000..e69de29 diff --git a/lib/db.php b/lib/db.php index b548804..6c102c3 100644 --- a/lib/db.php +++ b/lib/db.php @@ -9,6 +9,7 @@ class CustomDB public $connected; private $current_pquery; private $current_stmt; + private $current_result; /** * [__construct description] @@ -25,12 +26,17 @@ class CustomDB if (!$this->connection->connect_errno) { $this->connected = true; } else { - die('Fail to connect to the RDBMS'); + die('Fail to connect to the RDBMS.'); } return $this->connection; } + /* public function __destruct() + { + $this->close(); + } */ + /** * [close description] * @return [type] [description] @@ -40,7 +46,7 @@ class CustomDB if ($this->connected && $this->connection->close()) { $this->connected = false; } else { - die('Fail to close the connection to the RDBMS'); + die('Fail to close the connection to the RDBMS.'); } } @@ -51,10 +57,10 @@ class CustomDB */ public function query($sql_query) { - if ($this->connected && !($query_result = $this->connection->query($sql_query))) { + if ($this->connected && !($this->current_result = $this->connection->query($sql_query))) { echo "Fail to execute the SQL query : " . $sql_query . "
"; } - return $query_result; + return $this->current_result; } /** @@ -78,10 +84,9 @@ class CustomDB * @param [type] $params [description] * @return [type] [description] */ - public function prepared_query_bind_param(...$params) + public function prepared_query_bind_param($types, $params) { - var_dump($params); - $rt_val = $this->current_stmt->bind_param($params); + $rt_val = $this->current_stmt->bind_param($types, ...$params); if (!$rt_val) { echo "Fail to link parameters to SQL query : (" . $this->current_stmt->errno . ") " . $this->current_stmt->error . " - " . $this->current_pquery . "
"; } @@ -101,6 +106,24 @@ class CustomDB return $rt_val; } + public function get_pquery_result() + { + $rt_val = $this->current_result = $this->current_stmt->get_result(); + if (!$rt_val) { + echo "Fail to fill SQL query result : (" . $this->current_stmt->errno . ") " . $this->current_stmt->error . " - " . $this->current_pquery . "
"; + } + return $rt_val; + } + + public function get_result_array() + { + $rt_val = $this->current_result->fetch_array(); + if (!$rt_val) { + echo "Fail to build SQL query result array : (" . $this->current_stmt->errno . ") " . $this->current_stmt->error . " - " . $this->current_pquery . "
"; + } + return $rt_val; + } + /** * [close_prepared_query description] * @return [type] [description] diff --git a/lib/utils.php b/lib/utils.php index d937db7..bc5db9b 100644 --- a/lib/utils.php +++ b/lib/utils.php @@ -1,5 +1,6 @@ prepare_query($sql_pquery); + $connection->prepared_query_bind_param("s", array($email)); + $connection->run_prepared_query(); + $connection->get_pquery_result(); + $row = $connection->get_result_array(); + $connection->close_prepared_query(); + if (!empty($row[0])) { + return true; + } else { + return false; + } +} + +function chk_password($email, $password) +{ + global $connection; + $sql_pquery = "select PasswordCl from CLIENTS where EmailCl = ?"; + $connection->prepare_query($sql_pquery); + $connection->prepared_query_bind_param("s", array($email)); + $connection->run_prepared_query(); + $connection->get_pquery_result(); + $row = $connection->get_result_array(); + $connection->close_prepared_query(); + if (password_verify($password, $row[0])) { + return true; + } else { + return false; + } +} + +function chk_logged_in() +{ + if (isset($_SESSION['email'])) { + return true; + } else { + return false; + } +} + +function redirect($url, $delay) +{ + header("refresh:$delay; url=$url"); +} + ?> diff --git a/styles/airpolytech.css b/styles/airpolytech.css index 00dd294..e5a93bf 100644 --- a/styles/airpolytech.css +++ b/styles/airpolytech.css @@ -3,7 +3,9 @@ body { color: #eeeeee; font-family: 'Encode Sans Semi Condensed', Arial, Helvetica, Verdana, sans-serif; display: block; - margin: 8px; + text-align: center; + line-height: 2em; + margin: 2em; } a, a:link a:active { @@ -21,11 +23,87 @@ a:hover { color: #909090; } -#footer { - text-align: center; +form { + width: 680px; + margin: 0px auto; + line-height: 2.5em; +} + +form#login { + width: 680px; +} + +form#search { + width: 620px; +} + +form#register { + width: 720px; +} + +label, input { + /* in order to define widths */ + display: inline-block; +} + +label { + width: 30%; + /* positions the label text beside the input */ + text-align: right; +} + +label + input { + width: 30%; + /* large margin-right to force the next element to the new-line + and margin-left to create a gutter between the label and input */ + margin: 0 30% 0 4%; +} + +/* only the submit button is matched by this selector, + but to be sure you could use an id or class for that button */ +input + input { + float: right; +} + +table { + margin: 0px auto; + width: 100%; +} + +table#home { + font-size: 3em; + line-height: 1em; +} + +table#result tr:nth-child(even) { + background-color: #eee; +} + +table#result tr:nth-child(odd) { + background-color: #fff; } #header { - font-size: 44px; + font-size: 4em; + text-align: center; + margin-top: 1em; + margin-bottom: 1em; +} + +#account { + text-align: right; + line-height: 1.2em; +} + +#menu { + font-size: 2em; + text-align: center; + margin-top: 1em; + margin-bottom: 1em; +} + +#footer { text-align: center; + margin-top: 1em; + margin-bottom: 1em; } -- 2.34.1

Identifiez-vous

Créer votre compte

Rechercher un vol