diff --git a/admin.php b/admin.php index b3d9bbc..0b8346f 100644 --- a/admin.php +++ b/admin.php @@ -1 +1,176 @@ connect ( $_SESSION ['session_mdp'] ); +if ($me->isAdminLevelLowerThan ( 15 )) { + header ( 'Location:401.php' ); + exit (); +} +?> + + + + + +La console d'admin + + + + + + +
+ +
+ Objet

+ +
+ +
+ Valeur
+ +
+ +
+ +
+ + Hello !!!
+ + + + + +
+
+
+ + + + + +
Nom du champ
+ + + + + +
+
+
+ + + + + \ No newline at end of file diff --git a/admindialog.php b/admindialog.php index e427a0b..0aa78dd 100644 --- a/admindialog.php +++ b/admindialog.php @@ -1,52 +1,224 @@ connect(); -if($me->getAdminLevel()<15){ +if($me->isAdminLevelLowerThan(15)){ echo 'Your admin level is too low (15 or more required)'; exit; -}elseif(!isset($_GET['action'])){ - echo 'Please set an action in the URL (GET method ,name:"action")'; +}elseif(!isset($_POST['command'])){ + echo 'Please set an command in the URL (POST method ,name:"command")'; + exit; +} +*/ +function isAlphaNumeric($char){ + return isAlphabetic($char) or isNumeric($char); +} +function isAlphabetic($char){ + return preg_match('#^[abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ_]$#',$char) === 1; +} +function isNumeric($char){ + return preg_match('#^[0123456789]$#',$char) === 1; +} + +function error($pos,$reason){ + echo 'Error at char '.$pos.' : '.$reason; exit; } -switch ($_GET['action']){ - -case 'set_discutionVisibility' : - if(!isset($_POST['discutionVisibility'])){ - echo 'You must give a discution visibility (POST method,name:"discutionVisibility")'; - exit; +function readAlphabetic($command){ + global $pos; + $out = ""; + while (isAlphaNumeric($command[$pos])) { + $out .= $command[$pos]; + $pos+=1; } - if(!isset($_POST['discutionID'])){ - echo 'You must give a discution ID (POST method,name:"discutionID")'; - exit; + return $out; +} + +function readNumeric($command){ + //TODO Add non-integer support (virgule , puissance , autres bases ...) + global $pos; + $out = ""; + while (isNumeric($command[$pos])) { + $out .= $command[$pos]; + $pos+=1; } - $discutionVisibility = $_POST['discutionVisibility']; - $discutionID = $_POST['discutionID']; - if ($discutionVisibility !== 'p' and preg_match ( "#^a[0-9]+$#",$discutionVisibility ) != 1 and preg_match ( '#^x([0-9]+;)*([0-9]+)?$#', $discutionVisibility ) != 1 ){ - echo 'Your discution visibility is not well-formed : it should have been formed like ("p" or "x31;41;59;26;53" or "a42")'; - exit; + return intval($out); +} + +function readString($command,$startChar='\"'){ + global $pos; + $out = ""; + $startChar = $command[$pos]; + $pos+=1; + while (TRUE) { + $char = $command[$pos]; + if($char === $startChar) + break; + if($char === '\\'){ + $pos+=1; + switch ($command[$pos]){ + case '\\': + $char = '\\'; + break; + case $startChar: + $char = $startChar; + break; + default: + error($pos,'Unexpected "'.$command['pos'].'" after "\\"'); + } + } + $out .= $char; + $pos+=1; } - - $req = $GLOBALS['bdd']->prepare('UPDATE discussions SET autorized=? WHERE ID=?'); - $req->execute(array($discutionVisibility,$discution)); - - - - - - - - exit; + $pos +=1; + return $out; +} + +$operators = array('=','!=','>','<','>=','=>','<=','=<','&has;','&nhas;'); +$operatorsChars = array('=','!','<','>','&'); + +function readOperator($command,$endChar = 'abcdefghijklmnopqrstuvwxytABCDEFGHIJKLMNOPQRSTUVWZYZ0123456789"\''){ + global $pos,$operators; + if($command[$pos] === '&'){ + $pos+=1; + $inOperator = readAlphabetic($command); + if($command[$pos] !== ';'){ + error($pos, 'Unexepted character at the end of the operator ' . $inOperator); + } + return '&'.$inOperator.';'; + } + $reading = ''; + $lastOperator = ''; + $maxPos=min(strlen($command),$pos+5); + $tPos = $pos; + while ($tPos<$maxPos) { + $reading .= $command[$pos]; + $tPos+=1; + if(in_array($reading,$operators,TRUE)) + $lastOperator=$reading; + } + $pos += strLen($lastOperator); + if(!in_array($lastOperator,$operators)) + error($pos, 'Unknown operator : '.$out); + return $lastOperator; +} + +function readSelector($command){ + global $pos,$operatorsChars; + $out = array(); + $pos += 1;//@ + if(!isAlphabetic($command[$pos])) + error($pos,'Unexepted non-alphabetic char "'.$command[$pos].'" after @'); + $className = readAlphabetic($command,'['); + $pos += 1;//[ +1 + $attributes = array(); + while($command[$pos] !== ']'){ + if($command[$pos] === ',') + $pos+=1; + $attributeName = readAlphabetic($command,implode($operatorsChars)); + $operator = readOperator($command); + $data = null; + $type = $command[$pos]; + if(isAlphabetic($type)){ + $data = array('a',readAlphabetic($command)); + }elseif (isNumeric($type)){ + $data = array('0',readNumeric($command)); + }elseif ($type === '"' or $type === '\''){ + $data = array('\"',readString($command)); + }elseif ($type === "@"){ + $data = array('@',readSelector($command)); + } + $attribute = array(); + $attribute[0] = $attributeName; + $attribute[1] = $operator; + $attribute[2] = $data; + $attributes[] = $attribute; + } + $pos+=1;//after "[" + if($command[$pos] == ':'){ + $pos+=1;//letter after ":" + $selectedAttribute = readAlphabetic($command); + return array($className,$attributes,$selectedAttribute); + } + return array($className,$attributes); +} + + +$command=$_POST['command'].' '; +$nommes=array(); +$pos=0; +while ($pos'; +print_r($nommes); +echo ''; -default : - echo 'Unknown action : '+$_GET['action']; +function exception($reason){ + echo 'An exception occurred : '.$reason; exit; +} + +if($nommes[0][0] == 'a'){ + //Command + $fonction = strtoupper($nommes[0][1]); + switch ($fonction){ + case 'SET': + if(count($nommes) !== 42) + exception('La fonction n\'a pas recu le bon nombre d\'arguments (42)'); + if($nommes[1][0] !== '@') + exception('Le deuxième argument doit etre un selecteur'); + switch ($nommes[1][0][0]){ + case 'Membre': + break; + case 'Projet': + break; + case 'Membre': + break; + case 'Projet': + break; + case 'Membre': + break; + default: + exception('Unknown selector class :'.$nommes[1][0][0]); + } + + case 'DELETE': + + default: + exception('Unknown function '.$fonction); + + } -} \ No newline at end of file +} + + diff --git a/clazz/Discussion.class.php b/clazz/Discussion.class.php deleted file mode 100644 index 10b5cd1..0000000 --- a/clazz/Discussion.class.php +++ /dev/null @@ -1,151 +0,0 @@ -ID = $ID; - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE ID=?'); - $req->execute(array($ID)); - if($rep = $req->fetch()){ - $this->valid = TRUE; - $this->name = $rep['name']; - $this->creatorID = $rep['creatorID']; - $this->dateCreation = $rep['dateCreation']; - $this->accessibility = $rep['accessibility']; - }else{ - $this->valid = FALSE; - } - } - public function exists(){ - return $this->valid; - } - public function __toString(){ - $out = 'Discussion\n'; - $out .= '\tID:' . $this->ID . '\n'; - $out .= '\tName:' . $this->name . '\n'; - $out .= '\tCreator\'s ID:' . $this->creatorID . '\n'; - $out .= '\tDate of creation:' . $this->dateCreation . '\n'; - $out .= '\tAccessibility:' . $this->accessibility . '\n'; - return out; - } - - //Getters - public function getID(){ - return $this->ID; - } - - public function getName(){ - return $this->name; - } - - public function getCreatorID(){ - return $creatorID; - } - - public function getDateCreation(){ - return $this->dateCreation; - } - - public function getAccessibility(){ - return $this->accessibility; - } - - - //Useful Getters - public function canAccess($membre){ - $out = $this->accessibility === 'p'; - if(preg_match ( "#^a[0-9]+$#", $this->accessibility ) == 1) - $out = $out or intval ( substr ( $this->accessibility, 1 ) ) <= $membre->getAdminLevel(); - $out = $out or preg_match ( '#^x([0-9]+;)*' . $membre->getID() . '(;[0-9]+)*$#', $disc ['autorized'] ) == 1; - $out = $out or $membre->getAdminLevel() >= 14; - return $out; - } - - //Setters - const NAME_ALREADY_USED = 'Nom déjà utilisé'; - const ILLEGAL_NAME = 'Le nom de la discussion est incorrect : les caractères autorisés sont :'. - '
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'. - 'éèàμ_-\'()[\\]\\\\/,;:.§!ù%£$¤=+-*\\#~"|ç@'; - const TOO_LONG_NAME = 'Le nom est trop long : maximum 256 caractères'; - public function rename($newName){ - if(!exists()) - return NULL; - if(getFromName($newName)) - return NAME_ALREADY_USED; - $regex = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'. - 'éèàµ_\\-\'()\\[\\]\\\\/,;:.§!ù%£$¤=+\\-*\\#~"|ç@'; - $regex = '#^['.$regex.']+$#'; - if(preg_match($regex,$newName) != 1) - return ILLEGAL_NAME; - } - - //Discussions getters - private static function discussionGetterOutput($req){ - $out = array(); - while($rep = $req->fetch()) - $out[] = new Discussion($rep['ID']); - if($out) - return $out; - else - return NULL; - } - - public static function getFromName($name){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE name=?'); - $req->execute(array($name)); - return discussionGetterOutput($req); - } - - public static function getFromCreator($ID){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE creatorID=?'); - $req->execute(array($ID)); - return discussionGetterOutput($req); - } - - public static function getFromDateCreation($date){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE dateCreation=?'); - $req->execute(array($date)); - return discussionGetterOutput($req); - } - - public static function getFromAccessibility($accessibility){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE creatorID=?'); - $req->execute(array($accessibility)); - return discussionGetterOutput($req); - } - - public static function getCreatedLaterThan($date){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE dateCreation>?'); - $req->execute(array($date)); - return discussionGetterOutput($req); - } - - public static function getCreatedEarlierThan($date){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions WHERE dateCreationexecute(array($date)); - return discussionGetterOutput($req); - } - - public static function getWhichHeCanAccess($he){ - $req = $GLOBALS['bdd']->prepare('SELECT * FROM discussions'); - $req->execute(array()); - $out = array(); - while ( $rep = $req->fetch()) { - $disc = new Discussion($rep['ID']); - if ($disc->canAccess($membre)) - $out[] = $disc; - } - if($out) - return $out; - else - return NULL; - } - -} \ No newline at end of file diff --git a/clazz/Membre.class.php b/clazz/Membre.class.php index 672c88f..232d640 100644 --- a/clazz/Membre.class.php +++ b/clazz/Membre.class.php @@ -1,107 +1 @@ -id = $id ?? $_SESSION ['session_id']; - $this->password = $pass ?? $_SESSION ['session_mdp']; - $connected = FALSE; - } - public function connect() { - $req = $GLOBALS ['bdd']->prepare ( 'SELECT * FROM users WHERE ID=?' ); - $req->execute ( array ( - $this->id - ) ); - if ($rep = $req->fetch ()) { - $connected = password_verify ( $this->pass, $rep ['mdp'] ); - $this->adminLevel = $connected ? $result ['administration'] : - 1; - $this->pseudo = $connected ? $result ['pseudo'] : NULL; - if ($connected) - decodeData ( $rep ['data'] ); - return $this->connected = $connected; - } else { - $req->closeCursor (); - return $this->connected = FALSE; - } - } - public function hasPersonnalMessage() { - return isset ( $this->personnalMessage ); - } - public function showPersonnalMessage() { - $msg = $this->personnalMessage; - $this->personnalMessage = NULL; - return $msg; - } - private function decodeData($data) { - $jsonData = json_decode ( $data ); - // Set the data's required_banner if it is defined , otherwise sets the DEFAULT_BANNER - $this->requiredBanner = $jsonData ['requiredBanner'] ?? self::DEFAULT_BANNER; - $this->personnalMessage = $jsonData ['personnalMessage'] ?? NULL; - } - private function encodeData() { - $jsonArray = array (); - // Set requiredBanner only if it is different from DEFAULT_BANNER - $jsonArray ['requiredBanner'] = $this->requiredBanner !== self::DEFAULT_BANNER ? $this->requiredBanner : NULL; - $jsonArray ['personnalMessage'] = $this->personnalMessage ?? NULL; - return json_encode ( $jsonArray ); - } - public function getID(){ - return $this->id; - } - public function getAdminLevel() { - return $this->adminLevel; - } - public function getBanner() { - return $this->requiredBanner; - } - public function isConnected() { - return $connected; - } - public static function tryToConnect($pseudo = NULL, $mdp = NULL) { - $pseudo = $pseudo ?? $_POST ['pseudo']; - $mdp = $mdp ?? $_POST ['mdp']; - $req = $GLOBALS ['bdd']->prepare ( 'SELECT * FROM users WHERE pseudo=?' ); - $req->execute ( array ( - $pseudo - ) ); - $reponce = $req->fetch (); - if ($reponce != NULL) { - if (password_verify ( $mdp, $reponce ['mdp'] )) { - $req->closeCursor (); - return $reponce ['ID']; - } else { - $req->closeCursor (); - return 'errormdp'; - } - } else { - $req->closeCursor (); - return 'errorpseudo'; - } - } - public static function registerPerson($pseudo, $mdp) { - $req = $GLOBALS ['bdd']->prepare ( "SELECT * FROM users WHERE pseudo=?" ); - $req->execute ( array ( - $_POST ['pseudo'] - ) ); - if ($req->fetch ()) - return 'usedPseudo'; - $req = $GLOBALS ['bdd']->prepare ( 'INSERT INTO users(pseudo,mdp,date_creation) VALUES (?,?,NOW())' ); - $req->execute ( array ( - $_POST ['pseudo'], - password_hash ( $_POST ['mdp'], PASSWORD_DEFAULT ) - ) ); - return 'ok'; - } -} - - - - - +id = $id ?? $_SESSION['session_id']; $this->password = $pass ?? $_SESSION['session_mdp']; $connected = FALSE; } public function connect(){ $req = $GLOBALS ['bdd']->prepare ( 'SELECT * FROM users WHERE ID=?' ); $req->execute (array($this->id)); if ($rep = $req->fetch ()){ $connected = password_verify ( $this->pass, $rep ['mdp'] ); $this->adminLevel = $connected?$result ['administration']:-1; $this->pseudo = $connected?$result['pseudo']:NULL; if($connected)decodeData($rep['data']); return $this->connected = $connected; }else{ $req->closeCursor (); return $this->connected = FALSE; } } public function hasPersonnalMessage(){ return isset($this->personnalMessage); } public function showPersonnalMessage(){ $msg = $this->personnalMessage; $this->personnalMessage = NULL; return $msg; } private function decodeData($data) { $jsonData = json_decode($data); //Set the data's required_banner if it is defined , otherwise sets the DEFAULT_BANNER $this->requiredBanner = $jsonData['requiredBanner'] ?? self::DEFAULT_BANNER; $this->personnalMessage = $jsonData['personnalMessage'] ?? NULL; } private function encodeData(){ $jsonArray = array(); //Set requiredBanner only if it is different from DEFAULT_BANNER $jsonArray['requiredBanner'] = $this->requiredBanner !== self::DEFAULT_BANNER ? $this->requiredBanner : NULL; $jsonArray['personnalMessage'] = $this->personnalMessage ?? NULL; return json_encode($jsonArray); } public function getAdminLevel(){ return $this->adminLevel; } public function getBanner() { return $this->requiredBanner; } public function isConnected(){ return $connected; } public static function tryToConnect($pseudo = NULL,$mdp = NULL){ $pseudo = $pseudo ?? $_POST ['pseudo']; $mdp = $mdp ?? $_POST ['mdp']; $req = $GLOBALS ['bdd']->prepare ( 'SELECT * FROM users WHERE pseudo=?' ); $req->execute ( array ( $pseudo ) ); $reponce = $req->fetch (); if ($reponce != NULL) { if (password_verify ( $mdp, $reponce ['mdp'] )) { $req->closeCursor (); return $reponce ['ID']; } else { $req->closeCursor (); return 'errormdp'; } } else { $req->closeCursor (); return 'errorpseudo'; } } public static function registerPerson($pseudo, $mdp) { $req = $GLOBALS ['bdd']->prepare ( "SELECT * FROM users WHERE pseudo=?" ); $req->execute (array($_POST ['pseudo'])); if ($req->fetch ()) return 'usedPseudo'; $req = $GLOBALS ['bdd']->prepare ( 'INSERT INTO users(pseudo,mdp,date_creation) VALUES (?,?,NOW())' ); $req->execute(array($_POST ['pseudo'],password_hash ( $_POST ['mdp'], PASSWORD_DEFAULT))); return 'ok'; }} \ No newline at end of file diff --git a/clazz/Projet.class.php b/clazz/Projet.class.php new file mode 100644 index 0000000..0a9e3c7 --- /dev/null +++ b/clazz/Projet.class.php @@ -0,0 +1,64 @@ +ID = $ID; + $req = $GLOBALS['bdd']->prepare('SELECT * FROM projets WHERE ID=?'); + $req->execute(array($ID)); + if($rep = $req->fetch()){ + $this->valid = TRUE; + $this->name = $rep['name']; + $this->owner = new Membre($rep['ownerID']); + $this->dateCreation = $rep['dateCreation']; + $this->secondaryOwners = array(); + foreach (explode(';',$rep['secondaryOwners']) AS $secondaryOwner) + $this->secondaryOwners[] = new Membre($secondaryOwner); + }else{ + $this->valid = FALSE; + } + } + + public function exists(){ + return $this->valid; + } + + public function __toString(){ + $out = 'Projet\n'; + $out .= '\tID:' . $this->ID . '\n'; + $out .= '\tName:' . $this->name . '\n'; + $out .= '\tOwner:{' . substr(str_replace('\n\t',';',$this->owner->__toString()),0,-1) . '}\n'; + foreach($this->secondaryOwners AS $secondaryOwner) + $out .= '\tSecondary owner:{' . substr(str_replace('\n\t',';',$secondaryOwner->__toString()),0,-1) . '}\n'; + $out .= '\tDate of creation:' . $this->dateCreation . '\n'; + return out; + } + + //Getters + public function getID(){ + return $this->ID; + } + + public function getName(){ + return $this->name; + } + + public function getOwner(){ + return $this->owner; + } + + public function getSecondaryOwners(){ + return $this->secondaryOwners; + } + + public function getDateCreation(){ + return $this->dateCreation; + } + +} \ No newline at end of file diff --git a/form.php b/form.php new file mode 100644 index 0000000..7b11501 --- /dev/null +++ b/form.php @@ -0,0 +1,8 @@ + + + + + +
+ + \ No newline at end of file