ajout tp4

Tp4/adduser.php

@@ -0,0 +1,44 @@
+<?php
+    include_once('bdd.php');
+
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        header('Location: signup.php');
+        exit();
+    }
+    try {
+        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+
+    }
+    catch(PDOException $e) {
+        exit();
+    }
+    
+    if (!isset($_POST['login'], $_POST['passwd'], $_POST['passwdconf'])) {
+        header('Location: signup.php');
+        exit();
+    }
+    if (empty($_POST['login']) || empty($_POST['passwd']) || empty($_POST['passwdconf'])) {
+        header('Location: signup.php');
+        exit();
+    }
+    
+    $login = htmlspecialchars($_POST['login']);
+    $passwd = htmlspecialchars($_POST['passwd']);
+    $passwdconf = htmlspecialchars($_POST['passwdconf']);
+    
+    if ($passwd != $passwdconf) {
+        header('Location: signup.php');
+        exit();
+    }
+    
+    $req = $pdo->prepare('INSERT INTO Users (login, passwd) VALUES (:login, :passwd)');
+    $req->bindValue(':login', $login, PDO::PARAM_STR);
+    $req->bindValue(':passwd', password_hash($passwd, PASSWORD_DEFAULT), PDO::PARAM_STR);
+    if ($req->execute()) {
+        header('Location: signin.php');
+    } else {
+        header('Location: signup.php');
+    }
+    
+    
+        

Tp4/authenticate.php

@@ -0,0 +1,37 @@
+<?php
+    session_start();
+    include_once('bdd.php');
+
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+        $login = htmlspecialchars($_POST['login']);
+        $passwd = htmlspecialchars($_POST['passwd']);
+        try {
+            $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+
+        }
+        catch(PDOException $e) {
+            $_SESSION['message'] = $e->getMessage();
+            header('Location: signin.php');
+            exit();
+        }
+        
+        $req = $pdo->prepare('SELECT passwd from Users WHERE login = :login');
+        $req->bindValue(':login', $login, PDO::PARAM_STR);
+        $req->execute();
+        $count = $req->rowCount();
+        if ($count == 0) {
+            header('Location: signin.php');
+            exit();
+        }
+        foreach ($req as $row) {
+            if (!password_verify($passwd, $row['passwd'])) {
+                header('Location: signin.php');
+                $_SESSION['message'] = 'Bad password';
+                exit();
+            }
+        }
+        $_SESSION['login'] = $login;
+        header('Location: welcome.php');
+    } else {
+        header('Location: signin.php');
+    }

Tp4/bdd.php

@@ -0,0 +1,4 @@
+<?php
+const SQL_DSN = 'mysql:host=mysql.iutrs.unistra.fr;dbname=w31clem';
+const SQL_USERNAME = 'clement.krebs';
+const SQL_PASSWORD = '3pfc1i7n';

Tp4/changepassword.php

@@ -0,0 +1,48 @@
+<?php
+    session_start();
+    if (!isset($_SESSION['login'])){
+        header('Location: signin.php');
+        exit();
+    }
+    if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+        header('Location: signin.php');
+        exit();
+    }
+    if (!isset($_POST['passwd'], $_POST['passwdconf'])) {
+        header('Location: signin.php');
+        exit();
+    }
+    if (empty($_POST['passwd']) || empty($_POST['passwdconf'])) {
+        header('Location: signin.php');
+        exit();
+    }
+    
+    $passwd = htmlspecialchars($_POST['passwd']);
+    $passwdconf = htmlspecialchars($_POST['passwdconf']);
+    
+    if ($passwd != $passwdconf) {
+        header('Location: signin.php');
+        exit();
+    }
+    
+    include_once('bdd.php');
+    
+    try {
+        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+    }
+    catch (PDOException $e) {
+        $_SESSION['message'] = $e->getMessage();
+        header('Location: signin.php');
+        exit();
+    }
+    
+    $req = $pdo->prepare('UPDATE Users SET passwd = :passwd WHERE login = :login');
+    $req->bindValue(':passwd', password_hash($passwd, PASSWORD_DEFAULT));
+    $req->bindValue(':login', $_SESSION['login']);
+    if ($req->execute()) {
+        header('Location: welcome.php');
+        exit();
+    } else {
+        header('Location: formpassword.php');
+        exit();
+    }

Tp4/deleteuser.php

@@ -0,0 +1,27 @@
+<?php
+    session_start();
+    if (!isset($_SESSION['login'])) {
+        header('Location: signin.php');
+    }
+    
+
+    include_once('bdd.php');
+    try {
+        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+    }
+    catch (PDOException $e) {
+        $_SESSION['message'] = $e->getMessage();
+        header('Location: signin.php');
+        exit();
+    }
+    
+    $req = $pdo->prepare('DELETE FROM Users WHERE login = :login');
+    $req->bindValue(':login', $_SESSION['login']);
+    
+    if ($req->execute()) {
+        header('Location: signin.php');
+        exit();
+    } else {
+        header('Location: welcome.php');
+        exit();
+    }

Tp4/formpassword.php

@@ -0,0 +1,34 @@
+<?php
+session_start();
+if (!isset($_SESSION['login'])) {
+    header('Location: signin.php');
+    exit();
+}
+?>
+
+<!doctype html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <title>Tp 1</title>
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+  <link rel="stylesheet" type="text/css" href="style.css">
+</head>
+<body>
+
+    <p>Salut changement mot de passe</p>
+    
+    <form action="changepassword.php" method="post">
+        <div class="form-group">
+            nouveau mot de passe :<br>
+            <input type="text" class="form-control" name="passwd"><br>
+        </div>
+        <div class="form-group">
+            encore :<br>
+            <input type="password" class="form-control" name="passwdconf"><br>
+        </div>
+        <input type="submit" class="btn btn-primary" value="ok">
+    </form>
+
+</body>
+</html>

Tp4/signin.php

@@ -0,0 +1,33 @@
+<!doctype html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <title>Tp 1</title>
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+  <link rel="stylesheet" type="text/css" href="style.css">
+</head>
+<body>
+
+    <p>Salut</p>
+    
+    <form action="authenticate.php" method="post">
+        <div class="form-group">
+            login :<br>
+            <input type="text" class="form-control" name="login"><br>
+        </div>
+        <div class="form-group">
+            password :<br>
+            <input type="password" class="form-control" name="passwd"><br>
+        </div>
+        <input type="submit" class="btn btn-primary" value="Log in">
+    </form>
+    <?php 
+        session_start();
+        if (isset($_SESSION['message'])) {
+            echo('<section> error : ' . $_SESSION['message'] . '</section>');
+            unset($_SESSION['message']);
+        }
+    ?>
+
+</body>
+</html>

Tp4/signout.php

@@ -0,0 +1,4 @@
+<?php
+    session_start();
+    session_destroy();
+    header('Location: signin.php');

Tp4/signup.php

@@ -0,0 +1,30 @@
+<!doctype html>
+<html lang="fr">
+<head>
+  <meta charset="utf-8">
+  <title>Tp 1</title>
+  <link rel="stylesheet" href="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
+  <link rel="stylesheet" type="text/css" href="style.css">
+</head>
+<body>
+
+    <p>Salut inscription</p>
+    
+    <form action="adduser.php" method="post">
+        <div class="form-group">
+            login :<br>
+            <input type="text" class="form-control" name="login"><br>
+        </div>
+        <div class="form-group">
+            password :<br>
+            <input type="password" class="form-control" name="passwd"><br>
+        </div>
+        <div class="form-group">
+            password confirmation :<br>
+            <input type="password" class="form-control" name="passwdconf"><br>
+        </div>
+        <input type="submit" class="btn btn-primary" value="Log in">
+    </form>
+
+</body>
+</html>

Tp4/welcome.php

@@ -0,0 +1,14 @@
+<?php
+    session_start();
+    if (isset($_SESSION['login'])) {
+        echo('Salut ' . $_SESSION['login']);
+        echo('<form action="signout.php" method="post">');
+        echo('<input type="submit" value="Sign out">');
+        echo('</form>');
+    } else {
+        header('Location: signin.php');
+        exit();
+    }
+?>
+<a href="formpassword.php">Changer mot de passe</a>
+<a href="deleteuser.php">Supprimer compte</a>