modif tp4

Tp4/adduser.php

@@ -5,13 +5,6 @@
         header('Location: signup.php');
         exit();
     }
-    try {
-        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
-
-    }
-    catch(PDOException $e) {
-        exit();
-    }
     
     if (!isset($_POST['login'], $_POST['passwd'], $_POST['passwdconf'])) {
         header('Location: signup.php');
@@ -30,15 +23,17 @@
         header('Location: signup.php');
         exit();
     }
-    
-    $req = $pdo->prepare('INSERT INTO Users (login, passwd) VALUES (:login, :passwd)');
-    $req->bindValue(':login', $login, PDO::PARAM_STR);
-    $req->bindValue(':passwd', password_hash($passwd, PASSWORD_DEFAULT), PDO::PARAM_STR);
-    if ($req->execute()) {
+
+    try {
+        $user = new User($login, $passwd);
+        $user->create();
         header('Location: signin.php');
-    } else {
-        header('Location: signup.php');
+        exit();
     }
+    catch(Exception $e) {
+        exit();
+    }
+    
     
     
         

Tp4/authenticate.php

@@ -1,37 +1,25 @@
 <?php
     session_start();
-    include_once('bdd.php');
+    require_once('models/User.php');
 
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $login = htmlspecialchars($_POST['login']);
         $passwd = htmlspecialchars($_POST['passwd']);
         try {
-            $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
-
-        }
-        catch(PDOException $e) {
-            $_SESSION['message'] = $e->getMessage();
-            header('Location: signin.php');
-            exit();
-        }
-        
-        $req = $pdo->prepare('SELECT passwd from Users WHERE login = :login');
-        $req->bindValue(':login', $login, PDO::PARAM_STR);
-        $req->execute();
-        $count = $req->rowCount();
-        if ($count == 0) {
-            header('Location: signin.php');
-            exit();
-        }
-        foreach ($req as $row) {
-            if (!password_verify($passwd, $row['passwd'])) {
+            $user = new User($login, $passwd);
+            if (!$user->exists()) {
                 header('Location: signin.php');
                 $_SESSION['message'] = 'Bad password';
                 exit();
             }
+            $_SESSION['login'] = $login;
+            header('Location: welcome.php');
+        }
+        catch(Exception $e) {
+            $_SESSION['message'] = $e->getMessage();
+            header('Location: signin.php');
+            exit();
         }
-        $_SESSION['login'] = $login;
-        header('Location: welcome.php');
     } else {
         header('Location: signin.php');
     }

Tp4/changepassword.php

@@ -25,24 +25,14 @@
         exit();
     }
     
-    include_once('bdd.php');
-    
     try {
-        $pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+        $user = new User($_SESSION['login'], $passwd);
+        $user->changePassword();
+        header('Location: welcome.php');
+        exit();
     }
-    catch (PDOException $e) {
+    catch (Exception $e) {
         $_SESSION['message'] = $e->getMessage();
         header('Location: signin.php');
         exit();
     }
-    
-    $req = $pdo->prepare('UPDATE Users SET passwd = :passwd WHERE login = :login');
-    $req->bindValue(':passwd', password_hash($passwd, PASSWORD_DEFAULT));
-    $req->bindValue(':login', $_SESSION['login']);
-    if ($req->execute()) {
-        header('Location: welcome.php');
-        exit();
-    } else {
-        header('Location: formpassword.php');
-        exit();
-    }

Tp4/models/MyPDO.php

@@ -0,0 +1,16 @@
+<?php
+
+require_once('bdd.php');
+
+class MyPDO
+{
+    private static $_pdo = null;
+
+    private function __construct() {}
+
+	public static function pdo() : PDO {
+        if ( self::$_pdo == null )
+            self::$_pdo = new PDO(SQL_DSN, SQL_USERNAME, SQL_PASSWORD);
+        return self::$_pdo;
+	}
+}

Tp4/models/User.php

@@ -0,0 +1,73 @@
+<?php
+  require_once('MyPDO.php');
+  class  User {
+      private $_login;
+      private $_password;
+      private const USER_TABLE = "Users";
+
+      function getLogin() : string {
+          return $this->_login;
+      }
+
+      function getPassword() : string {
+         return $this->_password; 
+      }
+
+      function setLogin(string $login) : void {
+          $this->_login = $login;
+      }
+
+      function setPassword(string $password) : void {
+          $this->_password = $password;
+      }
+
+      function __construct(string $login, string $password = null) {
+          $this->_login = $login;
+          $this->_password = $password;
+      } 
+
+      function __destruct() {
+
+      }
+
+      function exists() : bool {
+          $pdo = MyPDO::pdo();
+          $req = $pdo->prepare('SELECT passwd FROM ' . self::USER_TABLE . ' WHERE login = :login');
+          $req->bindValue(':login', $this->getLogin(), PDO::PARAM_STR);
+          if (!$req->execute()) {
+            throw new Exception('Problème requête');
+          }
+          if ($req->rowCount() == 0) {
+            return false;
+          }
+          $res = $req->fetch();
+          if (!password_verify($this->getPassword(), $res['passwd'])) {
+            return false;
+          }
+
+          return true;
+
+      }
+
+      function create() : void {
+          $pdo = MyPDO::pdo();
+          $req = $pdo->prepare('INSERT INTO ' . self::USER_TABLE . ' (login, passwd) VALUES (:login, :passwd)');
+          $req->bindValue(':login', $this->getLogin(), PDO::PARAM_STR);
+          $req->bindValue(':passwd', password_hash($this->getPassword(), PASSWORD_DEFAULT), PDO::PARAM_STR);
+          if (!$req->execute()) {
+              throw new Exception('Problème requête');
+          }
+      }
+
+      function changePassword() : void {
+          $pdo = MyPDO::pdo();
+          $req = $pdo->prepare('UPDATE ' . self::USER_TABLE . ' SET passwd = :passwd WHERE login = :login');
+          $req->bindValue(':passwd', password_hash($this->getPassword(), PASSWORD_DEFAULT));
+          $req->bindValue(':login', $this->getLogin());
+          if (!$req->execute()) {
+            throw new Exception('Problème requête');
+          }
+
+      }
+
+    }