diff --git a/TODO b/TODO index b21a35f..c91d51c 100755 --- a/TODO +++ b/TODO @@ -1,2 +1,4 @@ * i18n * Vérification des variables dans les classes + throw exception +* tokens + ban system +* TRUNCATE before CREATE TABLE in install.php diff --git a/inc/Storage.class.php b/inc/Storage.class.php index 4f6bfc4..4943486 100644 --- a/inc/Storage.class.php +++ b/inc/Storage.class.php @@ -2,7 +2,6 @@ require_once('config.php'); class Storage { - private $host, $login, $password, $db; private $connection = null; public function __construct() { @@ -81,19 +80,50 @@ class Storage { } } + public function load($fields = NULL) { + $query = 'SELECT '; + $i = false; + foreach($this->fields as $field=>$type) { + if($i) { $query .= ','; } else { $i = true; } + + $query .= $field; + } + $query .= ' FROM '.MYSQL_PREFIX.$this->TABLE_NAME; + + if(!empty($fields) && is_array($fields)) { + $i = true; + foreach($fields as $field=>$value) { + if($i) { $query .= ' WHERE '; $i = false; } else { $query .= ' AND '; } + + $query .= $field.'=:'.$field; + } + } + + $query = $this->connection->prepare($query); + + if(!empty($fields) && is_array($fields)) { + foreach($fields as $field=>$value) { + $query->bindParam(':'.$field, $value); + } + } + + $query->execute(); + + return $query->fetchAll(); + } + public function save() { if(!empty($this->id)) { - $query = 'UPDATE `'.MYSQL_PREFIX.$this->TABLE_NAME.'` SET '; + $query = 'UPDATE '.MYSQL_PREFIX.$this->TABLE_NAME.' SET '; $i = false; foreach($this->fields as $field=>$type) { if($i) { $query .= ','; } else { $i = true; } - $id = $this->$field; - $query .= '`'.$field.'` = "'.$this($id).'"'; + $query .= $field.'=:'.$field; } - $query .= 'WHERE `id`="'.$this->id.'"'; + $query .= 'WHERE id='.$this->id; } else { $query = 'INSERT INTO '.MYSQL_PREFIX.$this->TABLE_NAME.'('; @@ -116,6 +146,7 @@ class Storage { $query .= ')'; } + $query = $this->connection->prepare($query); foreach($this->fields as $field=>$type) { diff --git a/inc/User.class.php b/inc/User.class.php index ef0f10e..1ab3b2d 100644 --- a/inc/User.class.php +++ b/inc/User.class.php @@ -27,13 +27,17 @@ class User extends Storage { public function getAdmin() { return $this->admin; } - + + public function setId($id) { + $this->id = $id; + } + public function setLogin($login) { $this->login = $login; } public function setPassword($password) { - $this->password = User::encrypt($password); + $this->password = $password; } public function setAdmin($admin) { @@ -44,7 +48,33 @@ class User extends Storage { return crypt($text, SALT); } - public function check_password($password) { + public function checkPassword($password) { return User::encrypt($password) == $this->password; } + + public function exists() { + $user_data = $this->load(array('login'=>$this->login)); + if(count($user_data) == 1) { + $this->setAdmin($user_data[0]['admin']); + $this->setPassword($user_data[0]['password']); + + return true; + } + else { + return false; + } + } + + public function sessionStore() { + return serialize(array('id'=>$this->id, 'login'=>$this->login, 'password'=>$this->password, 'admin'=>$this->admin)); + } + + public function sessionRestore($serialized_data) { + $user_data = unserialize($serialized_data); + + $this->setId($user_data['id']); + $this->setLogin($user_data['login']); + $this->setPassword($user_data['password']); + $this->setAdmin($user_data['admin']); + } } diff --git a/inc/config.php b/inc/config.php index a743d0c..aa81090 100644 --- a/inc/config.php +++ b/inc/config.php @@ -7,4 +7,4 @@ define('MYSQL_PREFIX', 'bouffeatulm_'); define('INSTANCE_TITLE', 'Bouffe@Ulm'); define('BASE_URL', 'http://localhost/Bouffe@Ulm/'); - define('SALT', '$2a$10$AXnaxClN4pYlcXGfafGZCA=='); \ No newline at end of file + define('SALT', '$2a$10$Cg7T08hTORaxZgfCua1xyQ=='); \ No newline at end of file diff --git a/inc/header.php b/inc/header.php deleted file mode 100644 index 519818c..0000000 --- a/inc/header.php +++ /dev/null @@ -1,6 +0,0 @@ -assign('instance_title', INSTANCE_TITLE); + + session_start(); + $current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false); + + if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page + header('location: index.php?do=connect'); + } + + if(empty($_GET['do'])) { + $_GET['do'] = ''; + } + + switch($_GET['do']) { + case 'connect': + if($current_user !== false) header('location: index.php'); + if(!empty($_POST['login']) && !empty($_POST['password'])) { + $current_user = new User(); + $current_user->setLogin($_POST['login']); + if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) { + $_SESSION['current_user'] = $current_user->sessionStore(); + header('location: index.php'); + exit(); + } + else { + $error = "Unknown username/password."; + } + } + $tpl->draw('connexion'); + break; + + case 'disconnect': + $current_user = false; + session_destroy(); + header('location: index.php?do=connect'); + exit(); + + default: + + break; + } diff --git a/install.php b/install.php index f867f22..41a6a38 100644 --- a/install.php +++ b/install.php @@ -57,7 +57,7 @@ require_once('inc/User.class.php'); $admin = new User(); $admin->setLogin($_POST['admin_login']); - $admin->setPassword($_POST['admin_password']); + $admin->setPassword($admin->encrypt($_POST['admin_password'])); $admin->setAdmin(true); $admin->save(); header('location: index.php'); diff --git a/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php new file mode 100644 index 0000000..004f015 --- /dev/null +++ b/tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php @@ -0,0 +1,10 @@ +assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?> + + +

- Connexion

+ +
+

+

+

+
diff --git a/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php b/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php new file mode 100644 index 0000000..f1b7c5a --- /dev/null +++ b/tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php @@ -0,0 +1,9 @@ + + + + +<?php echo $instance_title;?> + + + + diff --git a/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php b/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php new file mode 100644 index 0000000..3e9187a --- /dev/null +++ b/tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php @@ -0,0 +1,49 @@ +assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?> + + +

+ + + + + +
+

Qui doit quoi ?

+

Lire ligne doit case€ à colonne. Les liens permettent de confirmer le paiement des dettes.

+ + + + +
Doit\À
+
+
+

Dépenses détaillées du mois actuel

+ + + + + + + + + + + +
DatePayé parParticipantsMontantMenuModifierSupprimer
+
diff --git a/tpl/connexion.html b/tpl/connexion.html new file mode 100644 index 0000000..59914cb --- /dev/null +++ b/tpl/connexion.html @@ -0,0 +1,9 @@ +{include="header"} + +

{$instance_title} - Connexion

+ +
+

+

+

+
diff --git a/tpl/header.html b/tpl/header.html index 7eee2a2..eb88037 100755 --- a/tpl/header.html +++ b/tpl/header.html @@ -2,7 +2,7 @@ -Bouffe@Ulm +{$instance_title} diff --git a/tpl/index.html b/tpl/index.html index b155dd7..048dd28 100755 --- a/tpl/index.html +++ b/tpl/index.html @@ -1,6 +1,6 @@ {include="header"} -

{$title}

+

{$instance_title}

{$notice}