2023-10-22 19:24:59 +02:00
|
|
|
<?php
|
|
|
|
session_start();
|
|
|
|
|
|
|
|
/*
|
|
|
|
status :
|
|
|
|
1 => Requète valide
|
|
|
|
0 => Erreur pendant le traitement de la requète
|
|
|
|
2 => Requète invalide
|
|
|
|
3 => Session expirée
|
|
|
|
4 => Utilisateur non authentifié, requète interdite
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
include("bdd.php");
|
|
|
|
|
2024-01-05 18:28:38 +01:00
|
|
|
include('php-csrf.php');
|
2024-04-06 11:37:53 +02:00
|
|
|
|
2024-01-05 18:28:38 +01:00
|
|
|
$csrf = new CSRF();
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
|
|
|
|
// Get the requested URL
|
|
|
|
$request_uri = $_SERVER['REQUEST_URI'];
|
|
|
|
|
|
|
|
// Split the URL into an array using the '/' delimiter
|
|
|
|
$url_parts = explode('/', $request_uri);
|
|
|
|
|
|
|
|
// Remove empty elements from the array
|
|
|
|
$url_parts = array_filter($url_parts);
|
|
|
|
|
|
|
|
// The first element is the base path (in this case, "/api")
|
|
|
|
$base_path = array_shift($url_parts);
|
|
|
|
|
|
|
|
|
|
|
|
if($_SERVER['REQUEST_METHOD'] === 'GET'){
|
2023-11-10 20:03:46 +01:00
|
|
|
// enlève les variables de requète
|
|
|
|
$endpoint = explode("?",array_pop($url_parts))[0];
|
|
|
|
|
|
|
|
switch($endpoint){
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
|
2023-11-10 20:03:46 +01:00
|
|
|
case 'rechercher':
|
2023-12-03 16:30:07 +01:00
|
|
|
|
2023-11-10 20:03:46 +01:00
|
|
|
// Exemple URL: /api.php/chercher?req=math&duree=30&themes=algebre,geometrie
|
2023-12-03 16:30:07 +01:00
|
|
|
|
2023-11-10 20:03:46 +01:00
|
|
|
$query = isset($_GET["req"]) ? $_GET["req"] : "";
|
|
|
|
$length = isset($_GET["duree"]) ? $_GET["duree"] : "";
|
|
|
|
$themes = isset($_GET["themes"]) ? explode(",", $_GET["themes"]) : [];
|
|
|
|
//print_r($_GET);
|
|
|
|
try {
|
|
|
|
$results = RechercheExercices($query, $length, $themes);
|
|
|
|
echo json_encode(["status" => "1", "resultats" => $results]);
|
|
|
|
} catch (Exception $e) {
|
|
|
|
echo json_encode(["status" => "0", "msg" => $e->getMessage()]);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
break;
|
2023-12-23 21:42:28 +01:00
|
|
|
|
|
|
|
case 'decomposer_ensemble':
|
|
|
|
|
|
|
|
// Récupération de l'ID de l'ensemble et du thème depuis l'URL ou autrement
|
|
|
|
$ensembleId = isset($_GET['ensemble_id']) ? intval($_GET['ensemble_id']) : '';
|
|
|
|
|
|
|
|
// Vérification de la validité de l'ID de l'ensemble
|
|
|
|
if (!empty($ensembleId)) {
|
|
|
|
// Préparation de la requête SQL pour obtenir les informations sur l'ensemble
|
|
|
|
$sqlEnsemble = 'SELECT * FROM ensembles WHERE id = ?';
|
|
|
|
$stmtEnsemble = $conn->prepare($sqlEnsemble);
|
|
|
|
$stmtEnsemble->bind_param('i', $ensembleId);
|
|
|
|
$stmtEnsemble->execute();
|
|
|
|
$resultEnsemble = $stmtEnsemble->get_result();
|
|
|
|
$ensemble = $resultEnsemble->fetch_assoc();
|
|
|
|
|
|
|
|
if ($ensemble && $ensemble['valide'] == true) {
|
|
|
|
|
|
|
|
// Préparation de la requête SQL pour obtenir les informations sur les exercices sélectionnés
|
|
|
|
$sqlDocu = "SELECT * FROM documents WHERE ensemble_id=?";
|
|
|
|
$stmtDocu = $conn->prepare($sqlDocu);
|
|
|
|
$stmtDocu->bind_param('i', $ensembleId);
|
|
|
|
$stmtDocu->execute();
|
|
|
|
$resultDocu = $stmtDocu->get_result();
|
|
|
|
|
|
|
|
$ensemble["documents"] = array();
|
|
|
|
|
|
|
|
while ($doc = $resultDocu->fetch_assoc()) {
|
|
|
|
|
|
|
|
switch ($doc['type']) {
|
|
|
|
case 1:
|
|
|
|
|
|
|
|
// on va maintenant prendre chaque exercice un par un
|
|
|
|
// et afficher les bonnes infos :
|
|
|
|
|
|
|
|
$sqlExos = "SELECT * FROM exercices WHERE document_id=?";
|
|
|
|
$stmtExos = $conn->prepare($sqlExos);
|
|
|
|
|
|
|
|
$stmtExos->bind_param('i', $doc["id"]);
|
|
|
|
$stmtExos->execute();
|
|
|
|
$resultExos = $stmtExos->get_result();
|
|
|
|
$doc["exercices"] = array();
|
|
|
|
|
|
|
|
while ($exo = $resultExos->fetch_assoc()) {
|
|
|
|
array_push($doc["exercices"],$exo);
|
|
|
|
}
|
|
|
|
|
|
|
|
array_push($ensemble["documents"],$doc);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
echo(json_encode(["status"=>"1","msg"=>$ensemble]));
|
|
|
|
|
|
|
|
|
|
|
|
}else{
|
|
|
|
echo(json_encode(['status'=> '2','msg'=> "Vous devez spécifier un indetifiant d'ensemble valide dans votre requête."]));
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
}else{
|
|
|
|
echo(json_encode(['status'=> '2','msg'=> "Vous devez spécifier un indetifiant d'ensemble dans votre requête."]));
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2024-01-01 17:53:53 +01:00
|
|
|
case "generer_chronologie":
|
|
|
|
|
|
|
|
try{
|
|
|
|
|
|
|
|
$res = generer_chronologie();
|
|
|
|
|
|
|
|
echo(json_encode(["status"=>"1","resultats"=>$res]));
|
|
|
|
|
|
|
|
}catch(Exception $e){
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
2023-11-10 20:03:46 +01:00
|
|
|
default:
|
|
|
|
echo(json_encode(['status'=> '2','msg'=> "Ce point d'arrivée n'existe pas dans l'api."]));
|
|
|
|
break;
|
2023-11-01 22:23:40 +01:00
|
|
|
|
2023-12-23 21:42:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
|
2023-11-01 22:23:40 +01:00
|
|
|
}
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if($_SERVER['REQUEST_METHOD'] === 'POST'){
|
2024-07-22 15:37:47 +02:00
|
|
|
|
|
|
|
$user_auth = isset($_SESSION["utilisateur_authentifie"]) && ($_SESSION["utilisateur_authentifie"] == 1);
|
|
|
|
$admin_auth = $user_auth && isset($_SESSION["admin"]) && ($_SESSION["admin"] == 1);
|
2023-10-22 20:01:47 +02:00
|
|
|
switch(array_pop($url_parts)){
|
2023-10-22 19:24:59 +02:00
|
|
|
case "aj_doc":
|
2024-07-22 15:37:47 +02:00
|
|
|
if($user_auth){
|
|
|
|
|
|
|
|
if(!$csrf->validate($context='televersement',$_POST["jeton-csrf"])){
|
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant ou invalide. ( contenu du champ : ".$_POST["jeton-csrf"]." )"]) );
|
|
|
|
break;
|
|
|
|
}
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
try{
|
|
|
|
ajouter_doc($_POST);
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
}catch(Exception $e){
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}else{
|
2024-01-05 18:28:38 +01:00
|
|
|
break;
|
2024-01-16 18:05:45 +01:00
|
|
|
}
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
case "valider_ensemble":
|
2023-10-22 20:01:47 +02:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
if($admin_auth){
|
|
|
|
if(!$csrf->validate($context='valider_ensemble',$_POST["jeton-csrf"])){
|
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant.".$_POST["jeton-csrf"]]) );
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
try{
|
|
|
|
valider_ensemble($_POST["ensemble_id"]);
|
|
|
|
echo(json_encode(["status"=>"1","msg"=>"Ensemble validé."]));
|
|
|
|
}catch(Exception $e){
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
|
|
|
}
|
2023-10-22 20:01:47 +02:00
|
|
|
}
|
2024-07-22 15:37:47 +02:00
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
break;
|
2023-12-03 16:30:07 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
case "supprimer_ensemble":
|
|
|
|
|
|
|
|
if($admin_auth){
|
|
|
|
if(!$csrf->validate($context='supprimer_ensemble',$_POST["jeton-csrf"])){
|
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) );
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
try{
|
|
|
|
supprimer_ensemble($_POST["ensemble_id"]);
|
|
|
|
echo(json_encode(["status"=>"1","msg"=>"Ensemble supprimé."]));
|
|
|
|
}catch(Exception $e){
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
case "connection":
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
if(!$csrf->validate($context='connection',$_POST["jeton-csrf"])){
|
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) );
|
2024-01-05 18:28:38 +01:00
|
|
|
break;
|
|
|
|
}
|
2024-07-22 15:37:47 +02:00
|
|
|
|
|
|
|
$username = $_POST['username'];
|
|
|
|
$password = $_POST['password'];
|
|
|
|
|
|
|
|
$succes = connecter_utilisateur(htmlspecialchars($username),$password);
|
|
|
|
|
|
|
|
if($succes == 1){
|
|
|
|
echo( json_encode(["status"=> "1","msg"=> "Utilisateur connecté !" ]) );
|
|
|
|
}else{
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> "Utilisateur inconnu ou informations d'identification erronées." ]) );
|
2023-12-03 16:30:07 +01:00
|
|
|
}
|
|
|
|
break;
|
2023-12-23 22:02:14 +01:00
|
|
|
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
case "deconnection":
|
|
|
|
if(!$csrf->validate($context='deconnection',$_POST["jeton-csrf"])){
|
2024-01-05 18:28:38 +01:00
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) );
|
|
|
|
break;
|
|
|
|
}
|
2024-07-22 15:37:47 +02:00
|
|
|
session_destroy();
|
|
|
|
echo( json_encode(["status"=> "1","msg"=> "Utilisateur déconnecté !" ]) );
|
|
|
|
break;
|
2024-01-05 18:28:38 +01:00
|
|
|
|
2024-07-22 15:37:47 +02:00
|
|
|
case "inscription":
|
|
|
|
|
|
|
|
if(!$csrf->validate($context='inscription',$_POST["jeton-csrf"])){
|
|
|
|
echo( json_encode(["status"=> "2","msg"=>"jeton csrf manquant." ]) );
|
|
|
|
break;
|
2023-12-23 22:02:14 +01:00
|
|
|
}
|
2024-07-22 15:37:47 +02:00
|
|
|
|
|
|
|
$username = $_POST['username'];
|
|
|
|
$password = $_POST['password'];
|
|
|
|
|
|
|
|
$password_hash = password_hash($password, PASSWORD_DEFAULT);
|
|
|
|
|
|
|
|
$succes = inscription_utilisateur(htmlspecialchars($username),$password_hash);
|
|
|
|
|
|
|
|
if($succes == 1){
|
|
|
|
echo( json_encode(["status"=> "1","msg"=> "Utilisateur inscrit !" ]) );
|
|
|
|
}else{
|
|
|
|
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) );
|
|
|
|
}
|
|
|
|
|
2023-12-23 22:02:14 +01:00
|
|
|
break;
|
2024-07-22 15:37:47 +02:00
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
default:
|
|
|
|
echo(json_encode(["status"=> "2","msg"=> "Opération inconnue."]));
|
|
|
|
}
|
2023-11-01 22:23:40 +01:00
|
|
|
|
|
|
|
exit;
|
2023-10-22 19:24:59 +02:00
|
|
|
|
|
|
|
}
|
2024-07-22 15:37:47 +02:00
|
|
|
|
|
|
|
|
2023-10-22 19:24:59 +02:00
|
|
|
?>
|