2023-10-22 19:24:59 +02:00
< ? php
session_start ();
/*
status :
1 => Requète valide
0 => Erreur pendant le traitement de la requète
2 => Requète invalide
3 => Session expirée
4 => Utilisateur non authentifié , requète interdite
*/
include ( " bdd.php " );
2024-01-05 18:28:38 +01:00
include ( 'php-csrf.php' );
2024-08-15 23:57:12 +02:00
include_once ( " utils/sendmail.php " );
include_once ( " utils/token.php " );
include_once ( " utils/inputs.php " );
2024-04-06 11:37:53 +02:00
2024-01-05 18:28:38 +01:00
$csrf = new CSRF ();
2023-10-22 19:24:59 +02:00
// Get the requested URL
$request_uri = $_SERVER [ 'REQUEST_URI' ];
// Split the URL into an array using the '/' delimiter
$url_parts = explode ( '/' , $request_uri );
// Remove empty elements from the array
$url_parts = array_filter ( $url_parts );
// The first element is the base path (in this case, "/api")
$base_path = array_shift ( $url_parts );
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'GET' ){
2023-11-10 20:03:46 +01:00
// enlève les variables de requète
$endpoint = explode ( " ? " , array_pop ( $url_parts ))[ 0 ];
switch ( $endpoint ){
2023-11-01 22:23:40 +01:00
2023-11-10 20:03:46 +01:00
case 'rechercher' :
2023-12-03 16:30:07 +01:00
2023-11-10 20:03:46 +01:00
// Exemple URL: /api.php/chercher?req=math&duree=30&themes=algebre,geometrie
2023-12-03 16:30:07 +01:00
2023-11-10 20:03:46 +01:00
$query = isset ( $_GET [ " req " ]) ? $_GET [ " req " ] : " " ;
$length = isset ( $_GET [ " duree " ]) ? $_GET [ " duree " ] : " " ;
$themes = isset ( $_GET [ " themes " ]) ? explode ( " , " , $_GET [ " themes " ]) : [];
2024-08-10 16:22:21 +02:00
$tout_les_insa = isset ( $_GET [ " tout_les_insa " ]) ? true : false ;
2023-11-10 20:03:46 +01:00
//print_r($_GET);
try {
2024-08-10 16:22:21 +02:00
$results = RechercheExercices ( $query , $length , $themes , $tout_les_insa );
2023-11-10 20:03:46 +01:00
echo json_encode ([ " status " => " 1 " , " resultats " => $results ]);
} catch ( Exception $e ) {
echo json_encode ([ " status " => " 0 " , " msg " => $e -> getMessage ()]);
}
break ;
2023-12-23 21:42:28 +01:00
case 'decomposer_ensemble' :
// Récupération de l'ID de l'ensemble et du thème depuis l'URL ou autrement
$ensembleId = isset ( $_GET [ 'ensemble_id' ]) ? intval ( $_GET [ 'ensemble_id' ]) : '' ;
// Vérification de la validité de l'ID de l'ensemble
if ( ! empty ( $ensembleId )) {
// Préparation de la requête SQL pour obtenir les informations sur l'ensemble
$sqlEnsemble = 'SELECT * FROM ensembles WHERE id = ?' ;
$stmtEnsemble = $conn -> prepare ( $sqlEnsemble );
$stmtEnsemble -> bind_param ( 'i' , $ensembleId );
$stmtEnsemble -> execute ();
$resultEnsemble = $stmtEnsemble -> get_result ();
$ensemble = $resultEnsemble -> fetch_assoc ();
if ( $ensemble && $ensemble [ 'valide' ] == true ) {
// Préparation de la requête SQL pour obtenir les informations sur les exercices sélectionnés
$sqlDocu = " SELECT * FROM documents WHERE ensemble_id=? " ;
$stmtDocu = $conn -> prepare ( $sqlDocu );
$stmtDocu -> bind_param ( 'i' , $ensembleId );
$stmtDocu -> execute ();
$resultDocu = $stmtDocu -> get_result ();
$ensemble [ " documents " ] = array ();
while ( $doc = $resultDocu -> fetch_assoc ()) {
switch ( $doc [ 'type' ]) {
case 1 :
// on va maintenant prendre chaque exercice un par un
// et afficher les bonnes infos :
$sqlExos = " SELECT * FROM exercices WHERE document_id=? " ;
$stmtExos = $conn -> prepare ( $sqlExos );
$stmtExos -> bind_param ( 'i' , $doc [ " id " ]);
$stmtExos -> execute ();
$resultExos = $stmtExos -> get_result ();
$doc [ " exercices " ] = array ();
while ( $exo = $resultExos -> fetch_assoc ()) {
array_push ( $doc [ " exercices " ], $exo );
}
array_push ( $ensemble [ " documents " ], $doc );
break ;
}
}
echo ( json_encode ([ " status " => " 1 " , " msg " => $ensemble ]));
} else {
echo ( json_encode ([ 'status' => '2' , 'msg' => " Vous devez spécifier un indetifiant d'ensemble valide dans votre requête. " ]));
}
} else {
echo ( json_encode ([ 'status' => '2' , 'msg' => " Vous devez spécifier un indetifiant d'ensemble dans votre requête. " ]));
}
break ;
2024-01-01 17:53:53 +01:00
case " generer_chronologie " :
2024-09-09 17:12:47 +02:00
if ( isset ( $_SESSION [ " utilisateur_authentifie " ]) && ( $_SESSION [ " utilisateur_authentifie " ] == 1 )){
2024-01-01 17:53:53 +01:00
2024-09-09 17:12:47 +02:00
try {
$res = generer_chronologie ();
echo ( json_encode ([ " status " => " 1 " , " resultats " => $res ]));
} catch ( Exception $e ){
echo ( json_encode ([ " status " => " 0 " , " msg " => $e -> getMessage () ]) );
}
} else {
echo ( json_encode ([ " status " => " 1 " , " resultats " => []]));
2024-01-01 17:53:53 +01:00
}
break ;
2024-08-15 23:57:12 +02:00
case " verification_inscription " :
$succes = isset ( $_GET [ " token " ]);
if ( ! $succes ){
return $succes ;
}
$token = htmlspecialchars ( $_GET [ " token " ]);
$succes = verifier_utilisateur ( $token );
if ( $succes ){
2024-08-16 00:02:43 +02:00
header ( " Location: /utilisateur_valide.php " );
2024-08-15 23:57:12 +02:00
//echo( json_encode(["status"=> 1,"msg"=> "Utilisateur verifié !" ]) );
} else {
echo ( json_encode ([ " status " => " 0 " , " msg " => " Une erreur est survenue lors de votre vérification ou vous avez essayé de modifier le contenu de la requête :/ " ]) );
}
break ;
2023-11-10 20:03:46 +01:00
default :
echo ( json_encode ([ 'status' => '2' , 'msg' => " Ce point d'arrivée n'existe pas dans l'api. " ]));
break ;
2023-11-01 22:23:40 +01:00
2023-12-23 21:42:28 +01:00
2023-11-01 22:23:40 +01:00
}
2023-10-22 19:24:59 +02:00
}
if ( $_SERVER [ 'REQUEST_METHOD' ] === 'POST' ){
2024-07-22 15:37:47 +02:00
$user_auth = isset ( $_SESSION [ " utilisateur_authentifie " ]) && ( $_SESSION [ " utilisateur_authentifie " ] == 1 );
$admin_auth = $user_auth && isset ( $_SESSION [ " admin " ]) && ( $_SESSION [ " admin " ] == 1 );
2023-10-22 20:01:47 +02:00
switch ( array_pop ( $url_parts )){
2023-10-22 19:24:59 +02:00
case " aj_doc " :
2024-07-22 15:37:47 +02:00
if ( $user_auth ){
2024-08-10 16:22:21 +02:00
/* if ( ! $csrf -> validate ( $context = 'televersement' , $_POST [ " jeton-csrf " ])){
2024-07-22 15:37:47 +02:00
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant ou invalide. ( contenu du champ : " . $_POST [ " jeton-csrf " ] . " ) " ]) );
break ;
2024-08-10 16:22:21 +02:00
} */
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
try {
ajouter_doc ( $_POST );
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
} catch ( Exception $e ){
echo ( json_encode ([ " status " => " 0 " , " msg " => $e -> getMessage () ]) );
}
break ;
} else {
2024-01-05 18:28:38 +01:00
break ;
2024-01-16 18:05:45 +01:00
}
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
case " valider_ensemble " :
2023-10-22 20:01:47 +02:00
2024-07-22 15:37:47 +02:00
if ( $admin_auth ){
if ( ! $csrf -> validate ( $context = 'valider_ensemble' , $_POST [ " jeton-csrf " ])){
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant. " . $_POST [ " jeton-csrf " ]]) );
break ;
}
try {
valider_ensemble ( $_POST [ " ensemble_id " ]);
echo ( json_encode ([ " status " => " 1 " , " msg " => " Ensemble validé. " ]));
} catch ( Exception $e ){
echo ( json_encode ([ " status " => " 0 " , " msg " => $e -> getMessage () ]) );
}
2023-10-22 20:01:47 +02:00
}
2024-07-22 15:37:47 +02:00
2023-10-22 19:24:59 +02:00
break ;
2023-12-03 16:30:07 +01:00
2024-07-22 15:37:47 +02:00
case " supprimer_ensemble " :
if ( $admin_auth ){
if ( ! $csrf -> validate ( $context = 'supprimer_ensemble' , $_POST [ " jeton-csrf " ])){
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant. " ]) );
break ;
}
try {
supprimer_ensemble ( $_POST [ " ensemble_id " ]);
echo ( json_encode ([ " status " => " 1 " , " msg " => " Ensemble supprimé. " ]));
} catch ( Exception $e ){
echo ( json_encode ([ " status " => " 0 " , " msg " => $e -> getMessage () ]) );
}
}
break ;
case " connection " :
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
if ( ! $csrf -> validate ( $context = 'connection' , $_POST [ " jeton-csrf " ])){
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant. " ]) );
2024-01-05 18:28:38 +01:00
break ;
}
2024-07-22 15:37:47 +02:00
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
$succes = connecter_utilisateur ( htmlspecialchars ( $username ), $password );
2024-08-15 23:57:12 +02:00
2024-07-22 17:55:09 +02:00
if ( $succes ){
2024-07-22 15:37:47 +02:00
echo ( json_encode ([ " status " => " 1 " , " msg " => " Utilisateur connecté ! " ]) );
} else {
2024-08-15 23:57:12 +02:00
echo ( json_encode ([ " status " => " 0 " , " msg " => " Utilisateur inconnu, non vérifié par mel ou informations d'identification erronées. " ]) );
2023-12-03 16:30:07 +01:00
}
break ;
2023-12-23 22:02:14 +01:00
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
case " deconnection " :
if ( ! $csrf -> validate ( $context = 'deconnection' , $_POST [ " jeton-csrf " ])){
2024-01-05 18:28:38 +01:00
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant. " ]) );
break ;
}
2024-07-22 15:37:47 +02:00
session_destroy ();
echo ( json_encode ([ " status " => " 1 " , " msg " => " Utilisateur déconnecté ! " ]) );
break ;
2024-01-05 18:28:38 +01:00
2024-07-22 15:37:47 +02:00
case " inscription " :
2024-08-15 23:57:12 +02:00
2024-07-22 15:37:47 +02:00
if ( ! $csrf -> validate ( $context = 'inscription' , $_POST [ " jeton-csrf " ])){
echo ( json_encode ([ " status " => " 2 " , " msg " => " jeton csrf manquant. " ]) );
break ;
2023-12-23 22:02:14 +01:00
}
2024-07-22 15:37:47 +02:00
$username = $_POST [ 'username' ];
$password = $_POST [ 'password' ];
2024-08-10 16:22:21 +02:00
$nom_insa = $_POST [ 'nom_insa' ];
2024-07-22 15:37:47 +02:00
2024-08-15 23:57:12 +02:00
$username = assainir_et_valider_mel ( $username );
if ( $username == " [ERREUR_MEL_MALSAINT] " ){
echo ( json_encode ([ " status " => " 2 " , " msg " => " Votre adresse mel n'a pas passé les filtres de sécurité :/ ( MOUAHAHAHAHA ) " ]));
break ;
}
2024-07-22 15:37:47 +02:00
$password_hash = password_hash ( $password , PASSWORD_DEFAULT );
2024-08-15 23:57:12 +02:00
$token = inscription_utilisateur ( htmlspecialchars ( $username ), $password_hash , $nom_insa );
$succes = $token != " [ERREUR] " ;
if ( $succes ){
$mailtest = new Mail ();
$mailtest -> setContent (
" Inscription sur Arch'INSA " ,
2024-09-09 17:12:47 +02:00
" https://annales.insat.fr/api.php/verification_inscription?token= " . $token ,
2024-08-15 23:57:12 +02:00
" Salut Salut !! " ,
" La validation du compte permettra de vous connecter et de publier du contenu sur Arch'INSA :D " ,
);
2024-09-09 17:12:47 +02:00
if ( ! $mailtest -> send ( $username , " Eh toi là ! " )) {
2024-08-15 23:57:12 +02:00
echo $mailtest -> getError (); //si le mail n'a pas été envoyé
$succes = false ;
}
}
2024-07-22 17:55:09 +02:00
if ( $succes ){
2024-08-15 23:57:12 +02:00
echo ( json_encode ([ " status " => 1 , " msg " => " Pour finaliser l'inscription et pouvoir vous connecter, veuillez valider votre compte via le mel que nous vous avons envoyé :) " ]) );
2024-07-22 15:37:47 +02:00
} else {
2024-08-15 23:57:12 +02:00
echo ( json_encode ([ " status " => 0 , " msg " => " Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/ " ]) );
2024-07-22 15:37:47 +02:00
}
2023-12-23 22:02:14 +01:00
break ;
2024-07-22 15:37:47 +02:00
2023-10-22 19:24:59 +02:00
default :
echo ( json_encode ([ " status " => " 2 " , " msg " => " Opération inconnue. " ]));
}
2023-11-01 22:23:40 +01:00
exit ;
2023-10-22 19:24:59 +02:00
}
2024-07-22 15:37:47 +02:00