quelques patch
This commit is contained in:
parent
742f957900
commit
0796d64cd3
10 changed files with 43 additions and 28 deletions
10
api.php
10
api.php
|
@ -131,6 +131,9 @@
|
|||
|
||||
case "generer_chronologie":
|
||||
|
||||
|
||||
if(isset($_SESSION["utilisateur_authentifie"]) && ($_SESSION["utilisateur_authentifie"] == 1)){
|
||||
|
||||
try{
|
||||
|
||||
$res = generer_chronologie();
|
||||
|
@ -140,7 +143,10 @@
|
|||
}catch(Exception $e){
|
||||
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
||||
}
|
||||
}else{
|
||||
echo(json_encode(["status"=>"1","resultats"=>[]]));
|
||||
|
||||
}
|
||||
break;
|
||||
|
||||
|
||||
|
@ -297,11 +303,11 @@
|
|||
$mailtest = new Mail();
|
||||
$mailtest->setContent(
|
||||
"Inscription sur Arch'INSA",
|
||||
"https://127.0.0.1/archinsa/api.php/verification_inscription?token=".$token,
|
||||
"https://annales.insat.fr/api.php/verification_inscription?token=".$token,
|
||||
"Salut Salut !!",
|
||||
"La validation du compte permettra de vous connecter et de publier du contenu sur Arch'INSA :D",
|
||||
);
|
||||
if(!$mailtest->send("mougnibas@insa-toulouse.fr", "Eh toi là !")) {
|
||||
if(!$mailtest->send($username, "Eh toi là !")) {
|
||||
echo $mailtest->getError(); //si le mail n'a pas été envoyé
|
||||
$succes = false;
|
||||
}
|
||||
|
|
18
bdd.php
18
bdd.php
|
@ -33,14 +33,15 @@ $pdf_extensions = ['pdf'];
|
|||
$presentation_extensions = ['ppt', 'pptx','odp','pptm','ppsx'];
|
||||
|
||||
// pour les fonctions speciales comme les quiz html...
|
||||
$ext_speciales = ["html"];
|
||||
$ext_speciales = ["html","sh","txt"];
|
||||
|
||||
// Fusionner les listes en une seule liste
|
||||
$ext_autorisees = array_merge($image_extensions, $pdf_extensions, $presentation_extensions,$ext_speciales);
|
||||
|
||||
function check_ext($filename) {
|
||||
global $ext_autorisees;
|
||||
$extension = pathinfo($filename, PATHINFO_EXTENSION);
|
||||
return in_array(strtolower($extension), $GLOBALS["ext_autorisees"]);
|
||||
return in_array(strtolower($extension), $ext_autorisees);
|
||||
}
|
||||
|
||||
|
||||
|
@ -58,9 +59,9 @@ function ajouter_doc($request){
|
|||
|
||||
try{
|
||||
$stm = $conn->prepare($sql);
|
||||
$request['commentaire_auteur'] = htmlspecialchars($request["commentaire_auteur"]);
|
||||
$request['commentaire_auteur'] = htmlentities($request["commentaire_auteur"]);
|
||||
$request["corrige_inclu"] = boolval($request["corrige_inclu"]);
|
||||
$request["date_conception"] = htmlspecialchars($request["date_conception"]);
|
||||
$request["date_conception"] = htmlentities($request["date_conception"]);
|
||||
$stm->bind_param("sisi",$request['commentaire_auteur'],$request["corrige_inclu"],$request["date_conception"],$_SESSION["user_id"]);
|
||||
$stm->execute();
|
||||
//$conn->execute_query($sql,array(htmlspecialchars($request['commentaire_auteur']),boolval($request["corrige_inclu"])));
|
||||
|
@ -94,11 +95,15 @@ function saveFilesFromPost($postData,$id_ensemble) {
|
|||
|
||||
|
||||
foreach ($_FILES as $file) {
|
||||
|
||||
// Create a unique filename to avoid overwriting existing files
|
||||
$uniqueFileName = uniqid() . '_' . $fileName;
|
||||
|
||||
// Extract file information
|
||||
if (isset($file['name'])){
|
||||
$fileName = htmlspecialchars($file['name']);
|
||||
if(!check_ext($fileName)){
|
||||
echo(json_encode(["status"=>"0","msg"=>"Error saving file '$uniqueFileName'"]));
|
||||
echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres d'extensions."]));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -107,8 +112,7 @@ function saveFilesFromPost($postData,$id_ensemble) {
|
|||
print_r($file);
|
||||
}
|
||||
|
||||
// Create a unique filename to avoid overwriting existing files
|
||||
$uniqueFileName = uniqid() . '_' . $fileName;
|
||||
|
||||
|
||||
// Define the path to save the file
|
||||
$filePath = $GLOBALS['uploadDir'] . $uniqueFileName;
|
||||
|
|
|
@ -81,12 +81,10 @@
|
|||
============================================
|
||||
</div></a>
|
||||
|
||||
|
||||
<div class="centre-horizontal etaler">
|
||||
<div id="liste_resultats" class="centre-txt">
|
||||
</div>
|
||||
<div>
|
||||
|
||||
</body>
|
||||
<?php
|
||||
include "_partials/_footer.php";
|
||||
|
|
|
@ -27,16 +27,16 @@ session_start();
|
|||
<input class="champ" id="password-input" type="password" name="password" placeholder="Mot de passe" required>
|
||||
|
||||
<h4 class=" centre-txt label-input" for="insa-input">Selectionne ton INSA</h4>
|
||||
<select class="champ" id="insa-input" type="select" name="insa" required>
|
||||
<select class="champ" id="insa-input" type="select" name="insa" required hidden>
|
||||
|
||||
<option value="insa_toulouse">INSA Toulouse <3</option>
|
||||
<option value="insa_lyon">INSA Lyon</option>
|
||||
<!--<option value="insa_lyon">INSA Lyon</option>
|
||||
<option value="insa_rennes">INSA Rennes</option>
|
||||
<option value="insa_cvl">INSA CVL</option>
|
||||
<option value="insa_hdf">INSA HDF</option>
|
||||
<option value="insa_rouen">INSA Rouen</option>
|
||||
<option value="insa_strasbourg">INSA Strasbourg</option>
|
||||
<option value="insa_hdf">INSA HDF</option>
|
||||
<option value="insa_hdf">INSA HDF</option>-->
|
||||
|
||||
</select>
|
||||
|
||||
|
|
|
@ -192,9 +192,9 @@ async function gen_contenu() {
|
|||
card.classList.add('card');
|
||||
|
||||
// Construction du contenu de la carte
|
||||
const idDiv = document.createElement('div');
|
||||
/*const idDiv = document.createElement('div');
|
||||
idDiv.textContent = `ID: ${doc.id}`;
|
||||
card.appendChild(idDiv);
|
||||
card.appendChild(idDiv);*/
|
||||
|
||||
const titreDiv = document.createElement('div');
|
||||
titreDiv.classList.add('title');
|
||||
|
@ -205,9 +205,9 @@ async function gen_contenu() {
|
|||
typeDiv.textContent = `Type: ${doc.type}`;
|
||||
card.appendChild(typeDiv);
|
||||
|
||||
const uploadPathDiv = document.createElement('div');
|
||||
/*const uploadPathDiv = document.createElement('div');
|
||||
uploadPathDiv.textContent = `Upload Path: ${doc.upload_path}`;
|
||||
card.appendChild(uploadPathDiv);
|
||||
card.appendChild(uploadPathDiv);*/
|
||||
|
||||
// Ajout du contenu spécifique selon le type de fichier
|
||||
let ext = doc.upload_path.toString().split(".").pop();
|
||||
|
|
|
@ -280,7 +280,7 @@ document.addEventListener("DOMContentLoaded", (event)=>{
|
|||
}
|
||||
|
||||
document.getElementById("titre").addEventListener("click", (event) => {
|
||||
window.location.pathname = "/archinsa";
|
||||
window.location.pathname = "";
|
||||
});
|
||||
|
||||
|
||||
|
|
|
@ -66,6 +66,11 @@ D'autres fonctionnalités seront ajoutées petit à petit. (si vous avez des sug
|
|||
|
||||
### téléverser.php :
|
||||
|
||||
|
||||
- changer toutes les variables db avec $db_ devant
|
||||
- rajouter des extensions en whitelist
|
||||
- regex insa touloouse email inscription
|
||||
|
||||
- tout pack dans un json à l'envoi :
|
||||
``
|
||||
let ex = [{duree:"10",themes:["algèbre","analyse"],commentaire_exo:"cci est un commenataire"},{duree:"15",themes:["elec analogique"],commentaire_exo:""}];
|
||||
|
|
2
robots.txt
Normal file
2
robots.txt
Normal file
|
@ -0,0 +1,2 @@
|
|||
User-agent : *
|
||||
Disallow : /
|
|
@ -8,7 +8,7 @@ if (!isset($_SESSION["utilisateur_authentifie"]) || $_SESSION["utilisateur_authe
|
|||
exit;
|
||||
}
|
||||
|
||||
$conn = new mysqli($servername, $username, $password,$dbname);
|
||||
$conn = new mysqli($servername, $db_username, $db_password,$dbname);
|
||||
|
||||
if ($conn->connect_error) {
|
||||
die("Connection failed: " . $conn->connect_error);
|
||||
|
|
|
@ -13,7 +13,7 @@ if (!isset($_SESSION["utilisateur_authentifie"]) || $_SESSION["utilisateur_authe
|
|||
}
|
||||
include("test_creds.php");
|
||||
|
||||
$conn = new mysqli($servername, $username, $password,$dbname);
|
||||
$conn = new mysqli($servername, $db_username, $db_password,$dbname);
|
||||
|
||||
|
||||
// Function to fetch and display documents
|
||||
|
|
Loading…
Reference in a new issue