diff --git a/api.php b/api.php index 498bf37..4f4b582 100644 --- a/api.php +++ b/api.php @@ -29,51 +29,59 @@ if($_SERVER['REQUEST_METHOD'] === 'GET'){ - if(isset($_GET["auth"])){ - try{ - $_SESSION["utilisateur_authentifie"] = true; - session_regenerate_id(true); - $_SESSION["heure_debut"] = time(); - echo json_encode(["status"=>"1","msg"=>"Authentification réussie."]); - }catch(Exception $e){ - echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); - } + // enlève les variables de requète + $endpoint = explode("?",array_pop($url_parts))[0]; + + switch($endpoint){ + case 'auth': + try{ + $_SESSION["utilisateur_authentifie"] = true; + session_regenerate_id(true); + $_SESSION["heure_debut"] = time(); + echo(json_encode(["status"=>"1","msg"=>"Authentification réussie."])); + }catch(Exception $e){ + echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) ); + } + break; + + case 'unauth': + $_SESSION["utilisateur_authentifie"] = false; + echo json_encode(["status"=>"1","msg"=>"Déconnection réussie."]); + session_destroy(); + session_abort(); + break; + + case 'test_auth': + if($_SESSION["utilisateur_authentifie"] == true){ + echo(json_encode(["status"=> "1","msg"=> "Utilisateur bien authentifié."])); + }else{ + echo(json_encode(["status"=> "4","msg"=> "Utilisateur non authentifié."])); + } + break; + + + case 'rechercher': + // Exemple URL: /api.php/chercher?req=math&duree=30&themes=algebre,geometrie + $query = isset($_GET["req"]) ? $_GET["req"] : ""; + $length = isset($_GET["duree"]) ? $_GET["duree"] : ""; + $themes = isset($_GET["themes"]) ? explode(",", $_GET["themes"]) : []; + //print_r($_GET); + try { + $results = RechercheExercices($query, $length, $themes); + echo json_encode(["status" => "1", "resultats" => $results]); + } catch (Exception $e) { + echo json_encode(["status" => "0", "msg" => $e->getMessage()]); + } + + + break; - } - - if(isset($_GET["unauth"])){ - $_SESSION["utilisateur_authentifie"] = false; - echo json_encode(["status"=>"1","msg"=>"Déconnection réussie."]); - session_destroy(); - session_abort(); - } - - if(isset($_GET["test_auth"])){ - if($_SESSION["utilisateur_authentifie"] == true){ - echo(json_encode(["status"=> "1","msg"=> "Utilisateur bien authentifié."])); - }else{ - echo(json_encode(["status"=> "4","msg"=> "Utilisateur non authentifié."])); - } + default: + echo(json_encode(['status'=> '2','msg'=> "Ce point d'arrivée n'existe pas dans l'api."])); + break; + } - - - if (isset($_GET["chercher"])) { - // Example URL: /api/chercher?rech=math&duree=30&tags=algebre,geometrie - - $query = isset($_GET["req"]) ? $_GET["req"] : ""; - $length = isset($_GET["duree"]) ? $_GET["duree"] : ""; - $themes = isset($_GET["duree"]) ? explode(",", $_GET["themes"]) : []; - - try { - $results = searchExercises($query, $length, $themes); - echo json_encode(["status" => "1", "results" => $results]); - } catch (Exception $e) { - echo json_encode(["status" => "0", "msg" => $e->getMessage()]); - } - } - - exit; } diff --git a/bdd.php b/bdd.php index 39d73b4..17348a2 100644 --- a/bdd.php +++ b/bdd.php @@ -69,7 +69,7 @@ function saveFilesFromPost($postData,$id_ensemble) { // Check if the $_POST variable is set and contains files - echo(print_r($_FILES,true)); + //echo(print_r($_FILES,true)); if (isset($_FILES) && is_array($_FILES)) { @@ -128,7 +128,7 @@ function saveFilesFromPost($postData,$id_ensemble) { // pour tester, pas implémenté les commentaires globaux ni les themes $sql="INSERT INTO documents (titre,type,upload_path,commentaire_auteur,ensemble_id) VALUES(?,?,?,?,?)"; - $conn->execute_query($sql,array($safe_titre,$safe_type,$filePath,$postData['commentaire_doc_'.$i],$id_ensemble)); + $conn->execute_query($sql,array($safe_titre,$safe_type,"archives/"+$uniqueFileName,$postData['commentaire_doc_'.$i],$id_ensemble)); }catch(Exception $e){ echo(json_encode(['status'=> '0','msg'=>$e->getMessage()])); //exit; @@ -200,24 +200,21 @@ function saveFilesFromPost($postData,$id_ensemble) { } } -function searchExercises($query, $length, $tags) +function RechercheExercices($query, $length, $tags) { - $conn = new mysqli($GLOBALS["servername"], $GLOBALS["username"], $GLOBALS["password"], $GLOBALS["dbname"]); - - if ($conn->connect_error) { - throw new Exception("Connection failed: " . $conn->connect_error); - } + global $conn; // Build the SQL query based on the search parameters - $sql = "SELECT * FROM exercices"; + $sql = "SELECT * FROM documents"; if (!empty($query) || !empty($length) || !empty($tags)) { - $sql .= " WHERE"; + $sql .= " WHERE "; } $conditions = []; if (!empty($query)) { + $query = htmlspecialchars($query); $conditions[] = "titre LIKE '%$query%'"; } @@ -227,14 +224,15 @@ function searchExercises($query, $length, $tags) if (!empty($tags)) { $tagConditions = array_map(function ($tag) { - return "EXISTS (SELECT 1 FROM exercices_themes et, themes t WHERE et.exercice_id = e.id AND et.theme_id = t.id AND t.name = '$tag')"; + $tag = htmlspecialchars($tag); + return "EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = '$tag')"; }, $tags); $conditions[] = implode(" AND ", $tagConditions); } $sql .= implode(" AND ", $conditions); - + //echo $sql; // Execute the query $result = $conn->query($sql); diff --git a/index.php b/index.php index 36c2db6..83a1bbf 100644 --- a/index.php +++ b/index.php @@ -17,17 +17,23 @@