From 414b460e20be7c148d984f2265a8c665bbd6f12e Mon Sep 17 00:00:00 2001 From: thaaoblues Date: Sat, 10 Aug 2024 16:36:26 +0200 Subject: [PATCH] =?UTF-8?q?plus=20de=20s=C3=A9cu=20+=20titre=20de=20r?= =?UTF-8?q?=C3=A9sultats?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- api.php | 2 +- bdd.php | 76 +++++++++++++++++++++++++++++++++-------------------- js/index.js | 6 ++++- 3 files changed, 54 insertions(+), 30 deletions(-) diff --git a/api.php b/api.php index 4c4920f..acae033 100644 --- a/api.php +++ b/api.php @@ -258,7 +258,7 @@ if($succes){ echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) ); }else{ - echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) ); + echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) ); } break; diff --git a/bdd.php b/bdd.php index 0c7b800..aecee4c 100644 --- a/bdd.php +++ b/bdd.php @@ -218,71 +218,86 @@ function saveFilesFromPost($postData,$id_ensemble) { } } -function RechercheExercices($query, $length, $tags,$tout_les_insa) +function RechercheExercices($query, $length, $tags, $tout_les_insa) { global $conn; - // Build the SQL query based on the search parameters + // Start with the base SQL query $sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE"; - if(!$tout_les_insa){ - $sql = $sql." AND u.nom_insa='".$_SESSION["nom_insa"]."'"; + // Array to hold the parameters + $params = []; + $types = ""; // Types for the bind_param function + + // Handle the INSA restriction + if (!$tout_les_insa) { + $sql .= " AND u.nom_insa = ?"; + $params[] = $_SESSION["nom_insa"]; + $types .= "s"; // Assuming nom_insa is a string } - $conditions = []; - + // Handle the search query if (!empty($query)) { - - // va essayer de retrouver tout les mots de la requête dans le titre - $query = htmlspecialchars($query); - $query_words = preg_split("[ ]",$query); - + $query_words = preg_split("/\s+/", htmlspecialchars($query)); foreach ($query_words as $word) { - $conditions[] = "AND titre LIKE '%$word%'"; + $sql .= " AND titre LIKE ?"; + $params[] = "%$word%"; + $types .= "s"; } } + // Handle the length filter if (!empty($length)) { - $conditions[] = "duree = $length"; + $sql .= " AND duree = ?"; + $params[] = $length; + $types .= "i"; // Assuming duree is an integer } + // Handle the tags filter if (!empty($tags)) { - $tagConditions = array_map(function ($tag) { + foreach ($tags as $tag) { $tag = htmlspecialchars($tag); - return "EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = '$tag')"; - }, $tags); - - $conditions[] = implode(" AND ", $tagConditions); + $sql .= " AND EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = ?)"; + $params[] = $tag; + $types .= "s"; + } } + // Prepare the SQL statement + $stmt = $conn->prepare($sql); + if ($stmt === false) { + throw new Exception("Error preparing the query: " . $conn->error); + } + + // Bind the parameters dynamically + if (!empty($params)) { + $stmt->bind_param($types, ...$params); + } - $sql .= implode(" AND ", $conditions); - //echo $sql; // Execute the query - $result = $conn->query($sql); - - if (!$result) { - throw new Exception("Error executing search query: " . $conn->error); + if (!$stmt->execute()) { + throw new Exception("Error executing the search query: " . $stmt->error); } + // Fetch the results + $result = $stmt->get_result(); $exercises = []; while ($row = $result->fetch_assoc()) { $exercises[] = $row; } + // Clean up + $stmt->close(); $conn->close(); return $exercises; - - - - } + function valider_ensemble($ensembleId) { $sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId"; @@ -389,6 +404,11 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){ global $conn; + if(!in_array($nom_insa,["insa_toulouse","insa_lyon","insa_rennes","insa_cvl","insa_hdf","insa_rouen","insa_strasbourg","insa_hdf"])){ + $ret = 0; + return $ret; + } + $stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)"); $stmt->bind_param("sss", $username, $password_hash,$nom_insa); diff --git a/js/index.js b/js/index.js index d2cc621..57e54b4 100644 --- a/js/index.js +++ b/js/index.js @@ -1,7 +1,6 @@ async function rechercher(){ - console.log("recherche !!"); var req = document.getElementById("recherche_input").value; var themes = []; Array.from(document.getElementsByClassName("theme")).forEach(function (el) { @@ -35,6 +34,11 @@ async function rechercher(){ // vide d'abord les éléments présents dans la liste sur la page document.getElementById("liste_resultats").innerHTML = ""; + + // ensuite on ajoute un petit titre à la chronologie + let titre = document.createElement("h1"); + titre.innerText = "Voilà les "+data.resultats.length+" résultats de ta recherche :"; + document.getElementById("liste_resultats").appendChild(titre); if(data.status == 1){ data.resultats.forEach(doc => {