mougnibas/archinsa
2
0
Fork 1
Code Issues Pull requests Releases Wiki Activity

plus de sécu + titre de résultats

Browse source
This commit is contained in:
thaaoblues 2024-08-10 16:36:26 +02:00
parent 742177ebd4
commit 414b460e20
3 changed files with 54 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
api.php
View file

@ -258,7 +258,7 @@
if($succes){ if($succes){
echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) ); echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) );
}else{ }else{
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) ); echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) );
} }
break; break;

76
bdd.php
View file

@ -218,71 +218,86 @@ function saveFilesFromPost($postData,$id_ensemble) {
} }
} }
function RechercheExercices($query, $length, $tags,$tout_les_insa) function RechercheExercices($query, $length, $tags, $tout_les_insa)
{ {
global $conn; global $conn;
// Build the SQL query based on the search parameters // Start with the base SQL query
$sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE"; $sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE";
if(!$tout_les_insa){ // Array to hold the parameters
$sql = $sql." AND u.nom_insa='".$_SESSION["nom_insa"]."'"; $params = [];
$types = ""; // Types for the bind_param function
// Handle the INSA restriction
if (!$tout_les_insa) {
$sql .= " AND u.nom_insa = ?";
$params[] = $_SESSION["nom_insa"];
$types .= "s"; // Assuming nom_insa is a string
} }
$conditions = []; // Handle the search query
if (!empty($query)) { if (!empty($query)) {
$query_words = preg_split("/\s+/", htmlspecialchars($query));
// va essayer de retrouver tout les mots de la requête dans le titre
$query = htmlspecialchars($query);
$query_words = preg_split("[ ]",$query);
foreach ($query_words as $word) { foreach ($query_words as $word) {
$conditions[] = "AND titre LIKE '%$word%'"; $sql .= " AND titre LIKE ?";
$params[] = "%$word%";
$types .= "s";
} }
} }
// Handle the length filter
if (!empty($length)) { if (!empty($length)) {
$conditions[] = "duree = $length"; $sql .= " AND duree = ?";
$params[] = $length;
$types .= "i"; // Assuming duree is an integer
} }
// Handle the tags filter
if (!empty($tags)) { if (!empty($tags)) {
$tagConditions = array_map(function ($tag) { foreach ($tags as $tag) {
$tag = htmlspecialchars($tag); $tag = htmlspecialchars($tag);
return "EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = '$tag')"; $sql .= " AND EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = ?)";
}, $tags); $params[] = $tag;
$types .= "s";
$conditions[] = implode(" AND ", $tagConditions); }
} }
// Prepare the SQL statement
$stmt = $conn->prepare($sql);
if ($stmt === false) {
throw new Exception("Error preparing the query: " . $conn->error);
}
// Bind the parameters dynamically
if (!empty($params)) {
$stmt->bind_param($types, ...$params);
}
$sql .= implode(" AND ", $conditions);
//echo $sql;
// Execute the query // Execute the query
$result = $conn->query($sql); if (!$stmt->execute()) {
throw new Exception("Error executing the search query: " . $stmt->error);
if (!$result) {
throw new Exception("Error executing search query: " . $conn->error);
} }
// Fetch the results
$result = $stmt->get_result();
$exercises = []; $exercises = [];
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$exercises[] = $row; $exercises[] = $row;
} }
// Clean up
$stmt->close();
$conn->close(); $conn->close();
return $exercises; return $exercises;
} }
function valider_ensemble($ensembleId) { function valider_ensemble($ensembleId) {
$sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId"; $sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId";
@ -389,6 +404,11 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
global $conn; global $conn;
if(!in_array($nom_insa,["insa_toulouse","insa_lyon","insa_rennes","insa_cvl","insa_hdf","insa_rouen","insa_strasbourg","insa_hdf"])){
$ret = 0;
return $ret;
}
$stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)"); $stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)");
$stmt->bind_param("sss", $username, $password_hash,$nom_insa); $stmt->bind_param("sss", $username, $password_hash,$nom_insa);

6
js/index.js
View file

@ -1,7 +1,6 @@
async function rechercher(){ async function rechercher(){
console.log("recherche !!");
var req = document.getElementById("recherche_input").value; var req = document.getElementById("recherche_input").value;
var themes = []; var themes = [];
Array.from(document.getElementsByClassName("theme")).forEach(function (el) { Array.from(document.getElementsByClassName("theme")).forEach(function (el) {
@ -36,6 +35,11 @@ async function rechercher(){
// vide d'abord les éléments présents dans la liste sur la page // vide d'abord les éléments présents dans la liste sur la page
document.getElementById("liste_resultats").innerHTML = ""; document.getElementById("liste_resultats").innerHTML = "";
// ensuite on ajoute un petit titre à la chronologie
let titre = document.createElement("h1");
titre.innerText = "Voilà les "+data.resultats.length+" résultats de ta recherche :";
document.getElementById("liste_resultats").appendChild(titre);
if(data.status == 1){ if(data.status == 1){
data.resultats.forEach(doc => { data.resultats.forEach(doc => {