plus de sécu + titre de résultats
This commit is contained in:
parent
742177ebd4
commit
414b460e20
3 changed files with 54 additions and 30 deletions
2
api.php
2
api.php
|
@ -258,7 +258,7 @@
|
||||||
if($succes){
|
if($succes){
|
||||||
echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) );
|
echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) );
|
||||||
}else{
|
}else{
|
||||||
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) );
|
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) );
|
||||||
}
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
76
bdd.php
76
bdd.php
|
@ -218,71 +218,86 @@ function saveFilesFromPost($postData,$id_ensemble) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function RechercheExercices($query, $length, $tags,$tout_les_insa)
|
function RechercheExercices($query, $length, $tags, $tout_les_insa)
|
||||||
{
|
{
|
||||||
global $conn;
|
global $conn;
|
||||||
|
|
||||||
// Build the SQL query based on the search parameters
|
// Start with the base SQL query
|
||||||
$sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE";
|
$sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE";
|
||||||
|
|
||||||
if(!$tout_les_insa){
|
// Array to hold the parameters
|
||||||
$sql = $sql." AND u.nom_insa='".$_SESSION["nom_insa"]."'";
|
$params = [];
|
||||||
|
$types = ""; // Types for the bind_param function
|
||||||
|
|
||||||
|
// Handle the INSA restriction
|
||||||
|
if (!$tout_les_insa) {
|
||||||
|
$sql .= " AND u.nom_insa = ?";
|
||||||
|
$params[] = $_SESSION["nom_insa"];
|
||||||
|
$types .= "s"; // Assuming nom_insa is a string
|
||||||
}
|
}
|
||||||
|
|
||||||
$conditions = [];
|
// Handle the search query
|
||||||
|
|
||||||
if (!empty($query)) {
|
if (!empty($query)) {
|
||||||
|
$query_words = preg_split("/\s+/", htmlspecialchars($query));
|
||||||
// va essayer de retrouver tout les mots de la requête dans le titre
|
|
||||||
$query = htmlspecialchars($query);
|
|
||||||
$query_words = preg_split("[ ]",$query);
|
|
||||||
|
|
||||||
foreach ($query_words as $word) {
|
foreach ($query_words as $word) {
|
||||||
$conditions[] = "AND titre LIKE '%$word%'";
|
$sql .= " AND titre LIKE ?";
|
||||||
|
$params[] = "%$word%";
|
||||||
|
$types .= "s";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Handle the length filter
|
||||||
if (!empty($length)) {
|
if (!empty($length)) {
|
||||||
$conditions[] = "duree = $length";
|
$sql .= " AND duree = ?";
|
||||||
|
$params[] = $length;
|
||||||
|
$types .= "i"; // Assuming duree is an integer
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Handle the tags filter
|
||||||
if (!empty($tags)) {
|
if (!empty($tags)) {
|
||||||
$tagConditions = array_map(function ($tag) {
|
foreach ($tags as $tag) {
|
||||||
$tag = htmlspecialchars($tag);
|
$tag = htmlspecialchars($tag);
|
||||||
return "EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = '$tag')";
|
$sql .= " AND EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = ?)";
|
||||||
}, $tags);
|
$params[] = $tag;
|
||||||
|
$types .= "s";
|
||||||
$conditions[] = implode(" AND ", $tagConditions);
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Prepare the SQL statement
|
||||||
|
$stmt = $conn->prepare($sql);
|
||||||
|
|
||||||
|
if ($stmt === false) {
|
||||||
|
throw new Exception("Error preparing the query: " . $conn->error);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Bind the parameters dynamically
|
||||||
|
if (!empty($params)) {
|
||||||
|
$stmt->bind_param($types, ...$params);
|
||||||
|
}
|
||||||
|
|
||||||
$sql .= implode(" AND ", $conditions);
|
|
||||||
//echo $sql;
|
|
||||||
// Execute the query
|
// Execute the query
|
||||||
$result = $conn->query($sql);
|
if (!$stmt->execute()) {
|
||||||
|
throw new Exception("Error executing the search query: " . $stmt->error);
|
||||||
if (!$result) {
|
|
||||||
throw new Exception("Error executing search query: " . $conn->error);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Fetch the results
|
||||||
|
$result = $stmt->get_result();
|
||||||
$exercises = [];
|
$exercises = [];
|
||||||
|
|
||||||
while ($row = $result->fetch_assoc()) {
|
while ($row = $result->fetch_assoc()) {
|
||||||
$exercises[] = $row;
|
$exercises[] = $row;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Clean up
|
||||||
|
$stmt->close();
|
||||||
$conn->close();
|
$conn->close();
|
||||||
|
|
||||||
return $exercises;
|
return $exercises;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
function valider_ensemble($ensembleId) {
|
function valider_ensemble($ensembleId) {
|
||||||
|
|
||||||
$sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId";
|
$sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId";
|
||||||
|
@ -389,6 +404,11 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
|
||||||
|
|
||||||
global $conn;
|
global $conn;
|
||||||
|
|
||||||
|
if(!in_array($nom_insa,["insa_toulouse","insa_lyon","insa_rennes","insa_cvl","insa_hdf","insa_rouen","insa_strasbourg","insa_hdf"])){
|
||||||
|
$ret = 0;
|
||||||
|
return $ret;
|
||||||
|
}
|
||||||
|
|
||||||
$stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)");
|
$stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)");
|
||||||
$stmt->bind_param("sss", $username, $password_hash,$nom_insa);
|
$stmt->bind_param("sss", $username, $password_hash,$nom_insa);
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
|
|
||||||
async function rechercher(){
|
async function rechercher(){
|
||||||
|
|
||||||
console.log("recherche !!");
|
|
||||||
var req = document.getElementById("recherche_input").value;
|
var req = document.getElementById("recherche_input").value;
|
||||||
var themes = [];
|
var themes = [];
|
||||||
Array.from(document.getElementsByClassName("theme")).forEach(function (el) {
|
Array.from(document.getElementsByClassName("theme")).forEach(function (el) {
|
||||||
|
@ -35,6 +34,11 @@ async function rechercher(){
|
||||||
|
|
||||||
// vide d'abord les éléments présents dans la liste sur la page
|
// vide d'abord les éléments présents dans la liste sur la page
|
||||||
document.getElementById("liste_resultats").innerHTML = "";
|
document.getElementById("liste_resultats").innerHTML = "";
|
||||||
|
|
||||||
|
// ensuite on ajoute un petit titre à la chronologie
|
||||||
|
let titre = document.createElement("h1");
|
||||||
|
titre.innerText = "Voilà les "+data.resultats.length+" résultats de ta recherche :";
|
||||||
|
document.getElementById("liste_resultats").appendChild(titre);
|
||||||
|
|
||||||
if(data.status == 1){
|
if(data.status == 1){
|
||||||
data.resultats.forEach(doc => {
|
data.resultats.forEach(doc => {
|
||||||
|
|
Loading…
Reference in a new issue