plus de sécu + titre de résultats

This commit is contained in:
thaaoblues 2024-08-10 16:36:26 +02:00
parent 742177ebd4
commit 414b460e20
3 changed files with 54 additions and 30 deletions

View file

@ -258,7 +258,7 @@
if($succes){
echo( json_encode(["status"=> 1,"msg"=> "Utilisateur inscrit !" ]) );
}else{
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription :/" ]) );
echo( json_encode(["status"=> "0","msg"=> "Une erreur est survenue lors de votre inscription ou vous avez essayé de modifier le contenu de la requête :/" ]) );
}
break;

72
bdd.php
View file

@ -222,67 +222,82 @@ function RechercheExercices($query, $length, $tags,$tout_les_insa)
{
global $conn;
// Build the SQL query based on the search parameters
// Start with the base SQL query
$sql = "SELECT * FROM documents AS d INNER JOIN ensembles AS e ON d.ensemble_id = e.id JOIN users as u ON u.id=e.id_auteur WHERE e.valide=TRUE";
// Array to hold the parameters
$params = [];
$types = ""; // Types for the bind_param function
// Handle the INSA restriction
if (!$tout_les_insa) {
$sql = $sql." AND u.nom_insa='".$_SESSION["nom_insa"]."'";
$sql .= " AND u.nom_insa = ?";
$params[] = $_SESSION["nom_insa"];
$types .= "s"; // Assuming nom_insa is a string
}
$conditions = [];
// Handle the search query
if (!empty($query)) {
// va essayer de retrouver tout les mots de la requête dans le titre
$query = htmlspecialchars($query);
$query_words = preg_split("[ ]",$query);
$query_words = preg_split("/\s+/", htmlspecialchars($query));
foreach ($query_words as $word) {
$conditions[] = "AND titre LIKE '%$word%'";
$sql .= " AND titre LIKE ?";
$params[] = "%$word%";
$types .= "s";
}
}
// Handle the length filter
if (!empty($length)) {
$conditions[] = "duree = $length";
$sql .= " AND duree = ?";
$params[] = $length;
$types .= "i"; // Assuming duree is an integer
}
// Handle the tags filter
if (!empty($tags)) {
$tagConditions = array_map(function ($tag) {
foreach ($tags as $tag) {
$tag = htmlspecialchars($tag);
return "EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = '$tag')";
}, $tags);
$conditions[] = implode(" AND ", $tagConditions);
$sql .= " AND EXISTS (SELECT * FROM exercices_themes AS et INNER JOIN themes AS t ON et.exercice_id = t.id WHERE et.theme_id = t.id AND t.name = ?)";
$params[] = $tag;
$types .= "s";
}
}
// Prepare the SQL statement
$stmt = $conn->prepare($sql);
if ($stmt === false) {
throw new Exception("Error preparing the query: " . $conn->error);
}
// Bind the parameters dynamically
if (!empty($params)) {
$stmt->bind_param($types, ...$params);
}
$sql .= implode(" AND ", $conditions);
//echo $sql;
// Execute the query
$result = $conn->query($sql);
if (!$result) {
throw new Exception("Error executing search query: " . $conn->error);
if (!$stmt->execute()) {
throw new Exception("Error executing the search query: " . $stmt->error);
}
// Fetch the results
$result = $stmt->get_result();
$exercises = [];
while ($row = $result->fetch_assoc()) {
$exercises[] = $row;
}
// Clean up
$stmt->close();
$conn->close();
return $exercises;
}
function valider_ensemble($ensembleId) {
$sql = "UPDATE ensembles SET valide = 1 WHERE id = $ensembleId";
@ -389,6 +404,11 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
global $conn;
if(!in_array($nom_insa,["insa_toulouse","insa_lyon","insa_rennes","insa_cvl","insa_hdf","insa_rouen","insa_strasbourg","insa_hdf"])){
$ret = 0;
return $ret;
}
$stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)");
$stmt->bind_param("sss", $username, $password_hash,$nom_insa);

View file

@ -1,7 +1,6 @@
async function rechercher(){
console.log("recherche !!");
var req = document.getElementById("recherche_input").value;
var themes = [];
Array.from(document.getElementsByClassName("theme")).forEach(function (el) {
@ -36,6 +35,11 @@ async function rechercher(){
// vide d'abord les éléments présents dans la liste sur la page
document.getElementById("liste_resultats").innerHTML = "";
// ensuite on ajoute un petit titre à la chronologie
let titre = document.createElement("h1");
titre.innerText = "Voilà les "+data.resultats.length+" résultats de ta recherche :";
document.getElementById("liste_resultats").appendChild(titre);
if(data.status == 1){
data.resultats.forEach(doc => {