Compare commits
No commits in common. "e542cc6035eae26f2263dfd681d101a2c484be88" and "742f957900d87b7dce7576b5c7bff03a5e7df028" have entirely different histories.
e542cc6035
...
742f957900
11 changed files with 29 additions and 47 deletions
24
api.php
24
api.php
|
@ -131,22 +131,16 @@
|
|||
|
||||
case "generer_chronologie":
|
||||
|
||||
try{
|
||||
|
||||
if(isset($_SESSION["utilisateur_authentifie"]) && ($_SESSION["utilisateur_authentifie"] == 1)){
|
||||
$res = generer_chronologie();
|
||||
|
||||
echo(json_encode(["status"=>"1","resultats"=>$res]));
|
||||
|
||||
try{
|
||||
|
||||
$res = generer_chronologie();
|
||||
|
||||
echo(json_encode(["status"=>"1","resultats"=>$res]));
|
||||
|
||||
}catch(Exception $e){
|
||||
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
||||
}
|
||||
}else{
|
||||
echo(json_encode(["status"=>"1","resultats"=>[]]));
|
||||
|
||||
}catch(Exception $e){
|
||||
echo( json_encode(["status"=> "0","msg"=> $e->getMessage() ]) );
|
||||
}
|
||||
|
||||
break;
|
||||
|
||||
|
||||
|
@ -303,11 +297,11 @@
|
|||
$mailtest = new Mail();
|
||||
$mailtest->setContent(
|
||||
"Inscription sur Arch'INSA",
|
||||
"https://annales.insat.fr/api.php/verification_inscription?token=".$token,
|
||||
"https://127.0.0.1/archinsa/api.php/verification_inscription?token=".$token,
|
||||
"Salut Salut !!",
|
||||
"La validation du compte permettra de vous connecter et de publier du contenu sur Arch'INSA :D",
|
||||
);
|
||||
if(!$mailtest->send($username, "Eh toi là !")) {
|
||||
if(!$mailtest->send("mougnibas@insa-toulouse.fr", "Eh toi là !")) {
|
||||
echo $mailtest->getError(); //si le mail n'a pas été envoyé
|
||||
$succes = false;
|
||||
}
|
||||
|
|
20
bdd.php
20
bdd.php
|
@ -33,15 +33,14 @@ $pdf_extensions = ['pdf'];
|
|||
$presentation_extensions = ['ppt', 'pptx','odp','pptm','ppsx'];
|
||||
|
||||
// pour les fonctions speciales comme les quiz html...
|
||||
$ext_speciales = ["html","sh","txt"];
|
||||
$ext_speciales = ["html"];
|
||||
|
||||
// Fusionner les listes en une seule liste
|
||||
$ext_autorisees = array_merge($image_extensions, $pdf_extensions, $presentation_extensions,$ext_speciales);
|
||||
|
||||
function check_ext($filename) {
|
||||
global $ext_autorisees;
|
||||
$extension = pathinfo($filename, PATHINFO_EXTENSION);
|
||||
return in_array(strtolower($extension), $ext_autorisees);
|
||||
return in_array(strtolower($extension), $GLOBALS["ext_autorisees"]);
|
||||
}
|
||||
|
||||
|
||||
|
@ -59,9 +58,9 @@ function ajouter_doc($request){
|
|||
|
||||
try{
|
||||
$stm = $conn->prepare($sql);
|
||||
$request['commentaire_auteur'] = htmlentities($request["commentaire_auteur"]);
|
||||
$request['commentaire_auteur'] = htmlspecialchars($request["commentaire_auteur"]);
|
||||
$request["corrige_inclu"] = boolval($request["corrige_inclu"]);
|
||||
$request["date_conception"] = htmlentities($request["date_conception"]);
|
||||
$request["date_conception"] = htmlspecialchars($request["date_conception"]);
|
||||
$stm->bind_param("sisi",$request['commentaire_auteur'],$request["corrige_inclu"],$request["date_conception"],$_SESSION["user_id"]);
|
||||
$stm->execute();
|
||||
//$conn->execute_query($sql,array(htmlspecialchars($request['commentaire_auteur']),boolval($request["corrige_inclu"])));
|
||||
|
@ -95,15 +94,11 @@ function saveFilesFromPost($postData,$id_ensemble) {
|
|||
|
||||
|
||||
foreach ($_FILES as $file) {
|
||||
|
||||
// Create a unique filename to avoid overwriting existing files
|
||||
$uniqueFileName = uniqid() . '_' . $fileName;
|
||||
|
||||
// Extract file information
|
||||
if (isset($file['name'])){
|
||||
$fileName = htmlspecialchars($file['name']);
|
||||
if(!check_ext($fileName)){
|
||||
echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres d'extensions."]));
|
||||
echo(json_encode(["status"=>"0","msg"=>"Error saving file '$uniqueFileName'"]));
|
||||
exit;
|
||||
}
|
||||
|
||||
|
@ -112,7 +107,8 @@ function saveFilesFromPost($postData,$id_ensemble) {
|
|||
print_r($file);
|
||||
}
|
||||
|
||||
|
||||
// Create a unique filename to avoid overwriting existing files
|
||||
$uniqueFileName = uniqid() . '_' . $fileName;
|
||||
|
||||
// Define the path to save the file
|
||||
$filePath = $GLOBALS['uploadDir'] . $uniqueFileName;
|
||||
|
@ -418,8 +414,6 @@ function inscription_utilisateur($username,$password_hash,$nom_insa){
|
|||
return $ret;
|
||||
}
|
||||
|
||||
|
||||
|
||||
$stmt = $conn->prepare("INSERT INTO users (username, password_hash,nom_insa) VALUES (?, ?,?)");
|
||||
$stmt->bind_param("sss", $username, $password_hash,$nom_insa);
|
||||
|
||||
|
|
|
@ -81,10 +81,12 @@
|
|||
============================================
|
||||
</div></a>
|
||||
|
||||
|
||||
<div class="centre-horizontal etaler">
|
||||
<div id="liste_resultats" class="centre-txt">
|
||||
</div>
|
||||
<div>
|
||||
|
||||
</body>
|
||||
<?php
|
||||
include "_partials/_footer.php";
|
||||
|
|
|
@ -27,16 +27,16 @@ session_start();
|
|||
<input class="champ" id="password-input" type="password" name="password" placeholder="Mot de passe" required>
|
||||
|
||||
<h4 class=" centre-txt label-input" for="insa-input">Selectionne ton INSA</h4>
|
||||
<select class="champ" id="insa-input" type="select" name="insa" required hidden>
|
||||
<select class="champ" id="insa-input" type="select" name="insa" required>
|
||||
|
||||
<option value="insa_toulouse">INSA Toulouse <3</option>
|
||||
<!--<option value="insa_lyon">INSA Lyon</option>
|
||||
<option value="insa_lyon">INSA Lyon</option>
|
||||
<option value="insa_rennes">INSA Rennes</option>
|
||||
<option value="insa_cvl">INSA CVL</option>
|
||||
<option value="insa_hdf">INSA HDF</option>
|
||||
<option value="insa_rouen">INSA Rouen</option>
|
||||
<option value="insa_strasbourg">INSA Strasbourg</option>
|
||||
<option value="insa_hdf">INSA HDF</option>-->
|
||||
<option value="insa_hdf">INSA HDF</option>
|
||||
|
||||
</select>
|
||||
|
||||
|
|
|
@ -192,9 +192,9 @@ async function gen_contenu() {
|
|||
card.classList.add('card');
|
||||
|
||||
// Construction du contenu de la carte
|
||||
/*const idDiv = document.createElement('div');
|
||||
const idDiv = document.createElement('div');
|
||||
idDiv.textContent = `ID: ${doc.id}`;
|
||||
card.appendChild(idDiv);*/
|
||||
card.appendChild(idDiv);
|
||||
|
||||
const titreDiv = document.createElement('div');
|
||||
titreDiv.classList.add('title');
|
||||
|
@ -205,9 +205,9 @@ async function gen_contenu() {
|
|||
typeDiv.textContent = `Type: ${doc.type}`;
|
||||
card.appendChild(typeDiv);
|
||||
|
||||
/*const uploadPathDiv = document.createElement('div');
|
||||
const uploadPathDiv = document.createElement('div');
|
||||
uploadPathDiv.textContent = `Upload Path: ${doc.upload_path}`;
|
||||
card.appendChild(uploadPathDiv);*/
|
||||
card.appendChild(uploadPathDiv);
|
||||
|
||||
// Ajout du contenu spécifique selon le type de fichier
|
||||
let ext = doc.upload_path.toString().split(".").pop();
|
||||
|
|
|
@ -280,7 +280,7 @@ document.addEventListener("DOMContentLoaded", (event)=>{
|
|||
}
|
||||
|
||||
document.getElementById("titre").addEventListener("click", (event) => {
|
||||
window.location.pathname = "";
|
||||
window.location.pathname = "/archinsa";
|
||||
});
|
||||
|
||||
|
||||
|
|
|
@ -66,11 +66,6 @@ D'autres fonctionnalités seront ajoutées petit à petit. (si vous avez des sug
|
|||
|
||||
### téléverser.php :
|
||||
|
||||
|
||||
- changer toutes les variables db avec $db_ devant
|
||||
- rajouter des extensions en whitelist
|
||||
- regex insa touloouse email inscription
|
||||
|
||||
- tout pack dans un json à l'envoi :
|
||||
``
|
||||
let ex = [{duree:"10",themes:["algèbre","analyse"],commentaire_exo:"cci est un commenataire"},{duree:"15",themes:["elec analogique"],commentaire_exo:""}];
|
||||
|
|
|
@ -1,2 +0,0 @@
|
|||
User-agent : *
|
||||
Disallow : /
|
|
@ -8,7 +8,7 @@ if (!isset($_SESSION["utilisateur_authentifie"]) || $_SESSION["utilisateur_authe
|
|||
exit;
|
||||
}
|
||||
|
||||
$conn = new mysqli($servername, $db_username, $db_password,$dbname);
|
||||
$conn = new mysqli($servername, $username, $password,$dbname);
|
||||
|
||||
if ($conn->connect_error) {
|
||||
die("Connection failed: " . $conn->connect_error);
|
||||
|
|
|
@ -8,8 +8,7 @@ function assainir_et_valider_mel($og_mel): string {
|
|||
$mel = filter_var($mel, FILTER_SANITIZE_EMAIL);
|
||||
|
||||
// Vérifie si l'adresse e-mail est valide
|
||||
$reg_pattern = "/^[a-zA-Z0-9._%+-]+@insa-toulouse\.fr$/";
|
||||
if (filter_var($mel, FILTER_VALIDATE_EMAIL) && preg_match($mel,$reg_pattern)) {
|
||||
if (filter_var($mel, FILTER_VALIDATE_EMAIL)) {
|
||||
return $mel; // Si valide, renvoie l'adresse e-mail assainie
|
||||
} else {
|
||||
return "[ERREUR_MEL_MALSAINT]"; // Sinon, renvoie un message d'erreur
|
||||
|
|
|
@ -13,7 +13,7 @@ if (!isset($_SESSION["utilisateur_authentifie"]) || $_SESSION["utilisateur_authe
|
|||
}
|
||||
include("test_creds.php");
|
||||
|
||||
$conn = new mysqli($servername, $db_username, $db_password,$dbname);
|
||||
$conn = new mysqli($servername, $username, $password,$dbname);
|
||||
|
||||
|
||||
// Function to fetch and display documents
|
||||
|
|
Loading…
Reference in a new issue