diff --git a/bdd.php b/bdd.php index 8bd03d4..0e558e9 100644 --- a/bdd.php +++ b/bdd.php @@ -11,6 +11,13 @@ $uploadDir = 'archives/'; // le type de document est classifié entre 0 et n dans l'ensemble des entiers naturels $max_val_type = 3; +/* +1 : texte +2 : image +3 : pdf +0 : non supporté +-1 : erreur +*/ // Liste des extensions autorisées pour les images $image_extensions = [ @@ -87,7 +94,6 @@ function saveFilesFromPost($postData,$id_ensemble) { // Iterate through each file in the $_FILES array - $safe_type = intval($postData['type']); $i = 0; @@ -95,6 +101,7 @@ function saveFilesFromPost($postData,$id_ensemble) { foreach ($_FILES as $file) { + $safe_type = checkFileTypeSecure($file['tmp_name']); // Create a unique filename to avoid overwriting existing files $uniqueFileName = uniqid() . '_' . $fileName; @@ -102,8 +109,8 @@ function saveFilesFromPost($postData,$id_ensemble) { // Extract file information if (isset($file['name'])){ $fileName = htmlspecialchars($file['name']); - if(!check_ext($fileName)){ - echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres d'extensions."])); + if(!check_ext($fileName) || $safe_type == 0){ + echo(json_encode(["status"=>"0","msg"=>"le fichier '$fileName' n'a pas passé les filtres de contenu. ( dommaaaaggee :c )"])); exit; } @@ -355,7 +362,7 @@ function generer_chronologie(){ // on rajoute le chemin vers chaque document présent dans l'ensemble $resultat_complet = array(); foreach($ensembles as $ens){ - $sql = "SELECT titre,upload_path,ensemble_id FROM documents WHERE ensemble_id=?"; + $sql = "SELECT titre,upload_path,ensemble_id,type FROM documents WHERE ensemble_id=?"; $res = $conn->execute_query($sql,array($ens["id"])); $ens["documents"] = array(); while($doc = $res->fetch_assoc()){ diff --git a/js/ens.js b/js/ens.js index 1b1770d..d14af88 100644 --- a/js/ens.js +++ b/js/ens.js @@ -169,19 +169,6 @@ async function gen_contenu() { const data = await response.json(); console.log(data); - const image_extensions = [ - 'jpg', - 'jpeg', - 'png', - 'gif', - 'bmp', - 'tiff', - 'tif', - 'webp', - 'svg', - 'ico', - 'raw' - ]; const dataContainer = document.getElementById('data-container'); @@ -209,53 +196,61 @@ async function gen_contenu() { uploadPathDiv.textContent = `Upload Path: ${doc.upload_path}`; card.appendChild(uploadPathDiv);*/ - // Ajout du contenu spécifique selon le type de fichier - let ext = doc.upload_path.toString().split(".").pop(); - switch (true) { - case image_extensions.includes(ext): // image - const img = document.createElement('img'); - img.src = doc.upload_path; - img.alt = doc.titre; - card.appendChild(img); + switch (doc.type) { + case 2: // image + const img = document.createElement('img'); + img.src = doc.upload_path; + img.alt = doc.titre; + card.appendChild(img); - const imageLink = document.createElement('a'); - imageLink.href = doc.upload_path; - imageLink.classList.add('lien'); - imageLink.textContent = 'Voir image'; - imageLink.target = '_blank'; - card.appendChild(imageLink); - break; - case ext == "pdf": // pdf - const embed = document.createElement('embed'); - embed.src = doc.upload_path; - card.appendChild(embed); + const imageLink = document.createElement('a'); + imageLink.href = doc.upload_path; + imageLink.classList.add('lien'); + imageLink.textContent = 'Voir image'; + imageLink.target = '_blank'; + card.appendChild(imageLink); + break; + case 3: // pdf + const embed = document.createElement('embed'); + embed.src = doc.upload_path; + card.appendChild(embed); - const pdfLink = document.createElement('a'); - pdfLink.href = doc.upload_path; - pdfLink.classList.add('lien'); - pdfLink.textContent = 'Voir PDF en grand'; - pdfLink.target = '_blank'; - card.appendChild(pdfLink); - break; - case ext == "mp4": // video - const video = document.createElement('video'); - video.src = doc.upload_path; - video.controls = true; - card.appendChild(video); - break; - case ext == "html": - const iframe = document.createElement('iframe'); - iframe.src = doc.upload_path; - card.appendChild(iframe); - break; - default: - const unsupportedLink = document.createElement('a'); - unsupportedLink.href = doc.upload_path; - unsupportedLink.classList.add('lien'); - unsupportedLink.textContent = 'Type de fichier non supporté.'; - unsupportedLink.target = '_blank'; - card.appendChild(unsupportedLink); - break; + const pdfLink = document.createElement('a'); + pdfLink.href = doc.upload_path; + pdfLink.classList.add('lien'); + pdfLink.textContent = 'Voir PDF en grand'; + pdfLink.target = '_blank'; + card.appendChild(pdfLink); + break; + case 4: // video + const video = document.createElement('video'); + video.src = doc.upload_path; + video.controls = true; + card.appendChild(video); + break; + case 5: + const iframe = document.createElement('iframe'); + iframe.src = doc.upload_path; + card.appendChild(iframe); + break; + + case 1: + const textarea = document.createElement('textarea'); + var xmlhttp, text; + xmlhttp = new XMLHttpRequest(); + xmlhttp.open('GET', doc.upload_path, false); + xmlhttp.send(); + text = xmlhttp.responseText; + textarea.value = text; + card.appendChild(textarea) + default: + const unsupportedLink = document.createElement('a'); + unsupportedLink.href = doc.upload_path; + unsupportedLink.classList.add('lien'); + unsupportedLink.textContent = 'Type de fichier non supporté.'; + unsupportedLink.target = '_blank'; + card.appendChild(unsupportedLink); + break; } // Ajout du contenu restant de la carte diff --git a/js/index.js b/js/index.js index 166718a..a24f6c9 100644 --- a/js/index.js +++ b/js/index.js @@ -56,23 +56,9 @@ async function rechercher(){ card.appendChild(titre_ensemble); // fichiers spéciaux ? - let ext = doc.upload_path.toString().split(".").pop(); - const image_extensions = [ - 'jpg', - 'jpeg', - 'png', - 'gif', - 'bmp', - 'tiff', - 'tif', - 'webp', - 'svg', - 'ico', - 'raw' - ]; - switch (true) { - case image_extensions.includes(ext): // image + switch (doc.type) { + case 2: // image const img = document.createElement('img'); img.src = doc.upload_path; img.alt = doc.titre; @@ -85,7 +71,7 @@ async function rechercher(){ imageLink.target = '_blank'; card.appendChild(imageLink); break; - case ext == "pdf": // pdf + case 3: // pdf const embed = document.createElement('embed'); embed.src = doc.upload_path; card.appendChild(embed); @@ -97,17 +83,27 @@ async function rechercher(){ pdfLink.target = '_blank'; card.appendChild(pdfLink); break; - case ext == "mp4": // video + case 4: // video const video = document.createElement('video'); video.src = doc.upload_path; video.controls = true; card.appendChild(video); break; - case ext == "html": + case 5: const iframe = document.createElement('iframe'); iframe.src = doc.upload_path; card.appendChild(iframe); break; + + case 1: + const textarea = document.createElement('textarea'); + var xmlhttp, text; + xmlhttp = new XMLHttpRequest(); + xmlhttp.open('GET', doc.upload_path, false); + xmlhttp.send(); + text = xmlhttp.responseText; + textarea.value = text; + card.appendChild(textarea) default: const unsupportedLink = document.createElement('a'); unsupportedLink.href = doc.upload_path; @@ -168,29 +164,16 @@ async function gen_chronologie(){ card.appendChild(titre_ensemble); - // fichiers spéciaux ? - let ext = doc.upload_path.toString().split(".").pop(); - const image_extensions = [ - 'jpg', - 'jpeg', - 'png', - 'gif', - 'bmp', - 'tiff', - 'tif', - 'webp', - 'svg', - 'ico', - 'raw' - ]; - - switch (true) { - case image_extensions.includes(ext): // image + // fichiers spéciaux ? + + + switch (doc.type) { + case 2: // image const img = document.createElement('img'); img.src = doc.upload_path; img.alt = doc.titre; card.appendChild(img); - + const imageLink = document.createElement('a'); imageLink.href = doc.upload_path; imageLink.classList.add('lien'); @@ -198,11 +181,11 @@ async function gen_chronologie(){ imageLink.target = '_blank'; card.appendChild(imageLink); break; - case ext == "pdf": // pdf + case 3: // pdf const embed = document.createElement('embed'); embed.src = doc.upload_path; card.appendChild(embed); - + const pdfLink = document.createElement('a'); pdfLink.href = doc.upload_path; pdfLink.classList.add('lien'); @@ -210,17 +193,27 @@ async function gen_chronologie(){ pdfLink.target = '_blank'; card.appendChild(pdfLink); break; - case ext == "mp4": // video + case 4: // video const video = document.createElement('video'); video.src = doc.upload_path; video.controls = true; card.appendChild(video); break; - case ext == "html": + case 5: const iframe = document.createElement('iframe'); iframe.src = doc.upload_path; card.appendChild(iframe); break; + + case 1: + const textarea = document.createElement('textarea'); + var xmlhttp, text; + xmlhttp = new XMLHttpRequest(); + xmlhttp.open('GET', doc.upload_path, false); + xmlhttp.send(); + text = xmlhttp.responseText; + textarea.value = text; + card.appendChild(textarea) default: const unsupportedLink = document.createElement('a'); unsupportedLink.href = doc.upload_path; diff --git a/utils/inputs.php b/utils/inputs.php index 2457f16..c97c4ab 100644 --- a/utils/inputs.php +++ b/utils/inputs.php @@ -16,4 +16,90 @@ function assainir_et_valider_mel($og_mel): string { } } +function getFileSignature($filePath, $length = 8) { + // Open the file and read the first few bytes (file signature) + if ($file = fopen($filePath, 'rb')) { + $signature = fread($file, $length); + fclose($file); + return bin2hex($signature); // Return as hexadecimal string + } + return false; +} + +function checkFileTypeSecure($filePath) { + if (!file_exists($filePath)) { + return -1; // File does not exist + } + + // Get the file's signature (magic bytes) + $fileSignature = getFileSignature($filePath); + + // Check for common signatures + $signatures = [ + 'text' => [ + 'txt' => 'efbbbf', // UTF-8 encoded text files (BOM) + ], + 'pdf' => [ + 'pdf' => '25504446', // PDF files always start with "%PDF" in hex + ], + 'image' => [ + 'jpeg' => 'ffd8ffe0', // JPEG + 'png' => '89504e47', // PNG + 'gif' => '47494638', // GIF + 'bmp' => '424d', // BMP + 'webp' => '52494646', // WebP starts with "RIFF" + 'tiff' => '49492a00' // TIFF + ], + 'video' => [ + 'mp4' => '00000018', // MP4 + //'avi' => '52494646', // AVI starts with "RIFF" bah relou du coup c'est pareil que webp + 'mkv' => '1a45dfa3', // MKV + 'mov' => '00000014' // MOV + ], + 'html' => [ + 'html' => '3c68746d', // HTML documents start with " $signature) { + if (strpos($fileSignature, $signature) === 0) { + return 1; // Plain text file + } + } + + // Check for PDF + foreach ($signatures['pdf'] as $format => $signature) { + if (strpos($fileSignature, $signature) === 0) { + return 3; // PDF file + } + } + + // Check for images + foreach ($signatures['image'] as $format => $signature) { + if (strpos($fileSignature, $signature) === 0) { + return 2; // Image file + } + } + + // Check for videos + foreach ($signatures['video'] as $format => $signature) { + if (strpos($fileSignature, $signature) === 0) { + return 4; // Video file + } + } + + // Check for HTML documents + foreach ($signatures['html'] as $format => $signature) { + if (strpos($fileSignature, $signature) === 0) { + return 5; // HTML file + } + } + + return 0; // Unknown or unsupported file type +} + + ?> \ No newline at end of file diff --git a/validation.php b/validation.php index ed7a7ba..030c723 100644 --- a/validation.php +++ b/validation.php @@ -54,21 +54,7 @@ function generer_chronologie() { echo "
Upload Path: {$row['upload_path']}
"; echo "Ensemble ID: {$row['ensemble_id']}
"; - $extension = pathinfo($row['upload_path'], PATHINFO_EXTENSION); - - if (strtolower($extension) === 'pdf'): - echo ""; - elseif (in_array(strtolower($extension), ['jpg', 'jpeg', 'png', 'gif'])): - echo "Unsupported file type
".$row['upload_path']; - endif; - - echo "Theme ID: {$row['theme_id']}
"; + generateFileHTML($row); } @@ -82,6 +68,52 @@ function generer_chronologie() { } +// Function to handle different file types and generate HTML dynamically +function generateFileHTML($row) { + // Simulating the switch-case equivalent in PHP using a switch on doc.type + $doc_type = $row['type']; // Assuming 'type' is the same as doc.type in JS + + switch ($doc_type) { + case 2: // Image + // Create image element + echo "