X-Git-Url: http://git.euphorik.ch/?a=blobdiff_plain;f=php%2Fcontroller.php;h=a42051af08f3d66655e8369167c9ed32374b53fd;hb=HEAD;hp=090665008bc79cdf20f81287ad1b0d6936a946c8;hpb=6b9eac51629ad6fcec7da5f48b92f4c2b54c5901;p=cl7.git diff --git a/php/controller.php b/php/controller.php index 0906650..a42051a 100644 --- a/php/controller.php +++ b/php/controller.php @@ -28,86 +28,115 @@ class Controller $_POST['accord'] == "on" ) { - mysql_query("BEGIN TRANSACTION"); - mysql_query(" + pg_query("BEGIN"); + + // Cherche un id libre. + // Pour des questions de sécurité, les ids ne sont pas générés sequentiellement + // car ils sont mémorisé dans un cookie et permette l'authentification. + $id = 0; + do + { + $id = rand(1, PHP_INT_MAX); + $row = pg_fetch_row(pg_query_params("SELECT count(*) FROM participants WHERE id = $1", array($id))); + } while ($row[0] != 0); + + pg_query_params(" INSERT INTO participants - (pseudo, password, clan_nom, clan_tag, nom, prenom, age, e_mail, remarques) - VALUES ( - '".addslashes($_POST['pseudo'])."', - '".addslashes($_POST['pass1'])."', - '".addslashes($_POST['clan_nom'])."', - '".addslashes($_POST['clan_tag'])."', - '".addslashes($_POST['nom'])."', - '".addslashes($_POST['prenom'])."', - '".addslashes($_POST['age'])."', - '".addslashes($_POST['e_mail'])."', - '".addslashes($_POST['remarques'])."' - )" + (id, pseudo, password, clan_nom, clan_tag, nom, prenom, age, e_mail, remarques) + VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10) + ", + array( + $id, + $_POST['pseudo'], + sha1($_POST['pass1']), + $_POST['clan_nom'], + $_POST['clan_tag'], + $_POST['nom'], + $_POST['prenom'], + $_POST['age'], + $_POST['e_mail'], + $_POST['remarques'], + ) ); - $id = mysql_insert_id(); + $this->set_periodes($id); - mysql_query("COMMIT"); + pg_query("COMMIT"); - $this->participant = new participant($_POST['pseudo'], $_POST['pass1']); + $this->participant->chargerInfos($_POST['pseudo'], $_POST['pass1']); setcookie("COOKIE_INFO_PARTICIPANT", $this->participant->info->id, time() + 31104000); $this->nouvel_inscrit = TRUE; } } # un participant modifie ses infos - else if(isset($_POST['modification_participant']) && $this->participant->valide) + else if(isset($_POST['modification_participant']) && $this->participant->existe()) { if ($this->config->get("inscription_terminees")) return; $this->traiter_donnees_inscription(); - if (!$this->login_deja_pris() && $this->donnees_inscription_valides()) + if (!$this->login_deja_pris() && $this->donnees_inscription_valides(true)) { - mysql_query("BEGIN TRANSACTION"); - mysql_query("UPDATE participants SET pseudo = '".addslashes($_POST['pseudo'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET password = '".addslashes($_POST['pass1'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET clan_nom = '".addslashes($_POST['clan_nom'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET clan_tag = '".addslashes($_POST['clan_tag'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET nom = '".addslashes($_POST['nom'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET prenom = '".addslashes($_POST['prenom'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET age = '".addslashes($_POST['age'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET e_mail = '".addslashes($_POST['e_mail'])."' WHERE id = " . $this->participant->info->id); - mysql_query("UPDATE participants SET remarques = '".addslashes($_POST['remarques'])."' WHERE id = " . $this->participant->info->id); + pg_query("BEGIN"); + pg_query_params("UPDATE participants SET pseudo = $1 WHERE id = $2", array($_POST['pseudo'], $this->participant->info->id)); + if ($_POST['pass1'] != '') // Uniquement si un nouveau password est donné. + pg_query_params("UPDATE participants SET password = $1 WHERE id = $2", array(sha1($_POST['pass1']), $this->participant->info->id)); + pg_query_params("UPDATE participants SET clan_nom = $1 WHERE id = $2", array($_POST['clan_nom'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET clan_tag = $1 WHERE id = $2", array($_POST['clan_tag'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET nom = $1 WHERE id = $2", array($_POST['nom'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET prenom = $1 WHERE id = $2", array($_POST['prenom'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET age = $1 WHERE id = $2", array($_POST['age'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET e_mail = $1 WHERE id = $2", array($_POST['e_mail'], $this->participant->info->id)); + pg_query_params("UPDATE participants SET remarques = $1 WHERE id = $2", array($_POST['remarques'], $this->participant->info->id)); $this->set_periodes($this->participant->info->id); - mysql_query("COMMIT"); + pg_query("COMMIT"); //header("Location: /inscrits.html"); $this->message_utilisateur = "Les modifications ont été enregistrées"; - $page = "inscrits"; // TODO : moche car la page ne va plus correspondre à l'url + + // Puisque les données du participant ont changés il faut les re-charger. + $this->participant->chargerInfos(); } } # vote pour des jeux (autorisé même lorsque les inscriptions sont terminées) - else if (isset($_POST['set_jeux_joues']) && $this->participant->valide) + else if (isset($_POST['set_jeux_joues']) && $this->participant->existe() && !$config->get("inscription_terminees")) { $votes = $_POST['votes']; if (!$votes) $votes = array(); - mysql_query("BEGIN TRANSACTION"); + pg_query("BEGIN"); # l'utilisateur peut proposer le nom d'un jeu qui ne se trouve pas dans la liste $jeu = trim($_POST['jeu']); if ($jeu !== '') { - mysql_query("INSERT INTO jeux (nom) VALUES ('".addslashes($jeu)."')"); - $id = mysql_insert_id(); - if ($id != 0) # si le jeu se trouve déjà dans la liste alors $id == 0 - array_unshift($votes, $id); + if(@pg_query_params("INSERT INTO jeux (participant_id, nom, type, url) VALUES ($1, $2, $3, $4)", array($this->participant->info->id, $jeu, $_POST['type'], $_POST['url']))) + { + $row = pg_fetch_row(pg_query("SELECT LASTVAL()")); + $id = $row[0]; + if ($id != 0) # si le jeu se trouve déjà dans la liste alors $id == 0 + array_unshift($votes, $id); + } + else # Puisque le jeu existe déjà, on le recherche + { + pg_query("ROLLBACK"); + pg_query("BEGIN"); + $res = pg_query_params("SELECT id FROM jeux WHERE nom = $1", array($jeu)); + if ($id = pg_fetch_object($res)) + if (!in_array($id->id, $votes)) + array_unshift($votes, $id->id); + } } # suppression des anciens votes (remplacement par les nouveaux) - mysql_query("DELETE FROM jeux_choisis WHERE participant_id = " . $this->participant->info->id); + pg_query_params("DELETE FROM jeux_choisis WHERE participant_id = $1", array($this->participant->info->id)); # traite les trois premiers votes for ($i = 0; $i < count($votes) && $i < $this->config->get('nb_votes_jeux'); $i++) { - mysql_query("INSERT INTO jeux_choisis (participant_id, jeu_id) VALUES (".$this->participant->info->id.", ".(int)$votes[$i].")"); + pg_query_params("INSERT INTO jeux_choisis (participant_id, jeu_id) VALUES ($1, $2)", array($this->participant->info->id, (int)$votes[$i])); } - mysql_query("COMMIT"); + pg_query("COMMIT"); } } @@ -121,10 +150,10 @@ class Controller private function login_deja_pris() { - if ($this->participant->valide && strtolower($this->participant->info->pseudo) === strtolower($_POST['pseudo'])) // le pseudo n'a pas changé + if ($this->participant->existe() && strtolower($this->participant->info->pseudo) === strtolower($_POST['pseudo'])) // le pseudo n'a pas changé return FALSE; - $loginDejaPris = mysql_fetch_array(mysql_query("SELECT count(*) FROM participants WHERE pseudo = '".addslashes($_POST['pseudo'])."'")); + $loginDejaPris = pg_fetch_array(pg_query_params("SELECT count(*) FROM participants WHERE pseudo = $1", array($_POST['pseudo']))); if ($loginDejaPris[0] > 0) { $this->message_utilisateur = "Le pseudo '".$_POST["pseudo"]."' est déjà pris"; @@ -135,14 +164,15 @@ class Controller /** * Renvoie TRUE si les données d'une inscription sont valides (POST). + * $maj : égal 'TRUE' si c'est une mise à jour, dans ce cas le password est traité différement */ - private function donnees_inscription_valides() + private function donnees_inscription_valides($maj = FALSE) { return - $_POST['pseudo'] != "" && - $_POST['pass1'] != "" && + $_POST['pseudo'] != "" && + ($maj || $_POST['pass1'] != "") && $_POST['pass1'] == $_POST['pass2'] && - strlen($_POST['pass1']) >= 3 && + (($maj && $_POST['pass1'] == "") || strlen($_POST['pass1']) >= 3) && $_POST['nom'] != "" && $_POST['prenom'] != "" && $_POST['e_mail'] != ""; @@ -159,13 +189,13 @@ class Controller if (!$periodes) $periodes = array(); - mysql_query("DELETE FROM participations WHERE participant_id = " . (int)$id); + pg_query_params("DELETE FROM participations WHERE participant_id = $1", array($id)); for ($i = 0; $i < count($periodes); $i++) { - mysql_query(" + pg_query_params(" INSERT INTO participations (participant_id, periode_id) - VALUES (".$id.", ".(int)$periodes[$i].") - "); + VALUES ($1, $2)", array($id, $periodes[$i]) + ); } } }