PHPfrance

la communauté d'entraide francophone dédiée au PHP

GESTION DES RÔLES DANS LA PARTIE ADMINISTRATION

5 messages   •   Page 1 sur 1
   Outils de sujet
cyci60
Petit nouveau ! | 8 Messages

18 févr. 2020, 13:17

Bonjour, je n'arrive pas à résoudre ces erreurs -> (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 10) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 12) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 5) & (Notice: Undefined variable: _SESSION in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 8) & (Warning: Invalid argument supplied for foreach() in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 13)

Merci pour votre aide

class User {

	public function __construct() {

    }

    public function authUser($login_form, $password_form) {

        $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
        $mysqli->set_charset("utf8");

        if($mysqli->connect_errno) {

            printf("Echec de la connexion: %s\n", $mysqli->connect_error);

            exit();

            $login_form = $mysqli->real_escape_string($login_form);
            $password_form = $mysqli->real_escape_string($password_form);

            $salt = 'F4813NN3';
            $md5_password = md5($password_form . $salt);

            $ql = 'SELECT COUNT(U.id), U.id, U.login, U.password, U.role, R.level FROM user AS U INNER JOIN user_role AS R
            ON(login = "' . $login_form . '" AND password = "' . $md5_password . '" AND U.role = R.id)';

            $result = $mysqli->query($sql);
            
            if(!$result) {

            	echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
                ' . $mysqli->error;

                return false;
            }
            else {

               $row = $result->fetch_array();

               $user_data['count'] = $row['COUNT(id)'];
               $user_data['id'] = $row['id'];
               $user_data['login']  = $row['login'];
               $user_data['password'] = $row['password'];

               return $user_data ;
           }

           $mysqli->close();
       }
   }

   public function lenght_control($text, $limit) {

    $lenght = strlen($text);

    if($lenght > $limit) {

        return false;
    }
    else {

        return true;
    }
}

public function login_authorized($login) {

    $authorized_characters = array 
    ('a','b','c','d','e','é','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','
        x','y','z','á','à','â','ä','ã','å','ç','é','è','ê','ë','í','ì','î','ï','ñ','ó','ò','ô','ö','õ','ú'
        ,'ù','û','ü','ý','ÿ','Á','À','Â','Ä','Ã','Å','Ç','É','È','Ê','Ë','Í','Ï','Î','Ì','Ñ','Ó','Ò','Ô','
        Ö','Õ','Ú','Ù','Û','Ü','Ý','0','1','2','3','4','5','6','7','8','9');

    $login_lenght = strlen($login);
    $login_error = 0;

    for($i = 0; $i < $login_lenght; $i++) {

        if(!in_array(strtolower($login[$i]), $authorized_characters)) {

            $login_error++;
        }
    }

    if($login_error > 0) {

        return false;
    }
    else {

        return true;
    }
}

public function password_authorized($password) {

    $unauthorized_characters = array ("'", "''", "-");

    $password_lenght = strlen($password);
    $password_error = 0;

    for($i = 0; $i < $password_lenght; $i++) {

        if(in_array(strtolower($password[$i]), $unauthorized_characters)) {

            $password_error++;
        }
    }

    if($password_error > 0) {

        return false;
    }
    else {

        return true;
    }
}

public function insertUser($login_form, $password_form) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();

        $login_form = $mysqli->real_escape_string($login_form);
        $password_form = $mysqli->real_escape_string($password_form);

        $salt = 'F4813NN3';
        $md5_password = md5($password_form . $salt);

        $sql = 'INSERT INTO user (id, login, password) VALUES ("' . $login_form . '", "' . $password_form . '")';

        $result = $mysqli->query($sql);

        if(!$result) {

            echo 'L\'utilisateur n\'a pas pu être créer';

            return false;
        }
        else {

            return true;
        }

        $mysqli->close();
    }
}

public function displayMenu($user_role_id) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT name, slug FROM user_action AS A INNER JOIN user_permission AS P
    ON(A.id = P.action_id AND min_role_id < ' . $user_role_id . ')';

    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return false;
    }
    else {

        while($row = $result->fetch_array()) {

            $menu_data[] = $row;
        }

        if(isset($menu_data)) {

            return $menu_data;
        }
        else {

            return false;
        }
    }

    $mysqli->close();
}

public function checkUserPermission($user_role_id, $action_slug) {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT P.min_role_id, P.action_id FROM user_permission AS P INNER JOIN user_action AS A
    ON(A.slug = "' . $action_slug . '" AND P.action_id = A.id)';

    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return  false;
    }
    else {

        $row = $result->fetch_array();

        if($row['min_role_id'] > $user_role_id) {

            return false;
        }
        else {

            return true;
        }
    }

    $mysqli->close();
}

public function displayUserRoles() {

    $mysqli = new mysqli('localhost', 'root', '', 'projet_images');
    $mysqli->set_charset("utf8");

    if($mysqli->connect_errno) {

        printf("Echec de la connexion: %s\n", $mysqli->connect_error);

        exit();
    }

    $sql = 'SELECT id, name FROM user_role';
    $result = $mysqli->query($sql);

    if(!$result) {

        echo 'Une erreur est survenue lors de la récupération des données dans la base. Message d\'erreur :
        ' . $mysqli->error;

        return false;
    }
    else {

        while ($row = $result->fetch_array()) {

            $roles_data[$row['id']] = $row['name'];
        }

        if(isset($roles_data)) {

            return $roles_data;
        }
        else
        {

            return false;
        }
    }

    $mysqli->close();
}
}

?>


$action_slug = substr($filename, 0, 4);

$user = new user();
$userPermission = $user->checkUserPermission($_SESSION['level'], $action_slug);

if($userPermission === false) {

	echo 'Erreur. Cette page n\'existe pas.';

	exit;

$user = new User();
$menu_items = $user->displayMenu($_SESSION['user_role']);

$menu_html = '';

foreach($menu_items as $id => $menu_items) {

	$name = $menu_items['name'];
	$slug = $menu_items['slug'];

	$menu_html .= '<li><a href="' . $slug . '.php">' . $name . '</a></li>' . "\n";
}

require('../config.php');
require('../class/User.php');

$filename = basename( __FILE__ );

require('../process/process-permission.php');
Avatar du membre
Mammouth du PHP | 1609 Messages

18 févr. 2020, 13:31

Salut, il doit manquer un session_start() non ?
Développeur web depuis + de 20 ans
Petit nouveau ! | 8 Messages

18 févr. 2020, 14:38

Bien joué, merci bien mais maintenant j'ai ce message (Notice: Undefined index: level in C:\wamp64\www\exercice-projet-images\process\process-permission.php on line 9) & (Notice: Undefined index: role in C:\wamp64\www\exercice-projet-images\process\process-display-menu.php on line 5)
Petit nouveau ! | 8 Messages

18 févr. 2020, 16:41

mysql> SELECT * FROM user;
+----+---------+----------------------------------+------+
| id | login | password | role |
+----+---------+----------------------------------+------+
| 1 | admin | 21232f297a57a5a743894a0e4a801fc3 | 3 |
| 2 | editeur | 83bf682ab8af89096e70ac65429cc5a8 | 2 |
| 3 | aucun | 520f22fa15b66c5aae61d8ad110da1df | 1 |
+----+---------+----------------------------------+------+
3 rows in set (0.00 sec)

mysql> SELECT * FROM user_action;
+----+--------------+--------+
| id | name | slug |
+----+--------------+--------+
| 1 | Accueil | index |
| 2 | Images | image |
| 3 | Upload | upload |
| 4 | Utilisateurs | user |
+----+--------------+--------+
4 rows in set (0.00 sec)

mysql> SELECT * FROM user_permission;
+----+-------------+-----------+
| id | min_role_id | action_id |
+----+-------------+-----------+
| 1 | 2 | 1 |
| 2 | 4 | 2 |
| 3 | 5 | 3 |
| 4 | 5 | 4 |
+----+-------------+-----------+
4 rows in set (0.00 sec)

mysql> SELECT * FROM user_role;
+----+----------------+-------+
| id | name | level |
+----+----------------+-------+
| 1 | Aucun | 0 |
| 2 | Editeur | 1 |
| 3 | Administrateur | 2 |
+----+----------------+-------+
3 rows in set (0.00 sec)

mysql> NOTEE;
Mammouth du PHP | 1967 Messages

18 févr. 2020, 17:12

ben le message te dit que l'index en question n'est pas trouvé. à mon avis la session est vide la première fois il faut en tenir compte
avec un isset pour détection et une valeur par défaut.
Spols
pour les fan de rubik's cube ou pour les curieux ==> le portail francophone du rubik's cube
   Répondre
5 messages   •   Page 1 sur 1
   Outils de sujet