=== class objet pour faire des requete sql binder + class authentification=== include_once('config.php'); //fichier de conf class bdd { public function __construct() //connection a la base de donnée dans la classe { $this->_data=array(); $this->_cache=array(); $this->_result=array(); $this->_pdo = new PDO('mysql:host='.HOST_BDD.';dbname='.BASE_BDD,USER_BDD,PASS_BDD); } public function cache($requete,$data){ $this->_cache[]=$requete; $this->_data[]=$data; } public function exec() { for($r=0;$r_cache);$r++) { $i=0; if(isset($this->_data[$r]) and !empty($this->_data[$r])) { $stmt = $this->_pdo->prepare($this->_cache[$r]); $taille=count($this->_data[$r]); for($s=0;$s<$taille;$s++) { $i++; $stmt->bindParam($i, $this->_data[$r][$s], PDO::PARAM_STR); } $stmt->execute(); $result[$r]=$stmt->fetchAll(); $this->_result=$result; }else{ $stmt = $this->_pdo->prepare($this->_cache[$r]); $stmt->execute(); $result[$r]=$stmt->fetchAll(); $this->_result=$result; } } $result=$this->_result; $this->clear_cache(); return $result; } public function clear_cache(){ unset($this->_cache); unset($this->_result); } } class user { public function __construct(){ user::session(); $this->_bdd=new bdd; $this->_colusername='username'; //username colonne $this->_colpassword='password'; //password colonne $this->_coluserid='id'; //user id colonne $this->_tabuser='users'; //user table if(isset($_SESSION['id']) and $_SESSION['id']!='')$this->_userid=$_SESSION['id']; else $this->_userid=''; $this->_userid=''; //id de l'utilisateur il sera initaliser après l'auth $this->_password_type='sha512'; //type d'encodage du password user dans la bdd } public static function ip(){ $ip = $_SERVER["REMOTE_ADDR"]; // empechement du hijaking de session if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; } if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; } return $ip; } public function auth($user,$password){ $password=hash($this->_password_type, $password); $this->_bdd->cache('SELECT '.$this->_coluserid.' as nb FROM '.$this->_tabuser.' where '.$this->_colusername.'=? and '.$this->_colpassword.'=?',array($user,$password)); $var=$this->_bdd->exec(); if(isset($var[0][0]['nb']) and $var[0][0]['nb']!=''){ $_SESSION['id']=$var[0][0]['nb']; $_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // générer un numero unique different du php id // which can be used to hmac forms and form token (to prevent XSRF) $_SESSION['ip']=$this->ip(); // stockage de l'ip deu visiteur $_SESSION['username']=$user; $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // Set session expiration. return True; } else{ return False; } } public function inscription($username,$password){ $this->_bdd->cache('INSERT INTO '.$this->_tabuser.' set '.$this->_colpassword.'=?, '.$this->_colusername.'=?',array($username,$password)); $this->_bdd->exec(); } public function getinfo(){ $this->_bdd->cache('select * from '.$this->_tabuser.' where '.$this->_coluserid.' = '.$this->_userid,''); $var=$this->_bdd->exec(); return $var; } public static function check_login(){ // si la session n'existe pas ou qu l'ip a changer -> logout if (!isset ($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip']!=user::ip() || time()>=$_SESSION['expires_on']) { user::logout(); } $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT; // mise a jour de la dte d'expiration } public static function logout() // forcer la deconnexion { user::session(); session_destroy(); header('Location: login.php'); exit(); } public static function session(){ if(!isset($_SESSION)) session_start(); } {{tag> php sql bind }}