Outils pour utilisateurs

Outils du site


php:classe_pour_faire_des_requete_bindee

class objet pour faire des requete sql binder + class authentification

 
include_once('config.php'); //fichier de conf
 
class bdd
  {
	public function __construct() //connection a la base de donnée dans la classe
	{
 
		$this->_data=array();
		$this->_cache=array();
		$this->_result=array();
		$this->_pdo = new PDO('mysql:host='.HOST_BDD.';dbname='.BASE_BDD,USER_BDD,PASS_BDD);
	}
	public function cache($requete,$data){
		$this->_cache[]=$requete;
		$this->_data[]=$data;
	}
    public function exec()
    {
    	for($r=0;$r<count($this->_cache);$r++)
		{
			$i=0;
			if(isset($this->_data[$r]) and !empty($this->_data[$r]))
			{
				$stmt = $this->_pdo->prepare($this->_cache[$r]);
				$taille=count($this->_data[$r]);
				for($s=0;$s<$taille;$s++)
				{
					$i++;
					$stmt->bindParam($i, $this->_data[$r][$s], PDO::PARAM_STR);
				}
				$stmt->execute();
				$result[$r]=$stmt->fetchAll();
				$this->_result=$result;
			}else{
				$stmt = $this->_pdo->prepare($this->_cache[$r]);
				$stmt->execute();
				$result[$r]=$stmt->fetchAll();
				$this->_result=$result;
			}
		}
		$result=$this->_result;
		$this->clear_cache();
		return $result;
    }
    public function clear_cache(){
    	unset($this->_cache);
    	unset($this->_result);
    }
  }
class user
  {
  	public function __construct(){
  		user::session();
  		$this->_bdd=new bdd;
  		$this->_colusername='username';  //username colonne
  		$this->_colpassword='password';  //password colonne
  		$this->_coluserid='id';  //user id colonne
  		$this->_tabuser='users';  //user table
  		if(isset($_SESSION['id']) and $_SESSION['id']!='')$this->_userid=$_SESSION['id'];
  		else $this->_userid='';
  		$this->_userid='';  //id de l'utilisateur il sera initaliser après l'auth
  		$this->_password_type='sha512';  //type d'encodage du password user dans la bdd
  	}
  	public static function ip(){
  		 $ip = $_SERVER["REMOTE_ADDR"];
	    // empechement du hijaking de session
	    if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
	    if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
	    return $ip;
  	}
  	public function auth($user,$password){
  		$password=hash($this->_password_type, $password);
  		$this->_bdd->cache('SELECT '.$this->_coluserid.' as nb FROM '.$this->_tabuser.' where '.$this->_colusername.'=? and '.$this->_colpassword.'=?',array($user,$password));
		$var=$this->_bdd->exec();
		if(isset($var[0][0]['nb']) and $var[0][0]['nb']!=''){
			$_SESSION['id']=$var[0][0]['nb'];
			$_SESSION['uid'] = sha1(uniqid('',true).'_'.mt_rand()); // générer un numero unique different du php id                                                               // which can be used to hmac forms and form token (to prevent XSRF)
	        $_SESSION['ip']=$this->ip();                // stockage de l'ip deu visiteur
	        $_SESSION['username']=$user;
	        $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // Set session expiration.
        	return True;
		}
		else{
			return False;
		}
  	}
  	public function inscription($username,$password){
  		$this->_bdd->cache('INSERT INTO '.$this->_tabuser.' set '.$this->_colpassword.'=?, '.$this->_colusername.'=?',array($username,$password));
  		$this->_bdd->exec();
  	}
  	public function getinfo(){
  		$this->_bdd->cache('select * from '.$this->_tabuser.' where '.$this->_coluserid.' = '.$this->_userid,'');
  		$var=$this->_bdd->exec();
  		return $var;
  	}
 
  	public static function check_login(){
	    // si la session n'existe pas ou qu l'ip a changer -> logout
	    if (!isset ($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip']!=user::ip() || time()>=$_SESSION['expires_on'])
	    {
	        user::logout();
	    }
	    $_SESSION['expires_on']=time()+INACTIVITY_TIMEOUT;  // mise a jour de la dte d'expiration
	}
	public static function logout()
	// forcer la deconnexion
	{
		user::session();
		session_destroy();
	    header('Location: login.php');
	    exit();
	}
	public static function session(){
	    if(!isset($_SESSION)) session_start();
	}
 
{{tag> php sql bind    }}
php/classe_pour_faire_des_requete_bindee.txt · Dernière modification: 2019/01/25 15:56 (modification externe)