diff --git a/README.md b/README.md
index a4ebff8b379df84df1d01805add94019bd6bac5d..4a6e58a120d0f85e6c2c38c811b99f7cd9bd5791 100644
--- a/README.md
+++ b/README.md
@@ -5,7 +5,14 @@ Création d'un forum d'achats et ventes entre les IIEns.
Membres du groupe :
==
+<<<<<<< HEAD
+Nassim YAICI
+Yixuan ZHANG
+Yao SHEN
+Ni CHEN
+=======
* Nassim YAICI
* Yixuan ZHANG
* Yao SHEN
* Ni CHEN
+>>>>>>> 931c6392b819403d7d7f1cb562572d00cef97500
diff --git a/RapportWeb.pdf b/RapportWeb.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..6a38ab024a3b1a761540c8abd43a3b6c824c2268
Binary files /dev/null and b/RapportWeb.pdf differ
diff --git a/addComment.php b/addComment.php
index fb0f5eb5c9df9a9b23c72e2e096ab3eb79576641..a444506d592cc4e8c3522ad8226d0d17d082129d 100644
--- a/addComment.php
+++ b/addComment.php
@@ -6,7 +6,7 @@ $bdd = bdd();
$toppic=$_POST['id'];
$toppicN=$_POST['name'];
if (isset($_POST['content'])) {
- $content = $_POST['content'];
+ $content = pg_escape_string($_POST['content']);
$userid= $_SESSION['id'];
$date= date("Y-m-d");
diff --git a/class/edit.class.php b/class/edit.class.php
index 9a7f9bc3fa2292fe523023aeccee595c837657a3..1662ce427eebfcba23f9c76059e3e6a58862a674 100644
--- a/class/edit.class.php
+++ b/class/edit.class.php
@@ -69,19 +69,20 @@ class edit
public function update()
{
$pseudo=$_SESSION['pseudo'];
- $requete=pg_query("SELECT * FROM users WHERE pseudo = '$pseudo'");
+ $requete=pg_query("SELECT mdp, adr_mail FROM users WHERE pseudo = '$pseudo'");
$result=pg_fetch_array($requete);
- if (empty($this->mdp)) {
- $requete=pg_query("UPDATE users SET adr_mail='$this->mail'");
- }
- else
- {
- if (empty($this->mail)) {
+
+ if(!empty($this->mail))
+ {
+ $requete=pg_query("UPDATE users SET adr_mail='$this->mail' where pseudo='$pseudo'");
+ }
+
+ if(!empty($this->mdp))
+ {
$this->mdp = password_hash($this->mdp, PASSWORD_BCRYPT);
- $requete=pg_query("UPDATE users SET adr_mail='$this->mail'");
+ $requete2=pg_query("UPDATE users SET mdp='$this->mdp' where pseudo='$pseudo'");
}
- $requete2=pg_query("UPDATE users SET mdp='$this->mdp'");
- }
+
return 1;
}
diff --git a/edit.php b/edit.php
index a797b316486f736c6905839772a86033d4f1fb01..d040050f304c9f769a57e3e0c14be114c997fd06 100644
--- a/edit.php
+++ b/edit.php
@@ -31,6 +31,7 @@ if (isset($_POST['mdp'], $_POST['mdpC']) OR isset($_POST['mail'])) {
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="./bootstrap/css/bootstrap.css">
<link rel="stylesheet" href="./bootstrap/css/mystyle.css">
+ <script src="./script.js"></script>
</head>
<body>
<div class="container-fluid">
@@ -102,22 +103,27 @@ else
</div>
<div class="col-lg-8 text-left">
<form class="form-horizontal" role="form" method="post" action="./edit.php">
+ <br>
<div class="row edir">
<label class="col-sm-2 text-right">Mot de passe</label>
<div class="col-xs-4">
- <input class="form-control" id="focusedInput" type="password" name="mdp" placeholder ="Mot de passe...">
+ <input class="form-control" id="focusedInput" type="password" name="mdp" placeholder ="6 caractéres minimum..."
+ aria-required="true" pattern="^([- \w\d\u00c0-\u024f]+)$" spellcheck="false">
</div>
</div>
<div class="row edir">
<label class="col-sm-2 text-right">Mot de passe</label>
<div class="col-xs-4">
- <input class="form-control" id="focusedInput" type="password" name="mdpC" placeholder ="Confirmation mot de passe...">
+ <input class="form-control" id="focusedInput" type="password" name="mdpC" placeholder ="Confirmation 6 caractéres minimum..."
+ aria-required="true" pattern="^([- \w\d\u00c0-\u024f]+)$" spellcheck="false">
</div>
</div>
<div class="row edit">
- <label class="col-sm-2 text-right ">Nouveau mail</label>
+ <label class="col-sm-2 text-right ">Nouvelle adresse mail</label>
<div class="col-xs-4">
- <input type="mail" name="mail" class="form-control" placeholder="Nouvelle adresse mail...">
+ <input type="mail" name="mail" class="form-control" placeholder="Nouvelle adresse mail..."
+ aria-required="true" pattern="^(([-\w\d]+)(\.[-\w\d]+)*@([-\w\d]+)(\.[-\w\d]+)*(\.([a-zA-Z]{2,5}|[\d]{1,3})){1,2})$"
+ spellcheck="false" size="30">
</div>
</div>
<div class="row edit">
diff --git a/newtopics.php b/newtopics.php
index 25aceceda6d4374a77b4d20e088d123069107143..a4437122937320ef525e6ee51441e40d6e30cf11 100644
--- a/newtopics.php
+++ b/newtopics.php
@@ -6,7 +6,7 @@ $bdd=bdd();
if (isset($_POST['name'], $_POST['content'])) {
$name=$_POST['name'];
- $content = $_POST['content'];
+ $content = pg_escape_string($_POST['content']);
$newtop = new newtopics($name, $content);
$verif = $newtop->verif();
@@ -106,29 +106,29 @@ else
<br>
<form class="form-horizontal" role="form" method="post" action="./newtopics.php">
<div class="row topic-create">
- <div class="col-sm-2 text-right">
+
<label class="col-sm-2 text-right">Catégorie</label>
- </div>
+
<div class="col-sm-10">
- <select class="selectpicker" name="category">
- <?php
- $dn2 = pg_query("SELECT * FROM keys ORDER BY name asc");
- while($reponse=pg_fetch_assoc($dn2))
- {
- ?>
- <option id="cat"><?php echo $reponse['name']; ?></a></li>
-
- <?php
- }
- ?>
-
- </select>
+ <select class="selectpicker" name="category">
+ <?php
+ $dn2 = pg_query("SELECT * FROM keys ORDER BY name asc");
+ while($reponse=pg_fetch_assoc($dn2))
+ {
+ ?>
+ <option id="cat"><?php echo $reponse['name']; ?></a></li>
+
+ <?php
+ }
+ ?>
+
+ </select>
</div>
</div>
<div class="row topic-create">
<label class="col-sm-2 text-right">Titre</label>
<div class="col-sm-10">
- <input class="form-control" id="focusedInput" type="text" name="name" placeholder ="Le titre ..."required
+ <input class="form-control" id="focusedInput" type="text" name="name" placeholder ="Le titre ... 5 caractéres minimum"required
aria-required="true" pattern="^([- \w\d\u00c0-\u024f]+)$" spellcheck="false" size="40">
</div>
</div>
@@ -136,8 +136,7 @@ else
<div class="row topic-create">
<label class="col-sm-2 text-right ">Déscription</label>
<div class="col-sm-10">
- <textarea name="content" class="form-control" rows="15" placeholder="Le contenu ..."required
- aria-required="true" spellcheck="false" ></textarea>
+ <textarea name="content" class="form-control" rows="15" placeholder="Le contenu ... 10 caractéres minimum"required></textarea>
</div>
</div>
<br>