22,7 → 22,7 |
|
public $config; |
private $ressources; |
private $parametres; |
protected $parametres; |
protected $bdd; |
protected $messages = array(); |
protected $debug = array(); |
39,6 → 39,7 |
$this->bdd = $this->connecterPDO($this->config, 'database_cel'); |
|
// Nettoyage du _GET (sécurité) |
$this->collecterParametres(); |
$this->recupererParametresUrl(); |
$this->definirParametresUrlParDefaut(); |
|
153,6 → 154,14 |
//+----------------------------------------------------------------------------------------------------------------+ |
// TRAITEMENT des URLs et des PARAMÊTRES |
|
private function collecterParametres() { |
if (isset($_GET) && $_GET != '') { |
foreach ($_GET as $cle => $valeur) { |
$this->parametres[$cle] = rawurldecode($this->verifierSecuriteParametreUrl($valeur)); |
} |
} |
} |
|
private function recupererParametresUrl() { |
if (isset($_GET)) { |
$get_params = array('orderby', 'distinct', 'start', 'limit', 'formatRetour'); |
281,6 → 290,16 |
} |
|
//+----------------------------------------------------------------------------------------------------------------+ |
// GESTION DES CLASSES CHARGÉES À LA DEMANDE |
|
protected function getRestClient() { |
if (!isset($this->restClient)) { |
$this->restClient = new CelRestClient(); |
} |
return $this->restClient; |
} |
|
//+----------------------------------------------------------------------------------------------------------------+ |
// GESTION DU DAO |
|
protected function getDao() { |
342,10 → 361,11 |
} |
|
public function controleUtilisateur($id) { |
if ($_SESSION['user']['name'] == '') { |
|
if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && $_SESSION['user']['name'] == '') { |
//cas de la session temporaire, on ne fait rien de particulier |
} else { |
if (!$this->isAdmin($_SESSION['user']['name']) && $_SESSION['user']['name'] != $id) { |
if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && !$this->isAdmin($_SESSION['user']['name']) && $_SESSION['user']['name'] != $id) { |
// cas d'usurpation d'identité |
print 'Accès interdit'; |
exit(); |
385,11 → 405,11 |
} |
|
public function etreUtilisateurAutorise() { |
$this->initialiserDao('http://www.tela-botanica.org/client/annuaire_nouveau/actuelle/jrest/'); |
$identifiant = $this->getAuthIdentifiant(); |
$mdp = md5($this->getAuthMotDePasse()); |
$url = $this->getDao()->url_jrest."TestLoginMdp/$identifiant/$mdp"; |
$json = $this->getDao()->envoyerRequeteConsultation($url); |
$service = "TestLoginMdp/$identifiant/$mdp"; |
$url = sprintf($this->config['settings']['baseURLServicesAnnuaireTpl'], $service); |
$json = $this->getRestClient()->consulter($url); |
$existe = json_decode($json); |
|
$autorisation = (isset($existe) && $existe) ? true :false; |
498,7 → 518,7 |
|
protected function etreNull($valeur) { |
$etre_null = false; |
if ($valeur == '' || $valeur == null || $valeur == '000null' || $valeur == 'null') { |
if ($valeur == '' || $valeur == null || $valeur == '000null' || $valeur == 'null' || $valeur == '*') { |
$etre_null = true; |
} |
return $etre_null; |