| 22,7 → 22,7 |
|---|
| |
| public $config; |
| private $ressources; |
| private $parametres; |
| protected $parametres; |
| protected $bdd; |
| protected $messages = array(); |
| protected $debug = array(); |
| 39,6 → 39,7 |
|---|
| $this->bdd = $this->connecterPDO($this->config, 'database_cel'); |
| |
| // Nettoyage du _GET (sécurité) |
| $this->collecterParametres(); |
| $this->recupererParametresUrl(); |
| $this->definirParametresUrlParDefaut(); |
| |
| 152,7 → 153,15 |
|---|
| |
| //+----------------------------------------------------------------------------------------------------------------+ |
| // TRAITEMENT des URLs et des PARAMÊTRES |
| |
| |
| private function collecterParametres() { |
| if (isset($_GET) && $_GET != '') { |
| foreach ($_GET as $cle => $valeur) { |
| $this->parametres[$cle] = rawurldecode($this->verifierSecuriteParametreUrl($valeur)); |
| } |
| } |
| } |
| |
| private function recupererParametresUrl() { |
| if (isset($_GET)) { |
| $get_params = array('orderby', 'distinct', 'start', 'limit', 'formatRetour'); |
| 281,6 → 290,16 |
|---|
| } |
| |
| //+----------------------------------------------------------------------------------------------------------------+ |
| // GESTION DES CLASSES CHARGÉES À LA DEMANDE |
| |
| protected function getRestClient() { |
| if (!isset($this->restClient)) { |
| $this->restClient = new CelRestClient(); |
| } |
| return $this->restClient; |
| } |
| |
| //+----------------------------------------------------------------------------------------------------------------+ |
| // GESTION DU DAO |
| |
| protected function getDao() { |
| 342,10 → 361,11 |
|---|
| } |
| |
| public function controleUtilisateur($id) { |
| if ($_SESSION['user']['name'] == '') { |
| |
| if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && $_SESSION['user']['name'] == '') { |
| //cas de la session temporaire, on ne fait rien de particulier |
| } else { |
| if (!$this->isAdmin($_SESSION['user']['name']) && $_SESSION['user']['name'] != $id) { |
| if (isset($_SESSION['user']) && isset($_SESSION['user']['name']) && !$this->isAdmin($_SESSION['user']['name']) && $_SESSION['user']['name'] != $id) { |
| // cas d'usurpation d'identité |
| print 'Accès interdit'; |
| exit(); |
| 385,13 → 405,13 |
|---|
| } |
| |
| public function etreUtilisateurAutorise() { |
| $this->initialiserDao('http://www.tela-botanica.org/client/annuaire_nouveau/actuelle/jrest/'); |
| $identifiant = $this->getAuthIdentifiant(); |
| $mdp = md5($this->getAuthMotDePasse()); |
| $url = $this->getDao()->url_jrest."TestLoginMdp/$identifiant/$mdp"; |
| $json = $this->getDao()->envoyerRequeteConsultation($url); |
| $service = "TestLoginMdp/$identifiant/$mdp"; |
| $url = sprintf($this->config['settings']['baseURLServicesAnnuaireTpl'], $service); |
| $json = $this->getRestClient()->consulter($url); |
| $existe = json_decode($json); |
| |
| |
| $autorisation = (isset($existe) && $existe) ? true :false; |
| return $autorisation; |
| } |
| 498,7 → 518,7 |
|---|
| |
| protected function etreNull($valeur) { |
| $etre_null = false; |
| if ($valeur == '' || $valeur == null || $valeur == '000null' || $valeur == 'null') { |
| if ($valeur == '' || $valeur == null || $valeur == '000null' || $valeur == 'null' || $valeur == '*') { |
| $etre_null = true; |
| } |
| return $etre_null; |