{ require_once "includes/{$class}.php"; } session_start(); if (isset($_SESSION["username"])) { header('Location: index.php'); exit(0); } // Fonction qui permet d'éviter les injections JavaScript function escapeCharacters($data) { return htmlspecialchars($data); } // Récupération de toutes les données saisies $user_username = isset($_POST["user_username"]) ? escapeCharacters($_POST["user_username"]) : null; $user_password = isset($_POST["user_password"]) ? escapeCharacters($_POST["user_password"]) : null; $invalidInformation = false; // Si l'utilisateur a saisi des informations if (isset($user_username) && isset($user_password)) { // On cherche à vérifier les informations saisies $usersDAO = new UsersDAO(MaBD::getInstance()); $user = $usersDAO->isCorrectUser($user_username, $user_password); // Si les information sont correctes, on stocke les informations dans la session courante if (isset($user)) { $_SESSION["id"] = $user->user_id; $_SESSION["username"] = $user->user_username; $_SESSION["password"] = $user->user_password; header('Location: index.php'); exit(0); } else { $invalidInformation = true;
$moviesDAO = new MoviesDAO(MaBD::getInstance()); $movie = $moviesDAO->getOne($mov_id); if (!isset($movie->mov_title)) { header('Location: index.php'); exit(0); } } else { // Récupération de toutes les données saisies $mov_id = isset($_POST["mov_id"]) ? escapeCharacters($_POST["mov_id"]) : null; $mov_title = isset($_POST["mov_title"]) ? escapeCharacters($_POST["mov_title"]) : null; $mov_description_short = isset($_POST["mov_description_short"]) ? escapeCharacters($_POST["mov_description_short"]) : null; $mov_description_long = isset($_POST["mov_description_long"]) ? escapeCharacters($_POST["mov_description_long"]) : null; $mov_director = isset($_POST["mov_director"]) ? escapeCharacters($_POST["mov_director"]) : null; $mov_year = isset($_POST["mov_year"]) ? escapeCharacters($_POST["mov_year"]) : null; $mov_image = isset($_FILES["mov_image"]["name"]) ? $_FILES["mov_image"]["name"] : null; $old_mov_image = isset($_POST["old_mov_image"]) ? escapeCharacters($_POST["old_mov_image"]) : null; // Si l'utilisateur a uploadé une nouvelle image if (!empty($mov_image)) { // On la déplace sur le serveur $mov_image_on_server = "./images/" . $mov_image; move_uploaded_file($_FILES["mov_image"]["tmp_name"], $mov_image_on_server); $mov_image = $mov_image_on_server; } else { // Sinon l'ancienne photo est l'actuelle $mov_image = $old_mov_image; } // On sauvegarde les modifications $moviesDAO = new MoviesDAO(MaBD::getInstance()); $movie = new Movie($mov_id, $mov_title, $mov_description_short, $mov_description_long, $mov_director, $mov_year, $mov_image); $res = $moviesDAO->update($movie); }
session_start(); if (!isset($_SESSION["username"])) { header('Location: index.php'); exit(0); } // Fonction qui permet d'éviter les injections JavaScript function escapeCharacters($data) { return htmlspecialchars($data); } // Récupération de toutes les données saisies $mov_title = isset($_POST["mov_title"]) ? escapeCharacters($_POST["mov_title"]) : null; $mov_description_short = isset($_POST["mov_description_short"]) ? escapeCharacters($_POST["mov_description_short"]) : null; $mov_description_long = isset($_POST["mov_description_long"]) ? escapeCharacters($_POST["mov_description_long"]) : null; $mov_director = isset($_POST["mov_director"]) ? escapeCharacters($_POST["mov_director"]) : null; $mov_year = isset($_POST["mov_year"]) ? escapeCharacters($_POST["mov_year"]) : null; $mov_image = isset($_FILES["mov_image"]["name"]) ? $_FILES["mov_image"]["name"] : null; // Si au moins une information est présente, alors on insère un nouveau film if (isset($mov_title)) { // On déplace l'image sur le serveur $mov_image_on_server = "./images/" . $mov_image; move_uploaded_file($_FILES["mov_image"]["tmp_name"], $mov_image_on_server); // On insère le film $moviesDAO = new MoviesDAO(MaBD::getInstance()); $movie = new Movie(DAO::UNKNOWN_ID, $mov_title, $mov_description_short, $mov_description_long, $mov_director, $mov_year, $mov_image_on_server); $res = $moviesDAO->insert($movie); } ?> <!DOCTYPE HTML> <html>