public function setValuesFromArray($post) { $i = 0; foreach ($post as $key => $value) { if (in_array($key, $this->_fields)) { $this->_data[$key] = Template::makeTextSafe($value); $this->_values[$i] = Template::makeTextSafe($value); $i++; } } if (count($this->_values) != count($this->_fields)) { return false; } return true; }
<?php //Convertit les données BLOB transmise en fichier dont le type MIME est précisé par le paramètre type $converter = function ($parameters) { global $_system_registry; //on arrete tout si les données requises ne sont pas transmises if (!isset($parameters["type"]) || $parameters["type"] == "" || !isset($parameters["table"]) || $parameters["table"] == "" || !isset($parameters["id"]) || $parameters["id"] == "") { header("Location: " . $parameters["_url"] . "/index"); return; } //on rends les paramètres innofensifs $parameters["type"] = Template::makeTextSafe($parameters["type"]); $parameters["table"] = Template::makeTextSafe($parameters["table"]); $parameters["id"] = Template::makeTextSafe($parameters["id"]); //On ne touche pas a blob pour ne pas risquer d'altérer les données switch ($parameters["type"]) { case "picture": //on traite le cas de la photo $sql = ""; if ($parameters['table'] == "artist") { $sql = "SELECT Photo as picture FROM Musicien WHERE Musicien.Code_Musicien = '" . $parameters["id"] . "'"; } else { if ($parameters["table"] == "album") { $sql = "SELECT Pochette as picture FROM Album WHERE Album.Code_Album = '" . $parameters["id"] . "'"; } } $result = $_system_registry->getModel()->query($sql)->fetch(); header('Content-Type: image/jpeg'); $image = pack("H*", $result["picture"]); echo $image; return;
<?php //PAGE DE LOGIN $login = function ($parameters) { template("views/login/login.tpl", $parameters, "views/base.tpl"); }; $_system_registry->registerPage("login", "", $login); $auth = function ($parameters) { global $_system_registry; if (!isset($_POST["hash"])) { header("Location:/index"); return; } $parameters["login"] = false; $_POST["hash"] = Template::makeTextSafe($_POST["hash"]); if (Session::checkCredentials($_POST["hash"])) { $parameters["login"] = true; Session::saveCredentialsHash($_POST["hash"]); //Création des variables des paniers $basket = array(); Session::addEntry("basket", $basket); } template("views/login/auth.tpl", $parameters, "views/base.tpl"); }; $_system_registry->registerPage("auth", "", $auth);