From 869e69178bb4b57c5e9d45f2c3435073ec069ef5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20MARQUET?= Date: Wed, 17 Apr 2024 17:18:29 +0200 Subject: [PATCH] Profile page done (I'M A TEAPOT) --- src/API/src/response.php | 13 ++++++++-- src/js/AJAX/alert.js | 2 ++ src/js/AJAX/home.js | 17 ++++++++++++- src/js/AJAX/index.js | 14 +---------- src/js/AJAX/login.js | 6 ++++- src/js/AJAX/search.js | 6 ++++- src/php/db/Patient.php | 52 ++++++++++++++++++++++------------------ 7 files changed, 69 insertions(+), 41 deletions(-) diff --git a/src/API/src/response.php b/src/API/src/response.php index 7df29d5..a886a02 100644 --- a/src/API/src/response.php +++ b/src/API/src/response.php @@ -47,7 +47,7 @@ class Response echo json_encode($data); } - static function HTTP404($data): void + public static function HTTP404($data): void { header('Content-Type: application/json; charset=utf-8'); header('Cache-control: no-store, no-cache, must-revalidate'); @@ -56,7 +56,7 @@ class Response echo json_encode($data); } - static function HTTP405($data): void + public static function HTTP405($data): void { header('Content-Type: application/json; charset=utf-8'); header('Cache-control: no-store, no-cache, must-revalidate'); @@ -66,4 +66,13 @@ class Response echo json_encode($data); } + + public static function HTTP418($data): void + { + header('Content-Type: application/json; charset=utf-8'); + header('Cache-control: no-store, no-cache, must-revalidate'); + header('Pragma: no-cache'); + http_response_code(418); + echo json_encode($data); + } } \ No newline at end of file diff --git a/src/js/AJAX/alert.js b/src/js/AJAX/alert.js index c028fe0..814c3bd 100644 --- a/src/js/AJAX/alert.js +++ b/src/js/AJAX/alert.js @@ -12,6 +12,8 @@ function displayAlert(text) { function clearAlert() { let alert = document.getElementById("Alert"); + if(alert == null) + return; alert.innerHTML = ""; } diff --git a/src/js/AJAX/home.js b/src/js/AJAX/home.js index 662d152..b67568f 100644 --- a/src/js/AJAX/home.js +++ b/src/js/AJAX/home.js @@ -190,6 +190,9 @@ function displayProfile() { changePasswordMailAndPhone(currentPassword, newPassword, currentMail, newMail, currentPhone, newPhone); }); } + attachReturnHomeEventListener(); + attachProfileEventListener(); + horizontalDropdown(); } function changePasswordMailAndPhone(currentPassword, newPassword, currentMail, newMail, currentPhone, newPhone) { @@ -275,4 +278,16 @@ function horizontalDropdown(){ }); } -export {displayHome, displayHomeTopBar}; \ No newline at end of file +function attachReturnHomeEventListener() { + try { + document.getElementById("home").addEventListener("click", function (event) { + displayHome(""); + }); + } + catch (e) { + //Do nothing + //console.error(e); + } +} + +export {displayHome, displayHomeTopBar, attachReturnHomeEventListener, attachProfileEventListener, horizontalDropdown}; \ No newline at end of file diff --git a/src/js/AJAX/index.js b/src/js/AJAX/index.js index 4cf5b8b..184fe79 100644 --- a/src/js/AJAX/index.js +++ b/src/js/AJAX/index.js @@ -1,6 +1,6 @@ import {attachSearchEventListener} from "./search.js"; import {attachLoginUserDisplayEventListener, attachLoginPraticienDisplayEventListener, attachDisconnectEventListener} from "./login.js"; -import {displayHome, displayHomeTopBar} from "./home.js"; +import {displayHome, displayHomeTopBar, attachReturnHomeEventListener} from "./home.js"; console.log("index.js loaded"); @@ -12,18 +12,6 @@ document.addEventListener("DOMContentLoaded", function() { } }); -function attachReturnHomeEventListener() { - try { - document.getElementById("home").addEventListener("click", function (event) { - displayHome(""); - }); - } - catch (e) { - //Do nothing - //console.error(e); - } -} - //Yanis Part diff --git a/src/js/AJAX/login.js b/src/js/AJAX/login.js index 8961dd0..bf2c354 100644 --- a/src/js/AJAX/login.js +++ b/src/js/AJAX/login.js @@ -1,4 +1,4 @@ -import {displayHome, displayHomeTopBar} from "./home.js"; +import {displayHome, attachReturnHomeEventListener} from "./home.js"; console.log("login.js loaded"); function displayLoginUser() { @@ -55,6 +55,7 @@ function displayLoginUser() { else { displayHome("Vous êtes déjà connecté"); } + attachReturnHomeEventListener(); } function displayLoginPraticien() { @@ -111,6 +112,7 @@ function displayLoginPraticien() { else { displayHome("Vous êtes déjà connecté"); } + attachReturnHomeEventListener(); } function displaySignUpPraticien() { @@ -210,6 +212,7 @@ function displaySignUpPraticien() { else { displayHome("Vous êtes déjà connecté"); } + attachReturnHomeEventListener(); } function displaySignUpUser() { @@ -299,6 +302,7 @@ function displaySignUpUser() { else { displayHome("Vous êtes déjà connecté"); } + attachReturnHomeEventListener(); } function disconnect() { diff --git a/src/js/AJAX/search.js b/src/js/AJAX/search.js index 67e7316..1c0820f 100644 --- a/src/js/AJAX/search.js +++ b/src/js/AJAX/search.js @@ -1,5 +1,6 @@ -console.log("search.js loaded"); +import {attachReturnHomeEventListener, attachProfileEventListener, horizontalDropdown} from "./home.js"; import {attachRDVEventListener} from "./take-rdv.js"; +console.log("search.js loaded"); function displaySearchResults(data) { let container = document.getElementById("content"); @@ -55,6 +56,9 @@ function displaySearchTopBar(){ `; attachSearchEventListener(); + attachReturnHomeEventListener(); + attachProfileEventListener(); + horizontalDropdown(); } function removeSearchTopBar(){ diff --git a/src/php/db/Patient.php b/src/php/db/Patient.php index 45d44ba..83b4a15 100644 --- a/src/php/db/Patient.php +++ b/src/php/db/Patient.php @@ -32,23 +32,29 @@ class Patient { $query->bindParam(':id', $id); $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); + $newpasswordencoded = password_hash($newpassword, PASSWORD_ARGON2ID); + if(!password_verify($currentpassword, $result['p_password'])){ + Response::HTTP401(['message' => 'Current password is incorrect']); + return; + } if (password_verify($currentpassword, $result['p_password'])) { - $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); $query = $pdo->prepare("UPDATE patient SET p_password = :password WHERE p_id = :id"); - $query->bindParam(':password', $newpassword); + $query->bindParam(':password', $newpasswordencoded); $query->bindParam(':id', $id); $query->execute(); } // Check if the current password is correct - $query = $pdo->prepare("SELECT p_password FROM patient WHERE p_id = :id"); - $query->bindParam(':id', $id); - $query->execute(); - $result = $query->fetch(PDO::FETCH_ASSOC); - if (password_verify($newpassword, $result['p_password'])) { + $query2 = $pdo->prepare("SELECT p_password FROM patient WHERE p_id = :id"); + $query2->bindParam(':id', $id); + $query2->execute(); + $result2 = $query2->fetch(PDO::FETCH_ASSOC); + if (password_verify($newpassword, $result2['p_password'])) { + error_log("Password true"); Response::HTTP201(['message' => 'Password updated']); } else { - Response::HTTP400(['message' => 'Error updating password']); + error_log("Password false"); + Response::HTTP401(['message' => 'Error updating password']); } } @@ -73,7 +79,7 @@ class Patient { Response::HTTP201(['message' => 'Phone updated']); } else { - Response::HTTP400(['message' => 'Error updating phone']); + Response::HTTP401(['message' => 'Error updating phone']); } } @@ -94,11 +100,11 @@ class Patient { $query->bindParam(':id', $id); $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); - if (password_verify($newmail, $result['p_mail'])) { + if ($newmail == $result['p_mail']) { Response::HTTP201(['message' => 'Mail updated']); } else { - Response::HTTP400(['message' => 'Error updating mail']); + Response::HTTP401(['message' => 'Error updating mail']); } } @@ -109,9 +115,9 @@ class Patient { $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); if (password_verify($currentpassword, $result['p_password']) && $currentphone == $result['p_phone']) { - $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + $newpasswordencoded = password_hash($newpassword, PASSWORD_ARGON2ID); $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_phone = :phone WHERE p_id = :id"); - $query->bindParam(':password', $newpassword); + $query->bindParam(':password', $newpasswordencoded); $query->bindParam(':phone', $newphone); $query->bindParam(':id', $id); $query->execute(); @@ -125,7 +131,7 @@ class Patient { Response::HTTP201(['message' => 'Password and phone updated']); } else { - Response::HTTP400(['message' => 'Error updating password and phone']); + Response::HTTP401(['message' => 'Error updating password and phone']); } } @@ -136,9 +142,9 @@ class Patient { $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); if (password_verify($currentpassword, $result['p_password']) && $currentmail == $result['p_mail']) { - $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + $newpasswordencoded = password_hash($newpassword, PASSWORD_ARGON2ID); $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_mail = :mail WHERE p_id = :id"); - $query->bindParam(':password', $newpassword); + $query->bindParam(':password', $newpasswordencoded); $query->bindParam(':mail', $newmail); $query->bindParam(':id', $id); $query->execute(); @@ -152,7 +158,7 @@ class Patient { Response::HTTP201(['message' => 'Password and mail updated']); } else { - Response::HTTP400(['message' => 'Error updating password and mail']); + Response::HTTP401(['message' => 'Error updating password and mail']); } } @@ -178,7 +184,7 @@ class Patient { Response::HTTP201(['message' => 'Phone and mail updated']); } else { - Response::HTTP400(['message' => 'Error updating phone and mail']); + Response::HTTP401(['message' => 'Error updating phone and mail']); } } @@ -188,13 +194,13 @@ class Patient { $query->bindParam(':id', $id); $query->execute(); $result = $query->fetch(PDO::FETCH_ASSOC); - $newpassword = password_hash($newpassword, PASSWORD_ARGON2ID); + $newpasswordencoded = password_hash($newpassword, PASSWORD_ARGON2ID); if(!password_verify($currentpassword, $result['p_password'])){ Response::HTTP401(['message' => 'Current password is incorrect']); } if (password_verify($currentpassword, $result['p_password']) && $currentphone == $result['p_phone'] && $currentmail == $result['p_mail']) { $query = $pdo->prepare("UPDATE patient SET p_password = :password, p_phone = :phone, p_mail = :mail WHERE p_id = :id"); - $query->bindParam(':password', $newpassword); + $query->bindParam(':password', $newpasswordencoded); $query->bindParam(':phone', $newphone); $query->bindParam(':mail', $newmail); $query->bindParam(':id', $id); @@ -210,13 +216,13 @@ class Patient { } else { if($newphone != $result['p_phone']){ - Response::HTTP400(['message' => 'Error updating phone']); + Response::HTTP401(['message' => 'Error updating phone']); } if($newmail != $result['p_mail']){ - Response::HTTP400(['message' => 'Error updating mail']); + Response::HTTP401(['message' => 'Error updating mail']); } if(!password_verify($newpassword, $result['p_password'])){ - Response::HTTP400(['message' => 'Error updating password']); + Response::HTTP401(['message' => 'Error updating password']); } } }