From 3a1a57f348755e101c4134bc3a02535986daf0a5 Mon Sep 17 00:00:00 2001 From: "clementine.desrucques" Date: Thu, 21 Oct 2021 14:44:44 +0200 Subject: [PATCH] --- src/java/bdd/PompierMySql.java | 125 +++++++++++------- src/java/com/test/forms/AuthentifForm.java | 39 ++---- src/java/com/test/forms/NouveauPompForm.java | 2 +- .../com/test/servlets/authentifServlet.java | 10 +- web/WEB-INF/accueilJSP.jsp | 13 +- 5 files changed, 97 insertions(+), 92 deletions(-) diff --git a/src/java/bdd/PompierMySql.java b/src/java/bdd/PompierMySql.java index 8113ded..30e46c9 100644 --- a/src/java/bdd/PompierMySql.java +++ b/src/java/bdd/PompierMySql.java @@ -6,12 +6,17 @@ package bdd; import com.test.beans.Pompier; +import jakarta.servlet.http.HttpServletRequest; +import jakarta.servlet.http.HttpSession; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.sql.Statement; import java.util.ArrayList; +import java.util.logging.Level; +import java.util.logging.Logger; +import util.MD5; /** * @@ -19,7 +24,7 @@ import java.util.ArrayList; */ public class PompierMySql { - private Connection theConnection; + private Connection theConnection; private Pompier unPompier; /** @@ -31,9 +36,10 @@ public class PompierMySql { "admin",// user "minda"); // mot de passe ClientMysql() { } - + /** * Recherche de tous les clients + * * @return collection de clients */ public ArrayList readAll() { @@ -69,95 +75,124 @@ public class PompierMySql { System.out.println("SQLState : " + ex.getSQLState()); System.out.println("Code erreur : " + ex.getErrorCode()); } - + return lesPompiers; } - - /** - * Creation du pompier passé en paramètre dans la table pompier - * Requête non préparée + + /** + * Creation du pompier passé en paramètre dans la table pompier Requête non + * préparée + * * @param p objet de type Pompier (sans identifiant) * @return int : id du Pompier créé */ public int create(Pompier p) { int id = -1; - try { + try { Statement stmt = theConnection.createStatement(); int status = stmt.executeUpdate( - "INSERT INTO pompier (idCaserne, nom, prenom, statut, mail, login, mdp, adrNo, adrRue, adrCP, adrVille, grade) " - + "VALUES ('" + p.getIdCaserne() + "', '" - + p.getNom() + "', '" - + p.getPrenom() + "', '" - + p.getStatut() + "', " - + p.getMail() + ", '" - + p.getLogin() + ", '" - + p.getMdp() + ", '" - + p.getAdrNo() + ", '" - + p.getAdrRue() + "', '" - + p.getAdrCP() + "', '" - + p.getAdrVille() + "', '" - + p.getGrade()+ "' );", - Statement.RETURN_GENERATED_KEYS); - + "INSERT INTO pompier (idCaserne, nom, prenom, statut, mail, login, mdp, adrNo, adrRue, adrCP, adrVille, grade) " + + "VALUES ('" + p.getIdCaserne() + "', '" + + p.getNom() + "', '" + + p.getPrenom() + "', '" + + p.getStatut() + "', " + + p.getMail() + ", '" + + p.getLogin() + ", '" + + p.getMdp() + ", '" + + p.getAdrNo() + ", '" + + p.getAdrRue() + "', '" + + p.getAdrCP() + "', '" + + p.getAdrVille() + "', '" + + p.getGrade() + "' );", + Statement.RETURN_GENERATED_KEYS); + // Recherche de l'identifiant du pompier créé if (status > 0) { ResultSet result = stmt.getGeneratedKeys(); if (result.first()) { - id = result.getInt(1); + id = result.getInt(1); } - } + } } catch (SQLException ex) { System.out.println("SQLException : " + ex.getMessage()); System.out.println("SQLState : " + ex.getSQLState()); System.out.println("Code erreur : " + ex.getErrorCode()); - } + } return id; } - - /** - * Creation du pompier passé en paramètre dans la table pompier - * Requête préparée + + /** + * Creation du pompier passé en paramètre dans la table pompier Requête + * préparée + * * @param p objet de type Pompier (sans identifiant) * @return int : id du pompier créé */ public int createRP(Pompier p) { int id = -1; - try { + try { PreparedStatement stmt = null; - String sql = "INSERT INTO pompier(idCaserne, nom, prenom, statut, mail, login, mdp, adrNo, adrRue, adrCP, adrVille, grade) " - + "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?);"; + String sql = "INSERT INTO pompier(idCaserne, nom, prenom, statut, mail, login, mdp, adrNo, adrRue, adrCP, adrVille, grade) " + + "VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?,?);"; stmt = theConnection.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS); stmt.setInt(1, p.getIdCaserne()); - stmt.setString(2, p.getNom()); + stmt.setString(2, p.getNom()); stmt.setString(3, p.getPrenom()); stmt.setInt(4, p.getStatut()); - stmt.setString(5,p.getMail() ); - stmt.setString(6,p.getLogin() ); - stmt.setString(7,p.getMdp() ); + stmt.setString(5, p.getMail()); + stmt.setString(6, p.getLogin()); + stmt.setString(7, p.getMdp()); stmt.setInt(8, p.getAdrNo()); stmt.setString(9, p.getAdrRue()); stmt.setString(10, p.getAdrCP()); stmt.setString(11, p.getAdrVille()); stmt.setInt(12, p.getGrade()); - + System.out.println("Requête : " + stmt.toString()); int status = stmt.executeUpdate(); - - + // Recherche de l'identifiant du client créé if (status > 0) { ResultSet result = stmt.getGeneratedKeys(); if (result.first()) { - id = result.getInt(1); + id = result.getInt(1); } - } + } } catch (SQLException ex) { System.out.println("SQLException : " + ex.getMessage()); System.out.println("SQLState : " + ex.getSQLState()); System.out.println("Code erreur : " + ex.getErrorCode()); - } + } return id; } - -} \ No newline at end of file + public boolean isAuthentified(HttpServletRequest request) { + + boolean resultat = false; + String login = request.getParameter("ztPseudo"); + String mdp = request.getParameter("ztMDP"); + String mdpChiffre = MD5.encode(request.getParameter("ztMDP")); + String sql = "SELECT * FROM pompier WHERE login='" + login + "' AND mdp='" + mdpChiffre + "';"; + System.out.println("sql:"+sql); + try { + Statement stmt = theConnection.createStatement(); + ResultSet resultQ = null; + resultQ = stmt.executeQuery(sql); + resultat = (resultQ.next()); + if(resultat){ + Pompier lePompier = new Pompier( + resultQ.getInt("id"), + resultQ.getInt("idCAserne"), + + ); + HttpSession maSession = request.getSession(); + maSession.setAttribute("lePompier", lePompier); + } + + } catch (SQLException ex) { + Logger.getLogger(PompierMySql.class.getName()).log(Level.SEVERE, null, ex); + } + return resultat; + } + +} diff --git a/src/java/com/test/forms/AuthentifForm.java b/src/java/com/test/forms/AuthentifForm.java index 5d4ef42..c1f57e1 100644 --- a/src/java/com/test/forms/AuthentifForm.java +++ b/src/java/com/test/forms/AuthentifForm.java @@ -5,6 +5,7 @@ */ package com.test.forms; +import bdd.PompierMySql; import com.test.beans.Pompier; import com.test.beans.UserP; import jakarta.servlet.http.HttpServletRequest; @@ -41,38 +42,14 @@ public class AuthentifForm { public boolean controlerRole(HttpServletRequest request) { /* Comparaison entre l'utilisateur saisi et un utilisateur de la base de donées */ // UserP ChefCaserne = new UserP("Michel", "mRANN"); - try{ - Statement stmt = theConnection.createStatement(); - ResultSet resultQ = null; - resultQ = stmt.executeQuery("SELECT * FROM pompier WHERE login=ztPseudo"); - boolean isChef=false; - Pompier userSaisi = new Pompier(resultQ.getInt("id"), - resultQ.getInt("idCaserne"), - resultQ.getString("nom"), - resultQ.getString("prenom"), - resultQ.getInt("statut"), - resultQ.getString("mail"), - resultQ.getString("login"), - resultQ.getString("mdp"), - resultQ.getInt("adrNo"), - resultQ.getString("adrRue"), - resultQ.getString("adrCP"), - resultQ.getString("adrVille"), - resultQ.getInt("grade"), - resultQ.getString("commentaire")); - if(request.getParameter("ztPseudo").equals(resultQ.getString("login"))){ - isChef=true; - } - } catch (SQLException ex) { - System.out.println("SQLException : " + ex.getMessage()); - System.out.println("SQLState : " + ex.getSQLState()); - System.out.println("Code erreur : " + ex.getErrorCode()); - } - // Mise à jour de l'attribut resultat - setResultat(isChef ? "Vous êtes chef de caserne" : "Vous n'êtes pas chef de caserne"); - return isChef; + PompierMySql pm = new PompierMySql(); + boolean resul = pm.isAuthentified(request); + resultat = resul?"":"Pseudo ou mdp incorrect"; + return resul; + // Mise à jour de l'attribut resultat + + } - } diff --git a/src/java/com/test/forms/NouveauPompForm.java b/src/java/com/test/forms/NouveauPompForm.java index 9a19556..0c96ab2 100644 --- a/src/java/com/test/forms/NouveauPompForm.java +++ b/src/java/com/test/forms/NouveauPompForm.java @@ -46,7 +46,7 @@ public class NouveauPompForm { if (erreur > 0) return -1; // Creation d'un objet de type Client avec les données transmises - String mdpChiffre = MD5.encode(request.getParameter("ztMDP")); + Pompier unPompier = new Pompier(request.getParameter("id"), request.getParameter("idCaserne"), request.getParameter("ztNom"), diff --git a/src/java/com/test/servlets/authentifServlet.java b/src/java/com/test/servlets/authentifServlet.java index 3203091..6439bf6 100644 --- a/src/java/com/test/servlets/authentifServlet.java +++ b/src/java/com/test/servlets/authentifServlet.java @@ -78,18 +78,18 @@ public class authentifServlet extends HttpServlet { // Création de l'objet leControle de type AuthentifForm AuthentifForm leControle = new AuthentifForm(); // Appel de la méthode controlerRole - boolean isChef = leControle.controlerRole(request); + boolean isAuthentified = leControle.controlerRole(request); // Création de 2 attributs de requête (isChef et leControle) - request.setAttribute("isChef", isChef); + request.setAttribute("isAuthentified", isAuthentified); request.setAttribute("controlForm", leControle); HttpSession maSession = request.getSession(); maSession.setAttribute("isAuthentified", true); // Affichage de la JSP - if(isChef==true){ - getServletContext().getRequestDispatcher("/WEB-INF/ChefCaserneJSP.jsp") + if(isAuthentified==true){ + getServletContext().getRequestDispatcher("/WEB-INF/PompierJSP.jsp") .forward(request, response); }else{ - getServletContext().getRequestDispatcher("/WEB-INF/PompierJSP.jsp") + getServletContext().getRequestDispatcher("/WEB-INF/accueilJSP.jsp") .forward(request, response); } diff --git a/web/WEB-INF/accueilJSP.jsp b/web/WEB-INF/accueilJSP.jsp index db8ade2..79994f7 100644 --- a/web/WEB-INF/accueilJSP.jsp +++ b/web/WEB-INF/accueilJSP.jsp @@ -8,12 +8,7 @@ <%@page import="com.test.forms.AuthentifForm" %> <%@page contentType="text/html" pageEncoding="UTF-8"%> - -

Bienvenue

-${empty param.ztPseudo ? "Veuillez vous authentifier" : "Authentification réussie"} - - - +
Authentification
@@ -22,13 +17,11 @@ ${empty param.ztPseudo ? "Veuillez vous authentifier" : "Authentification réuss
- - +

${controlForm.getResultat()}

- - +
\ No newline at end of file