diff --git a/html/src/css/style.css b/html/src/css/style.css index 04b1ced1..07458837 100644 --- a/html/src/css/style.css +++ b/html/src/css/style.css @@ -118,7 +118,6 @@ a { .article-content { padding: 2em; - margin: 2em; } .row { diff --git a/html/upload.php b/html/upload.php index 73ac1fa1..9eebbbe5 100644 --- a/html/upload.php +++ b/html/upload.php @@ -4,7 +4,7 @@ require "../include/functions.php"; $repertoire = "/var/www/e59/"; -if($role < 3) { +if($_SESSION['role'] < 3) { header("Location: login.php"); http_response_code(404); die(); diff --git a/html/users.php b/html/users.php index 853ddbb2..760511a1 100644 --- a/html/users.php +++ b/html/users.php @@ -8,6 +8,19 @@ if($_SESSION['role'] < 4) { die(); } +if(isset($_POST['userid']) && isset($_POST['role']) && $_POST['userid'] != $_SESSION['userid'] && $_POST['role'] <= $_SESSION['role']) { + $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); + + $req = $bdd->prepare("UPDATE users SET role = :role WHERE ID = :userid"); + $req->bindParam(':role',$_POST['role']); + $req->bindParam(':userid', $_POST['userid']); + if ($req->execute()) { + $status = "Utilisateur mis à jour"; + } else { + $status = "Erreur SQL"; + } +} + ?> @@ -45,6 +58,7 @@ if($_SESSION['role'] < 4) {
+
prepare("SELECT display_name, username, email, role FROM users ORDER BY creation_date DESC"); @@ -61,7 +75,7 @@ if($_SESSION['role'] < 4) { echo ''; } } - echo "
"; + echo "
"; } } ?>