diff --git a/README.md b/README.md index 975aeb1c..c398cadd 100755 --- a/README.md +++ b/README.md @@ -31,7 +31,7 @@ Le site officiel du club réseaux disponible à l'adresse https://e59.fr/ - ```userID``` - ```userName``` - ```userDisplayName``` -- ```userLevel``` +- ```userRole``` - ```userAccreditation``` # Includes diff --git a/config/global.ini b/config/global.ini index b24b1c99..12cd38ee 100755 --- a/config/global.ini +++ b/config/global.ini @@ -12,7 +12,7 @@ databaseHost = "127.0.0.1" pageTitle = "Club Réseaux - E59" headerTitle = "E59" headerSubtitle = "Club Réseaux" -footerText = "© Jan BELLON - E59 v1.3" +footerText = "© Jan BELLON - E59 v1.4" [confidentialLevels] 0 = "E59i-P (Public)" @@ -26,11 +26,6 @@ footerText = "© Jan BELLON - E59 v1.3" 2 = "Responsable" 3 = "Directeur" -[badges] -1 = '' -2 = '' -3 = '' - [darkThemes] 0 = '.body {--text: hsl(0, 0%, 80%); --background: hsl(0, 0%, 15%); --panel-background: hsl(0, 0%, 10%); --buttons: hsl(0, 0%, 5%)}' 1 = '.body {--text: hsl(208, 100%, 96%); --background: hsl(215, 21%, 11%); --panel-background: hsl(216, 28%, 7%); --buttons: hsl(216, 28%, 7%)}' diff --git a/database/E59.sql b/database/E59.sql old mode 100755 new mode 100644 index edb02040..d8657065 --- a/database/E59.sql +++ b/database/E59.sql @@ -1,11 +1,11 @@ -- phpMyAdmin SQL Dump --- version 5.2.1 +-- version 5.2.1deb1+jammy2 -- https://www.phpmyadmin.net/ -- --- Host: localhost --- Generation Time: Mar 15, 2024 at 01:26 AM --- Server version: 10.5.23-MariaDB-0+deb11u1 --- PHP Version: 7.4.33 +-- Hôte : localhost:3306 +-- Généré le : dim. 17 mars 2024 à 15:14 +-- Version du serveur : 10.6.16-MariaDB-0ubuntu0.22.04.1 +-- Version de PHP : 8.1.2-1ubuntu2.14 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; START TRANSACTION; @@ -18,47 +18,92 @@ SET time_zone = "+00:00"; /*!40101 SET NAMES utf8mb4 */; -- --- Database: `E59` +-- Base de données : `E59` -- -- -------------------------------------------------------- -- --- Table structure for table `articles` +-- Structure de la table `articles` -- CREATE TABLE `articles` ( `ID` int(12) NOT NULL, `title` varchar(255) NOT NULL, - `date` datetime NOT NULL DEFAULT current_timestamp(), - `author` int(12) NOT NULL, - `classification` int(12) NOT NULL, + `creation_date` datetime NOT NULL DEFAULT current_timestamp(), + `last_update` datetime NOT NULL DEFAULT current_timestamp(), + `author` int(12) NOT NULL COMMENT 'users.ID', + `classification` int(12) NOT NULL COMMENT 'confidential_levels.ID', `miniature` varchar(255) DEFAULT NULL, `resume` text DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; -- --- Dumping data for table `articles` +-- Déchargement des données de la table `articles` -- -INSERT INTO `articles` (`ID`, `title`, `date`, `author`, `classification`, `miniature`, `resume`) VALUES -(1, 'Écrivons le futur !', '2024-03-07 09:32:00', 1, 0, '/assets/miniatures/1.png', 'Après avoir discuté avec l\'administration de notre IUT, nous avons découvert la partie humaine qui assure sa gestion, avec laquelle nous avons eu le plaisir de sympathiser. '), -(2, 'SpyLab', '2024-03-07 19:15:00', 2, 0, '/assets/miniatures/2.png', 'La plateforme de CTF SpyLab est displonible sur le gitlab de la E59.<br />\r\nCe projet a été mené dans le cadre de la SAE Pentest, un projet universitaire dirigé par Monsieur Guillemin.'), -(3, 'Réunion Association #1', '2024-03-07 21:53:16', 2, 3, '/assets/miniatures/3.png', 'Récapitulatif de la réunion concernant la transition du Club vers l\'état d\'association'), -(4, 'Update 1.0', '2024-03-08 23:00:24', 2, 0, '/assets/miniatures/4.png', 'Changelog de la mise à jour 1.0 de la plateforme e59.fr..'), -(5, 'Connaissez vous l\'attaque PCDoS ?', '2024-03-11 07:45:04', 2, 0, '/assets/miniatures/5.png', 'Aussi connue sous le nom PCDoS (Plane Crash Denial of Service), cette faille est une faille 0day patchée grâce au plan vigipirate.'), -(6, 'Rapport Pentest (WDoS)', '2024-03-11 07:52:33', 4, 0, '/assets/miniatures/6.png', 'Dans le cadre de notre évaluation de sécurité, nous avons réalisé une attaque de pentesting physique simulée sur les infrastructures réseau de l\'entreprise. '), -(7, 'Rapport d\'incident (PCDoS)', '2024-03-11 15:59:25', 4, 1, '/assets/miniatures/7.png', 'Le présent rapport détaille un événement impliquant une tentative d\'attaque par déni de service distribué (DDoS) non conventionnelle et à grande échelle sur un centre de données.'), -(8, 'Invasion Volante', '2024-03-11 19:49:51', 2, 0, '/assets/miniatures/8.png', 'Montmartre Assiégé par une Armada de Pigeons.'), -(9, 'Un avion s\'écrase sur l\'IUT !', '2024-03-12 08:11:11', 2, 0, '/assets/miniatures/9.png', 'Ce matin, dans une tournure d\'événements tragique et inattendue, un avion s\'est écrasé sur l\'Institut Universitaire de Technologie (IUT) de Vélizy, ...'), -(10, 'Comment faire un 49.3 ?', '2024-03-12 12:39:50', 7, 0, '/assets/miniatures/10.png', 'Dans ce tutoriel je vais te montrer comme faire un 49.3.
\r\nTu pourras appliquer ce tutoriel pendant les travaux de groupe quand il faudra rétablir l\'ordre suprême !'), -(11, 'Update 1.1', '2024-03-12 17:07:47', 2, 0, '/assets/miniatures/11.png', 'Liste des changements suite à la mise à jour de la plateforme vers la version 1.1'), -(12, 'Update 1.2', '2024-03-14 20:50:15', 2, 0, '/assets/miniatures/12.png', 'La première update majeure vient de sortir !'); +INSERT INTO `articles` (`ID`, `title`, `creation_date`, `last_update`, `author`, `classification`, `miniature`, `resume`) VALUES +(1, 'Écrivons le futur !', '2024-03-07 09:32:00', '2024-03-17 14:20:54', 1, 0, '/assets/miniatures/1.png', 'Après avoir discuté avec l\'administration de notre IUT, nous avons découvert la partie humaine qui assure sa gestion, avec laquelle nous avons eu le plaisir de sympathiser. '), +(2, 'SpyLab', '2024-03-07 19:15:00', '2024-03-17 14:20:54', 2, 0, '/assets/miniatures/2.png', 'La plateforme de CTF SpyLab est displonible sur le gitlab de la E59.<br />\r\nCe projet a été mené dans le cadre de la SAE Pentest, un projet universitaire dirigé par Monsieur Guillemin.'), +(3, 'Réunion Association #1', '2024-03-07 21:53:16', '2024-03-17 14:20:54', 2, 50, '/assets/miniatures/3.png', 'Récapitulatif de la réunion concernant la transition du Club vers l\'état d\'association'), +(4, 'Update 1.0', '2024-03-08 23:00:24', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/4.png', 'Changelog de la mise à jour 1.0 de la plateforme e59.fr..'), +(5, 'Connaissez vous l\'attaque PCDoS ?', '2024-03-11 07:45:04', '2024-03-17 14:20:54', 2, 0, '/assets/miniatures/5.png', 'Aussi connue sous le nom PCDoS (Plane Crash Denial of Service), cette faille est une faille 0day patchée grâce au plan vigipirate.'), +(6, 'Rapport Pentest (WDoS)', '2024-03-11 07:52:33', '2024-03-17 14:20:54', 4, 0, '/assets/miniatures/6.png', 'Dans le cadre de notre évaluation de sécurité, nous avons réalisé une attaque de pentesting physique simulée sur les infrastructures réseau de l\'entreprise. '), +(7, 'Rapport d\'incident (PCDoS)', '2024-03-11 15:59:25', '2024-03-17 14:20:54', 4, 0, '/assets/miniatures/7.png', 'Le présent rapport détaille un événement impliquant une tentative d\'attaque par déni de service distribué (DDoS) non conventionnelle et à grande échelle sur un centre de données.'), +(8, 'Invasion Volante', '2024-03-11 19:49:51', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/8.png', 'Montmartre Assiégé par une Armada de Pigeons.'), +(9, 'Un avion s\'écrase sur l\'IUT !', '2024-03-12 08:11:11', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/9.png', 'Ce matin, dans une tournure d\'événements tragique et inattendue, un avion s\'est écrasé sur l\'Institut Universitaire de Technologie (IUT) de Vélizy, ...'), +(10, 'Comment faire un 49.3 ?', '2024-03-12 12:39:50', '2024-03-17 14:20:54', 7, 0, '/assets/miniatures/10.png', 'Dans ce tutoriel je vais te montrer comme faire un 49.3.
\r\nTu pourras appliquer ce tutoriel pendant les travaux de groupe quand il faudra rétablir l\'ordre suprême !'), +(11, 'Update 1.1', '2024-03-12 17:07:47', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/11.png', 'Liste des changements suite à la mise à jour de la plateforme vers la version 1.1'), +(12, 'Update 1.2', '2024-03-14 20:50:15', '2024-03-17 15:03:03', 2, 10, '/assets/miniatures/12.png', 'La première update majeure vient de sortir !'); -- -------------------------------------------------------- -- --- Table structure for table `users` +-- Structure de la table `confidential_levels` +-- + +CREATE TABLE `confidential_levels` ( + `ID` int(11) NOT NULL, + `name` varchar(255) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Déchargement des données de la table `confidential_levels` +-- + +INSERT INTO `confidential_levels` (`ID`, `name`) VALUES +(0, 'E59i-P (Public)'), +(10, 'E59i-M (Membres)'), +(20, 'E59i-R (Responsables)'), +(50, 'E59i-D (Direction)'); + +-- -------------------------------------------------------- + +-- +-- Structure de la table `roles` +-- + +CREATE TABLE `roles` ( + `ID` int(11) NOT NULL, + `badge_svg` varchar(2047) NOT NULL, + `role_name` varchar(255) NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; + +-- +-- Déchargement des données de la table `roles` +-- + +INSERT INTO `roles` (`ID`, `badge_svg`, `role_name`) VALUES +(0, ' ', 'Non connecté'), +(1, '', 'Connecté'), +(10, '', 'Membre'), +(20, '', 'Responsable'), +(50, '', 'Directeur'); + +-- -------------------------------------------------------- + +-- +-- Structure de la table `users` -- CREATE TABLE `users` ( @@ -66,61 +111,85 @@ CREATE TABLE `users` ( `username` varchar(255) NOT NULL, `password` varchar(255) NOT NULL, `email` varchar(255) DEFAULT NULL, - `date` datetime NOT NULL DEFAULT current_timestamp(), + `creation_date` datetime NOT NULL DEFAULT current_timestamp(), + `last_update` datetime NOT NULL DEFAULT current_timestamp(), `display_name` varchar(255) DEFAULT 'Guest', - `level` int(12) NOT NULL DEFAULT 0, - `accreditation` int(12) NOT NULL DEFAULT 0, + `role` int(12) NOT NULL DEFAULT 0 COMMENT 'roles.ID', + `accreditation` int(12) NOT NULL DEFAULT 0 COMMENT 'confidential_levels.ID', `profile_picture` varchar(255) DEFAULT NULL, `banner` varchar(255) DEFAULT '', - `bio` varchar(255) DEFAULT NULL, - `certification` int(12) DEFAULT 0 + `bio` varchar(255) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; -- --- Dumping data for table `users` +-- Déchargement des données de la table `users` -- -INSERT INTO `users` (`ID`, `username`, `password`, `email`, `date`, `display_name`, `level`, `accreditation`, `profile_picture`, `banner`, `bio`, `certification`) VALUES -(0, 'deleted_user', '0', NULL, '2024-03-14 20:22:10', 'Deleted User', 0, 0, NULL, '', NULL, 0), -(1, 'admin', 'f290776df3fe2f6507f06bdbe048588b', 'bod@intra.e59.fr', '2024-03-07 19:42:01', 'Dieu', 3, 3, '/assets/pp/1.png', '/assets/banners/1.png', 'Que la lumière soit...', 3), -(2, 'jan', '57edb0f3104636a40e64ad178868a572', 'jan@intra.e59.fr', '2024-03-07 20:26:05', 'Jan BELLON', 3, 3, '/assets/pp/2.png', '/assets/banners/2.png', '🗿♟️☕', 3), -(3, 'eliott', '3845d4aff76bfb44fe36442dc9fce0be', 'eliott@intra.e59.fr', '2024-03-10 23:39:07', 'Eliott', 3, 3, NULL, NULL, NULL, 3), -(4, 'lucas', 'ff12405d3354d3af7ffffdb08474f9a1', 'lucas@intra.e59.fr', '2024-03-11 07:47:25', 'Trésorier', 3, 3, 'https://risibank.fr/cache/medias/0/24/2460/246030/full.png', 'https://images.pexels.com/photos/315938/pexels-photo-315938.jpeg', 'Nous vivons dans une saucisse', 3), -(5, 'Orjawell', '53e284f44a4533d3c13198ab2d7d1685', 'akram@intra.e59.fr', '2024-03-11 07:48:25', 'Orjawell', 2, 2, NULL, NULL, NULL, 2), -(6, 'neo', 'cb59608fced567a14b13a6e5c5c8a1d2', 'neo@neo', '2024-03-11 09:39:15', 'neo', 1, 1, NULL, NULL, NULL, 1), -(7, 'manu', '57edb0f3104636a40e64ad178868a572', 'manu@intra.e59.fr', '2024-03-12 12:19:57', 'Emmanuel Macron', 2, 3, '/assets/pp/7.png', '/assets/banners/7.png', 'Tais toi, ou je fais un 49.3.', 0), -(8, 'willy.guillemin', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:19:53', 'Willy Guillemin', 1, 1, '/assets/pp/8.png', '/assets/banners/8.png', 'Les bits c\'est des bits', 0), -(9, 'etiehuot', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:25:29', 'Etienne Huot', 1, 1, '/assets/pp/9.png', '/assets/banners/9.png', 'Il est où mon IPhone 15 Pro !', 0), -(10, 'sebastien.lemoel', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:36:02', 'Sebastien Le Moel', 1, 1, '/assets/pp/10.png', '/assets/banners/10.png', 'L\'enfer n\'est rien de plus que le domaine fréquentiel.', 0); +INSERT INTO `users` (`ID`, `username`, `password`, `email`, `creation_date`, `last_update`, `display_name`, `role`, `accreditation`, `profile_picture`, `banner`, `bio`) VALUES +(0, 'deleted_user', '0', NULL, '2024-03-14 20:22:10', '2024-03-17 14:21:53', 'Deleted User', 1, 1, NULL, '', NULL), +(1, 'admin', 'f290776df3fe2f6507f06bdbe048588b', 'bod@intra.e59.fr', '2024-03-07 19:42:01', '2024-03-17 14:21:53', 'Dieu', 50, 50, '/assets/pp/1.png', '/assets/banners/1.png', 'Que la lumière soit...'), +(2, 'jan', '57edb0f3104636a40e64ad178868a572', 'jan@intra.e59.fr', '2024-03-07 20:26:05', '2024-03-17 15:00:55', 'Jan BELLON', 50, 50, '/assets/pp/2.png', '/assets/banners/2.png', '🗿♟️☕❤️'), +(3, 'eliott', '3845d4aff76bfb44fe36442dc9fce0be', 'eliott@intra.e59.fr', '2024-03-10 23:39:07', '2024-03-17 14:21:53', 'Eliott', 50, 50, NULL, NULL, NULL), +(4, 'lucas', 'ff12405d3354d3af7ffffdb08474f9a1', 'lucas@intra.e59.fr', '2024-03-11 07:47:25', '2024-03-17 14:21:53', 'Trésorier', 50, 50, 'https://risibank.fr/cache/medias/0/24/2460/246030/full.png', 'https://images.pexels.com/photos/315938/pexels-photo-315938.jpeg', 'Nous vivons dans une saucisse'), +(5, 'Orjawell', '53e284f44a4533d3c13198ab2d7d1685', 'akram@intra.e59.fr', '2024-03-11 07:48:25', '2024-03-17 14:21:53', 'Orjawell', 20, 20, NULL, NULL, NULL), +(6, 'neo', 'cb59608fced567a14b13a6e5c5c8a1d2', 'neo@neo', '2024-03-11 09:39:15', '2024-03-17 14:21:53', 'neo', 10, 10, NULL, NULL, NULL), +(7, 'manu', '57edb0f3104636a40e64ad178868a572', 'manu@intra.e59.fr', '2024-03-12 12:19:57', '2024-03-17 14:21:53', 'Emmanuel Macron', 1, 1, '/assets/pp/7.png', '/assets/banners/7.png', 'Tais toi, ou je fais un 49.3.'), +(8, 'willy.guillemin', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:19:53', '2024-03-17 14:21:53', 'Willy Guillemin', 1, 1, '/assets/pp/8.png', '/assets/banners/8.png', 'Les bits c\'est des bits'), +(9, 'etiehuot', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:25:29', '2024-03-17 14:21:53', 'Etienne Huot', 1, 1, '/assets/pp/9.png', '/assets/banners/9.png', 'Il est où mon IPhone 15 Pro !'), +(10, 'sebastien.lemoel', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:36:02', '2024-03-17 14:21:53', 'Sebastien Le Moel', 1, 1, '/assets/pp/10.png', '/assets/banners/10.png', 'L\'enfer n\'est rien de plus que le domaine fréquentiel.'); -- --- Indexes for dumped tables +-- Index pour les tables déchargées -- -- --- Indexes for table `articles` +-- Index pour la table `articles` -- ALTER TABLE `articles` ADD PRIMARY KEY (`ID`); -- --- Indexes for table `users` +-- Index pour la table `confidential_levels` +-- +ALTER TABLE `confidential_levels` + ADD PRIMARY KEY (`ID`); + +-- +-- Index pour la table `roles` +-- +ALTER TABLE `roles` + ADD PRIMARY KEY (`ID`); + +-- +-- Index pour la table `users` -- ALTER TABLE `users` ADD PRIMARY KEY (`ID`); -- --- AUTO_INCREMENT for dumped tables +-- AUTO_INCREMENT pour les tables déchargées -- -- --- AUTO_INCREMENT for table `articles` +-- AUTO_INCREMENT pour la table `articles` -- ALTER TABLE `articles` MODIFY `ID` int(12) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=13; -- --- AUTO_INCREMENT for table `users` +-- AUTO_INCREMENT pour la table `confidential_levels` +-- +ALTER TABLE `confidential_levels` + MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=51; + +-- +-- AUTO_INCREMENT pour la table `roles` +-- +ALTER TABLE `roles` + MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=101; + +-- +-- AUTO_INCREMENT pour la table `users` -- ALTER TABLE `users` MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=16; diff --git a/html/account/index.php b/html/account/index.php index 36c23ac3..ca2212cc 100755 --- a/html/account/index.php +++ b/html/account/index.php @@ -33,7 +33,7 @@ if (isset($_FILES['newPP']) && $_FILES['newPP']['error'] == 0) { imagedestroy($imageOriginal); imagedestroy($imageResized); - $sqlRequest = "UPDATE users SET profile_picture = :userPP WHERE ID = :userID"; + $sqlRequest = "UPDATE users SET profile_picture = :userPP, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":userPP", $imageURL); $request->bindParam(":userID", $_SESSION['userID']); @@ -72,7 +72,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) { imagedestroy($imageOriginal); imagedestroy($imageResized); - $sqlRequest = "UPDATE users SET banner = :userBanner WHERE ID = :userID"; + $sqlRequest = "UPDATE users SET banner = :userBanner, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":userBanner", $imageURL); $request->bindParam(":userID", $_SESSION['userID']); @@ -88,7 +88,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) { if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) { if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) { - $sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio WHERE ID = :userID"; + $sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20))); $request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 0, 200))); @@ -224,7 +224,7 @@ if($result) {
Rédiger un article
prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY date DESC"); + $request = $pdo->prepare("SELECT ID, title, creation_date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY creation_date DESC"); $request->bindParam(":search", $search); $request->bindParam(":userID", $_SESSION['userID']); $request->execute(); diff --git a/html/admin/index.php b/html/admin/index.php index 675d8f75..89e8c8a2 100755 --- a/html/admin/index.php +++ b/html/admin/index.php @@ -6,7 +6,7 @@ require("../../include/objects.php"); require("../../include/inputs.php"); require("../../include/panels.php"); -if (!isset($_SESSION['userLevel']) || $_SESSION['userLevel'] < 3) { +if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) { http_response_code(403); die("Vous n'êtes pas autorisé à accéder à cette ressource"); } @@ -48,7 +48,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData $search = isset($_GET['search']) ? '%' . $_GET['search'] . '%' : '%%'; - $sqlRequest = "SELECT username, display_name, certification, profile_picture FROM users WHERE ID LIKE :search OR username LIKE :search OR display_name LIKE :search OR email LIKE :search ORDER BY date DESC"; + $sqlRequest = "SELECT users.username, users.display_name, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE users.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search OR users.email LIKE :search ORDER BY users.creation_date DESC"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":search", $search); $request->execute(); @@ -61,11 +61,13 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData $pubDate = date('d/m/Y', $pubDateTime); $userName = $row['username']; $userDisplayName = $row['display_name']; - $userCertification = $row['certification']; + $userBadgeSVG = $row['badge_svg']; $userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture']; - userWidget($userPPURL, $userDisplayName, $userName, $userCertification, $badges, $rootPageURL); + userWidget($userPPURL, $userDisplayName, $userName, $userBadgeSVG, $rootPageURL); } echo (''); + } else { + echo ('Aucun utilisateur trouvé.'); } ?> diff --git a/html/editor/index.php b/html/editor/index.php index 94b4c198..7e4f2de5 100755 --- a/html/editor/index.php +++ b/html/editor/index.php @@ -7,7 +7,7 @@ require("../../include/panels.php"); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); -if ($_SESSION['level'] < 1) { +if ($_SESSION['userRole'] < 1) { header("Location: login.php"); http_response_code(404); } @@ -22,6 +22,13 @@ if (isset($_GET['article'])) { $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); if ($result) { + $sqlRequest = "SELECT ID, name FROM confidential_levels"; + $request = $pdo->prepare($sqlRequest); + $request->execute(); + $confidentialLevels = array(); + foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) { + $confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name']; + } $articleID = $result[0]['ID']; $articleTitle = $result[0]['title']; $articleResume = $result[0]['resume']; @@ -58,7 +65,7 @@ if (isset($_POST['article-content']) && isset($_POST['classification']) && isset file_put_contents($rootFilePath . "content/articles/" . $articleID . ".md", nl2br($_POST['article-content'])); - $sqlRequest = "UPDATE articles SET title = :title, resume = :resume, classification = :classification WHERE ID = :articleID AND author = :authorID"; + $sqlRequest = "UPDATE articles SET title = :title, resume = :resume, classification = :classification, last_update = now() WHERE ID = :articleID AND author = :authorID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":title", htmlspecialchars($_POST['article-title'])); $request->bindParam(":resume", htmlspecialchars($_POST['article-resume'])); @@ -102,7 +109,7 @@ if (isset($_FILES['miniature']) && $_FILES['miniature']['error'] == 0 && isset($ imagedestroy($imageOriginal); imagedestroy($imageResized); - $sqlRequest = "UPDATE articles SET miniature = :miniature WHERE ID = :articleID"; + $sqlRequest = "UPDATE articles SET miniature = :miniature, last_update = now() WHERE ID = :articleID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":miniature", $imageURL); $request->bindParam(":articleID", $articleID); diff --git a/html/index.php b/html/index.php index 28d803ae..d73f18ca 100755 --- a/html/index.php +++ b/html/index.php @@ -41,13 +41,13 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
prepare($sqlRequest); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); if ($result) { - listArticles($result, $rootPageURL, $badges); + listArticles($result, $rootPageURL); } ?>
diff --git a/html/login/index.php b/html/login/index.php index 6dfde443..67bfbdc2 100755 --- a/html/login/index.php +++ b/html/login/index.php @@ -18,7 +18,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) { if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password'])) { - $sqlRequest = "SELECT ID, username, display_name, level, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password"; + $sqlRequest = "SELECT ID, username, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":username", htmlspecialchars($_POST['username'])); $request->bindParam(":password", md5($_POST['password'])); @@ -30,7 +30,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) { $_SESSION['userID'] = $result[0]['ID']; $_SESSION['userName'] = $result[0]['username']; $_SESSION['userDisplayName'] = $result[0]['display_name']; - $_SESSION['userLevel'] = $result[0]['level']; + $_SESSION['userRole'] = $result[0]['role']; $_SESSION['userAccreditation'] = $result[0]['accreditation']; $redirectPage = isset($_GET['p']) ? $_GET['p'] : ""; header('Location: /' . $redirectPage); diff --git a/html/news/index.php b/html/news/index.php index 15c11950..0e523d4d 100755 --- a/html/news/index.php +++ b/html/news/index.php @@ -67,7 +67,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData prepare($sqlRequest); $request->bindParam(":articleID", $_GET['article']); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); @@ -76,7 +76,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData $result = $request->fetchAll(PDO::FETCH_ASSOC); if($result) { - $pubDateTime = strtotime($result[0]['date']); + $pubDateTime = strtotime($result[0]['creation_date']); $pubDate = date('d/m/Y', $pubDateTime); $articleID = $result[0]['ID']; $articleTitle = $result[0]['title']; @@ -84,7 +84,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData $miniatureURL = $result[0]['miniature']; $authorUsername = $result[0]['username']; $authorDisplayName = $result[0]['display_name']; - $authorCertification = $result[0]['certification']; + $authorBadge = $result[0]['badge_svg']; $authorPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture']; $authorID = $result[0]['author']; @@ -96,7 +96,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData echo ('Editer'); } - userWidget($authorPPURL, $authorDisplayName, $authorUsername, $authorCertification, $badges, $rootPageURL); + userWidget($authorPPURL, $authorDisplayName, $authorUsername, $authorBadge, $rootPageURL); echo ('
'); echo (''); @@ -114,7 +114,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData } else { $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%"; - $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name, users.certification FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.date DESC"; + $sqlRequest = "SELECT articles.ID, articles.title, articles.creation_date, articles.miniature, articles.resume, users.username, users.display_name, roles.badge_svg FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.creation_date DESC"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":search", $search); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); @@ -130,7 +130,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData echo (''); if(empty($_GET['search']) == false) { - $sqlRequest = "SELECT username, display_name, certification, profile_picture FROM users WHERE username LIKE :search OR display_name LIKE :search"; + $sqlRequest = "SELECT users.username, users.display_name, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE username LIKE :search OR display_name LIKE :search"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":search", $search); $request->execute(); @@ -139,7 +139,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData echo ('
'); foreach ($userResult as $user) { $userPPURL = $user['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $user['profile_picture']; - userWidget($userPPURL, $user['display_name'], $user['username'], $user['certification'], $badges, $rootPageURL); + userWidget($userPPURL, $user['display_name'], $user['username'], $user['badge_svg'], $rootPageURL); } echo ('
'); } diff --git a/html/settings/index.php b/html/settings/index.php index 93d97098..9037f757 100755 --- a/html/settings/index.php +++ b/html/settings/index.php @@ -23,7 +23,7 @@ if (isset($_POST['username']) && isset($_POST['email'])) { if($result && $result[0]['ID'] != $_SESSION['userID']) { $status = "Le nom d'utilisateur n'est pas disponible"; } else { - $sqlRequest = "UPDATE users SET username = :username, email = :email WHERE ID = :userID"; + $sqlRequest = "UPDATE users SET username = :username, email = :email, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); $request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20))); $request->bindParam(":email", htmlspecialchars($_POST['email'])); diff --git a/html/upload/index.php b/html/upload/index.php index 266415e5..daec8e50 100755 --- a/html/upload/index.php +++ b/html/upload/index.php @@ -7,7 +7,7 @@ require("../../include/panels.php"); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); -if ($_SESSION['level'] < 1) { +if ($_SESSION['userRole'] < 1) { header("Location: login.php"); http_response_code(404); } diff --git a/html/users/index.php b/html/users/index.php index f825104e..f3bdba7a 100755 --- a/html/users/index.php +++ b/html/users/index.php @@ -9,7 +9,7 @@ require("../../include/panels.php"); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); if(isset($_GET['u']) && empty($_GET['u']) == false) { - $request = $pdo->prepare("SELECT ID, username, display_name, profile_picture, banner, bio, certification FROM users WHERE username = :username"); + $request = $pdo->prepare("SELECT users.ID, users.username, users.display_name, users.profile_picture, users.banner, users.bio, roles.badge_svg FROM users JOIN roles ON users.role = roles.ID WHERE users.username = :username"); $request->bindParam(":username", htmlspecialchars($_GET['u'])); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); @@ -21,7 +21,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) { $userPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture']; $userBanner = $result[0]['banner'] = NULL ? "" : $result[0]['banner']; $userBio = $result[0]['bio']; - $userCertification = $result[0]['certification']; + $userBadgeSVG = $userBadgeSVG = $result[0]['badge_svg']; } else { $userID = 0; $userName = htmlspecialchars($_GET['u']); @@ -29,7 +29,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) { $userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"; $userBanner = ""; $userBio = ""; - $userCertification = 0; + $userBadgeSVG = ""; } } else { $userID = 0; @@ -38,7 +38,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) { $userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"; $userBanner = ""; $userBio = ""; - $userCertification = 0; + $userBadgeSVG = ""; } ?> @@ -93,11 +93,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
0) { - echo (''); - echo ($badges[$userCertification]); - echo (''); - } + echo($userBadgeSVG) ?>
@
@@ -117,10 +113,10 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userLevel ORDER BY date DESC"); + $request = $pdo->prepare("SELECT ID, title, creation_date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userRole ORDER BY creation_date DESC"); $request->bindParam(":search", $search); $request->bindParam(":userID", $userID); - $request->bindParam(":userLevel", $_SESSION['userLevel']); + $request->bindParam(":userRole", $_SESSION['userRole']); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); echo ('

Articles de ' . $userDisplayName . '

'); diff --git a/include/init.php b/include/init.php index edfaf68b..a88b2305 100755 --- a/include/init.php +++ b/include/init.php @@ -2,9 +2,9 @@ session_start(); -if (!isset($_SESSION['userAccreditation']) || !isset($_SESSION['userLevel'])) { +if (!isset($_SESSION['userAccreditation']) || !isset($_SESSION['userRole'])) { $_SESSION['userAccreditation'] = 0; - $_SESSION['userLevel'] = 0; + $_SESSION['userRole'] = 0; } if (!isset($_COOKIE['theme'])) { diff --git a/include/objects.php b/include/objects.php index 6b605694..24987c97 100755 --- a/include/objects.php +++ b/include/objects.php @@ -1,6 +1,6 @@ '); echo ('
'); @@ -13,11 +13,7 @@ function userWidget($userPPURL, $userDisplayName, $userName, $userCertification, echo ('
'); echo ($userDisplayName); - if ($userCertification > 0) { - echo (''); - echo ('' . $badges[$userCertification] . ''); - echo (''); - } + echo ($userBadgeSVG); echo ('
'); echo ('
@' . $userName . '
'); @@ -29,11 +25,11 @@ function userWidget($userPPURL, $userDisplayName, $userName, $userCertification, } -function listArticles($result, $rootPageURL, $badges) { +function listArticles($result, $rootPageURL) { foreach($result as $article) { - $pubDateTime = strtotime($article['date']); + $pubDateTime = strtotime($article['creation_date']); $pubDate = date('d/m/Y', $pubDateTime); $articleID = $article['ID']; $articleTitle = $article['title']; @@ -41,8 +37,7 @@ function listArticles($result, $rootPageURL, $badges) { $miniatureURL = empty($article['miniature']) ? $rootPageURL . "src/img/empty.jpg" : $article['miniature']; if (isset($article['username'])) { - $badge = $article['certification'] > 0 ? '' . $badges[$article['certification']] . '' : ""; - $authorLink = ' | ' . $article['display_name'] . $badge . ''; + $authorLink = ' | ' . $article['display_name'] . $article['badge_svg'] . ''; } else { $authorLink = ''; } diff --git a/include/panels.php b/include/panels.php index 263eeb39..387b5b4b 100755 --- a/include/panels.php +++ b/include/panels.php @@ -49,7 +49,7 @@ function fillNav($rootPageURL) { echo ('
News
'); echo ('
A propos
'); - if ($_SESSION['userLevel'] >= 3) { + if ($_SESSION['userRole'] >= 3) { echo ('
Admin
'); }