jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 1.4

Browse Source
This commit is contained in:
cbo 2024-03-17 15:14:50 +00:00
parent df3413c69d
commit a1009bc9fc
15 changed files with 168 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -31,7 +31,7 @@ Le site officiel du club réseaux disponible à l'adresse https://e59.fr/
- ```userID``` - ```userID```
- ```userName``` - ```userName```
- ```userDisplayName``` - ```userDisplayName```
- ```userLevel``` - ```userRole```
- ```userAccreditation``` - ```userAccreditation```
# Includes # Includes

7
config/global.ini
View File

@ -12,7 +12,7 @@ databaseHost = "127.0.0.1"
pageTitle = "Club Réseaux - E59" pageTitle = "Club Réseaux - E59"
headerTitle = "E59" headerTitle = "E59"
headerSubtitle = "Club Réseaux" headerSubtitle = "Club Réseaux"
footerText = "© Jan BELLON - E59 v1.3" footerText = "© Jan BELLON - E59 v1.4"
[confidentialLevels] [confidentialLevels]
0 = "E59i-P (Public)" 0 = "E59i-P (Public)"
@ -26,11 +26,6 @@ footerText = "© Jan BELLON - E59 v1.3"
2 = "Responsable" 2 = "Responsable"
3 = "Directeur" 3 = "Directeur"
[badges]
1 = '<path fill="#67c6d3" d="M11,0C4.92,0,0,4.92,0,11s4.92,11,11,11,11-4.92,11-11S17.08,0,11,0ZM16.81,9.3l-6.67,6.67c-.36.36-.95.36-1.32,0l-3.55-3.55c-.47-.47-.47-1.24,0-1.71.47-.47,1.24-.47,1.71,0l2.5,2.5,5.61-5.61c.47-.47,1.24-.47,1.71,0,.47.47.47,1.24,0,1.71Z"/>'
2 = '<path fill="#b467d3" d="M21.62,10.02l-.86-.95c-.31-.35-.44-.82-.34-1.28l.27-1.26c.16-.73-.26-1.46-.98-1.69l-1.22-.39c-.45-.14-.79-.49-.94-.94l-.39-1.22c-.23-.71-.96-1.13-1.69-.98l-1.26.27c-.46.1-.93-.03-1.28-.34l-.95-.86c-.55-.5-1.4-.5-1.95,0l-.95.86c-.35.31-.82.44-1.28.34l-1.26-.27c-.73-.16-1.46.26-1.69.98l-.39,1.22c-.14.45-.49.79-.94.94l-1.22.39c-.71.23-1.13.96-.98,1.69l.27,1.26c.1.46-.03.93-.34,1.28l-.86.95c-.5.55-.5,1.4,0,1.95l.86.95c.31.35.44.82.34,1.28l-.27,1.26c-.16.73.26,1.46.98,1.69l1.22.39c.45.14.79.49.94.94l.39,1.22c.23.71.96,1.13,1.69.98l1.26-.27c.46-.1.93.03,1.28.34l.95.86c.55.5,1.4.5,1.95,0l.95-.86c.35-.31.82-.44,1.28-.34l1.26.27c.73.16,1.46-.26,1.69-.98l.39-1.22c.14-.45.49-.79.94-.94l1.22-.39c.71-.23,1.13-.96.98-1.69l-.27-1.26c-.1-.46.03-.93.34-1.28l.86-.95c.5-.55.5-1.4,0-1.95ZM16.77,9.3l-6.67,6.67c-.36.36-.95.36-1.32,0l-3.55-3.55c-.47-.47-.47-1.24,0-1.71.47-.47,1.24-.47,1.71,0l2.5,2.5,5.61-5.61c.47-.47,1.24-.47,1.71,0,.47.47.47,1.24,0,1.71Z"/>'
3 = '<path fill="#d39367" d="M21.75,9.92l-1.31-2.67c-.04-.09-.08-.19-.12-.28l-.96-2.81c-.25-.72-.81-1.28-1.52-1.52l-2.81-.96c-.1-.03-.19-.07-.28-.12L12.08.25c-.68-.33-1.48-.33-2.16,0l-2.67,1.31c-.09.04-.19.08-.28.12l-2.81.96c-.72.25-1.28.81-1.52,1.52l-.96,2.81c-.03.1-.07.19-.12.28L.25,9.92c-.33.68-.33,1.48,0,2.16l1.31,2.67c.04.09.08.19.12.28l.96,2.81c.25.72.81,1.28,1.52,1.52l2.81.96c.1.03.19.07.28.12l2.67,1.31c.68.33,1.48.33,2.16,0l2.67-1.31c.09-.04.19-.08.28-.12l2.81-.96c.72-.25,1.28-.81,1.52-1.52l.96-2.81c.03-.1.07-.19.12-.28l1.31-2.67c.33-.68.33-1.48,0-2.16ZM16.91,8.78l-6.84,6.83c-.37.37-.98.37-1.35,0l-3.64-3.64c-.48-.48-.48-1.27,0-1.76.48-.48,1.27-.48,1.76,0l2.56,2.56,5.76-5.76c.48-.48,1.27-.48,1.76,0,.48.48.48,1.27,0,1.76Z"/>'
[darkThemes] [darkThemes]
0 = '.body {--text: hsl(0, 0%, 80%); --background: hsl(0, 0%, 15%); --panel-background: hsl(0, 0%, 10%); --buttons: hsl(0, 0%, 5%)}' 0 = '.body {--text: hsl(0, 0%, 80%); --background: hsl(0, 0%, 15%); --panel-background: hsl(0, 0%, 10%); --buttons: hsl(0, 0%, 5%)}'
1 = '.body {--text: hsl(208, 100%, 96%); --background: hsl(215, 21%, 11%); --panel-background: hsl(216, 28%, 7%); --buttons: hsl(216, 28%, 7%)}' 1 = '.body {--text: hsl(208, 100%, 96%); --background: hsl(215, 21%, 11%); --panel-background: hsl(216, 28%, 7%); --buttons: hsl(216, 28%, 7%)}'

167
database/E59.sql Executable file → Normal file
View File

@ -1,11 +1,11 @@
-- phpMyAdmin SQL Dump -- phpMyAdmin SQL Dump
-- version 5.2.1 -- version 5.2.1deb1+jammy2
-- https://www.phpmyadmin.net/ -- https://www.phpmyadmin.net/
-- --
-- Host: localhost -- Hôte : localhost:3306
-- Generation Time: Mar 15, 2024 at 01:26 AM -- Généré le : dim. 17 mars 2024 à 15:14
-- Server version: 10.5.23-MariaDB-0+deb11u1 -- Version du serveur : 10.6.16-MariaDB-0ubuntu0.22.04.1
-- PHP Version: 7.4.33 -- Version de PHP : 8.1.2-1ubuntu2.14
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO"; SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION; START TRANSACTION;
@ -18,47 +18,92 @@ SET time_zone = "+00:00";
/*!40101 SET NAMES utf8mb4 */; /*!40101 SET NAMES utf8mb4 */;
-- --
-- Database: `E59` -- Base de données : `E59`
-- --
-- -------------------------------------------------------- -- --------------------------------------------------------
-- --
-- Table structure for table `articles` -- Structure de la table `articles`
-- --
CREATE TABLE `articles` ( CREATE TABLE `articles` (
`ID` int(12) NOT NULL, `ID` int(12) NOT NULL,
`title` varchar(255) NOT NULL, `title` varchar(255) NOT NULL,
`date` datetime NOT NULL DEFAULT current_timestamp(), `creation_date` datetime NOT NULL DEFAULT current_timestamp(),
`author` int(12) NOT NULL, `last_update` datetime NOT NULL DEFAULT current_timestamp(),
`classification` int(12) NOT NULL, `author` int(12) NOT NULL COMMENT 'users.ID',
`classification` int(12) NOT NULL COMMENT 'confidential_levels.ID',
`miniature` varchar(255) DEFAULT NULL, `miniature` varchar(255) DEFAULT NULL,
`resume` text DEFAULT NULL `resume` text DEFAULT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
-- --
-- Dumping data for table `articles` -- Déchargement des données de la table `articles`
-- --
INSERT INTO `articles` (`ID`, `title`, `date`, `author`, `classification`, `miniature`, `resume`) VALUES INSERT INTO `articles` (`ID`, `title`, `creation_date`, `last_update`, `author`, `classification`, `miniature`, `resume`) VALUES
(1, 'Écrivons le futur !', '2024-03-07 09:32:00', 1, 0, '/assets/miniatures/1.png', 'Après avoir discuté avec l\'administration de notre IUT, nous avons découvert la partie humaine qui assure sa gestion, avec laquelle nous avons eu le plaisir de sympathiser. '), (1, 'Écrivons le futur !', '2024-03-07 09:32:00', '2024-03-17 14:20:54', 1, 0, '/assets/miniatures/1.png', 'Après avoir discuté avec l\'administration de notre IUT, nous avons découvert la partie humaine qui assure sa gestion, avec laquelle nous avons eu le plaisir de sympathiser. '),
(2, 'SpyLab', '2024-03-07 19:15:00', 2, 0, '/assets/miniatures/2.png', 'La plateforme de CTF SpyLab est displonible sur le gitlab de la E59.&lt;br /&gt;\r\nCe projet a été mené dans le cadre de la SAE Pentest, un projet universitaire dirigé par Monsieur Guillemin.'), (2, 'SpyLab', '2024-03-07 19:15:00', '2024-03-17 14:20:54', 2, 0, '/assets/miniatures/2.png', 'La plateforme de CTF SpyLab est displonible sur le gitlab de la E59.&lt;br /&gt;\r\nCe projet a été mené dans le cadre de la SAE Pentest, un projet universitaire dirigé par Monsieur Guillemin.'),
(3, 'Réunion Association #1', '2024-03-07 21:53:16', 2, 3, '/assets/miniatures/3.png', 'Récapitulatif de la réunion concernant la transition du Club vers l\'état d\'association'), (3, 'Réunion Association #1', '2024-03-07 21:53:16', '2024-03-17 14:20:54', 2, 50, '/assets/miniatures/3.png', 'Récapitulatif de la réunion concernant la transition du Club vers l\'état d\'association'),
(4, 'Update 1.0', '2024-03-08 23:00:24', 2, 0, '/assets/miniatures/4.png', 'Changelog de la mise à jour 1.0 de la plateforme e59.fr..'), (4, 'Update 1.0', '2024-03-08 23:00:24', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/4.png', 'Changelog de la mise à jour 1.0 de la plateforme e59.fr..'),
(5, 'Connaissez vous l\'attaque PCDoS ?', '2024-03-11 07:45:04', 2, 0, '/assets/miniatures/5.png', 'Aussi connue sous le nom PCDoS (Plane Crash Denial of Service), cette faille est une faille 0day patchée grâce au plan vigipirate.'), (5, 'Connaissez vous l\'attaque PCDoS ?', '2024-03-11 07:45:04', '2024-03-17 14:20:54', 2, 0, '/assets/miniatures/5.png', 'Aussi connue sous le nom PCDoS (Plane Crash Denial of Service), cette faille est une faille 0day patchée grâce au plan vigipirate.'),
(6, 'Rapport Pentest (WDoS)', '2024-03-11 07:52:33', 4, 0, '/assets/miniatures/6.png', 'Dans le cadre de notre évaluation de sécurité, nous avons réalisé une attaque de pentesting physique simulée sur les infrastructures réseau de l\'entreprise. '), (6, 'Rapport Pentest (WDoS)', '2024-03-11 07:52:33', '2024-03-17 14:20:54', 4, 0, '/assets/miniatures/6.png', 'Dans le cadre de notre évaluation de sécurité, nous avons réalisé une attaque de pentesting physique simulée sur les infrastructures réseau de l\'entreprise. '),
(7, 'Rapport d\'incident (PCDoS)', '2024-03-11 15:59:25', 4, 1, '/assets/miniatures/7.png', 'Le présent rapport détaille un événement impliquant une tentative d\'attaque par déni de service distribué (DDoS) non conventionnelle et à grande échelle sur un centre de données.'), (7, 'Rapport d\'incident (PCDoS)', '2024-03-11 15:59:25', '2024-03-17 14:20:54', 4, 0, '/assets/miniatures/7.png', 'Le présent rapport détaille un événement impliquant une tentative d\'attaque par déni de service distribué (DDoS) non conventionnelle et à grande échelle sur un centre de données.'),
(8, 'Invasion Volante', '2024-03-11 19:49:51', 2, 0, '/assets/miniatures/8.png', 'Montmartre Assiégé par une Armada de Pigeons.'), (8, 'Invasion Volante', '2024-03-11 19:49:51', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/8.png', 'Montmartre Assiégé par une Armada de Pigeons.'),
(9, 'Un avion s\'écrase sur l\'IUT !', '2024-03-12 08:11:11', 2, 0, '/assets/miniatures/9.png', 'Ce matin, dans une tournure d\'événements tragique et inattendue, un avion s\'est écrasé sur l\'Institut Universitaire de Technologie (IUT) de Vélizy, ...'), (9, 'Un avion s\'écrase sur l\'IUT !', '2024-03-12 08:11:11', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/9.png', 'Ce matin, dans une tournure d\'événements tragique et inattendue, un avion s\'est écrasé sur l\'Institut Universitaire de Technologie (IUT) de Vélizy, ...'),
(10, 'Comment faire un 49.3 ?', '2024-03-12 12:39:50', 7, 0, '/assets/miniatures/10.png', 'Dans ce tutoriel je vais te montrer comme faire un 49.3. <br />\r\nTu pourras appliquer ce tutoriel pendant les travaux de groupe quand il faudra rétablir l\'ordre suprême !'), (10, 'Comment faire un 49.3 ?', '2024-03-12 12:39:50', '2024-03-17 14:20:54', 7, 0, '/assets/miniatures/10.png', 'Dans ce tutoriel je vais te montrer comme faire un 49.3. <br />\r\nTu pourras appliquer ce tutoriel pendant les travaux de groupe quand il faudra rétablir l\'ordre suprême !'),
(11, 'Update 1.1', '2024-03-12 17:07:47', 2, 0, '/assets/miniatures/11.png', 'Liste des changements suite à la mise à jour de la plateforme vers la version 1.1'), (11, 'Update 1.1', '2024-03-12 17:07:47', '2024-03-17 14:20:54', 2, 10, '/assets/miniatures/11.png', 'Liste des changements suite à la mise à jour de la plateforme vers la version 1.1'),
(12, 'Update 1.2', '2024-03-14 20:50:15', 2, 0, '/assets/miniatures/12.png', 'La première update majeure vient de sortir !'); (12, 'Update 1.2', '2024-03-14 20:50:15', '2024-03-17 15:03:03', 2, 10, '/assets/miniatures/12.png', 'La première update majeure vient de sortir !');
-- -------------------------------------------------------- -- --------------------------------------------------------
-- --
-- Table structure for table `users` -- Structure de la table `confidential_levels`
--
CREATE TABLE `confidential_levels` (
`ID` int(11) NOT NULL,
`name` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
--
-- Déchargement des données de la table `confidential_levels`
--
INSERT INTO `confidential_levels` (`ID`, `name`) VALUES
(0, 'E59i-P (Public)'),
(10, 'E59i-M (Membres)'),
(20, 'E59i-R (Responsables)'),
(50, 'E59i-D (Direction)');
-- --------------------------------------------------------
--
-- Structure de la table `roles`
--
CREATE TABLE `roles` (
`ID` int(11) NOT NULL,
`badge_svg` varchar(2047) NOT NULL,
`role_name` varchar(255) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
--
-- Déchargement des données de la table `roles`
--
INSERT INTO `roles` (`ID`, `badge_svg`, `role_name`) VALUES
(0, ' ', 'Non connecté'),
(1, '', 'Connecté'),
(10, '<svg class=\"certification\" viewBox=\"0 0 22 22\" aria-label=\"Compte certifié\" role=\"img\"><g><path fill=\"#67c6d3\" d=\"M11,0C4.92,0,0,4.92,0,11s4.92,11,11,11,11-4.92,11-11S17.08,0,11,0ZM16.81,9.3l-6.67,6.67c-.36.36-.95.36-1.32,0l-3.55-3.55c-.47-.47-.47-1.24,0-1.71.47-.47,1.24-.47,1.71,0l2.5,2.5,5.61-5.61c.47-.47,1.24-.47,1.71,0,.47.47.47,1.24,0,1.71Z\"></path></g></svg>', 'Membre'),
(20, '<svg class=\"certification\" viewBox=\"0 0 22 22\" aria-label=\"Compte certifié\" role=\"img\"><g><path fill=\"#b467d3\" d=\"M21.62,10.02l-.86-.95c-.31-.35-.44-.82-.34-1.28l.27-1.26c.16-.73-.26-1.46-.98-1.69l-1.22-.39c-.45-.14-.79-.49-.94-.94l-.39-1.22c-.23-.71-.96-1.13-1.69-.98l-1.26.27c-.46.1-.93-.03-1.28-.34l-.95-.86c-.55-.5-1.4-.5-1.95,0l-.95.86c-.35.31-.82.44-1.28.34l-1.26-.27c-.73-.16-1.46.26-1.69.98l-.39,1.22c-.14.45-.49.79-.94.94l-1.22.39c-.71.23-1.13.96-.98,1.69l.27,1.26c.1.46-.03.93-.34,1.28l-.86.95c-.5.55-.5,1.4,0,1.95l.86.95c.31.35.44.82.34,1.28l-.27,1.26c-.16.73.26,1.46.98,1.69l1.22.39c.45.14.79.49.94.94l.39,1.22c.23.71.96,1.13,1.69.98l1.26-.27c.46-.1.93.03,1.28.34l.95.86c.55.5,1.4.5,1.95,0l.95-.86c.35-.31.82-.44,1.28-.34l1.26.27c.73.16,1.46-.26,1.69-.98l.39-1.22c.14-.45.49-.79.94-.94l1.22-.39c.71-.23,1.13-.96.98-1.69l-.27-1.26c-.1-.46.03-.93.34-1.28l.86-.95c.5-.55.5-1.4,0-1.95ZM16.77,9.3l-6.67,6.67c-.36.36-.95.36-1.32,0l-3.55-3.55c-.47-.47-.47-1.24,0-1.71.47-.47,1.24-.47,1.71,0l2.5,2.5,5.61-5.61c.47-.47,1.24-.47,1.71,0,.47.47.47,1.24,0,1.71Z\"></path></g></svg>', 'Responsable'),
(50, '<svg class=\"certification\" viewBox=\"0 0 22 22\" aria-label=\"Compte certifié\" role=\"img\"><g><path fill=\"#d39367\" d=\"M21.75,9.92l-1.31-2.67c-.04-.09-.08-.19-.12-.28l-.96-2.81c-.25-.72-.81-1.28-1.52-1.52l-2.81-.96c-.1-.03-.19-.07-.28-.12L12.08.25c-.68-.33-1.48-.33-2.16,0l-2.67,1.31c-.09.04-.19.08-.28.12l-2.81.96c-.72.25-1.28.81-1.52,1.52l-.96,2.81c-.03.1-.07.19-.12.28L.25,9.92c-.33.68-.33,1.48,0,2.16l1.31,2.67c.04.09.08.19.12.28l.96,2.81c.25.72.81,1.28,1.52,1.52l2.81.96c.1.03.19.07.28.12l2.67,1.31c.68.33,1.48.33,2.16,0l2.67-1.31c.09-.04.19-.08.28-.12l2.81-.96c.72-.25,1.28-.81,1.52-1.52l.96-2.81c.03-.1.07-.19.12-.28l1.31-2.67c.33-.68.33-1.48,0-2.16ZM16.91,8.78l-6.84,6.83c-.37.37-.98.37-1.35,0l-3.64-3.64c-.48-.48-.48-1.27,0-1.76.48-.48,1.27-.48,1.76,0l2.56,2.56,5.76-5.76c.48-.48,1.27-.48,1.76,0,.48.48.48,1.27,0,1.76Z\"></path></g></svg>', 'Directeur');
-- --------------------------------------------------------
--
-- Structure de la table `users`
-- --
CREATE TABLE `users` ( CREATE TABLE `users` (
@ -66,61 +111,85 @@ CREATE TABLE `users` (
`username` varchar(255) NOT NULL, `username` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL, `password` varchar(255) NOT NULL,
`email` varchar(255) DEFAULT NULL, `email` varchar(255) DEFAULT NULL,
`date` datetime NOT NULL DEFAULT current_timestamp(), `creation_date` datetime NOT NULL DEFAULT current_timestamp(),
`last_update` datetime NOT NULL DEFAULT current_timestamp(),
`display_name` varchar(255) DEFAULT 'Guest', `display_name` varchar(255) DEFAULT 'Guest',
`level` int(12) NOT NULL DEFAULT 0, `role` int(12) NOT NULL DEFAULT 0 COMMENT 'roles.ID',
`accreditation` int(12) NOT NULL DEFAULT 0, `accreditation` int(12) NOT NULL DEFAULT 0 COMMENT 'confidential_levels.ID',
`profile_picture` varchar(255) DEFAULT NULL, `profile_picture` varchar(255) DEFAULT NULL,
`banner` varchar(255) DEFAULT '', `banner` varchar(255) DEFAULT '',
`bio` varchar(255) DEFAULT NULL, `bio` varchar(255) DEFAULT NULL
`certification` int(12) DEFAULT 0
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
-- --
-- Dumping data for table `users` -- Déchargement des données de la table `users`
-- --
INSERT INTO `users` (`ID`, `username`, `password`, `email`, `date`, `display_name`, `level`, `accreditation`, `profile_picture`, `banner`, `bio`, `certification`) VALUES INSERT INTO `users` (`ID`, `username`, `password`, `email`, `creation_date`, `last_update`, `display_name`, `role`, `accreditation`, `profile_picture`, `banner`, `bio`) VALUES
(0, 'deleted_user', '0', NULL, '2024-03-14 20:22:10', 'Deleted User', 0, 0, NULL, '', NULL, 0), (0, 'deleted_user', '0', NULL, '2024-03-14 20:22:10', '2024-03-17 14:21:53', 'Deleted User', 1, 1, NULL, '', NULL),
(1, 'admin', 'f290776df3fe2f6507f06bdbe048588b', 'bod@intra.e59.fr', '2024-03-07 19:42:01', 'Dieu', 3, 3, '/assets/pp/1.png', '/assets/banners/1.png', 'Que la lumière soit...', 3), (1, 'admin', 'f290776df3fe2f6507f06bdbe048588b', 'bod@intra.e59.fr', '2024-03-07 19:42:01', '2024-03-17 14:21:53', 'Dieu', 50, 50, '/assets/pp/1.png', '/assets/banners/1.png', 'Que la lumière soit...'),
(2, 'jan', '57edb0f3104636a40e64ad178868a572', 'jan@intra.e59.fr', '2024-03-07 20:26:05', 'Jan BELLON', 3, 3, '/assets/pp/2.png', '/assets/banners/2.png', '🗿♟️☕', 3), (2, 'jan', '57edb0f3104636a40e64ad178868a572', 'jan@intra.e59.fr', '2024-03-07 20:26:05', '2024-03-17 15:00:55', 'Jan BELLON', 50, 50, '/assets/pp/2.png', '/assets/banners/2.png', '🗿♟️☕❤️'),
(3, 'eliott', '3845d4aff76bfb44fe36442dc9fce0be', 'eliott@intra.e59.fr', '2024-03-10 23:39:07', 'Eliott', 3, 3, NULL, NULL, NULL, 3), (3, 'eliott', '3845d4aff76bfb44fe36442dc9fce0be', 'eliott@intra.e59.fr', '2024-03-10 23:39:07', '2024-03-17 14:21:53', 'Eliott', 50, 50, NULL, NULL, NULL),
(4, 'lucas', 'ff12405d3354d3af7ffffdb08474f9a1', 'lucas@intra.e59.fr', '2024-03-11 07:47:25', 'Trésorier', 3, 3, 'https://risibank.fr/cache/medias/0/24/2460/246030/full.png', 'https://images.pexels.com/photos/315938/pexels-photo-315938.jpeg', 'Nous vivons dans une saucisse', 3), (4, 'lucas', 'ff12405d3354d3af7ffffdb08474f9a1', 'lucas@intra.e59.fr', '2024-03-11 07:47:25', '2024-03-17 14:21:53', 'Trésorier', 50, 50, 'https://risibank.fr/cache/medias/0/24/2460/246030/full.png', 'https://images.pexels.com/photos/315938/pexels-photo-315938.jpeg', 'Nous vivons dans une saucisse'),
(5, 'Orjawell', '53e284f44a4533d3c13198ab2d7d1685', 'akram@intra.e59.fr', '2024-03-11 07:48:25', 'Orjawell', 2, 2, NULL, NULL, NULL, 2), (5, 'Orjawell', '53e284f44a4533d3c13198ab2d7d1685', 'akram@intra.e59.fr', '2024-03-11 07:48:25', '2024-03-17 14:21:53', 'Orjawell', 20, 20, NULL, NULL, NULL),
(6, 'neo', 'cb59608fced567a14b13a6e5c5c8a1d2', 'neo@neo', '2024-03-11 09:39:15', 'neo', 1, 1, NULL, NULL, NULL, 1), (6, 'neo', 'cb59608fced567a14b13a6e5c5c8a1d2', 'neo@neo', '2024-03-11 09:39:15', '2024-03-17 14:21:53', 'neo', 10, 10, NULL, NULL, NULL),
(7, 'manu', '57edb0f3104636a40e64ad178868a572', 'manu@intra.e59.fr', '2024-03-12 12:19:57', 'Emmanuel Macron', 2, 3, '/assets/pp/7.png', '/assets/banners/7.png', 'Tais toi, ou je fais un 49.3.', 0), (7, 'manu', '57edb0f3104636a40e64ad178868a572', 'manu@intra.e59.fr', '2024-03-12 12:19:57', '2024-03-17 14:21:53', 'Emmanuel Macron', 1, 1, '/assets/pp/7.png', '/assets/banners/7.png', 'Tais toi, ou je fais un 49.3.'),
(8, 'willy.guillemin', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:19:53', 'Willy Guillemin', 1, 1, '/assets/pp/8.png', '/assets/banners/8.png', 'Les bits c\'est des bits', 0), (8, 'willy.guillemin', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:19:53', '2024-03-17 14:21:53', 'Willy Guillemin', 1, 1, '/assets/pp/8.png', '/assets/banners/8.png', 'Les bits c\'est des bits'),
(9, 'etiehuot', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:25:29', 'Etienne Huot', 1, 1, '/assets/pp/9.png', '/assets/banners/9.png', 'Il est où mon IPhone 15 Pro !', 0), (9, 'etiehuot', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:25:29', '2024-03-17 14:21:53', 'Etienne Huot', 1, 1, '/assets/pp/9.png', '/assets/banners/9.png', 'Il est où mon IPhone 15 Pro !'),
(10, 'sebastien.lemoel', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:36:02', 'Sebastien Le Moel', 1, 1, '/assets/pp/10.png', '/assets/banners/10.png', 'L\'enfer n\'est rien de plus que le domaine fréquentiel.', 0); (10, 'sebastien.lemoel', '52df21f38c6b2552bf68e4daa9c7f815', '', '2024-03-14 23:36:02', '2024-03-17 14:21:53', 'Sebastien Le Moel', 1, 1, '/assets/pp/10.png', '/assets/banners/10.png', 'L\'enfer n\'est rien de plus que le domaine fréquentiel.');
-- --
-- Indexes for dumped tables -- Index pour les tables déchargées
-- --
-- --
-- Indexes for table `articles` -- Index pour la table `articles`
-- --
ALTER TABLE `articles` ALTER TABLE `articles`
ADD PRIMARY KEY (`ID`); ADD PRIMARY KEY (`ID`);
-- --
-- Indexes for table `users` -- Index pour la table `confidential_levels`
--
ALTER TABLE `confidential_levels`
ADD PRIMARY KEY (`ID`);
--
-- Index pour la table `roles`
--
ALTER TABLE `roles`
ADD PRIMARY KEY (`ID`);
--
-- Index pour la table `users`
-- --
ALTER TABLE `users` ALTER TABLE `users`
ADD PRIMARY KEY (`ID`); ADD PRIMARY KEY (`ID`);
-- --
-- AUTO_INCREMENT for dumped tables -- AUTO_INCREMENT pour les tables déchargées
-- --
-- --
-- AUTO_INCREMENT for table `articles` -- AUTO_INCREMENT pour la table `articles`
-- --
ALTER TABLE `articles` ALTER TABLE `articles`
MODIFY `ID` int(12) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=13; MODIFY `ID` int(12) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=13;
-- --
-- AUTO_INCREMENT for table `users` -- AUTO_INCREMENT pour la table `confidential_levels`
--
ALTER TABLE `confidential_levels`
MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=51;
--
-- AUTO_INCREMENT pour la table `roles`
--
ALTER TABLE `roles`
MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=101;
--
-- AUTO_INCREMENT pour la table `users`
-- --
ALTER TABLE `users` ALTER TABLE `users`
MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=16; MODIFY `ID` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=16;

8
html/account/index.php
View File

@ -33,7 +33,7 @@ if (isset($_FILES['newPP']) && $_FILES['newPP']['error'] == 0) {
imagedestroy($imageOriginal); imagedestroy($imageOriginal);
imagedestroy($imageResized); imagedestroy($imageResized);
$sqlRequest = "UPDATE users SET profile_picture = :userPP WHERE ID = :userID"; $sqlRequest = "UPDATE users SET profile_picture = :userPP, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":userPP", $imageURL); $request->bindParam(":userPP", $imageURL);
$request->bindParam(":userID", $_SESSION['userID']); $request->bindParam(":userID", $_SESSION['userID']);
@ -72,7 +72,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) {
imagedestroy($imageOriginal); imagedestroy($imageOriginal);
imagedestroy($imageResized); imagedestroy($imageResized);
$sqlRequest = "UPDATE users SET banner = :userBanner WHERE ID = :userID"; $sqlRequest = "UPDATE users SET banner = :userBanner, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":userBanner", $imageURL); $request->bindParam(":userBanner", $imageURL);
$request->bindParam(":userID", $_SESSION['userID']); $request->bindParam(":userID", $_SESSION['userID']);
@ -88,7 +88,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) {
if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) { if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) {
if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) { if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) {
$sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio WHERE ID = :userID"; $sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20))); $request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20)));
$request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 0, 200))); $request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 0, 200)));
@ -224,7 +224,7 @@ if($result) {
<div><a href="/upload" class="button">Rédiger un article</a></div> <div><a href="/upload" class="button">Rédiger un article</a></div>
<?php <?php
$search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%"; $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
$request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY date DESC"); $request = $pdo->prepare("SELECT ID, title, creation_date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID ORDER BY creation_date DESC");
$request->bindParam(":search", $search); $request->bindParam(":search", $search);
$request->bindParam(":userID", $_SESSION['userID']); $request->bindParam(":userID", $_SESSION['userID']);
$request->execute(); $request->execute();

10
html/admin/index.php
View File

@ -6,7 +6,7 @@ require("../../include/objects.php");
require("../../include/inputs.php"); require("../../include/inputs.php");
require("../../include/panels.php"); require("../../include/panels.php");
if (!isset($_SESSION['userLevel']) || $_SESSION['userLevel'] < 3) { if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) {
http_response_code(403); http_response_code(403);
die("Vous n'êtes pas autorisé à accéder à cette ressource"); die("Vous n'êtes pas autorisé à accéder à cette ressource");
} }
@ -48,7 +48,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
$search = isset($_GET['search']) ? '%' . $_GET['search'] . '%' : '%%'; $search = isset($_GET['search']) ? '%' . $_GET['search'] . '%' : '%%';
$sqlRequest = "SELECT username, display_name, certification, profile_picture FROM users WHERE ID LIKE :search OR username LIKE :search OR display_name LIKE :search OR email LIKE :search ORDER BY date DESC"; $sqlRequest = "SELECT users.username, users.display_name, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE users.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search OR users.email LIKE :search ORDER BY users.creation_date DESC";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":search", $search); $request->bindParam(":search", $search);
$request->execute(); $request->execute();
@ -61,11 +61,13 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
$pubDate = date('d/m/Y', $pubDateTime); $pubDate = date('d/m/Y', $pubDateTime);
$userName = $row['username']; $userName = $row['username'];
$userDisplayName = $row['display_name']; $userDisplayName = $row['display_name'];
$userCertification = $row['certification']; $userBadgeSVG = $row['badge_svg'];
$userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture']; $userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture'];
userWidget($userPPURL, $userDisplayName, $userName, $userCertification, $badges, $rootPageURL); userWidget($userPPURL, $userDisplayName, $userName, $userBadgeSVG, $rootPageURL);
} }
echo ('</div>'); echo ('</div>');
} else {
echo ('Aucun utilisateur trouvé.');
} }
?> ?>
</div> </div>

13
html/editor/index.php
View File

@ -7,7 +7,7 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if ($_SESSION['level'] < 1) { if ($_SESSION['userRole'] < 1) {
header("Location: login.php"); header("Location: login.php");
http_response_code(404); http_response_code(404);
} }
@ -22,6 +22,13 @@ if (isset($_GET['article'])) {
$request->execute(); $request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC); $result = $request->fetchAll(PDO::FETCH_ASSOC);
if ($result) { if ($result) {
$sqlRequest = "SELECT ID, name FROM confidential_levels";
$request = $pdo->prepare($sqlRequest);
$request->execute();
$confidentialLevels = array();
foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) {
$confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name'];
}
$articleID = $result[0]['ID']; $articleID = $result[0]['ID'];
$articleTitle = $result[0]['title']; $articleTitle = $result[0]['title'];
$articleResume = $result[0]['resume']; $articleResume = $result[0]['resume'];
@ -58,7 +65,7 @@ if (isset($_POST['article-content']) && isset($_POST['classification']) && isset
file_put_contents($rootFilePath . "content/articles/" . $articleID . ".md", nl2br($_POST['article-content'])); file_put_contents($rootFilePath . "content/articles/" . $articleID . ".md", nl2br($_POST['article-content']));
$sqlRequest = "UPDATE articles SET title = :title, resume = :resume, classification = :classification WHERE ID = :articleID AND author = :authorID"; $sqlRequest = "UPDATE articles SET title = :title, resume = :resume, classification = :classification, last_update = now() WHERE ID = :articleID AND author = :authorID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":title", htmlspecialchars($_POST['article-title'])); $request->bindParam(":title", htmlspecialchars($_POST['article-title']));
$request->bindParam(":resume", htmlspecialchars($_POST['article-resume'])); $request->bindParam(":resume", htmlspecialchars($_POST['article-resume']));
@ -102,7 +109,7 @@ if (isset($_FILES['miniature']) && $_FILES['miniature']['error'] == 0 && isset($
imagedestroy($imageOriginal); imagedestroy($imageOriginal);
imagedestroy($imageResized); imagedestroy($imageResized);
$sqlRequest = "UPDATE articles SET miniature = :miniature WHERE ID = :articleID"; $sqlRequest = "UPDATE articles SET miniature = :miniature, last_update = now() WHERE ID = :articleID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":miniature", $imageURL); $request->bindParam(":miniature", $imageURL);
$request->bindParam(":articleID", $articleID); $request->bindParam(":articleID", $articleID);

4
html/index.php
View File

@ -41,13 +41,13 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
</div> </div>
<div class="articles-list"> <div class="articles-list">
<?php <?php
$sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name, users.certification FROM articles JOIN users ON articles.author = users.ID WHERE articles.classification <= :userAccreditation ORDER BY date DESC LIMIT 3"; $sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name, roles.badge_svg FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE articles.classification <= :userAccreditation ORDER BY date DESC LIMIT 3";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
$request->execute(); $request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC); $result = $request->fetchAll(PDO::FETCH_ASSOC);
if ($result) { if ($result) {
listArticles($result, $rootPageURL, $badges); listArticles($result, $rootPageURL);
} }
?> ?>
</div> </div>

4
html/login/index.php
View File

@ -18,7 +18,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) {
if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password'])) { if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['password'])) {
$sqlRequest = "SELECT ID, username, display_name, level, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password"; $sqlRequest = "SELECT ID, username, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars($_POST['username'])); $request->bindParam(":username", htmlspecialchars($_POST['username']));
$request->bindParam(":password", md5($_POST['password'])); $request->bindParam(":password", md5($_POST['password']));
@ -30,7 +30,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) {
$_SESSION['userID'] = $result[0]['ID']; $_SESSION['userID'] = $result[0]['ID'];
$_SESSION['userName'] = $result[0]['username']; $_SESSION['userName'] = $result[0]['username'];
$_SESSION['userDisplayName'] = $result[0]['display_name']; $_SESSION['userDisplayName'] = $result[0]['display_name'];
$_SESSION['userLevel'] = $result[0]['level']; $_SESSION['userRole'] = $result[0]['role'];
$_SESSION['userAccreditation'] = $result[0]['accreditation']; $_SESSION['userAccreditation'] = $result[0]['accreditation'];
$redirectPage = isset($_GET['p']) ? $_GET['p'] : ""; $redirectPage = isset($_GET['p']) ? $_GET['p'] : "";
header('Location: /' . $redirectPage); header('Location: /' . $redirectPage);

14
html/news/index.php
View File

@ -67,7 +67,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
<?php <?php
if (isset($_GET['article']) && filter_var($_GET['article'], FILTER_VALIDATE_INT) && file_exists($rootFilePath . 'content/articles/' . $_GET['article'] . '.md')) { if (isset($_GET['article']) && filter_var($_GET['article'], FILTER_VALIDATE_INT) && file_exists($rootFilePath . 'content/articles/' . $_GET['article'] . '.md')) {
$sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, users.certification, users.profile_picture FROM articles JOIN users ON articles.author = users.ID WHERE articles.ID = :articleID AND (articles.classification <= :userAccreditation OR articles.author = :userID)"; $sqlRequest = "SELECT articles.ID, articles.title, articles.creation_date, articles.miniature, articles.resume, articles.author, users.username, users.display_name, roles.badge_svg, users.profile_picture FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE articles.ID = :articleID AND (articles.classification <= :userAccreditation OR articles.author = :userID)";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":articleID", $_GET['article']); $request->bindParam(":articleID", $_GET['article']);
$request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
@ -76,7 +76,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
$result = $request->fetchAll(PDO::FETCH_ASSOC); $result = $request->fetchAll(PDO::FETCH_ASSOC);
if($result) { if($result) {
$pubDateTime = strtotime($result[0]['date']); $pubDateTime = strtotime($result[0]['creation_date']);
$pubDate = date('d/m/Y', $pubDateTime); $pubDate = date('d/m/Y', $pubDateTime);
$articleID = $result[0]['ID']; $articleID = $result[0]['ID'];
$articleTitle = $result[0]['title']; $articleTitle = $result[0]['title'];
@ -84,7 +84,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
$miniatureURL = $result[0]['miniature']; $miniatureURL = $result[0]['miniature'];
$authorUsername = $result[0]['username']; $authorUsername = $result[0]['username'];
$authorDisplayName = $result[0]['display_name']; $authorDisplayName = $result[0]['display_name'];
$authorCertification = $result[0]['certification']; $authorBadge = $result[0]['badge_svg'];
$authorPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture']; $authorPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture'];
$authorID = $result[0]['author']; $authorID = $result[0]['author'];
@ -96,7 +96,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
echo ('<a href="/editor?article=' . $articleID . '" class="button">Editer</a>'); echo ('<a href="/editor?article=' . $articleID . '" class="button">Editer</a>');
} }
userWidget($authorPPURL, $authorDisplayName, $authorUsername, $authorCertification, $badges, $rootPageURL); userWidget($authorPPURL, $authorDisplayName, $authorUsername, $authorBadge, $rootPageURL);
echo ('<div class="article-illustration">'); echo ('<div class="article-illustration">');
echo ('<img src="' . $miniatureURL . '"/>'); echo ('<img src="' . $miniatureURL . '"/>');
@ -114,7 +114,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
} else { } else {
$search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%"; $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
$sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name, users.certification FROM articles JOIN users ON articles.author = users.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.date DESC"; $sqlRequest = "SELECT articles.ID, articles.title, articles.creation_date, articles.miniature, articles.resume, users.username, users.display_name, roles.badge_svg FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE (articles.title LIKE :search OR articles.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search) AND (articles.classification <= :userAccreditation OR articles.author = :userID) ORDER BY articles.creation_date DESC";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":search", $search); $request->bindParam(":search", $search);
$request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
@ -130,7 +130,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
echo ('</form>'); echo ('</form>');
if(empty($_GET['search']) == false) { if(empty($_GET['search']) == false) {
$sqlRequest = "SELECT username, display_name, certification, profile_picture FROM users WHERE username LIKE :search OR display_name LIKE :search"; $sqlRequest = "SELECT users.username, users.display_name, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE username LIKE :search OR display_name LIKE :search";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":search", $search); $request->bindParam(":search", $search);
$request->execute(); $request->execute();
@ -139,7 +139,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
echo ('<div class="users-list">'); echo ('<div class="users-list">');
foreach ($userResult as $user) { foreach ($userResult as $user) {
$userPPURL = $user['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $user['profile_picture']; $userPPURL = $user['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $user['profile_picture'];
userWidget($userPPURL, $user['display_name'], $user['username'], $user['certification'], $badges, $rootPageURL); userWidget($userPPURL, $user['display_name'], $user['username'], $user['badge_svg'], $rootPageURL);
} }
echo ('</div>'); echo ('</div>');
} }

2
html/settings/index.php
View File

@ -23,7 +23,7 @@ if (isset($_POST['username']) && isset($_POST['email'])) {
if($result && $result[0]['ID'] != $_SESSION['userID']) { if($result && $result[0]['ID'] != $_SESSION['userID']) {
$status = "Le nom d'utilisateur n'est pas disponible"; $status = "Le nom d'utilisateur n'est pas disponible";
} else { } else {
$sqlRequest = "UPDATE users SET username = :username, email = :email WHERE ID = :userID"; $sqlRequest = "UPDATE users SET username = :username, email = :email, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest); $request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20))); $request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20)));
$request->bindParam(":email", htmlspecialchars($_POST['email'])); $request->bindParam(":email", htmlspecialchars($_POST['email']));

2
html/upload/index.php
View File

@ -7,7 +7,7 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if ($_SESSION['level'] < 1) { if ($_SESSION['userRole'] < 1) {
header("Location: login.php"); header("Location: login.php");
http_response_code(404); http_response_code(404);
} }

18
html/users/index.php
View File

@ -9,7 +9,7 @@ require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass); $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if(isset($_GET['u']) && empty($_GET['u']) == false) { if(isset($_GET['u']) && empty($_GET['u']) == false) {
$request = $pdo->prepare("SELECT ID, username, display_name, profile_picture, banner, bio, certification FROM users WHERE username = :username"); $request = $pdo->prepare("SELECT users.ID, users.username, users.display_name, users.profile_picture, users.banner, users.bio, roles.badge_svg FROM users JOIN roles ON users.role = roles.ID WHERE users.username = :username");
$request->bindParam(":username", htmlspecialchars($_GET['u'])); $request->bindParam(":username", htmlspecialchars($_GET['u']));
$request->execute(); $request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC); $result = $request->fetchAll(PDO::FETCH_ASSOC);
@ -21,7 +21,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
$userPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture']; $userPPURL = $result[0]['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $result[0]['profile_picture'];
$userBanner = $result[0]['banner'] = NULL ? "" : $result[0]['banner']; $userBanner = $result[0]['banner'] = NULL ? "" : $result[0]['banner'];
$userBio = $result[0]['bio']; $userBio = $result[0]['bio'];
$userCertification = $result[0]['certification']; $userBadgeSVG = $userBadgeSVG = $result[0]['badge_svg'];
} else { } else {
$userID = 0; $userID = 0;
$userName = htmlspecialchars($_GET['u']); $userName = htmlspecialchars($_GET['u']);
@ -29,7 +29,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
$userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"; $userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png";
$userBanner = ""; $userBanner = "";
$userBio = ""; $userBio = "";
$userCertification = 0; $userBadgeSVG = "";
} }
} else { } else {
$userID = 0; $userID = 0;
@ -38,7 +38,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
$userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png"; $userPPURL = "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png";
$userBanner = ""; $userBanner = "";
$userBio = ""; $userBio = "";
$userCertification = 0; $userBadgeSVG = "";
} }
?> ?>
@ -93,11 +93,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
<div class="display-name"><?=$userDisplayName?></div> <div class="display-name"><?=$userDisplayName?></div>
<div class="user-level"> <div class="user-level">
<?php <?php
if($userCertification > 0) { echo($userBadgeSVG)
echo ('<svg class="certification" viewBox="0 0 22 22" aria-label="Compte certifié" role="img"><g>');
echo ($badges[$userCertification]);
echo ('</g></svg>');
}
?> ?>
</div> </div>
<div class="username">@<?=$userName?></div> <div class="username">@<?=$userName?></div>
@ -117,10 +113,10 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
<div class="user-content"> <div class="user-content">
<?php <?php
$search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%"; $search = isset($_GET['search']) ? "%" . htmlspecialchars($_GET['search']) . "%" : "%%";
$request = $pdo->prepare("SELECT ID, title, date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userLevel ORDER BY date DESC"); $request = $pdo->prepare("SELECT ID, title, creation_date, miniature, resume FROM articles WHERE (title LIKE :search OR ID LIKE :search) AND author = :userID AND classification <= :userRole ORDER BY creation_date DESC");
$request->bindParam(":search", $search); $request->bindParam(":search", $search);
$request->bindParam(":userID", $userID); $request->bindParam(":userID", $userID);
$request->bindParam(":userLevel", $_SESSION['userLevel']); $request->bindParam(":userRole", $_SESSION['userRole']);
$request->execute(); $request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC); $result = $request->fetchAll(PDO::FETCH_ASSOC);
echo ('<h1>Articles de ' . $userDisplayName . '</h1>'); echo ('<h1>Articles de ' . $userDisplayName . '</h1>');

4
include/init.php
View File

@ -2,9 +2,9 @@
session_start(); session_start();
if (!isset($_SESSION['userAccreditation']) || !isset($_SESSION['userLevel'])) { if (!isset($_SESSION['userAccreditation']) || !isset($_SESSION['userRole'])) {
$_SESSION['userAccreditation'] = 0; $_SESSION['userAccreditation'] = 0;
$_SESSION['userLevel'] = 0; $_SESSION['userRole'] = 0;
} }
if (!isset($_COOKIE['theme'])) { if (!isset($_COOKIE['theme'])) {

15
include/objects.php
View File

@ -1,6 +1,6 @@
<?php <?php
function userWidget($userPPURL, $userDisplayName, $userName, $userCertification, $badges, $rootPageURL) { function userWidget($userPPURL, $userDisplayName, $userName, $userBadgeSVG, $rootPageURL) {
echo ('<a href="' . $rootPageURL . 'users?u=' . $userName . '" class="user-widget-link">'); echo ('<a href="' . $rootPageURL . 'users?u=' . $userName . '" class="user-widget-link">');
echo ('<div class="user-widget">'); echo ('<div class="user-widget">');
@ -13,11 +13,7 @@ function userWidget($userPPURL, $userDisplayName, $userName, $userCertification,
echo ('<div class="user-display-name">'); echo ('<div class="user-display-name">');
echo ($userDisplayName); echo ($userDisplayName);
if ($userCertification > 0) { echo ($userBadgeSVG);
echo ('<svg class="certification" viewBox="0 0 22 22" aria-label="Compte certifié" role="img">');
echo ('<g>' . $badges[$userCertification] . '</g>');
echo ('</svg>');
}
echo ('</div>'); echo ('</div>');
echo ('<div class="user-name">@' . $userName . '</div>'); echo ('<div class="user-name">@' . $userName . '</div>');
@ -29,11 +25,11 @@ function userWidget($userPPURL, $userDisplayName, $userName, $userCertification,
} }
function listArticles($result, $rootPageURL, $badges) { function listArticles($result, $rootPageURL) {
foreach($result as $article) { foreach($result as $article) {
$pubDateTime = strtotime($article['date']); $pubDateTime = strtotime($article['creation_date']);
$pubDate = date('d/m/Y', $pubDateTime); $pubDate = date('d/m/Y', $pubDateTime);
$articleID = $article['ID']; $articleID = $article['ID'];
$articleTitle = $article['title']; $articleTitle = $article['title'];
@ -41,8 +37,7 @@ function listArticles($result, $rootPageURL, $badges) {
$miniatureURL = empty($article['miniature']) ? $rootPageURL . "src/img/empty.jpg" : $article['miniature']; $miniatureURL = empty($article['miniature']) ? $rootPageURL . "src/img/empty.jpg" : $article['miniature'];
if (isset($article['username'])) { if (isset($article['username'])) {
$badge = $article['certification'] > 0 ? '<svg class="certification" viewBox="0 0 22 22" aria-label="Compte certifié" role="img"><g>' . $badges[$article['certification']] . '</g></svg>' : ""; $authorLink = ' | <a href="/users?u=' . $article['username'] . '">' . $article['display_name'] . $article['badge_svg'] . '</a>';
$authorLink = ' | <a href="/users?u=' . $article['username'] . '">' . $article['display_name'] . $badge . '</a>';
} else { } else {
$authorLink = ''; $authorLink = '';
} }

2
include/panels.php
View File

@ -49,7 +49,7 @@ function fillNav($rootPageURL) {
echo ('<a href="' . $rootPageURL . 'news"><div class="nav-link">News</div></a>'); echo ('<a href="' . $rootPageURL . 'news"><div class="nav-link">News</div></a>');
echo ('<a href="' . $rootPageURL . 'about"><div class="nav-link">A propos</div></a>'); echo ('<a href="' . $rootPageURL . 'about"><div class="nav-link">A propos</div></a>');
if ($_SESSION['userLevel'] >= 3) { if ($_SESSION['userRole'] >= 3) {
echo ('<a href="' . $rootPageURL . 'admin"><div class="nav-link">Admin</div></a>'); echo ('<a href="' . $rootPageURL . 'admin"><div class="nav-link">Admin</div></a>');
} }