From d913a7af27fbcae4680694f836e634f30b8035bd Mon Sep 17 00:00:00 2001 From: Jan BELLON Date: Fri, 8 Mar 2024 10:26:34 +0000 Subject: [PATCH] Update 7 files - /html/admin.php - /html/register.php - /html/login.php - /html/users.php - /html/journal.php - /html/editpage.php - /config/global.ini --- config/global.ini | 12 ++++++++---- html/admin.php | 2 +- html/editpage.php | 6 +++--- html/journal.php | 4 ++-- html/login.php | 3 ++- html/register.php | 2 +- html/users.php | 17 +++++++++++++---- 7 files changed, 30 insertions(+), 16 deletions(-) diff --git a/config/global.ini b/config/global.ini index 5bdd7bbb..87692e6c 100644 --- a/config/global.ini +++ b/config/global.ini @@ -16,7 +16,11 @@ Journal = "journal.php" [classifications] 0 = "Public" 1 = "Membres" -2 = "Membres Impliqués" -3 = "Responsables" -4 = "Directeurs" -5 = "Administrateur" \ No newline at end of file +2 = "Restreint" +3 = "Direction" + +[roles] +0 = "Invité" +1 = "Membre" +2 = "Responsable" +3 = "Directeur" \ No newline at end of file diff --git a/html/admin.php b/html/admin.php index f5639b8a..60be986d 100644 --- a/html/admin.php +++ b/html/admin.php @@ -2,7 +2,7 @@ require "../include/variables.php"; require "../include/functions.php"; -if($_SESSION['role'] < 4) { +if($_SESSION['role'] < 3) { header("Location: index.php"); http_response_code(404); die(); diff --git a/html/editpage.php b/html/editpage.php index 1496d3d2..66c006bc 100644 --- a/html/editpage.php +++ b/html/editpage.php @@ -2,7 +2,7 @@ require "../include/variables.php"; require "../include/functions.php"; -if($_SESSION['role'] < 3) { +if($_SESSION['role'] < 2) { header("Location: index.php"); http_response_code(404); die(); @@ -119,8 +119,8 @@ if(isset($fichier)) { echo "
"; echo "

Articles

"; $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("SELECT ID, titre, auteur, date, classification FROM articles WHERE classification <= :role ORDER BY date DESC LIMIT 10"); - $req->bindParam(":role", $_SESSION['role']); + $req = $bdd->prepare("SELECT ID, titre, auteur, date, classification FROM articles WHERE classification <= :accreditation ORDER BY date DESC LIMIT 10"); + $req->bindParam(":accreditation", $_SESSION['accreditation']); $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); diff --git a/html/journal.php b/html/journal.php index 56222351..d5cd6b91 100644 --- a/html/journal.php +++ b/html/journal.php @@ -55,8 +55,8 @@ if (filter_var($_GET['article'], FILTER_VALIDATE_INT)) { echo "
"; } else { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("SELECT ID, titre, date, auteur, classification FROM articles WHERE classification <= :role ORDER BY date DESC"); - $req->bindParam(":role", $_SESSION['role']); + $req = $bdd->prepare("SELECT ID, titre, date, auteur, classification FROM articles WHERE classification <= :accreditation ORDER BY date DESC"); + $req->bindParam(":accreditation", $_SESSION['accreditation']); $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); diff --git a/html/login.php b/html/login.php index 7321c46f..3fcec7dd 100644 --- a/html/login.php +++ b/html/login.php @@ -11,7 +11,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) { if(empty($_POST['username']) == false && empty($_POST['password']) === false) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("SELECT ID, username, email, display_name, role FROM users WHERE (username = :username OR email = :username) AND password = :password"); + $req = $bdd->prepare("SELECT ID, username, email, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password"); $req->bindParam(':username', htmlspecialchars($_POST['username'])); $req->bindParam(':password', md5($_POST['password'])); $req->execute(); @@ -24,6 +24,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) { $_SESSION['display_name'] = $resultat[0]['display_name']; $_SESSION['userid'] = $resultat[0]['ID']; $_SESSION['role'] = $resultat[0]['role']; + $_SESSION['accreditation'] = $resultat[0]['accreditation']; header("Location: index.php"); exit(); } else { diff --git a/html/register.php b/html/register.php index 058efa43..1a704961 100644 --- a/html/register.php +++ b/html/register.php @@ -16,7 +16,7 @@ if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['passw $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("INSERT INTO users (username, password, email, display_name, role) VALUES (:username, :password, :email, :display_name, 0)"); + $req = $bdd->prepare("INSERT INTO users (username, password, email, display_name, role, accreditation) VALUES (:username, :password, :email, :display_name, 0, 0)"); $req->bindParam(':username', htmlspecialchars($_POST['username'])); $req->bindParam(':password', md5($_POST['password'])); $req->bindParam(':email', htmlspecialchars($_POST['email'])); diff --git a/html/users.php b/html/users.php index ab95fb2b..28381092 100644 --- a/html/users.php +++ b/html/users.php @@ -2,17 +2,18 @@ require "../include/variables.php"; require "../include/functions.php"; -if($_SESSION['role'] < 4) { +if($_SESSION['role'] < 3) { header("Location: index.php"); http_response_code(404); die(); } -if(isset($_POST['userid']) && isset($_POST['role']) && $_POST['userid'] != $_SESSION['userid'] && $_POST['role'] <= $_SESSION['role']) { +if(isset($_POST['userid']) && isset($_POST['role']) && isset($_POST['accreditation']) && $_POST['userid'] != $_SESSION['userid']) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("UPDATE users SET role = :role WHERE ID = :userid"); + $req = $bdd->prepare("UPDATE users SET role = :role, accreditation = :accreditation WHERE ID = :userid"); $req->bindParam(':role',$_POST['role']); + $req->bindParam(':accreditation',$_POST['accreditation']); $req->bindParam(':userid', $_POST['userid']); if ($req->execute()) { $status = "Utilisateur mis à jour"; @@ -75,7 +76,15 @@ if(isset($_POST['userid']) && isset($_POST['role']) && $_POST['userid'] != $_SES echo ''; } } - echo ""; + echo ""; } } ?>