jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 7 files

Browse Source 
- /html/admin.php
- /html/register.php
- /html/login.php
- /html/users.php
- /html/journal.php
- /html/editpage.php
- /config/global.ini
This commit is contained in:
Jan BELLON 2024-03-08 10:26:34 +00:00
parent 4273e84e69
commit d913a7af27
7 changed files with 30 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
config/global.ini
View File

@ -16,7 +16,11 @@ Journal = "journal.php"
[classifications] [classifications]
0 = "Public" 0 = "Public"
1 = "Membres" 1 = "Membres"
2 = "Membres Impliqués" 2 = "Restreint"
3 = "Responsables" 3 = "Direction"
4 = "Directeurs"
5 = "Administrateur" [roles]
0 = "Invité"
1 = "Membre"
2 = "Responsable"
3 = "Directeur"

2
html/admin.php
View File

@ -2,7 +2,7 @@
require "../include/variables.php"; require "../include/variables.php";
require "../include/functions.php"; require "../include/functions.php";
if($_SESSION['role'] < 4) { if($_SESSION['role'] < 3) {
header("Location: index.php"); header("Location: index.php");
http_response_code(404); http_response_code(404);
die(); die();

6
html/editpage.php
View File

@ -2,7 +2,7 @@
require "../include/variables.php"; require "../include/variables.php";
require "../include/functions.php"; require "../include/functions.php";
if($_SESSION['role'] < 3) { if($_SESSION['role'] < 2) {
header("Location: index.php"); header("Location: index.php");
http_response_code(404); http_response_code(404);
die(); die();
@ -119,8 +119,8 @@ if(isset($fichier)) {
echo "</div></div><div>"; echo "</div></div><div>";
echo "<div><h2>Articles</h2></div>"; echo "<div><h2>Articles</h2></div>";
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("SELECT ID, titre, auteur, date, classification FROM articles WHERE classification <= :role ORDER BY date DESC LIMIT 10"); $req = $bdd->prepare("SELECT ID, titre, auteur, date, classification FROM articles WHERE classification <= :accreditation ORDER BY date DESC LIMIT 10");
$req->bindParam(":role", $_SESSION['role']); $req->bindParam(":accreditation", $_SESSION['accreditation']);
$req->execute(); $req->execute();
$resultat = $req->fetchAll(PDO::FETCH_ASSOC); $resultat = $req->fetchAll(PDO::FETCH_ASSOC);

4
html/journal.php
View File

@ -55,8 +55,8 @@ if (filter_var($_GET['article'], FILTER_VALIDATE_INT)) {
echo "</div></div>"; echo "</div></div>";
} else { } else {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("SELECT ID, titre, date, auteur, classification FROM articles WHERE classification <= :role ORDER BY date DESC"); $req = $bdd->prepare("SELECT ID, titre, date, auteur, classification FROM articles WHERE classification <= :accreditation ORDER BY date DESC");
$req->bindParam(":role", $_SESSION['role']); $req->bindParam(":accreditation", $_SESSION['accreditation']);
$req->execute(); $req->execute();
$resultat = $req->fetchAll(PDO::FETCH_ASSOC); $resultat = $req->fetchAll(PDO::FETCH_ASSOC);

3
html/login.php
View File

@ -11,7 +11,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) {
if(empty($_POST['username']) == false && empty($_POST['password']) === false) { if(empty($_POST['username']) == false && empty($_POST['password']) === false) {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("SELECT ID, username, email, display_name, role FROM users WHERE (username = :username OR email = :username) AND password = :password"); $req = $bdd->prepare("SELECT ID, username, email, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password");
$req->bindParam(':username', htmlspecialchars($_POST['username'])); $req->bindParam(':username', htmlspecialchars($_POST['username']));
$req->bindParam(':password', md5($_POST['password'])); $req->bindParam(':password', md5($_POST['password']));
$req->execute(); $req->execute();
@ -24,6 +24,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) {
$_SESSION['display_name'] = $resultat[0]['display_name']; $_SESSION['display_name'] = $resultat[0]['display_name'];
$_SESSION['userid'] = $resultat[0]['ID']; $_SESSION['userid'] = $resultat[0]['ID'];
$_SESSION['role'] = $resultat[0]['role']; $_SESSION['role'] = $resultat[0]['role'];
$_SESSION['accreditation'] = $resultat[0]['accreditation'];
header("Location: index.php"); header("Location: index.php");
exit(); exit();
} else { } else {

2
html/register.php
View File

@ -16,7 +16,7 @@ if(isset($_POST['username']) && isset($_POST['password']) && isset($_POST['passw
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("INSERT INTO users (username, password, email, display_name, role) VALUES (:username, :password, :email, :display_name, 0)"); $req = $bdd->prepare("INSERT INTO users (username, password, email, display_name, role, accreditation) VALUES (:username, :password, :email, :display_name, 0, 0)");
$req->bindParam(':username', htmlspecialchars($_POST['username'])); $req->bindParam(':username', htmlspecialchars($_POST['username']));
$req->bindParam(':password', md5($_POST['password'])); $req->bindParam(':password', md5($_POST['password']));
$req->bindParam(':email', htmlspecialchars($_POST['email'])); $req->bindParam(':email', htmlspecialchars($_POST['email']));

17
html/users.php
View File

@ -2,17 +2,18 @@
require "../include/variables.php"; require "../include/variables.php";
require "../include/functions.php"; require "../include/functions.php";
if($_SESSION['role'] < 4) { if($_SESSION['role'] < 3) {
header("Location: index.php"); header("Location: index.php");
http_response_code(404); http_response_code(404);
die(); die();
} }
if(isset($_POST['userid']) && isset($_POST['role']) && $_POST['userid'] != $_SESSION['userid'] && $_POST['role'] <= $_SESSION['role']) { if(isset($_POST['userid']) && isset($_POST['role']) && isset($_POST['accreditation']) && $_POST['userid'] != $_SESSION['userid']) {
$bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
$req = $bdd->prepare("UPDATE users SET role = :role WHERE ID = :userid"); $req = $bdd->prepare("UPDATE users SET role = :role, accreditation = :accreditation WHERE ID = :userid");
$req->bindParam(':role',$_POST['role']); $req->bindParam(':role',$_POST['role']);
$req->bindParam(':accreditation',$_POST['accreditation']);
$req->bindParam(':userid', $_POST['userid']); $req->bindParam(':userid', $_POST['userid']);
if ($req->execute()) { if ($req->execute()) {
$status = "Utilisateur mis à jour"; $status = "Utilisateur mis à jour";
@ -75,7 +76,15 @@ if(isset($_POST['userid']) && isset($_POST['role']) && $_POST['userid'] != $_SES
echo '<option value="' . $id .'">' . $nom . '</option>'; echo '<option value="' . $id .'">' . $nom . '</option>';
} }
} }
echo "</select><input type='hidden' name='userid' value='" . $row['ID'] . "'><input type='submit' value='Mettre à jour'></div></form></div>"; echo "</select><select name='accreditation' required>";
foreach($classifications as $id => $nom) {
if($row['accreditations'] == $id) {
echo '<option value="' . $id .'" selected>' . $nom . '</option>';
} else {
echo '<option value="' . $id .'">' . $nom . '</option>';
}
}
echo "<input type='hidden' name='userid' value='" . $row['ID'] . "'><input type='submit' value='Mettre à jour'></div></form></div>";
} }
} }
?> ?>