diff --git a/config/global.ini b/config/global.ini index d21663e0..5bdd7bbb 100644 --- a/config/global.ini +++ b/config/global.ini @@ -13,3 +13,10 @@ dbhost = "127.0.0.1" [nav] Journal = "journal.php" +[classifications] +0 = "Public" +1 = "Membres" +2 = "Membres Impliqués" +3 = "Responsables" +4 = "Directeurs" +5 = "Administrateur" \ No newline at end of file diff --git a/html/admin.php b/html/admin.php index 4cca341d..b7732d01 100644 --- a/html/admin.php +++ b/html/admin.php @@ -2,7 +2,7 @@ require "../include/variables.php"; require "../include/functions.php"; -if(isset($_SESSION['userid']) == false) { +if(isset($_SESSION['role']) == false || $_SESSION['role'] < 4) { header("Location: login.php"); http_response_code(404); die(); diff --git a/html/compte.php b/html/compte.php new file mode 100644 index 00000000..90da78f3 --- /dev/null +++ b/html/compte.php @@ -0,0 +1,57 @@ + + + + + + + + + <?=$title?> + + +
+
+
+ + + +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+
+ $value) { echo "
" . $name . " : " . $value . "
";} + ?> +
+
+
+
+ + + \ No newline at end of file diff --git a/html/editpage.php b/html/editpage.php index 562936b1..74b6831a 100644 --- a/html/editpage.php +++ b/html/editpage.php @@ -2,6 +2,12 @@ require "../include/variables.php"; require "../include/functions.php"; +if(isset($_SESSION['role']) == false || $_SESSION['role'] < 3) { + header("Location: login.php"); + http_response_code(404); + die(); +} + $filetypes = [ 0 => "article", 1 => "page" @@ -9,12 +15,6 @@ $filetypes = [ $repertoire = "/var/www/e59/"; -if(isset($_SESSION['userid']) == false) { - header("Location: login.php"); - http_response_code(404); - die(); -} - if(isset($_GET['article']) && filter_var($_GET['article'], FILTER_VALIDATE_INT)) { if(file_exists($repertoire . "content/journal/" . $_GET['article'] . ".md")){ $fichier = $repertoire . "content/journal/" . $_GET['article'] . ".md"; diff --git a/html/journal-interne.php b/html/journal-interne.php new file mode 100644 index 00000000..bc8341a8 --- /dev/null +++ b/html/journal-interne.php @@ -0,0 +1,89 @@ + + + + + + + + + <?=$title?> + + +
+
+
+ + + +
+
+
+
+
+
+
+
+
+
+
+ +
+
+
+
+
"; + echo $parsedown->text($markdownContent); + echo "
"; + } else { + $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); + $req = $bdd->prepare("SELECT ID, titre, date, auteur FROM articles ORDER BY date DESC"); + $req->execute(); + $resultat = $req->fetchAll(PDO::FETCH_ASSOC); + + $date = new Datetime($row['date']); + + if ($resultat) { + foreach($resultat as $row) { + echo "

" . $row['titre'] . "

" . $row['auteur'] . "

" . $date->format('d/m/Y') . "
"; + } + } + } + ?> +
+
+ +
+ + + \ No newline at end of file diff --git a/html/login.php b/html/login.php index 34d3b81a..17773688 100644 --- a/html/login.php +++ b/html/login.php @@ -11,7 +11,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) { if(empty($_POST['username']) == false && empty($_POST['password']) === false) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $req = $bdd->prepare("SELECT ID, username, email, display_name FROM admins WHERE (username = :username OR email = :username) AND password = :password"); + $req = $bdd->prepare("SELECT ID, username, email, display_name, role FROM users WHERE (username = :username OR email = :username) AND password = :password"); $req->bindParam(':username', htmlspecialchars($_POST['username'])); $req->bindParam(':password', md5($_POST['password'])); $req->execute(); @@ -23,6 +23,7 @@ if(isset($_POST['username']) && isset($_POST['password'])) { $_SESSION['email'] = $resultat[0]['email']; $_SESSION['display_name'] = $resultat[0]['display_name']; $_SESSION['userid'] = $resultat[0]['ID']; + $_SESSION['role'] = $resultat[0]['role']; header("Location: index.php"); exit(); } else { diff --git a/html/upload-file.php b/html/upload-file.php deleted file mode 100644 index 1439dc11..00000000 --- a/html/upload-file.php +++ /dev/null @@ -1,95 +0,0 @@ -prepare("INSERT INTO articles (ID, titre, date, auteur) VALUES (:filename, :titre, :date, :auteur)"); - $upload->bindParam(':filename', $filename); - $upload->bindParam(':titre', htmlspecialchars($_POST['titre'])); - $upload->bindParam(':auteur', $_SESSION['display_name']); - if (isset($_POST['date']) && empty($_POST['date']) == false) { - $upload->bindParam(':date', htmlspecialchars($_POST['date'])); - } else { - $upload->bindParam(':date', date("Y-m-d")); - } - if($upload->execute()) { - $status = "Uploaded"; - } else { - $status = "SQL Error"; - } -} - -?> - - - - - - - - - - -
-
-
- - - -
-
-
-
-
-
-
-
-
-
-
- -
-
-
-
-

Publier un article

-
-
-
-
- -
-
-
-
-
-
-
-
-
- - - \ No newline at end of file diff --git a/html/upload.php b/html/upload.php index 442ce70e..c8d5be71 100644 --- a/html/upload.php +++ b/html/upload.php @@ -4,7 +4,7 @@ require "../include/functions.php"; $repertoire = "/var/www/e59/"; -if(isset($_SESSION['userid']) == false) { +if(isset($_SESSION['role']) == false || $_SESSION['role'] < 3) { header("Location: login.php"); http_response_code(404); die(); @@ -18,10 +18,11 @@ if(isset($_POST['page-content'])) { file_put_contents($repertoire . "content/journal/" . $filename . ".md", nl2br($_POST['page-content'])); $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); - $upload = $bdd->prepare("INSERT INTO articles (ID, titre, date, auteur) VALUES (:filename, :titre, :date, :auteur)"); + $upload = $bdd->prepare("INSERT INTO articles (ID, titre, date, auteur, classification) VALUES (:filename, :titre, :date, :auteur, :classification)"); $upload->bindParam(':filename', $filename); $upload->bindParam(':titre', htmlspecialchars($_POST['titre'])); $upload->bindParam(':auteur', $_SESSION['display_name']); + $upload->bindParam(':classification', $_POST['classification']); if($upload->execute()) { $status = "Article Publié"; } else { @@ -77,6 +78,11 @@ if(isset($_POST['page-content'])) {

Publier un article

+
+ +
diff --git a/include/functions.php b/include/functions.php index ad3cb9a7..0cd71a42 100644 --- a/include/functions.php +++ b/include/functions.php @@ -9,7 +9,7 @@ function nav($nav) { echo "
Admin
"; } if (isset($_SESSION['userid'])) { - echo "
Déconnexion
"; + echo "
" . $_SESSION['display_name'] . "
Déconnexion
"; } else { echo "
Connexion
"; } diff --git a/include/variables.php b/include/variables.php index 0b11a78a..7cb50b98 100644 --- a/include/variables.php +++ b/include/variables.php @@ -13,5 +13,6 @@ $copyright = $config['main']['copyright']; $nav = $config['nav']; $navadmin = $nav; $status = ""; +$classifications = $config['classification']; ?> \ No newline at end of file