jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update 1.4

Browse Source
This commit is contained in:
cbo 2024-03-17 16:14:57 +00:00
parent f0347be5c3
commit f6eb4d5b02
8 changed files with 28 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
html/account/index.php
View File

@ -26,7 +26,7 @@ if (isset($_FILES['newPP']) && $_FILES['newPP']['error'] == 0) {
imagecopyresampled($imageResized, $imageOriginal, 0, 0, 0, 0, $imageWidth, $imageHeight, $width, $height);
imagealphablending($imageResized, false);
imagesavealpha($imageResized, $rootPath);
imagesavealpha($imageResized, $rootImagePath);
imagepng($imageResized, $rootImagePath);
@ -65,7 +65,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) {
imagecopyresampled($imageResized, $imageOriginal, 0, 0, 0, 0, $imageWidth, $imageHeight, $width, $height);
imagealphablending($imageResized, false);
imagesavealpha($imageResized, $rootPath);
imagesavealpha($imageResized, $rootImagePath);
imagepng($imageResized, $rootImagePath);
@ -90,8 +90,10 @@ if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) {
if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) {
$sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20)));
$request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 0, 200)));
$userDisplayName = htmlspecialchars(substr($_POST['userDisplayName'], 0, 20));
$userBio = htmlspecialchars(substr($_POST['userBio'], 0, 200));
$request->bindParam(":userDisplayName", $userDisplayName);
$request->bindParam(":userBio", $userBio);
$request->bindParam(":userID", $_SESSION['userID']);
if($request->execute()) {
$status = "Informations mises à jour";
@ -237,7 +239,7 @@ if($result) {
if ($result) {
echo('<div class="articles-list">');
listArticles($result, $rootPageURL, $badges);
listArticles($result, $rootPageURL);
echo ('</div>');
} else {
echo ('Vous n\'avez publié aucun article...');

2
html/admin/index.php
View File

@ -92,8 +92,6 @@ if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user
$userRoles[$userRole['ID']] = $userRole['role_name'];
}
foreach($result as $row) {
$pubDateTime = strtotime($row['creation_ate']);
$pubDate = date('d/m/Y', $pubDateTime);
$userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture'];
echo ('<div class="user-row"><form action="#" method="post">');

2
html/index.php
View File

@ -41,7 +41,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
</div>
<div class="articles-list">
<?php
$sqlRequest = "SELECT articles.ID, articles.title, articles.date, articles.miniature, articles.resume, users.username, users.display_name, roles.badge_svg FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE articles.classification <= :userAccreditation ORDER BY date DESC LIMIT 3";
$sqlRequest = "SELECT articles.ID, articles.title, articles.creation_date, articles.miniature, articles.resume, users.username, users.display_name, roles.badge_svg FROM articles INNER JOIN users ON articles.author = users.ID LEFT JOIN roles ON users.role = roles.ID WHERE articles.classification <= :userAccreditation ORDER BY articles.creation_date DESC LIMIT 3";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":userAccreditation", $_SESSION['userAccreditation']);
$request->execute();

6
html/login/index.php
View File

@ -20,8 +20,10 @@ if (isset($_POST['username']) && isset($_POST['password'])) {
$sqlRequest = "SELECT ID, username, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars($_POST['username']));
$request->bindParam(":password", md5($_POST['password']));
$userName = htmlspecialchars($_POST['username']);
$userPassword = md5($_POST['password']);
$request->bindParam(":username", $userName);
$request->bindParam(":password", $userPassword);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);

2
html/news/index.php
View File

@ -147,7 +147,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
if ($articlesResult) {
echo('<div class="articles-list">');
listArticles($articlesResult, $rootPageURL, $badges);
listArticles($articlesResult, $rootPageURL);
echo('</div>');
} else {
echo ('Aucun article trouvé');

8
html/settings/index.php
View File

@ -17,7 +17,8 @@ if (isset($_POST['username']) && isset($_POST['email'])) {
if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['email'])) {
$sqlRequest = "SELECT ID FROM users WHERE username = :username";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20)));
$userName = htmlspecialchars(substr($_POST['username'], 0, 20));
$request->bindParam(":username", $userName);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);
if($result && $result[0]['ID'] != $_SESSION['userID']) {
@ -25,8 +26,9 @@ if (isset($_POST['username']) && isset($_POST['email'])) {
} else {
$sqlRequest = "UPDATE users SET username = :username, email = :email, last_update = now() WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20)));
$request->bindParam(":email", htmlspecialchars($_POST['email']));
$request->bindParam(":username", $userName);
$userEmail = htmlspecialchars($_POST['email']);
$request->bindParam(":email", $userEmail);
$request->bindParam(":userID", $_SESSION['userID']);
if($request->execute()) {
$status = "Informations mises à jour";

7
html/upload/index.php
View File

@ -81,6 +81,13 @@ if(isset($_POST['article-content']) && isset($_POST['classification'])) {
<div><textarea name="article-resume" placeholder="Résumé de l'article (200 cacactères) ..." class="article-resume-input" maxlength="200"></textarea></div>
<div><textarea name="article-content" placeholder="Contenu de l'article (MarkDown) ..." class="article-content-input"></textarea></div>
<?php
$sqlRequest = "SELECT ID, name FROM confidential_levels";
$request = $pdo->prepare($sqlRequest);
$request->execute();
$confidentialLevels = array();
foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) {
$confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name'];
}
selectInput("classification", "Classification", $confidentialLevels, 0);
?>
<div><button type="submit">Publier</button></div>

5
html/users/index.php
View File

@ -10,7 +10,8 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
if(isset($_GET['u']) && empty($_GET['u']) == false) {
$request = $pdo->prepare("SELECT users.ID, users.username, users.display_name, users.profile_picture, users.banner, users.bio, roles.badge_svg FROM users JOIN roles ON users.role = roles.ID WHERE users.username = :username");
$request->bindParam(":username", htmlspecialchars($_GET['u']));
$requestedUserName = htmlspecialchars($_GET['u']);
$request->bindParam(":username", $requestedUserName);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);
@ -127,7 +128,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) {
if ($result) {
echo('<div class="articles-list">');
listArticles($result, $rootPageURL, $badges);
listArticles($result, $rootPageURL);
echo ('</div>');
} else {
echo ($userDisplayName . ' n\'a encore rien publié');