From f6eb4d5b02e1193ad5e8456fc3e8262f555e3a0c Mon Sep 17 00:00:00 2001 From: cbo Date: Sun, 17 Mar 2024 16:14:57 +0000 Subject: [PATCH] Update 1.4 --- html/account/index.php | 12 +++++++----- html/admin/index.php | 2 -- html/index.php | 2 +- html/login/index.php | 6 ++++-- html/news/index.php | 2 +- html/settings/index.php | 8 +++++--- html/upload/index.php | 7 +++++++ html/users/index.php | 5 +++-- 8 files changed, 28 insertions(+), 16 deletions(-) diff --git a/html/account/index.php b/html/account/index.php index ca2212cc..52017a6e 100755 --- a/html/account/index.php +++ b/html/account/index.php @@ -26,7 +26,7 @@ if (isset($_FILES['newPP']) && $_FILES['newPP']['error'] == 0) { imagecopyresampled($imageResized, $imageOriginal, 0, 0, 0, 0, $imageWidth, $imageHeight, $width, $height); imagealphablending($imageResized, false); - imagesavealpha($imageResized, $rootPath); + imagesavealpha($imageResized, $rootImagePath); imagepng($imageResized, $rootImagePath); @@ -65,7 +65,7 @@ if (isset($_FILES['newBanner']) && $_FILES['newBanner']['error'] == 0) { imagecopyresampled($imageResized, $imageOriginal, 0, 0, 0, 0, $imageWidth, $imageHeight, $width, $height); imagealphablending($imageResized, false); - imagesavealpha($imageResized, $rootPath); + imagesavealpha($imageResized, $rootImagePath); imagepng($imageResized, $rootImagePath); @@ -90,8 +90,10 @@ if (isset($_POST['userDisplayName']) && isset($_POST['userBio'])) { if(preg_match('!\S!u', $_POST['userDisplayName']) && preg_match('!\S!u', $_POST['userBio'])) { $sqlRequest = "UPDATE users SET display_name = :userDisplayName, bio = :userBio, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); - $request->bindParam(":userDisplayName", htmlspecialchars(substr($_POST['userDisplayName'], 0, 20))); - $request->bindParam(":userBio", htmlspecialchars(substr($_POST['userBio'], 0, 200))); + $userDisplayName = htmlspecialchars(substr($_POST['userDisplayName'], 0, 20)); + $userBio = htmlspecialchars(substr($_POST['userBio'], 0, 200)); + $request->bindParam(":userDisplayName", $userDisplayName); + $request->bindParam(":userBio", $userBio); $request->bindParam(":userID", $_SESSION['userID']); if($request->execute()) { $status = "Informations mises à jour"; @@ -237,7 +239,7 @@ if($result) { if ($result) { echo('
'); - listArticles($result, $rootPageURL, $badges); + listArticles($result, $rootPageURL); echo ('
'); } else { echo ('Vous n\'avez publié aucun article...'); diff --git a/html/admin/index.php b/html/admin/index.php index 9be68fee..ed55fd9b 100755 --- a/html/admin/index.php +++ b/html/admin/index.php @@ -92,8 +92,6 @@ if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user $userRoles[$userRole['ID']] = $userRole['role_name']; } foreach($result as $row) { - $pubDateTime = strtotime($row['creation_ate']); - $pubDate = date('d/m/Y', $pubDateTime); $userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture']; echo ('
'); diff --git a/html/index.php b/html/index.php index d73f18ca..b38bf8ac 100755 --- a/html/index.php +++ b/html/index.php @@ -41,7 +41,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData
prepare($sqlRequest); $request->bindParam(":userAccreditation", $_SESSION['userAccreditation']); $request->execute(); diff --git a/html/login/index.php b/html/login/index.php index 67bfbdc2..14a5cc56 100755 --- a/html/login/index.php +++ b/html/login/index.php @@ -20,8 +20,10 @@ if (isset($_POST['username']) && isset($_POST['password'])) { $sqlRequest = "SELECT ID, username, display_name, role, accreditation FROM users WHERE (username = :username OR email = :username) AND password = :password"; $request = $pdo->prepare($sqlRequest); - $request->bindParam(":username", htmlspecialchars($_POST['username'])); - $request->bindParam(":password", md5($_POST['password'])); + $userName = htmlspecialchars($_POST['username']); + $userPassword = md5($_POST['password']); + $request->bindParam(":username", $userName); + $request->bindParam(":password", $userPassword); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); diff --git a/html/news/index.php b/html/news/index.php index 0e523d4d..92e804fe 100755 --- a/html/news/index.php +++ b/html/news/index.php @@ -147,7 +147,7 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData if ($articlesResult) { echo('
'); - listArticles($articlesResult, $rootPageURL, $badges); + listArticles($articlesResult, $rootPageURL); echo('
'); } else { echo ('Aucun article trouvé'); diff --git a/html/settings/index.php b/html/settings/index.php index 9037f757..f3bf8a7c 100755 --- a/html/settings/index.php +++ b/html/settings/index.php @@ -17,7 +17,8 @@ if (isset($_POST['username']) && isset($_POST['email'])) { if(preg_match('!\S!u', $_POST['username']) && preg_match('!\S!u', $_POST['email'])) { $sqlRequest = "SELECT ID FROM users WHERE username = :username"; $request = $pdo->prepare($sqlRequest); - $request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20))); + $userName = htmlspecialchars(substr($_POST['username'], 0, 20)); + $request->bindParam(":username", $userName); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); if($result && $result[0]['ID'] != $_SESSION['userID']) { @@ -25,8 +26,9 @@ if (isset($_POST['username']) && isset($_POST['email'])) { } else { $sqlRequest = "UPDATE users SET username = :username, email = :email, last_update = now() WHERE ID = :userID"; $request = $pdo->prepare($sqlRequest); - $request->bindParam(":username", htmlspecialchars(substr($_POST['username'], 0, 20))); - $request->bindParam(":email", htmlspecialchars($_POST['email'])); + $request->bindParam(":username", $userName); + $userEmail = htmlspecialchars($_POST['email']); + $request->bindParam(":email", $userEmail); $request->bindParam(":userID", $_SESSION['userID']); if($request->execute()) { $status = "Informations mises à jour"; diff --git a/html/upload/index.php b/html/upload/index.php index daec8e50..e398f9be 100755 --- a/html/upload/index.php +++ b/html/upload/index.php @@ -81,6 +81,13 @@ if(isset($_POST['article-content']) && isset($_POST['classification'])) {
prepare($sqlRequest); + $request->execute(); + $confidentialLevels = array(); + foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) { + $confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name']; + } selectInput("classification", "Classification", $confidentialLevels, 0); ?>
diff --git a/html/users/index.php b/html/users/index.php index f3bdba7a..9f072ba8 100755 --- a/html/users/index.php +++ b/html/users/index.php @@ -10,7 +10,8 @@ $pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlData if(isset($_GET['u']) && empty($_GET['u']) == false) { $request = $pdo->prepare("SELECT users.ID, users.username, users.display_name, users.profile_picture, users.banner, users.bio, roles.badge_svg FROM users JOIN roles ON users.role = roles.ID WHERE users.username = :username"); - $request->bindParam(":username", htmlspecialchars($_GET['u'])); + $requestedUserName = htmlspecialchars($_GET['u']); + $request->bindParam(":username", $requestedUserName); $request->execute(); $result = $request->fetchAll(PDO::FETCH_ASSOC); @@ -127,7 +128,7 @@ if(isset($_GET['u']) && empty($_GET['u']) == false) { if ($result) { echo('
'); - listArticles($result, $rootPageURL, $badges); + listArticles($result, $rootPageURL); echo ('
'); } else { echo ($userDisplayName . ' n\'a encore rien publié');