"article", 1 => "page" ]; if(isset($_GET['article']) && filter_var($_GET['article'], FILTER_VALIDATE_INT)) { if(file_exists($wwwroot . "/content/journal/" . $_GET['article'] . ".md")){ $fichier = $wwwroot . "/content/journal/" . $_GET['article'] . ".md"; $filename = $_GET['article']; $filetype = 0; } } if(isset($_GET['page']) && strpos($_GET['page'], "..") == false) { if(file_exists($wwwroot . "/content/" . $_GET['page'] . ".md")){ $fichier = $wwwroot . "/content/" . $_GET['page'] . ".md"; $filename = $_GET['page']; $filetype = 1; } } $filename = isset($filename) ? $filename : ""; if(isset($fichier)) { if(isset($_GET['article']) && isset($_POST['deletefile']) && $_POST['deletefile'] == "Supprimer") { if(unlink($fichier)) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $upload = $bdd->prepare("DELETE FROM articles WHERE ID = :filename"); $upload->bindParam(':filename', $filename); if($upload->execute()) { header("Location: editpage.php"); echo "Fichier supprimé"; exit(); } else { die("Erreur SQL"); } } else { die("Erreur : Le fichier n'a pas pu être supprimé"); } } if(isset($_POST['page-content'])) { file_put_contents($fichier, nl2br($_POST['page-content'])); } if(isset($_POST['classification']) && isset($_POST['image']) && isset($_POST['resume']) && isset($_GET['article'])) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $req = $bdd->prepare("UPDATE articles SET classification = :classification, titre = :titre, resume = :resume WHERE ID = :article"); $req->bindParam(':classification', $_POST['classification']); $req->bindParam(':titre', $_POST['titre']); $req->bindParam(':resume', $_POST['resume']); $req->bindParam(':article', $_GET['article']); if($req->execute()) { $status = "Informations mises à jour"; } else { $status = "Erreur SQL"; } } $contenu = file_get_contents($fichier); } ?> <?=$title?>
'; echo "
Retour
"; echo "
Voir l'article
"; if(isset($_GET['article'])) { $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $req = $bdd->prepare("SELECT classification, titre, image FROM articles WHERE ID = :article"); $req->bindParam(":article", $_GET['article']); $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); if($resultat) { echo '
'; $filename = $resultat[0]['titre']; echo '
'; echo '
'; } } echo "

" . $filename . "

"; echo '
'; echo '
'; } else { echo "

Pages

"; echo "
"; $pages = scandir($wwwroot . "/content/"); foreach($pages as $page) { if($page != "." && $page != "..") { if (is_file($wwwroot . "/content/" . $page)) { echo "
" . pathinfo($page, PATHINFO_FILENAME) . "
"; } } } echo "
"; echo "

Articles

"; echo "
"; $bdd = connect($dbhost, $dbname, $dbuser, $dbpass); $condition = ""; if(isset($_GET['search'])) { $search = "%" . htmlspecialchars($_GET['search']) . "%"; $condition = "AND (titre LIKE '" . $search . "' OR ID LIKE '" . $search . "' OR auteur LIKE '" . $search . "') "; } $req = $bdd->prepare("SELECT ID, titre, date, auteur, image, resume FROM articles WHERE classification <= :accreditation " . $condition . "ORDER BY date DESC LIMIT 10"); $req->bindParam(":accreditation", $_SESSION['accreditation']); $req->execute(); $resultat = $req->fetchAll(PDO::FETCH_ASSOC); if ($resultat) { foreach($resultat as $row) { $date = strtotime($row['date']); echo '
'; echo '
'; echo ''; echo '
'; echo '
'; echo '
n° ' . $row['ID'] . ' | ' . date('d/m/Y', $date) . ' | '. $row['auteur'] . '
'; echo ''; echo '
' . $row['titre'] . '
'; echo ''; echo '
' . $row['resume'] . '
'; echo '
'; echo '
' } } echo "
"; } ?>
'; } ?>