e59-website/html/admin/index.php

<?php
require("../../include/variables.php");
require("../../include/init.php");
require("../../include/main-functions.php");
require("../../include/objects.php");
require("../../include/inputs.php");
require("../../include/panels.php");

if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) {
    http_response_code(403);
    die("Vous n'êtes pas autorisé à accéder à cette ressource");
}

$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);

if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user-accreditation']) && empty($_POST['user-id']) == false) {
    $userID = (int)$_POST['user-id'];
    $userRole = empty($_POST['user-role']) ? 1 : (int)$_POST['user-role'];
    $userAccreditation = empty($_POST['user-accreditation']) ? 0 : (int)$_POST['user-accreditation'];
    $sqlRequest = "UPDATE users SET role = :userRole, accreditation = :userAccreditation WHERE ID = :userID";
    $request = $pdo->prepare($sqlRequest);
    $request->bindParam(":userRole", $userRole);
    $request->bindParam(":userAccreditation", $userAccreditation);
    $request->bindParam(":userID", $userID);
    if($request->execute()) {
        $status = "Utilisateur mis à jour";
    } else {
        $status = "Erreur SQL";
    }
}
?>

<!DOCTYPE html>
<html lang="fr">

    <head>
        <?php fillHead($rootPageURL, $pageTitle, $darkTheme, $lightTheme);?>
        <style>
            .user-widget-link {
                display: block;
            }
            .user-row {
                margin: 5em 0;
            }
        </style>
    </head>

    <body class="body">

        <header>
            <div class="panel-content">
                <?php fillHeader($rootPageURL, $headerTitle, $headerSubtitle);?>
            </div>
        </header>

        <nav>
            <div class="panel-content">
                <?php fillNav($rootPageURL);?>
            </div>
        </nav>

        <main>
            <div class="content">
                <?=$status?>
                <?php

                    echo ('<form action="" method="get">');
                    $shapePath = '<path d="M10.25 3.75c-3.59 0-6.5 2.91-6.5 6.5s2.91 6.5 6.5 6.5c1.795 0 3.419-.726 4.596-1.904 1.178-1.177 1.904-2.801 1.904-4.596 0-3.59-2.91-6.5-6.5-6.5zm-8.5 6.5c0-4.694 3.806-8.5 8.5-8.5s8.5 3.806 8.5 8.5c0 1.986-.682 3.815-1.824 5.262l4.781 4.781-1.414 1.414-4.781-4.781c-1.447 1.142-3.276 1.824-5.262 1.824-4.694 0-8.5-3.806-8.5-8.5z"></path>';
                    textInput("text", $shapePath, "search", "Chercher", "");
                    echo ('</form>');

                    $search = isset($_GET['search']) ? '%' . $_GET['search'] . '%' : '%%';

                    $sqlRequest = "SELECT users.ID, users.username, users.display_name, users.role, users.accreditation, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE users.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search OR users.email LIKE :search ORDER BY users.creation_date DESC";
                    $request = $pdo->prepare($sqlRequest);
                    $request->bindParam(":search", $search);
                    $request->execute();
                    $result = $request->fetchAll(PDO::FETCH_ASSOC);

                    if ($result) {
                        echo ('<div class="users-list">');
                        $sqlRequest = "SELECT ID, name FROM confidential_levels";
                        $request = $pdo->prepare($sqlRequest);
                        $request->execute();
                        $confidentialLevels = array();
                        foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) {
                            $confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name'];
                        }
                        $sqlRequest = "SELECT ID, role_name FROM roles";
                        $request = $pdo->prepare($sqlRequest);
                        $request->execute();
                        $userRoles = array();
                        foreach($request->fetchAll(PDO::FETCH_ASSOC) as $userRole) {
                            $userRoles[$userRole['ID']] = $userRole['role_name'];
                        }
                        foreach($result as $row) {
                            $pubDateTime = strtotime($row['creation_ate']);
                            $pubDate = date('d/m/Y', $pubDateTime);
                            $userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture'];
                            
                            echo ('<div class="user-row"><form action="#" method="post">');
                            userWidget($userPPURL, $row['display_name'], $row['username'], $row['badge_svg'], $rootPageURL);
                            selectInput("user-role", "Role", $userRoles, $row['role']);
                            selectInput("user-accreditation", "Accreditation", $confidentialLevels, $row['accreditation']);
                            echo ('<input type="hidden" name="user-id" value=' . $row['ID'] . '>');
                            echo ('<button type="submit">Mettre à jour</button>');
                            echo ('</form></div>');
                        }
                        echo ('</div>');
                    } else {
                        echo ('Aucun utilisateur trouvé.');
                    }
                ?>
            </div>
        </main>
        <footer>
            <div class="panel-content">
                <?php fillFooter($footerText);?>
            </div>
        </footer>
    </body>
</html>