e59-website/html/users.php

<?php
require "../include/variables.php";
require "../include/functions.php";

if($_SESSION['role'] < 3) {
    header("Location: index.php");
    http_response_code(404);
    die();
}

if(isset($_POST['userid']) && isset($_POST['role']) && isset($_POST['accreditation']) && $_POST['userid'] != $_SESSION['userid'])  {
    $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);

    $req = $bdd->prepare("UPDATE users SET role = :role, accreditation = :accreditation WHERE ID = :userid");
    $req->bindParam(':role',$_POST['role']);
    $req->bindParam(':accreditation',$_POST['accreditation']);
    $req->bindParam(':userid', $_POST['userid']);
    if ($req->execute()) {
        $status = "Utilisateur mis à jour";
    } else {
        $status = "Erreur SQL";
    }
}

?>
<!DOCTYPE html>
<html lang="fr">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="./src/css/style.css">
    <style>
    @media (prefers-color-scheme: dark) {
        .body {
            <?=$theme_dark?>
        }
    } 
    @media (prefers-color-scheme: light) {
        .body {
            <?=$theme_light?>
            }
        }
    </style>
    <link rel="icon" href="src/img/favicon.ico">
    <title><?=$title?></title>
</head>
<body class="body">
    <header>
        <div class="pancontent">
            <div class="athena-container">
                <a href="/">
                    <img src="./src/img/athena-mono.png" class="athena">
                </a>
            </div>
            <div class="content">
                <div>
                    <div class="main-title">
                        <div class="title"><?=$header_title?></div>
                        <div class="subtitle"><?=$header_subtitle?></div>
                    </div>
                </div>
            </div>
        </div>
    </header>
    <nav>
        <div class="pancontent">
            <?php nav($nav);?>
        </div>
    </nav>
    <main>
        <div class="content">
            <div>
                <div>
                <div><?=$status?></div>
                <?php
                    $bdd = connect($dbhost, $dbname, $dbuser, $dbpass);
                    $req = $bdd->prepare("SELECT ID, display_name, username, email, role, accreditation FROM users ORDER BY creation_date DESC");
                    $req->execute();
                    $resultat = $req->fetchAll(PDO::FETCH_ASSOC);

                    if ($resultat) {
                        foreach($resultat as $row) {
                            echo "<div class='row'><form action='' method='post'><div>Nom : " . $row['display_name'] . "</div><div>login : " . $row['username'] . "</div><div>Email : " . $row['email'] . "</div><div><select name='role' required>";
                            foreach($roles as $id => $nom) {
                                if($row['role'] == $id) {
                                    echo '<option value="' . $id .'" selected>' . $nom . '</option>';
                                } else {
                                    echo '<option value="' . $id .'">' . $nom . '</option>';
                                }
                            }
                            echo "</select><select name='accreditation' required>";
                            foreach($classifications as $id => $nom) {
                                if($row['accreditation'] == $id) {
                                    echo '<option value="' . $id .'" selected>' . $nom . '</option>';
                                } else {
                                    echo '<option value="' . $id .'">' . $nom . '</option>';
                                }
                            }
                            echo "<input type='hidden' name='userid' value='" . $row['ID'] . "'><input type='submit' value='Mettre à jour'></div></form></div>";
                        }
                    }
                    ?>
                </div>
            </div>
        </div>
    </main>
    <footer>
        <div class="content">
            <div>
                <div><?=$copyright?></div>
            </div>
        </div>
    </footer>
</body>
</html>