jan/e59-website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e59-website/html/admin/index.php
cbo e7db3ee74c update 1.7
2024-07-29 22:15:21 +00:00

144 lines
6.5 KiB
PHP
Executable File
Raw Blame History

<?php
require("../../include/variables.php");
require("../../include/init.php");
if (!isset($_SESSION['userRole']) || $_SESSION['userRole'] < 50) {
http_response_code(403);
die("Vous n'êtes pas autorisé à accéder à cette ressource");
}
require("../../include/main-functions.php");
require("../../include/objects.php");
require("../../include/inputs.php");
require("../../include/panels.php");
$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);
if (isset($_POST['user-id']) && isset($_POST['user-role']) && isset($_POST['user-accreditation']) && empty($_POST['user-id']) == false) {
$userID = (int)$_POST['user-id'];
$userRole = empty($_POST['user-role']) ? 1 : (int)$_POST['user-role'];
$userAccreditation = empty($_POST['user-accreditation']) ? 0 : (int)$_POST['user-accreditation'];
$sqlRequest = "UPDATE users SET role = :userRole, accreditation = :userAccreditation WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":userRole", $userRole);
$request->bindParam(":userAccreditation", $userAccreditation);
$request->bindParam(":userID", $userID);
if($request->execute()) {
$status = "Utilisateur mis à jour";
} else {
$status = "Erreur SQL";
}
}
if (isset($_POST['delete-user']) && isset($_POST['delete-user-id'])) {
$userID = (int)$_POST['delete-user-id'];
$sqlRequest = "DELETE FROM users WHERE ID = :userID";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":userID", $userID);
if($request->execute()) {
$status = "Utilisateur supprimé";
} else {
$status = "Erreur SQL";
}
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<?php fillHead($rootPageURL, "Admin - " . $pageName, $darkTheme, $lightTheme);?>
<style>
.user-row {
margin: 3em;
display: inline-block
}
#update-button {
display: inline-block;
margin-right: 2em;
}
#delete-button {
display: inline-block;
}
</style>
</head>
<body class="body">
<header>
<div class="panel-content">
<?php fillHeader($rootPageURL, $headerTitle, $headerSubtitle, $social);?>
</div>
</header>
<nav>
<div class="panel-content">
<?php fillNav($rootPageURL);?>
</div>
</nav>
<main>
<div class="content">
<?=$status?>
<?php
echo ('<form action="" method="get">');
$shapePath = '<path d="M10.25 3.75c-3.59 0-6.5 2.91-6.5 6.5s2.91 6.5 6.5 6.5c1.795 0 3.419-.726 4.596-1.904 1.178-1.177 1.904-2.801 1.904-4.596 0-3.59-2.91-6.5-6.5-6.5zm-8.5 6.5c0-4.694 3.806-8.5 8.5-8.5s8.5 3.806 8.5 8.5c0 1.986-.682 3.815-1.824 5.262l4.781 4.781-1.414 1.414-4.781-4.781c-1.447 1.142-3.276 1.824-5.262 1.824-4.694 0-8.5-3.806-8.5-8.5z"></path>';
textInput("text", $shapePath, "search", "Chercher", "");
echo ('</form>');
$search = isset($_GET['search']) ? '%' . $_GET['search'] . '%' : '%%';
$sqlRequest = "SELECT users.ID, users.username, users.display_name, users.role, users.accreditation, roles.badge_svg, users.profile_picture FROM users JOIN roles ON users.role = roles.ID WHERE users.ID LIKE :search OR users.username LIKE :search OR users.display_name LIKE :search OR users.email LIKE :search ORDER BY users.creation_date DESC";
$request = $pdo->prepare($sqlRequest);
$request->bindParam(":search", $search);
$request->execute();
$result = $request->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
echo ('<div class="users-list">');
$sqlRequest = "SELECT ID, name FROM confidential_levels";
$request = $pdo->prepare($sqlRequest);
$request->execute();
$confidentialLevels = array();
foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) {
$confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name'];
}
$sqlRequest = "SELECT ID, role_name FROM roles";
$request = $pdo->prepare($sqlRequest);
$request->execute();
$userRoles = array();
foreach($request->fetchAll(PDO::FETCH_ASSOC) as $userRole) {
$userRoles[$userRole['ID']] = $userRole['role_name'];
}
foreach($result as $row) {
$userPPURL = $row['profile_picture'] == NULL ? "https://abs.twimg.com/sticky/default_profile_images/default_profile_400x400.png" : $row['profile_picture'];
echo ('<div class="user-row"><form action="#" method="post">');
userWidget($userPPURL, $row['display_name'], $row['username'], $row['badge_svg'], $rootPageURL);
selectInput("user-role", "Role", $userRoles, $row['role']);
selectInput("user-accreditation", "Accreditation", $confidentialLevels, $row['accreditation']);
echo ('<input type="hidden" name="user-id" value=' . $row['ID'] . '>');
echo ('<button type="submit" id="update-button">Mettre à jour</button>');
echo ('</form>');
echo ('<form action="#" method="post" id="delete-button">');
echo ('<input type="hidden" name="delete-user-id" value="' . $row['ID'] . '">');
echo ('<button type="submit" name="delete-user" class="discret-button">Supprimer</button>');
echo ('</form></div>');
}
echo ('</div>');
} else {
echo ('Aucun utilisateur trouvé.');
}
?>
<a href="/phpmyadmin" class="button">PHPMyAdmin</a>
</div>
</main>
<footer>
<div class="panel-content">
<?php fillFooter($footerText);?>
</div>
</footer>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink