intranet-apei/Assets/functions.php

<?php
function getRaccourcis($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
    $return = [];
    return $results;
}

function connectBDD($domain, $user, $password, $db)
{
    $link = mysqli_connect($domain, $user, $password, $db);

    if (!$link) {
        die('Erreur de connexion');
    } else {
        mysqli_set_charset($link, "utf8");

        return $link;
    }
}

function getActus($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `actus` ORDER BY `id` LIMIT 4");
    $return = [];
    return $results;
}

function validateCSRFToken($csrf_server, $csrf_client)
{
    if (!hash_equals($csrf_server, $csrf_client)) {
        echo ($csrf_client . " " . $csrf_server);
        die('CSRF token validation failed');
    }
    return true;
}

function verifyPassword($hash_password, $tryPassword)
{
    $hashTry = hash('sha256', $tryPassword);
    if ($hash_password == $hashTry) {
        return true;
    }
    return false;
}

function getHashPwd($bdd, $username)
{

    $stmt = mysqli_prepare(
        $bdd,
        "SELECT password FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $user = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $user; // retourne un tableau ou null
}

function getEvenements($bdd, $site)
{

    $results = mysqli_query(
        $bdd,
        "SELECT * FROM evenements WHERE `site_id`='" . $site . "' ORDER BY date DESC"
    );

    $evenements = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $evenements[] = $row;
    }

    return $evenements;
}

function getSite($bdd, $username)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['site_id'] : null;
}

function getSiteName($bdd, $site)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT nom FROM site WHERE site_id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $site);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['nom'] : null;
}

function getEventName($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT titre FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['titre'] : null;
}

function getEventImages($bdd, $event)
{
    $results = mysqli_query(
        $bdd,
        "SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
    );

    $evenements = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $evenements[] = $row;
    }

    return $evenements;
}

function getEventBigImage($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT couverture FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['couverture'] : null;
}

function getUserPerms($bdd, $username)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['permissions'] : null;
}

function verifyPoids($bdd, $username, $minPoids) {
    $sql = "SELECT p.poids 
            FROM utilisateurs u
            INNER JOIN permissions p ON u.permissions = p.nom
            WHERE u.username = ?";
            
    $stmt = mysqli_prepare($bdd, $sql);
    
    if ($stmt) {
        mysqli_stmt_bind_param($stmt, "s", $username);
        mysqli_stmt_execute($stmt);
        
        $result = mysqli_stmt_get_result($stmt);
        $row = mysqli_fetch_assoc($result);
        
        mysqli_stmt_close($stmt);

        if ($row) {
            return (int)$row['poids'] >= (int)$minPoids;
        }
    }
    
    return false;
}
base de l'intranet 2026-02-24 14:26:25 +00:00			`<?php`
Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getRaccourcis($bdd)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			$results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
			`$return = [];`
			`return $results;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function connectBDD($domain, $user, $password, $db)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`$link = mysqli_connect($domain, $user, $password, $db);`

			`if (!$link) {`
			`die('Erreur de connexion');`
			`} else {`
			`mysqli_set_charset($link, "utf8");`

			`return $link;`
			`}`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getActus($bdd)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			$results = mysqli_query($bdd, "SELECT * FROM `actus` ORDER BY `id` LIMIT 4");
			`$return = [];`
			`return $results;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function validateCSRFToken($csrf_server, $csrf_client)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`if (!hash_equals($csrf_server, $csrf_client)) {`
Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`echo ($csrf_client . " " . $csrf_server);`
base de l'intranet 2026-02-24 14:26:25 +00:00			`die('CSRF token validation failed');`
			`}`
			`return true;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function verifyPassword($hash_password, $tryPassword)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`$hashTry = hash('sha256', $tryPassword);`
Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`if ($hash_password == $hashTry) {`
base de l'intranet 2026-02-24 14:26:25 +00:00			`return true;`
			`}`
			`return false;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getHashPwd($bdd, $username)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00
			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT password FROM utilisateurs WHERE username = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $username);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$user = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $user; // retourne un tableau ou null`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getEvenements($bdd, $site)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00
			`$results = mysqli_query(`
			`$bdd,`
			"SELECT * FROM evenements WHERE `site_id`='" . $site . "' ORDER BY date DESC"
			`);`

			`$evenements = [];`

			`while ($row = mysqli_fetch_assoc($results)) {`
			`$evenements[] = $row;`
			`}`

			`return $evenements;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getSite($bdd, $username)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $username);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $row ? $row['site_id'] : null;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getSiteName($bdd, $site)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT nom FROM site WHERE site_id = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $site);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $row ? $row['nom'] : null;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getEventName($bdd, $event)`
			`{`
base de l'intranet 2026-02-24 14:26:25 +00:00			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT titre FROM evenements WHERE id = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $event);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $row ? $row['titre'] : null;`
travail du 24/02/26 2026-02-24 15:43:05 +00:00			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getEventImages($bdd, $event)`
			`{`
travail du 24/02/26 2026-02-24 15:43:05 +00:00			`$results = mysqli_query(`
			`$bdd,`
			"SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
			`);`

			`$evenements = [];`

			`while ($row = mysqli_fetch_assoc($results)) {`
			`$evenements[] = $row;`
			`}`

			`return $evenements;`
			`}`

Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`function getEventBigImage($bdd, $event)`
			`{`
travail du 24/02/26 2026-02-24 15:43:05 +00:00			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT couverture FROM evenements WHERE id = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $event);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $row ? $row['couverture'] : null;`
Commencement de la partie admin 2026-02-27 13:56:12 +00:00			`}`

			`function getUserPerms($bdd, $username)`
			`{`
			`$stmt = mysqli_prepare(`
			`$bdd,`
			`"SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"`
			`);`

			`mysqli_stmt_bind_param($stmt, "s", $username);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`return $row ? $row['permissions'] : null;`
			`}`

			`function verifyPoids($bdd, $username, $minPoids) {`
			`$sql = "SELECT p.poids`
			`FROM utilisateurs u`
			`INNER JOIN permissions p ON u.permissions = p.nom`
			`WHERE u.username = ?";`

			`$stmt = mysqli_prepare($bdd, $sql);`

			`if ($stmt) {`
			`mysqli_stmt_bind_param($stmt, "s", $username);`
			`mysqli_stmt_execute($stmt);`

			`$result = mysqli_stmt_get_result($stmt);`
			`$row = mysqli_fetch_assoc($result);`

			`mysqli_stmt_close($stmt);`

			`if ($row) {`
			`return (int)$row['poids'] >= (int)$minPoids;`
			`}`
			`}`

			`return false;`
base de l'intranet 2026-02-24 14:26:25 +00:00			`}`