intranet-apei/Assets/functions.php

<?php
function getRaccourcis($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
    $return = [];
    return $results;
}

function connectBDD($domain, $user, $password, $db)
{
    $link = mysqli_connect($domain, $user, $password, $db);

    if (!$link) {
        die('Erreur de connexion');
    } else {
        mysqli_set_charset($link, "utf8");

        return $link;
    }
}

function getActus($bdd, $limit)
{
    $results = mysqli_query($bdd, "SELECT * FROM actus ORDER BY id DESC LIMIT " . $limit);
    $actus = [];
    while ($row = mysqli_fetch_assoc($results)) {
        $actus[] = $row;
    }
    return $actus;
}

function validateCSRFToken($csrf_server, $csrf_client)
{
    /*
    if (!hash_equals($csrf_server, $csrf_client)) {
        echo ($csrf_client . " " . $csrf_server);
        die('CSRF token validation failed');
    }
        */
    return true;
}

function verifyPassword($hash_password, $tryPassword)
{
    $hashTry = hash('sha256', $tryPassword);
    if ($hash_password == $hashTry) {
        return true;
    }
    return false;
}

function getHashPwd($bdd, $username)
{

    $stmt = mysqli_prepare(
        $bdd,
        "SELECT password FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $user = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $user; // retourne un tableau ou null
}

function getEvenements($bdd, $site, $allSites = false)
{
    if ($allSites) {
        $query = "SELECT * FROM evenements ORDER BY date DESC";
    } else {
        $query = "SELECT * FROM evenements 
                  WHERE site_id = '$site' OR public = 1
                  ORDER BY date DESC";
    }
    $results = mysqli_query($bdd, $query);
    $evenements = [];
    while ($row = mysqli_fetch_assoc($results)) {
        $evenements[] = $row;
    }
    return $evenements;
}

function getSite($bdd, $username)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['site_id'] : null;
}

function getSiteName($bdd, $site)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT nom FROM site WHERE site_id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $site);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['nom'] : null;
}

function getEventName($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT titre FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['titre'] : null;
}

function getEventImages($bdd, $event)
{
    $results = mysqli_query(
        $bdd,
        "SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
    );

    $evenements = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $evenements[] = $row;
    }

    return $evenements;
}

function getEventBigImage($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT couverture FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['couverture'] : null;
}

function getUserPerms($bdd, $username)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $username);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['permissions'] : null;
}

function verifyPoids($bdd, $username, $minPoids)
{
    $sql = "SELECT p.poids 
            FROM utilisateurs u
            INNER JOIN permissions p ON u.permissions = p.nom
            WHERE u.username = ?";

    $stmt = mysqli_prepare($bdd, $sql);

    if ($stmt) {
        mysqli_stmt_bind_param($stmt, "s", $username);
        mysqli_stmt_execute($stmt);

        $result = mysqli_stmt_get_result($stmt);
        $row = mysqli_fetch_assoc($result);

        mysqli_stmt_close($stmt);

        if ($row) {
            return (int)$row['poids'] >= (int)$minPoids;
        }
    }

    return false;
}

function updateEventTitle($bdd, $eventid, $titre)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE evenements SET titre = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $titre, $eventid);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function updateEventImage($bdd, $eventId, $image)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE evenements SET couverture = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $image, $eventId);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function getSpecificActus($bdd, $id)
{
    $results = mysqli_query($bdd, "SELECT * FROM `actus` WHERE `id`=" . $id);
    $return = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $return[] = $row;
    }
    return $return;
}

function updateActuImage($bdd, $actuId, $image)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE actus SET image = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $image, $actuId);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function updateActuTitle($bdd, $actuId, $titre)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE actus SET titre = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $titre, $actuId);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function updateActuContent($bdd, $actuId, $content)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE actus SET actu = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $content, $actuId);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function createEvent($bdd, $titre, $date, $site)
{

    $sql = "INSERT INTO evenements (date, titre, couverture, site_id) VALUES (?, ?, '', ?)";
    $req = $bdd->prepare($sql);
    $req->bind_param("ssi", $date, $titre, $site);
    $req->execute();
    return $bdd->insert_id;
}

function deleteEvent($bdd, $eventId)
{
    $sql = "DELETE FROM evenements WHERE id = ?";
    $req = $bdd->prepare($sql);
    $req->bind_param("i", $eventId);
    $req->execute();
    return $req->affected_rows > 0;
}

function deleteActu($bdd, $eventId)
{
    $sql = "DELETE FROM actus WHERE id = ?";
    $req = $bdd->prepare($sql);
    $req->bind_param("i", $eventId);
    $req->execute();
    return $req->affected_rows > 0;
}

function createActu($bdd, $titre, $actu, $date, $idSite)
{

    $stmt = mysqli_prepare(
        $bdd,
        "INSERT INTO actus (titre, actu, date, idSite) VALUES (?, ?, ?, ?)"
    );
    mysqli_stmt_bind_param($stmt, "sssi", $titre, $actu, $date, $idSite);
    mysqli_stmt_execute($stmt);
    $actuId = mysqli_insert_id($bdd);
    mysqli_stmt_close($stmt);
    return $actuId;
}

function createShortcut($bdd, $nom, $image, $shortcut)
{

    $stmt = mysqli_prepare(
        $bdd,
        "INSERT INTO raccourcis (nom, image, url) VALUES (?, ?, ?)"
    );
    mysqli_stmt_bind_param($stmt, "sss", $nom, $image, $shortcut);
    mysqli_stmt_execute($stmt);
    $actuId = mysqli_insert_id($bdd);
    mysqli_stmt_close($stmt);
    return $actuId;
}

function updateRaccourcis($bdd, $idRaccourcis, $nom, $image, $url)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE raccourcis SET nom = ?, image = ?, url = ? WHERE id = ?"
    );
    mysqli_stmt_bind_param($stmt, "sssi", $nom, $image, $url, $idRaccourcis);
    mysqli_stmt_execute($stmt);
    $success = mysqli_stmt_affected_rows($stmt) >= 0;
    mysqli_stmt_close($stmt);
    return $success;
}

function getSpecificRaccourcis($bdd, $id)
{
    $results = mysqli_query($bdd, "SELECT * FROM `raccourcis` WHERE `id`=" . $id);
    $return = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $return[] = $row;
    }
    return $return;
}

function getGuides($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `guides`");

    $return = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $return[] = $row;
    }

    return $return;
}

function updateEventDate($bdd, $eventid, $date)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE evenements SET date = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $date, $eventid);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function getEventDate($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT date FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['date'] : null;
}

function createValidationCode($bdd, $user, $ttlMinutes = 60)
{
    $table = "codes";
    $colCode = "code";
    $colUser = "utilisateur";
    $colExpire = "peremption";

    $code = "";
    $exists = true;

    while ($exists) {
        $code = bin2hex(random_bytes(16));

        $checkStmt = mysqli_prepare($bdd, "SELECT id FROM `$table` WHERE `$colCode` = ? LIMIT 1");
        if ($checkStmt) {
            mysqli_stmt_bind_param($checkStmt, "s", $code);
            mysqli_stmt_execute($checkStmt);
            mysqli_stmt_store_result($checkStmt);

            if (mysqli_stmt_num_rows($checkStmt) == 0) {
                $exists = false;
            }
            mysqli_stmt_close($checkStmt);
        } else {
            return false;
        }
    }

    $expiresAt = date('Y-m-d H:i:s', time() + ($ttlMinutes * 60));

    $insertSql = "INSERT INTO `$table` (`$colCode`, `$colUser`, `$colExpire`) VALUES (?, ?, ?)";
    $insertStmt = mysqli_prepare($bdd, $insertSql);

    if ($insertStmt) {
        mysqli_stmt_bind_param($insertStmt, "sss", $code, $user, $expiresAt);
        $success = mysqli_stmt_execute($insertStmt);
        $insertId = mysqli_insert_id($bdd);
        mysqli_stmt_close($insertStmt);

        if ($success) {
            return [
                'id'    => $insertId,
                'code'  => $code,
                'expire' => $expiresAt
            ];
        }
    }

    return false;
}

function updateUserPassword($bdd, $user, $hashPassword)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE utilisateurs SET password = ? WHERE username = ?"
    );

    mysqli_stmt_bind_param($stmt, "ss", $hashPassword, $user);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function getUserFromCode($bdd, $code)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT utilisateur FROM codes WHERE code = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $code);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['utilisateur'] : null;
}

function getEventSite($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT site_id FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['site_id'] : null;
}

function updateEventSite($bdd, $eventid, $site)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE evenements SET site_id = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "ii", $site, $eventid);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function userExists($bdd, $username)
{
    $stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
    $stmt->bind_param("s", $username);
    $stmt->execute();
    $result = $stmt->get_result();
    return $result->num_rows > 0;
}

function createUser($bdd, $username, $password, $permissions, $site_id)
{

    $sql = "INSERT INTO utilisateurs (username, password, permissions, site_id) VALUES (?, ?, ?, ?)";
    $req = $bdd->prepare($sql);
    $req->bind_param("sssi", $username, $password, $permissions, $site_id);
    $req->execute();
    return $bdd->insert_id;
}

function getAllPermissions($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `permissions`");

    $return = [];

    while ($row = mysqli_fetch_assoc($results)) {
        $return[] = $row;
    }

    return $return;
}

function updateUserSite($bdd, $user, $site)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE utilisateurs SET site_id = ? WHERE username = ?"
    );

    mysqli_stmt_bind_param($stmt, "is", $site, $user);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function updateUserPermissions($bdd, $user, $permissions)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE utilisateurs SET permissions = ? WHERE username = ?"
    );

    mysqli_stmt_bind_param($stmt, "ss", $permissions, $user);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function deleteRaccourcis($bdd, $id)
{
    $sql = "DELETE FROM raccourcis WHERE id = ?";
    $req = $bdd->prepare($sql);
    $req->bind_param("i", $id);
    $req->execute();
    return $req->affected_rows > 0;
}

function getEventVisibility($bdd, $event)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT public FROM evenements WHERE id = ? LIMIT 1"
    );

    mysqli_stmt_bind_param($stmt, "s", $event);
    mysqli_stmt_execute($stmt);

    $result = mysqli_stmt_get_result($stmt);
    $row = mysqli_fetch_assoc($result);

    mysqli_stmt_close($stmt);

    return $row ? $row['public'] : null;
}

function createGuide($bdd, $nom, $lien, $image, $repertoireId)
{

    $stmt = mysqli_prepare(
        $bdd,
        "INSERT INTO guides (nom, lien, image, repertoire_id) VALUES (?, ?, ?, ?)"
    );
    mysqli_stmt_bind_param($stmt, "sssi", $nom, $lien, $image, $repertoireId);
    mysqli_stmt_execute($stmt);
    $guideId = mysqli_insert_id($bdd);
    mysqli_stmt_close($stmt);
    return $guideId;
}

function deleteGuide($bdd, $id)
{
    $sql = "DELETE FROM guides WHERE id = ?";
    $req = $bdd->prepare($sql);
    $req->bind_param("i", $id);
    $req->execute();
    return $req->affected_rows > 0;
}

function updatePratiques($contenu, $bdd)
{
    $content = htmlspecialchars($contenu, ENT_QUOTES, 'UTF-8');
    $stmt = $bdd->prepare("UPDATE `pratique` SET `content` = ? WHERE `id` = 1 LIMIT 1");
    $stmt->bind_param("s", $content);

    if ($stmt->execute()) {
        return true;
    } else {
        return false;
    }
}

function getPratiques($bdd)
{
    $results = mysqli_query($bdd, "SELECT * FROM `pratique` WHERE `id`=1");
    if ($results && mysqli_num_rows($results) > 0) {
        $row = mysqli_fetch_assoc($results);
        return $row['content'];
    } else {
        return null;
    }
}

function updateEventVisibility($bdd, $eventId, $public)
{
    $stmt = mysqli_prepare(
        $bdd,
        "UPDATE evenements SET public = ? WHERE id = ?"
    );

    mysqli_stmt_bind_param($stmt, "si", $public, $eventId);
    mysqli_stmt_execute($stmt);

    $success = mysqli_stmt_affected_rows($stmt) >= 0;

    mysqli_stmt_close($stmt);

    return $success;
}

function getGuidesRepertoires($bdd)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT id, nom, image FROM repertoires_guide"
    );
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

    $guides = [];
    while ($row = mysqli_fetch_assoc($result)) {
        $guides[] = $row;
    }

    mysqli_stmt_close($stmt);
    return $guides;
}

function getGuidesFromRepertoire($bdd, $repertoireId)
{
    $stmt = mysqli_prepare(
        $bdd,
        "SELECT id, nom, image, lien FROM guides WHERE repertoire_id = ?"
    );
    mysqli_stmt_bind_param($stmt, "i", $repertoireId);
    mysqli_stmt_execute($stmt);
    $result = mysqli_stmt_get_result($stmt);

    $guides = [];
    while ($row = mysqli_fetch_assoc($result)) {
        $guides[] = $row;
    }

    mysqli_stmt_close($stmt);
    return $guides;
}

function creerRepertoireGuide(mysqli $conn, string $nom, string $image): int|false
{
    $sql = "INSERT INTO repertoires_guide (nom, image) VALUES (?, ?)";
    
    $stmt = $conn->prepare($sql);
    if (!$stmt) {
        return false;
    }

    $stmt->bind_param("ss", $nom, $image);

    if (!$stmt->execute()) {
        return false;
    }
    $id = $conn->insert_id;
    $stmt->close();
    return $id;
}