From 17b62e082c07083bd07b56dd5d45bdcd46466cd8 Mon Sep 17 00:00:00 2001
From: Erwann Philippe <erwann.philippe2@gmail.com>
Date: Fri, 27 Feb 2026 14:56:12 +0100
Subject: [PATCH] Commencement de la partie admin

---
 Assets/functions.php           | 83 ++++++++++++++++++++++++++++------
 admin/index.php                | 74 ++++++++++++++++++++++++++++++
 admin/modifyEvent.php          | 70 ++++++++++++++++++++++++++++
 event.php                      |  2 +-
 intranet v1.sql                | 37 ++++++++++++---
 login.php                      |  6 ++-
 photos.php                     |  2 +-
 styles-scripts/index.admin.css | 14 ++++++
 8 files changed, 263 insertions(+), 25 deletions(-)
 create mode 100644 admin/index.php
 create mode 100644 admin/modifyEvent.php
 create mode 100644 styles-scripts/index.admin.css

diff --git a/Assets/functions.php b/Assets/functions.php
index 690029c..375565e 100644
--- a/Assets/functions.php
+++ b/Assets/functions.php
@@ -1,11 +1,13 @@
 <?php
-function getRaccourcis($bdd){
+function getRaccourcis($bdd)
+{
     $results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
     $return = [];
     return $results;
 }
 
-function connectBDD($domain, $user, $password, $db){
+function connectBDD($domain, $user, $password, $db)
+{
     $link = mysqli_connect($domain, $user, $password, $db);
 
     if (!$link) {
@@ -17,29 +19,33 @@ function connectBDD($domain, $user, $password, $db){
     }
 }
 
-function getActus($bdd){
+function getActus($bdd)
+{
     $results = mysqli_query($bdd, "SELECT * FROM `actus` ORDER BY `id` LIMIT 4");
     $return = [];
     return $results;
 }
 
-function validateCSRFToken($csrf_server, $csrf_client) {
+function validateCSRFToken($csrf_server, $csrf_client)
+{
     if (!hash_equals($csrf_server, $csrf_client)) {
-        echo($csrf_client. " " . $csrf_server);
+        echo ($csrf_client . " " . $csrf_server);
         die('CSRF token validation failed');
     }
     return true;
 }
 
-function verifyPassword($hash_password, $tryPassword){
+function verifyPassword($hash_password, $tryPassword)
+{
     $hashTry = hash('sha256', $tryPassword);
-    if($hash_password == $hashTry){
+    if ($hash_password == $hashTry) {
         return true;
     }
     return false;
 }
 
-function getHashPwd($bdd, $username){
+function getHashPwd($bdd, $username)
+{
 
     $stmt = mysqli_prepare(
         $bdd,
@@ -57,7 +63,8 @@ function getHashPwd($bdd, $username){
     return $user; // retourne un tableau ou null
 }
 
-function getEvenements($bdd, $site){
+function getEvenements($bdd, $site)
+{
 
     $results = mysqli_query(
         $bdd,
@@ -73,7 +80,8 @@ function getEvenements($bdd, $site){
     return $evenements;
 }
 
-function getSite($bdd, $username){
+function getSite($bdd, $username)
+{
     $stmt = mysqli_prepare(
         $bdd,
         "SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"
@@ -90,7 +98,8 @@ function getSite($bdd, $username){
     return $row ? $row['site_id'] : null;
 }
 
-function getSiteName($bdd, $site){
+function getSiteName($bdd, $site)
+{
     $stmt = mysqli_prepare(
         $bdd,
         "SELECT nom FROM site WHERE site_id = ? LIMIT 1"
@@ -107,7 +116,8 @@ function getSiteName($bdd, $site){
     return $row ? $row['nom'] : null;
 }
 
-function getEventName($bdd, $event){
+function getEventName($bdd, $event)
+{
     $stmt = mysqli_prepare(
         $bdd,
         "SELECT titre FROM evenements WHERE id = ? LIMIT 1"
@@ -124,7 +134,8 @@ function getEventName($bdd, $event){
     return $row ? $row['titre'] : null;
 }
 
-function getEventImages($bdd, $event){
+function getEventImages($bdd, $event)
+{
     $results = mysqli_query(
         $bdd,
         "SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
@@ -139,7 +150,8 @@ function getEventImages($bdd, $event){
     return $evenements;
 }
 
-function getEventBigImage($bdd, $event){
+function getEventBigImage($bdd, $event)
+{
     $stmt = mysqli_prepare(
         $bdd,
         "SELECT couverture FROM evenements WHERE id = ? LIMIT 1"
@@ -154,4 +166,47 @@ function getEventBigImage($bdd, $event){
     mysqli_stmt_close($stmt);
 
     return $row ? $row['couverture'] : null;
+}
+
+function getUserPerms($bdd, $username)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"
+    );
+
+    mysqli_stmt_bind_param($stmt, "s", $username);
+    mysqli_stmt_execute($stmt);
+
+    $result = mysqli_stmt_get_result($stmt);
+    $row = mysqli_fetch_assoc($result);
+
+    mysqli_stmt_close($stmt);
+
+    return $row ? $row['permissions'] : null;
+}
+
+function verifyPoids($bdd, $username, $minPoids) {
+    $sql = "SELECT p.poids 
+            FROM utilisateurs u
+            INNER JOIN permissions p ON u.permissions = p.nom
+            WHERE u.username = ?";
+            
+    $stmt = mysqli_prepare($bdd, $sql);
+    
+    if ($stmt) {
+        mysqli_stmt_bind_param($stmt, "s", $username);
+        mysqli_stmt_execute($stmt);
+        
+        $result = mysqli_stmt_get_result($stmt);
+        $row = mysqli_fetch_assoc($result);
+        
+        mysqli_stmt_close($stmt);
+
+        if ($row) {
+            return (int)$row['poids'] >= (int)$minPoids;
+        }
+    }
+    
+    return false;
 }
\ No newline at end of file
diff --git a/admin/index.php b/admin/index.php
new file mode 100644
index 0000000..eb15de9
--- /dev/null
+++ b/admin/index.php
@@ -0,0 +1,74 @@
+<?php
+include("../Assets/functions.php");
+$config = json_decode(file_get_contents("../Assets/config.json"), true);
+$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
+$page = 'photos';
+
+/* Gestion de la connexion */
+session_start();
+if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
+    header('location: login.php?redirect_to=./admin/');
+}
+
+$events = getEvenements($bdd, $_SESSION['site']);
+
+/* Récupération des infos */
+$permissions = $_SESSION['permission'];
+$site = $_SESSION['site'];
+
+/* Gestion de l'accès à la page */
+$minPoids = 45;
+if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
+    header('location: ../index.php');
+}
+
+?>
+<!DOCTYPE html>
+<html lang="fr">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Gestion Intranet</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="../styles-scripts/index.admin.css">
+</head>
+
+<body>
+    <h1>Gestion de l'intranet</h1>
+    <!-- navbar -->
+    <nav class="navbar navbar-expand-lg navbar-light bg-light">
+        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+
+        <div class="collapse navbar-collapse" id="navbarSupportedContent">
+            <ul class="navbar-nav mr-auto">
+                <li class="nav-item">
+                    <a href="#" class="nav-link">Évènements</a>
+                </li>
+                <li class="nav-item">
+                    <a href="./modifyEvent.php" class="nav-link">Actualités</a>
+                </li>
+                <li class="nav-item">
+                    <a href="#" class="nav-link disabled">Administration</a>
+                </li>
+            </ul>
+        </div>
+    </nav>
+    <h3>Gestion des évènements</h3>
+    <p>Sur cette page, vous pouvez ajouter, supprimer et modifier un évènement.</p>
+
+    <div class="grid-container">
+        <?php foreach ($events as $event): ?>
+            <div class="card" onclick="window.location.href='./modifyEvent.php?id=<?= $event['id'] ?>'">
+                <h4><?= $event['titre'] ?></h4>
+                <img src="<?= $event['couverture'] ?>" alt="Image de couverture">
+                Modifier
+            </div>
+        <?php endforeach ?>
+    </div>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/admin/modifyEvent.php b/admin/modifyEvent.php
new file mode 100644
index 0000000..932b7fe
--- /dev/null
+++ b/admin/modifyEvent.php
@@ -0,0 +1,70 @@
+<?php
+include("../Assets/functions.php");
+$config = json_decode(file_get_contents("../Assets/config.json"), true);
+$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
+$page = 'photos';
+
+/* Gestion de la connexion */
+session_start();
+if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
+    header('location: login.php?redirect_to=./admin/');
+}
+
+$events = getEvenements($bdd, $_SESSION['site']);
+
+/* Récupération des infos */
+$permissions = $_SESSION['permission'];
+$site = $_SESSION['site'];
+
+/* Gestion de l'accès à la page */
+$minPoids = 45;
+if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
+    header('location: ../index.php');
+}
+
+/* Récupération des infos de l'évènement */
+$titre = getEventName($bdd, $_GET['id']) ?? 'Titre?';
+
+?>
+<!DOCTYPE html>
+<html lang="fr">
+
+<head>
+    <meta charset="UTF-8">
+    <title>Gestion Intranet</title>
+    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
+    <link rel="stylesheet" href="../styles-scripts/index.admin.css">
+</head>
+
+<body>
+    <h1>Gestion de l'intranet</h1>
+    <!-- navbar -->
+    <nav class="navbar navbar-expand-lg navbar-light bg-light">
+        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
+            <span class="navbar-toggler-icon"></span>
+        </button>
+
+        <div class="collapse navbar-collapse" id="navbarSupportedContent">
+            <ul class="navbar-nav mr-auto">
+                <li class="nav-item">
+                    <a href="./index.php" class="nav-link">Évènements</a>
+                </li>
+                <li class="nav-item">
+                    <a href="#" class="nav-link">Actualités</a>
+                </li>
+                <li class="nav-item">
+                    <a href="#" class="nav-link disabled">Administration</a>
+                </li>
+            </ul>
+        </div>
+    </nav>
+
+    <form action="" method="get">
+        <label for="title">Titre de l'évènement</label>
+        <input type="text" name="title" id="title" <?= ($titre ?? '') ? 'value=\''.$titre.'\'' : '' ?>>
+    </form>
+
+    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
+</body>
+
+</html>
\ No newline at end of file
diff --git a/event.php b/event.php
index 562f73e..e1f809e 100644
--- a/event.php
+++ b/event.php
@@ -7,7 +7,7 @@ $page = 'Bonnes pratiques';
 /* Gestion de la connexion */
 session_start();
 if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
-    header('location: login.php');
+    header('location: login.php?redirect_to=photos.php');
     exit;
 }
 
diff --git a/intranet v1.sql b/intranet v1.sql
index 7ed7d33..2802853 100644
--- a/intranet v1.sql	
+++ b/intranet v1.sql	
@@ -44,7 +44,7 @@ CREATE TABLE IF NOT EXISTS `evenements` (
   CONSTRAINT `FK_evenements_site` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8mb3;
 
--- Listage des données de la table intranet.evenements : ~0 rows (environ)
+-- Listage des données de la table intranet.evenements : ~9 rows (environ)
 INSERT INTO `evenements` (`id`, `date`, `titre`, `couverture`, `site_id`) VALUES
 	(1, '2026-02-24', 'Évènement 1 : bla', 'https://cdn.pixabay.com/photo/2016/11/21/06/53/beautiful-natural-image-1844362_1280.jpg', 1),
 	(2, '2026-02-24', 'Évènement 2 : lorem', 'https://static.vecteezy.com/system/resources/thumbnails/057/068/323/small/single-fresh-red-strawberry-on-table-green-background-food-fruit-sweet-macro-juicy-plant-image-photo.jpg', 1),
@@ -65,7 +65,7 @@ CREATE TABLE IF NOT EXISTS `gallerie` (
   CONSTRAINT `FK_gallerie_evenements` FOREIGN KEY (`event_id`) REFERENCES `evenements` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
 
--- Listage des données de la table intranet.gallerie : ~0 rows (environ)
+-- Listage des données de la table intranet.gallerie : ~12 rows (environ)
 INSERT INTO `gallerie` (`event_id`, `chemin`, `texte`) VALUES
 	(3, 'https://www.bigfootdigital.co.uk/wp-content/uploads/2020/07/image-optimisation-scaled.jpg', NULL),
 	(3, 'https://png.pngtree.com/thumb_back/fh260/background/20240522/pngtree-abstract-cloudy-background-beautiful-natural-streaks-of-sky-and-clouds-red-image_15684333.jpg', NULL),
@@ -73,7 +73,28 @@ INSERT INTO `gallerie` (`event_id`, `chemin`, `texte`) VALUES
 	(1, 'https://cdn.pixabay.com/photo/2019/11/06/05/15/bridge-4605202_1280.jpg', NULL),
 	(1, 'https://images.pexels.com/photos/955658/pexels-photo-955658.jpeg?cs=srgb&dl=pexels-torsten-kellermann-349167-955658.jpg&fm=jpg', NULL),
 	(1, 'https://hips.hearstapps.com/hmg-prod/images/winding-farm-road-through-foggy-landscape-royalty-free-image-1693423663.jpg?crop=1xw:0.84355xh;center,top', NULL),
-	(1, 'https://upload.wikimedia.org/wikipedia/commons/7/7d/Morning%2C_just_after_sunrise%2C_Namibia.jpg', NULL);
+	(1, 'https://upload.wikimedia.org/wikipedia/commons/7/7d/Morning%2C_just_after_sunrise%2C_Namibia.jpg', NULL),
+	(1, 'https://media.istockphoto.com/id/467367026/fr/photo/ciel-parfait-et-loc%C3%A9an.jpg?s=612x612&w=0&k=20&c=3UFkx01SwfrzT2-PKEK8W0xcKGKUgzEWeZkBMgvcTuQ=', NULL),
+	(1, 'https://images.ctfassets.net/hrltx12pl8hq/28ECAQiPJZ78hxatLTa7Ts/2f695d869736ae3b0de3e56ceaca3958/free-nature-images.jpg?fit=fill&w=1200&h=630', NULL),
+	(3, 'https://lh5.googleusercontent.com/proxy/uBqPxn6KlUBKLda64jI_WVuPH9NBM5YKeVYdDUnnxM76T5vC8epKVjrOH8NUtp2PY7bgLbjrO38ZrNA1G_TIs255ksjq7w', NULL),
+	(3, 'https://www.guillenphoto.com/data/blog/2020/032-chronique-pourquoi-comment-bonne-photo-I/images/route-vers-monument-valley-en-arizona-amar-guillen-artiste-photographe.jpg', NULL),
+	(3, 'https://www.expemag.com/media/show/67d43e343f78e626b1efb6cd.jpg', NULL);
+
+-- Listage de la structure de table intranet. permissions
+CREATE TABLE IF NOT EXISTS `permissions` (
+  `id` int NOT NULL AUTO_INCREMENT,
+  `nom` varchar(50) DEFAULT NULL,
+  `poids` tinyint unsigned DEFAULT NULL COMMENT 'Plus la valeur est importante, plus les privilèges sont importants',
+  PRIMARY KEY (`id`),
+  UNIQUE KEY `UNQ_nom` (`nom`)
+) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb3;
+
+-- Listage des données de la table intranet.permissions : ~4 rows (environ)
+INSERT INTO `permissions` (`id`, `nom`, `poids`) VALUES
+	(1, 'admin', 99),
+	(2, 'directeur', 50),
+	(3, 'redacteur', 45),
+	(4, 'visiteur', 10);
 
 -- Listage de la structure de table intranet. raccourcis
 CREATE TABLE IF NOT EXISTS `raccourcis` (
@@ -102,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `site` (
   PRIMARY KEY (`site_id`) USING BTREE
 ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb3;
 
--- Listage des données de la table intranet.site : ~0 rows (environ)
+-- Listage des données de la table intranet.site : ~2 rows (environ)
 INSERT INTO `site` (`site_id`, `nom`) VALUES
 	(1, 'siège'),
 	(2, 't');
@@ -112,14 +133,16 @@ CREATE TABLE IF NOT EXISTS `utilisateurs` (
   `id` int NOT NULL AUTO_INCREMENT,
   `username` tinytext NOT NULL,
   `password` text NOT NULL,
-  `permissions` text NOT NULL,
+  `permissions` varchar(50) NOT NULL,
   `site_id` tinyint DEFAULT NULL,
   PRIMARY KEY (`id`),
   KEY `fk_site_id` (`site_id`),
-  CONSTRAINT `fk_site_id` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE SET NULL ON UPDATE CASCADE
+  KEY `FK_utilisateurs_permissions` (`permissions`),
+  CONSTRAINT `fk_site_id` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE SET NULL ON UPDATE CASCADE,
+  CONSTRAINT `FK_utilisateurs_permissions` FOREIGN KEY (`permissions`) REFERENCES `permissions` (`nom`) ON DELETE CASCADE ON UPDATE CASCADE
 ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3 COMMENT='Comptes autorisés à modifier les raccourcis\r\nMots de passes stoqués en SHA256';
 
--- Listage des données de la table intranet.utilisateurs : ~0 rows (environ)
+-- Listage des données de la table intranet.utilisateurs : ~1 rows (environ)
 INSERT INTO `utilisateurs` (`id`, `username`, `password`, `permissions`, `site_id`) VALUES
 	(1, 'erwann', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'admin', 1);
 
diff --git a/login.php b/login.php
index ae2acf1..8407e01 100644
--- a/login.php
+++ b/login.php
@@ -5,12 +5,14 @@ $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $conf
 
 session_start();
 
-if(isset($_POST['user']) && isset($_POST['password'])){
+if(isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_to'])){
     if(validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])){
         $csrf = '';
         $_SESSION['connected'] = true;
         $_SESSION['site'] = getSite($bdd, $_POST['user']);
-        header('location: photos.php');
+        $_SESSION['permission'] = getUserPerms($bdd, $_POST['user']);
+        $_SESSION['username'] = $_POST['user'];
+        header('location: '.$_GET['redirect_to']);
     }
 }else{
     $csrf = bin2hex(random_bytes(32));
diff --git a/photos.php b/photos.php
index ac711f6..fc9696d 100644
--- a/photos.php
+++ b/photos.php
@@ -7,7 +7,7 @@ $page = 'photos';
 /* Gestion de la connexion */
 session_start();
 if(!isset($_SESSION['connected']) || $_SESSION['connected'] == false){
-   header('location: login.php'); 
+   header('location: login.php?redirect_to=photos.php'); 
 }
 
 /* Récupération des évènements */
diff --git a/styles-scripts/index.admin.css b/styles-scripts/index.admin.css
new file mode 100644
index 0000000..42aa376
--- /dev/null
+++ b/styles-scripts/index.admin.css
@@ -0,0 +1,14 @@
+  .grid-container {
+    display: grid;
+    grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
+    gap: 1rem;
+    padding: 1rem;
+  }
+
+  .card {
+    background: #f0f0f0;
+    border: 2px solid #ccc;
+    padding: 20px;
+    text-align: center;
+    border-radius: 8px;
+  }
\ No newline at end of file