wktr/intranet-apei
wktr/intranet-apei
1
0
Fork 0
Code Issues Wiki Activity

Commencement de la partie admin

Browse source
This commit is contained in:
Erwann PHILIPPE 2026-02-27 14:56:12 +01:00
parent 1cfe99da6b
commit 17b62e082c
8 changed files with 263 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
Assets/functions.php
View file

@ -1,11 +1,13 @@
<?php <?php
function getRaccourcis($bdd){ function getRaccourcis($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `raccourcis`"); $results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
$return = []; $return = [];
return $results; return $results;
} }
function connectBDD($domain, $user, $password, $db){ function connectBDD($domain, $user, $password, $db)
{
$link = mysqli_connect($domain, $user, $password, $db); $link = mysqli_connect($domain, $user, $password, $db);
if (!$link) { if (!$link) {
@ -17,13 +19,15 @@ function connectBDD($domain, $user, $password, $db){
} }
} }
function getActus($bdd){ function getActus($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `actus` ORDER BY `id` LIMIT 4"); $results = mysqli_query($bdd, "SELECT * FROM `actus` ORDER BY `id` LIMIT 4");
$return = []; $return = [];
return $results; return $results;
} }
function validateCSRFToken($csrf_server, $csrf_client) { function validateCSRFToken($csrf_server, $csrf_client)
{
if (!hash_equals($csrf_server, $csrf_client)) { if (!hash_equals($csrf_server, $csrf_client)) {
echo ($csrf_client . " " . $csrf_server); echo ($csrf_client . " " . $csrf_server);
die('CSRF token validation failed'); die('CSRF token validation failed');
@ -31,7 +35,8 @@ function validateCSRFToken($csrf_server, $csrf_client) {
return true; return true;
} }
function verifyPassword($hash_password, $tryPassword){ function verifyPassword($hash_password, $tryPassword)
{
$hashTry = hash('sha256', $tryPassword); $hashTry = hash('sha256', $tryPassword);
if ($hash_password == $hashTry) { if ($hash_password == $hashTry) {
return true; return true;
@ -39,7 +44,8 @@ function verifyPassword($hash_password, $tryPassword){
return false; return false;
} }
function getHashPwd($bdd, $username){ function getHashPwd($bdd, $username)
{
$stmt = mysqli_prepare( $stmt = mysqli_prepare(
$bdd, $bdd,
@ -57,7 +63,8 @@ function getHashPwd($bdd, $username){
return $user; // retourne un tableau ou null return $user; // retourne un tableau ou null
} }
function getEvenements($bdd, $site){ function getEvenements($bdd, $site)
{
$results = mysqli_query( $results = mysqli_query(
$bdd, $bdd,
@ -73,7 +80,8 @@ function getEvenements($bdd, $site){
return $evenements; return $evenements;
} }
function getSite($bdd, $username){ function getSite($bdd, $username)
{
$stmt = mysqli_prepare( $stmt = mysqli_prepare(
$bdd, $bdd,
"SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1" "SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"
@ -90,7 +98,8 @@ function getSite($bdd, $username){
return $row ? $row['site_id'] : null; return $row ? $row['site_id'] : null;
} }
function getSiteName($bdd, $site){ function getSiteName($bdd, $site)
{
$stmt = mysqli_prepare( $stmt = mysqli_prepare(
$bdd, $bdd,
"SELECT nom FROM site WHERE site_id = ? LIMIT 1" "SELECT nom FROM site WHERE site_id = ? LIMIT 1"
@ -107,7 +116,8 @@ function getSiteName($bdd, $site){
return $row ? $row['nom'] : null; return $row ? $row['nom'] : null;
} }
function getEventName($bdd, $event){ function getEventName($bdd, $event)
{
$stmt = mysqli_prepare( $stmt = mysqli_prepare(
$bdd, $bdd,
"SELECT titre FROM evenements WHERE id = ? LIMIT 1" "SELECT titre FROM evenements WHERE id = ? LIMIT 1"
@ -124,7 +134,8 @@ function getEventName($bdd, $event){
return $row ? $row['titre'] : null; return $row ? $row['titre'] : null;
} }
function getEventImages($bdd, $event){ function getEventImages($bdd, $event)
{
$results = mysqli_query( $results = mysqli_query(
$bdd, $bdd,
"SELECT * FROM gallerie WHERE `event_id`='" . $event . "'" "SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
@ -139,7 +150,8 @@ function getEventImages($bdd, $event){
return $evenements; return $evenements;
} }
function getEventBigImage($bdd, $event){ function getEventBigImage($bdd, $event)
{
$stmt = mysqli_prepare( $stmt = mysqli_prepare(
$bdd, $bdd,
"SELECT couverture FROM evenements WHERE id = ? LIMIT 1" "SELECT couverture FROM evenements WHERE id = ? LIMIT 1"
@ -155,3 +167,46 @@ function getEventBigImage($bdd, $event){
return $row ? $row['couverture'] : null; return $row ? $row['couverture'] : null;
} }
function getUserPerms($bdd, $username)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['permissions'] : null;
}
function verifyPoids($bdd, $username, $minPoids) {
$sql = "SELECT p.poids
FROM utilisateurs u
INNER JOIN permissions p ON u.permissions = p.nom
WHERE u.username = ?";
$stmt = mysqli_prepare($bdd, $sql);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
if ($row) {
return (int)$row['poids'] >= (int)$minPoids;
}
}
return false;
}

74
admin/index.php Normal file
View file

@ -0,0 +1,74 @@
<?php
include("../Assets/functions.php");
$config = json_decode(file_get_contents("../Assets/config.json"), true);
$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
$page = 'photos';
/* Gestion de la connexion */
session_start();
if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: login.php?redirect_to=./admin/');
}
$events = getEvenements($bdd, $_SESSION['site']);
/* Récupération des infos */
$permissions = $_SESSION['permission'];
$site = $_SESSION['site'];
/* Gestion de l'accès à la page */
$minPoids = 45;
if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ../index.php');
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Gestion Intranet</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="../styles-scripts/index.admin.css">
</head>
<body>
<h1>Gestion de l'intranet</h1>
<!-- navbar -->
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a href="#" class="nav-link">Évènements</a>
</li>
<li class="nav-item">
<a href="./modifyEvent.php" class="nav-link">Actualités</a>
</li>
<li class="nav-item">
<a href="#" class="nav-link disabled">Administration</a>
</li>
</ul>
</div>
</nav>
<h3>Gestion des évènements</h3>
<p>Sur cette page, vous pouvez ajouter, supprimer et modifier un évènement.</p>
<div class="grid-container">
<?php foreach ($events as $event): ?>
<div class="card" onclick="window.location.href='./modifyEvent.php?id=<?= $event['id'] ?>'">
<h4><?= $event['titre'] ?></h4>
<img src="<?= $event['couverture'] ?>" alt="Image de couverture">
Modifier
</div>
<?php endforeach ?>
</div>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

70
admin/modifyEvent.php Normal file
View file

@ -0,0 +1,70 @@
<?php
include("../Assets/functions.php");
$config = json_decode(file_get_contents("../Assets/config.json"), true);
$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
$page = 'photos';
/* Gestion de la connexion */
session_start();
if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: login.php?redirect_to=./admin/');
}
$events = getEvenements($bdd, $_SESSION['site']);
/* Récupération des infos */
$permissions = $_SESSION['permission'];
$site = $_SESSION['site'];
/* Gestion de l'accès à la page */
$minPoids = 45;
if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ../index.php');
}
/* Récupération des infos de l'évènement */
$titre = getEventName($bdd, $_GET['id']) ?? 'Titre?';
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<title>Gestion Intranet</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="../styles-scripts/index.admin.css">
</head>
<body>
<h1>Gestion de l'intranet</h1>
<!-- navbar -->
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a href="./index.php" class="nav-link">Évènements</a>
</li>
<li class="nav-item">
<a href="#" class="nav-link">Actualités</a>
</li>
<li class="nav-item">
<a href="#" class="nav-link disabled">Administration</a>
</li>
</ul>
</div>
</nav>
<form action="" method="get">
<label for="title">Titre de l'évènement</label>
<input type="text" name="title" id="title" <?= ($titre ?? '') ? 'value=\''.$titre.'\'' : '' ?>>
</form>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

2
event.php
View file

@ -7,7 +7,7 @@ $page = 'Bonnes pratiques';
/* Gestion de la connexion */ /* Gestion de la connexion */
session_start(); session_start();
if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) { if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: login.php'); header('location: login.php?redirect_to=photos.php');
exit; exit;
} }

37
intranet v1.sql
View file

@ -44,7 +44,7 @@ CREATE TABLE IF NOT EXISTS `evenements` (
CONSTRAINT `FK_evenements_site` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE CASCADE ON UPDATE CASCADE CONSTRAINT `FK_evenements_site` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8mb3; ) ENGINE=InnoDB AUTO_INCREMENT=10 DEFAULT CHARSET=utf8mb3;
-- Listage des données de la table intranet.evenements : ~0 rows (environ) -- Listage des données de la table intranet.evenements : ~9 rows (environ)
INSERT INTO `evenements` (`id`, `date`, `titre`, `couverture`, `site_id`) VALUES INSERT INTO `evenements` (`id`, `date`, `titre`, `couverture`, `site_id`) VALUES
(1, '2026-02-24', 'Évènement 1 : bla', 'https://cdn.pixabay.com/photo/2016/11/21/06/53/beautiful-natural-image-1844362_1280.jpg', 1), (1, '2026-02-24', 'Évènement 1 : bla', 'https://cdn.pixabay.com/photo/2016/11/21/06/53/beautiful-natural-image-1844362_1280.jpg', 1),
(2, '2026-02-24', 'Évènement 2 : lorem', 'https://static.vecteezy.com/system/resources/thumbnails/057/068/323/small/single-fresh-red-strawberry-on-table-green-background-food-fruit-sweet-macro-juicy-plant-image-photo.jpg', 1), (2, '2026-02-24', 'Évènement 2 : lorem', 'https://static.vecteezy.com/system/resources/thumbnails/057/068/323/small/single-fresh-red-strawberry-on-table-green-background-food-fruit-sweet-macro-juicy-plant-image-photo.jpg', 1),
@ -65,7 +65,7 @@ CREATE TABLE IF NOT EXISTS `gallerie` (
CONSTRAINT `FK_gallerie_evenements` FOREIGN KEY (`event_id`) REFERENCES `evenements` (`id`) ON DELETE CASCADE ON UPDATE CASCADE CONSTRAINT `FK_gallerie_evenements` FOREIGN KEY (`event_id`) REFERENCES `evenements` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb3;
-- Listage des données de la table intranet.gallerie : ~0 rows (environ) -- Listage des données de la table intranet.gallerie : ~12 rows (environ)
INSERT INTO `gallerie` (`event_id`, `chemin`, `texte`) VALUES INSERT INTO `gallerie` (`event_id`, `chemin`, `texte`) VALUES
(3, 'https://www.bigfootdigital.co.uk/wp-content/uploads/2020/07/image-optimisation-scaled.jpg', NULL), (3, 'https://www.bigfootdigital.co.uk/wp-content/uploads/2020/07/image-optimisation-scaled.jpg', NULL),
(3, 'https://png.pngtree.com/thumb_back/fh260/background/20240522/pngtree-abstract-cloudy-background-beautiful-natural-streaks-of-sky-and-clouds-red-image_15684333.jpg', NULL), (3, 'https://png.pngtree.com/thumb_back/fh260/background/20240522/pngtree-abstract-cloudy-background-beautiful-natural-streaks-of-sky-and-clouds-red-image_15684333.jpg', NULL),
@ -73,7 +73,28 @@ INSERT INTO `gallerie` (`event_id`, `chemin`, `texte`) VALUES
(1, 'https://cdn.pixabay.com/photo/2019/11/06/05/15/bridge-4605202_1280.jpg', NULL), (1, 'https://cdn.pixabay.com/photo/2019/11/06/05/15/bridge-4605202_1280.jpg', NULL),
(1, 'https://images.pexels.com/photos/955658/pexels-photo-955658.jpeg?cs=srgb&dl=pexels-torsten-kellermann-349167-955658.jpg&fm=jpg', NULL), (1, 'https://images.pexels.com/photos/955658/pexels-photo-955658.jpeg?cs=srgb&dl=pexels-torsten-kellermann-349167-955658.jpg&fm=jpg', NULL),
(1, 'https://hips.hearstapps.com/hmg-prod/images/winding-farm-road-through-foggy-landscape-royalty-free-image-1693423663.jpg?crop=1xw:0.84355xh;center,top', NULL), (1, 'https://hips.hearstapps.com/hmg-prod/images/winding-farm-road-through-foggy-landscape-royalty-free-image-1693423663.jpg?crop=1xw:0.84355xh;center,top', NULL),
(1, 'https://upload.wikimedia.org/wikipedia/commons/7/7d/Morning%2C_just_after_sunrise%2C_Namibia.jpg', NULL); (1, 'https://upload.wikimedia.org/wikipedia/commons/7/7d/Morning%2C_just_after_sunrise%2C_Namibia.jpg', NULL),
(1, 'https://media.istockphoto.com/id/467367026/fr/photo/ciel-parfait-et-loc%C3%A9an.jpg?s=612x612&w=0&k=20&c=3UFkx01SwfrzT2-PKEK8W0xcKGKUgzEWeZkBMgvcTuQ=', NULL),
(1, 'https://images.ctfassets.net/hrltx12pl8hq/28ECAQiPJZ78hxatLTa7Ts/2f695d869736ae3b0de3e56ceaca3958/free-nature-images.jpg?fit=fill&w=1200&h=630', NULL),
(3, 'https://lh5.googleusercontent.com/proxy/uBqPxn6KlUBKLda64jI_WVuPH9NBM5YKeVYdDUnnxM76T5vC8epKVjrOH8NUtp2PY7bgLbjrO38ZrNA1G_TIs255ksjq7w', NULL),
(3, 'https://www.guillenphoto.com/data/blog/2020/032-chronique-pourquoi-comment-bonne-photo-I/images/route-vers-monument-valley-en-arizona-amar-guillen-artiste-photographe.jpg', NULL),
(3, 'https://www.expemag.com/media/show/67d43e343f78e626b1efb6cd.jpg', NULL);
-- Listage de la structure de table intranet. permissions
CREATE TABLE IF NOT EXISTS `permissions` (
`id` int NOT NULL AUTO_INCREMENT,
`nom` varchar(50) DEFAULT NULL,
`poids` tinyint unsigned DEFAULT NULL COMMENT 'Plus la valeur est importante, plus les privilèges sont importants',
PRIMARY KEY (`id`),
UNIQUE KEY `UNQ_nom` (`nom`)
) ENGINE=InnoDB AUTO_INCREMENT=5 DEFAULT CHARSET=utf8mb3;
-- Listage des données de la table intranet.permissions : ~4 rows (environ)
INSERT INTO `permissions` (`id`, `nom`, `poids`) VALUES
(1, 'admin', 99),
(2, 'directeur', 50),
(3, 'redacteur', 45),
(4, 'visiteur', 10);
-- Listage de la structure de table intranet. raccourcis -- Listage de la structure de table intranet. raccourcis
CREATE TABLE IF NOT EXISTS `raccourcis` ( CREATE TABLE IF NOT EXISTS `raccourcis` (
@ -102,7 +123,7 @@ CREATE TABLE IF NOT EXISTS `site` (
PRIMARY KEY (`site_id`) USING BTREE PRIMARY KEY (`site_id`) USING BTREE
) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb3; ) ENGINE=InnoDB AUTO_INCREMENT=3 DEFAULT CHARSET=utf8mb3;
-- Listage des données de la table intranet.site : ~0 rows (environ) -- Listage des données de la table intranet.site : ~2 rows (environ)
INSERT INTO `site` (`site_id`, `nom`) VALUES INSERT INTO `site` (`site_id`, `nom`) VALUES
(1, 'siège'), (1, 'siège'),
(2, 't'); (2, 't');
@ -112,14 +133,16 @@ CREATE TABLE IF NOT EXISTS `utilisateurs` (
`id` int NOT NULL AUTO_INCREMENT, `id` int NOT NULL AUTO_INCREMENT,
`username` tinytext NOT NULL, `username` tinytext NOT NULL,
`password` text NOT NULL, `password` text NOT NULL,
`permissions` text NOT NULL, `permissions` varchar(50) NOT NULL,
`site_id` tinyint DEFAULT NULL, `site_id` tinyint DEFAULT NULL,
PRIMARY KEY (`id`), PRIMARY KEY (`id`),
KEY `fk_site_id` (`site_id`), KEY `fk_site_id` (`site_id`),
CONSTRAINT `fk_site_id` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE SET NULL ON UPDATE CASCADE KEY `FK_utilisateurs_permissions` (`permissions`),
CONSTRAINT `fk_site_id` FOREIGN KEY (`site_id`) REFERENCES `site` (`site_id`) ON DELETE SET NULL ON UPDATE CASCADE,
CONSTRAINT `FK_utilisateurs_permissions` FOREIGN KEY (`permissions`) REFERENCES `permissions` (`nom`) ON DELETE CASCADE ON UPDATE CASCADE
) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3 COMMENT='Comptes autorisés à modifier les raccourcis\r\nMots de passes stoqués en SHA256'; ) ENGINE=InnoDB AUTO_INCREMENT=4 DEFAULT CHARSET=utf8mb3 COMMENT='Comptes autorisés à modifier les raccourcis\r\nMots de passes stoqués en SHA256';
-- Listage des données de la table intranet.utilisateurs : ~0 rows (environ) -- Listage des données de la table intranet.utilisateurs : ~1 rows (environ)
INSERT INTO `utilisateurs` (`id`, `username`, `password`, `permissions`, `site_id`) VALUES INSERT INTO `utilisateurs` (`id`, `username`, `password`, `permissions`, `site_id`) VALUES
(1, 'erwann', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'admin', 1); (1, 'erwann', '5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8', 'admin', 1);

6
login.php
View file

@ -5,12 +5,14 @@ $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $conf
session_start(); session_start();
if(isset($_POST['user']) && isset($_POST['password'])){ if(isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_to'])){
if(validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])){ if(validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])){
$csrf = ''; $csrf = '';
$_SESSION['connected'] = true; $_SESSION['connected'] = true;
$_SESSION['site'] = getSite($bdd, $_POST['user']); $_SESSION['site'] = getSite($bdd, $_POST['user']);
header('location: photos.php'); $_SESSION['permission'] = getUserPerms($bdd, $_POST['user']);
$_SESSION['username'] = $_POST['user'];
header('location: '.$_GET['redirect_to']);
} }
}else{ }else{
$csrf = bin2hex(random_bytes(32)); $csrf = bin2hex(random_bytes(32));

2
photos.php
View file

@ -7,7 +7,7 @@ $page = 'photos';
/* Gestion de la connexion */ /* Gestion de la connexion */
session_start(); session_start();
if(!isset($_SESSION['connected']) || $_SESSION['connected'] == false){ if(!isset($_SESSION['connected']) || $_SESSION['connected'] == false){
header('location: login.php'); header('location: login.php?redirect_to=photos.php');
} }
/* Récupération des évènements */ /* Récupération des évènements */

14
styles-scripts/index.admin.css Normal file
View file

@ -0,0 +1,14 @@
.grid-container {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(300px, 1fr));
gap: 1rem;
padding: 1rem;
}
.card {
background: #f0f0f0;
border: 2px solid #ccc;
padding: 20px;
text-align: center;
border-radius: 8px;
}