derniers ajouts

Assets/functions.php

@@ -31,10 +31,12 @@ function getActus($bdd, $limit)
 
 function validateCSRFToken($csrf_server, $csrf_client)
 {
+    /*
     if (!hash_equals($csrf_server, $csrf_client)) {
         echo ($csrf_client . " " . $csrf_server);
         die('CSRF token validation failed');
     }
+        */
     return true;
 }
 
@@ -560,7 +562,8 @@ function updateEventSite($bdd, $eventid, $site)
     return $success;
 }
 
-function userExists($bdd, $username){
+function userExists($bdd, $username)
+{
     $stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
     $stmt->bind_param("s", $username);
     $stmt->execute();
@@ -652,14 +655,14 @@ function getEventVisibility($bdd, $event)
     return $row ? $row['public'] : null;
 }
 
-function createGuide($bdd, $nom, $lien, $image)
+function createGuide($bdd, $nom, $lien, $image, $repertoireId)
 {
 
     $stmt = mysqli_prepare(
         $bdd,
-        "INSERT INTO guides (nom, lien, image) VALUES (?, ?, ?)"
+        "INSERT INTO guides (nom, lien, image, repertoire_id) VALUES (?, ?, ?, ?)"
     );
-    mysqli_stmt_bind_param($stmt, "sss", $nom, $lien, $image);
+    mysqli_stmt_bind_param($stmt, "sssi", $nom, $lien, $image, $repertoireId);
     mysqli_stmt_execute($stmt);
     $guideId = mysqli_insert_id($bdd);
     mysqli_stmt_close($stmt);
@@ -675,7 +678,8 @@ function deleteGuide($bdd, $id)
     return $req->affected_rows > 0;
 }
 
-function updatePratiques($contenu, $bdd) {
+function updatePratiques($contenu, $bdd)
+{
     $content = htmlspecialchars($contenu, ENT_QUOTES, 'UTF-8');
     $stmt = $bdd->prepare("UPDATE `pratique` SET `content` = ? WHERE `id` = 1 LIMIT 1");
     $stmt->bind_param("s", $content);
@@ -687,7 +691,8 @@ function updatePratiques($contenu, $bdd) {
     }
 }
 
-function getPratiques($bdd){
+function getPratiques($bdd)
+{
     $results = mysqli_query($bdd, "SELECT * FROM `pratique` WHERE `id`=1");
     if ($results && mysqli_num_rows($results) > 0) {
         $row = mysqli_fetch_assoc($results);
@@ -696,3 +701,76 @@ function getPratiques($bdd){
         return null;
     }
 }
+
+function updateEventVisibility($bdd, $eventId, $public)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "UPDATE evenements SET public = ? WHERE id = ?"
+    );
+
+    mysqli_stmt_bind_param($stmt, "si", $public, $eventId);
+    mysqli_stmt_execute($stmt);
+
+    $success = mysqli_stmt_affected_rows($stmt) >= 0;
+
+    mysqli_stmt_close($stmt);
+
+    return $success;
+}
+
+function getGuidesRepertoires($bdd)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "SELECT id, nom, image FROM repertoires_guide"
+    );
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+
+    $guides = [];
+    while ($row = mysqli_fetch_assoc($result)) {
+        $guides[] = $row;
+    }
+
+    mysqli_stmt_close($stmt);
+    return $guides;
+}
+
+function getGuidesFromRepertoire($bdd, $repertoireId)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "SELECT id, nom, image, lien FROM guides WHERE repertoire_id = ?"
+    );
+    mysqli_stmt_bind_param($stmt, "i", $repertoireId);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+
+    $guides = [];
+    while ($row = mysqli_fetch_assoc($result)) {
+        $guides[] = $row;
+    }
+
+    mysqli_stmt_close($stmt);
+    return $guides;
+}
+
+function creerRepertoireGuide(mysqli $conn, string $nom, string $image): int|false
+{
+    $sql = "INSERT INTO repertoires_guide (nom, image) VALUES (?, ?)";
+    
+    $stmt = $conn->prepare($sql);
+    if (!$stmt) {
+        return false;
+    }
+
+    $stmt->bind_param("ss", $nom, $image);
+
+    if (!$stmt->execute()) {
+        return false;
+    }
+    $id = $conn->insert_id;
+    $stmt->close();
+    return $id;
+}

Assets/sendMail.php

@@ -12,7 +12,7 @@ $message = ["
 <h1>Validation de création de compte</h1>
 <p>L'utilisateur {user} a demandé la création de son compte.</p>
 Le mail de validation sera envoyé à l'adresse : {mail}<br>
-Si vous voulez accepter, cliquez <a href='http://172.17.0.54/intranetv2/validate.php?user={user}&email={email}'>ici</a><br>
+Si vous voulez accepter, cliquez <a href='http://172.17.0.224/validate.php?user={user}&email={email}'>ici</a><br>
 <p>Sinon, vous pouvez simplement ignorer ce message</p><br>
 <p>Des bisous</p>
 ","
@@ -46,7 +46,7 @@ if($type == 0){
     $sendto = $email;
     $validationCode = createValidationCode($bdd, $user, 10080);
 
-    $message[1] = str_replace("{lien}", "http://172.17.0.54/intranetv2/createPassword.php?code=" . $validationCode["code"], $message[1]);
+    $message[1] = str_replace("{lien}", "http://172.17.0.224/createPassword.php?code=" . $validationCode["code"], $message[1]);
     $message[1] = str_replace("{user}", $user, $message[1]);
     $message[1] = str_replace("{email}", $email, $message[1]);
 }

activate.php

@@ -1,7 +1,15 @@
 <?php
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
-    header('location: ./Assets/sendMail.php?type=0&user=' . $_POST['user'] . '&email=' . htmlspecialchars($_POST['mail']));
+    //Verif
-    exit;
+    function useRegex($input, $regex)
+    {
+        return preg_match($regex, $input);
+    }
+
+    if(useRegex($_POST['user'], '/^APEI\d{4}$/') && useRegex($_POST['mail'], '/^[a-zA-Z0-9._%+-]+@apeimbge\.fr$/')){
+        header('location: ./Assets/sendMail.php?type=0&user=' . $_POST['user'] . '&email=' . htmlspecialchars($_POST['mail']));
+        exit;
+    }
 }
 ?>
 <!DOCTYPE html>

admin/gestionGuides.php

@@ -27,34 +27,77 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
     header('location: ./index.php');
 }
 
+$repertoires = getGuidesRepertoires($bdd);
+
 $uploadDir = "../Photos/INTRANET/guides/";
 
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
 
-    $titre = htmlspecialchars($_POST["titre"]);
+    if (!empty($_POST["repertoire_name"])) {
 
-    $pdfDir = "../Photos/INTRANET/guides/file/";
+        $renduImageDir = "../Photos/INTRANET/guides/repertoires/";
-    $imageDir = "../Photos/INTRANET/guides/image/";
+        $imageName = basename($_FILES["repertoire_image"]["name"]);
+        $imagePath = $renduImageDir . $imageName;
 
-    $renduPdfDir = "./Photos/INTRANET/guides/file/";
+        if (move_uploaded_file($_FILES["repertoire_image"]["tmp_name"], $imagePath)) {
-    $renduImageDir = "./Photos/INTRANET/guides/image/";
+            $repertoire_name = htmlspecialchars($_POST["repertoire_name"]);
+            $id = creerRepertoireGuide($bdd, $_POST['repertoire_name'], $imagePath);
 
-    $pdfName = basename($_FILES["pdf"]["name"]);
+            $titre = htmlspecialchars($_POST["titre"]);
-    $imageName = basename($_FILES["image"]["name"]);
+            $pdfDir = "../Photos/INTRANET/guides/file/";
+            $imageDir = "../Photos/INTRANET/guides/image/";
 
-    $pdfPath = $pdfDir . $pdfName;
+            $renduPdfDir = "./Photos/INTRANET/guides/file/";
-    $imagePath = $imageDir . $imageName;
+            $renduImageDir = "./Photos/INTRANET/guides/image/";
 
-    if (
+            $pdfName = basename($_FILES["pdf"]["name"]);
-        move_uploaded_file($_FILES["pdf"]["tmp_name"], $pdfPath) &&
+            $imageName = basename($_FILES["image"]["name"]);
-        move_uploaded_file($_FILES["image"]["tmp_name"], $imagePath)
-    ) {
 
-        createGuide($bdd, $_POST['titre'], $renduPdfDir.$pdfName, $renduImageDir.$imageName);
+            $pdfPath = $pdfDir . $pdfName;
+            $imagePath = $imageDir . $imageName;
 
-        echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+            if (
+                move_uploaded_file($_FILES["pdf"]["tmp_name"], $pdfPath) &&
+                move_uploaded_file($_FILES["image"]["tmp_name"], $imagePath)
+            ) {
+
+                createGuide($bdd, $_POST['titre'], $renduPdfDir . $pdfName, $renduImageDir . $imageName, $id);
+
+                echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+            } else {
+                echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+            }
+
+            echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+        } else {
+            echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+        }
     } else {
-        echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+
+        $titre = htmlspecialchars($_POST["titre"]);
+        $pdfDir = "../Photos/INTRANET/guides/file/";
+        $imageDir = "../Photos/INTRANET/guides/image/";
+
+        $renduPdfDir = "./Photos/INTRANET/guides/file/";
+        $renduImageDir = "./Photos/INTRANET/guides/image/";
+
+        $pdfName = basename($_FILES["pdf"]["name"]);
+        $imageName = basename($_FILES["image"]["name"]);
+
+        $pdfPath = $pdfDir . $pdfName;
+        $imagePath = $imageDir . $imageName;
+
+        if (
+            move_uploaded_file($_FILES["pdf"]["tmp_name"], $pdfPath) &&
+            move_uploaded_file($_FILES["image"]["tmp_name"], $imagePath)
+        ) {
+
+            createGuide($bdd, $_POST['titre'], $renduPdfDir . $pdfName, $renduImageDir . $imageName, $_POST['id']);
+
+            echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+        } else {
+            echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+        }
     }
 }
 
@@ -133,7 +176,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 
                     <div class="d-flex align-items-center">
                         <img class="image"
-                            src="<?= ".".$guide['image'] ?>"
+                            src="<?= "." . $guide['image'] ?>"
                             style="width:40px;height:40px;margin-right:10px;cursor:pointer;">
 
                         <div>
@@ -179,6 +222,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                 <input type="file" name="image" class="form-control" accept="image/*" required>
             </div>
 
+            <div class="mb-3">
+                <label for="repertoire" class="form-label">Id du répertoire :</label>
+                <select name="id" id="id">
+                    <option value="new">Nouveau</option>
+                    <?php foreach ($repertoires as $repertoire): ?>
+                        <option value="<?= $repertoire["id"] ?>"><?= $repertoire['nom'] ?></option>
+                    <?php endforeach ?>
+                </select>
+            </div>
+
+            <div class="mb-3 newRepertoireField" style="display:none;">
+                <label class="form-label">Nom du nouveau répertoire</label>
+                <input type="text" name="repertoire_name" class="form-control">
+            </div>
+
+            <div class="mb-3 newRepertoireField" style="display:none;">
+                <label class="form-label">Image</label>
+                <input type="file" name="repertoire_image" class="form-control" accept="image/*">
+            </div>
+
             <button type="submit" class="btn btn-primary">
                 Ajouter le guide
             </button>
@@ -186,4 +249,15 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
         </form>
 
     </div>
+    <script>
+        document.getElementById("id").addEventListener("change", function() {
+
+            const fields = document.getElementsByClassName("newRepertoireField");
+
+            for (let field of fields) {
+                field.style.display = this.value === "new" ? "block" : "none";
+            }
+
+        });
+    </script>
 </body>

admin/modifyEvent.php

@@ -25,8 +25,6 @@ $couverture = getEventBigImage($bdd, $eventId) ?? '';
 $public = getEventVisibility($bdd, $eventId);
 
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
-    var_dump($_POST);
-    die();
     if (!empty($_POST['title'])) {
         updateEventTitle($bdd, $eventId, trim($_POST['title']));
     }
@@ -36,6 +34,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
     if (!isset($_POST['site'])) {
         updateEventSite($bdd, $eventId, $_POST['site']);
     }
+    if(isset($_POST['public'])){
+        updateEventVisibility($bdd, $eventId, 1);
+    }else{
+        updateEventVisibility($bdd, $eventId, 0);
+    }
 
     if (!empty($_FILES['couverture']['name'])) {
         $uploadDir = "../Photos/INTRANET/";
@@ -193,7 +196,7 @@ if (!empty($_POST['new'])) {
             <?php endif ?>
             <div class="mb-3">
                 <label for="public">Public ?</label>
-                <input type="checkbox" name="public" id="public" value="<?= $public ?>">
+                <input type="checkbox" name="public" id="public" value="1" <?= $public ? 'checked' : '' ?>>
             </div>
             <?php if (empty($_GET['id'])): ?>
                 <input type="text" name="new" id="new" value="new" style="display: none;">

admin/modifyGallery.php

@@ -33,6 +33,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
         foreach ($_FILES['images']['tmp_name'] as $key => $tmpName) {
 
+            if ($_FILES['images']['error'][$key] !== UPLOAD_ERR_OK) {
+                continue;
+            }
+
+            if (!is_uploaded_file($tmpName)) {
+                continue;
+            }
+
             $fileSize = $_FILES['images']['size'][$key];
 
             $finfo = finfo_open(FILEINFO_MIME_TYPE);
@@ -96,6 +104,7 @@ while ($row = mysqli_fetch_assoc($result)) {
 
 <!DOCTYPE html>
 <html lang="fr">
+
 <head>
     <meta charset="UTF-8">
     <title>Galerie évènement</title>
@@ -178,4 +187,5 @@ while ($row = mysqli_fetch_assoc($result)) {
 
     <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
 </body>
+
 </html>

guides.php

@@ -4,7 +4,11 @@ $config = json_decode(file_get_contents("./Assets/config.json"), true);
 $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
 $page = 'Guides';
 
-$guides = getGuides($bdd);
+if (!isset($_GET["repertoire"])) {
+  $guides = getGuidesRepertoires($bdd);
+} else {
+  $guides = getGuidesFromRepertoire($bdd, $_GET["repertoire"]);
+}
 ?>
 <!doctype html>
 <html lang="fr">
@@ -22,10 +26,12 @@ $guides = getGuides($bdd);
   <?php include('./Assets/navbar.php'); ?>
 
   <div class="grid-container">
-    <?php foreach ($guides as $guide): ?>
+    <?php foreach ($guides as $guide):
-      <div class="card" style="" onclick="window.location.href='<?= $guide['lien'] ?>'">
+      $var = isset($_GET['repertoire']) ? $guide['lien'] : '?repertoire=' . $guide['id'];
+    ?>
+      <div class="card" style="" onclick="window.location.href='<?= $var ?>'">
         <h4><?= $guide['nom'] ?></h4>
-        <img src="<?= $guide['image'] ?>">
+        <img src="<?= str_replace('..', '.', $guide['image']) ?>">
       </div>
     <?php endforeach ?>
   </div>

login.php

@@ -3,16 +3,23 @@ require('./Assets/functions.php');
 $config = json_decode(file_get_contents("./Assets/config.json"), true);
 $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
 
+function useRegex($input, $regex)
+    {
+        return preg_match($regex, $input);
+    }
+
 session_start();
 
 if (isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_to'])) {
-  if (validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])) {
+  if (useRegex($_POST['user'], '/^APEI\d{4}$/')) {
-    $csrf = '';
+    if (validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])) {
-    $_SESSION['connected'] = true;
+      $csrf = '';
-    $_SESSION['site'] = getSite($bdd, $_POST['user']);
+      $_SESSION['connected'] = true;
-    $_SESSION['permission'] = getUserPerms($bdd, $_POST['user']);
+      $_SESSION['site'] = getSite($bdd, $_POST['user']);
-    $_SESSION['username'] = $_POST['user'];
+      $_SESSION['permission'] = getUserPerms($bdd, $_POST['user']);
-    header('location: ' . $_GET['redirect_to']);
+      $_SESSION['username'] = $_POST['user'];
+      header('location: ' . $_GET['redirect_to']);
+    }
   }
 } else {
   $csrf = bin2hex(random_bytes(32));
@@ -42,7 +49,8 @@ if (isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_
     </div>
     <div class="form-group">
       <input type="hidden" name="csrf" value="<?= $csrf ?>">
-      <button type="submit" class="btn btn-primary" id="button">Connexion</button>
+      <button type="submit" class="btn btn-primary button">Connexion</button>
+      <button class="btn btn-success button" onclick="window.location.replace('./index.php')">Revenir à l'accueil</button>
     </div>
   </form>
   <a href="./activate.php">Activer mon compte</a>

pratiques.php

@@ -6,20 +6,28 @@ $page = "bonnes pratiques";
 ?>
 <!doctype html>
 <html lang="fr">
-  <head>
-    <meta charset="utf-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1">
-    <title>Intranet de l'APEI</title>
-    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
-    <link rel="stylesheet" href="./styles-scripts/pratiques.css">
-    <link rel="shortcut icon" href="./Assets/Icones/APEIMBGE.jpg" type="image/x-icon">
-  </head>
-  <body>
-    <?php include('./Assets/navbar.php');?>
 
-    <?=html_entity_decode(getPratiques($bdd), ENT_QUOTES, 'UTF-8');?>
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Intranet de l'APEI</title>
+  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
+  <link rel="stylesheet" href="./styles-scripts/pratiques.css">
+  <link rel="shortcut icon" href="./Assets/Icones/APEIMBGE.jpg" type="image/x-icon">
+</head>
+<style>
+  body {
+    padding: 50px;
+  }
+</style>
+
+<body>
+  <?php include('./Assets/navbar.php'); ?>
+
+  <?= html_entity_decode(getPratiques($bdd), ENT_QUOTES, 'UTF-8'); ?>
+
+  <!-- footer pas toucher -->
+  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
+</body>
 
-    <!-- footer pas toucher -->
-    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
-  </body>
 </html>

styles-scripts/login.css

@@ -2,7 +2,15 @@ body
 {
     padding: 1rem;
 }
-#button
+.button
 {
-    margin-top: 2px;
+    margin-top: 10px;
+}
+
+h3
+{
+    margin-top: 35px;
+}
+a{
+    font-size: 1.5rem;
 }