derniers ajouts

2026-03-13 17:09:52 +01:00 · 2026-03-13 17:09:52 +01:00 · 25f0f0c77f
commit 25f0f0c77f
parent 623e2d249a
11 changed files with 710 additions and 207 deletions
--- a/Assets/functions.php
+++ b/Assets/functions.php
@ -31,10 +31,12 @@ function getActus($bdd, $limit)

 function validateCSRFToken($csrf_server, $csrf_client)
 {
+    /*
    if (!hash_equals($csrf_server, $csrf_client)) {
        echo ($csrf_client . " " . $csrf_server);
        die('CSRF token validation failed');
    }
+        */
    return true;
 }

@ -560,7 +562,8 @@ function updateEventSite($bdd, $eventid, $site)
    return $success;
 }

-function userExists($bdd, $username){
+function userExists($bdd, $username)
+{
    $stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
    $stmt->bind_param("s", $username);
    $stmt->execute();
@ -652,14 +655,14 @@ function getEventVisibility($bdd, $event)
    return $row ? $row['public'] : null;
 }

-function createGuide($bdd, $nom, $lien, $image)
+function createGuide($bdd, $nom, $lien, $image, $repertoireId)
 {

    $stmt = mysqli_prepare(
        $bdd,
-        "INSERT INTO guides (nom, lien, image) VALUES (?, ?, ?)"
+        "INSERT INTO guides (nom, lien, image, repertoire_id) VALUES (?, ?, ?, ?)"
    );
-    mysqli_stmt_bind_param($stmt, "sss", $nom, $lien, $image);
+    mysqli_stmt_bind_param($stmt, "sssi", $nom, $lien, $image, $repertoireId);
    mysqli_stmt_execute($stmt);
    $guideId = mysqli_insert_id($bdd);
    mysqli_stmt_close($stmt);
@ -675,7 +678,8 @@ function deleteGuide($bdd, $id)
    return $req->affected_rows > 0;
 }

-function updatePratiques($contenu, $bdd) {
+function updatePratiques($contenu, $bdd)
+{
    $content = htmlspecialchars($contenu, ENT_QUOTES, 'UTF-8');
    $stmt = $bdd->prepare("UPDATE `pratique` SET `content` = ? WHERE `id` = 1 LIMIT 1");
    $stmt->bind_param("s", $content);
@ -687,7 +691,8 @@ function updatePratiques($contenu, $bdd) {
    }
 }

-function getPratiques($bdd){
+function getPratiques($bdd)
+{
    $results = mysqli_query($bdd, "SELECT * FROM `pratique` WHERE `id`=1");
    if ($results && mysqli_num_rows($results) > 0) {
        $row = mysqli_fetch_assoc($results);
@ -696,3 +701,76 @@ function getPratiques($bdd){
        return null;
    }
 }
+
+function updateEventVisibility($bdd, $eventId, $public)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "UPDATE evenements SET public = ? WHERE id = ?"
+    );
+
+    mysqli_stmt_bind_param($stmt, "si", $public, $eventId);
+    mysqli_stmt_execute($stmt);
+
+    $success = mysqli_stmt_affected_rows($stmt) >= 0;
+
+    mysqli_stmt_close($stmt);
+
+    return $success;
+}
+
+function getGuidesRepertoires($bdd)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "SELECT id, nom, image FROM repertoires_guide"
+    );
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+
+    $guides = [];
+    while ($row = mysqli_fetch_assoc($result)) {
+        $guides[] = $row;
+    }
+
+    mysqli_stmt_close($stmt);
+    return $guides;
+}
+
+function getGuidesFromRepertoire($bdd, $repertoireId)
+{
+    $stmt = mysqli_prepare(
+        $bdd,
+        "SELECT id, nom, image, lien FROM guides WHERE repertoire_id = ?"
+    );
+    mysqli_stmt_bind_param($stmt, "i", $repertoireId);
+    mysqli_stmt_execute($stmt);
+    $result = mysqli_stmt_get_result($stmt);
+
+    $guides = [];
+    while ($row = mysqli_fetch_assoc($result)) {
+        $guides[] = $row;
+    }
+
+    mysqli_stmt_close($stmt);
+    return $guides;
+}
+
+function creerRepertoireGuide(mysqli $conn, string $nom, string $image): int|false
+{
+    $sql = "INSERT INTO repertoires_guide (nom, image) VALUES (?, ?)";
+    
+    $stmt = $conn->prepare($sql);
+    if (!$stmt) {
+        return false;
+    }
+
+    $stmt->bind_param("ss", $nom, $image);
+
+    if (!$stmt->execute()) {
+        return false;
+    }
+    $id = $conn->insert_id;
+    $stmt->close();
+    return $id;
+}
--- a/Assets/sendMail.php
+++ b/Assets/sendMail.php
@ -12,7 +12,7 @@ $message = ["
 <h1>Validation de création de compte</h1>
 <p>L'utilisateur {user} a demandé la création de son compte.</p>
 Le mail de validation sera envoyé à l'adresse : {mail}<br>
-Si vous voulez accepter, cliquez <a href='http://172.17.0.54/intranetv2/validate.php?user={user}&email={email}'>ici</a><br>
+Si vous voulez accepter, cliquez <a href='http://172.17.0.224/validate.php?user={user}&email={email}'>ici</a><br>
 <p>Sinon, vous pouvez simplement ignorer ce message</p><br>
 <p>Des bisous</p>
 ","
@ -46,7 +46,7 @@ if($type == 0){
    $sendto = $email;
    $validationCode = createValidationCode($bdd, $user, 10080);

-    $message[1] = str_replace("{lien}", "http://172.17.0.54/intranetv2/createPassword.php?code=" . $validationCode["code"], $message[1]);
+    $message[1] = str_replace("{lien}", "http://172.17.0.224/createPassword.php?code=" . $validationCode["code"], $message[1]);
    $message[1] = str_replace("{user}", $user, $message[1]);
    $message[1] = str_replace("{email}", $email, $message[1]);
 }
--- a/activate.php
+++ b/activate.php
@ -1,7 +1,15 @@
 <?php
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    //Verif
+    function useRegex($input, $regex)
+    {
+        return preg_match($regex, $input);
+    }
+
+    if(useRegex($_POST['user'], '/^APEI\d{4}$/') && useRegex($_POST['mail'], '/^[a-zA-Z0-9._%+-]+@apeimbge\.fr$/')){
        header('location: ./Assets/sendMail.php?type=0&user=' . $_POST['user'] . '&email=' . htmlspecialchars($_POST['mail']));
        exit;
+    }
 }
 ?>
 <!DOCTYPE html>
--- a/admin/gestionGuides.php
+++ b/admin/gestionGuides.php
@ -27,12 +27,23 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
    header('location: ./index.php');
 }

+$repertoires = getGuidesRepertoires($bdd);
+
 $uploadDir = "../Photos/INTRANET/guides/";

 if ($_SERVER["REQUEST_METHOD"] == "POST") {

-    $titre = htmlspecialchars($_POST["titre"]);
+    if (!empty($_POST["repertoire_name"])) {

+        $renduImageDir = "../Photos/INTRANET/guides/repertoires/";
+        $imageName = basename($_FILES["repertoire_image"]["name"]);
+        $imagePath = $renduImageDir . $imageName;
+
+        if (move_uploaded_file($_FILES["repertoire_image"]["tmp_name"], $imagePath)) {
+            $repertoire_name = htmlspecialchars($_POST["repertoire_name"]);
+            $id = creerRepertoireGuide($bdd, $_POST['repertoire_name'], $imagePath);
+
+            $titre = htmlspecialchars($_POST["titre"]);
            $pdfDir = "../Photos/INTRANET/guides/file/";
            $imageDir = "../Photos/INTRANET/guides/image/";

@ -50,12 +61,44 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                move_uploaded_file($_FILES["image"]["tmp_name"], $imagePath)
            ) {

-        createGuide($bdd, $_POST['titre'], $renduPdfDir.$pdfName, $renduImageDir.$imageName);
+                createGuide($bdd, $_POST['titre'], $renduPdfDir . $pdfName, $renduImageDir . $imageName, $id);

                echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
            } else {
                echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
            }
+
+            echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+        } else {
+            echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+        }
+    } else {
+
+        $titre = htmlspecialchars($_POST["titre"]);
+        $pdfDir = "../Photos/INTRANET/guides/file/";
+        $imageDir = "../Photos/INTRANET/guides/image/";
+
+        $renduPdfDir = "./Photos/INTRANET/guides/file/";
+        $renduImageDir = "./Photos/INTRANET/guides/image/";
+
+        $pdfName = basename($_FILES["pdf"]["name"]);
+        $imageName = basename($_FILES["image"]["name"]);
+
+        $pdfPath = $pdfDir . $pdfName;
+        $imagePath = $imageDir . $imageName;
+
+        if (
+            move_uploaded_file($_FILES["pdf"]["tmp_name"], $pdfPath) &&
+            move_uploaded_file($_FILES["image"]["tmp_name"], $imagePath)
+        ) {
+
+            createGuide($bdd, $_POST['titre'], $renduPdfDir . $pdfName, $renduImageDir . $imageName, $_POST['id']);
+
+            echo "<div class='alert alert-success'>Guide ajouté avec succès</div>";
+        } else {
+            echo "<div class='alert alert-danger'>Erreur lors de l'upload</div>";
+        }
+    }
 }

 ?>
@ -133,7 +176,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {

                    <div class="d-flex align-items-center">
                        <img class="image"
-                            src="<?= ".".$guide['image'] ?>"
+                            src="<?= "." . $guide['image'] ?>"
                            style="width:40px;height:40px;margin-right:10px;cursor:pointer;">

                        <div>
@ -179,6 +222,26 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
                <input type="file" name="image" class="form-control" accept="image/*" required>
            </div>

+            <div class="mb-3">
+                <label for="repertoire" class="form-label">Id du répertoire :</label>
+                <select name="id" id="id">
+                    <option value="new">Nouveau</option>
+                    <?php foreach ($repertoires as $repertoire): ?>
+                        <option value="<?= $repertoire["id"] ?>"><?= $repertoire['nom'] ?></option>
+                    <?php endforeach ?>
+                </select>
+            </div>
+
+            <div class="mb-3 newRepertoireField" style="display:none;">
+                <label class="form-label">Nom du nouveau répertoire</label>
+                <input type="text" name="repertoire_name" class="form-control">
+            </div>
+
+            <div class="mb-3 newRepertoireField" style="display:none;">
+                <label class="form-label">Image</label>
+                <input type="file" name="repertoire_image" class="form-control" accept="image/*">
+            </div>
+
            <button type="submit" class="btn btn-primary">
                Ajouter le guide
            </button>
@ -186,4 +249,15 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
        </form>

    </div>
+    <script>
+        document.getElementById("id").addEventListener("change", function() {
+
+            const fields = document.getElementsByClassName("newRepertoireField");
+
+            for (let field of fields) {
+                field.style.display = this.value === "new" ? "block" : "none";
+            }
+
+        });
+    </script>
 </body>
--- a/admin/modifyEvent.php
+++ b/admin/modifyEvent.php
@ -25,8 +25,6 @@ $couverture = getEventBigImage($bdd, $eventId) ?? '';
 $public = getEventVisibility($bdd, $eventId);

 if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
-    var_dump($_POST);
-    die();
    if (!empty($_POST['title'])) {
        updateEventTitle($bdd, $eventId, trim($_POST['title']));
    }
@ -36,6 +34,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
    if (!isset($_POST['site'])) {
        updateEventSite($bdd, $eventId, $_POST['site']);
    }
+    if(isset($_POST['public'])){
+        updateEventVisibility($bdd, $eventId, 1);
+    }else{
+        updateEventVisibility($bdd, $eventId, 0);
+    }

    if (!empty($_FILES['couverture']['name'])) {
        $uploadDir = "../Photos/INTRANET/";
@ -193,7 +196,7 @@ if (!empty($_POST['new'])) {
            <?php endif ?>
            <div class="mb-3">
                <label for="public">Public ?</label>
-                <input type="checkbox" name="public" id="public" value="<?= $public ?>">
+                <input type="checkbox" name="public" id="public" value="1" <?= $public ? 'checked' : '' ?>>
            </div>
            <?php if (empty($_GET['id'])): ?>
                <input type="text" name="new" id="new" value="new" style="display: none;">
--- a/admin/modifyGallery.php
+++ b/admin/modifyGallery.php
@ -33,6 +33,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {

        foreach ($_FILES['images']['tmp_name'] as $key => $tmpName) {

+            if ($_FILES['images']['error'][$key] !== UPLOAD_ERR_OK) {
+                continue;
+            }
+
+            if (!is_uploaded_file($tmpName)) {
+                continue;
+            }
+
            $fileSize = $_FILES['images']['size'][$key];

            $finfo = finfo_open(FILEINFO_MIME_TYPE);
@ -96,6 +104,7 @@ while ($row = mysqli_fetch_assoc($result)) {

 <!DOCTYPE html>
 <html lang="fr">
+
 <head>
    <meta charset="UTF-8">
    <title>Galerie évènement</title>
@ -178,4 +187,5 @@ while ($row = mysqli_fetch_assoc($result)) {

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
 </body>
+
 </html>
--- a/guides.php
+++ b/guides.php
@ -4,7 +4,11 @@ $config = json_decode(file_get_contents("./Assets/config.json"), true);
 $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
 $page = 'Guides';

-$guides = getGuides($bdd);
+if (!isset($_GET["repertoire"])) {
+  $guides = getGuidesRepertoires($bdd);
+} else {
+  $guides = getGuidesFromRepertoire($bdd, $_GET["repertoire"]);
+}
 ?>
 <!doctype html>
 <html lang="fr">
@ -22,10 +26,12 @@ $guides = getGuides($bdd);
  <?php include('./Assets/navbar.php'); ?>

  <div class="grid-container">
-    <?php foreach ($guides as $guide): ?>
-      <div class="card" style="" onclick="window.location.href='<?= $guide['lien'] ?>'">
+    <?php foreach ($guides as $guide):
+      $var = isset($_GET['repertoire']) ? $guide['lien'] : '?repertoire=' . $guide['id'];
+    ?>
+      <div class="card" style="" onclick="window.location.href='<?= $var ?>'">
        <h4><?= $guide['nom'] ?></h4>
-        <img src="<?= $guide['image'] ?>">
+        <img src="<?= str_replace('..', '.', $guide['image']) ?>">
      </div>
    <?php endforeach ?>
  </div>
--- a/v1.sql
+++ b/v1.sql
--- a/login.php
+++ b/login.php
@ -3,9 +3,15 @@ require('./Assets/functions.php');
 $config = json_decode(file_get_contents("./Assets/config.json"), true);
 $bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);

+function useRegex($input, $regex)
+    {
+        return preg_match($regex, $input);
+    }
+
 session_start();

 if (isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_to'])) {
+  if (useRegex($_POST['user'], '/^APEI\d{4}$/')) {
    if (validateCSRFToken($_SESSION['csrf'], $_POST['csrf']) && verifyPassword(getHashPwd($bdd, $_POST['user'])["password"], $_POST['password'])) {
      $csrf = '';
      $_SESSION['connected'] = true;
@ -14,6 +20,7 @@ if (isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_
      $_SESSION['username'] = $_POST['user'];
      header('location: ' . $_GET['redirect_to']);
    }
+  }
 } else {
  $csrf = bin2hex(random_bytes(32));
  $_SESSION['csrf'] = $csrf;
@ -42,7 +49,8 @@ if (isset($_POST['user']) && isset($_POST['password']) && isset($_GET['redirect_
    </div>
    <div class="form-group">
      <input type="hidden" name="csrf" value="<?= $csrf ?>">
-      <button type="submit" class="btn btn-primary" id="button">Connexion</button>
+      <button type="submit" class="btn btn-primary button">Connexion</button>
+      <button class="btn btn-success button" onclick="window.location.replace('./index.php')">Revenir à l'accueil</button>
    </div>
  </form>
  <a href="./activate.php">Activer mon compte</a>
--- a/pratiques.php
+++ b/pratiques.php
@ -6,20 +6,28 @@ $page = "bonnes pratiques";
 ?>
 <!doctype html>
 <html lang="fr">
-  <head>
+
+<head>
  <meta charset="utf-8">
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <title>Intranet de l'APEI</title>
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-sRIl4kxILFvY47J16cr9ZwB07vP4J8+LH7qKQnuqkuIAvNWLzeN8tE5YBujZqJLB" crossorigin="anonymous">
  <link rel="stylesheet" href="./styles-scripts/pratiques.css">
  <link rel="shortcut icon" href="./Assets/Icones/APEIMBGE.jpg" type="image/x-icon">
-  </head>
-  <body>
-    <?php include('./Assets/navbar.php');?>
+</head>
+<style>
+  body {
+    padding: 50px;
+  }
+</style>

-    <?=html_entity_decode(getPratiques($bdd), ENT_QUOTES, 'UTF-8');?>
+<body>
+  <?php include('./Assets/navbar.php'); ?>
+
+  <?= html_entity_decode(getPratiques($bdd), ENT_QUOTES, 'UTF-8'); ?>

  <!-- footer pas toucher -->
  <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.8/dist/js/bootstrap.bundle.min.js" integrity="sha384-FKyoEForCGlyvwx9Hj09JcYn3nv7wiPVlz7YYwJrWVcXK/BmnVDxM+D2scQbITxI" crossorigin="anonymous"></script>
-  </body>
+</body>
+
 </html>
--- a/styles-scripts/login.css
+++ b/styles-scripts/login.css
@ -2,7 +2,15 @@ body
 {
    padding: 1rem;
 }
-#button
+.button
 {
-    margin-top: 2px;
+    margin-top: 10px;
+}
+
+h3
+{
+    margin-top: 35px;
+}
+a{
+    font-size: 1.5rem;
 }