wktr/intranet-apei
wktr/intranet-apei
1
0
Fork 0
Code Issues Wiki Activity

Gestion d'utilisateurs + modifs mineurs

Browse source
This commit is contained in:
Erwann PHILIPPE 2026-03-11 12:01:32 +01:00
parent 8664630961
commit cb1fc55388
11 changed files with 1437 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
Assets/functions.php
View file

@ -66,22 +66,20 @@ function getHashPwd($bdd, $username)
return $user; // retourne un tableau ou null return $user; // retourne un tableau ou null
} }
function getEvenements($bdd, $site) function getEvenements($bdd, $site, $allSites = false)
{ {
$results = mysqli_query( if ($allSites) {
$bdd, $query = "SELECT * FROM evenements ORDER BY date DESC";
"SELECT * FROM evenements } else {
WHERE site_id = '" . $site . "' $query = "SELECT * FROM evenements
OR public = 1 WHERE site_id = '$site' OR public = 1
ORDER BY date DESC" ORDER BY date DESC";
); }
$results = mysqli_query($bdd, $query);
$evenements = []; $evenements = [];
while ($row = mysqli_fetch_assoc($results)) { while ($row = mysqli_fetch_assoc($results)) {
$evenements[] = $row; $evenements[] = $row;
} }
return $evenements; return $evenements;
} }
@ -453,13 +451,13 @@ function createValidationCode($bdd, $user, $ttlMinutes = 60)
while ($exists) { while ($exists) {
$code = bin2hex(random_bytes(16)); $code = bin2hex(random_bytes(16));
$checkStmt = mysqli_prepare($bdd, "SELECT id FROM `$table` WHERE `$colCode` = ? LIMIT 1"); $checkStmt = mysqli_prepare($bdd, "SELECT id FROM `$table` WHERE `$colCode` = ? LIMIT 1");
if ($checkStmt) { if ($checkStmt) {
mysqli_stmt_bind_param($checkStmt, "s", $code); mysqli_stmt_bind_param($checkStmt, "s", $code);
mysqli_stmt_execute($checkStmt); mysqli_stmt_execute($checkStmt);
mysqli_stmt_store_result($checkStmt); mysqli_stmt_store_result($checkStmt);
if (mysqli_stmt_num_rows($checkStmt) == 0) { if (mysqli_stmt_num_rows($checkStmt) == 0) {
$exists = false; $exists = false;
} }
@ -473,7 +471,7 @@ function createValidationCode($bdd, $user, $ttlMinutes = 60)
$insertSql = "INSERT INTO `$table` (`$colCode`, `$colUser`, `$colExpire`) VALUES (?, ?, ?)"; $insertSql = "INSERT INTO `$table` (`$colCode`, `$colUser`, `$colExpire`) VALUES (?, ?, ?)";
$insertStmt = mysqli_prepare($bdd, $insertSql); $insertStmt = mysqli_prepare($bdd, $insertSql);
if ($insertStmt) { if ($insertStmt) {
mysqli_stmt_bind_param($insertStmt, "sss", $code, $user, $expiresAt); mysqli_stmt_bind_param($insertStmt, "sss", $code, $user, $expiresAt);
$success = mysqli_stmt_execute($insertStmt); $success = mysqli_stmt_execute($insertStmt);
@ -525,4 +523,104 @@ function getUserFromCode($bdd, $code)
mysqli_stmt_close($stmt); mysqli_stmt_close($stmt);
return $row ? $row['utilisateur'] : null; return $row ? $row['utilisateur'] : null;
}
function getEventSite($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT site_id FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['site_id'] : null;
}
function updateEventSite($bdd, $eventid, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET site_id = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "ii", $site, $eventid);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function userExists($bdd, $username){
$stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows > 0;
}
function createUser($bdd, $username, $password, $permissions, $site_id)
{
$sql = "INSERT INTO utilisateurs (username, password, permissions, site_id) VALUES (?, ?, ?, ?)";
$req = $bdd->prepare($sql);
$req->bind_param("sssi", $username, $password, $permissions, $site_id);
$req->execute();
return $bdd->insert_id;
}
function getAllPermissions($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `permissions`");
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function updateUserSite($bdd, $user, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET site_id = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "is", $site, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateUserPermissions($bdd, $user, $permissions)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET permissions = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "ss", $permissions, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
} }

2
Assets/sendMail.php
View file

@ -68,7 +68,7 @@ try {
$mail->setFrom('intranet-apei@apeimbge.fr', 'Demande de connexion'); $mail->setFrom('intranet-apei@apeimbge.fr', 'Demande de connexion');
$mail->addAddress($sendto); $mail->addAddress($sendto);
$mail->addAddress('erwann.philippe2@gmail.com'); //$mail->addAddress('erwann.philippe2@gmail.com');
$mail->Subject = $objet[$type]; $mail->Subject = $objet[$type];
$mail->Body = $message[$type]; $mail->Body = $message[$type];

197
admin/admin.php
View file

@ -9,7 +9,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: ../login.php?redirect_to=./admin/'); header('location: ../login.php?redirect_to=./admin/');
} }
$events = getEvenements($bdd, $_SESSION['site']); $permission = $_SESSION["permission"];
if ($permission == "admin") {
$evenements = getEvenements($bdd, $_SESSION['site'], true);
} else {
$evenements = getEvenements($bdd, $_SESSION['site']);
}
/* Récupération des infos */ /* Récupération des infos */
$permissions = $_SESSION['permission']; $permissions = $_SESSION['permission'];
@ -24,7 +29,6 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
$uploadDir = "../Photos/INTRANET/"; $uploadDir = "../Photos/INTRANET/";
if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['nom']) && !empty($_POST['url']) && !empty($_POST['image'])) { if (!empty($_POST['nom']) && !empty($_POST['url']) && !empty($_POST['image'])) {
@ -40,8 +44,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit; exit;
} }
} }
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="fr"> <html lang="fr">
@ -49,9 +51,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<head> <head>
<meta charset="UTF-8"> <meta charset="UTF-8">
<title>Gestion Intranet</title> <title>Gestion Intranet</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet"> <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="../styles-scripts/index.admin.css"> <link rel="stylesheet" href="../styles-scripts/index.admin.css">
</head> </head>
<script> <script>
function addShortcut() { function addShortcut() {
@ -59,35 +64,33 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
const block = document.createElement("div"); const block = document.createElement("div");
block.className = "";
block.innerHTML = ` block.innerHTML = `
<form method="post"> <form method="post">
<div class="row"> <div class="row">
<div class="col-md-4">
<label>Nom</label>
<input type="text" name="nom" class="form-control" required>
</div>
<div class="col-md-4">
<label>URL</label>
<input type="text" name="url" class="form-control" required>
</div>
<div class="col-md-4">
<label>Image</label>
<input type="text" name="image" class="form-control" required>
</div>
<div class="col-md-4">
<label>Nom</label>
<input type="text" name="nom" class="form-control" required>
</div> </div>
<button type="submit" class="btn btn-primary mt-2"> <div class="col-md-4">
Créer le raccourci <label>URL</label>
</button> <input type="text" name="url" class="form-control" required>
</div>
</form> <div class="col-md-4">
<label>Image</label>
<input type="text" name="image" class="form-control" required>
</div>
</div>
<button type="submit" class="btn btn-primary mt-2">
Créer le raccourci
</button>
</form>
`; `;
container.appendChild(block); container.appendChild(block);
@ -95,62 +98,146 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
</script> </script>
<body> <body>
<h1>Gestion de l'intranet</h1> <h1>Gestion de l'intranet</h1>
<!-- navbar --> <!-- navbar -->
<nav class="navbar navbar-expand-lg navbar-light bg-light"> <nav class="navbar navbar-expand-lg navbar-light bg-light">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation"> <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent">
<span class="navbar-toggler-icon"></span> <span class="navbar-toggler-icon"></span>
</button> </button>
<div class="collapse navbar-collapse" id="navbarSupportedContent"> <div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto"> <ul class="navbar-nav mr-auto">
<li class="nav-item"> <li class="nav-item">
<a href="index.php" class="nav-link">Évènements</a> <a href="index.php" class="nav-link">Évènements</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="modifyActuality.php" class="nav-link">Actualités</a> <a href="modifyActuality.php" class="nav-link">Actualités</a>
</li> </li>
<li class="nav-item"> <li class="nav-item">
<a href="admin.php" class="nav-link">Administration</a> <a href="admin.php" class="nav-link">Administration</a>
</li> </li>
</ul> </ul>
</div> </div>
</nav> </nav>
<!-- Partie création de raccourcis -->
<div class="">
<h3>Création de raccourcis</h3> <div class="container mt-4">
<!-- Onglets -->
<ul class="nav nav-tabs" id="adminTabs" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active"
id="raccourcis-tab"
data-bs-toggle="tab"
data-bs-target="#raccourcis"
type="button"
role="tab">
Raccourcis
</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link"
id="users-tab"
data-bs-toggle="tab"
data-bs-target="#users"
type="button"
role="tab">
Utilisateurs
</button>
</li>
</ul>
<div class="tab-content mt-4">
<!-- Onglet raccourcis -->
<div class="tab-pane fade show active" id="raccourcis" role="tabpanel">
<h3>Création de raccourcis</h3>
<div class="mb-4">
<?php $shortcuts = getRaccourcis($bdd); ?>
<?php foreach ($shortcuts as $shortcut): ?>
<div class="card p-3 mb-2 d-flex flex-row align-items-center shortcut"
data-id="<?= $shortcut['id'] ?>">
<img class="editable-image"
src="<?= (str_starts_with($shortcut['image'], 'http') || str_starts_with($shortcut['image'], 'data')) ? htmlspecialchars($shortcut['image']) : "." . htmlspecialchars($shortcut['image']) ?>"
style="width:40px;height:40px;margin-right:10px;cursor:pointer;">
<div>
<strong class="editable" data-field="nom">
<?= htmlspecialchars($shortcut['nom']) ?>
</strong>
<br>
<small class="editable" data-field="url">
<?= htmlspecialchars($shortcut['url']) ?>
</small>
</div>
</div>
<?php endforeach; ?>
<div class="mb-4">
<?php $shortcuts = getRaccourcis($bdd); ?>
<?php foreach ($shortcuts as $shortcut): ?>
<div class="card p-3 mb-2 d-flex flex-row align-items-center shortcut"
data-id="<?= $shortcut['id'] ?>">
<img class="editable-image"
src="<?= (str_starts_with($shortcut['image'], 'http') || str_starts_with($shortcut['image'], 'data')) ? htmlspecialchars($shortcut['image']) : "." . htmlspecialchars($shortcut['image']) ?>"
style="width:40px;height:40px;margin-right:10px;cursor:pointer;">
<div>
<strong class="editable"
data-field="nom">
<?= htmlspecialchars($shortcut['nom']) ?>
</strong><br>
<small class="editable"
data-field="url">
<?= htmlspecialchars($shortcut['url']) ?>
</small>
</div>
</div> </div>
<?php endforeach; ?>
<button class="btn btn-success mb-3" onclick="addShortcut()">
Ajouter un raccourci
</button>
<div id="shortcutsContainer"></div>
</div>
<!-- Onglet utilisateurs -->
<div class="tab-pane fade" id="users" role="tabpanel">
<?php
$permissions = getAllPermissions($bdd);
$roles = [];
foreach ($permissions as $permission) {
array_push($roles, $permission["nom"]);
}
?>
<h3>Modification d'un utilisateur</h3>
<form action="./gestionUser.php" method="post">
<label for="username">Nom d'utilisateur à créer</label>
<input type="text" name="username" id="username" required><br>
<label for="password">Mot de passe</label>
<input type="password" name="password" id="password"><br>
<label for="site">Id du site</label>
<input type="number" id="site" name="site"><br>
<label for="permissions">Permission de l'utilisateur</label>
<select name="permissions" id="permissions">
<option value="void">Sélectionner</option>
<?php foreach ($roles as $role) { ?>
<option value="<?php echo $role; ?>">
<?php echo $role; ?>
</option>
<?php } ?>
</select><br>
<button type="submit">Envoyer</button>
</form>
</div>
</div> </div>
<button class="btn btn-success mb-3" onclick="addShortcut()">
Ajouter un raccourci
</button>
<div id="shortcutsContainer"></div>
</div> </div>
<script src="../styles-scripts/editableCards.js"></script> <script src="../styles-scripts/editableCards.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body> </body>
</html> </html>

18
admin/gestionUser.php Normal file
View file

@ -0,0 +1,18 @@
<?php
include("../Assets/functions.php");
$config = json_decode(file_get_contents("../Assets/config.json"), true);
$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
if (userExists($bdd, $_POST['username'])) {
if (isset($_POST['password']) && !empty($_POST["password"])) {
updateUserPassword($bdd, $_POST['username'], hash('sha256', $_POST['password']));
}
if(isset($_POST['site']) && $_POST["site"] != ""){
updateUserSite($bdd, $_POST["username"], $_POST["site"]);
}
if($_POST['permissions'] != "Sélectionner"){
updateUserPermissions($bdd, $_POST['username'], $_POST['permissions']);
}
}else{
die('L\'utilisateur n\'existe pas...');
}

7
admin/index.php
View file

@ -10,7 +10,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: ../login.php?redirect_to=./admin/'); header('location: ../login.php?redirect_to=./admin/');
} }
$events = getEvenements($bdd, $_SESSION['site']); $permission = $_SESSION["permission"];
if($permission == "admin"){
$events = getEvenements($bdd, $_SESSION['site'], true);
}else{
$events = getEvenements($bdd, $_SESSION['site']);
}
/* Récupération des infos */ /* Récupération des infos */
$permissions = $_SESSION['permission']; $permissions = $_SESSION['permission'];

2
admin/modifyActuality.php
View file

@ -16,7 +16,7 @@ $actualites = getActus($bdd, 99);
$permissions = $_SESSION['permission']; $permissions = $_SESSION['permission'];
/* Gestion de l'accès à la page */ /* Gestion de l'accès à la page */
$minPoids = 50; $minPoids = 99;
if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) { if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ./index.php'); header('location: ./index.php');
} }

25
admin/modifyEvent.php
View file

@ -16,18 +16,23 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ../index.php'); header('location: ../index.php');
exit; exit;
} }
$permission = $_SESSION['permission'];
$eventId = $_GET['id'] ?? null; $eventId = $_GET['id'] ?? null;
$titre = getEventName($bdd, $eventId) ?? ''; $titre = getEventName($bdd, $eventId) ?? '';
$site = getEventSite($bdd, $eventId) ?? '';
$couverture = getEventBigImage($bdd, $eventId) ?? ''; $couverture = getEventBigImage($bdd, $eventId) ?? '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) { if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
if (!empty($_POST['title'])) { if (!empty($_POST['title'])) {
updateEventTitle($bdd, $eventId, trim($_POST['title'])); updateEventTitle($bdd, $eventId, trim($_POST['title']));
} }
if(!empty($_POST['date'])) { if (!empty($_POST['date'])) {
updateEventDate($bdd, $eventId, $_POST['date']); updateEventDate($bdd, $eventId, $_POST['date']);
} }
if (!isset($_POST['site'])) {
updateEventSite($bdd, $eventId, $_POST['site']);
}
if (!empty($_FILES['couverture']['name'])) { if (!empty($_FILES['couverture']['name'])) {
$uploadDir = "../Photos/INTRANET/"; $uploadDir = "../Photos/INTRANET/";
@ -73,6 +78,9 @@ if (!empty($_POST['new'])) {
if (in_array($mime, $allowedTypes) && $fileSize <= 5 * 1024 * 1024) { if (in_array($mime, $allowedTypes) && $fileSize <= 5 * 1024 * 1024) {
$extension = pathinfo($_FILES["couverture"]["name"], PATHINFO_EXTENSION); $extension = pathinfo($_FILES["couverture"]["name"], PATHINFO_EXTENSION);
$eventId = createEvent($bdd, $_POST['title'], $_POST['date'], $site); $eventId = createEvent($bdd, $_POST['title'], $_POST['date'], $site);
if (!isset($_POST['site'])) {
updateEventSite($bdd, $eventId, $_POST['site']);
}
$newFileName = "event_" . $eventId . "_" . time() . "." . $extension; $newFileName = "event_" . $eventId . "_" . time() . "." . $extension;
@ -173,15 +181,22 @@ if (!empty($_POST['new'])) {
<label class="form-label">Date de l'évènement</label> <label class="form-label">Date de l'évènement</label>
<input type="date" name="date" id="date" class="form-control" value="<?= getEventDate($bdd, $eventId) ?>" required> <input type="date" name="date" id="date" class="form-control" value="<?= getEventDate($bdd, $eventId) ?>" required>
</div> </div>
<?php
if ($permission == 'admin'): ?>
<div class="mb-3">
<label class="form-label">Id du site</label>
<input type="number" name="site" id="site" class="form-control" value="<?= $site ?>">
</div>
<?php endif ?>
<?php if (empty($_GET['id'])): ?> <?php if (empty($_GET['id'])): ?>
<input type="text" name="new" id="new" value="new" style="display: none;"> <input type="text" name="new" id="new" value="new" style="display: none;">
<?php endif ?> <?php endif ?>
<?php if(!empty($_GET['id'])): ?> <?php if (!empty($_GET['id'])): ?>
<button type="button" class="btn btn-danger" onclick="window.location.href='delete.php?type=event&id=<?= $_GET['id'] ?>'"> <button type="button" class="btn btn-danger" onclick="window.location.href='delete.php?type=event&id=<?= $_GET['id'] ?>'">
Supprimer Supprimer
</button> </button>
<?php endif;?> <?php endif; ?>
<button type="submit" class="btn btn-primary"> <button type="submit" class="btn btn-primary">
Enregistrer les modifications Enregistrer les modifications

2
createPassword.php
View file

@ -76,7 +76,7 @@ if (isset($_POST['password1'])) {
required> required>
</div> </div>
<input type="hidden" name="code" value="<?= htmlspecialchars($_GET['code']) ?>"> <input type="hidden" name="code" value="<?= htmlspecialchars($_GET['code']) ?>" style="display: none;">
<div class="d-grid"> <div class="d-grid">
<button type="submit" class="btn btn-primary"> <button type="submit" class="btn btn-primary">

1139
intranet v1.sql
View file

File diff suppressed because it is too large Load diff

7
photos.php
View file

@ -11,7 +11,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
} }
/* Récupération des évènements */ /* Récupération des évènements */
$evenements = getEvenements($bdd, $_SESSION['site']); $permission = $_SESSION["permission"];
if($permission == "toute_lecture" || $permission == "admin"){
$evenements = getEvenements($bdd, $_SESSION['site'], true);
}else{
$evenements = getEvenements($bdd, $_SESSION['site']);
}
$prefixe = $config['LOCAL_IMG_PREFIXE'] $prefixe = $config['LOCAL_IMG_PREFIXE']
?> ?>

7
viewAllEvents.php
View file

@ -11,7 +11,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
} }
/* Récupération des évènements */ /* Récupération des évènements */
$evenements = getEvenements($bdd, $_SESSION['site']); $permission = $_SESSION["permission"];
if($permission == "toute_lecture" || $permission == "admin"){
$evenements = getEvenements($bdd, $_SESSION['site'], true);
}else{
$evenements = getEvenements($bdd, $_SESSION['site']);
}
$prefixe = $config['LOCAL_IMG_PREFIXE'] $prefixe = $config['LOCAL_IMG_PREFIXE']
?> ?>