wktr/intranet-apei
wktr/intranet-apei
1
0
Fork 0
Code Issues Wiki Activity

Gestion d'utilisateurs + modifs mineurs

Browse source
This commit is contained in:
Erwann PHILIPPE 2026-03-11 12:01:32 +01:00
parent 8664630961
commit cb1fc55388
11 changed files with 1437 additions and 95 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

120
Assets/functions.php
View file

@ -66,22 +66,20 @@ function getHashPwd($bdd, $username)
return $user; // retourne un tableau ou null
}
function getEvenements($bdd, $site)
function getEvenements($bdd, $site, $allSites = false)
{
$results = mysqli_query(
$bdd,
"SELECT * FROM evenements
WHERE site_id = '" . $site . "'
OR public = 1
ORDER BY date DESC"
);
if ($allSites) {
$query = "SELECT * FROM evenements ORDER BY date DESC";
} else {
$query = "SELECT * FROM evenements
WHERE site_id = '$site' OR public = 1
ORDER BY date DESC";
}
$results = mysqli_query($bdd, $query);
$evenements = [];
while ($row = mysqli_fetch_assoc($results)) {
$evenements[] = $row;
}
return $evenements;
}
@ -526,3 +524,103 @@ function getUserFromCode($bdd, $code)
return $row ? $row['utilisateur'] : null;
}
function getEventSite($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT site_id FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['site_id'] : null;
}
function updateEventSite($bdd, $eventid, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET site_id = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "ii", $site, $eventid);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function userExists($bdd, $username){
$stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows > 0;
}
function createUser($bdd, $username, $password, $permissions, $site_id)
{
$sql = "INSERT INTO utilisateurs (username, password, permissions, site_id) VALUES (?, ?, ?, ?)";
$req = $bdd->prepare($sql);
$req->bind_param("sssi", $username, $password, $permissions, $site_id);
$req->execute();
return $bdd->insert_id;
}
function getAllPermissions($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `permissions`");
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function updateUserSite($bdd, $user, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET site_id = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "is", $site, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateUserPermissions($bdd, $user, $permissions)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET permissions = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "ss", $permissions, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}

2
Assets/sendMail.php
View file

@ -68,7 +68,7 @@ try {
$mail->setFrom('intranet-apei@apeimbge.fr', 'Demande de connexion');
$mail->addAddress($sendto);
$mail->addAddress('erwann.philippe2@gmail.com');
//$mail->addAddress('erwann.philippe2@gmail.com');
$mail->Subject = $objet[$type];
$mail->Body = $message[$type];

117
admin/admin.php
View file

@ -9,7 +9,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: ../login.php?redirect_to=./admin/');
}
$events = getEvenements($bdd, $_SESSION['site']);
$permission = $_SESSION["permission"];
if ($permission == "admin") {
$evenements = getEvenements($bdd, $_SESSION['site'], true);
} else {
$evenements = getEvenements($bdd, $_SESSION['site']);
}
/* Récupération des infos */
$permissions = $_SESSION['permission'];
@ -24,7 +29,6 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
$uploadDir = "../Photos/INTRANET/";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
if (!empty($_POST['nom']) && !empty($_POST['url']) && !empty($_POST['image'])) {
@ -40,8 +44,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit;
}
}
?>
<!DOCTYPE html>
<html lang="fr">
@ -49,9 +51,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
<head>
<meta charset="UTF-8">
<title>Gestion Intranet</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="../styles-scripts/index.admin.css">
</head>
<script>
function addShortcut() {
@ -59,8 +64,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
const block = document.createElement("div");
block.className = "";
block.innerHTML = `
<form method="post">
@ -95,62 +98,146 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
</script>
<body>
<h1>Gestion de l'intranet</h1>
<!-- navbar -->
<nav class="navbar navbar-expand-lg navbar-light bg-light">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent" aria-controls="navbarSupportedContent" aria-expanded="false" aria-label="Toggle navigation">
<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarSupportedContent">
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item">
<a href="index.php" class="nav-link">Évènements</a>
</li>
<li class="nav-item">
<a href="modifyActuality.php" class="nav-link">Actualités</a>
</li>
<li class="nav-item">
<a href="admin.php" class="nav-link">Administration</a>
</li>
</ul>
</div>
</nav>
<!-- Partie création de raccourcis -->
<div class="">
<div class="container mt-4">
<!-- Onglets -->
<ul class="nav nav-tabs" id="adminTabs" role="tablist">
<li class="nav-item" role="presentation">
<button class="nav-link active"
id="raccourcis-tab"
data-bs-toggle="tab"
data-bs-target="#raccourcis"
type="button"
role="tab">
Raccourcis
</button>
</li>
<li class="nav-item" role="presentation">
<button class="nav-link"
id="users-tab"
data-bs-toggle="tab"
data-bs-target="#users"
type="button"
role="tab">
Utilisateurs
</button>
</li>
</ul>
<div class="tab-content mt-4">
<!-- Onglet raccourcis -->
<div class="tab-pane fade show active" id="raccourcis" role="tabpanel">
<h3>Création de raccourcis</h3>
<div class="mb-4">
<?php $shortcuts = getRaccourcis($bdd); ?>
<?php foreach ($shortcuts as $shortcut): ?>
<div class="card p-3 mb-2 d-flex flex-row align-items-center shortcut"
data-id="<?= $shortcut['id'] ?>">
<img class="editable-image"
src="<?= (str_starts_with($shortcut['image'], 'http') || str_starts_with($shortcut['image'], 'data')) ? htmlspecialchars($shortcut['image']) : "." . htmlspecialchars($shortcut['image']) ?>"
style="width:40px;height:40px;margin-right:10px;cursor:pointer;">
<div>
<strong class="editable"
data-field="nom">
<strong class="editable" data-field="nom">
<?= htmlspecialchars($shortcut['nom']) ?>
</strong><br>
<small class="editable"
data-field="url">
</strong>
<br>
<small class="editable" data-field="url">
<?= htmlspecialchars($shortcut['url']) ?>
</small>
</div>
</div>
<?php endforeach; ?>
</div>
<button class="btn btn-success mb-3" onclick="addShortcut()">
Ajouter un raccourci
</button>
<div id="shortcutsContainer"></div>
</div>
<!-- Onglet utilisateurs -->
<div class="tab-pane fade" id="users" role="tabpanel">
<?php
$permissions = getAllPermissions($bdd);
$roles = [];
foreach ($permissions as $permission) {
array_push($roles, $permission["nom"]);
}
?>
<h3>Modification d'un utilisateur</h3>
<form action="./gestionUser.php" method="post">
<label for="username">Nom d'utilisateur à créer</label>
<input type="text" name="username" id="username" required><br>
<label for="password">Mot de passe</label>
<input type="password" name="password" id="password"><br>
<label for="site">Id du site</label>
<input type="number" id="site" name="site"><br>
<label for="permissions">Permission de l'utilisateur</label>
<select name="permissions" id="permissions">
<option value="void">Sélectionner</option>
<?php foreach ($roles as $role) { ?>
<option value="<?php echo $role; ?>">
<?php echo $role; ?>
</option>
<?php } ?>
</select><br>
<button type="submit">Envoyer</button>
</form>
</div>
</div>
</div>
<script src="../styles-scripts/editableCards.js"></script>
<script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>

18
admin/gestionUser.php Normal file
View file

@ -0,0 +1,18 @@
<?php
include("../Assets/functions.php");
$config = json_decode(file_get_contents("../Assets/config.json"), true);
$bdd = connectBDD("localhost", $config["BDD_USER"], $config["BDD_PASSWD"], $config["BDD_NAME"]);
if (userExists($bdd, $_POST['username'])) {
if (isset($_POST['password']) && !empty($_POST["password"])) {
updateUserPassword($bdd, $_POST['username'], hash('sha256', $_POST['password']));
}
if(isset($_POST['site']) && $_POST["site"] != ""){
updateUserSite($bdd, $_POST["username"], $_POST["site"]);
}
if($_POST['permissions'] != "Sélectionner"){
updateUserPermissions($bdd, $_POST['username'], $_POST['permissions']);
}
}else{
die('L\'utilisateur n\'existe pas...');
}

7
admin/index.php
View file

@ -10,7 +10,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
header('location: ../login.php?redirect_to=./admin/');
}
$events = getEvenements($bdd, $_SESSION['site']);
$permission = $_SESSION["permission"];
if($permission == "admin"){
$events = getEvenements($bdd, $_SESSION['site'], true);
}else{
$events = getEvenements($bdd, $_SESSION['site']);
}
/* Récupération des infos */
$permissions = $_SESSION['permission'];

2
admin/modifyActuality.php
View file

@ -16,7 +16,7 @@ $actualites = getActus($bdd, 99);
$permissions = $_SESSION['permission'];
/* Gestion de l'accès à la page */
$minPoids = 50;
$minPoids = 99;
if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ./index.php');
}

21
admin/modifyEvent.php
View file

@ -16,18 +16,23 @@ if (!verifyPoids($bdd, $_SESSION['username'], $minPoids)) {
header('location: ../index.php');
exit;
}
$permission = $_SESSION['permission'];
$eventId = $_GET['id'] ?? null;
$titre = getEventName($bdd, $eventId) ?? '';
$site = getEventSite($bdd, $eventId) ?? '';
$couverture = getEventBigImage($bdd, $eventId) ?? '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && empty($_POST['new'])) {
if (!empty($_POST['title'])) {
updateEventTitle($bdd, $eventId, trim($_POST['title']));
}
if(!empty($_POST['date'])) {
if (!empty($_POST['date'])) {
updateEventDate($bdd, $eventId, $_POST['date']);
}
if (!isset($_POST['site'])) {
updateEventSite($bdd, $eventId, $_POST['site']);
}
if (!empty($_FILES['couverture']['name'])) {
$uploadDir = "../Photos/INTRANET/";
@ -73,6 +78,9 @@ if (!empty($_POST['new'])) {
if (in_array($mime, $allowedTypes) && $fileSize <= 5 * 1024 * 1024) {
$extension = pathinfo($_FILES["couverture"]["name"], PATHINFO_EXTENSION);
$eventId = createEvent($bdd, $_POST['title'], $_POST['date'], $site);
if (!isset($_POST['site'])) {
updateEventSite($bdd, $eventId, $_POST['site']);
}
$newFileName = "event_" . $eventId . "_" . time() . "." . $extension;
@ -173,15 +181,22 @@ if (!empty($_POST['new'])) {
<label class="form-label">Date de l'évènement</label>
<input type="date" name="date" id="date" class="form-control" value="<?= getEventDate($bdd, $eventId) ?>" required>
</div>
<?php
if ($permission == 'admin'): ?>
<div class="mb-3">
<label class="form-label">Id du site</label>
<input type="number" name="site" id="site" class="form-control" value="<?= $site ?>">
</div>
<?php endif ?>
<?php if (empty($_GET['id'])): ?>
<input type="text" name="new" id="new" value="new" style="display: none;">
<?php endif ?>
<?php if(!empty($_GET['id'])): ?>
<?php if (!empty($_GET['id'])): ?>
<button type="button" class="btn btn-danger" onclick="window.location.href='delete.php?type=event&id=<?= $_GET['id'] ?>'">
Supprimer
</button>
<?php endif;?>
<?php endif; ?>
<button type="submit" class="btn btn-primary">
Enregistrer les modifications

2
createPassword.php
View file

@ -76,7 +76,7 @@ if (isset($_POST['password1'])) {
required>
</div>
<input type="hidden" name="code" value="<?= htmlspecialchars($_GET['code']) ?>">
<input type="hidden" name="code" value="<?= htmlspecialchars($_GET['code']) ?>" style="display: none;">
<div class="d-grid">
<button type="submit" class="btn btn-primary">

1139
intranet v1.sql
View file

File diff suppressed because it is too large Load diff

7
photos.php
View file

@ -11,7 +11,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
}
/* Récupération des évènements */
$evenements = getEvenements($bdd, $_SESSION['site']);
$permission = $_SESSION["permission"];
if($permission == "toute_lecture" || $permission == "admin"){
$evenements = getEvenements($bdd, $_SESSION['site'], true);
}else{
$evenements = getEvenements($bdd, $_SESSION['site']);
}
$prefixe = $config['LOCAL_IMG_PREFIXE']
?>

7
viewAllEvents.php
View file

@ -11,7 +11,12 @@ if (!isset($_SESSION['connected']) || $_SESSION['connected'] == false) {
}
/* Récupération des évènements */
$evenements = getEvenements($bdd, $_SESSION['site']);
$permission = $_SESSION["permission"];
if($permission == "toute_lecture" || $permission == "admin"){
$evenements = getEvenements($bdd, $_SESSION['site'], true);
}else{
$evenements = getEvenements($bdd, $_SESSION['site']);
}
$prefixe = $config['LOCAL_IMG_PREFIXE']
?>