wktr/intranet-apei
wktr/intranet-apei
1
0
Fork 0
Code Issues Wiki Activity
intranet-apei/Assets/functions.php

676 lines
No EOL
15 KiB
PHP
Raw Blame History

<?php
function getRaccourcis($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `raccourcis`");
$return = [];
return $results;
}
function connectBDD($domain, $user, $password, $db)
{
$link = mysqli_connect($domain, $user, $password, $db);
if (!$link) {
die('Erreur de connexion');
} else {
mysqli_set_charset($link, "utf8");
return $link;
}
}
function getActus($bdd, $limit)
{
$results = mysqli_query($bdd, "SELECT * FROM actus ORDER BY id DESC LIMIT " . $limit);
$actus = [];
while ($row = mysqli_fetch_assoc($results)) {
$actus[] = $row;
}
return $actus;
}
function validateCSRFToken($csrf_server, $csrf_client)
{
if (!hash_equals($csrf_server, $csrf_client)) {
echo ($csrf_client . " " . $csrf_server);
die('CSRF token validation failed');
}
return true;
}
function verifyPassword($hash_password, $tryPassword)
{
$hashTry = hash('sha256', $tryPassword);
if ($hash_password == $hashTry) {
return true;
}
return false;
}
function getHashPwd($bdd, $username)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT password FROM utilisateurs WHERE username = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$user = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $user; // retourne un tableau ou null
}
function getEvenements($bdd, $site, $allSites = false)
{
if ($allSites) {
$query = "SELECT * FROM evenements ORDER BY date DESC";
} else {
$query = "SELECT * FROM evenements
WHERE site_id = '$site' OR public = 1
ORDER BY date DESC";
}
$results = mysqli_query($bdd, $query);
$evenements = [];
while ($row = mysqli_fetch_assoc($results)) {
$evenements[] = $row;
}
return $evenements;
}
function getSite($bdd, $username)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT site_id FROM utilisateurs WHERE username = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['site_id'] : null;
}
function getSiteName($bdd, $site)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT nom FROM site WHERE site_id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $site);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['nom'] : null;
}
function getEventName($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT titre FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['titre'] : null;
}
function getEventImages($bdd, $event)
{
$results = mysqli_query(
$bdd,
"SELECT * FROM gallerie WHERE `event_id`='" . $event . "'"
);
$evenements = [];
while ($row = mysqli_fetch_assoc($results)) {
$evenements[] = $row;
}
return $evenements;
}
function getEventBigImage($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT couverture FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['couverture'] : null;
}
function getUserPerms($bdd, $username)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT permissions FROM utilisateurs WHERE username = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['permissions'] : null;
}
function verifyPoids($bdd, $username, $minPoids)
{
$sql = "SELECT p.poids
FROM utilisateurs u
INNER JOIN permissions p ON u.permissions = p.nom
WHERE u.username = ?";
$stmt = mysqli_prepare($bdd, $sql);
if ($stmt) {
mysqli_stmt_bind_param($stmt, "s", $username);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
if ($row) {
return (int)$row['poids'] >= (int)$minPoids;
}
}
return false;
}
function updateEventTitle($bdd, $eventid, $titre)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET titre = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $titre, $eventid);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateEventImage($bdd, $eventId, $image)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET couverture = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $image, $eventId);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function getSpecificActus($bdd, $id)
{
$results = mysqli_query($bdd, "SELECT * FROM `actus` WHERE `id`=" . $id);
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function updateActuImage($bdd, $actuId, $image)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE actus SET image = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $image, $actuId);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateActuTitle($bdd, $actuId, $titre)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE actus SET titre = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $titre, $actuId);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateActuContent($bdd, $actuId, $content)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE actus SET actu = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $content, $actuId);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function createEvent($bdd, $titre, $date, $site)
{
$sql = "INSERT INTO evenements (date, titre, couverture, site_id) VALUES (?, ?, '', ?)";
$req = $bdd->prepare($sql);
$req->bind_param("ssi", $date, $titre, $site);
$req->execute();
return $bdd->insert_id;
}
function deleteEvent($bdd, $eventId)
{
$sql = "DELETE FROM evenements WHERE id = ?";
$req = $bdd->prepare($sql);
$req->bind_param("i", $eventId);
$req->execute();
return $req->affected_rows > 0;
}
function deleteActu($bdd, $eventId)
{
$sql = "DELETE FROM actus WHERE id = ?";
$req = $bdd->prepare($sql);
$req->bind_param("i", $eventId);
$req->execute();
return $req->affected_rows > 0;
}
function createActu($bdd, $titre, $actu, $date, $idSite)
{
$stmt = mysqli_prepare(
$bdd,
"INSERT INTO actus (titre, actu, date, idSite) VALUES (?, ?, ?, ?)"
);
mysqli_stmt_bind_param($stmt, "sssi", $titre, $actu, $date, $idSite);
mysqli_stmt_execute($stmt);
$actuId = mysqli_insert_id($bdd);
mysqli_stmt_close($stmt);
return $actuId;
}
function createShortcut($bdd, $nom, $image, $shortcut)
{
$stmt = mysqli_prepare(
$bdd,
"INSERT INTO raccourcis (nom, image, url) VALUES (?, ?, ?)"
);
mysqli_stmt_bind_param($stmt, "sss", $nom, $image, $shortcut);
mysqli_stmt_execute($stmt);
$actuId = mysqli_insert_id($bdd);
mysqli_stmt_close($stmt);
return $actuId;
}
function updateRaccourcis($bdd, $idRaccourcis, $nom, $image, $url)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE raccourcis SET nom = ?, image = ?, url = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "sssi", $nom, $image, $url, $idRaccourcis);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function getSpecificRaccourcis($bdd, $id)
{
$results = mysqli_query($bdd, "SELECT * FROM `raccourcis` WHERE `id`=" . $id);
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function getGuides($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `guides`");
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function updateEventDate($bdd, $eventid, $date)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET date = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "si", $date, $eventid);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function getEventDate($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT date FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['date'] : null;
}
function createValidationCode($bdd, $user, $ttlMinutes = 60)
{
$table = "codes";
$colCode = "code";
$colUser = "utilisateur";
$colExpire = "peremption";
$code = "";
$exists = true;
while ($exists) {
$code = bin2hex(random_bytes(16));
$checkStmt = mysqli_prepare($bdd, "SELECT id FROM `$table` WHERE `$colCode` = ? LIMIT 1");
if ($checkStmt) {
mysqli_stmt_bind_param($checkStmt, "s", $code);
mysqli_stmt_execute($checkStmt);
mysqli_stmt_store_result($checkStmt);
if (mysqli_stmt_num_rows($checkStmt) == 0) {
$exists = false;
}
mysqli_stmt_close($checkStmt);
} else {
return false;
}
}
$expiresAt = date('Y-m-d H:i:s', time() + ($ttlMinutes * 60));
$insertSql = "INSERT INTO `$table` (`$colCode`, `$colUser`, `$colExpire`) VALUES (?, ?, ?)";
$insertStmt = mysqli_prepare($bdd, $insertSql);
if ($insertStmt) {
mysqli_stmt_bind_param($insertStmt, "sss", $code, $user, $expiresAt);
$success = mysqli_stmt_execute($insertStmt);
$insertId = mysqli_insert_id($bdd);
mysqli_stmt_close($insertStmt);
if ($success) {
return [
'id' => $insertId,
'code' => $code,
'expire' => $expiresAt
];
}
}
return false;
}
function updateUserPassword($bdd, $user, $hashPassword)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET password = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "ss", $hashPassword, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function getUserFromCode($bdd, $code)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT utilisateur FROM codes WHERE code = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $code);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['utilisateur'] : null;
}
function getEventSite($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT site_id FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['site_id'] : null;
}
function updateEventSite($bdd, $eventid, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE evenements SET site_id = ? WHERE id = ?"
);
mysqli_stmt_bind_param($stmt, "ii", $site, $eventid);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function userExists($bdd, $username){
$stmt = $bdd->prepare("SELECT id FROM utilisateurs WHERE username = ? LIMIT 1");
$stmt->bind_param("s", $username);
$stmt->execute();
$result = $stmt->get_result();
return $result->num_rows > 0;
}
function createUser($bdd, $username, $password, $permissions, $site_id)
{
$sql = "INSERT INTO utilisateurs (username, password, permissions, site_id) VALUES (?, ?, ?, ?)";
$req = $bdd->prepare($sql);
$req->bind_param("sssi", $username, $password, $permissions, $site_id);
$req->execute();
return $bdd->insert_id;
}
function getAllPermissions($bdd)
{
$results = mysqli_query($bdd, "SELECT * FROM `permissions`");
$return = [];
while ($row = mysqli_fetch_assoc($results)) {
$return[] = $row;
}
return $return;
}
function updateUserSite($bdd, $user, $site)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET site_id = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "is", $site, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function updateUserPermissions($bdd, $user, $permissions)
{
$stmt = mysqli_prepare(
$bdd,
"UPDATE utilisateurs SET permissions = ? WHERE username = ?"
);
mysqli_stmt_bind_param($stmt, "ss", $permissions, $user);
mysqli_stmt_execute($stmt);
$success = mysqli_stmt_affected_rows($stmt) >= 0;
mysqli_stmt_close($stmt);
return $success;
}
function deleteRaccourcis($bdd, $id)
{
$sql = "DELETE FROM raccourcis WHERE id = ?";
$req = $bdd->prepare($sql);
$req->bind_param("i", $id);
$req->execute();
return $req->affected_rows > 0;
}
function getEventVisibility($bdd, $event)
{
$stmt = mysqli_prepare(
$bdd,
"SELECT public FROM evenements WHERE id = ? LIMIT 1"
);
mysqli_stmt_bind_param($stmt, "s", $event);
mysqli_stmt_execute($stmt);
$result = mysqli_stmt_get_result($stmt);
$row = mysqli_fetch_assoc($result);
mysqli_stmt_close($stmt);
return $row ? $row['public'] : null;
}
function createGuide($bdd, $nom, $lien, $image)
{
$stmt = mysqli_prepare(
$bdd,
"INSERT INTO guides (nom, lien, image) VALUES (?, ?, ?)"
);
mysqli_stmt_bind_param($stmt, "sss", $nom, $lien, $image);
mysqli_stmt_execute($stmt);
$guideId = mysqli_insert_id($bdd);
mysqli_stmt_close($stmt);
return $guideId;
}
function deleteGuide($bdd, $id)
{
$sql = "DELETE FROM guides WHERE id = ?";
$req = $bdd->prepare($sql);
$req->bind_param("i", $id);
$req->execute();
return $req->affected_rows > 0;
}
Reference in a new issue View git blame Copy permalink