site-accueil-insa/admin/gestion_des_acces.php

197 lines
5 KiB
PHP
Raw Normal View History

2022-06-14 23:36:26 +02:00
<?php
include "script.php";
2022-07-24 19:54:06 +02:00
if($user['perm'] < 3) {
2022-06-14 23:36:26 +02:00
header('Location: deco.php');
}
2022-06-16 22:52:20 +02:00
if(isset($_GET['del']) AND !empty($_GET['del']))
2022-06-15 21:00:54 +02:00
{
2022-07-24 19:54:06 +02:00
if($user['perm'] >= 3) {
2022-06-15 21:00:54 +02:00
$del = (int) htmlspecialchars($_GET['del']);
if($del != 1) {
$req = $db->prepare('DELETE FROM admin WHERE id =?');
$req->execute(array($del));
header('Location: gestion_des_acces.php');
} else {
$error = "On ne peut pas suprimer le superutilisateur sauf manuellement dans la base de données !";
}
}
}
if(isset($_GET['gda']) AND !empty($_GET['gda']))
{
2022-07-24 19:54:06 +02:00
if($user['perm'] >= 3) {
$gda = (int) htmlspecialchars($_GET['gda']);
if($gda != 1) {
$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
$req->execute(array(0,$gda));
header('Location: gestion_des_acces.php');
} else {
$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
}
}
}
2022-07-24 19:54:06 +02:00
if(isset($_GET['ville']) AND !empty($_GET['ville']))
{
if($user['perm'] >= 3) {
$ville = (int) htmlspecialchars($_GET['ville']);
if($ville != 1) {
$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
$req->execute(array(1,$ville));
header('Location: gestion_des_acces.php');
} else {
$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
}
}
}
if(isset($_GET['bur']) AND !empty($_GET['bur']))
{
2022-07-24 19:54:06 +02:00
if($user['perm'] >= 3) {
$bur = (int) htmlspecialchars($_GET['bur']);
if($bur != 1) {
$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
2022-07-24 19:54:06 +02:00
$req->execute(array(2,$bur));
header('Location: gestion_des_acces.php');
} else {
$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
}
}
}
if(isset($_GET['adm']) AND !empty($_GET['adm']))
{
2022-07-24 19:54:06 +02:00
if($user['perm'] >= 3) {
$adm = (int) htmlspecialchars($_GET['adm']);
if($adm != 1) {
$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
2022-07-24 19:54:06 +02:00
$req->execute(array(3,$adm));
header('Location: gestion_des_acces.php');
} else {
$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
}
2022-06-15 21:00:54 +02:00
}
}
2022-06-14 23:36:26 +02:00
if(isset($_POST['send'])) {
2022-07-10 18:08:53 +02:00
if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
2022-06-15 21:00:54 +02:00
2022-07-24 19:54:06 +02:00
if($user['perm'] >= 3) {
2022-06-16 14:38:31 +02:00
$pseudo = htmlspecialchars($_POST['pseudo']);
$perm = htmlspecialchars($_POST['perm']);
switch ($perm) {
case "v0":
$perm_int = 0;
break;
case "v1":
$perm_int = 1;
break;
case "v2":
$perm_int = 2;
break;
2022-07-24 19:54:06 +02:00
case "v3":
$perm_int = 3;
break;
2022-06-16 14:38:31 +02:00
}
2022-06-14 23:36:26 +02:00
2022-06-16 14:38:31 +02:00
if(strlen($pseudo) <= 50) {
$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
$req->execute(array($pseudo));
$pseudo_exist = $req->rowCount();
if ($pseudo_exist == 0) {
2022-07-10 18:08:53 +02:00
$req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)");
$req->execute(array($pseudo, $perm_int));
2022-06-16 14:38:31 +02:00
header('refresh:0');
} else {
$error = "pseudo déja utilisé";
}
2022-06-14 23:36:26 +02:00
} else {
2022-06-16 14:38:31 +02:00
$error = "le pseudo ne doit pas dépasser 50 char";
2022-06-14 23:36:26 +02:00
}
}
} else {
$error = "Tout les champs doivent être complétés";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Admin / Accès</title>
</head>
<body>
2022-06-15 17:35:34 +02:00
<main>
<form method="POST">
2022-07-10 18:08:53 +02:00
<input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline">
2022-06-15 21:00:54 +02:00
<select name="perm" class="input_inline">
<option value="v0">GDA - Perm 0</option>
2022-07-24 19:54:06 +02:00
<option value="v1">Ville - Perm 1</option>
<option value="v2">Bureau - Perm 2</option>
<option value="v3">Admin - Perm 3</option>
2022-06-15 17:35:34 +02:00
</select>
2022-06-15 21:00:54 +02:00
<input type="submit" name="send" value="Creer l'acces" class="submit_inline">
2022-06-15 17:35:34 +02:00
</form>
<?php
if(isset($error)) {
echo "<font color='red'>".$error."</font>";
}
?>
<br><br>
2022-06-15 17:59:43 +02:00
<table class="acces">
<tr>
2022-06-15 21:00:54 +02:00
<th width="10%">ID (db)</td>
2022-07-10 18:08:53 +02:00
<th width="40%">Identifiant INSA</td>
2022-06-15 21:00:54 +02:00
<th width="40%">Perm</td>
<th width="10%">Actions</td>
2022-06-15 17:59:43 +02:00
</tr>
<?php
$req = $db->query('SELECT id, pseudo, perm FROM admin');
while($admin = $req->fetch()) {
?>
<tr>
<td><?= $admin['id'] ?></td>
<td><?= $admin['pseudo'] ?></td>
<td><?php
2022-06-15 21:00:54 +02:00
switch ($admin['perm']) {
2022-06-15 17:59:43 +02:00
case 0:
2022-07-24 19:54:06 +02:00
echo "<a href='?ville=".$admin['id']."'><font color='green'>GDA</font></a>";
2022-06-15 17:59:43 +02:00
break;
case 1:
2022-07-24 19:54:06 +02:00
echo "<a href='?bur=".$admin['id']."'><font color='#3498DB'>Ville</font></a>";
break;
case 2:
echo "<a href='?adm=".$admin['id']."'><font color='orange'>Bureau</font></a>";
2022-06-15 17:59:43 +02:00
break;
2022-07-24 19:54:06 +02:00
case 3:
echo "<a href='?gda=".$admin['id']."'><font color='red'>Admin</font></a>";
2022-06-15 17:59:43 +02:00
break;
}
?></td>
<td><?php
if($admin['id'] == 1) {
echo "<font color='red'>none</font>";
} else {
echo '<a href="?del='.$admin["id"].'" class="cross">X</a>';
}
?></td>
2022-06-15 17:59:43 +02:00
</tr>
<?php } ?>
</table>
2022-06-15 17:35:34 +02:00
</main>
2022-06-14 23:36:26 +02:00
</body>
</html>