<?php include "script.php"; if($user['perm'] < 3) { header('Location: deco.php'); } if(isset($_GET['del']) AND !empty($_GET['del'])) { if($user['perm'] >= 3) { $del = (int) htmlspecialchars($_GET['del']); if($del != 1) { $req = $db->prepare('DELETE FROM admin WHERE id =?'); $req->execute(array($del)); header('Location: gestion_des_acces.php'); } else { $error = "On ne peut pas suprimer le superutilisateur sauf manuellement dans la base de données !"; } } } if(isset($_GET['gda']) AND !empty($_GET['gda'])) { if($user['perm'] >= 3) { $gda = (int) htmlspecialchars($_GET['gda']); if($gda != 1) { $req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?'); $req->execute(array(0,$gda)); header('Location: gestion_des_acces.php'); } else { $error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !"; } } } if(isset($_GET['ville']) AND !empty($_GET['ville'])) { if($user['perm'] >= 3) { $ville = (int) htmlspecialchars($_GET['ville']); if($ville != 1) { $req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?'); $req->execute(array(1,$ville)); header('Location: gestion_des_acces.php'); } else { $error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !"; } } } if(isset($_GET['bur']) AND !empty($_GET['bur'])) { if($user['perm'] >= 3) { $bur = (int) htmlspecialchars($_GET['bur']); if($bur != 1) { $req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?'); $req->execute(array(2,$bur)); header('Location: gestion_des_acces.php'); } else { $error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !"; } } } if(isset($_GET['adm']) AND !empty($_GET['adm'])) { if($user['perm'] >= 3) { $adm = (int) htmlspecialchars($_GET['adm']); if($adm != 1) { $req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?'); $req->execute(array(3,$adm)); header('Location: gestion_des_acces.php'); } else { $error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !"; } } } if(isset($_POST['send'])) { if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) { if($user['perm'] >= 3) { $pseudo = htmlspecialchars($_POST['pseudo']); $perm = htmlspecialchars($_POST['perm']); switch ($perm) { case "v0": $perm_int = 0; break; case "v1": $perm_int = 1; break; case "v2": $perm_int = 2; break; case "v3": $perm_int = 3; break; } if(strlen($pseudo) <= 50) { $req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?"); $req->execute(array($pseudo)); $pseudo_exist = $req->rowCount(); if ($pseudo_exist == 0) { $req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)"); $req->execute(array($pseudo, $perm_int)); header('refresh:0'); } else { $error = "pseudo déja utilisé"; } } else { $error = "le pseudo ne doit pas dépasser 50 char"; } } } else { $error = "Tout les champs doivent être complétés"; } } ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Admin / Accès</title> </head> <body> <main> <form method="POST"> <input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline"> <select name="perm" class="input_inline"> <option value="v0">GDA - Perm 0</option> <option value="v1">Ville/Photo - Perm 1</option> <option value="v2">Bureau - Perm 2</option> <option value="v3">Admin - Perm 3</option> </select> <input type="submit" name="send" value="Creer l'acces" class="submit_inline"> </form> <?php if(isset($error)) { echo "<font color='red'>".$error."</font>"; } ?> <br><br> <table class="acces"> <tr> <th width="10%">ID (db)</td> <th width="40%">Identifiant INSA</td> <th width="40%">Perm</td> <th width="10%">Actions</td> </tr> <?php $req = $db->query('SELECT id, pseudo, perm FROM admin'); while($admin = $req->fetch()) { ?> <tr> <td><?= $admin['id'] ?></td> <td><?= $admin['pseudo'] ?></td> <td><?php switch ($admin['perm']) { case 0: echo "<a href='?ville=".$admin['id']."'><font color='green'>GDA</font></a>"; break; case 1: echo "<a href='?bur=".$admin['id']."'><font color='#3498DB'>Ville/Photo</font></a>"; break; case 2: echo "<a href='?adm=".$admin['id']."'><font color='orange'>Bureau</font></a>"; break; case 3: echo "<a href='?gda=".$admin['id']."'><font color='red'>Admin</font></a>"; break; } ?></td> <td><?php if($admin['id'] == 1) { echo "<font color='red'>none</font>"; } else { echo '<a href="?del='.$admin["id"].'" class="cross">X</a>'; } ?></td> </tr> <?php } ?> </table> </main> </body> </html>