forked from rebillar/site-accueil-insa
		
	
		
			
				
	
	
		
			197 lines
		
	
	
		
			No EOL
		
	
	
		
			5.1 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
			
		
		
	
	
			197 lines
		
	
	
		
			No EOL
		
	
	
		
			5.1 KiB
		
	
	
	
		
			PHP
		
	
	
	
	
	
| <?php
 | |
| include "script.php";
 | |
| 
 | |
| if($user['perm'] < 3) {
 | |
| 	header('Location: deco.php');
 | |
| }
 | |
| 
 | |
| if(isset($_GET['del']) AND !empty($_GET['del']))
 | |
| {
 | |
| 	if($user['perm'] >= 3) {
 | |
| 		$del = (int) htmlspecialchars($_GET['del']);
 | |
| 
 | |
| 		if($del != 1) {
 | |
| 			$req = $db->prepare('DELETE FROM admin WHERE id =?');
 | |
| 			$req->execute(array($del));
 | |
| 			header('Location: gestion_des_acces.php');
 | |
| 		} else {
 | |
| 			$error = "On ne peut pas suprimer le superutilisateur sauf manuellement dans la base de données !";
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| if(isset($_GET['gda']) AND !empty($_GET['gda']))
 | |
| {
 | |
| 	if($user['perm'] >= 3) {
 | |
| 
 | |
| 		$gda = (int) htmlspecialchars($_GET['gda']);
 | |
| 
 | |
| 		if($gda != 1) {
 | |
| 			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
 | |
| 			$req->execute(array(0,$gda));
 | |
| 			header('Location: gestion_des_acces.php');
 | |
| 		} else {
 | |
| 			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| if(isset($_GET['ville']) AND !empty($_GET['ville']))
 | |
| {
 | |
| 	if($user['perm'] >= 3) {
 | |
| 
 | |
| 		$ville = (int) htmlspecialchars($_GET['ville']);
 | |
| 
 | |
| 		if($ville != 1) {
 | |
| 			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
 | |
| 			$req->execute(array(1,$ville));
 | |
| 			header('Location: gestion_des_acces.php');
 | |
| 		} else {
 | |
| 			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| if(isset($_GET['bur']) AND !empty($_GET['bur']))
 | |
| {
 | |
| 	if($user['perm'] >= 3) {
 | |
| 
 | |
| 		$bur = (int) htmlspecialchars($_GET['bur']);
 | |
| 
 | |
| 		if($bur != 1) {
 | |
| 			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
 | |
| 			$req->execute(array(2,$bur));
 | |
| 			header('Location: gestion_des_acces.php');
 | |
| 		} else {
 | |
| 			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| if(isset($_GET['adm']) AND !empty($_GET['adm']))
 | |
| {
 | |
| 	if($user['perm'] >= 3) {
 | |
| 
 | |
| 		$adm = (int) htmlspecialchars($_GET['adm']);
 | |
| 		
 | |
| 		if($adm != 1) {
 | |
| 			$req = $db->prepare('UPDATE admin SET perm = ? WHERE id =?');
 | |
| 			$req->execute(array(3,$adm));
 | |
| 			header('Location: gestion_des_acces.php');
 | |
| 		} else {
 | |
| 			$error = "On ne peut pas modifier le grade du superutilisateur sauf manuellement dans la base de données !";
 | |
| 		}
 | |
| 	}
 | |
| }
 | |
| 
 | |
| 
 | |
| if(isset($_POST['send'])) {
 | |
| 	if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
 | |
| 
 | |
| 		if($user['perm'] >= 3) {
 | |
| 			$pseudo = htmlspecialchars($_POST['pseudo']);
 | |
| 			$perm = htmlspecialchars($_POST['perm']);
 | |
| 
 | |
| 			switch ($perm) {
 | |
| 			case "v0":
 | |
| 				$perm_int = 0;
 | |
| 				break;
 | |
| 		    case "v1":
 | |
| 		    	$perm_int = 1;
 | |
| 		        break;
 | |
| 		    case "v2":
 | |
| 		    	$perm_int = 2;
 | |
| 		        break;
 | |
| 		    case "v3":
 | |
| 		    	$perm_int = 3;
 | |
| 		        break;
 | |
| 			}
 | |
| 
 | |
| 			if(strlen($pseudo) <= 50) {
 | |
| 				$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
 | |
| 	            $req->execute(array($pseudo));
 | |
| 	            $pseudo_exist = $req->rowCount();
 | |
| 	            if ($pseudo_exist == 0) {
 | |
| 					$req = $db->prepare("INSERT INTO admin(pseudo, perm) VALUES(?, ?)");
 | |
| 					$req->execute(array($pseudo, $perm_int));
 | |
| 					header('refresh:0');
 | |
| 				} else {
 | |
| 					$error = "pseudo déja utilisé";
 | |
| 				}
 | |
| 			} else {
 | |
| 				$error = "le pseudo ne doit pas dépasser 50 char";
 | |
| 			}
 | |
| 		}
 | |
| 	} else {
 | |
| 		$error = "Tout les champs doivent être complétés";
 | |
| 	}
 | |
| }
 | |
| ?>
 | |
| <!DOCTYPE html>
 | |
| <html>
 | |
| <head>
 | |
| 	<meta charset="utf-8">
 | |
| 	<meta name="viewport" content="width=device-width, initial-scale=1">
 | |
| 	<title>Admin / Accès</title>
 | |
| </head>
 | |
| <body>
 | |
| 	<main>
 | |
| 		<form method="POST">
 | |
| 			<input type="text" placeholder="identifiant INSA" name="pseudo" class="input_inline">
 | |
| 			<select name="perm" class="input_inline">
 | |
| 				<option value="v0">GDA - Perm 0</option>
 | |
| 				<option value="v1">Ville/Photo - Perm 1</option>
 | |
| 				<option value="v2">Bureau - Perm 2</option>
 | |
| 				<option value="v3">Admin - Perm 3</option>
 | |
| 			</select>
 | |
| 			<input type="submit" name="send" value="Creer l'acces" class="submit_inline">
 | |
| 		</form>
 | |
| 		<?php
 | |
| 		if(isset($error)) {
 | |
| 			echo "<font color='red'>".$error."</font>";
 | |
| 		}
 | |
| 		?>
 | |
| 		<br><br>
 | |
| 		<table class="acces">
 | |
| 			<tr>
 | |
| 				<th width="10%">ID (db)</td>
 | |
| 				<th width="40%">Identifiant INSA</td>
 | |
| 				<th width="40%">Perm</td>
 | |
| 				<th width="10%">Actions</td>
 | |
| 			</tr>
 | |
| 			<?php
 | |
| 			$req = $db->query('SELECT id, pseudo, perm FROM admin');
 | |
| 			while($admin = $req->fetch()) {
 | |
| 			?>
 | |
| 				<tr>
 | |
| 					<td><?= $admin['id'] ?></td>
 | |
| 					<td><?= $admin['pseudo'] ?></td>
 | |
| 					<td><?php
 | |
| 						switch ($admin['perm']) {
 | |
| 						case 0:
 | |
| 							echo "<a href='?ville=".$admin['id']."'><font color='green'>GDA</font></a>";
 | |
| 							break;
 | |
| 					    case 1:
 | |
| 							echo "<a href='?bur=".$admin['id']."'><font color='#3498DB'>Ville/Photo</font></a>";
 | |
| 							break;
 | |
| 					    case 2:
 | |
| 							echo "<a href='?adm=".$admin['id']."'><font color='orange'>Bureau</font></a>";
 | |
| 					        break;
 | |
| 					    case 3:
 | |
| 					        echo "<a href='?gda=".$admin['id']."'><font color='red'>Admin</font></a>";
 | |
| 					        break;
 | |
| 						}
 | |
| 					?></td>
 | |
| 					<td><?php
 | |
| 					if($admin['id'] == 1) {
 | |
| 						echo "<font color='red'>none</font>";
 | |
| 					} else {
 | |
| 						echo '<a href="?del='.$admin["id"].'" class="cross">X</a>';
 | |
| 					}
 | |
| 					?></td>
 | |
| 				</tr>
 | |
| 			<?php } ?>
 | |
| 		</table>
 | |
| 	</main>
 | |
| </body>
 | |
| </html>
 |