admin v1

admin/deco.php

@@ -0,0 +1,6 @@
+<?php
+session_start();
+$_SESSION = array();
+session_destroy();
+header("Location: index.php");
+?>

admin/enigma.php

@@ -0,0 +1,7 @@
+<?php
+include "script.php";
+
+if($user['perm'] < 2) {
+	header('Location: deco.php');
+}
+?>

admin/gestion_des_acces.php

@@ -0,0 +1,65 @@
+<?php
+include "script.php";
+
+if($user['perm'] < 2) {
+	header('Location: deco.php');
+}
+
+if(isset($_POST['send'])) {
+	if(isset($_POST['pseudo']) AND !empty($_POST['pseudo']) AND isset($_POST['mdp']) AND !empty($_POST['mdp']) AND isset($_POST['perm']) AND !empty($_POST['perm'])) {
+		$pseudo = htmlspecialchars($_POST['pseudo']);
+		$mdp = htmlspecialchars($_POST['mdp']);
+		$perm = (int) htmlspecialchars($_POST['perm']);
+
+		if(strlen($pseudo) <= 50) {
+			$req = $db->prepare("SELECT id FROM admin WHERE pseudo = ?");
+            $req->execute(array($pseudo));
+            $pseudo_exist = $req->rowCount();
+            if ($pseudo_exist == 0) {
+				$req = $db->prepare("INSERT INTO admin(pseudo, mdp, perm) VALUES(?, ?, ?)");
+				$req->execute(array($pseudo, password_hash($mdp, PASSWORD_DEFAULT), $perm));
+			} else {
+				$error = "pseudo déja utilisé";
+			}
+		} else {
+			$error = "le pseudo ne doit pas dépasser 50 char";
+		}
+	} else {
+		$error = "Tout les champs doivent être complétés";
+	}
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Admin / Accès</title>
+</head>
+<body>
+	<form method="POST">
+		<input type="text" placeholder="identifiant" name="pseudo">
+		<input type="password" placeholder="mot de passe" name="mdp">
+		<select name="perm">
+			<option value="0">GDA - Perm 0</option>
+			<option value="1">Bureau - Perm 1</option>
+			<option value="2">Admin - Perm 2</option>
+		</select>
+		<input type="submit" name="send" value="Creer l'acces">
+	</form>
+	<?php
+	if(isset($error)) {
+		echo "<font color='red'>".$error."</font>";
+	}
+	?>
+	<br><br>
+	<?php
+	$req = $db->query('SELECT id, pseudo, perm FROM admin');
+	while($admin = $req->fetch()) {
+	?>
+	<?= $admin['id'] ?> || <?= $admin['pseudo'] ?> || <?= $admin['perm'] ?>
+	<?php } ?>
+
+	
+</body>
+</html>

admin/index.php

@@ -0,0 +1,55 @@
+<?php
+$page = "index";
+include "script.php";
+if(isset($_POST['login'])) {
+    if (!empty($_POST['pseudo']) and !empty($_POST['password'])) {
+        $pseudo = htmlspecialchars($_POST['pseudo']);
+        $password = htmlspecialchars($_POST['password']);
+
+        $req = $db->prepare("SELECT id, mdp FROM admin WHERE pseudo = ?");
+        $req->execute(array($pseudo));
+        $user_exist = $req->rowcount();
+        if ($user_exist == 1) {
+            while ($user_login = $req->fetch()) {
+                $passwd = $user_login['mdp'];
+                if ((password_verify($password, $passwd)) == 1) {
+                	$_SESSION['id'] = $user_login['id'];
+                	header('Refresh:0');
+                } else {
+                    $error = "Mot de passe invalide !";
+                }
+            }
+        } else {
+            $error = "Identifiant invalide !";
+        }
+    } else {
+        $error = "Tout les champs doivent être complétés";
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>Admin / index</title>
+</head>
+<body>
+    <?php
+    if(isset($_SESSION['id'])) {
+        echo "Connecté sous l'identifiant : ".$user['pseudo'];
+    } else {
+    ?>
+	<form method="POST">
+		<input type="text" placeholder="Identifiant" name="pseudo">
+		<input type="password" placeholder="mot de passe" name="password">
+		<input type="submit" name="login" value="Se connecter">	
+	</form>
+	<?php
+    }
+	if(isset($error)) {
+		echo "<font color='red'>".$error."</font>";
+	}
+	?>
+</body>
+</html>

admin/planning.php

@@ -0,0 +1,8 @@
+<?php
+include "script.php";
+
+if($user['perm'] < 1) {
+	header('Location: deco.php');
+}
+
+?>

admin/script.php

@@ -0,0 +1,50 @@
+<?php
+include "../script/db.php";
+
+session_start();
+
+if(isset($_SESSION['id'])) {
+	$req_user = $db->prepare("SELECT pseudo, perm FROM admin WHERE id = ?");
+	$req_user->execute(array($_SESSION['id']));
+	$user_exist = $req_user->rowcount();
+	$user = $req_user->fetch();
+} else {
+	$user_exist = 0;
+}
+
+
+if($user_exist != 1) {
+	if($page != "index") {
+		header('Location: index.php');
+	}
+} else {
+	switch ($user['perm']) {
+    case 0:
+        ?>
+        <a href="index.php">Index</a><br>
+		<a href="stats.php">Stats</a><br>
+		<a href="deco.php">Se déconnecter</a><br>
+        <?php
+        break;
+    case 1:
+        ?>
+        <a href="index.php">Index</a><br>
+		<a href="planning.php">Planning</a><br>
+		<a href="stats.php">Stats</a><br>
+		<a href="deco.php">Se déconnecter</a><br>
+        <?php
+        break;
+    case 2:
+        ?>
+        <a href="index.php">Index</a><br>
+		<a href="gestion_des_acces.php">Gestion des accès</a><br>
+		<a href="enigma.php">Enigma</a><br>
+		<a href="planning.php">Planning</a><br>
+		<a href="stats.php">Stats</a><br>
+		<a href="vacances.php">Vacances</a><br>
+		<a href="deco.php">Se déconnecter</a><br>
+        <?php
+        break;
+	}
+}
+?>

admin/stats.php

@@ -0,0 +1,3 @@
+<?php
+include "script.php";
+?>

admin/t.htaccess

@@ -0,0 +1,4 @@
+AuthName "Vous ne passerez pas (sauf si vous passez)"
+AuthType Basic
+AuthUserFile ".htpasswd"
+Require valid-user

admin/t.htpasswd

@@ -0,0 +1 @@
+on_est_les_admine:$apr1$sl6wtfnm$kglXQc9t3n0DnNO0dbM./1

admin/vacances.php

@@ -0,0 +1,7 @@
+<?php
+include "script.php";
+
+if($user['perm'] < 2) {
+	header('Location: deco.php');
+}
+?>