Skip to content
Snippets Groups Projects
Commit 98108a1c authored by Sofiane Lasri's avatar Sofiane Lasri
Browse files

13H10 - Nv comptes

parent a315650f
Branches
Tags
No related merge requests found
Show whitespace changes
Inline Side-by-side
vbcms-admin/backTasks.php
+ 2
2
View file @ 98108a1c
......@@ -184,8 +184,8 @@ if (isset($_GET["getNotifications"])) {
} elseif (isset($_GET["changeUserGroup"])&&!empty($_GET["changeUserGroup"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
$modificationDetail = json_decode($_GET["changeUserGroup"], true);
$query = $bdd->prepare("UPDATE `vbcms-users` SET `groupId` = ? WHERE `vbcms-users`.`netId` = ?");
$query->execute([$modificationDetail['groupId'], $modificationDetail['netId']]);
$query = $bdd->prepare("UPDATE `vbcms-users` SET `groupId` = ? WHERE `vbcms-users`.`id` = ?");
$query->execute([$modificationDetail['groupId'], $modificationDetail['id']]);
} elseif (isset($_GET["getPermissions"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'viewPermissions')){
if(!empty($_GET["getPermissions"])){
......
vbcms-admin/debug.php 0 → 100644
+ 150
0
View file @ 98108a1c
<?php
$url = "$http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
if(isset($_GET["orderBy"])) $orderBy = $_GET["orderBy"];
else $orderBy = "id";
if(isset($_GET["order"])) $order = $_GET["order"];
else $order = "ASC";
if($order=="ASC") $orderInverse = "DESC";
else $orderInverse = "ASC";
if(isset($_GET["page"])) $page = $_GET["page"];
else{
$query = parse_url($url, PHP_URL_QUERY);
if ($query) {
$url .= '&page=1';
} else {
$url .= '?page=1';
}
header("Location: $url");
}
if(isset($_GET["limit"])){
$limitInt = $_GET["limit"];
$limit = "LIMIT ". $_GET["limit"];
$offset = "OFFSET ".$_GET["limit"] * ($page-1);
}else{
$limitInt = 25;
$limit = "LIMIT ". 25;
$offset = "OFFSET ". 25 * ($page-1);
}
if (isset($_POST['viewAll'])) {
$offset = "";
$limit = "";
$query = parse_url($url, PHP_URL_QUERY);
if ($query) {
$url .= '&viewAll';
} else {
$url .= '?viewAll';
}
header("Location: $url");
} elseif(isset($_POST['showItemsNumber'])){
$limit = "LIMIT ".$_POST['showItemsNumber'];
$offset = "OFFSET ".$_POST['showItemsNumber'] * ($page-1);
$query = parse_url($url, PHP_URL_QUERY);
if ($query) {
$url .= '&limit='.$_POST['showItemsNumber'];
} else {
$url .= '?limit='.$_POST['showItemsNumber'];
}
header("Location: $url");
}
$events = $bdd->query("SELECT * FROM `vbcms-events` ORDER BY $orderBy $order $limit $offset")->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title><?=VBcmsGetSetting("websiteName")?> | Debug Mode</title>
<?php include 'includes/depedencies.php';?>
</head>
<body>
<?php
include ('includes/navbar.php');
?>
<!-- Contenu -->
<div class="page-content" leftSidebar="240" rightSidebar="0">
<h3>Debug Mode</h3>
<p>Si un problème intervient, il sera peut-être répertorié ici. <strong>Les évènements de plus de 30 jours sont supprimés.</strong></p>
<div class="mt-5">
<h5>Évènements</h5>
<form class="form-inline mb-2" method="POST">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="" name="viewAll">
<label class="form-check-label">Tout voir</label>
</div>
<div class="form-group mx-sm-3">
<label>Nombre d'éléments à afficher</label>
<select class="form-control form-control-sm" name="showItemsNumber">
<option>25</option>
<option>50</option>
<option>100</option>
<option>250</option>
<option>500</option>
</select>
</div>
<button type="submit" class="btn btn-brown btn-sm">Appliquer</button>
</form>
<table class="table">
<thead class="thead-brown">
<tr>
<th scope="col"><a id="id" href="?orderBy=id&order=<?=$orderInverse?>" class="text-white">ID</a></th>
<th scope="col"><a id="date" href="?orderBy=date&order=<?=$orderInverse?>" class="text-white">Date</a></th>
<th scope="col"><a id="module" href="?orderBy=module&order=<?=$orderInverse?>" class="text-white">Module</a></th>
<th scope="col"><a id="content" href="?orderBy=content&order=<?=$orderInverse?>" class="text-white">Content</a></th>
<th scope="col"><a id="url" href="?orderBy=url&order=<?=$orderInverse?>" class="text-white">Url</a></th>
<th scope="col"><a id="ip" href="?orderBy=ip&order=<?=$orderInverse?>" class="text-white">IP</a></th>
</tr>
</thead>
<tbody>
<!--
<tr>
<th scope="row">1</th>
<td>11/12/2001</td>
<td>vbcms-website</td>
<td>Load page /index.php</td>
<td>https://vbcms.net/</td>
<td>Un ip</td>
</tr>
-->
<?php
foreach ($events as $event) {
echo '<tr>
<th scope="row">'.$event['id'].'</th>
<td>'.$event['date'].'</td>
<td>'.$event['module'].'</td>
<td>'.$event['content'].'</td>
<td>'.$event['url'].'</td>
<td>'.$event['ip'].'</td>
</tr>';
}
?>
</tbody>
</table>
<span>
<?php
$query = $_GET;
if($page != 1){
$query['page'] = $page-1;
echo'<a href="?'.http_build_query($query).'" class="btn btn-outline-brown">Précédent</a>';
}
$count = $bdd->query("SELECT COUNT(*) FROM `vbcms-events`")->fetchColumn();
if (($count - $limitInt * ($page)) > 0){
$query['page'] = $page+1;
echo '<a class="btn btn-outline-brown mx-2" href="?'.http_build_query($query).'">Suivant</a>';
}
?></span>
</div>
</div>
</body>
</html>
\ No newline at end of file
vbcms-admin/includes/settings/users.php
+ 40
50
View file @ 98108a1c
......@@ -27,26 +27,20 @@
$users=$users->fetchAll(PDO::FETCH_ASSOC);
foreach($users as $user){
$userProfilPic = file_get_contents("https://api.vbcms.net/profiles/v1/get/".$user['netId']);
if(isJson($userProfilPic)){
$userProfilPic = json_decode($userProfilPic, true);
$userProfilPic = $userProfilPic['profilePic'];
} else {
// Ici on a soit pas trouvé l'utilisateur, soit les serveurs sont down
// Du coup on va check dans localAccounts
$userProfilPic = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
$userProfilPic->execute([$user['netId']]);
$userProfilPic=$userProfilPic->fetch(PDO::FETCH_ASSOC);
if(!empty($userProfilPic)){
$userProfilPic = $userProfilPic['profilePic'];
}else{
// Ici l'utilisateur n'existe pas dans la liste des comptes locaux
// Donc on va lui mettre une image placeholder
$userProfilPic = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'profilPic'");
$userProfilPic->execute([$user['id']]);
$userProfilPic=$userProfilPic->fetchColumn();
if(empty($userProfilPic)){
$userProfilPic = VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png";
}
}
$joinedDate = new DateTime($user['localJoinedDate']);
$joinedDate = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'joinedDate'");
$joinedDate->execute([$user['id']]);
$joinedDate = $joinedDate->fetchColumn();
if(!empty($joinedDate)) {
$joinedDate = new DateTime($joinedDate);
$joinedDate = $joinedDate->format('l jS F Y');
} else $joinedDate = translate('unknownF');
$groupsOptions = null;
foreach($userGroups as $userGroup){
......@@ -54,40 +48,36 @@
else $groupsOptions = $groupsOptions."<option value='".$userGroup['groupId']."'>".translate($userGroup['groupName'])."</option>";
}
if($user['username'] != $_SESSION['user_username']){
echo ('<div class="userCard d-flex flex-column">
<div class="d-flex">
<div class="userProfilPic" style="background-image:url(\''.$userProfilPic.'\')"></div>
<div class="ml-2">
<h6 class="mb-n1">'.$user['username'].'</h6>
<small class="text-muted">'.translate('joinedOn').': '. $joinedDate->format('l jS F Y').'</small><br>
<small><a href="#" onclick="toogle(\'edit-'.$user['username'].'\')" class="text-brown">'.translate("modifyUser").'</a> <a href="#" onclick="editLocalAccount(\''.$user['netId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a></small>
</div>
<small class="text-muted"><strong>Auth:</strong>'.$user['auth'].' <strong>'.translate('joinedOn').'</strong>: '. $joinedDate.'</small><br>
<small>');
if($user['id']!=$_SESSION['user_id']){
echo ('<a href="#" onclick="toogle(\'edit-'.$user['username'].'\')" class="text-brown">'.translate("modifyUser").'</a>');
}
if($user['auth']=='vbcms.net'){
echo('<a href="#" onclick="editLocalAccount(\''.$user['authId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a>');
}
echo('</small></div>
</div>');
echo ('<div id="edit-'.$user['username'].'" style="display: none;"><div class="d-flex flex-column mt-2"">
<div class="form-inline">
<label>Changer de groupe</label>
<select class="form-control form-control-sm flex-grow-1 ml-2" id="groupUser'.$user['netId'].'" onchange="changeUserGroup('.$user['netId'].')">
<select class="form-control form-control-sm flex-grow-1 ml-2" id="groupUser'.$user['id'].'" onchange="changeUserGroup('.$user['id'].')">
'.$groupsOptions.'
</select>
</div>
<div class="d-flex mt-2">
<button class="btn btn-sm btn-brown">Modifier ses permissions</button>
<button class="btn btn-sm btn-danger ml-2">Expulser</button>
</div>
</div></div>');
}else{
echo ('<div class="userCard d-flex flex-column">
<div class="d-flex">
<div class="userProfilPic" style="background-image:url(\''.$userProfilPic.'\')"></div>
<div class="ml-2">
<h6 class="mb-n1">'.$user['username'].'</h6>
<small class="text-muted">'.translate('joinedOn').': '. $joinedDate->format('l jS F Y').'</small><br>
<small class="text-brown"><a href="#" onclick="editLocalAccount(\''.$user['netId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a></small>
</div>
</div>');
<button class="btn btn-sm btn-brown">Modifier ses permissions</button>');
if($user['id']!=$_SESSION['user_id']){
echo('<button class="btn btn-sm btn-danger ml-2">Expulser</button>');
}
echo('</div>
</div>');
echo('</div>');
echo ('</div>');
}
echo "</div></div>";
......@@ -259,10 +249,10 @@ function sendLocalAccountInfos(netId){
});
}
function changeUserGroup(netId){
function changeUserGroup(id){
var array = {
netId: netId,
groupId: $("#groupUser"+netId).val()
id: id,
groupId: $("#groupUser"+id).val()
};
$.get("<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks/?changeUserGroup="+JSON.stringify(array), function(data) {
if(data!=""){
......
vbcms-admin/index.php
+ 5
5
View file @ 98108a1c
......@@ -7,18 +7,18 @@ if ($isUpToDate == 1) {
} else {
$updateMessage = translate("isNotUpToDate");
}
if($_SESSION['loginType']=='vbcms-account'){
if($_SESSION['auth']=='vbcms.net'){
$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
$userHasLocalAccount->execute([$_SESSION['user_id']]);
$userHasLocalAccount->execute([$_SESSION['netId']]);
$userHasLocalAccount = $userHasLocalAccount->fetch(PDO::FETCH_ASSOC);
if(empty($userHasLocalAccount)){
if(isset($_POST['localUserUsername']) && !empty($_POST['localUserUsername'])){
$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`, `profilePic`) VALUES (NULL, ?,?,?,?)');
$query->execute([$_SESSION['user_id'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_SESSION['user_profilePic']]);
$query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`id`, `netIdAssoc`, `username`, `password`) VALUES (NULL, ?,?,?)');
$query->execute([$_SESSION['netId'], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT)]);
$userHasLocalAccount = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
$userHasLocalAccount->execute([$_SESSION['user_id']]);
$userHasLocalAccount->execute([$_SESSION['netId']]);
$userHasLocalAccount = $userHasLocalAccount->fetch(PDO::FETCH_ASSOC);
if(empty($userHasLocalAccount)){
$localAccountCreationSuccess=false;
......
vbcms-content/translations/FR.php
+ 2
2
View file @ 98108a1c
......@@ -110,8 +110,8 @@ $translation["noPostData"] = "Pas de donnée POST :(";
$translation["modifyLocalAccount"] = "Modifier le compte local";
$translation["createGroup"] = "Créer un groupe";
$translation["deleteGroup"] = "Supprimer le groupe";
$translation["sample"] = "sample";
$translation["sample"] = "sample";
$translation["unknown"] = "Inconnu";
$translation["unknownF"] = "Inconnue";
$translation["sample"] = "sample";
$translation["sample"] = "sample";
$translation["sample"] = "sample";
......
vbcms-core/functions.php
+ 1
1
View file @ 98108a1c
......@@ -181,7 +181,7 @@ function adminNavbarAddItem($moduleName, $icon, $name, $link){
function verifyUserPermission($userId, $extensionName, $permission){
global $bdd;
// On va récupérer les infos de l'utilisateur
$userInfos = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
$userInfos = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE id=?");
$userInfos->execute([$userId]);
$userInfos = $userInfos->fetch(PDO::FETCH_ASSOC);
......
vbcms-core/sessionHandler.php
+ 27
7
View file @ 98108a1c
......@@ -11,12 +11,17 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
$sessionData = json_decode($sessionJson, true);
if (isset($sessionData) && !isset($sessionData['error'])) {
// VBcms.net renvoie user_id, mais nous ici on va le renommer en netId car c'est propre à l'authentification du drm
$sessionData['auth'] = 'vbcms.net';
$sessionData["netId"] = $sessionData["user_id"];
unset($sessionData["user_id"]);
// On va rechercher dans la liste des utilisateurs si cet user est présent ou non
$userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
$userExistInDB->execute([$sessionData["user_id"]]);
$userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
$userExistInDB->execute([$sessionData["netId"]]);
$userExistInDB = $userExistInDB->fetch(PDO::FETCH_ASSOC);
if(empty($userExistInDB)){
// On va l'insérer
// A CHANGER
if($sessionData["user_role"]=="owner")
$userGroupID = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'superadmins'")->fetchColumn();
elseif($sessionData["user_role"]=="admin")
......@@ -24,15 +29,30 @@ if (isset($_GET["session"]) && !empty($_GET["session"])){
else
$userGroupID = $bdd->query("SELECT groupId FROM `vbcms-userGroups` WHERE groupName = 'users'")->fetchColumn();
$userExistInDB = $bdd->prepare("INSERT INTO `vbcms-users` (`netId`, `username`, `localLanguage`, `localJoinedDate`, `groupId`) VALUES (?,?,?,?,?)");
$userExistInDB->execute([$sessionData["user_id"], $sessionData["user_username"], $sessionData["language"], date("Y-m-d H:i:s"), $userGroupID]);
///////
$userExistInDB = $bdd->prepare("INSERT INTO `vbcms-users` (`id`,`auth`,`authId`, `username`, `groupId`) VALUES (NULL,'vbcms.net',?,?,?)");
$userExistInDB->execute([$sessionData["netId"], $sessionData["user_username"], $userGroupID]);
// Maintenant on va revérifier
$userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE netId=?");
$userExistInDB->execute([$sessionData["user_id"]]);
$userExistInDB = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
$userExistInDB->execute([$sessionData["netId"]]);
$userExistInDB = $userExistInDB->fetch(PDO::FETCH_ASSOC);
$insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
$insertSettings->execute([$userExistInDB['id'], 'profilPic', $sessionData["user_profilePic"]]);
$insertSettings = $bdd->prepare("INSERT INTO `vbcms-usersSettings` (`userId`, `name`, `value`) VALUES (?,?,?)");
$insertSettings->execute([$userExistInDB['id'], 'joinedDate', date("Y-m-d H:i:s")]);
}
// On va pouvoir associer l'id local
$sessionData['user_id'] = $userExistInDB['id'];
// On va mettre à jour son image de profil
$insertSettings = $bdd->prepare("UPDATE `vbcms-usersSettings` SET `value` = ? WHERE `vbcms-usersSettings`.`userId` = ? AND `vbcms-usersSettings`.`name` = 'profilPic'");
$insertSettings->execute([$sessionData["user_profilePic"], $sessionData['user_id']]);
// On va chercher le groupe auquel il appartient
$userGroup = $bdd->prepare("SELECT * FROM `vbcms-userGroups` WHERE groupId=?");
$userGroup->execute([$userExistInDB["groupId"]]);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment