Skip to content

Commit

Permalink
Add files via upload
Browse files Browse the repository at this point in the history
  • Loading branch information
@sebdivinity
sebdivinity authored May 2, 2018
1 parent 1dd0829 commit ffc6eba
Show file tree
Hide file tree
Showing 8 changed files with 245 additions and 89 deletions.
30 changes: 15 additions & 15 deletions bOffice - Users.php
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
<?php
require "bOffice - header.php";
require "bOffice - header.php";
$time = getTimeForLog();

if(isset($_POST["cancelDelete"]) && isset($_SESSION["cancelDelete"])){

foreach ($_SESSION["cancelDelete"] as $key2 => $value2) {

if(!isset($column_name) && (!isset($valuesInserted))){
$columnName = $key2;
$valuesInserted = $value2;
}

elseif($value2 =="")
$value2 = Null;

Expand All @@ -21,7 +21,7 @@

else{
$columnName = $columnName.",".$key2;
$valuesInserted = $valuesInserted.",'".$value2."'";
$valuesInserted = $valuesInserted.",'".$value2."'";
}
}
$connection = connectDB();
Expand Down Expand Up @@ -74,7 +74,7 @@
$query->execute([
"email"=>$_POST["emailOfUserPromote"]
]);
$result = $query->fetch(PDO::FETCH_ASSOC);
$result = $query->fetch(PDO::FETCH_ASSOC);
if($result["member_status"] == 0 && $_SESSION["admin"]){
$query = $connection->prepare("UPDATE member set member_status = 1 where member_email= :email");
$query->execute([
Expand All @@ -88,7 +88,7 @@
else{
?>
<center><h2 class="erreur">Erreur: Vous n'avez pas les droits pour effectuer cette action</h2></center>
<?php
<?php
}
}

Expand All @@ -99,7 +99,7 @@
$query->execute([
"email"=>$_POST["emailOfUserDemote"]
]);
$result = $query->fetch(PDO::FETCH_ASSOC);
$result = $query->fetch(PDO::FETCH_ASSOC);
if($result["member_status"] == 1 && $_SESSION["admin"]){
$query = $connection->prepare("UPDATE member set member_status = 0 where member_email= :email");
$query->execute([
Expand All @@ -113,7 +113,7 @@
else{
?>
<center><h2 class="erreur">Erreur: Vous n'avez pas les droits pour effectuer cette action</h2></center>
<?php
<?php
}
}

Expand All @@ -124,7 +124,7 @@
$query->execute([
"email"=>$_POST["emailOfUserUnban"]
]);
$result = $query->fetch(PDO::FETCH_ASSOC);
$result = $query->fetch(PDO::FETCH_ASSOC);
if($result["member_status"] == 3){
$query = $connection->prepare("UPDATE member set member_status=0 where member_email= :email");
$query->execute([
Expand All @@ -138,7 +138,7 @@
else{
?>
<center><h2 class="erreur">Erreur: Vous n'avez pas les droits pour effectuer cette action</h2></center>
<?php
<?php
}
}

Expand All @@ -164,7 +164,7 @@
else{
?>
<center><h2 class="erreur">Erreur: Vous n'avez pas les droits pour effectuer cette action</h2></center>
<?php
<?php
}
}

Expand All @@ -181,7 +181,7 @@
</tr>
</thead>
<tbody>
<tr>
<tr class="notStrip">
<form method="POST">
<td>
<div class="container-fluid row">
Expand Down Expand Up @@ -242,7 +242,7 @@
}

elseif(!empty($_POST["searchLastname"]) || !empty($_POST["searchFirstname"]) || !empty($_POST["searchEmail"]) || !empty($_POST["searchStatus"])){
$connection = connectDB();
$connection = connectDB();
$query = $connection->prepare("SELECT member_lastname,member_firstname,member_email,member_status FROM member WHERE member_lastname= :lastName OR member_firstname= :firstName OR member_email= :email OR member_status= :status");

$query->execute([
Expand Down Expand Up @@ -298,7 +298,7 @@

if($key == "member_email"){
$emailOfMember = $value2;
}
}
}
$beginButton = '<td><div class="row">';
$endButton = '</div></td></tr>';
Expand Down Expand Up @@ -358,4 +358,4 @@
</div>

<?php
include "bOffice - footer.php" ?>
include "bOffice - footer.php" ?>
98 changes: 60 additions & 38 deletions bOffice - header.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,47 @@
session_start();
require "conf.inc.php";
require "functions.php";
preventXSS($_POST);
preventXSS($_POST); // Function preventing xss injection

if(isset($_SESSION["token"])){
// echo "<pre>";
// print_r($_SESSION);
// echo "</pre>";

if(isset($_SESSION["token"])){ // Condition that handle access to the back office, to know if the user have the rights to access the requested page.
$result = getinfo("*");
if($result["member_status"] == 2){
$_SESSION["admin"] = TRUE;
$_SESSION["moderateur"] = FALSE;
$_SESSION["status"] = "Administrateur";
}
elseif($result["member_status"] == 1){
$_SESSION["moderateur"] = TRUE;
$_SESSION["admin"] = FALSE;
$_SESSION["status"] = "Modérateur";
}
else{
echo "fail";
header("Location: index.php");
}
$_SESSION["name"] = $result["member_lastname"];
if($result["member_status"] == 2){ // "If" condition sets $_SESSIONs that are used later to handle rights of moderator and administrator differently
$_SESSION["admin"] = TRUE;
$_SESSION["moderateur"] = FALSE;
$_SESSION["status"] = "Administrateur";
}
elseif($result["member_status"] == 1){
$_SESSION["moderateur"] = TRUE;
$_SESSION["admin"] = FALSE;
$_SESSION["status"] = "Modérateur";
}
else{
header("Location: index.php");
}
$_SESSION["name"] = $result["member_lastname"]; // These $_SESSIONs are used for logs.
$_SESSION["firstName"] = $result["member_firstname"];
}

else{
header("Location: index.php");
}

switch($_SERVER["PHP_SELF"]){ // This switch handle where the user to make active links of the page where he is. It also handle the subpage on the ticket part

case "/parisnow/bOffice - ticketsToDo.php":
case "/parisnow/bOffice - ticketsOpen.php":
case "/parisnow/bOffice - ticketsClosed.php":
$navigation[$_SERVER["PHP_SELF"]] = 1;
$navigation["ticket"] = 1;
break;

default:
$navigation[$_SERVER["PHP_SELF"]] = 1;
}
?>
<!DOCTYPE html>
<html>
Expand All @@ -35,35 +51,41 @@
<title>Administration des utilisateurs</title>
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/styleBO.css">
<meta name="description" content="Partie back office du site">
<meta name="description" content="Partie back office de ParisNow">
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
</head>
<body>

<header>
<section class="container-fluid">

<img src="img/logo.png" class="logo">
<div class="container-fluid title bOfficeTitle">
<h1>Administration</h1>
<div class="row">
<div class="col-3">
<img src="img/logo.png" class="img-fluid">
</div>
<center><h5>Vous êtes : <?php echo($_SESSION["admin"])? "Administrateur.":"Modérateur." ?></h5></center>
<div class="col-4 offset-1">
<h1 class="title">Administration</h1>
</div>
<div class="col-3 offset-1">
<img src="img/logo.png" class="img-fluid">
</div>
</div>
<h5 style="text-align:center;">Vous êtes : <?php echo($_SESSION["admin"])? "Administrateur.":"Modérateur." ?></h5> <!-- Show the rank of the member -->

<nav class="navbar justify-content-center bOfficeNavigation">
<a class="nav-link" href="bOffice - Users.php">Membres</a>
<a class="nav-link" href="#">Evénements publics</a>
<a class="nav-link" href="#">Evénements à valider</a>
<div class="nav-item dropdown">
<a class="nav-link dropdown-toggle" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Tickets</a>
<div class="dropdown-menu dropmenu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="bOffice - ticketsToDo.php">A traiter</a>
<a class="dropdown-item" href="bOffice - ticketsOpen.php">Ouvert</a>
<a class="dropdown-item" href="bOffice - ticketsClosed.php">Historique</a>
</div>
</div>
<nav class="navbar justify-content-center bOfficeNavigation">
<a class="nav-link" href="bOffice - Users.php"><button class="btn buttonHeader <?php echo (isset($navigation["/parisnow/bOffice - Users.php"]))? "activeHeader":"" ?>">Membres</button></a>
<a class="nav-link" href="#"><button class="btn buttonHeader <?php echo (isset($navigation["/parisnow/bOffice - "]))? "activeHeader":"" ?>">Evénements publics</button></a>
<a class="nav-link" href="#"><button class="btn buttonHeader <?php echo (isset($navigation["/parisnow/bOffice - "]))? "activeHeader":"" ?>">Evénements à valider</button></a>
<div class="nav-item dropdown nav-link">
<a role="button" class="btn buttonHeader nav-link dropdown-toggle arrowDrop <?php echo (isset($navigation["ticket"]))? "activeHeader":"" ?>" href="#" id="navbarDropdownMenuLink" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">Tickets</a>
<div class="dropdown-menu dropmenu" aria-labelledby="navbarDropdownMenuLink">
<a class="dropdown-item" href="bOffice - ticketsToDo.php">A traiter</a>
<a class="dropdown-item" href="bOffice - ticketsOpen.php">Ouvert</a>
<a class="dropdown-item" href="bOffice - ticketsClosed.php">Historique</a>
</div>
</div>

<a class="nav-link" href="index.php">Quitter l'administration</a>
</nav>
<a class="nav-link" href="index.php"><button class="btn buttonHeader">Quitter l'administration</button></a>
</nav>
</section>
<hr>
<hr>
</header>
35 changes: 18 additions & 17 deletions bOffice - ticket.php
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
<?php
require "bOffice - header.php";

if(isset($_GET["ticket_id"]) && !empty($_GET["ticket_id"])){
if(isset($_GET["ticket_id"]) && !empty($_GET["ticket_id"])){ // This condition will handle the $_GET["ticket_id"] to search if the ticket exists in database.
$connect = connectDB();
$query=$connect->prepare("SELECT category_name,member_lastname,member_firstname,ticket.* FROM ticket,member,t_category where ticket_id= :id AND member_id=member AND t_category = category_id");
$query->execute([
"id"=>$_GET["ticket_id"]
]);
$ticket = $query->fetch(PDO::FETCH_ASSOC);

if(empty($ticket)){
if(empty($ticket)){ // If the ticket is empty (= ticket does not exist), then the user is sent on the previous location or by default on ticketsToDo with an error message.
$_SESSION["falseTicket"] = true;
isset($_SESSION["location"])? Header("Location: ".$_SESSION["location"]) : Header("Location: bOffice - ticketsTodo.php");
}
Expand All @@ -21,11 +21,10 @@
$lastUpdate = $query->fetch(PDO::FETCH_ASSOC);
?>
<div class="row">
<div class="col-2">
<a href="<?php echo isset($_SESSION["location"])? $_SESSION["location"] : "ticketsToDo.php"; ?>"><button class="btn btn-info">Retour aux tickets</button></a>
</div>
<div class="col-md-1"></div>
<div class="col-md-3">
<div class="ticketInfo">
<a href="<?php echo isset($_SESSION["location"])? $_SESSION["location"] : "ticketsToDo.php"; ?>"><button class="btn btn-info backToTicketButton">Retour aux tickets</button></a>
<div>
<table class="table">
<hr>
<center><h6 style="margin-bottom: : 0px;">Informations du ticket</h6></center>
Expand All @@ -40,6 +39,7 @@
<td>
<?php
switch ($ticket["state"]){
case 3:
case 0:
echo "Ouvert";
break;
Expand Down Expand Up @@ -89,12 +89,12 @@
</div>
</div>

<div class="col-md-4">
<div class="col-md-5">
<hr>
<center><h6>Titre : <?php echo $ticket["ticket_label"] ?></h6></center>
<hr>
<?php
if(isset($_SESSION["ticketError"])){
if(isset($_SESSION["ticketError"])){ // This loop show all error messages caming from user actions
foreach ($_SESSION["ticketError"] as $key => $value) {
echo "<h5>".$ticketErrorBackOffice[$value]."</h5>";
}
Expand All @@ -105,23 +105,24 @@
<tr>
<td><?php echo $ticket["ticket_content"] ?></td>
</tr>

<?php if($ticket["state"] != 1 && $ticket["state"] !=2){ ?>
<tr>
<td>
<form method="POST" action="script/bOffice - updateTicket.php">
<input hidden name="ticketId" value=<?php echo $ticket["ticket_id"] ?>>
<textarea name="updateTicket" class="form-control"></textarea>
<button type="submit" class="btn btn-info">Répondre</button>
<button type="submit" class="btn btn-info answerButton">Répondre</button>
</form>
</td>
</tr>
<?php } ?>
</table>
</div>

<div class="col actions">
<div class="ticketInfo">
<div class="col-md-2 actions">
<div>
<hr>
<center><h6>Actions</h6></center>
<center><h6>Actions</h6></center> <!-- This part show all buttons dependings on ticket state -->
<hr>
<table class="table">
<tr>
Expand All @@ -131,16 +132,16 @@
<div class="actionButton">
<form method="POST" action="script/bOffice - updateTicket.php">
<input hidden name=<?php
echo ($ticket["state"] != 2)? ($ticket["state"] == 0 or $ticket["state"] == 3)? '"closeTicket"': '"reopenTicket"': ""; ?> value="<?php echo $ticket["ticket_id"] ?>">
<button type="submit" class="button btn" <?php echo ($ticket["state"] == 2)? "disabled":""; echo ">"; echo ($ticket["state"] == 0)? "Fermé":"Réouvrir" ?></button>
echo ($ticket["state"] != 2)? ($ticket["state"] == 0 || $ticket["state"] == 3)? '"closeTicket"': '"reopenTicket"': ""; ?> value="<?php echo $ticket["ticket_id"] ?>">
<button type="submit" class="button btn" <?php echo ($ticket["state"] == 2)? "disabled":""; echo ">"; echo ($ticket["state"] == 0 || $ticket["state"] == 3)? "Fermé":"Réouvrir" ?></button>
</form>
</div>
<?php if($ticket["state"] == 0 && ($ticket["author_last_update"] != $ticket["member"])){
?>
<div class="actionButton">
<form method="POST" action="script/bOffice - updateTicket.php">
<input hidden name="backToTreatment" value="<?php echo $ticket["ticket_id"] ?>">
<button type="submit" class="button btn">Remettre en traitement</button>
<button type="submit" class="button btn">Retour en traitement</button>
</form>
</div>
<?php } ?>
Expand All @@ -151,7 +152,7 @@
if($ticket["state"] != 2){
?>
<tr>
<td>
<td class="align-middle">
<form method="POST" action="script/bOffice - updateTicket.php">
<input hidden name="defCloseTicket" value="<?php echo $ticket["ticket_id"] ?>">
<button type="submit" class="btn btn-danger">Fermé definitivement</button>
Expand Down
6 changes: 3 additions & 3 deletions bOffice - ticketsClosed.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,10 @@
require "bOffice - header.php";
include "bOffice - ticketsMenu.php";

$_SESSION["location"] = "bOffice - ticketsClosed.php";
$_SESSION["location"] = "bOffice - ticketsClosed.php"; //This session is used for the value of the "href" of the <a> balise named "Retour aux tickets" in the bOffice - ticket.php page.
?>

<table class="table">
<table class="table table-striped">
<thead>
<tr>
<th>ID</th>
Expand All @@ -21,7 +21,7 @@
</thead>
<tbody>
<?php
foreach ($tickets as $line => $ticket) {
foreach ($tickets as $line => $ticket) { //Using the query from the ticketmenu.php it will show all tickets that are closed and definitily closed
if($ticket["state"] == 1 || $ticket["state"] == 2){
$query = $connect->prepare("SELECT member_lastname, member_firstname FROM ticket,member where :author_last_update = member_id");
$query->execute([
Expand Down
Loading

0 comments on commit ffc6eba

Please sign in to comment.