admin/39514-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V1.1.9

Browse Source
This commit is contained in:
Flatlogic Bot 2026-04-15 14:12:47 +00:00
parent 382882b7e9
commit 3aa2453da2
1 changed files with 81 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
admin.php
View File

@ -5,11 +5,13 @@ require_once __DIR__ . '/db/auth.php';
auth_start_session();
auth_bootstrap();
if (!auth_is_admin()) {
if (!auth_is_logged_in()) {
header('Location: index.php');
exit;
}
$is_admin = auth_is_admin();
$flash = auth_flash_get();
$flash_type = $flash['type'] ?? '';
$flash_message = $flash['message'] ?? '';
@ -29,6 +31,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$admin_action = (string) ($_POST['admin_action'] ?? '');
if (!$is_admin) {
auth_flash_set('error', 'Seul un administrateur peut gérer les utilisateurs.');
header('Location: admin.php');
exit;
}
if ($admin_action === 'create') {
$submitted_cl_auth_user = trim((string) ($_POST['cl_auth_user'] ?? ''));
$submitted_cl_auth_pass = (string) ($_POST['cl_auth_pass'] ?? '');
@ -221,7 +229,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
if ($edit_cl_auth_id > 0) {
if ($is_admin && $edit_cl_auth_id > 0) {
$stmt_edit_user = db()->prepare('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth WHERE cl_auth_id = :cl_auth_id LIMIT 1');
$stmt_edit_user->execute([
'cl_auth_id' => $edit_cl_auth_id,
@ -242,8 +250,32 @@ if ($edit_cl_auth_id > 0) {
}
}
$stmt_users = db()->query('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth ORDER BY cl_auth_user ASC');
$tbl_auth_all = $stmt_users->fetchAll();
$tbl_auth_all = [];
if ($is_admin) {
$stmt_users = db()->query('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth ORDER BY cl_auth_user ASC');
$tbl_auth_all = $stmt_users->fetchAll();
}
$member_accessible_items = [];
if (!$is_admin) {
foreach (auth_navigation_items() as $item) {
$file = (string) ($item['file'] ?? '');
$label = (string) ($item['label'] ?? $file);
$admin_only = !empty($item['admin_only']);
if ($admin_only) {
continue;
}
if (auth_user_can_access_page($file, $label)) {
$member_accessible_items[] = [
'file' => $file,
'label' => $label,
];
}
}
}
$csrf_token = auth_csrf_token();
[$default_admin_user, $default_admin_password] = auth_default_admin_credentials();
$current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] : '';
@ -509,26 +541,23 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<header class="admin-topbar">
<div class="topbar-info">
<h1>R.E.A.C.T. Core Admin</h1>
<p>Niveau d'accès : <strong>Administrateur</strong> | Session : <strong><?php echo htmlspecialchars($current_session_user, ENT_QUOTES, 'UTF-8'); ?></strong></p>
<p>Niveau d'accès : <strong><?php echo $is_admin ? 'Administrateur' : 'Membre'; ?></strong> | Session : <strong><?php echo htmlspecialchars($current_session_user, ENT_QUOTES, 'UTF-8'); ?></strong></p>
</div>
<div class="topbar-actions">
<a href="index.php" class="btn-modern">Retour au site</a>
<a href="logout.php" class="btn-modern danger">Session End</a>
</div>
</header>
<nav class="nav-tabs">
<a href="admin.php" class="active">Utilisateurs</a>
<a href="scwebhook.php">WEBHOOK</a>
<a href="scnotification.php">NOTIF DISCORD</a>
<a href="scitems.php">Base d'Objets</a>
<a href="scstatsitem.php">Stats Item</a>
<a href="scitemcustom.php">Item Custom</a>
<a href="scmining.php">Scanner Minage</a>
<a href="scmanufactures.php">Manufactures</a>
<a href="scvaisseaux.php">Vaisseaux</a>
<a href="scpreset.php">Presets Vaisseau</a>
</nav>
<?php if ($is_admin): ?>
<?php echo auth_render_app_nav('admin.php'); ?>
<?php else: ?>
<nav class="nav-tabs">
<a href="admin.php" class="active">Zone admin</a>
<?php foreach ($member_accessible_items as $item): ?>
<a href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a>
<?php endforeach; ?>
</nav>
<?php endif; ?>
<?php if ($flash_message !== ''): ?>
<div class="flash <?php echo htmlspecialchars($flash_type, ENT_QUOTES, 'UTF-8'); ?>">
@ -536,14 +565,14 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
</div>
<?php endif; ?>
<?php if ($default_admin_user === 'admin'): ?>
<?php if ($is_admin && $default_admin_user === 'admin'): ?>
<div class="flash">
<strong style="color: var(--primary);">Sécurité critique :</strong> Les identifiants par défaut sont actifs.
(<code><?php echo htmlspecialchars($default_admin_user, ENT_QUOTES, 'UTF-8'); ?></code> / <code><?php echo htmlspecialchars($default_admin_password, ENT_QUOTES, 'UTF-8'); ?></code>)
<br><small>Veuillez modifier ces accès dès maintenant.</small>
</div>
<?php endif; ?>
<?php if ($is_admin): ?>
<main class="admin-content">
<!-- Form Card -->
<section class="glass-card">
@ -551,8 +580,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<form method="post" action="admin.php<?php echo $edit_cl_auth_id > 0 ? '?edit=' . $edit_cl_auth_id : ''; ?>">
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); ?>">
<input type="hidden" name="admin_action" value="<?php echo $edit_cl_auth_id > 0 ? 'update' : 'create'; ?>">
<?php if ($edit_cl_auth_id > 0):
?><input type="hidden" name="cl_auth_id" value="<?php echo $edit_cl_auth_id; ?>">
<?php if ($edit_cl_auth_id > 0): ?>
<input type="hidden" name="cl_auth_id" value="<?php echo $edit_cl_auth_id; ?>">
<?php endif; ?>
<div class="form-group">
@ -577,8 +606,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<button class="btn-modern" style="flex: 2;" type="submit">
<?php echo $edit_cl_auth_id > 0 ? 'Appliquer' : 'Initialiser'; ?>
</button>
<?php if ($edit_cl_auth_id > 0):
?><a class="btn-modern danger" style="flex: 1;" href="admin.php">Annuler</a>
<?php if ($edit_cl_auth_id > 0): ?>
<a class="btn-modern danger" style="flex: 1;" href="admin.php">Annuler</a>
<?php endif; ?>
</div>
</form>
@ -602,13 +631,13 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<tr>
<td colspan="4" class="empty-state">Aucun sujet détecté dans la base.</td>
</tr>
<?php else:
?><?php foreach ($tbl_auth_all as $tbl_auth):
?><?php
$cl_auth_id = (int) $tbl_auth['cl_auth_id'];
$cl_auth_user = (string) $tbl_auth['cl_auth_user'];
$cl_auth_right = (string) $tbl_auth['cl_auth_right'];
?>
<?php else: ?>
<?php foreach ($tbl_auth_all as $tbl_auth): ?>
<?php
$cl_auth_id = (int) $tbl_auth['cl_auth_id'];
$cl_auth_user = (string) $tbl_auth['cl_auth_user'];
$cl_auth_right = (string) $tbl_auth['cl_auth_right'];
?>
<tr>
<td><span class="user-id">#<?php echo sprintf('%03d', $cl_auth_id); ?></span></td>
<td><strong><?php echo htmlspecialchars($cl_auth_user, ENT_QUOTES, 'UTF-8'); ?></strong></td>
@ -629,13 +658,32 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
</div>
</td>
</tr>
<?php endforeach;
?><?php endif; ?>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</section>
</main>
<?php else: ?>
<main class="admin-content" style="grid-template-columns: 1fr;">
<section class="glass-card">
<h2>Zone membre</h2>
<p>Vous êtes bien entré dans la zone admin avec un compte <strong>membre</strong>.</p>
<p>La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages qui vous ont été ouvertes.</p>
<?php if (empty($member_accessible_items)): ?>
<div class="empty-state">Aucune page ne vous a encore été attribuée par un administrateur.</div>
<?php else: ?>
<div class="row-actions" style="flex-wrap: wrap; gap: 12px; margin-top: 1rem;">
<?php foreach ($member_accessible_items as $item): ?>
<a class="btn-modern" href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a>
<?php endforeach; ?>
</div>
<?php endif; ?>
</section>
</main>
<?php endif; ?>
</div>
</body>
</html>