From 3aa2453da26c3adee576789fcf321eab3f7731e4 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Wed, 15 Apr 2026 14:12:47 +0000
Subject: [PATCH] V1.1.9

---
 admin.php | 114 ++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 81 insertions(+), 33 deletions(-)

diff --git a/admin.php b/admin.php
index 34991d2..23182a7 100644
--- a/admin.php
+++ b/admin.php
@@ -5,11 +5,13 @@ require_once __DIR__ . '/db/auth.php';
 auth_start_session();
 auth_bootstrap();
 
-if (!auth_is_admin()) {
+if (!auth_is_logged_in()) {
     header('Location: index.php');
     exit;
 }
 
+$is_admin = auth_is_admin();
+
 $flash = auth_flash_get();
 $flash_type = $flash['type'] ?? '';
 $flash_message = $flash['message'] ?? '';
@@ -29,6 +31,12 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     $admin_action = (string) ($_POST['admin_action'] ?? '');
 
+    if (!$is_admin) {
+        auth_flash_set('error', 'Seul un administrateur peut gérer les utilisateurs.');
+        header('Location: admin.php');
+        exit;
+    }
+
     if ($admin_action === 'create') {
         $submitted_cl_auth_user = trim((string) ($_POST['cl_auth_user'] ?? ''));
         $submitted_cl_auth_pass = (string) ($_POST['cl_auth_pass'] ?? '');
@@ -221,7 +229,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     }
 }
 
-if ($edit_cl_auth_id > 0) {
+if ($is_admin && $edit_cl_auth_id > 0) {
     $stmt_edit_user = db()->prepare('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth WHERE cl_auth_id = :cl_auth_id LIMIT 1');
     $stmt_edit_user->execute([
         'cl_auth_id' => $edit_cl_auth_id,
@@ -242,8 +250,32 @@ if ($edit_cl_auth_id > 0) {
     }
 }
 
-$stmt_users = db()->query('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth ORDER BY cl_auth_user ASC');
-$tbl_auth_all = $stmt_users->fetchAll();
+$tbl_auth_all = [];
+if ($is_admin) {
+    $stmt_users = db()->query('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth ORDER BY cl_auth_user ASC');
+    $tbl_auth_all = $stmt_users->fetchAll();
+}
+
+$member_accessible_items = [];
+if (!$is_admin) {
+    foreach (auth_navigation_items() as $item) {
+        $file = (string) ($item['file'] ?? '');
+        $label = (string) ($item['label'] ?? $file);
+        $admin_only = !empty($item['admin_only']);
+
+        if ($admin_only) {
+            continue;
+        }
+
+        if (auth_user_can_access_page($file, $label)) {
+            $member_accessible_items[] = [
+                'file' => $file,
+                'label' => $label,
+            ];
+        }
+    }
+}
+
 $csrf_token = auth_csrf_token();
 [$default_admin_user, $default_admin_password] = auth_default_admin_credentials();
 $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] : '';
@@ -509,26 +541,23 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
         <header class="admin-topbar">
             <div class="topbar-info">
                 <h1>R.E.A.C.T. Core Admin</h1>
-                <p>Niveau d'accès : <strong>Administrateur</strong> | Session : <strong><?php echo htmlspecialchars($current_session_user, ENT_QUOTES, 'UTF-8'); ?></strong></p>
+                <p>Niveau d'accès : <strong><?php echo $is_admin ? 'Administrateur' : 'Membre'; ?></strong> | Session : <strong><?php echo htmlspecialchars($current_session_user, ENT_QUOTES, 'UTF-8'); ?></strong></p>
             </div>
             <div class="topbar-actions">
                 <a href="index.php" class="btn-modern">Retour au site</a>
                 <a href="logout.php" class="btn-modern danger">Session End</a>
             </div>
         </header>
-
-        <nav class="nav-tabs">
-            <a href="admin.php" class="active">Utilisateurs</a>
-            <a href="scwebhook.php">WEBHOOK</a>
-            <a href="scnotification.php">NOTIF DISCORD</a>
-            <a href="scitems.php">Base d'Objets</a>
-            <a href="scstatsitem.php">Stats Item</a>
-            <a href="scitemcustom.php">Item Custom</a>
-            <a href="scmining.php">Scanner Minage</a>
-            <a href="scmanufactures.php">Manufactures</a>
-            <a href="scvaisseaux.php">Vaisseaux</a>
-            <a href="scpreset.php">Presets Vaisseau</a>
-        </nav>
+        <?php if ($is_admin): ?>
+            <?php echo auth_render_app_nav('admin.php'); ?>
+        <?php else: ?>
+            <nav class="nav-tabs">
+                <a href="admin.php" class="active">Zone admin</a>
+                <?php foreach ($member_accessible_items as $item): ?>
+                    <a href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a>
+                <?php endforeach; ?>
+            </nav>
+        <?php endif; ?>
 
         <?php if ($flash_message !== ''): ?>
             <div class="flash <?php echo htmlspecialchars($flash_type, ENT_QUOTES, 'UTF-8'); ?>">
@@ -536,14 +565,14 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
             </div>
         <?php endif; ?>
 
-        <?php if ($default_admin_user === 'admin'): ?>
+        <?php if ($is_admin && $default_admin_user === 'admin'): ?>
             <div class="flash">
                 <strong style="color: var(--primary);">Sécurité critique :</strong> Les identifiants par défaut sont actifs. 
                 (<code><?php echo htmlspecialchars($default_admin_user, ENT_QUOTES, 'UTF-8'); ?></code> / <code><?php echo htmlspecialchars($default_admin_password, ENT_QUOTES, 'UTF-8'); ?></code>)
                 <br><small>Veuillez modifier ces accès dès maintenant.</small>
             </div>
         <?php endif; ?>
-
+        <?php if ($is_admin): ?>
         <main class="admin-content">
             <!-- Form Card -->
             <section class="glass-card">
@@ -551,8 +580,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
                 <form method="post" action="admin.php<?php echo $edit_cl_auth_id > 0 ? '?edit=' . $edit_cl_auth_id : ''; ?>">
                     <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); ?>">
                     <input type="hidden" name="admin_action" value="<?php echo $edit_cl_auth_id > 0 ? 'update' : 'create'; ?>">
-                    <?php if ($edit_cl_auth_id > 0):
-                    ?><input type="hidden" name="cl_auth_id" value="<?php echo $edit_cl_auth_id; ?>">
+                    <?php if ($edit_cl_auth_id > 0): ?>
+                        <input type="hidden" name="cl_auth_id" value="<?php echo $edit_cl_auth_id; ?>">
                     <?php endif; ?>
 
                     <div class="form-group">
@@ -577,8 +606,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
                         <button class="btn-modern" style="flex: 2;" type="submit">
                             <?php echo $edit_cl_auth_id > 0 ? 'Appliquer' : 'Initialiser'; ?>
                         </button>
-                        <?php if ($edit_cl_auth_id > 0):
-                        ?><a class="btn-modern danger" style="flex: 1;" href="admin.php">Annuler</a>
+                        <?php if ($edit_cl_auth_id > 0): ?>
+                            <a class="btn-modern danger" style="flex: 1;" href="admin.php">Annuler</a>
                         <?php endif; ?>
                     </div>
                 </form>
@@ -602,13 +631,13 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
                                 <tr>
                                     <td colspan="4" class="empty-state">Aucun sujet détecté dans la base.</td>
                                 </tr>
-                            <?php else:
-                            ?><?php foreach ($tbl_auth_all as $tbl_auth):
-                            ?><?php
-                            $cl_auth_id = (int) $tbl_auth['cl_auth_id'];
-                            $cl_auth_user = (string) $tbl_auth['cl_auth_user'];
-                            $cl_auth_right = (string) $tbl_auth['cl_auth_right'];
-                            ?>
+                            <?php else: ?>
+                                <?php foreach ($tbl_auth_all as $tbl_auth): ?>
+                                    <?php
+                                    $cl_auth_id = (int) $tbl_auth['cl_auth_id'];
+                                    $cl_auth_user = (string) $tbl_auth['cl_auth_user'];
+                                    $cl_auth_right = (string) $tbl_auth['cl_auth_right'];
+                                    ?>
                                     <tr>
                                         <td><span class="user-id">#<?php echo sprintf('%03d', $cl_auth_id); ?></span></td>
                                         <td><strong><?php echo htmlspecialchars($cl_auth_user, ENT_QUOTES, 'UTF-8'); ?></strong></td>
@@ -629,13 +658,32 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
                                             </div>
                                         </td>
                                     </tr>
-                                <?php endforeach;
-                            ?><?php endif; ?>
+                                <?php endforeach; ?>
+                            <?php endif; ?>
                         </tbody>
                     </table>
                 </div>
             </section>
         </main>
+        <?php else: ?>
+        <main class="admin-content" style="grid-template-columns: 1fr;">
+            <section class="glass-card">
+                <h2>Zone membre</h2>
+                <p>Vous êtes bien entré dans la zone admin avec un compte <strong>membre</strong>.</p>
+                <p>La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages qui vous ont été ouvertes.</p>
+
+                <?php if (empty($member_accessible_items)): ?>
+                    <div class="empty-state">Aucune page ne vous a encore été attribuée par un administrateur.</div>
+                <?php else: ?>
+                    <div class="row-actions" style="flex-wrap: wrap; gap: 12px; margin-top: 1rem;">
+                        <?php foreach ($member_accessible_items as $item): ?>
+                            <a class="btn-modern" href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a>
+                        <?php endforeach; ?>
+                    </div>
+                <?php endif; ?>
+            </section>
+        </main>
+        <?php endif; ?>
     </div>
 </body>
 </html>
\ No newline at end of file