admin/39514-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

V0.8.5

Browse Source
This commit is contained in:
Flatlogic Bot 2026-04-08 01:46:27 +00:00
parent ce76a05f3d
commit 5e60c40234
2 changed files with 106 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
db/auth.php
View File

@ -80,6 +80,13 @@ function auth_validate_csrf(?string $csrf_token): bool
return hash_equals($_SESSION['csrf_token'], $csrf_token);
}
function auth_is_logged_in(): bool
{
auth_start_session();
return isset($_SESSION['user']) && isset($_SESSION['role']);
}
function auth_is_admin(): bool
{
auth_start_session();
@ -108,4 +115,4 @@ function auth_flash_get(): ?array
unset($_SESSION['flash']);
return $flash;
}
}

134
scpreset.php
View File

@ -5,7 +5,7 @@ require_once __DIR__ . '/db/auth.php';
auth_start_session();
auth_bootstrap();
if (!auth_is_admin()) {
if (!auth_is_logged_in()) {
header('Location: index.php');
exit;
}
@ -17,6 +17,10 @@ $flash_message = $flash['message'] ?? '';
$db = db();
$csrf_token = auth_csrf_token();
$current_session_user = $_SESSION['user'] ?? '';
$current_session_role = $_SESSION['role'] ?? 'member';
$role_label = ($current_session_role === 'admin') ? 'Administrateur' : 'Membre';
// Handle POST actions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$submitted_csrf = $_POST['csrf_token'] ?? '';
@ -34,15 +38,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$manufacturer = trim($_POST['manufacturer'] ?? '');
$description = trim($_POST['description'] ?? '');
$link = trim($_POST['link'] ?? '');
$creator = $current_session_user ?: 'Inconnu';
if ($name !== '' && $manufacturer !== '' && $link !== '') {
try {
$stmt = $db->prepare("INSERT INTO tbl_scpreset (cl_scpreset_name, cl_scpreset_manufacturer, cl_scpreset_description, cl_scpreset_link) VALUES (:name, :manufacturer, :description, :link)");
$stmt = $db->prepare("INSERT INTO tbl_scpreset (cl_scpreset_name, cl_scpreset_manufacturer, cl_scpreset_description, cl_scpreset_link, cl_scpreset_creator) VALUES (:name, :manufacturer, :description, :link, :creator)");
$stmt->execute([
'name' => $name,
'manufacturer' => $manufacturer,
'description' => $description,
'link' => $link
'link' => $link,
'creator' => $creator
]);
auth_flash_set('success', 'Preset ajouté avec succès.');
} catch (PDOException $e) {
@ -57,22 +63,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Update preset
if ($action === 'update_preset') {
$preset_id = (int)$_POST['preset_id'];
$preset_id = (int)($_POST['preset_id'] ?? 0);
$name = trim($_POST['name'] ?? '');
$manufacturer = trim($_POST['manufacturer'] ?? '');
$description = trim($_POST['description'] ?? '');
$link = trim($_POST['link'] ?? '');
if ($preset_id > 0 && $name !== '' && $manufacturer !== '' && $link !== '') {
$stmt = $db->prepare("UPDATE tbl_scpreset SET cl_scpreset_name = :name, cl_scpreset_manufacturer = :manufacturer, cl_scpreset_description = :description, cl_scpreset_link = :link WHERE cl_scpreset_id = :id");
$stmt->execute([
'name' => $name,
'manufacturer' => $manufacturer,
'description' => $description,
'link' => $link,
'id' => $preset_id
]);
auth_flash_set('success', 'Preset mis à jour.');
try {
$stmt = $db->prepare("UPDATE tbl_scpreset SET cl_scpreset_name = :name, cl_scpreset_manufacturer = :manufacturer, cl_scpreset_description = :description, cl_scpreset_link = :link WHERE cl_scpreset_id = :id");
$stmt->execute([
'name' => $name,
'manufacturer' => $manufacturer,
'description' => $description,
'link' => $link,
'id' => $preset_id
]);
auth_flash_set('success', 'Preset mis à jour.');
} catch (PDOException $e) {
auth_flash_set('error', 'Erreur lors de la mise à jour : ' . $e->getMessage());
}
} else {
auth_flash_set('error', 'Données invalides.');
}
@ -82,11 +92,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Delete preset
if ($action === 'delete_preset') {
$preset_id = (int)$_POST['preset_id'];
$stmt = $db->prepare("DELETE FROM tbl_scpreset WHERE cl_scpreset_id = :id");
$stmt->execute(['id' => $preset_id]);
auth_flash_set('success', 'Preset supprimé.');
$preset_id = (int)($_POST['preset_id'] ?? 0);
if ($preset_id > 0) {
$stmt = $db->prepare("DELETE FROM tbl_scpreset WHERE cl_scpreset_id = :id");
$stmt->execute(['id' => $preset_id]);
auth_flash_set('success', 'Preset supprimé.');
} else {
auth_flash_set('error', 'ID de preset invalide.');
}
header('Location: scpreset.php');
exit;
}
@ -95,8 +108,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Fetch all presets
$stmt_list = $db->query("SELECT * FROM tbl_scpreset ORDER BY cl_scpreset_manufacturer ASC, cl_scpreset_name ASC");
$presets = $stmt_list->fetchAll();
$current_session_user = $_SESSION['user'] ?? '';
?>
<!DOCTYPE html>
<html lang="fr">
@ -264,7 +275,7 @@ $current_session_user = $_SESSION['user'] ?? '';
.flash.success { border-color: var(--success); background: rgba(0, 255, 136, 0.1); color: #baffda; }
.manufacturer-text {
font-size: 0.75rem;
font-size: 0.65rem;
color: #888;
text-transform: uppercase;
letter-spacing: 1px;
@ -272,6 +283,14 @@ $current_session_user = $_SESSION['user'] ?? '';
margin-top: 2px;
}
.creator-text {
font-size: 0.65rem;
color: #888;
font-style: italic;
display: block;
margin-top: 1px;
}
.desc-text {
font-size: 0.8rem;
color: #aaa;
@ -295,7 +314,7 @@ $current_session_user = $_SESSION['user'] ?? '';
<header class="admin-topbar">
<div class="topbar-info">
<h1>R.E.A.C.T. Ship Presets</h1>
<p>Niveau d\'accès : <strong>Administrateur</strong> | Session : <strong><?php echo htmlspecialchars($current_session_user); ?></strong></p>
<p>Niveau d\'accès : <strong><?php echo htmlspecialchars($role_label); ?></strong> | Session : <strong><?php echo htmlspecialchars($current_session_user); ?></strong></p>
</div>
<div class="topbar-actions">
<a href="index.php" class="btn-modern">Site</a>
@ -304,9 +323,11 @@ $current_session_user = $_SESSION['user'] ?? '';
</header>
<nav class="nav-tabs">
<a href="admin.php">Utilisateurs</a>
<a href="scitems.php">Base d\'Objets</a>
<a href="scmining.php">Scanner Minage</a>
<?php if (auth_is_admin()): ?>
<a href="admin.php">Utilisateurs</a>
<a href="scitems.php">Base d\'Objets</a>
<a href="scmining.php">Scanner Minage</a>
<?php endif; ?>
<a href="scpreset.php" class="active">Presets Vaisseau</a>
</nav>
@ -317,35 +338,37 @@ $current_session_user = $_SESSION['user'] ?? '';
<?php endif; ?>
<div class="admin-grid">
<!-- Left Column: AddPreset -->
<!-- Left Column: Add/Edit Preset -->
<div class="side-panel">
<section class="glass-card">
<h2>Nouveau Preset</h2>
<form method="post">
<h2 id="formTitle">Nouveau Preset</h2>
<form id="presetForm" method="post">
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>">
<input type="hidden" name="action" value="add_preset">
<input type="hidden" name="action" id="formAction" value="add_preset">
<input type="hidden" name="preset_id" id="presetId" value="">
<div class="form-group">
<label>Nom du Vaisseau</label>
<input type="text" name="name" class="form-control" required placeholder="ex: Prospector">
<input type="text" name="name" id="presetName" class="form-control" required placeholder="ex: Prospector">
</div>
<div class="form-group">
<label>Manufacture</label>
<input type="text" name="manufacturer" class="form-control" required placeholder="ex: MISC">
<input type="text" name="manufacturer" id="presetManufacturer" class="form-control" required placeholder="ex: MISC">
</div>
<div class="form-group">
<label>Description</label>
<textarea name="description" class="form-control" rows="3" placeholder="Description du preset..."></textarea>
<textarea name="description" id="presetDescription" class="form-control" rows="3" placeholder="Description du preset..."></textarea>
</div>
<div class="form-group">
<label>Lien Externe</label>
<input type="url" name="link" class="form-control" required placeholder="https://...">
<input type="url" name="link" id="presetLink" class="form-control" required placeholder="https://...">
</div>
<button type="submit" class="btn-modern" style="width: 100%;">Ajouter</button>
<button type="submit" id="submitBtn" class="btn-modern" style="width: 100%;">Ajouter</button>
<button type="button" id="cancelBtn" class="btn-modern" style="width: 100%; margin-top: 10px; display: none;" onclick="resetForm()">Annuler</button>
</form>
</section>
</div>
@ -371,8 +394,9 @@ $current_session_user = $_SESSION['user'] ?? '';
<?php foreach ($presets as $p): ?>
<tr>
<td>
<strong style="color: var(--primary);"><?php echo htmlspecialchars($p['cl_scpreset_name']); ?></strong><br>
<strong style="color: var(--primary); text-transform: uppercase;"><?php echo htmlspecialchars($p['cl_scpreset_name']); ?></strong><br>
<span class="manufacturer-text"><?php echo htmlspecialchars($p['cl_scpreset_manufacturer']); ?></span>
<span class="creator-text">Par <?php echo htmlspecialchars($p['cl_scpreset_creator'] ?: 'Inconnu'); ?></span>
</td>
<td>
<div class="desc-text" title="<?php echo htmlspecialchars($p['cl_scpreset_description']); ?>">
@ -384,6 +408,16 @@ $current_session_user = $_SESSION['user'] ?? '';
</td>
<td style="text-align: right;">
<div style="display: flex; gap: 5px; justify-content: flex-end;">
<button type="button" class="btn-modern btn-mini"
onclick='editPreset(<?php echo json_encode([
"id" => $p["cl_scpreset_id"],
"name" => $p["cl_scpreset_name"],
"manufacturer" => $p["cl_scpreset_manufacturer"],
"description" => $p["cl_scpreset_description"],
"link" => $p["cl_scpreset_link"]
]); ?>)'>
Edit
</button>
<form method="post" onsubmit="return confirm('Supprimer ce preset ?');">
<input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>">
<input type="hidden" name="action" value="delete_preset">
@ -402,5 +436,33 @@ $current_session_user = $_SESSION['user'] ?? '';
</main>
</div>
</div>
<script>
function editPreset(data) {
document.getElementById('formAction').value = 'update_preset';
document.getElementById('presetId').value = data.id;
document.getElementById('presetName').value = data.name;
document.getElementById('presetManufacturer').value = data.manufacturer;
document.getElementById('presetDescription').value = data.description;
document.getElementById('presetLink').value = data.link;
document.getElementById('submitBtn').innerText = 'Mettre à jour';
document.getElementById('cancelBtn').style.display = 'block';
document.getElementById('formTitle').innerText = 'Modifier le Preset';
// Scroll to form
document.getElementById('presetForm').scrollIntoView({ behavior: 'smooth' });
}
function resetForm() {
document.getElementById('formAction').value = 'add_preset';
document.getElementById('presetId').value = '';
document.getElementById('presetForm').reset();
document.getElementById('submitBtn').innerText = 'Ajouter';
document.getElementById('cancelBtn').style.display = 'none';
document.getElementById('formTitle').innerText = 'Nouveau Preset';
}
</script>
</body>
</html>
</html>