From 5e60c402344e62f6d721bd40e11d26927507aa19 Mon Sep 17 00:00:00 2001
From: Flatlogic Bot <support@flatlogic.com>
Date: Wed, 8 Apr 2026 01:46:27 +0000
Subject: [PATCH] V0.8.5

---
 db/auth.php  |   9 +++-
 scpreset.php | 134 +++++++++++++++++++++++++++++++++++++--------------
 2 files changed, 106 insertions(+), 37 deletions(-)

diff --git a/db/auth.php b/db/auth.php
index c75aca2..9ae96c2 100644
--- a/db/auth.php
+++ b/db/auth.php
@@ -80,6 +80,13 @@ function auth_validate_csrf(?string $csrf_token): bool
     return hash_equals($_SESSION['csrf_token'], $csrf_token);
 }
 
+function auth_is_logged_in(): bool
+{
+    auth_start_session();
+
+    return isset($_SESSION['user']) && isset($_SESSION['role']);
+}
+
 function auth_is_admin(): bool
 {
     auth_start_session();
@@ -108,4 +115,4 @@ function auth_flash_get(): ?array
     unset($_SESSION['flash']);
 
     return $flash;
-}
+}
\ No newline at end of file
diff --git a/scpreset.php b/scpreset.php
index a007aa3..7a259f8 100644
--- a/scpreset.php
+++ b/scpreset.php
@@ -5,7 +5,7 @@ require_once __DIR__ . '/db/auth.php';
 auth_start_session();
 auth_bootstrap();
 
-if (!auth_is_admin()) {
+if (!auth_is_logged_in()) {
     header('Location: index.php');
     exit;
 }
@@ -17,6 +17,10 @@ $flash_message = $flash['message'] ?? '';
 $db = db();
 $csrf_token = auth_csrf_token();
 
+$current_session_user = $_SESSION['user'] ?? '';
+$current_session_role = $_SESSION['role'] ?? 'member';
+$role_label = ($current_session_role === 'admin') ? 'Administrateur' : 'Membre';
+
 // Handle POST actions
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
     $submitted_csrf = $_POST['csrf_token'] ?? '';
@@ -34,15 +38,17 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
         $manufacturer = trim($_POST['manufacturer'] ?? '');
         $description = trim($_POST['description'] ?? '');
         $link = trim($_POST['link'] ?? '');
+        $creator = $current_session_user ?: 'Inconnu';
 
         if ($name !== '' && $manufacturer !== '' && $link !== '') {
             try {
-                $stmt = $db->prepare("INSERT INTO tbl_scpreset (cl_scpreset_name, cl_scpreset_manufacturer, cl_scpreset_description, cl_scpreset_link) VALUES (:name, :manufacturer, :description, :link)");
+                $stmt = $db->prepare("INSERT INTO tbl_scpreset (cl_scpreset_name, cl_scpreset_manufacturer, cl_scpreset_description, cl_scpreset_link, cl_scpreset_creator) VALUES (:name, :manufacturer, :description, :link, :creator)");
                 $stmt->execute([
                     'name' => $name,
                     'manufacturer' => $manufacturer,
                     'description' => $description,
-                    'link' => $link
+                    'link' => $link,
+                    'creator' => $creator
                 ]);
                 auth_flash_set('success', 'Preset ajouté avec succès.');
             } catch (PDOException $e) {
@@ -57,22 +63,26 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     // Update preset
     if ($action === 'update_preset') {
-        $preset_id = (int)$_POST['preset_id'];
+        $preset_id = (int)($_POST['preset_id'] ?? 0);
         $name = trim($_POST['name'] ?? '');
         $manufacturer = trim($_POST['manufacturer'] ?? '');
         $description = trim($_POST['description'] ?? '');
         $link = trim($_POST['link'] ?? '');
 
         if ($preset_id > 0 && $name !== '' && $manufacturer !== '' && $link !== '') {
-            $stmt = $db->prepare("UPDATE tbl_scpreset SET cl_scpreset_name = :name, cl_scpreset_manufacturer = :manufacturer, cl_scpreset_description = :description, cl_scpreset_link = :link WHERE cl_scpreset_id = :id");
-            $stmt->execute([
-                'name' => $name,
-                'manufacturer' => $manufacturer,
-                'description' => $description,
-                'link' => $link,
-                'id' => $preset_id
-            ]);
-            auth_flash_set('success', 'Preset mis à jour.');
+            try {
+                $stmt = $db->prepare("UPDATE tbl_scpreset SET cl_scpreset_name = :name, cl_scpreset_manufacturer = :manufacturer, cl_scpreset_description = :description, cl_scpreset_link = :link WHERE cl_scpreset_id = :id");
+                $stmt->execute([
+                    'name' => $name,
+                    'manufacturer' => $manufacturer,
+                    'description' => $description,
+                    'link' => $link,
+                    'id' => $preset_id
+                ]);
+                auth_flash_set('success', 'Preset mis à jour.');
+            } catch (PDOException $e) {
+                auth_flash_set('error', 'Erreur lors de la mise à jour : ' . $e->getMessage());
+            }
         } else {
             auth_flash_set('error', 'Données invalides.');
         }
@@ -82,11 +92,14 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 
     // Delete preset
     if ($action === 'delete_preset') {
-        $preset_id = (int)$_POST['preset_id'];
-        $stmt = $db->prepare("DELETE FROM tbl_scpreset WHERE cl_scpreset_id = :id");
-        $stmt->execute(['id' => $preset_id]);
-
-        auth_flash_set('success', 'Preset supprimé.');
+        $preset_id = (int)($_POST['preset_id'] ?? 0);
+        if ($preset_id > 0) {
+            $stmt = $db->prepare("DELETE FROM tbl_scpreset WHERE cl_scpreset_id = :id");
+            $stmt->execute(['id' => $preset_id]);
+            auth_flash_set('success', 'Preset supprimé.');
+        } else {
+            auth_flash_set('error', 'ID de preset invalide.');
+        }
         header('Location: scpreset.php');
         exit;
     }
@@ -95,8 +108,6 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
 // Fetch all presets
 $stmt_list = $db->query("SELECT * FROM tbl_scpreset ORDER BY cl_scpreset_manufacturer ASC, cl_scpreset_name ASC");
 $presets = $stmt_list->fetchAll();
-
-$current_session_user = $_SESSION['user'] ?? '';
 ?>
 <!DOCTYPE html>
 <html lang="fr">
@@ -264,7 +275,7 @@ $current_session_user = $_SESSION['user'] ?? '';
         .flash.success { border-color: var(--success); background: rgba(0, 255, 136, 0.1); color: #baffda; }
 
         .manufacturer-text {
-            font-size: 0.75rem;
+            font-size: 0.65rem;
             color: #888;
             text-transform: uppercase;
             letter-spacing: 1px;
@@ -272,6 +283,14 @@ $current_session_user = $_SESSION['user'] ?? '';
             margin-top: 2px;
         }
 
+        .creator-text {
+            font-size: 0.65rem;
+            color: #888;
+            font-style: italic;
+            display: block;
+            margin-top: 1px;
+        }
+
         .desc-text {
             font-size: 0.8rem;
             color: #aaa;
@@ -295,7 +314,7 @@ $current_session_user = $_SESSION['user'] ?? '';
         <header class="admin-topbar">
             <div class="topbar-info">
                 <h1>R.E.A.C.T. Ship Presets</h1>
-                <p>Niveau d\'accès : <strong>Administrateur</strong> | Session : <strong><?php echo htmlspecialchars($current_session_user); ?></strong></p>
+                <p>Niveau d\'accès : <strong><?php echo htmlspecialchars($role_label); ?></strong> | Session : <strong><?php echo htmlspecialchars($current_session_user); ?></strong></p>
             </div>
             <div class="topbar-actions">
                 <a href="index.php" class="btn-modern">Site</a>
@@ -304,9 +323,11 @@ $current_session_user = $_SESSION['user'] ?? '';
         </header>
 
         <nav class="nav-tabs">
-            <a href="admin.php">Utilisateurs</a>
-            <a href="scitems.php">Base d\'Objets</a>
-            <a href="scmining.php">Scanner Minage</a>
+            <?php if (auth_is_admin()): ?>
+                <a href="admin.php">Utilisateurs</a>
+                <a href="scitems.php">Base d\'Objets</a>
+                <a href="scmining.php">Scanner Minage</a>
+            <?php endif; ?>
             <a href="scpreset.php" class="active">Presets Vaisseau</a>
         </nav>
 
@@ -317,35 +338,37 @@ $current_session_user = $_SESSION['user'] ?? '';
         <?php endif; ?>
 
         <div class="admin-grid">
-            <!-- Left Column: AddPreset -->
+            <!-- Left Column: Add/Edit Preset -->
             <div class="side-panel">
                 <section class="glass-card">
-                    <h2>Nouveau Preset</h2>
-                    <form method="post">
+                    <h2 id="formTitle">Nouveau Preset</h2>
+                    <form id="presetForm" method="post">
                         <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>">
-                        <input type="hidden" name="action" value="add_preset">
+                        <input type="hidden" name="action" id="formAction" value="add_preset">
+                        <input type="hidden" name="preset_id" id="presetId" value="">
                         
                         <div class="form-group">
                             <label>Nom du Vaisseau</label>
-                            <input type="text" name="name" class="form-control" required placeholder="ex: Prospector">
+                            <input type="text" name="name" id="presetName" class="form-control" required placeholder="ex: Prospector">
                         </div>
 
                         <div class="form-group">
                             <label>Manufacture</label>
-                            <input type="text" name="manufacturer" class="form-control" required placeholder="ex: MISC">
+                            <input type="text" name="manufacturer" id="presetManufacturer" class="form-control" required placeholder="ex: MISC">
                         </div>
 
                         <div class="form-group">
                             <label>Description</label>
-                            <textarea name="description" class="form-control" rows="3" placeholder="Description du preset..."></textarea>
+                            <textarea name="description" id="presetDescription" class="form-control" rows="3" placeholder="Description du preset..."></textarea>
                         </div>
 
                         <div class="form-group">
                             <label>Lien Externe</label>
-                            <input type="url" name="link" class="form-control" required placeholder="https://...">
+                            <input type="url" name="link" id="presetLink" class="form-control" required placeholder="https://...">
                         </div>
 
-                        <button type="submit" class="btn-modern" style="width: 100%;">Ajouter</button>
+                        <button type="submit" id="submitBtn" class="btn-modern" style="width: 100%;">Ajouter</button>
+                        <button type="button" id="cancelBtn" class="btn-modern" style="width: 100%; margin-top: 10px; display: none;" onclick="resetForm()">Annuler</button>
                     </form>
                 </section>
             </div>
@@ -371,8 +394,9 @@ $current_session_user = $_SESSION['user'] ?? '';
                                     <?php foreach ($presets as $p): ?>
                                     <tr>
                                         <td>
-                                            <strong style="color: var(--primary);"><?php echo htmlspecialchars($p['cl_scpreset_name']); ?></strong><br>
+                                            <strong style="color: var(--primary); text-transform: uppercase;"><?php echo htmlspecialchars($p['cl_scpreset_name']); ?></strong><br>
                                             <span class="manufacturer-text"><?php echo htmlspecialchars($p['cl_scpreset_manufacturer']); ?></span>
+                                            <span class="creator-text">Par <?php echo htmlspecialchars($p['cl_scpreset_creator'] ?: 'Inconnu'); ?></span>
                                         </td>
                                         <td>
                                             <div class="desc-text" title="<?php echo htmlspecialchars($p['cl_scpreset_description']); ?>">
@@ -384,6 +408,16 @@ $current_session_user = $_SESSION['user'] ?? '';
                                         </td>
                                         <td style="text-align: right;">
                                             <div style="display: flex; gap: 5px; justify-content: flex-end;">
+                                                <button type="button" class="btn-modern btn-mini" 
+                                                    onclick='editPreset(<?php echo json_encode([
+                                                        "id" => $p["cl_scpreset_id"],
+                                                        "name" => $p["cl_scpreset_name"],
+                                                        "manufacturer" => $p["cl_scpreset_manufacturer"],
+                                                        "description" => $p["cl_scpreset_description"],
+                                                        "link" => $p["cl_scpreset_link"]
+                                                    ]); ?>)'>
+                                                    Edit
+                                                </button>
                                                 <form method="post" onsubmit="return confirm('Supprimer ce preset ?');">
                                                     <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token); ?>">
                                                     <input type="hidden" name="action" value="delete_preset">
@@ -402,5 +436,33 @@ $current_session_user = $_SESSION['user'] ?? '';
             </main>
         </div>
     </div>
+
+    <script>
+        function editPreset(data) {
+            document.getElementById('formAction').value = 'update_preset';
+            document.getElementById('presetId').value = data.id;
+            document.getElementById('presetName').value = data.name;
+            document.getElementById('presetManufacturer').value = data.manufacturer;
+            document.getElementById('presetDescription').value = data.description;
+            document.getElementById('presetLink').value = data.link;
+            
+            document.getElementById('submitBtn').innerText = 'Mettre à jour';
+            document.getElementById('cancelBtn').style.display = 'block';
+            document.getElementById('formTitle').innerText = 'Modifier le Preset';
+            
+            // Scroll to form
+            document.getElementById('presetForm').scrollIntoView({ behavior: 'smooth' });
+        }
+
+        function resetForm() {
+            document.getElementById('formAction').value = 'add_preset';
+            document.getElementById('presetId').value = '';
+            document.getElementById('presetForm').reset();
+            
+            document.getElementById('submitBtn').innerText = 'Ajouter';
+            document.getElementById('cancelBtn').style.display = 'none';
+            document.getElementById('formTitle').innerText = 'Nouveau Preset';
+        }
+    </script>
 </body>
-</html>
+</html>
\ No newline at end of file