admin/39514-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Autosave: 20260415-145032

Browse Source
This commit is contained in:
Flatlogic Bot 2026-04-15 14:50:32 +00:00
parent 4591e37c7d
commit fe9896701d
4 changed files with 91 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
admin.php
View File

@ -11,6 +11,8 @@ if (!auth_is_logged_in()) {
} }
$is_admin = auth_is_admin(); $is_admin = auth_is_admin();
$current_role = auth_current_role();
$current_role_label = auth_role_label($current_role);
$flash = auth_flash_get(); $flash = auth_flash_get();
$flash_type = $flash['type'] ?? ''; $flash_type = $flash['type'] ?? '';
@ -48,7 +50,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit; exit;
} }
if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) { if (!in_array($submitted_cl_auth_right, auth_valid_roles(), true)) {
auth_flash_set('error', 'Droit utilisateur invalide.'); auth_flash_set('error', 'Droit utilisateur invalide.');
header('Location: admin.php'); header('Location: admin.php');
exit; exit;
@ -96,7 +98,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
exit; exit;
} }
if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) { if (!in_array($submitted_cl_auth_right, auth_valid_roles(), true)) {
auth_flash_set('error', 'Droit utilisateur invalide.'); auth_flash_set('error', 'Droit utilisateur invalide.');
header('Location: admin.php?edit=' . $cl_auth_id); header('Location: admin.php?edit=' . $cl_auth_id);
exit; exit;
@ -256,7 +258,7 @@ if ($is_admin) {
$tbl_auth_all = $stmt_users->fetchAll(); $tbl_auth_all = $stmt_users->fetchAll();
} }
$member_accessible_items = []; $user_accessible_items = [];
if (!$is_admin) { if (!$is_admin) {
foreach (auth_navigation_items() as $item) { foreach (auth_navigation_items() as $item) {
$file = (string) ($item['file'] ?? ''); $file = (string) ($item['file'] ?? '');
@ -268,7 +270,7 @@ if (!$is_admin) {
} }
if (auth_user_can_access_page($file, $label)) { if (auth_user_can_access_page($file, $label)) {
$member_accessible_items[] = [ $user_accessible_items[] = [
'file' => $file, 'file' => $file,
'label' => $label, 'label' => $label,
]; ];
@ -531,6 +533,7 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
} }
.badge-admin { background: rgba(162, 155, 120, 0.2); color: var(--primary); border: 1px solid var(--primary); } .badge-admin { background: rgba(162, 155, 120, 0.2); color: var(--primary); border: 1px solid var(--primary); }
.badge-moderator { background: rgba(74, 144, 226, 0.16); color: #8fc7ff; border: 1px solid rgba(143, 199, 255, 0.6); }
.badge-member { background: rgba(255, 255, 255, 0.1); color: #ccc; border: 1px solid #555; } .badge-member { background: rgba(255, 255, 255, 0.1); color: #ccc; border: 1px solid #555; }
.flash { .flash {
@ -631,7 +634,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<div class="form-group"> <div class="form-group">
<label for="cl_auth_right">Niveau d'accréditation</label> <label for="cl_auth_right">Niveau d'accréditation</label>
<select class="form-control" id="cl_auth_right" name="cl_auth_right"> <select class="form-control" id="cl_auth_right" name="cl_auth_right">
<option value="admin" <?php echo $edit_cl_auth_right === 'admin' ? 'selected' : ''; ?>>Admin</option> <option value="admin" <?php echo $edit_cl_auth_right === 'admin' ? 'selected' : ''; ?>>Administrateur</option>
<option value="moderator" <?php echo $edit_cl_auth_right === 'moderator' ? 'selected' : ''; ?>>Modérateur</option>
<option value="member" <?php echo $edit_cl_auth_right === 'member' ? 'selected' : ''; ?>>Membre</option> <option value="member" <?php echo $edit_cl_auth_right === 'member' ? 'selected' : ''; ?>>Membre</option>
</select> </select>
</div> </div>
@ -676,8 +680,8 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<td><span class="user-id">#<?php echo sprintf('%03d', $cl_auth_id); ?></span></td> <td><span class="user-id">#<?php echo sprintf('%03d', $cl_auth_id); ?></span></td>
<td><strong><?php echo htmlspecialchars($cl_auth_user, ENT_QUOTES, 'UTF-8'); ?></strong></td> <td><strong><?php echo htmlspecialchars($cl_auth_user, ENT_QUOTES, 'UTF-8'); ?></strong></td>
<td> <td>
<span class="badge <?php echo $cl_auth_right === 'admin' ? 'badge-admin' : 'badge-member'; ?>"> <span class="badge <?php echo $cl_auth_right === 'admin' ? 'badge-admin' : ($cl_auth_right === 'moderator' ? 'badge-moderator' : 'badge-member'); ?>">
<?php echo $cl_auth_right; ?> <?php echo htmlspecialchars(auth_role_label($cl_auth_right), ENT_QUOTES, 'UTF-8'); ?>
</span> </span>
</td> </td>
<td> <td>
@ -702,15 +706,15 @@ $current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] :
<?php else: ?> <?php else: ?>
<main class="admin-content" style="grid-template-columns: 1fr;"> <main class="admin-content" style="grid-template-columns: 1fr;">
<section class="glass-card"> <section class="glass-card">
<h2>Zone membre</h2> <h2>Zone <?php echo htmlspecialchars($current_role_label, ENT_QUOTES, 'UTF-8'); ?></h2>
<p>Vous êtes bien entré dans la zone admin avec un compte <strong>membre</strong>.</p> <p>Vous êtes bien entré dans la zone admin avec un compte <strong><?php echo htmlspecialchars($current_role_label, ENT_QUOTES, 'UTF-8'); ?></strong>.</p>
<p>La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages qui vous ont été ouvertes.</p> <p>La gestion des utilisateurs reste réservée aux administrateurs, mais vous pouvez utiliser ci-dessous les pages ouvertes à votre niveau d'autorisation.</p>
<?php if (empty($member_accessible_items)): ?> <?php if (empty($user_accessible_items)): ?>
<div class="empty-state">Aucune page ne vous a encore été attribuée par un administrateur.</div> <div class="empty-state">Aucune page ne vous a encore été attribuée pour ce rôle.</div>
<?php else: ?> <?php else: ?>
<div class="row-actions" style="flex-wrap: wrap; gap: 12px; margin-top: 1rem;"> <div class="row-actions" style="flex-wrap: wrap; gap: 12px; margin-top: 1rem;">
<?php foreach ($member_accessible_items as $item): ?> <?php foreach ($user_accessible_items as $item): ?>
<a class="btn-modern" href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a> <a class="btn-modern" href="<?php echo htmlspecialchars($item['file'], ENT_QUOTES, 'UTF-8'); ?>"><?php echo htmlspecialchars($item['label'], ENT_QUOTES, 'UTF-8'); ?></a>
<?php endforeach; ?> <?php endforeach; ?>
</div> </div>

1
database/full.sql
View File

@ -18722,6 +18722,7 @@ CREATE TABLE IF NOT EXISTS tbl_page_access (
cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_file VARCHAR(190) NOT NULL UNIQUE,
cl_page_label VARCHAR(190) NOT NULL, cl_page_label VARCHAR(190) NOT NULL,
cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1,
cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0,
cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0,
cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

1
database/schema.sql
View File

@ -201,6 +201,7 @@ CREATE TABLE IF NOT EXISTS tbl_page_access (
cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_file VARCHAR(190) NOT NULL UNIQUE,
cl_page_label VARCHAR(190) NOT NULL, cl_page_label VARCHAR(190) NOT NULL,
cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1,
cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0,
cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0,
cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;

85
db/auth.php
View File

@ -47,7 +47,7 @@ function auth_bootstrap(): void
cl_auth_id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, cl_auth_id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY,
cl_auth_user VARCHAR(190) NOT NULL UNIQUE, cl_auth_user VARCHAR(190) NOT NULL UNIQUE,
cl_auth_pass VARCHAR(255) NOT NULL, cl_auth_pass VARCHAR(255) NOT NULL,
cl_auth_right ENUM('admin', 'member') NOT NULL DEFAULT 'member' cl_auth_right ENUM('admin', 'moderator', 'member') NOT NULL DEFAULT 'member'
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci" ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"
); );
@ -58,11 +58,30 @@ function auth_bootstrap(): void
cl_page_file VARCHAR(190) NOT NULL UNIQUE, cl_page_file VARCHAR(190) NOT NULL UNIQUE,
cl_page_label VARCHAR(190) NOT NULL, cl_page_label VARCHAR(190) NOT NULL,
cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1, cl_allow_admin TINYINT(1) NOT NULL DEFAULT 1,
cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0,
cl_allow_member TINYINT(1) NOT NULL DEFAULT 0, cl_allow_member TINYINT(1) NOT NULL DEFAULT 0,
cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP cl_updated_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci" ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci"
); );
$stmt_auth_role_column = $pdo->query("SHOW COLUMNS FROM tbl_auth LIKE 'cl_auth_right'");
$auth_role_column = $stmt_auth_role_column->fetch();
$auth_role_type = strtolower((string) ($auth_role_column['Type'] ?? ''));
if (strpos($auth_role_type, "'moderator'") === false) {
$pdo->exec("ALTER TABLE tbl_auth MODIFY cl_auth_right ENUM('admin', 'moderator', 'member') NOT NULL DEFAULT 'member'");
}
$stmt_page_access_columns = $pdo->query('SHOW COLUMNS FROM tbl_page_access');
$page_access_columns = [];
foreach ($stmt_page_access_columns->fetchAll() as $page_access_column) {
$page_access_columns[] = (string) ($page_access_column['Field'] ?? '');
}
if (!in_array('cl_allow_moderator', $page_access_columns, true)) {
$pdo->exec('ALTER TABLE tbl_page_access ADD COLUMN cl_allow_moderator TINYINT(1) NOT NULL DEFAULT 0 AFTER cl_allow_admin');
$pdo->exec('UPDATE tbl_page_access SET cl_allow_moderator = cl_allow_member');
}
$sql_count_admin = "SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_right = 'admin'"; $sql_count_admin = "SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_right = 'admin'";
$stmt_count_admin = $pdo->query($sql_count_admin); $stmt_count_admin = $pdo->query($sql_count_admin);
$cl_auth_admin_total = (int) $stmt_count_admin->fetchColumn(); $cl_auth_admin_total = (int) $stmt_count_admin->fetchColumn();
@ -146,9 +165,28 @@ function auth_is_logged_in(): bool
function auth_is_admin(): bool function auth_is_admin(): bool
{ {
auth_start_session(); return auth_current_role() === 'admin';
}
return isset($_SESSION['role']) && $_SESSION['role'] === 'admin'; function auth_is_moderator(): bool
{
return auth_current_role() === 'moderator';
}
function auth_valid_roles(): array
{
return ['admin', 'moderator', 'member'];
}
function auth_role_label(string $role): string
{
static $labels = [
'admin' => 'Administrateur',
'moderator' => 'Modérateur',
'member' => 'Membre',
];
return $labels[$role] ?? ucfirst($role);
} }
function auth_current_user(): string function auth_current_user(): string
@ -211,6 +249,11 @@ function auth_page_default_member_access(string $page_file): int
return $member_defaults[$page_file] ?? 0; return $member_defaults[$page_file] ?? 0;
} }
function auth_page_default_moderator_access(string $page_file): int
{
return auth_page_default_member_access($page_file);
}
function auth_page_access_defaults(string $page_file, string $page_label = ''): array function auth_page_access_defaults(string $page_file, string $page_label = ''): array
{ {
$normalized_page_file = auth_page_basename($page_file); $normalized_page_file = auth_page_basename($page_file);
@ -221,6 +264,7 @@ function auth_page_access_defaults(string $page_file, string $page_label = ''):
'cl_page_file' => $normalized_page_file, 'cl_page_file' => $normalized_page_file,
'cl_page_label' => $normalized_page_label, 'cl_page_label' => $normalized_page_label,
'cl_allow_admin' => 1, 'cl_allow_admin' => 1,
'cl_allow_moderator' => auth_page_default_moderator_access($normalized_page_file),
'cl_allow_member' => auth_page_default_member_access($normalized_page_file), 'cl_allow_member' => auth_page_default_member_access($normalized_page_file),
]; ];
} }
@ -233,7 +277,7 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar
$pdo = db(); $pdo = db();
$stmt = $pdo->prepare( $stmt = $pdo->prepare(
'SELECT cl_page_access_id, cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_member 'SELECT cl_page_access_id, cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_moderator, cl_allow_member
FROM tbl_page_access FROM tbl_page_access
WHERE cl_page_file = :cl_page_file WHERE cl_page_file = :cl_page_file
LIMIT 1' LIMIT 1'
@ -245,8 +289,8 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar
if (!$row) { if (!$row) {
$stmt_insert = $pdo->prepare( $stmt_insert = $pdo->prepare(
'INSERT INTO tbl_page_access (cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_member) 'INSERT INTO tbl_page_access (cl_page_key, cl_page_file, cl_page_label, cl_allow_admin, cl_allow_moderator, cl_allow_member)
VALUES (:cl_page_key, :cl_page_file, :cl_page_label, :cl_allow_admin, :cl_allow_member)' VALUES (:cl_page_key, :cl_page_file, :cl_page_label, :cl_allow_admin, :cl_allow_moderator, :cl_allow_member)'
); );
$stmt_insert->execute($defaults); $stmt_insert->execute($defaults);
@ -270,6 +314,7 @@ function auth_page_access_ensure(string $page_file, string $page_label = ''): ar
} }
$row['cl_allow_admin'] = (int) ($row['cl_allow_admin'] ?? 1); $row['cl_allow_admin'] = (int) ($row['cl_allow_admin'] ?? 1);
$row['cl_allow_moderator'] = (int) ($row['cl_allow_moderator'] ?? 0);
$row['cl_allow_member'] = (int) ($row['cl_allow_member'] ?? 0); $row['cl_allow_member'] = (int) ($row['cl_allow_member'] ?? 0);
return $row; return $row;
@ -284,17 +329,23 @@ function auth_user_can_access_page(string $page_file, string $page_label = ''):
return false; return false;
} }
if (auth_is_admin()) { $role = auth_current_role();
return true;
}
if (auth_current_role() !== 'member') { if ($role === 'admin') {
return false; return true;
} }
$row = auth_page_access_ensure($page_file, $page_label); $row = auth_page_access_ensure($page_file, $page_label);
return (int) $row['cl_allow_member'] === 1; if ($role === 'moderator') {
return (int) $row['cl_allow_moderator'] === 1;
}
if ($role === 'member') {
return (int) $row['cl_allow_member'] === 1;
}
return false;
} }
function auth_require_page_access(string $page_file, string $page_label = ''): void function auth_require_page_access(string $page_file, string $page_label = ''): void
@ -313,7 +364,7 @@ function auth_require_page_access(string $page_file, string $page_label = ''): v
return; return;
} }
auth_flash_set('error', 'Accès refusé : cette page n\'est pas ouverte aux membres.'); auth_flash_set('error', 'Accès refusé : cette page n\'est pas ouverte pour votre niveau d\'autorisation.');
header('Location: index.php'); header('Location: index.php');
exit; exit;
} }
@ -347,17 +398,20 @@ function auth_handle_page_access_post(string $page_file, string $page_label = ''
} }
$row = auth_page_access_ensure($page_file, $page_label); $row = auth_page_access_ensure($page_file, $page_label);
$cl_allow_moderator = isset($_POST['cl_allow_moderator']) ? 1 : 0;
$cl_allow_member = isset($_POST['cl_allow_member']) ? 1 : 0; $cl_allow_member = isset($_POST['cl_allow_member']) ? 1 : 0;
$stmt = db()->prepare( $stmt = db()->prepare(
'UPDATE tbl_page_access 'UPDATE tbl_page_access
SET cl_page_label = :cl_page_label, SET cl_page_label = :cl_page_label,
cl_allow_admin = 1, cl_allow_admin = 1,
cl_allow_moderator = :cl_allow_moderator,
cl_allow_member = :cl_allow_member cl_allow_member = :cl_allow_member
WHERE cl_page_file = :cl_page_file' WHERE cl_page_file = :cl_page_file'
); );
$stmt->execute([ $stmt->execute([
'cl_page_label' => $row['cl_page_label'], 'cl_page_label' => $row['cl_page_label'],
'cl_allow_moderator' => $cl_allow_moderator,
'cl_allow_member' => $cl_allow_member, 'cl_allow_member' => $cl_allow_member,
'cl_page_file' => $row['cl_page_file'], 'cl_page_file' => $row['cl_page_file'],
]); ]);
@ -378,6 +432,7 @@ function auth_render_page_access_widget(string $page_file, string $page_label =
$action = htmlspecialchars($row['cl_page_file'], ENT_QUOTES, 'UTF-8'); $action = htmlspecialchars($row['cl_page_file'], ENT_QUOTES, 'UTF-8');
$label = htmlspecialchars((string) $row['cl_page_label'], ENT_QUOTES, 'UTF-8'); $label = htmlspecialchars((string) $row['cl_page_label'], ENT_QUOTES, 'UTF-8');
$csrf = htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); $csrf = htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8');
$moderator_checked = (int) $row['cl_allow_moderator'] === 1 ? 'checked' : '';
$member_checked = (int) $row['cl_allow_member'] === 1 ? 'checked' : ''; $member_checked = (int) $row['cl_allow_member'] === 1 ? 'checked' : '';
return <<<HTML return <<<HTML
@ -391,6 +446,10 @@ function auth_render_page_access_widget(string $page_file, string $page_label =
<input type="checkbox" checked disabled> <input type="checkbox" checked disabled>
<span>Admin <small style="opacity:.7;">(toujours autorisé)</small></span> <span>Admin <small style="opacity:.7;">(toujours autorisé)</small></span>
</label> </label>
<label style="display:flex;align-items:center;gap:8px;font-size:13px;">
<input type="checkbox" name="cl_allow_moderator" value="1" {$moderator_checked}>
<span>Modérateur</span>
</label>
<label style="display:flex;align-items:center;gap:8px;font-size:13px;"> <label style="display:flex;align-items:center;gap:8px;font-size:13px;">
<input type="checkbox" name="cl_allow_member" value="1" {$member_checked}> <input type="checkbox" name="cl_allow_member" value="1" {$member_checked}>
<span>Membre</span> <span>Membre</span>