camelia-studio/ICO
camelia-studio/ICO
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases 15 Wiki Activity
ICO/utilisateurs.php

328 lines
13 KiB
PHP
Raw Blame History

<?php
require_once 'fonctions.php';
session_start();
if (!isset($_SESSION['admin_id'])) {
header('Location: admin.php?action=login');
exit;
}
// Vérifier que c'est bien le premier administrateur
$db = new SQLite3('database.sqlite');
$stmt = $db->prepare('SELECT MIN(id) as first_id FROM admins');
$result = $stmt->execute();
$firstId = $result->fetchArray()['first_id'];
if ($_SESSION['admin_id'] != $firstId) {
$_SESSION['error_message'] = "Accès non autorisé. Seul le premier administrateur peut gérer les comptes.";
header('Location: admin.php');
exit;
}
// Se connecter à la base de données
function getDB() {
return new SQLite3('database.sqlite');
}
// Gérer les actions POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? '';
$db = getDB();
switch ($action) {
case 'add':
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($username) || empty($password)) {
$_SESSION['error_message'] = "L'identifiant et le mot de passe sont requis.";
break;
}
// Vérifier si l'utilisateur existe déjà
$stmt = $db->prepare('SELECT COUNT(*) as count FROM admins WHERE username = :username');
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute()->fetchArray();
if ($result['count'] > 0) {
$_SESSION['error_message'] = "Cet identifiant existe déjà.";
break;
}
// Créer le nouvel utilisateur
$stmt = $db->prepare('INSERT INTO admins (username, password_hash) VALUES (:username, :password_hash)');
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$stmt->bindValue(':password_hash', password_hash($password, PASSWORD_DEFAULT), SQLITE3_TEXT);
if ($stmt->execute()) {
$_SESSION['success_message'] = "Utilisateur ajouté avec succès.";
} else {
$_SESSION['error_message'] = "Erreur lors de l'ajout de l'utilisateur.";
}
break;
case 'edit':
$userId = $_POST['user_id'] ?? '';
$username = $_POST['username'] ?? '';
$password = $_POST['password'] ?? '';
if (empty($userId) || empty($username)) {
$_SESSION['error_message'] = "Des informations sont manquantes.";
break;
}
// Vérifier que l'utilisateur existe et n'est pas le premier compte
$stmt = $db->prepare('SELECT id FROM admins WHERE id = :id');
$stmt->bindValue(':id', $userId, SQLITE3_INTEGER);
$user = $stmt->execute()->fetchArray();
if (!$user) {
$_SESSION['error_message'] = "Utilisateur introuvable.";
break;
}
// Vérifier si le nouveau nom d'utilisateur existe déjà pour un autre utilisateur
$stmt = $db->prepare('SELECT id FROM admins WHERE username = :username AND id != :id');
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$stmt->bindValue(':id', $userId, SQLITE3_INTEGER);
$exists = $stmt->execute()->fetchArray();
if ($exists) {
$_SESSION['error_message'] = "Cet identifiant est déjà utilisé.";
break;
}
// Mettre à jour l'utilisateur
if (!empty($password)) {
$stmt = $db->prepare('UPDATE admins SET username = :username, password_hash = :password_hash WHERE id = :id');
$stmt->bindValue(':password_hash', password_hash($password, PASSWORD_DEFAULT), SQLITE3_TEXT);
} else {
$stmt = $db->prepare('UPDATE admins SET username = :username WHERE id = :id');
}
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$stmt->bindValue(':id', $userId, SQLITE3_INTEGER);
if ($stmt->execute()) {
$_SESSION['success_message'] = "Utilisateur modifié avec succès.";
} else {
$_SESSION['error_message'] = "Erreur lors de la modification de l'utilisateur.";
}
break;
case 'delete':
$userId = $_POST['user_id'] ?? '';
if (empty($userId)) {
$_SESSION['error_message'] = "ID utilisateur manquant.";
break;
}
// Vérifier que l'utilisateur n'est pas le premier compte
$stmt = $db->prepare('SELECT MIN(id) as first_id FROM admins');
$firstId = $stmt->execute()->fetchArray()['first_id'];
if ($userId == $firstId) {
$_SESSION['error_message'] = "Impossible de supprimer le compte principal.";
break;
}
// Supprimer l'utilisateur
$stmt = $db->prepare('DELETE FROM admins WHERE id = :id AND id != (SELECT MIN(id) FROM admins)');
$stmt->bindValue(':id', $userId, SQLITE3_INTEGER);
if ($stmt->execute()) {
$_SESSION['success_message'] = "Utilisateur supprimé avec succès.";
} else {
$_SESSION['error_message'] = "Erreur lors de la suppression de l'utilisateur.";
}
break;
}
header('Location: utilisateurs.php');
exit;
}
// Récupérer la liste des utilisateurs
$db = getDB();
$users = [];
$result = $db->query('SELECT * FROM admins ORDER BY id');
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
$users[] = $row;
}
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Gestion des utilisateurs - ICO</title>
<link rel="icon" type="image/png" href="favicon.png">
<link rel="stylesheet" href="styles.css">
<link rel="stylesheet" href="styles-admin.css">
</head>
<body class="admin-page">
<div class="admin-header">
<h1>Gestion des utilisateurs</h1>
<div class="admin-actions">
<button onclick="openAddModal()" class="action-button action-button-success">
Ajouter un utilisateur
</button>
<a href="admin.php" class="action-button action-button-secondary">Retour</a>
</div>
</div>
<div class="admin-content">
<?php if (isset($_SESSION['success_message'])): ?>
<div class="message success-message"><?php echo htmlspecialchars($_SESSION['success_message']); ?></div>
<?php unset($_SESSION['success_message']); ?>
<?php endif; ?>
<?php if (isset($_SESSION['error_message'])): ?>
<div class="message error-message"><?php echo htmlspecialchars($_SESSION['error_message']); ?></div>
<?php unset($_SESSION['error_message']); ?>
<?php endif; ?>
<div class="users-list">
<table class="admin-table">
<thead>
<tr>
<th>ID</th>
<th>Identifiant</th>
<th>Date de création</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
<?php foreach ($users as $user):
$isMainAdmin = $user['id'] === $users[0]['id'];
?>
<tr class="<?php echo $isMainAdmin ? 'main-admin' : ''; ?>">
<td><?php echo htmlspecialchars($user['id']); ?></td>
<td>
<?php echo htmlspecialchars($user['username']); ?>
<?php if ($isMainAdmin): ?>
<span class="admin-badge">
<svg class="icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round">
<path d="M12 2l3 7h7l-6 4 3 7-7-4-7 4 3-7-6-4h7z"/>
</svg>
Admin principal
</span>
<?php endif; ?>
</td>
<td><?php echo htmlspecialchars($user['created_at']); ?></td>
<td class="table-actions">
<button onclick="editUser(<?php
echo htmlspecialchars($user['id']); ?>,
'<?php echo htmlspecialchars($user['username']); ?>')"
class="tree-button">
✏️
</button>
<?php if (!$isMainAdmin): ?>
<button onclick="deleteUser(<?php echo htmlspecialchars($user['id']); ?>)"
class="tree-button tree-button-danger">
🗑️
</button>
<?php endif; ?>
</td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
</div>
</div>
<!-- Modal d'ajout -->
<div id="addUserModal" class="modal">
<div class="modal-content">
<h2>Ajouter un utilisateur</h2>
<form method="post" action="utilisateurs.php">
<input type="hidden" name="action" value="add">
<div class="form-group">
<label for="username">Identifiant :</label>
<input type="text" id="username" name="username" required>
</div>
<div class="form-group">
<label for="password">Mot de passe :</label>
<input type="password" id="password" name="password" required minlength="8">
</div>
<div class="form-actions">
<button type="button" onclick="closeModal('addUserModal')"
class="action-button action-button-secondary">Annuler</button>
<button type="submit" class="action-button">Ajouter</button>
</div>
</form>
</div>
</div>
<!-- Modal d'édition -->
<div id="editUserModal" class="modal">
<div class="modal-content">
<h2>Modifier l'utilisateur</h2>
<form method="post" action="utilisateurs.php">
<input type="hidden" name="action" value="edit">
<input type="hidden" name="user_id" id="edit_user_id">
<div class="form-group">
<label for="edit_username">Identifiant :</label>
<input type="text" id="edit_username" name="username" required>
</div>
<div class="form-group">
<label for="edit_password">Nouveau mot de passe (laisser vide pour ne pas changer) :</label>
<input type="password" id="edit_password" name="password" minlength="8">
</div>
<div class="form-actions">
<button type="button" onclick="closeModal('editUserModal')"
class="action-button action-button-secondary">Annuler</button>
<button type="submit" class="action-button">Modifier</button>
</div>
</form>
</div>
</div>
<!-- Modal de suppression -->
<div id="deleteUserModal" class="modal">
<div class="modal-content">
<h2>Confirmer la suppression</h2>
<p>Êtes-vous sûr de vouloir supprimer cet utilisateur ?</p>
<form method="post" action="utilisateurs.php">
<input type="hidden" name="action" value="delete">
<input type="hidden" name="user_id" id="delete_user_id">
<div class="form-actions">
<button type="button" onclick="closeModal('deleteUserModal')"
class="action-button action-button-secondary">Annuler</button>
<button type="submit" class="action-button action-button-danger">Supprimer</button>
</div>
</form>
</div>
</div>
<script>
function openAddModal() {
document.getElementById('addUserModal').style.display = 'block';
}
function editUser(id, username) {
document.getElementById('edit_user_id').value = id;
document.getElementById('edit_username').value = username;
document.getElementById('edit_password').value = '';
document.getElementById('editUserModal').style.display = 'block';
}
function deleteUser(id) {
document.getElementById('delete_user_id').value = id;
document.getElementById('deleteUserModal').style.display = 'block';
}
function closeModal(modalId) {
document.getElementById(modalId).style.display = 'none';
}
window.onclick = function(event) {
if (event.target.classList.contains('modal')) {
event.target.style.display = 'none';
}
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink