fix security, css

admin
Flavien Haas 6 years ago
parent 9801d58650
commit 101d9dd428

@ -1,67 +1,16 @@
<?php <?php
session_start(); session_start();
require_once('../connexionBD.php'); require_once('../connexionBD.php');
require_once ('../ressources/user.php');
require_once ('../ressources/verifconnecte.php'); require_once ('../ressources/verifconnecte.php');
require_once ('../ressources/user.php');
$user = getUser($db, $mail); $user = getUser($mail);
if(!$user['estadmin']){
if (!$user){ header('Location: ../index.php');
header('Location: profil.php?error=3'); exit();
exit();
}
if (isset($_POST['login']) || isset($_FILES['avatar'])){
if (isset($_FILES['avatar']) and !empty($_FILES['avatar']['name'])) {
$fic = $_FILES['avatar'];
supprimerAvatar($mail);
$res = uploadAvatar($mail, $fic);
switch ($res){
case -1:
header('Location: profil.php?error=4');
exit();
case -2:
header('Location: profil.php?error=5');
exit();
case -3:
header('Location: profil.php?error=6');
exit();
}
}
if (isset($_POST['login']) && isset($_POST['password']) && isset($_POST['confirmation']) && isset($_POST['prenom']) && isset($_POST['nom']) && isset($_POST['phone'])) {
$login = htmlentities(pg_escape_string($_POST['login']));
$password = htmlentities(pg_escape_string($_POST['password']));
$confirmation = htmlentities(pg_escape_string($_POST['confirmation']));
$prenom = htmlentities(pg_escape_string($_POST['prenom']));
$nom = htmlentities(pg_escape_string($_POST['nom']));
$phone = htmlentities(pg_escape_string($_POST['phone']));
if (loginChange($user, $login)) {
if (!isLoginUniqueModifier($db, $mail, $login)) {
header('Location: profil.php?error=1');
exit();
} else {
if (!modifierLogin($db, $mail, $login)) {
header('Location: profil.php?error=6');
exit();
}
}
}
if (strcmp($password, $confirmation) != 0) {
header('Location: profil.php?error=2');
exit();
}
if (!modifierUtilisateur($db, $mail, $prenom, $nom, $password, $phone)) {
header('Location: profil.php?error=6');
exit();
}
}
sleep(0.85);
header('Location: profil.php');
exit();
} }
$delmail = $_POST['delmail']; $delmail = isset($_POST['delmail']) ? $_POST['delmail'] : NULL;
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html lang="fr"> <html lang="fr">

@ -1,11 +1,12 @@
#menuDiv{ #menuDiv {
width: 100%; width: 100%;
display: block; display: block;
} }
#menuDiv a{ #menuDiv a {
font-family: "Arial"; font-family: Ubuntu, Helvetica, sans-serif;
font-size: 1em; font-size: 1em;
height: 20%;
} }
#menu { #menu {
@ -13,13 +14,28 @@
flex-direction: row; flex-direction: row;
flex-wrap: wrap; flex-wrap: wrap;
justify-content: center; justify-content: center;
background-color: rgb(65, 154, 28); align-items: center;
background-color: rgb(35, 35, 35);
} }
.menuItem { #logo {
width: 50%;
height: auto;
}
#divFlex{
display: flex; display: flex;
flex-wrap: nowrap; flex-wrap: nowrap;
width: 10%;
min-width: 5em;
padding: 0;
text-align: center;
align-items: center; align-items: center;
}
.menuItem {
display: flex;
flex-wrap: nowrap;
justify-content: center; justify-content: center;
color: white; color: white;
width: 10%; width: 10%;
@ -27,13 +43,17 @@
font-weight: bold; font-weight: bold;
text-decoration: none; text-decoration: none;
padding: 0.8em; padding: 0.8em;
border-bottom: 4px solid rgb(65, 154, 28); border-bottom: 4px solid rgb(35, 35, 35);
border-top: 4px solid rgb(65, 154, 28); border-top: 4px solid rgb(35, 35, 35);
font-size: 1.1em; font-size: 1.1em;
text-align: center; text-align: center;
align-items: baseline;
}
.menuItem:hover {
border-bottom: 4px solid rgb(65, 154, 28);
} }
.menuItem:hover{ #colorAdmin{
cursor: pointer; background-color: red;
border-bottom: 4px solid orange;
} }

@ -6,13 +6,13 @@ if (file_exists("./inscription.php")) {
?> ?>
<div id="menuDiv"> <div id="menuDiv">
<nav id="menu"> <nav id="menu">
<a class="menuItem" href="<?php echo $path ; ?>/tableauBord/tableauBord.php">Tableau de bord</a> <div id="divFlex"><div id="divlogo"><img src="../ressources/logo.png" alt="logo Upssi'Covoit" id="logo"/></div></div>
<a class="menuItem" href="<?php echo $path ; ?>../tableauBord/tableauBord.php">Tableau de bord</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a> <a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a> <a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Messagerie</a> <a class="menuItem" href="<?php echo $path ; ?>../avis_recus/avis_recus.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis reçus</a> <a class="menuItem" href="<?php echo $path ; ?>../avis_laisses/avis_laisses.php">Avis laissés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis laissés</a> <a id="colorAdmin" class="menuItem" href="<?php echo $path ; ?>../profil/admin.php">Administration</a>
<a class="menuItem" href="<?php echo $path ; ?>/admin/admin.php">Administration</a> <a class="menuItem" href="<?php echo $path ; ?>../deconnexion.php">Se déconnecter</a>
<a class="menuItem" href="<?php echo $path ; ?>/deconnexion.php">Se déconnecter</a>
</nav> </nav>
</div> </div>

@ -10,8 +10,8 @@ if (file_exists("./inscription.php")) {
<a class="menuItem" href="<?php echo $path ; ?>../tableauBord/tableauBord.php">Tableau de bord</a> <a class="menuItem" href="<?php echo $path ; ?>../tableauBord/tableauBord.php">Tableau de bord</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a> <a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets publiés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a> <a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Trajets réservés</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis reçus</a> <a class="menuItem" href="<?php echo $path ; ?>../avis_recus/avis_recus.php">Avis reçus</a>
<a class="menuItem" href="<?php echo $path ; ?>/inscription.php">Avis laissés</a> <a class="menuItem" href="<?php echo $path ; ?>../avis_laisses/avis_laisses.php">Avis laissés</a>
<a class="menuItem" href="<?php echo $path ; ?>../profil/profil.php">Profil</a> <a class="menuItem" href="<?php echo $path ; ?>../profil/profil.php">Profil</a>
<a class="menuItem" href="<?php echo $path ; ?>../deconnexion.php">Se déconnecter</a> <a class="menuItem" href="<?php echo $path ; ?>../deconnexion.php">Se déconnecter</a>
</nav> </nav>

Loading…
Cancel
Save