public function restrictAdmin()
{
if (!$this->session->read('authAdmin')) {
$this->session->setFlash('danger', "Vous n'êtes pas Admin, vous n'avez pas les droits nécessaires");
theApp::redirect('../action/login.php');
}
}
static function getDataBase()
{
if (!self::$db) {
self::$db = new Database('root', '', 'depannage_sarr');
}
return self::$db;
}
<?php require_once 'bootstrapAdmin.php'; $auth = theApp::getAuth(); $auth->restrictAdmin(); include '../inc/header.php'; ?> <div class="row"> <ul> <li> <a class ="all_link" href="ajouter.php" >Ajouter un nouveau client</a> </li> <li> <a class ="all_link" href="upload.php">Envoyer des fichiers aux clients</a> </li> <li> <a class ="all_link" href="list_client.php">Liste des clients/fichiers</a> </li> <li> <a class ="all_link" href="supprimer.php">Supprimer / Modifier un client</a> </li> <li> <a class ="all_link" href="modifEpace.php">Modifier Votre compte personel</a> </li> </ul> </div> <?php include '../inc/footer.php';
<?php
/**
* Created by PhpStorm.
* User: moussa
* Date: 22/01/2016
* Time: 19:31
*/
require '../inc/bootstrap.php';
theApp::getAuth()->logout();
Session::getInstance()->setFlash('success', "Vous avez bien été déconnecté au revoir et à bientôt");
theApp::redirect('login.php');
if ($validator->isValid()) {
$password = password_hash($_POST['password'], PASSWORD_BCRYPT);
$reqUp = $db->query('UPDATE users SET reset_token = NULL, reset_at = NULL, password = ? WHERE id=?', [$password, $_GET['id']]);
Session::getInstance()->setFlash('success', "Votre mot de passe a bien été réinitialisé!");
theApp::redirect('account.php');
} else {
Session::getInstance()->setFlash('danger', "Les deux mots de passe ne match pas!");
theApp::redirect('login.php');
}
}
} else {
Session::getInstance()->setFlash('danger', "ce compte est introuvable!");
theApp::getAuth('login.php');
}
} else {
theApp::getAuth('login.php');
}
?>
<?php
require 'inc/header.php';
?>
<form action="" method="POST">
<div class="form-group">
<label for="">Nouveau mot de passe</label>
<input type="password" name="password" class="form-control">
</div>
<div class="form-group">
<label for="">Confirmation nouveau mot de passe</label>
<?php
require_once 'bootstrapClient.php';
$auth = theApp::getAuth();
$auth->isPermit();
$db = theApp::getDataBase();
if (isset($_GET['id'])) {
$id = $_GET['id'];
$status = $_GET['status'];
if ($status === admin) {
$table = "upload_for_users";
} else {
$table = "upload";
}
$prepared = "DELETE FROM {$table} WHERE id = ?";
$req = $db->query($prepared, [$id]);
//header('Location: index.php');
header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
}
<?php
require_once '../inc/bootstrap.php';
$user_id = $_GET['id'];
$token = $_GET['token'];
$db = theApp::getDataBase();
$auth = theApp::getAuth();
if ($auth->confirm($db, $user_id, $token)) {
Session::getInstance()->setFlash('success', 'Votre compte a été bien crée!');
theApp::redirect('../client');
} else {
Session::getInstance()->setFlash('danger', 'Ce lien n\'est pas valide!!');
theApp::redirect('../action/login.php');
}
<?php
require 'bootstrapAdmin.php';
require 'lib/inc.prepend.php';
$auth = theApp::getAuth();
$auth->restrictAdmin();
$session = Session::getInstance();
$db = theApp::getDataBase();
$users = theApp::getDataBase()->query('SELECT * FROM users');
if (isset($_POST['upload']) && !empty($_POST['nom_client']) && $_FILES['userfile']['size'] > 0) {
$fileName = $_FILES['userfile']['name'];
$tmpName = $_FILES['userfile']['tmp_name'];
$fileSize = $_FILES['userfile']['size'];
$fileType = $_FILES['userfile']['type'];
$id_client = $_POST['nom_client'];
$fp = fopen($tmpName, 'r');
$content = fread($fp, filesize($tmpName));
$content = addslashes($content);
fclose($fp);
if (!get_magic_quotes_gpc()) {
$fileName = addslashes($fileName);
}
$db->query("INSERT INTO upload_for_users (name, size, type, content, id_client ) " . "VALUES ('{$fileName}', '{$fileSize}', '{$fileType}', '{$content}', '{$id_client}')");
foreach ($users as $userEmail) {
if ($userEmail->id === $id_client) {
mail($userEmail->email, "Notification par ecotoit.fr", "Bonjour, \nLe client {$userEmail->username} a mis à votre disposition des documents\n dans le site ecotoit.fr");
}
}
echo "<script>alert(\"File {$fileName} uploaded\")</script>";
}
?>
$auth = theApp::getAuth();
$db = theApp::getDataBase();
$auth->reconnect_from_cookie($db);
/*if($auth->user()){
theApp::redirect('index.php');
}*/
if (!empty($_POST) && !empty($_POST['username']) && !empty($_POST['password'])) {
$user = $auth->login($db, $_POST['username'], $_POST['password'], isset($_POST['remember']));
$session = Session::getInstance();
if ($user) {
if ($user->isAdmin) {
$session->setFlash('success', "Vous êtes maintenant bien connecté. Vous êtes l'administrateur de ce site !");
theApp::redirect('../admin');
} else {
$session->setFlash('success', "Vous êtes maintenant bien connecté !");
theApp::redirect('../client/');
}
} else {
$session->setFlash('danger', "Mot de pass ou identifiant incorrect!");
}
}
require '../inc/header.php';
?>
<form action="" method="POST">
<div class="form-group">
<label for="">Pseudo ou Email</label>
<input type="text" name="username" class="form-control">
</div>
<div class="form-group">
