lars/accred
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Ajout fonctionnement de la possibilité globale d'éditer ou pas

Browse Source
This commit is contained in:
Caribana 2018-04-09 21:11:13 +02:00
parent 093e50187a
commit 242dfa74c8
2 changed files with 19 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
accred_form.php
View File

@ -8,11 +8,19 @@ require_once 'vendor/autoload.php';
$aid = $_GET['aid'];
$isAdmin = $_SESSION['admin']==1;
$isEditable = $_SESSION['allowedit']==1;
if(!$userid) {
syslog(LOG_ERR, "Unauthorized access to form page aid:$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
header('Location: accred_list');
die();
}
if(!$isAdmin && $isEditable!=1) {
syslog(LOG_ERR, "Unauthorized access to form page aid by non editable user :$aid from : {$_SERVER['REMOTE_ADDR']} ({$_SERVER['HTTP_USER_AGENT']})");
header('Location: accred_list');
die();
}
$uname = $_SESSION['name'];
if($_POST['btncancel']) {
header('Location: accred_list');

14
accred_list.php
View File

@ -9,9 +9,9 @@
// CSRF Counter-measure
$token = md5(uniqid(rand(), TRUE));
$_SESSION['state'] = $token;
$userid = $_SESSION['uid'];
$isAdmin = $_SESSION['admin']==1;
$isEditable = $_SESSION['allowedit']==1;
// Bail out if not logged in
if($userid=='') {
header("location: index?");
@ -240,13 +240,21 @@ if ($mysqli->connect_errno) {
<body <?php if($isAdmin) echo 'class="admin" '; else echo 'class="user" '; ?>>
<div class="right-blob"><span id="identification">Bienvenue <?php echo $_SESSION['name']; if($isAdmin) echo ", tu es admin";?></span><br>
<?php if($isEditable) { ?>
<span class="identification">Le formulaire est ouvert, les utilisateurs peuvent modifier ou ajouter des demandes</span><br>
<?php } else { ?>
<span class="identification">Le formulaire est fermé, les utilisateurs ne peuvent plus modifier ou ajouter des demandes</span><br>
<?php } ?>
<div id="uid" style="display:none"><?php echo $userid;?></div></div>
<h1>Commande</h1>
<div id="tblContent">
<table id="example" class="display" cellspacing="0" width="100%">
<thead>
<ul>
<?php if($isAdmin || $isEditable==1) { ?>
<li> <a href="accred_form">Nouvelle demande</a></li>
<?php } ?>
<?php if($isAdmin) { ?>
<li> <a href="./accred_list?o=excel">Export Excel</a></li>
<?php } ?>
@ -347,9 +355,9 @@ $(document).ready(function(){
$(td).addClass('bck-check <?php if($isAdmin) echo " editable"; ?>');
break;
case "1":
$(td).addClass('bck-edit editable');
$(td).addClass('bck-edit <?php if($isAdmin || $isEditable==1) echo " editable"; ?>');
break;
case "2":
case "3":
$(td).addClass('bck-processed');
break;
}