-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathmodifier-utilisateur.php
66 lines (59 loc) · 3.11 KB
/
modifier-utilisateur.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
<?php
// vérification des valeurs données
if (!isset($_POST["id"]) || (!isset($_POST["pseudo"]) && !isset($_POST["prenom"]) && !isset($_POST["nom"]) && !isset($_POST["email"]) && !isset($_POST["admin"]) && !isset($_POST["adresse"]) && !isset($_POST["codePostal"]) && !isset($_POST["ville"]) && !isset($_POST["pays"]) && !isset($_POST["image"])))
exit("need data");
$idUtilisateur = intval($_POST["id"]);
// initialisation session + BDD et vérification de la connexion à un compte
session_start();
if (!isset($_SESSION["pseudo"], $_SESSION["mdp"]))
exit("disconnected");
include('credentials.php');
$mysqli = new mysqli(DATABASE_ADDRESS, DATABASE_USERNAME, DATABASE_PASSWORD, DATABASE_NAME);
if ($mysqli->connect_errno)
exit('Erreur de connexion côté serveur, veuillez réessayer plus tard');
$result = $mysqli->query("SELECT id, admin FROM utilisateurs WHERE pseudo = '".$_SESSION["pseudo"]."' AND mdp = '".$_SESSION["mdp"]."'");
if ($result->num_rows == 0)
exit("disconnected");
$utilisateur = $result->fetch_assoc();
// Vérification d'admin
if($utilisateur["admin"] <= 0)
exit("not admin");
// Vérification de l'existence de l'utilisateur
if ($mysqli->query("SELECT id FROM utilisateurs WHERE id = '$idUtilisateur'")->num_rows == 0)
exit("invalid id");
// Modification de l'utilisateur
if (isset($_POST["pseudo"]) || isset($_POST["prenom"]) || isset($_POST["nom"]) || isset($_POST["email"]) || isset($_POST["admin"]) || isset($_POST["adresse"]) || isset($_POST["codePostal"]) || isset($_POST["ville"]) || isset($_POST["pays"])) {
$request = "UPDATE utilisateurs SET";
if (isset($_POST["pseudo"]))
$request .= " pseudo = '".mysqli_real_escape_string($mysqli, $_POST["pseudo"])."',";
if (isset($_POST["prenom"]))
$request .= " prenom = '".mysqli_real_escape_string($mysqli, $_POST["prenom"])."',";
if (isset($_POST["nom"]))
$request .= " nom = '".mysqli_real_escape_string($mysqli, $_POST["nom"])."',";
if (isset($_POST["email"]))
$request .= " email = '".mysqli_real_escape_string($mysqli, $_POST["email"])."',";
if (isset($_POST["admin"]))
$request .= " admin = '".mysqli_real_escape_string($mysqli, $_POST["admin"])."',";
if (isset($_POST["adresse"]))
$request .= " adresse = '".mysqli_real_escape_string($mysqli, $_POST["adresse"])."',";
if (isset($_POST["codePostal"]))
$request .= " codePostal = '".mysqli_real_escape_string($mysqli, $_POST["codePostal"])."',";
if (isset($_POST["ville"]))
$request .= " ville = '".mysqli_real_escape_string($mysqli, $_POST["ville"])."',";
if (isset($_POST["pays"]))
$request .= " pays = '".mysqli_real_escape_string($mysqli, $_POST["pays"])."',";
$request = substr($request, 0, -1);
$request .= " WHERE id = '$idUtilisateur'";
$mysqli->query($request);
}
// Modification de l'image
if (isset($_POST["image"])) {
try {
$image = imagecreatefromstring(base64_decode(substr($_POST["image"], strpos($_POST['image'], ",") + 1)));
} catch (Exception $e) {
exit("invalid image");
}
imagepng($image, "assets/utilisateurs/$idUtilisateur.png");
}
exit("succes");
?>