Fix error create user & add moderator

core/class/core.class.php

@@ -46,6 +46,18 @@ class core
         }
     }
 
+    public static function isInArrayString(array $_array, string $_string, int $_exact = NULL)
+    { 
+        foreach ($_array as $value) {
+            if(strripos($_string, $value) !== FALSE AND $_exact == NULL){
+                return TRUE;
+            } elseif($_string == $value AND $_exact == 1){
+                return TRUE;
+            }
+        }
+        return FALSE;
+    }
+
     public static function checkboxSelecter(bool $_val){
         echo ($_val == TRUE) ? "checked" : "";
     }

core/class/get.class.php

@@ -18,7 +18,7 @@ class get
         } elseif (core::ifGet("p")) {
             $page = core::getGet("p");
         } else {
-            if (session::accessUserByType(1)) { // Admin
+            if (session::accessUserByType(1) OR session::accessUserByType(4)) { // Admin
                 $page = DEFAUT_PAGE;
             } elseif (session::accessUserByType(3)) { // Assistance sociale
                 $page = DEFAUT_PAGE_SOCIAL;

core/class/session.class.php

@@ -33,6 +33,8 @@ class session
         if (isset($_SESSION["user"]["id"])) {
             if ($_SESSION["user"]["idType"] == 1) {
                 return TRUE;
+            } elseif ($_SESSION["user"]["idType"] == 4 and $_type == 4) {
+                return TRUE;
             } elseif ($_SESSION["user"]["idType"] == 2 and $_type == 2) {
                 return TRUE;
             } elseif ($_SESSION["user"]["idType"] == 3 and $_type == 3) {
@@ -45,6 +47,10 @@ class session
         }
     }
 
+    public static function access(array $_type){
+        return (in_array($_SESSION["user"]["idType"], $_type)) ? TRUE : FALSE;
+    }
+
     public static function accessElement(string $_element, string $_type)
     {
         // Eléments autorisé sans authentification
@@ -63,6 +69,10 @@ class session
                 if (self::elementServiceSocial($_element, $_type)) {
                     return TRUE;
                 }
+            } elseif (isset($_SESSION["user"]["idType"]) and $_SESSION["user"]["idType"] == 4) { // Espaces spécifiques aux Modérateurs du CMS
+                if (self::elementModerateur($_element, $_type)) {
+                    return TRUE;
+                }
             } elseif (isset($_SESSION["user"]["idType"]) and $_SESSION["user"]["idType"] == 1) { // Espaces spécifiques aux Admins
                 return TRUE;
             }
@@ -80,6 +90,33 @@ class session
         return (in_array($_element, ACCESS_WHITE[$_type])) ? TRUE : FALSE;
     }
 
+    private static function elementModerateur(string $_element, string $_type)
+    {
+        switch ($_type) {
+            case 'page':
+                $noAccessPage = array(
+                    "parametres",
+                );
+                return (core::isInArrayString($noAccessPage, $_element)) ? FALSE : TRUE;
+                break;
+            case 'submit':
+                $noAccessSubmit = array(
+                    "parametres",
+                );
+                return (core::isInArrayString($noAccessSubmit, $_element)) ? FALSE : TRUE;
+                break;
+            case 'json':
+                $noAccessJson = array(
+                    "parametres",
+                );
+                return (core::isInArrayString($noAccessJson, $_element)) ? FALSE : TRUE;
+                break;
+            default:
+                return TRUE;
+                break;
+        }
+    }
+
     private static function elementSalaries(string $_element, string $_type)
     {
         return (in_array($_element, ACCESS_SALARIES[$_type])) ? TRUE : FALSE;

core/class/user.class.php

@@ -124,12 +124,13 @@ class user {
     public static function add_user(array $_input){
 
         db::query("INSERT INTO " . DB_T_USER . " "
-                . "(email, password, prenom, nom, id_type, actif) "
-                . "VALUES (:email, :password, :prenom, :nom, :id_type, :actif)");
+                . "(email, password, googleAuthenticator, googleAuthenticatorSecret, prenom, nom, id_type, actif) "
+                . "VALUES (:email, :password, :googleAuthenticator, :googleAuthenticatorSecret, :prenom, :nom, :id_type, :actif)");
         db::bind(':email', $_input["email"]);
         db::bind(':password', md5($_input["password"]));
         db::bind(':prenom', $_input["prenom"]);
         db::bind(':nom', $_input["nom"]);
+        db::bind(':googleAuthenticator', $_input["googleAuthenticator"]);
         db::bind(':googleAuthenticatorSecret', googleAuthenticator::createSecret());
         db::bind(':id_type', $_input["id_type"]);
         db::bind(':actif', $_input["actif"]);

core/views/_cms.menu.php

@@ -1,45 +1,50 @@
 <nav id="sidebarMenu" class="col-md-3 col-lg-2 d-md-block bg-light sidebar collapse">
     <div class="position-sticky pt-2">
         <ul class="nav flex-column">
-            <?php 
-                if(session::accessUserByType(1)){ 
-                    core::elementMenuH6("Salariés");
-                    core::elementMenu("rh-liste-salaries", "/", "RH : Liste des salariés", "users");
-                    core::elementMenu("rh-historique-excel", "/rh-historique-excel.html", "RH : Historique des Excels", "file-text");
-                    if(isset(salaries::excelGetInProgress()["name"])){ core::elementMenu("rh-import-to-temp", "/rh-import-to-temp.html", "RH : Reprise du traitement", "file-text"); } 
-                    core::elementMenu("stats", "/stats.html", "RH : Stats salariés", "pie-chart"); 
-                }
-                    
-                if(session::accessUserByType(1)){ 
-                    core::elementMenuH6("ProWeb"); }
-                if(session::accessUserByType(1)){ 
-                    core::elementMenu("proweb-salaries", "/proweb-salaries.html", "Proweb : Liste des salariés", "archive");
-                    core::elementMenu("proweb-historique-excel", "/proweb-historique-excel.html", "Proweb : Historique des Excels", "file-text");
-                    core::elementMenu("proweb-export-csv", "/proweb-export-csv.html", "Proweb : Transfert des données", "send"); 
-                }
+            <?php  
+                (session::access(array(1, 4))) ? 
+                    core::elementMenuH6("Salariés") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("rh-liste-salaries", "/", "RH : Liste des salariés", "users") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("rh-historique-excel", "/rh-historique-excel.html", "RH : Historique des Excels", "file-text") : NULL;
+                (session::access(array(1, 4)) AND isset(salaries::excelGetInProgress()["name"])) ? 
+                    core::elementMenu("rh-import-to-temp", "/rh-import-to-temp.html", "RH : Reprise du traitement", "file-text") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("stats", "/stats.html", "RH : Stats salariés", "pie-chart") : NULL;
                 
-                if(session::accessUserByType(1) OR session::accessUserByType(3)){ 
-                    core::elementMenuH6("Accès services sociaux");
-                    core::elementMenu("sociale-check-salarie", "/sociale-check-salarie.html", "Validation d'un compte salarié", "check-square"); 
-                }
-                        
-                if(session::accessUserByType(1)){ 
-                    core::elementMenuH6("Evènements");
-                    core::elementMenu("evenements", "/evenements.html", "Listes des évènements", "calendar");
-                    core::elementMenu("lotterys", "/lotterys.html", "Listes des tirages au sort", "zap");
-                }
+                (session::access(array(1, 4))) ? 
+                    core::elementMenuH6("ProWeb") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("proweb-salaries", "/proweb-salaries.html", "Proweb : Liste des salariés", "archive") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("proweb-historique-excel", "/proweb-historique-excel.html", "Proweb : Historique des Excels", "file-text") : NULL;
+                (session::access(array(1, 4))) ? 
+                core::elementMenu("proweb-export-csv", "/proweb-export-csv.html", "Proweb : Transfert des données", "send") : NULL;
                 
-                if(session::accessUserByType(1)){ 
-                    core::elementMenuH6("Pratiques");
-                    core::elementMenuLink("https://corporatedirectory.capgemini.com/MyDirectory/portals/std/index-portal.jsp", "Corporate Directory", "link");
-                }
+                (session::access(array(1, 3, 4))) ? 
+                    core::elementMenuH6("Accès services sociaux") : NULL;
+                (session::access(array(1, 3, 4))) ?
+                    core::elementMenu("sociale-check-salarie", "/sociale-check-salarie.html", "Validation d'un compte salarié", "check-square") : NULL;
 
-                if(session::accessUserByType(1)){ 
-                    core::elementMenuH6("Administration");
-                    core::elementMenu("parametres", "/parametres.html", "IT : Paramètres", "tool"); 
-                    core::elementMenu("historique", "/historique.html", "IT : Historique", "activity"); 
-                }
+                (session::access(array(1, 4))) ? 
+                    core::elementMenuH6("Evènements") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("evenements", "/evenements.html", "Listes des évènements", "calendar") : NULL;
+                (session::access(array(1, 4))) ? 
+                    core::elementMenu("lotterys", "/lotterys.html", "Listes des tirages au sort", "zap") : NULL;
                 
+                (session::access(array(1, 4))) ? 
+                    core::elementMenuH6("Pratiques") : NULL;
+                (session::access(array(1, 4))) ?
+                    core::elementMenuLink("https://corporatedirectory.capgemini.com/MyDirectory/portals/std/index-portal.jsp", "Corporate Directory", "link") : NULL;
+
+                (session::access(array(1))) ? 
+                    core::elementMenuH6("Administration") : NULL;
+                (session::access(array(1))) ? 
+                    core::elementMenu("parametres", "/parametres.html", "IT : Paramètres", "tool") : NULL;
+                (session::access(array(1))) ? 
+                    core::elementMenu("historique", "/historique.html", "IT : Historique", "activity") : NULL;
             ?>
         </ul>
     </div>

core/views/_cms.nav.php

@@ -33,7 +33,7 @@
                     <a href="#" class="nav-link dropdown-toggle" data-bs-toggle="dropdown"><?php echo session::getName() ?></a>
                     <div class="dropdown-menu dropdown-menu-end">
                         <a href="/user.html" class="dropdown-item">Mon profil</a>
-                        <?php if(session::accessUserByType(1)) { ?>
+                        <?php if(session::access(array(1, 4))) { ?>
                             <div class="dropdown-divider"></div>
                             <a href="https://www.cse-invent.com" target="_blank" class="dropdown-item">Site du CSE</a>
                             <a href="https://www.cse-invent.com/gestion/" target="_blank" class="dropdown-item">Console Proweb</a>

core/views/pages/cms.user.php

@@ -3,6 +3,7 @@ if(core::ifGet("add")) {
     $id_form = '<input type="hidden" name="id" value="add">';
     $submit = "Ajouter un profil";
     $titre = "Ajouter un profil";
+    $protect = 0;
 } else {
     
     if(core::ifGet("id") == FALSE OR (core::ifGet("id") AND session::getId() == core::getGet("id"))){
@@ -64,12 +65,14 @@ if(core::ifGet("add")) {
             <select name="id_type" class="form-select">
                 <option value="2"<?php if(isset($user["id_type"]) AND $user["id_type"] == 2){ echo " selected"; } ?>>Contrôleur QRCode (émargement)</option>
                 <option value="3"<?php if(isset($user["id_type"]) AND $user["id_type"] == 3){ echo " selected"; } ?>>Assitance sociale</option>
+                <option value="4"<?php if(isset($user["id_type"]) AND $user["id_type"] == 4){ echo " selected"; } ?>>Modérateur du CMS</option>
                 <option value="1"<?php if(isset($user["id_type"]) AND $user["id_type"] == 1){ echo " selected"; } ?>>Administrateur</option>
             </select>
         <?php endif; ?>
         <?php if($protect == 1 OR $protect == 2): ?>
             <input type="text" class="form-control" value="<?php 
                 if($user["id_type"] == 1){ echo "Administrateur"; } 
+                elseif($user["id_type"] == 4){ echo "Modérateur du CMS"; } 
                 elseif($user["id_type"] == 2){ echo "Contrôleur QRCode (émargement)"; } 
                 elseif($user["id_type"] == 3){ echo "Assitance sociale"; } 
                 ?>" readonly="readonly" />

maj/sql/maj.php

@@ -1,6 +1,15 @@
 <?php 
 
 function goSql(){
-    //maj::query("...");
+
+    try {
+        db::query("INSERT INTO `user_type` (`id`, `type`) VALUES ('4', 'Modérateur du CMS')");
+        db::execute();
+    } catch (\Throwable $th) {
+        return FALSE;
+    }
+
     return TRUE;
-}
+    
+}
+