Usurpation d'identité

2019-12-19 15:05:11 +01:00 · 2019-12-19 15:05:11 +01:00 · e9f10ca14f
parent 7db606e6eb
commit e9f10ca14f
4 changed files with 50 additions and 50 deletions
--- a/server_files/controllers/informations.php
+++ b/server_files/controllers/informations.php
@ -14,6 +14,14 @@ if ($_SESSION["role"] != Role::ORGANIZER && $_SESSION["role"] != Role::ADMIN) {
 if ($user === null)
 	require_once "server_files/404.php";

+if (isset($_POST["view_as"]) && $_SESSION["role"] == Role::ADMIN) {
+	if (!isset($_SESSION["admin"]))
+		$_SESSION["admin"] = $_SESSION["user_id"];
+	$_SESSION["user_id"] = $user->getId();
+	header("Location: /");
+	exit();
+}
+
 $team = Team::fromId($user->getTeamId());
 $tournaments = $user->getOrganizedTournaments();

--- a/server_files/model.php
+++ b/server_files/model.php
@ -19,27 +19,12 @@ function loadUserValues()
 			$_SESSION["tournament"] = Tournament::fromId($team->getTournamentId());
 		}

-		if (isset($_GET["be-admin"])) {
-			quitTeam();
-			$user->setRole(Role::ADMIN);
-			exit();
-		}
-
-		if (isset($_GET["be-organizer"])) {
-			quitTeam();
-			$user->setRole(Role::ORGANIZER);
-			exit();
-		}
-
-		if (isset($_GET["be-participant"])) {
-			quitTeam();
-			$user->setRole(Role::PARTICIPANT);
-			exit();
-		}
-
-		if (isset($_GET["be-encadrant"])) {
-			quitTeam();
-			$user->setRole(Role::ENCADRANT);
+		if (isset($_GET["view-as-admin"])) {
+			if (isset($_SESSION["admin"])) {
+				$_SESSION["user_id"] = $_SESSION["admin"];
+				unset($_SESSION["admin"]);
+			}
+			header("Location: /");
 			exit();
 		}
 	}
--- a/server_files/views/header.php
+++ b/server_files/views/header.php
@ -85,25 +85,11 @@
                        <a class="nav-link" href="/inscription">Inscription</a>
                    </li>
                <?php } else { ?>
-                    <li class="nav-item active">
-                        <a class="nav-link">Changer de point de vue</a>
-                        <ul class="deroule">
-                        <?php
-                        if ($_SESSION["role"] != Role::ADMIN) {
-                            echo "<li><a class=\"nav-link\" href=\"?be-admin=1\">Devenir administrateur</a></li>\n";
-                        }
-                        if ($_SESSION["role"] != Role::ORGANIZER) {
-                            echo "<li><a class=\"nav-link\" href=\"?be-organizer=1\">Devenir organisateur</a></li>\n";
-                        }
-                        if ($_SESSION["role"] != Role::PARTICIPANT) {
-                            echo "<li><a class=\"nav-link\" href=\"?be-participant=1\">Devenir participant</a></li>\n";
-                        }
-                        if ($_SESSION["role"] != Role::ENCADRANT) {
-                            echo "<li><a class=\"nav-link\" href=\"?be-encadrant=1\">Devenir encadrant</a></li>\n";
-                        }
-                        ?>
-                    </ul>
-                    </li>
+					<?php if (isset($_SESSION["admin"])) { ?>
+                        <li class="nav-item active">
+                            <a class="nav-link" href="/?view-as-admin">Retourner en vue administrateur</a>
+                        </li>
+					<?php } ?>
                    <li class="nav-item active">
                        <a class="nav-link" href="/deconnexion">Déconnexion</a>
                    </li>
--- a/server_files/views/informations.php
+++ b/server_files/views/informations.php
@ -84,23 +84,36 @@ if (!$has_error) {
 </div>

 <?php if ($user->getRole() == Role::PARTICIPANT) { ?>
-	Lycée : <?= $user->getSchool() ?><br />
-	Classe : <?php SchoolClass::getTranslatedName($user->getClass())	?><br />
-	Nom du responsable légal : <?= $user->getResponsibleName() ?><br />
-	Numéro de téléphone du responsable légal : <?= $user->getResponsiblePhone() ?><br />
-	Adresse e-mail du responsable légal : <a href="mailto:<?= $user->getResponsibleEmail() ?>"><?= $user->getResponsibleEmail() ?></a>
-<?php } elseif ($user->getDescription() != "") { ?>
-	Description : <?= $user->getDescription() ?><br />
-<?php }
+    <div class="alert alert-info">
+	    Lycée : <?= $user->getSchool() ?><br />
+	    Classe : <?php SchoolClass::getTranslatedName($user->getClass()) ?>
+    </div>

-echo "<hr />";
+    <div class="alert alert-info">
+	    Nom du responsable légal : <?= $user->getResponsibleName() ?>
+    </div>
+
+    <div class="alert alert-info">
+	    Numéro de téléphone du responsable légal : <?= $user->getResponsiblePhone() ?>
+    </div>
+
+    <div class="alert alert-info">
+	    Adresse e-mail du responsable légal : <a href="mailto:<?= $user->getResponsibleEmail() ?>"><?= $user->getResponsibleEmail() ?></a>
+    </div>
+
+<?php } elseif ($user->getDescription() != "") { ?>
+    <div class="alert alert-info">
+	    Description : <?= $user->getDescription() ?>
+    </div>
+<?php }

 if ($user->getRole() == Role::ADMIN || $user->getRole() == Role::ORGANIZER) {
 	foreach ($tournaments as $tournament) {
-		echo "Organise le tournoi <a href=\"/tournoi/" . $tournament->getName(). "\">" . $tournament->getName() . "</a><br />";
+		echo "<div class=\"alert alert-info\">Organise le tournoi <a href=\"/tournoi/" . $tournament->getName(). "\">" . $tournament->getName() . "</a></div>";
 	}
 }
 elseif ($user->getRole() == Role::PARTICIPANT || $user->getRole() == Role::ENCADRANT) { ?>
+
 	<h2>Autorisations</h2>
    <?php
    printDocuments($documents);
@ -113,4 +126,12 @@ elseif ($user->getRole() == Role::PARTICIPANT || $user->getRole() == Role::ENCAD
    }
 }

+if ($_SESSION["role"] == Role::ADMIN) { ?>
+    <hr />
+    <form method="POST">
+        <input type="submit" name="view_as" class="btn btn-secondary btn-lg btn-block" style="background-color: #2ba42b"
+               value="Afficher le site en tant que <?= $user->getFirstName() . " " . $user->getSurname() ?>"/>
+    </form>
+<?php }
+
 require_once "footer.php";