Usurpation d'identité

This commit is contained in:
Yohann D'ANELLO 2019-12-19 15:05:11 +01:00
parent 7db606e6eb
commit e9f10ca14f
4 changed files with 50 additions and 50 deletions

View File

@ -14,6 +14,14 @@ if ($_SESSION["role"] != Role::ORGANIZER && $_SESSION["role"] != Role::ADMIN) {
if ($user === null)
require_once "server_files/404.php";
if (isset($_POST["view_as"]) && $_SESSION["role"] == Role::ADMIN) {
if (!isset($_SESSION["admin"]))
$_SESSION["admin"] = $_SESSION["user_id"];
$_SESSION["user_id"] = $user->getId();
header("Location: /");
exit();
}
$team = Team::fromId($user->getTeamId());
$tournaments = $user->getOrganizedTournaments();

View File

@ -19,27 +19,12 @@ function loadUserValues()
$_SESSION["tournament"] = Tournament::fromId($team->getTournamentId());
}
if (isset($_GET["be-admin"])) {
quitTeam();
$user->setRole(Role::ADMIN);
exit();
if (isset($_GET["view-as-admin"])) {
if (isset($_SESSION["admin"])) {
$_SESSION["user_id"] = $_SESSION["admin"];
unset($_SESSION["admin"]);
}
if (isset($_GET["be-organizer"])) {
quitTeam();
$user->setRole(Role::ORGANIZER);
exit();
}
if (isset($_GET["be-participant"])) {
quitTeam();
$user->setRole(Role::PARTICIPANT);
exit();
}
if (isset($_GET["be-encadrant"])) {
quitTeam();
$user->setRole(Role::ENCADRANT);
header("Location: /");
exit();
}
}

View File

@ -85,25 +85,11 @@
<a class="nav-link" href="/inscription">Inscription</a>
</li>
<?php } else { ?>
<?php if (isset($_SESSION["admin"])) { ?>
<li class="nav-item active">
<a class="nav-link">Changer de point de vue</a>
<ul class="deroule">
<?php
if ($_SESSION["role"] != Role::ADMIN) {
echo "<li><a class=\"nav-link\" href=\"?be-admin=1\">Devenir administrateur</a></li>\n";
}
if ($_SESSION["role"] != Role::ORGANIZER) {
echo "<li><a class=\"nav-link\" href=\"?be-organizer=1\">Devenir organisateur</a></li>\n";
}
if ($_SESSION["role"] != Role::PARTICIPANT) {
echo "<li><a class=\"nav-link\" href=\"?be-participant=1\">Devenir participant</a></li>\n";
}
if ($_SESSION["role"] != Role::ENCADRANT) {
echo "<li><a class=\"nav-link\" href=\"?be-encadrant=1\">Devenir encadrant</a></li>\n";
}
?>
</ul>
<a class="nav-link" href="/?view-as-admin">Retourner en vue administrateur</a>
</li>
<?php } ?>
<li class="nav-item active">
<a class="nav-link" href="/deconnexion">Déconnexion</a>
</li>

View File

@ -84,23 +84,36 @@ if (!$has_error) {
</div>
<?php if ($user->getRole() == Role::PARTICIPANT) { ?>
<div class="alert alert-info">
Lycée : <?= $user->getSchool() ?><br />
Classe : <?php SchoolClass::getTranslatedName($user->getClass()) ?><br />
Nom du responsable légal : <?= $user->getResponsibleName() ?><br />
Numéro de téléphone du responsable légal : <?= $user->getResponsiblePhone() ?><br />
Adresse e-mail du responsable légal : <a href="mailto:<?= $user->getResponsibleEmail() ?>"><?= $user->getResponsibleEmail() ?></a>
<?php } elseif ($user->getDescription() != "") { ?>
Description : <?= $user->getDescription() ?><br />
<?php }
Classe : <?php SchoolClass::getTranslatedName($user->getClass()) ?>
</div>
echo "<hr />";
<div class="alert alert-info">
Nom du responsable légal : <?= $user->getResponsibleName() ?>
</div>
<div class="alert alert-info">
Numéro de téléphone du responsable légal : <?= $user->getResponsiblePhone() ?>
</div>
<div class="alert alert-info">
Adresse e-mail du responsable légal : <a href="mailto:<?= $user->getResponsibleEmail() ?>"><?= $user->getResponsibleEmail() ?></a>
</div>
<?php } elseif ($user->getDescription() != "") { ?>
<div class="alert alert-info">
Description : <?= $user->getDescription() ?>
</div>
<?php }
if ($user->getRole() == Role::ADMIN || $user->getRole() == Role::ORGANIZER) {
foreach ($tournaments as $tournament) {
echo "Organise le tournoi <a href=\"/tournoi/" . $tournament->getName(). "\">" . $tournament->getName() . "</a><br />";
echo "<div class=\"alert alert-info\">Organise le tournoi <a href=\"/tournoi/" . $tournament->getName(). "\">" . $tournament->getName() . "</a></div>";
}
}
elseif ($user->getRole() == Role::PARTICIPANT || $user->getRole() == Role::ENCADRANT) { ?>
<h2>Autorisations</h2>
<?php
printDocuments($documents);
@ -113,4 +126,12 @@ elseif ($user->getRole() == Role::PARTICIPANT || $user->getRole() == Role::ENCAD
}
}
if ($_SESSION["role"] == Role::ADMIN) { ?>
<hr />
<form method="POST">
<input type="submit" name="view_as" class="btn btn-secondary btn-lg btn-block" style="background-color: #2ba42b"
value="Afficher le site en tant que <?= $user->getFirstName() . " " . $user->getSurname() ?>"/>
</form>
<?php }
require_once "footer.php";