V.1.4.6

1 files changed, 170 insertions, 0 deletions

diff --git a/Html/admin/users.php b/Html/admin/users.php
new file mode 100644
index 0000000..9e12cd9
--- /dev/null
+++ b/Html/admin/users.php
@@ -0,0 +1,170 @@
+<?php
+//include config
+require_once '../includes/config.php';
+
+//Si pas connecté OU si le membre n'est pas admin, pas de connexion à l'espace d'admin --> retour sur la page login
+if(!$user->is_logged_in()) {
+        header('Location: login.php');
+}
+
+if(isset($_SESSION['userid'])) {
+        if($_SESSION['userid'] != 1) {
+                header('Location: '.SITEURL);
+        }
+}
+
+//show message from add / edit page
+if(isset($_GET['deluser'])){
+
+        //if user id is 1 ignore
+        if($_GET['deluser'] !='1'){
+
+		// On supprime l'avatar du membre
+                $stmt = $db->prepare('SELECT avatar FROM blog_members WHERE memberID = :memberID');
+                $stmt->execute(array(':memberID' => (int) $_GET['deluser']));
+                $sup = $stmt->fetch();
+                $file = $REP_IMAGES_AVATARS.$sup['avatar'];
+                if (!empty($sup['avatar'])) {
+                        unlink($file);
+                }
+
+		// on supprime le membre
+                $stmt = $db->prepare('DELETE FROM blog_members WHERE memberID = :memberID') ;
+                $stmt->execute(array(':memberID' => (int) $_GET['deluser']));
+
+		// on supprime les données torrent du membre
+		$stmt1 = $db->prepare('DELETE FROM xbt_users WHERE uid = :uid') ;
+		$stmt1->execute(array(':uid' => (int) $_GET['deluser']));
+
+		// on supprime les commentaires du membre
+		//$delname = html($_GET['delname']);
+		//$stmt2 = $db->prepare('DELETE FROM blog_posts_comments WHERE cuser = :cuser') ;
+                //$stmt2->execute(array(':cuser' => $delname));
+
+                header('Location: users.php?action=supprime');
+                exit;
+
+        }
+}
+
+// titre de la page 
+$pagetitle= 'Admin : gestion des membres';
+include_once '../includes/header.php';
+
+?>
+
+<body>
+
+<div id="container">
+
+        <?php
+	   include_once '../includes/header-logo.php';
+           include_once '../includes/nav.php';
+        ?>
+
+
+    	<div id="body">
+		<div id="content">
+		
+		        <?php include('menu.php');?>
+
+        		<?php
+        		//show message from add / edit user 
+        		if(isset($_GET['action']) && $_GET['action'] == 'supprime'){
+                		echo '<h3>Le membre a été supprimé avec succès.</h3>';
+        		}
+			if(isset($_GET['action']) && $_GET['action'] == 'ajoute'){
+                                echo '<h3>Le membre a été ajouté avec succès.</h3>';
+                        }
+        		?>
+
+        <table>
+        <tr>
+		<th>ID</th>
+                <th>Pseudo</th>
+		<th>PID</th>
+                <th>Email</th>
+		<th style="text-align: center;">Inscription</th>
+		<th>Validé</th>
+                <th style="text-align: center;">Action</th>
+        </tr>
+        <?php
+                try {
+			$pages = new Paginator('10','p');
+
+			$stmt = $db->query('SELECT memberID FROM blog_members');
+
+			//pass number of records to
+			$pages->set_total($stmt->rowCount());
+
+                        $stmt = $db->query('SELECT memberID,username,pid,email,memberDate,active FROM blog_members ORDER BY memberID DESC '.$pages->get_limit());
+                        while($row = $stmt->fetch()){
+
+                                echo '<tr>';
+				echo '<td>'.html($row['memberID']).'</td>';
+                                echo '<td>'.html($row['username']).'</td>';
+				echo '<td style="font-size: 10px;">'.html($row['pid']).'</td>';
+                                echo '<td style="font-size: 11px;">'.html($row['email']).'</td>';
+
+				sscanf($row['memberDate'], "%4s-%2s-%2s %2s:%2s:%2s", $annee, $mois, $jour, $heure, $minute, $seconde);
+				echo '<td style="font-size: 10px; text-align: center;">'.$jour.'-'.$mois.'-'.$annee.'</td>';
+                                ?>
+
+				<?php
+					echo '<td style="text-align:center;">';
+					if($row['active'] == 'yes') {
+						echo 'oui';
+					}
+					elseif($row['active'] != 'yes' || $row['active'] == 'no') {
+						echo 'non';
+					}
+					echo '</td>';
+				?>
+
+                                <td style="text-align: center;">
+                                        <a style="text-decoration: none;" href="edit-user.php?id=<?php echo html($row['memberID']);?>">
+					<input type="button" class="button" value="Edit." /></a>
+                                        <?php if($row['memberID'] != 1){?>
+                                                | <a style="text-decoration: none;" href="javascript:deluser('<?php echo html($row['memberID']);?>','<?php echo html($row['username']);?>')">
+						<input type="button" class="button" value="Supp." /></a>
+                                        <?php } ?>
+                                </td>
+
+                                <?php
+                                echo '</tr>';
+
+                        }
+
+                } catch(PDOException $e) {
+                    echo $e->getMessage();
+                }
+        ?>
+        </table>
+
+	<br />
+
+	<?php
+	echo $pages->page_links();
+	?>
+
+	<p style="text-align: right;">
+		<a href="add-user.php" style="text-decoration: none;"><input type="button" class="button" value="Ajouter un membre" /></a>
+	</p>
+	</div>
+        
+	<?php
+		include_once '../sidebar.php';
+	?>
+        
+    	<div class="clear"></div>
+    </div>
+</div>
+
+<div id="footer">
+	<?php
+		include_once '../includes/footer.php';
+	?>
+</div>
+
+</body>
+</html>