time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we want to delete a buddy { $id = (int) $_GET['del']; $bdd->query('DELETE FROM copains WHERE id='.$id); header('location: message.php?id=4'); exit(); } if(isset($_POST['id']) && isset($_POST['nom']) && !empty($_POST['token']) && $_POST['token'] == $_SESSION['token_buddy'] && $_SESSION['token_buddy_time'] > time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we want to add or delete a buddy { if(!empty($_POST['id'])) { $req = $bdd->prepare('UPDATE copains SET nom=:nom, admin=:admin WHERE id='.(int) $_POST['id']); if(!empty($_POST['password'])) { $req2 = $bdd->prepare('UPDATE copains SET password=:password WHERE id='.(int) $_POST['id']); $req2->bindValue(':password', sha1($_POST['password'] . $CONFIG['salt'])); $req2->execute(); } $message = 5; } else { $req = $bdd->prepare('INSERT INTO copains (id, nom, password, admin) VALUES ("", :nom, :password, :admin)'); $req->bindValue(':password', sha1($_POST['password'] . $CONFIG['salt'])); $message = 6; } $req->bindValue(':nom', $_POST['nom']); $req->bindValue(':admin', intval($_POST['admin'])); $req->execute(); header('location: message.php?id='.$message); } $_SESSION['token_buddy'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable $_SESSION['token_buddy_time'] = time(); //We also store the time at which the token has been generated ?> Bouffe@Ulm

Bouffe@Ulm

Liste des copains

Retour à l'accueil

query('SELECT id, nom, admin FROM copains ORDER BY '.$_GET['tri'].' '.$_GET['sens']); } else { $req = $bdd->query('SELECT id, nom, admin FROM copains ORDER BY nom ASC'); } while($donnees = $req->fetch()) { $id = (int) $donnees['id']; if($donnees['admin'] == 1) { $admin = 'Oui'; } else { $admin = 'Non'; } echo ''; } $req->closeCursor(); ?>
/\ /\ Nom /\ /\ Admin ? /\ /\ Modifier Supprimer
'.$id.' '.htmlspecialchars($donnees["nom"]).' '.$admin.' Modifier Supprimer

Ajouter un copain

query('SELECT nom, admin FROM copains WHERE id='.$modif); $donnees = $req->fetch(); $req->closeCursor(); ?>

Modifier un copain