time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we want to delete a buddy
{
$id = (int) $_GET['del'];
$bdd->query('DELETE FROM copains WHERE id='.$id);
header('location: message.php?id=4');
exit();
}
if(isset($_POST['id']) && isset($_POST['nom']) && !empty($_POST['token']) && $_POST['token'] == $_SESSION['token_buddy'] && $_SESSION['token_buddy_time'] > time() - (15*60) AND strpos($_SERVER['HTTP_REFERER'], 'http://'.$CONFIG['base_url'].'/index.php') == 0) //If we want to add or delete a buddy
{
if(!empty($_POST['id']))
{
$req = $bdd->prepare('UPDATE copains SET nom=:nom, admin=:admin WHERE id='.(int) $_POST['id']);
if(!empty($_POST['password']))
{
$req2 = $bdd->prepare('UPDATE copains SET password=:password WHERE id='.(int) $_POST['id']);
$req2->bindValue(':password', sha1($_POST['password'] . $CONFIG['salt']));
$req2->execute();
}
$message = 5;
}
else
{
$req = $bdd->prepare('INSERT INTO copains (id, nom, password, admin) VALUES ("", :nom, :password, :admin)');
$req->bindValue(':password', sha1($_POST['password'] . $CONFIG['salt']));
$message = 6;
}
$req->bindValue(':nom', $_POST['nom']);
$req->bindValue(':admin', intval($_POST['admin']));
$req->execute();
header('location: message.php?id='.$message);
}
$_SESSION['token_buddy'] = sha1(uniqid(rand(), true)); //We generate a token and store it in a session variable
$_SESSION['token_buddy_time'] = time(); //We also store the time at which the token has been generated
?>
Bouffe@Ulm
Bouffe@Ulm
Liste des copains
Retour à l'accueil
N°   |
Nom |
Admin ? |
Modifier |
Supprimer |
query('SELECT id, nom, admin FROM copains ORDER BY '.$_GET['tri'].' '.$_GET['sens']);
}
else
{
$req = $bdd->query('SELECT id, nom, admin FROM copains ORDER BY nom ASC');
}
while($donnees = $req->fetch())
{
$id = (int) $donnees['id'];
if($donnees['admin'] == 1)
{
$admin = 'Oui';
}
else
{
$admin = 'Non';
}
echo '
| '.$id.' |
'.htmlspecialchars($donnees["nom"]).' |
'.$admin.' |
Modifier |
Supprimer |
';
}
$req->closeCursor();
?>
Ajouter un copain
query('SELECT nom, admin FROM copains WHERE id='.$modif);
$donnees = $req->fetch();
$req->closeCursor();
?>
Modifier un copain