From 377ed6a346e8fe758ca19bd0b09f2189b9709ac7 Mon Sep 17 00:00:00 2001
From: Noah <noah.roy28@yahoo.com>
Date: Wed, 10 Jun 2026 20:32:22 +0200
Subject: [PATCH] =?UTF-8?q?Authentification=20fonctionnelle=20avec=20prote?=
 =?UTF-8?q?ction=20des=20pages=20par=20r=C3=B4le?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Page de connexion par défaut. Redirections post-login selon le rôle. Navigation header adaptée au profil connecté. Protection des routes : opérations (gestionnaire+admin), gestion comptes (admin), planning (tous). Notifications et barre de session activées.
---
 controllers/auth_ctrl2.php        | 64 ++++++++++++++++++++-----------
 controllers/auth_utilities.php    |  9 +++++
 controllers/contact_crtl.php      |  5 +++
 controllers/lecture_page_ctrl.php |  2 +
 controllers/modif_compte_ctrl.php |  4 ++
 controllers/operation_ctrl.php    | 10 +++++
 controllers/utilisateur_ctrl.php  |  4 ++
 index.php                         | 15 +++++---
 models/user_crud.php              |  2 +-
 views/header.php                  | 54 +++++++++++++-------------
 10 files changed, 113 insertions(+), 56 deletions(-)

diff --git a/controllers/auth_ctrl2.php b/controllers/auth_ctrl2.php
index 9e94da3..8d7d65b 100644
--- a/controllers/auth_ctrl2.php
+++ b/controllers/auth_ctrl2.php
@@ -1,5 +1,7 @@
 <?php
-function login_ctrl() {
+
+function login_ctrl()
+{
     $ask_route = null;
     if (isset($_GET['ask'])) {
         $ask_route = htmlentities($_GET['ask']);
@@ -10,45 +12,61 @@ function login_ctrl() {
         login_form_ctrl($ask_route);
     }
 }
-function verify_login_ctrl(?string $route) {
+
+function login_form_ctrl(?string $route)
+{
+    require('views/login_views.php');
+    login_form_view($route);
+}
+
+function verify_login_ctrl(?string $route)
+{
     require('models/connection.php');
     require('models/user_crud.php');
+
     $login  = isset($_POST['login']) ? htmlentities($_POST['login']) : '';
     $passwd = isset($_POST['password']) ? $_POST['password'] : '';
-    $c = connection();
+
+    $c    = connection();
     $user = recuperation_auth($c, $login);
+
     if ($user && password_verify($passwd, $user['passwd'])) {
         session_regenerate_id(true);
         $_SESSION['login'] = $user['login'];
         $_SESSION['role']  = $user['type'];
+
+        // Si une route était demandée avant auth, on y redirige
         if ($route) {
             header('Location: index.php?route=' . $route);
-        } else {
-            switch ($user['type']) {
-                case 'admin':
-                    header('Location: index.php?route=admin');
-                    break;
-                case 'administration':
-                    header('Location: index.php?route=operations');
-                    break;
-                default:
-                    header('Location: index.php');
-                    break;
-            }
+            exit;
+        }
+
+        // Sinon, redirection selon le rôle
+        switch ($user['type']) {
+            case 'administration':
+                header('Location: index.php?route=modif_utilisateurs_form');
+                break;
+            case 'gestionnaire':
+                header('Location: index.php?route=operations');
+                break;
+            default:
+                header('Location: index.php?route=planning');
+                break;
         }
         exit;
     } else {
-        echo 'Erreur d\'authentification.';
+        $_SESSION['notification'] = 'Erreur d\'authentification : login ou mot de passe incorrect.';
+        $ask = $route ? '&ask=' . $route : '';
+        header('Location: index.php?route=auth' . $ask);
         exit;
     }
 }
-function login_form_ctrl(?string $route) {
-    require('views/login_views.php');
-    login_form_view($route);
-}
-function logout_ctrl() {
+
+function logout_ctrl()
+{
     session_unset();
     session_destroy();
     setcookie(session_name(), '', time() - 3600, '/');
-    require('views/welcome_view.php');
-}
\ No newline at end of file
+    header('Location: index.php');
+    exit;
+}
diff --git a/controllers/auth_utilities.php b/controllers/auth_utilities.php
index 39e1bc9..07de9d0 100755
--- a/controllers/auth_utilities.php
+++ b/controllers/auth_utilities.php
@@ -22,6 +22,15 @@ function has_role(string $role) {
 }
 
 
+// True if user has at least one of the given roles
+function has_any_role(array $roles): bool
+{
+    if (!isset($_SESSION['role'])) {
+        return false;
+    }
+    return in_array($_SESSION['role'], $roles, true);
+}
+
 function verify_grants(string $route, string $role='') {
     if (! has_role($role) && ! ($role == '' && is_logged())) {
         header('Location: index.php?route=auth&ask=' . $route);
diff --git a/controllers/contact_crtl.php b/controllers/contact_crtl.php
index 90f9abf..11f1a35 100644
--- a/controllers/contact_crtl.php
+++ b/controllers/contact_crtl.php
@@ -1,6 +1,11 @@
 <?php
 
 function contact_ctrl() {
+    require('controllers/auth_utilities.php');
+    if (!has_any_role(['gestionnaire', 'administration'])) {
+        header('Location: index.php?route=auth&ask=ajout_personnes');
+        exit;
+    }
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         contact_write_ctrl();
     } else {
diff --git a/controllers/lecture_page_ctrl.php b/controllers/lecture_page_ctrl.php
index ed1f621..6b5e870 100644
--- a/controllers/lecture_page_ctrl.php
+++ b/controllers/lecture_page_ctrl.php
@@ -2,6 +2,8 @@
 
 function planning_afficher_ctrl()
 {
+    require('controllers/auth_utilities.php');
+    verify_grants('planning');
     require('models/connection.php');
     require('models/lecture_page_model.php');
 
diff --git a/controllers/modif_compte_ctrl.php b/controllers/modif_compte_ctrl.php
index eb32387..3fba622 100644
--- a/controllers/modif_compte_ctrl.php
+++ b/controllers/modif_compte_ctrl.php
@@ -1,6 +1,8 @@
 <?php
 
 function modif_utilisateurs_form_ctrl() {
+    require('controllers/auth_utilities.php');
+    verify_grants('modif_utilisateurs_form', 'administration');
     require('models/connection.php');
     $c = connection();
     require('models/modif_compte_model.php');
@@ -17,6 +19,8 @@ function modif_utilisateurs_form_ctrl() {
 }
 
 function modif_utilisateurs_write_ctrl() {
+    require('controllers/auth_utilities.php');
+    verify_grants('modif_utilisateurs', 'administration');
     if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
         header('Location: index.php?route=modif_utilisateurs_form');
         exit;
diff --git a/controllers/operation_ctrl.php b/controllers/operation_ctrl.php
index 137d093..3df2b27 100644
--- a/controllers/operation_ctrl.php
+++ b/controllers/operation_ctrl.php
@@ -1,10 +1,20 @@
 <?php
 
 function operations_form_ctrl() {
+    require('controllers/auth_utilities.php');
+    if (!has_any_role(['gestionnaire', 'administration'])) {
+        header('Location: index.php?route=auth&ask=operations');
+        exit;
+    }
     require('views/operations_view.php');
 }
 
 function add_operation_write_ctrl() {
+    require('controllers/auth_utilities.php');
+    if (!has_any_role(['gestionnaire', 'administration'])) {
+        header('Location: index.php?route=auth&ask=operations');
+        exit;
+    }
     if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
         header('Location: index.php?route=operations');
         exit;
diff --git a/controllers/utilisateur_ctrl.php b/controllers/utilisateur_ctrl.php
index 30a448e..893f065 100644
--- a/controllers/utilisateur_ctrl.php
+++ b/controllers/utilisateur_ctrl.php
@@ -1,10 +1,14 @@
 <?php
 
 function add_utilisateurs_form_ctrl() {
+    require('controllers/auth_utilities.php');
+    verify_grants('add_utilisateurs_form', 'administration');
     require('views/creation_compte_view.php');
 }
 
 function add_utilisateurs_write_ctrl() {
+    require('controllers/auth_utilities.php');
+    verify_grants('add_utilisateurs', 'administration');
     if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
         header('Location: index.php?route=add_utilisateurs_form');
         exit;
diff --git a/index.php b/index.php
index 01ee30b..0eb6eab 100644
--- a/index.php
+++ b/index.php
@@ -28,15 +28,20 @@
 
     
         case null:
+            require('controllers/auth_ctrl2.php');
+            login_ctrl();
+            break;
+
+        case '':
+            require('controllers/auth_ctrl2.php');
+            login_ctrl();
+            break;
+
+        case 'planning':
             require('controllers/lecture_page_ctrl.php');
             planning_afficher_ctrl();
             break;
 
-        case '':
-            require('controllers/lecture_page_ctrl.php');
-            planning_afficher_ctrl();
-            break;
-            
         case 'auth':
             require('controllers/auth_ctrl2.php');
             login_ctrl();
diff --git a/models/user_crud.php b/models/user_crud.php
index ef00b2f..55baebd 100644
--- a/models/user_crud.php
+++ b/models/user_crud.php
@@ -2,7 +2,7 @@
 
 
 
-function recuperation_auth(PDO $connex, string $login):array {
+function recuperation_auth(PDO $connex, string $login):?array {
 	 require_once('config/config.php');
     $req = "SELECT login, passwd, type FROM Utilisateur WHERE login = :login";
     
diff --git a/views/header.php b/views/header.php
index a1c3382..752cd12 100644
--- a/views/header.php
+++ b/views/header.php
@@ -1,36 +1,36 @@
 <?php
-//session_start();
+require_once('controllers/auth_utilities.php');
 
-// --- NAVIGATION (auth commentée en attendant le système de connexion) ---
-$nav = '<li><a href="index.php">Accueil</a></li>';
-$nav .= '<li><a href="index.php?route=operations">Opérations</a></li>';
-$nav .= '<li><a href="index.php?route=modif_utilisateurs_form">Gestion des comptes</a></li>';
+// --- NAVIGATION selon le rôle ---
+$nav = '';
 
-// À DÉCOMMENTER quand l'auth sera fonctionnelle :
-// if (is_logged()) {
-//     $nav .= '<li><a href="index.php?route=planning">Planning</a></li>';
-//     $nav .= '<li><a href="index.php?route=sauveteurs">Sauveteurs</a></li>';
-// }
-// if (has_role('gestionnaire') || has_role('administration')) {
-//     $nav .= '<li><a href="index.php?route=gestion">Gestion</a></li>';
-// }
-// if (has_role('administration')) {
-//     $nav .= '<li><a href="index.php?route=admin">Admin</a></li>';
-// }
-// if (is_logged()) {
-//     $nav .= '<li><a href="index.php?route=logout" class="nav-right">Déconnexion</a></li>';
-// } else {
-//     $nav .= '<li><a href="index.php?route=auth" class="nav-right">Connexion</a></li>';
-// }
+if (is_logged()) {
+    $nav .= '<li><a href="index.php?route=planning">Accueil</a></li>';
 
-// $session = 'Connecté : ' . htmlentities($_SESSION['login']) . ' (' . ($_SESSION['role'] ?: 'lecture') . ')';
-$session = 'Non connecté';
+    if (has_any_role(['gestionnaire', 'administration'])) {
+        $nav .= '<li><a href="index.php?route=operations">Opérations</a></li>';
+    }
 
+    if (has_role('administration')) {
+        $nav .= '<li><a href="index.php?route=modif_utilisateurs_form">Gestion des comptes</a></li>';
+    }
+
+    $nav .= '<li><a href="index.php?route=logout" class="nav-right">Déconnexion</a></li>';
+}
+
+// --- BARRE DE SESSION ---
+if (is_logged()) {
+    $session = 'Connecté : ' . htmlentities($_SESSION['login']) . ' (' . htmlentities($_SESSION['role']) . ')';
+} else {
+    $session = 'Non connecté';
+}
+
+// --- NOTIFICATION ---
 $notif = '';
-// if (!empty($_SESSION['notification'])) {
-//     $notif = '<div id="notification">' . htmlentities($_SESSION['notification']) . '</div>';
-//     unset($_SESSION['notification']);
-// }
+if (!empty($_SESSION['notification'])) {
+    $notif = '<div id="notification">' . htmlentities($_SESSION['notification']) . '</div>';
+    unset($_SESSION['notification']);
+}
 ?>
 <!DOCTYPE html>
 <html lang="fr">