From e9b793ca7906d37699243f05520a971718b8262c Mon Sep 17 00:00:00 2001
From: vince <vince@caboulot.org>
Date: Sat, 4 Dec 2021 16:49:14 +0100
Subject: [PATCH] ajoute le form de config avec auth

---
 index.php | 340 ++++++++++++++++++++++++++++++++++++++++----------------------
 1 file changed, 222 insertions(+), 118 deletions(-)

diff --git a/index.php b/index.php
index 147ba6f..4b72012 100644
--- a/index.php
+++ b/index.php
@@ -8,102 +8,168 @@ define('DATA_FILE', __DIR__ . DIRECTORY_SEPARATOR . 'data.php');
 if (file_exists(CONFIG_FILE)) require_once CONFIG_FILE;
 if (!isset($config)) $config = [];
 
+$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
+
+$hasSupplier = isset($_REQUEST['supplier']) and !empty($_REQUEST['supplier']);
 $supplier = $_REQUEST['supplier'];
 
-if (!isset($config[$supplier]))
-	$config[$supplier] = [];
+if ($hasSupplier) {
+       
+	if (!isset($config[$supplier]))
+		$config[$supplier] = [];
 
-$config[$supplier] = array_merge(
-	[
-		'title' => '%supplier% <small>%event%</small>',
-		'description' => '',
-		'choices' => [],
-		'start' => 'now 00:00:00',
-		'end' => '+1 year',
-		'frequency' => '1 day',
+	$config[$supplier] = array_merge(
+		[
+			'title' => '%supplier% <small>%event%</small>',
+			'description' => '',
+			'choices' => [],
+			'start' => 'now 00:00:00',
+			'frequency' => '1 day',
+			'password' => '',
 
-	],
-	$config[$supplier]
-);
+		],
+		$config[$supplier]
+	);
 
-$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
+	$hasPassword = !empty($config[$supplier]['password']);
 
-$hasEvent = isset($_REQUEST['event']);
-if (!$hasEvent) {
-	$now = new \DateTime('now');
-	$current = new \DateTime($config[$supplier]['start']);
-	$frequency = \DateInterval::createFromDateString($config[$supplier]['frequency']);
-	$maxIterations = 1000;
-	while (
-		($current->getTimestamp() < $now->getTimestamp())
-		and ($maxIterations-- > 0)
-	) $current->add($frequency);
-	$nextEvent = $current->format('Y-m-d');
-	header(sprintf('Location: %s?supplier=%s&event=%s', $requestUrl, $supplier, $nextEvent));
-	die();
-}
+	if ($action === 'config') {
+		if ($hasPassword) {
+			if (!isset($_SERVER['PHP_AUTH_USER'])) {
+				header(sprintf('WWW-Authenticate: Basic realm="mon-panier-bio config %s"', $supplier));
+				header('HTTP/1.0 401 Unauthorized');
+				printf('Cette config est protégée par mot de passe !');
+				exit;
+			} elseif (
+				($_SERVER['PHP_AUTH_USER'] !== $supplier)
+				or ($_SERVER['PHP_AUTH_PW'] !== $config[$supplier]['password'])
+			) {
+				header('HTTP/1.0 403 Forbidden');
+				printf('Cette config est protégée par mot de passe !');
+				exit;
+			}
+		}
 
-$event = $_REQUEST['event'];
-
-switch ($action) {
-case 'insert' :
-case 'delete' :
-	$isBeginning = (!file_exists(DATA_FILE) or in_array(filesize(DATA_FILE), [ false, 0 ]));
-	$output = fopen(DATA_FILE, 'a+');
-	if (!$output) break;
-	if (!flock($output, LOCK_EX)) break;
-	if ($isBeginning)
-		fwrite($output, '<?php' . PHP_EOL);
-	$item = [];
-	foreach (['name', 'choice', 'action'] as $field)
-		$item[$field] = $_REQUEST[$field];
-	$item['timestamp'] = time();
-	$item['hash'] = md5(implode([ $item['name'], $item['choice'], ]));
-	fprintf(
-		$output,
-		'$data[%s][%s][] = %s;' . PHP_EOL,
-		var_export($supplier, true),
-		var_export($event, true),
-		str_replace(PHP_EOL, '', var_export($item, true))
-	);
-	flock($output, LOCK_UN);
-	fclose($output);
-	header(sprintf('Location: %s?supplier=%s&event=%s', $requestUrl, $supplier, $event));
-	die();
-}
+		foreach (array_keys($config[$supplier]) as $key)
+			if (isset($_REQUEST[$key]))
+				$config[$supplier][$key] = $_REQUEST[$key];
+	}
+
+	if (empty($config[$supplier]['start']))
+		$config[$supplier]['start'] = 'now 00:00:00';
 
-if (!isset($data)) $data = [];
-if (file_exists(DATA_FILE)) include DATA_FILE;
 
-$items = [];
+	if (is_string($config[$supplier]['choices']))
+		$config[$supplier]['choices'] = explode(PHP_EOL, $config[$supplier]['choices']);
 
-$allItems = isset($data[$supplier][$event]) ? $data[$supplier][$event] : [];
+	if (!is_array($config[$supplier]['choices']))
+		$config[$supplier]['choices'] = [];
 
-usort($allItems, function ($a, $b) {
-	$a = intval($a['timestamp']);
-	$b = intval($b['timestamp']);
-	if ($a === $b)
-		return 0;
-	return ($a < $b) ? -1 : 1;
-});
+	$config[$supplier]['choices'] = array_filter(
+		$config[$supplier]['choices'],
+		function ($choice) {
+			return is_string($choice) and !empty(trim($choice));
+		}
+	);
 
-foreach ($allItems as $item) {
-	if ($item['action'] === 'insert') {
-		$items[] = $item;
-	} elseif ($item['action'] === 'delete') {
-		foreach ($items as $index => $prevItem)
-			if ($prevItem['hash'] === $item['hash'])
-				unset($items[$index]);
+	$config[$supplier]['choices'] = array_map('trim', $config[$supplier]['choices']);
+}
+
+$isConfig = false;
+if ($action === 'config') {
+	$output = fopen(CONFIG_FILE, 'w+');
+	if ($output) {
+		if (flock($output, LOCK_EX)) {
+			fwrite($output, '<?php' . PHP_EOL);
+			fprintf(
+				$output,
+				'$config = %s;' . PHP_EOL,
+				var_export($config, true)
+			);
+			flock($output, LOCK_UN);
+		}
+		fclose($output);
 	}
+	$isConfig = true;
 }
 
-while (preg_match('/%([^%]+)%/i', $config[$supplier]['title'], $match))
-	$config[$supplier]['title'] = str_replace(
-		$match[0],
-		${$match[1]},
-		$config[$supplier]['title']
-	);
+$hasEvent = isset($_REQUEST['event']);
+if (!$isConfig and $hasSupplier) {
+	if (!$hasEvent) {
+		$now = new \DateTime('now');
+		$current = new \DateTime($config[$supplier]['start']);
+		$frequency = \DateInterval::createFromDateString($config[$supplier]['frequency']);
+		$maxIterations = 1000;
+		while (
+			($current->getTimestamp() < $now->getTimestamp())
+			and ($maxIterations-- > 0)
+		) $current->add($frequency);
+		$nextEvent = $current->format('Y-m-d');
+		header(sprintf('Location: %s?supplier=%s&event=%s', $requestUrl, $supplier, $nextEvent));
+		die();
+	}
+
+	$event = $_REQUEST['event'];
+
+	switch ($action) {
+	case 'insert' :
+	case 'delete' :
+		$isBeginning = (!file_exists(DATA_FILE) or in_array(filesize(DATA_FILE), [ false, 0 ]));
+		$output = fopen(DATA_FILE, 'a+');
+		if (!$output) break;
+		if (!flock($output, LOCK_EX)) break;
+		if ($isBeginning)
+			fwrite($output, '<?php' . PHP_EOL);
+		$item = [];
+		foreach (['name', 'choice', 'action'] as $field)
+			$item[$field] = $_REQUEST[$field];
+		$item['timestamp'] = time();
+		$item['hash'] = md5(implode([ $item['name'], $item['choice'], ]));
+		fprintf(
+			$output,
+			'$data[%s][%s][] = %s;' . PHP_EOL,
+			var_export($supplier, true),
+			var_export($event, true),
+			str_replace(PHP_EOL, '', var_export($item, true))
+		);
+		flock($output, LOCK_UN);
+		fclose($output);
+		header(sprintf('Location: %s?supplier=%s&event=%s', $requestUrl, $supplier, $event));
+		die();
+	}
+
+	if (!isset($data)) $data = [];
+	if (file_exists(DATA_FILE)) include DATA_FILE;
+
+	$items = [];
+
+	$allItems = isset($data[$supplier][$event]) ? $data[$supplier][$event] : [];
 
+	usort($allItems, function ($a, $b) {
+		$a = intval($a['timestamp']);
+		$b = intval($b['timestamp']);
+		if ($a === $b)
+			return 0;
+		return ($a < $b) ? -1 : 1;
+	});
+
+	foreach ($allItems as $item) {
+		if ($item['action'] === 'insert') {
+			$items[] = $item;
+		} elseif ($item['action'] === 'delete') {
+			foreach ($items as $index => $prevItem)
+				if ($prevItem['hash'] === $item['hash'])
+					unset($items[$index]);
+		}
+	}
+
+	while (preg_match('/%([^%]+)%/i', $config[$supplier]['title'], $match))
+		$config[$supplier]['title'] = str_replace(
+			$match[0],
+			${$match[1]},
+			$config[$supplier]['title']
+		);
+}
 
 ?><!DOCTYPE html>
 <html lang="fr">
@@ -113,44 +179,82 @@ while (preg_match('/%([^%]+)%/i', $config[$supplier]['title'], $match))
 		<title><?php echo strip_tags($config[$supplier]['title']); ?></title>
 	</head>
 	<body>
-		<h1><?php echo $config[$supplier]['title']; ?></h1>
-		<?php if (!empty($config[$supplier]['description'])) : ?>
-		<p><?php echo $config[$supplier]['description']; ?></p>
-		<?php endif; ?>
-		<ul>
-			<?php foreach ($items as $item) : ?>
-			<li>
-				<form>
-					<input type="hidden" name="supplier" value="<?php echo $supplier; ?>" />
-					<input type="hidden" name="event" value="<?php echo $event; ?>" />
-					<input type="hidden" name="name" value="<?php echo $item['name']; ?>" />
-					<input type="hidden" name="choice" value="<?php echo $item['choice']; ?>" />
-					<?php echo $item['name']; ?>
-					<?php if (!empty($item['choice'])) : ?>
-					— <?php echo $item['choice']; ?>
-					<?php endif; ?>
-					<button type="submit" name="action" value="delete">supprimer</button>
-				</form>
-			</li>
-  			<?php endforeach; ?>
-			<li>
-				<form>
-					<input type="hidden" name="supplier" value="<?php echo $supplier; ?>" />
-					<input type="hidden" name="event" value="<?php echo $event; ?>" />
-					<input type="text" name="name" required placeholder="nom" />
-					<?php if (empty($config[$supplier]['choices'])) : ?>
-					<input type="hidden" name="choice" value="<?php echo $item['choice']; ?>" />
-					<?php else : ?>
-					<select name="choice" required placeholder="choix">
-						<option/>
-						<?php foreach ($config[$supplier]['choices'] as $choice) : ?>
-						<option><?php echo $choice; ?></option>
-						<?php endforeach; ?>
-					</select>
-					<?php endif; ?>
-					<button type="submit" name="action" value="insert">ajouter</button>
+		<?php if (!$hasSupplier) : ?>
+			<p>pas de fournisseur</p>
+		<?php else : ?>
+			<?php if ($isConfig) : ?>
+				<a href="<?php printf('%s?supplier=%s', $requestUrl, $supplier); ?>">retour</a>
+				<h1>config <?php echo $supplier; ?></h1>
+				<form action="<?php printf('%s?supplier=%s', $requestUrl, $supplier); ?>" method="post">
+					<p>
+						<label for="title">titre</label>
+						<input type="text" name="title" value="<?php echo $config[$supplier]['title']; ?>" />
+					</p>
+					<p>
+						<label for="description">description</label>
+						<textarea name="description" rows="10"><?php echo $config[$supplier]['description']; ?></textarea>
+					</p>
+					<p>
+						<label for="choices">choix</label>
+						<textarea name="choices" rows="10"><?php echo implode(PHP_EOL, $config[$supplier]['choices']); ?></textarea>
+					</p>
+					<p>
+						<label for="start">début</label>
+						<input type="date" name="start" value="<?php echo $config[$supplier]['start']; ?>" />
+					</p>
+					<p>
+						<label for="frequency">fréquence</label>
+						<input type="text" name="frequency" value="<?php echo $config[$supplier]['frequency']; ?>" />
+					</p>
+					<p>
+						<label for="password">password</label>
+						<input type="text" name="password" value="<?php echo $config[$supplier]['password']; ?>" />
+					</p>
+						<button type="submit" name="action" value="config">config</button>
+					</p>
 				</form>
-			</li>
-		</ul>
+			<?php else : ?>
+				<a href="<?php printf('%s?supplier=%s&action=config', $requestUrl, $supplier); ?>">config</a>
+				<h1><?php echo $config[$supplier]['title']; ?></h1>
+				<?php if (!empty($config[$supplier]['description'])) : ?>
+				<p><?php echo $config[$supplier]['description']; ?></p>
+				<?php endif; ?>
+				<ul>
+					<li>
+						<form>
+							<input type="hidden" name="supplier" value="<?php echo $supplier; ?>" />
+							<input type="hidden" name="event" value="<?php echo $event; ?>" />
+							<input type="text" name="name" required placeholder="nom" />
+							<?php if (empty($config[$supplier]['choices'])) : ?>
+							<input type="hidden" name="choice" value="<?php echo $item['choice']; ?>" />
+							<?php else : ?>
+							<select name="choice" required placeholder="choix">
+								<option/>
+								<?php foreach ($config[$supplier]['choices'] as $choice) : ?>
+								<option><?php echo $choice; ?></option>
+								<?php endforeach; ?>
+							</select>
+							<?php endif; ?>
+							<button type="submit" name="action" value="insert">ajouter</button>
+						</form>
+					</li>
+					<?php foreach ($items as $item) : ?>
+					<li>
+						<form>
+							<input type="hidden" name="supplier" value="<?php echo $supplier; ?>" />
+							<input type="hidden" name="event" value="<?php echo $event; ?>" />
+							<input type="hidden" name="name" value="<?php echo $item['name']; ?>" />
+							<input type="hidden" name="choice" value="<?php echo $item['choice']; ?>" />
+							<?php echo $item['name']; ?>
+							<?php if (!empty($item['choice'])) : ?>
+							— <?php echo $item['choice']; ?>
+							<?php endif; ?>
+							<button type="submit" name="action" value="delete">supprimer</button>
+						</form>
+					</li>
+					<?php endforeach; ?>
+				</ul>
+			<?php endif; ?>
+		<?php endif; ?>
 	</body>
 </html>