3 UserCake Version: 2.0.2
\r
7 //Functions that do not interact with DB
\r
8 //------------------------------------------------------------------------------
\r
10 //Retrieve a list of all .php files in models/languages
\r
11 function getLanguageFiles()
\r
13 $directory = "models/languages/";
\r
14 $languages = glob($directory . "*.php");
\r
15 //print each file name
\r
19 //Retrieve a list of all .css files in models/site-templates
\r
20 function getTemplateFiles()
\r
22 $directory = "models/site-templates/";
\r
23 $languages = glob($directory . "*.css");
\r
24 //print each file name
\r
28 //Retrieve a list of all .php files in root files folder
\r
29 function getPageFiles()
\r
32 $pages = glob($directory . "*.php");
\r
33 //print each file name
\r
34 foreach ($pages as $page){
\r
35 $row[$page] = $page;
\r
40 //Destroys a session as part of logout
\r
41 function destroySession($name)
\r
43 if(isset($_SESSION[$name]))
\r
45 $_SESSION[$name] = NULL;
\r
46 unset($_SESSION[$name]);
\r
50 //Generate a unique code
\r
51 function getUniqueCode($length = "")
\r
53 $code = md5(uniqid(rand(), true));
\r
54 if ($length != "") return substr($code, 0, $length);
\r
58 //Generate an activation key
\r
59 function generateActivationToken($gen = null)
\r
63 $gen = md5(uniqid(mt_rand(), false));
\r
65 while(validateActivationToken($gen));
\r
69 //@ Thanks to - http://phpsec.org
\r
70 function generateHash($plainText, $salt = null)
\r
74 //$salt = substr(md5(uniqid(rand(), true)), 0, 25); // Original UserCake
\r
75 $random = file_get_contents("/dev/urandom", false, null, 0, 25); // Get random number
\r
76 $salt = '$6$'.bin2hex($random).'$'; // Make hex salt
\r
79 //return $salt . sha1($salt . $plainText); // Original UserCake
\r
80 return crypt($plainText, $salt);
\r
84 * Generates a random password for emailing to new users.
\r
85 * User should be asked to change the password.
\r
87 function generatePassword()
\r
89 $random = file_get_contents("/dev/urandom", false, null, 0, 25);
\r
90 return bin2hex($random);
\r
93 //Checks if an email is valid
\r
94 function isValidEmail($email)
\r
96 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
\r
104 //Inputs language strings from selected language.
\r
105 function lang($key,$markers = NULL)
\r
108 if($markers == NULL)
\r
110 $str = $lang[$key];
\r
114 //Replace any dyamic markers
\r
115 $str = $lang[$key];
\r
117 foreach($markers as $marker)
\r
119 $str = str_replace("%m".$iteration."%",$marker,$str);
\r
123 //Ensure we have something to return
\r
126 return ("No language key found");
\r
134 //Checks if a string is within a min and max length
\r
135 function minMaxRange($min, $max, $what)
\r
137 if(strlen(trim($what)) < $min)
\r
139 else if(strlen(trim($what)) > $max)
\r
145 //Replaces hooks with specified text
\r
146 function replaceDefaultHook($str)
\r
148 global $default_hooks,$default_replace;
\r
149 return (str_replace($default_hooks,$default_replace,$str));
\r
152 //Displays error and success messages
\r
153 function resultBlock($errors,$successes){
\r
155 if(count($errors) > 0)
\r
157 echo "<div id='error'>
\r
158 <a href='#' onclick=\"showHide('error');\">[X]</a>
\r
160 foreach($errors as $error)
\r
162 echo "<li>".$error."</li>";
\r
168 if(count($successes) > 0)
\r
170 echo "<div id='success'>
\r
171 <a href='#' onclick=\"showHide('success');\">[X]</a>
\r
173 foreach($successes as $success)
\r
175 echo "<li>".$success."</li>";
\r
182 //Completely sanitizes text
\r
183 function sanitize($str)
\r
185 return strtolower(strip_tags(trim(($str))));
\r
188 //Functions that interact mainly with .users table
\r
189 //------------------------------------------------------------------------------
\r
191 //Delete a defined array of users
\r
192 function deleteUsers($users) {
\r
193 global $mysqli,$db_table_prefix;
\r
195 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
\r
197 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
198 WHERE user_id = ?");
\r
199 foreach($users as $id){
\r
200 $stmt->bind_param("i", $id);
\r
202 $stmt2->bind_param("i", $id);
\r
211 //Check if a display name exists in the DB
\r
212 function displayNameExists($displayname)
\r
214 global $mysqli,$db_table_prefix;
\r
215 $stmt = $mysqli->prepare("SELECT active
\r
216 FROM ".$db_table_prefix."users
\r
220 $stmt->bind_param("s", $displayname);
\r
222 $stmt->store_result();
\r
223 $num_returns = $stmt->num_rows;
\r
226 if ($num_returns > 0)
\r
236 //Check if an email exists in the DB
\r
237 function emailExists($email)
\r
239 global $mysqli,$db_table_prefix;
\r
240 $stmt = $mysqli->prepare("SELECT active
\r
241 FROM ".$db_table_prefix."users
\r
245 $stmt->bind_param("s", $email);
\r
247 $stmt->store_result();
\r
248 $num_returns = $stmt->num_rows;
\r
251 if ($num_returns > 0)
\r
261 //Check if a user name and email belong to the same user
\r
262 function emailUsernameLinked($email,$username)
\r
264 global $mysqli,$db_table_prefix;
\r
265 $stmt = $mysqli->prepare("SELECT active
\r
266 FROM ".$db_table_prefix."users
\r
267 WHERE user_name = ?
\r
272 $stmt->bind_param("ss", $username, $email);
\r
274 $stmt->store_result();
\r
275 $num_returns = $stmt->num_rows;
\r
278 if ($num_returns > 0)
\r
288 //Retrieve information for all users
\r
289 function fetchAllUsers()
\r
291 global $mysqli,$db_table_prefix;
\r
292 $stmt = $mysqli->prepare("SELECT
\r
299 last_activation_request,
\r
300 lost_password_request,
\r
305 FROM ".$db_table_prefix."users");
\r
307 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
309 while ($stmt->fetch()){
\r
310 $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
316 //Retrieve complete user information by username, token or ID
\r
317 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
319 if($username!=NULL) {
\r
320 $column = "user_name";
\r
323 elseif($token!=NULL) {
\r
324 $column = "activation_token";
\r
327 elseif($id!=NULL) {
\r
331 global $mysqli,$db_table_prefix;
\r
332 $stmt = $mysqli->prepare("SELECT
\r
339 last_activation_request,
\r
340 lost_password_request,
\r
345 FROM ".$db_table_prefix."users
\r
349 $stmt->bind_param("s", $data);
\r
352 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
353 while ($stmt->fetch()){
\r
354 $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
360 //Toggle if lost password request flag on or off
\r
361 function flagLostPasswordRequest($username,$value)
\r
363 global $mysqli,$db_table_prefix;
\r
364 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
365 SET lost_password_request = ?
\r
370 $stmt->bind_param("ss", $value, $username);
\r
371 $result = $stmt->execute();
\r
376 //Check if a user is logged in
\r
377 function isUserLoggedIn()
\r
379 global $loggedInUser,$mysqli,$db_table_prefix;
\r
380 $stmt = $mysqli->prepare("SELECT
\r
383 FROM ".$db_table_prefix."users
\r
391 $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
\r
393 $stmt->store_result();
\r
394 $num_returns = $stmt->num_rows;
\r
397 if($loggedInUser == NULL)
\r
403 if ($num_returns > 0)
\r
409 destroySession("userCakeUser");
\r
415 //Change a user from inactive to active
\r
416 function setUserActive($token)
\r
418 global $mysqli,$db_table_prefix;
\r
419 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
422 activation_token = ?
\r
424 $stmt->bind_param("s", $token);
\r
425 $result = $stmt->execute();
\r
430 //Change a user's display name
\r
431 function updateDisplayName($id, $display)
\r
433 global $mysqli,$db_table_prefix;
\r
434 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
435 SET display_name = ?
\r
439 $stmt->bind_param("si", $display, $id);
\r
440 $result = $stmt->execute();
\r
445 //Update a user's email
\r
446 function updateEmail($id, $email)
\r
448 global $mysqli,$db_table_prefix;
\r
449 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
454 $stmt->bind_param("si", $email, $id);
\r
455 $result = $stmt->execute();
\r
460 //Input new activation token, and update the time of the most recent activation request
\r
461 function updateLastActivationRequest($new_activation_token,$username,$email)
\r
463 global $mysqli,$db_table_prefix;
\r
464 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
465 SET activation_token = ?,
\r
466 last_activation_request = ?
\r
470 $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
\r
471 $result = $stmt->execute();
\r
476 //Generate a random password, and new token
\r
477 function updatePasswordFromToken($pass,$token)
\r
479 global $mysqli,$db_table_prefix;
\r
480 $new_activation_token = generateActivationToken();
\r
481 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
483 activation_token = ?
\r
485 activation_token = ?");
\r
486 $stmt->bind_param("sss", $pass, $new_activation_token, $token);
\r
487 $result = $stmt->execute();
\r
492 //Update a user's title
\r
493 function updateTitle($id, $title)
\r
495 global $mysqli,$db_table_prefix;
\r
496 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
501 $stmt->bind_param("si", $title, $id);
\r
502 $result = $stmt->execute();
\r
507 //Check if a user ID exists in the DB
\r
508 function userIdExists($id)
\r
510 global $mysqli,$db_table_prefix;
\r
511 $stmt = $mysqli->prepare("SELECT active
\r
512 FROM ".$db_table_prefix."users
\r
516 $stmt->bind_param("i", $id);
\r
518 $stmt->store_result();
\r
519 $num_returns = $stmt->num_rows;
\r
522 if ($num_returns > 0)
\r
532 //Checks if a username exists in the DB
\r
533 function usernameExists($username)
\r
535 global $mysqli,$db_table_prefix;
\r
536 $stmt = $mysqli->prepare("SELECT active
\r
537 FROM ".$db_table_prefix."users
\r
541 $stmt->bind_param("s", $username);
\r
543 $stmt->store_result();
\r
544 $num_returns = $stmt->num_rows;
\r
547 if ($num_returns > 0)
\r
557 //Check if activation token exists in DB
\r
558 function validateActivationToken($token,$lostpass=NULL)
\r
560 global $mysqli,$db_table_prefix;
\r
561 if($lostpass == NULL)
\r
563 $stmt = $mysqli->prepare("SELECT active
\r
564 FROM ".$db_table_prefix."users
\r
567 activation_token = ?
\r
572 $stmt = $mysqli->prepare("SELECT active
\r
573 FROM ".$db_table_prefix."users
\r
576 activation_token = ?
\r
578 lost_password_request = 1
\r
581 $stmt->bind_param("s", $token);
\r
583 $stmt->store_result();
\r
584 $num_returns = $stmt->num_rows;
\r
587 if ($num_returns > 0)
\r
597 //Functions that interact mainly with .permissions table
\r
598 //------------------------------------------------------------------------------
\r
600 //Create a permission level in DB
\r
601 function createPermission($permission) {
\r
602 global $mysqli,$db_table_prefix;
\r
603 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
\r
609 $stmt->bind_param("s", $permission);
\r
610 $result = $stmt->execute();
\r
615 //Delete a permission level from the DB
\r
616 function deletePermission($permission) {
\r
617 global $mysqli,$db_table_prefix,$errors;
\r
619 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
\r
621 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
622 WHERE permission_id = ?");
\r
623 $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
624 WHERE permission_id = ?");
\r
625 foreach($permission as $id){
\r
627 $errors[] = lang("CANNOT_DELETE_NEWUSERS");
\r
630 $errors[] = lang("CANNOT_DELETE_ADMIN");
\r
633 $stmt->bind_param("i", $id);
\r
635 $stmt2->bind_param("i", $id);
\r
637 $stmt3->bind_param("i", $id);
\r
648 //Retrieve information for all permission levels
\r
649 function fetchAllPermissions()
\r
651 global $mysqli,$db_table_prefix;
\r
652 $stmt = $mysqli->prepare("SELECT
\r
655 FROM ".$db_table_prefix."permissions");
\r
657 $stmt->bind_result($id, $name);
\r
658 while ($stmt->fetch()){
\r
659 $row[] = array('id' => $id, 'name' => $name);
\r
665 //Retrieve information for a single permission level
\r
666 function fetchPermissionDetails($id)
\r
668 global $mysqli,$db_table_prefix;
\r
669 $stmt = $mysqli->prepare("SELECT
\r
672 FROM ".$db_table_prefix."permissions
\r
676 $stmt->bind_param("i", $id);
\r
678 $stmt->bind_result($id, $name);
\r
679 while ($stmt->fetch()){
\r
680 $row = array('id' => $id, 'name' => $name);
\r
686 //Check if a permission level ID exists in the DB
\r
687 function permissionIdExists($id)
\r
689 global $mysqli,$db_table_prefix;
\r
690 $stmt = $mysqli->prepare("SELECT id
\r
691 FROM ".$db_table_prefix."permissions
\r
695 $stmt->bind_param("i", $id);
\r
697 $stmt->store_result();
\r
698 $num_returns = $stmt->num_rows;
\r
701 if ($num_returns > 0)
\r
711 //Check if a permission level name exists in the DB
\r
712 function permissionNameExists($permission)
\r
714 global $mysqli,$db_table_prefix;
\r
715 $stmt = $mysqli->prepare("SELECT id
\r
716 FROM ".$db_table_prefix."permissions
\r
720 $stmt->bind_param("s", $permission);
\r
722 $stmt->store_result();
\r
723 $num_returns = $stmt->num_rows;
\r
726 if ($num_returns > 0)
\r
736 //Change a permission level's name
\r
737 function updatePermissionName($id, $name)
\r
739 global $mysqli,$db_table_prefix;
\r
740 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
\r
745 $stmt->bind_param("si", $name, $id);
\r
746 $result = $stmt->execute();
\r
751 //Functions that interact mainly with .user_permission_matches table
\r
752 //------------------------------------------------------------------------------
\r
754 //Match permission level(s) with user(s)
\r
755 function addPermission($permission, $user) {
\r
756 global $mysqli,$db_table_prefix;
\r
758 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
\r
766 if (is_array($permission)){
\r
767 foreach($permission as $id){
\r
768 $stmt->bind_param("ii", $id, $user);
\r
773 elseif (is_array($user)){
\r
774 foreach($user as $id){
\r
775 $stmt->bind_param("ii", $permission, $id);
\r
781 $stmt->bind_param("ii", $permission, $user);
\r
789 //Retrieve information for all user/permission level matches
\r
790 function fetchAllMatches()
\r
792 global $mysqli,$db_table_prefix;
\r
793 $stmt = $mysqli->prepare("SELECT
\r
797 FROM ".$db_table_prefix."user_permission_matches");
\r
799 $stmt->bind_result($id, $user, $permission);
\r
800 while ($stmt->fetch()){
\r
801 $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
\r
807 //Retrieve list of permission levels a user has
\r
808 function fetchUserPermissions($user_id)
\r
810 global $mysqli,$db_table_prefix;
\r
811 $stmt = $mysqli->prepare("SELECT
\r
814 FROM ".$db_table_prefix."user_permission_matches
\r
817 $stmt->bind_param("i", $user_id);
\r
819 $stmt->bind_result($id, $permission);
\r
820 while ($stmt->fetch()){
\r
821 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
829 //Retrieve list of users who have a permission level
\r
830 function fetchPermissionUsers($permission_id)
\r
832 global $mysqli,$db_table_prefix;
\r
833 $stmt = $mysqli->prepare("SELECT id, user_id
\r
834 FROM ".$db_table_prefix."user_permission_matches
\r
835 WHERE permission_id = ?
\r
837 $stmt->bind_param("i", $permission_id);
\r
839 $stmt->bind_result($id, $user);
\r
840 while ($stmt->fetch()){
\r
841 $row[$user] = array('id' => $id, 'user_id' => $user);
\r
849 //Unmatch permission level(s) from user(s)
\r
850 function removePermission($permission, $user) {
\r
851 global $mysqli,$db_table_prefix;
\r
853 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
854 WHERE permission_id = ?
\r
856 if (is_array($permission)){
\r
857 foreach($permission as $id){
\r
858 $stmt->bind_param("ii", $id, $user);
\r
863 elseif (is_array($user)){
\r
864 foreach($user as $id){
\r
865 $stmt->bind_param("ii", $permission, $id);
\r
871 $stmt->bind_param("ii", $permission, $user);
\r
879 //Functions that interact mainly with .configuration table
\r
880 //------------------------------------------------------------------------------
\r
882 //Update configuration table
\r
883 function updateConfig($id, $value)
\r
885 global $mysqli,$db_table_prefix;
\r
886 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
\r
891 foreach ($id as $cfg){
\r
892 $stmt->bind_param("si", $value[$cfg], $cfg);
\r
898 //Functions that interact mainly with .pages table
\r
899 //------------------------------------------------------------------------------
\r
901 //Add a page to the DB
\r
902 function createPages($pages) {
\r
903 global $mysqli,$db_table_prefix;
\r
904 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
\r
910 foreach($pages as $page){
\r
911 $stmt->bind_param("s", $page);
\r
917 //Delete a page from the DB
\r
918 function deletePages($pages) {
\r
919 global $mysqli,$db_table_prefix;
\r
920 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
\r
922 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
923 WHERE page_id = ?");
\r
924 foreach($pages as $id){
\r
925 $stmt->bind_param("i", $id);
\r
927 $stmt2->bind_param("i", $id);
\r
934 //Fetch information on all pages
\r
935 function fetchAllPages()
\r
937 global $mysqli,$db_table_prefix;
\r
938 $stmt = $mysqli->prepare("SELECT
\r
942 FROM ".$db_table_prefix."pages");
\r
944 $stmt->bind_result($id, $page, $private);
\r
945 while ($stmt->fetch()){
\r
946 $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
\r
954 //Fetch information for a specific page
\r
955 function fetchPageDetails($id)
\r
957 global $mysqli,$db_table_prefix;
\r
958 $stmt = $mysqli->prepare("SELECT
\r
962 FROM ".$db_table_prefix."pages
\r
966 $stmt->bind_param("i", $id);
\r
968 $stmt->bind_result($id, $page, $private);
\r
969 while ($stmt->fetch()){
\r
970 $row = array('id' => $id, 'page' => $page, 'private' => $private);
\r
976 //Check if a page ID exists
\r
977 function pageIdExists($id)
\r
979 global $mysqli,$db_table_prefix;
\r
980 $stmt = $mysqli->prepare("SELECT private
\r
981 FROM ".$db_table_prefix."pages
\r
985 $stmt->bind_param("i", $id);
\r
987 $stmt->store_result();
\r
988 $num_returns = $stmt->num_rows;
\r
991 if ($num_returns > 0)
\r
1001 //Toggle private/public setting of a page
\r
1002 function updatePrivate($id, $private)
\r
1004 global $mysqli,$db_table_prefix;
\r
1005 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
\r
1010 $stmt->bind_param("ii", $private, $id);
\r
1011 $result = $stmt->execute();
\r
1016 //Functions that interact mainly with .permission_page_matches table
\r
1017 //------------------------------------------------------------------------------
\r
1019 //Match permission level(s) with page(s)
\r
1020 function addPage($page, $permission) {
\r
1021 global $mysqli,$db_table_prefix;
\r
1023 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
\r
1031 if (is_array($permission)){
\r
1032 foreach($permission as $id){
\r
1033 $stmt->bind_param("ii", $id, $page);
\r
1038 elseif (is_array($page)){
\r
1039 foreach($page as $id){
\r
1040 $stmt->bind_param("ii", $permission, $id);
\r
1046 $stmt->bind_param("ii", $permission, $page);
\r
1054 //Retrieve list of permission levels that can access a page
\r
1055 function fetchPagePermissions($page_id)
\r
1057 global $mysqli,$db_table_prefix;
\r
1058 $stmt = $mysqli->prepare("SELECT
\r
1061 FROM ".$db_table_prefix."permission_page_matches
\r
1064 $stmt->bind_param("i", $page_id);
\r
1066 $stmt->bind_result($id, $permission);
\r
1067 while ($stmt->fetch()){
\r
1068 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
1076 //Retrieve list of pages that a permission level can access
\r
1077 function fetchPermissionPages($permission_id)
\r
1079 global $mysqli,$db_table_prefix;
\r
1080 $stmt = $mysqli->prepare("SELECT
\r
1083 FROM ".$db_table_prefix."permission_page_matches
\r
1084 WHERE permission_id = ?
\r
1086 $stmt->bind_param("i", $permission_id);
\r
1088 $stmt->bind_result($id, $page);
\r
1089 while ($stmt->fetch()){
\r
1090 $row[$page] = array('id' => $id, 'permission_id' => $page);
\r
1098 //Unmatched permission and page
\r
1099 function removePage($page, $permission) {
\r
1100 global $mysqli,$db_table_prefix;
\r
1102 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1104 AND permission_id =?");
\r
1105 if (is_array($page)){
\r
1106 foreach($page as $id){
\r
1107 $stmt->bind_param("ii", $id, $permission);
\r
1112 elseif (is_array($permission)){
\r
1113 foreach($permission as $id){
\r
1114 $stmt->bind_param("ii", $page, $id);
\r
1120 $stmt->bind_param("ii", $permission, $user);
\r
1128 //Check if a user has access to a page
\r
1129 function securePage($uri){
\r
1131 //Separate document name from uri
\r
1132 $tokens = explode('/', $uri);
\r
1133 $page = $tokens[sizeof($tokens)-1];
\r
1134 global $mysqli,$db_table_prefix,$loggedInUser;
\r
1135 //retrieve page details
\r
1136 $stmt = $mysqli->prepare("SELECT
\r
1140 FROM ".$db_table_prefix."pages
\r
1144 $stmt->bind_param("s", $page);
\r
1146 $stmt->bind_result($id, $page, $private);
\r
1147 while ($stmt->fetch()){
\r
1148 $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1151 //If page does not exist in DB, allow access
\r
1152 if (empty($pageDetails)){
\r
1155 //If page is public, allow access
\r
1156 elseif ($pageDetails['private'] == 0) {
\r
1159 //If user is not logged in, deny access
\r
1160 elseif(!isUserLoggedIn())
\r
1162 header("Location: login.php");
\r
1166 //Retrieve list of permission levels with access to page
\r
1167 $stmt = $mysqli->prepare("SELECT
\r
1169 FROM ".$db_table_prefix."permission_page_matches
\r
1172 $stmt->bind_param("i", $pageDetails['id']);
\r
1174 $stmt->bind_result($permission);
\r
1175 while ($stmt->fetch()){
\r
1176 $pagePermissions[] = $permission;
\r
1179 //Check if user's permission levels allow access to page
\r
1180 if ($loggedInUser->checkPermission($pagePermissions)){
\r
1183 //Grant access if master user
\r
1184 elseif ($loggedInUser->user_id == $master_account){
\r
1188 header("Location: account.php");
\r