3 UserCake Version: 2.0.2
\r
7 //Functions that do not interact with DB
\r
8 //------------------------------------------------------------------------------
\r
10 //Retrieve a list of all .php files in models/languages
\r
11 function getLanguageFiles()
\r
13 $directory = "models/languages/";
\r
14 $languages = glob($directory . "*.php");
\r
15 //print each file name
\r
19 //Retrieve a list of all .css files in models/site-templates
\r
20 function getTemplateFiles()
\r
22 $directory = "models/site-templates/";
\r
23 $languages = glob($directory . "*.css");
\r
24 //print each file name
\r
28 //Retrieve a list of all .php files in root files folder
\r
29 function getPageFiles()
\r
32 $pages = glob($directory . "*.php");
\r
33 //print each file name
\r
34 foreach ($pages as $page){
\r
35 $row[$page] = $page;
\r
40 //Destroys a session as part of logout
\r
41 function destroySession($name)
\r
43 if(isset($_SESSION[$name]))
\r
45 $_SESSION[$name] = NULL;
\r
46 unset($_SESSION[$name]);
\r
50 //Generate a unique code
\r
51 function getUniqueCode($length = "")
\r
53 $code = md5(uniqid(rand(), true));
\r
54 if ($length != "") return substr($code, 0, $length);
\r
58 //Generate an activation key
\r
59 function generateActivationToken($gen = null)
\r
63 $gen = md5(uniqid(mt_rand(), false));
\r
65 while(validateActivationToken($gen));
\r
69 //@ Thanks to - http://phpsec.org
\r
70 function generateHash($plainText, $salt = null)
\r
74 $salt = substr(md5(uniqid(rand(), true)), 0, 25);
\r
78 $salt = substr($salt, 0, 25);
\r
81 return $salt . sha1($salt . $plainText);
\r
84 //Checks if an email is valid
\r
85 function isValidEmail($email)
\r
87 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
\r
95 //Inputs language strings from selected language.
\r
96 function lang($key,$markers = NULL)
\r
99 if($markers == NULL)
\r
101 $str = $lang[$key];
\r
105 //Replace any dyamic markers
\r
106 $str = $lang[$key];
\r
108 foreach($markers as $marker)
\r
110 $str = str_replace("%m".$iteration."%",$marker,$str);
\r
114 //Ensure we have something to return
\r
117 return ("No language key found");
\r
125 //Checks if a string is within a min and max length
\r
126 function minMaxRange($min, $max, $what)
\r
128 if(strlen(trim($what)) < $min)
\r
130 else if(strlen(trim($what)) > $max)
\r
136 //Replaces hooks with specified text
\r
137 function replaceDefaultHook($str)
\r
139 global $default_hooks,$default_replace;
\r
140 return (str_replace($default_hooks,$default_replace,$str));
\r
143 //Displays error and success messages
\r
144 function resultBlock($errors,$successes){
\r
146 if(count($errors) > 0)
\r
148 echo "<div id='error'>
\r
149 <a href='#' onclick=\"showHide('error');\">[X]</a>
\r
151 foreach($errors as $error)
\r
153 echo "<li>".$error."</li>";
\r
159 if(count($successes) > 0)
\r
161 echo "<div id='success'>
\r
162 <a href='#' onclick=\"showHide('success');\">[X]</a>
\r
164 foreach($successes as $success)
\r
166 echo "<li>".$success."</li>";
\r
173 //Completely sanitizes text
\r
174 function sanitize($str)
\r
176 return strtolower(strip_tags(trim(($str))));
\r
179 //Functions that interact mainly with .users table
\r
180 //------------------------------------------------------------------------------
\r
182 //Delete a defined array of users
\r
183 function deleteUsers($users) {
\r
184 global $mysqli,$db_table_prefix;
\r
186 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
\r
188 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
189 WHERE user_id = ?");
\r
190 foreach($users as $id){
\r
191 $stmt->bind_param("i", $id);
\r
193 $stmt2->bind_param("i", $id);
\r
202 //Check if a display name exists in the DB
\r
203 function displayNameExists($displayname)
\r
205 global $mysqli,$db_table_prefix;
\r
206 $stmt = $mysqli->prepare("SELECT active
\r
207 FROM ".$db_table_prefix."users
\r
211 $stmt->bind_param("s", $displayname);
\r
213 $stmt->store_result();
\r
214 $num_returns = $stmt->num_rows;
\r
217 if ($num_returns > 0)
\r
227 //Check if an email exists in the DB
\r
228 function emailExists($email)
\r
230 global $mysqli,$db_table_prefix;
\r
231 $stmt = $mysqli->prepare("SELECT active
\r
232 FROM ".$db_table_prefix."users
\r
236 $stmt->bind_param("s", $email);
\r
238 $stmt->store_result();
\r
239 $num_returns = $stmt->num_rows;
\r
242 if ($num_returns > 0)
\r
252 //Check if a user name and email belong to the same user
\r
253 function emailUsernameLinked($email,$username)
\r
255 global $mysqli,$db_table_prefix;
\r
256 $stmt = $mysqli->prepare("SELECT active
\r
257 FROM ".$db_table_prefix."users
\r
258 WHERE user_name = ?
\r
263 $stmt->bind_param("ss", $username, $email);
\r
265 $stmt->store_result();
\r
266 $num_returns = $stmt->num_rows;
\r
269 if ($num_returns > 0)
\r
279 //Retrieve information for all users
\r
280 function fetchAllUsers()
\r
282 global $mysqli,$db_table_prefix;
\r
283 $stmt = $mysqli->prepare("SELECT
\r
290 last_activation_request,
\r
291 lost_password_request,
\r
296 FROM ".$db_table_prefix."users");
\r
298 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
300 while ($stmt->fetch()){
\r
301 $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
307 //Retrieve complete user information by username, token or ID
\r
308 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
310 if($username!=NULL) {
\r
311 $column = "user_name";
\r
314 elseif($token!=NULL) {
\r
315 $column = "activation_token";
\r
318 elseif($id!=NULL) {
\r
322 global $mysqli,$db_table_prefix;
\r
323 $stmt = $mysqli->prepare("SELECT
\r
330 last_activation_request,
\r
331 lost_password_request,
\r
336 FROM ".$db_table_prefix."users
\r
340 $stmt->bind_param("s", $data);
\r
343 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
344 while ($stmt->fetch()){
\r
345 $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
351 //Toggle if lost password request flag on or off
\r
352 function flagLostPasswordRequest($username,$value)
\r
354 global $mysqli,$db_table_prefix;
\r
355 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
356 SET lost_password_request = ?
\r
361 $stmt->bind_param("ss", $value, $username);
\r
362 $result = $stmt->execute();
\r
367 //Check if a user is logged in
\r
368 function isUserLoggedIn()
\r
370 global $loggedInUser,$mysqli,$db_table_prefix;
\r
371 $stmt = $mysqli->prepare("SELECT
\r
374 FROM ".$db_table_prefix."users
\r
382 $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
\r
384 $stmt->store_result();
\r
385 $num_returns = $stmt->num_rows;
\r
388 if($loggedInUser == NULL)
\r
394 if ($num_returns > 0)
\r
400 destroySession("userCakeUser");
\r
406 //Change a user from inactive to active
\r
407 function setUserActive($token)
\r
409 global $mysqli,$db_table_prefix;
\r
410 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
413 activation_token = ?
\r
415 $stmt->bind_param("s", $token);
\r
416 $result = $stmt->execute();
\r
421 //Change a user's display name
\r
422 function updateDisplayName($id, $display)
\r
424 global $mysqli,$db_table_prefix;
\r
425 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
426 SET display_name = ?
\r
430 $stmt->bind_param("si", $display, $id);
\r
431 $result = $stmt->execute();
\r
436 //Update a user's email
\r
437 function updateEmail($id, $email)
\r
439 global $mysqli,$db_table_prefix;
\r
440 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
445 $stmt->bind_param("si", $email, $id);
\r
446 $result = $stmt->execute();
\r
451 //Input new activation token, and update the time of the most recent activation request
\r
452 function updateLastActivationRequest($new_activation_token,$username,$email)
\r
454 global $mysqli,$db_table_prefix;
\r
455 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
456 SET activation_token = ?,
\r
457 last_activation_request = ?
\r
461 $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
\r
462 $result = $stmt->execute();
\r
467 //Generate a random password, and new token
\r
468 function updatePasswordFromToken($pass,$token)
\r
470 global $mysqli,$db_table_prefix;
\r
471 $new_activation_token = generateActivationToken();
\r
472 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
474 activation_token = ?
\r
476 activation_token = ?");
\r
477 $stmt->bind_param("sss", $pass, $new_activation_token, $token);
\r
478 $result = $stmt->execute();
\r
483 //Update a user's title
\r
484 function updateTitle($id, $title)
\r
486 global $mysqli,$db_table_prefix;
\r
487 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
492 $stmt->bind_param("si", $title, $id);
\r
493 $result = $stmt->execute();
\r
498 //Check if a user ID exists in the DB
\r
499 function userIdExists($id)
\r
501 global $mysqli,$db_table_prefix;
\r
502 $stmt = $mysqli->prepare("SELECT active
\r
503 FROM ".$db_table_prefix."users
\r
507 $stmt->bind_param("i", $id);
\r
509 $stmt->store_result();
\r
510 $num_returns = $stmt->num_rows;
\r
513 if ($num_returns > 0)
\r
523 //Checks if a username exists in the DB
\r
524 function usernameExists($username)
\r
526 global $mysqli,$db_table_prefix;
\r
527 $stmt = $mysqli->prepare("SELECT active
\r
528 FROM ".$db_table_prefix."users
\r
532 $stmt->bind_param("s", $username);
\r
534 $stmt->store_result();
\r
535 $num_returns = $stmt->num_rows;
\r
538 if ($num_returns > 0)
\r
548 //Check if activation token exists in DB
\r
549 function validateActivationToken($token,$lostpass=NULL)
\r
551 global $mysqli,$db_table_prefix;
\r
552 if($lostpass == NULL)
\r
554 $stmt = $mysqli->prepare("SELECT active
\r
555 FROM ".$db_table_prefix."users
\r
558 activation_token = ?
\r
563 $stmt = $mysqli->prepare("SELECT active
\r
564 FROM ".$db_table_prefix."users
\r
567 activation_token = ?
\r
569 lost_password_request = 1
\r
572 $stmt->bind_param("s", $token);
\r
574 $stmt->store_result();
\r
575 $num_returns = $stmt->num_rows;
\r
578 if ($num_returns > 0)
\r
588 //Functions that interact mainly with .permissions table
\r
589 //------------------------------------------------------------------------------
\r
591 //Create a permission level in DB
\r
592 function createPermission($permission) {
\r
593 global $mysqli,$db_table_prefix;
\r
594 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
\r
600 $stmt->bind_param("s", $permission);
\r
601 $result = $stmt->execute();
\r
606 //Delete a permission level from the DB
\r
607 function deletePermission($permission) {
\r
608 global $mysqli,$db_table_prefix,$errors;
\r
610 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
\r
612 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
613 WHERE permission_id = ?");
\r
614 $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
615 WHERE permission_id = ?");
\r
616 foreach($permission as $id){
\r
618 $errors[] = lang("CANNOT_DELETE_NEWUSERS");
\r
621 $errors[] = lang("CANNOT_DELETE_ADMIN");
\r
624 $stmt->bind_param("i", $id);
\r
626 $stmt2->bind_param("i", $id);
\r
628 $stmt3->bind_param("i", $id);
\r
639 //Retrieve information for all permission levels
\r
640 function fetchAllPermissions()
\r
642 global $mysqli,$db_table_prefix;
\r
643 $stmt = $mysqli->prepare("SELECT
\r
646 FROM ".$db_table_prefix."permissions");
\r
648 $stmt->bind_result($id, $name);
\r
649 while ($stmt->fetch()){
\r
650 $row[] = array('id' => $id, 'name' => $name);
\r
656 //Retrieve information for a single permission level
\r
657 function fetchPermissionDetails($id)
\r
659 global $mysqli,$db_table_prefix;
\r
660 $stmt = $mysqli->prepare("SELECT
\r
663 FROM ".$db_table_prefix."permissions
\r
667 $stmt->bind_param("i", $id);
\r
669 $stmt->bind_result($id, $name);
\r
670 while ($stmt->fetch()){
\r
671 $row = array('id' => $id, 'name' => $name);
\r
677 //Check if a permission level ID exists in the DB
\r
678 function permissionIdExists($id)
\r
680 global $mysqli,$db_table_prefix;
\r
681 $stmt = $mysqli->prepare("SELECT id
\r
682 FROM ".$db_table_prefix."permissions
\r
686 $stmt->bind_param("i", $id);
\r
688 $stmt->store_result();
\r
689 $num_returns = $stmt->num_rows;
\r
692 if ($num_returns > 0)
\r
702 //Check if a permission level name exists in the DB
\r
703 function permissionNameExists($permission)
\r
705 global $mysqli,$db_table_prefix;
\r
706 $stmt = $mysqli->prepare("SELECT id
\r
707 FROM ".$db_table_prefix."permissions
\r
711 $stmt->bind_param("s", $permission);
\r
713 $stmt->store_result();
\r
714 $num_returns = $stmt->num_rows;
\r
717 if ($num_returns > 0)
\r
727 //Change a permission level's name
\r
728 function updatePermissionName($id, $name)
\r
730 global $mysqli,$db_table_prefix;
\r
731 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
\r
736 $stmt->bind_param("si", $name, $id);
\r
737 $result = $stmt->execute();
\r
742 //Functions that interact mainly with .user_permission_matches table
\r
743 //------------------------------------------------------------------------------
\r
745 //Match permission level(s) with user(s)
\r
746 function addPermission($permission, $user) {
\r
747 global $mysqli,$db_table_prefix;
\r
749 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
\r
757 if (is_array($permission)){
\r
758 foreach($permission as $id){
\r
759 $stmt->bind_param("ii", $id, $user);
\r
764 elseif (is_array($user)){
\r
765 foreach($user as $id){
\r
766 $stmt->bind_param("ii", $permission, $id);
\r
772 $stmt->bind_param("ii", $permission, $user);
\r
780 //Retrieve information for all user/permission level matches
\r
781 function fetchAllMatches()
\r
783 global $mysqli,$db_table_prefix;
\r
784 $stmt = $mysqli->prepare("SELECT
\r
788 FROM ".$db_table_prefix."user_permission_matches");
\r
790 $stmt->bind_result($id, $user, $permission);
\r
791 while ($stmt->fetch()){
\r
792 $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
\r
798 //Retrieve list of permission levels a user has
\r
799 function fetchUserPermissions($user_id)
\r
801 global $mysqli,$db_table_prefix;
\r
802 $stmt = $mysqli->prepare("SELECT
\r
805 FROM ".$db_table_prefix."user_permission_matches
\r
808 $stmt->bind_param("i", $user_id);
\r
810 $stmt->bind_result($id, $permission);
\r
811 while ($stmt->fetch()){
\r
812 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
820 //Retrieve list of users who have a permission level
\r
821 function fetchPermissionUsers($permission_id)
\r
823 global $mysqli,$db_table_prefix;
\r
824 $stmt = $mysqli->prepare("SELECT id, user_id
\r
825 FROM ".$db_table_prefix."user_permission_matches
\r
826 WHERE permission_id = ?
\r
828 $stmt->bind_param("i", $permission_id);
\r
830 $stmt->bind_result($id, $user);
\r
831 while ($stmt->fetch()){
\r
832 $row[$user] = array('id' => $id, 'user_id' => $user);
\r
840 //Unmatch permission level(s) from user(s)
\r
841 function removePermission($permission, $user) {
\r
842 global $mysqli,$db_table_prefix;
\r
844 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
845 WHERE permission_id = ?
\r
847 if (is_array($permission)){
\r
848 foreach($permission as $id){
\r
849 $stmt->bind_param("ii", $id, $user);
\r
854 elseif (is_array($user)){
\r
855 foreach($user as $id){
\r
856 $stmt->bind_param("ii", $permission, $id);
\r
862 $stmt->bind_param("ii", $permission, $user);
\r
870 //Functions that interact mainly with .configuration table
\r
871 //------------------------------------------------------------------------------
\r
873 //Update configuration table
\r
874 function updateConfig($id, $value)
\r
876 global $mysqli,$db_table_prefix;
\r
877 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
\r
882 foreach ($id as $cfg){
\r
883 $stmt->bind_param("si", $value[$cfg], $cfg);
\r
889 //Functions that interact mainly with .pages table
\r
890 //------------------------------------------------------------------------------
\r
892 //Add a page to the DB
\r
893 function createPages($pages) {
\r
894 global $mysqli,$db_table_prefix;
\r
895 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
\r
901 foreach($pages as $page){
\r
902 $stmt->bind_param("s", $page);
\r
908 //Delete a page from the DB
\r
909 function deletePages($pages) {
\r
910 global $mysqli,$db_table_prefix;
\r
911 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
\r
913 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
914 WHERE page_id = ?");
\r
915 foreach($pages as $id){
\r
916 $stmt->bind_param("i", $id);
\r
918 $stmt2->bind_param("i", $id);
\r
925 //Fetch information on all pages
\r
926 function fetchAllPages()
\r
928 global $mysqli,$db_table_prefix;
\r
929 $stmt = $mysqli->prepare("SELECT
\r
933 FROM ".$db_table_prefix."pages");
\r
935 $stmt->bind_result($id, $page, $private);
\r
936 while ($stmt->fetch()){
\r
937 $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
\r
945 //Fetch information for a specific page
\r
946 function fetchPageDetails($id)
\r
948 global $mysqli,$db_table_prefix;
\r
949 $stmt = $mysqli->prepare("SELECT
\r
953 FROM ".$db_table_prefix."pages
\r
957 $stmt->bind_param("i", $id);
\r
959 $stmt->bind_result($id, $page, $private);
\r
960 while ($stmt->fetch()){
\r
961 $row = array('id' => $id, 'page' => $page, 'private' => $private);
\r
967 //Check if a page ID exists
\r
968 function pageIdExists($id)
\r
970 global $mysqli,$db_table_prefix;
\r
971 $stmt = $mysqli->prepare("SELECT private
\r
972 FROM ".$db_table_prefix."pages
\r
976 $stmt->bind_param("i", $id);
\r
978 $stmt->store_result();
\r
979 $num_returns = $stmt->num_rows;
\r
982 if ($num_returns > 0)
\r
992 //Toggle private/public setting of a page
\r
993 function updatePrivate($id, $private)
\r
995 global $mysqli,$db_table_prefix;
\r
996 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
\r
1001 $stmt->bind_param("ii", $private, $id);
\r
1002 $result = $stmt->execute();
\r
1007 //Functions that interact mainly with .permission_page_matches table
\r
1008 //------------------------------------------------------------------------------
\r
1010 //Match permission level(s) with page(s)
\r
1011 function addPage($page, $permission) {
\r
1012 global $mysqli,$db_table_prefix;
\r
1014 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
\r
1022 if (is_array($permission)){
\r
1023 foreach($permission as $id){
\r
1024 $stmt->bind_param("ii", $id, $page);
\r
1029 elseif (is_array($page)){
\r
1030 foreach($page as $id){
\r
1031 $stmt->bind_param("ii", $permission, $id);
\r
1037 $stmt->bind_param("ii", $permission, $page);
\r
1045 //Retrieve list of permission levels that can access a page
\r
1046 function fetchPagePermissions($page_id)
\r
1048 global $mysqli,$db_table_prefix;
\r
1049 $stmt = $mysqli->prepare("SELECT
\r
1052 FROM ".$db_table_prefix."permission_page_matches
\r
1055 $stmt->bind_param("i", $page_id);
\r
1057 $stmt->bind_result($id, $permission);
\r
1058 while ($stmt->fetch()){
\r
1059 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
1067 //Retrieve list of pages that a permission level can access
\r
1068 function fetchPermissionPages($permission_id)
\r
1070 global $mysqli,$db_table_prefix;
\r
1071 $stmt = $mysqli->prepare("SELECT
\r
1074 FROM ".$db_table_prefix."permission_page_matches
\r
1075 WHERE permission_id = ?
\r
1077 $stmt->bind_param("i", $permission_id);
\r
1079 $stmt->bind_result($id, $page);
\r
1080 while ($stmt->fetch()){
\r
1081 $row[$page] = array('id' => $id, 'permission_id' => $page);
\r
1089 //Unmatched permission and page
\r
1090 function removePage($page, $permission) {
\r
1091 global $mysqli,$db_table_prefix;
\r
1093 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1095 AND permission_id =?");
\r
1096 if (is_array($page)){
\r
1097 foreach($page as $id){
\r
1098 $stmt->bind_param("ii", $id, $permission);
\r
1103 elseif (is_array($permission)){
\r
1104 foreach($permission as $id){
\r
1105 $stmt->bind_param("ii", $page, $id);
\r
1111 $stmt->bind_param("ii", $permission, $user);
\r
1119 //Check if a user has access to a page
\r
1120 function securePage($uri){
\r
1122 //Separate document name from uri
\r
1123 $tokens = explode('/', $uri);
\r
1124 $page = $tokens[sizeof($tokens)-1];
\r
1125 global $mysqli,$db_table_prefix,$loggedInUser;
\r
1126 //retrieve page details
\r
1127 $stmt = $mysqli->prepare("SELECT
\r
1131 FROM ".$db_table_prefix."pages
\r
1135 $stmt->bind_param("s", $page);
\r
1137 $stmt->bind_result($id, $page, $private);
\r
1138 while ($stmt->fetch()){
\r
1139 $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1142 //If page does not exist in DB, allow access
\r
1143 if (empty($pageDetails)){
\r
1146 //If page is public, allow access
\r
1147 elseif ($pageDetails['private'] == 0) {
\r
1150 //If user is not logged in, deny access
\r
1151 elseif(!isUserLoggedIn())
\r
1153 header("Location: login.php");
\r
1157 //Retrieve list of permission levels with access to page
\r
1158 $stmt = $mysqli->prepare("SELECT
\r
1160 FROM ".$db_table_prefix."permission_page_matches
\r
1163 $stmt->bind_param("i", $pageDetails['id']);
\r
1165 $stmt->bind_result($permission);
\r
1166 while ($stmt->fetch()){
\r
1167 $pagePermissions[] = $permission;
\r
1170 //Check if user's permission levels allow access to page
\r
1171 if ($loggedInUser->checkPermission($pagePermissions)){
\r
1174 //Grant access if master user
\r
1175 elseif ($loggedInUser->user_id == $master_account){
\r
1179 header("Location: account.php");
\r