3 UserCake Version: 2.0.2
\r
7 //Functions that do not interact with DB
\r
8 //------------------------------------------------------------------------------
\r
10 //Retrieve a list of all .php files in models/languages
\r
11 function getLanguageFiles()
\r
13 $directory = "models/languages/";
\r
14 $languages = glob($directory . "*.php");
\r
15 //print each file name
\r
19 //Retrieve a list of all .css files in models/site-templates
\r
20 function getTemplateFiles()
\r
22 $directory = "models/site-templates/";
\r
23 $languages = glob($directory . "*.css");
\r
24 //print each file name
\r
28 //Retrieve a list of all .php files in root files folder
\r
29 function getPageFiles()
\r
32 $pages = glob($directory . "*.php");
\r
33 //print each file name
\r
34 foreach ($pages as $page){
\r
35 $row[$page] = $page;
\r
40 //Destroys a session as part of logout
\r
41 function destroySession($name)
\r
43 if(isset($_SESSION[$name]))
\r
45 $_SESSION[$name] = NULL;
\r
46 unset($_SESSION[$name]);
\r
50 //Generate a unique code
\r
51 function getUniqueCode($length = "")
\r
53 $code = md5(uniqid(rand(), true));
\r
54 if ($length != "") return substr($code, 0, $length);
\r
58 //Generate an activation key
\r
59 function generateActivationToken($gen = null)
\r
63 $gen = md5(uniqid(mt_rand(), false));
\r
65 while(validateActivationToken($gen));
\r
69 //@ Thanks to - http://phpsec.org
\r
70 function generateHash($plainText, $salt = null)
\r
74 //$salt = substr(md5(uniqid(rand(), true)), 0, 25); // Original UserCake
\r
75 $random = file_get_contents("/dev/urandom", false, null, 0, 25); // Get random number
\r
76 $salt = '$6$'.bin2hex($random).'$'; // Make hex salt
\r
79 //return $salt . sha1($salt . $plainText); // Original UserCake
\r
80 return crypt($plainText, $salt);
\r
83 //Checks if an email is valid
\r
84 function isValidEmail($email)
\r
86 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
\r
94 //Inputs language strings from selected language.
\r
95 function lang($key,$markers = NULL)
\r
98 if($markers == NULL)
\r
100 $str = $lang[$key];
\r
104 //Replace any dyamic markers
\r
105 $str = $lang[$key];
\r
107 foreach($markers as $marker)
\r
109 $str = str_replace("%m".$iteration."%",$marker,$str);
\r
113 //Ensure we have something to return
\r
116 return ("No language key found");
\r
124 //Checks if a string is within a min and max length
\r
125 function minMaxRange($min, $max, $what)
\r
127 if(strlen(trim($what)) < $min)
\r
129 else if(strlen(trim($what)) > $max)
\r
135 //Replaces hooks with specified text
\r
136 function replaceDefaultHook($str)
\r
138 global $default_hooks,$default_replace;
\r
139 return (str_replace($default_hooks,$default_replace,$str));
\r
142 //Displays error and success messages
\r
143 function resultBlock($errors,$successes){
\r
145 if(count($errors) > 0)
\r
147 echo "<div id='error'>
\r
148 <a href='#' onclick=\"showHide('error');\">[X]</a>
\r
150 foreach($errors as $error)
\r
152 echo "<li>".$error."</li>";
\r
158 if(count($successes) > 0)
\r
160 echo "<div id='success'>
\r
161 <a href='#' onclick=\"showHide('success');\">[X]</a>
\r
163 foreach($successes as $success)
\r
165 echo "<li>".$success."</li>";
\r
172 //Completely sanitizes text
\r
173 function sanitize($str)
\r
175 return strtolower(strip_tags(trim(($str))));
\r
178 //Functions that interact mainly with .users table
\r
179 //------------------------------------------------------------------------------
\r
181 //Delete a defined array of users
\r
182 function deleteUsers($users) {
\r
183 global $mysqli,$db_table_prefix;
\r
185 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
\r
187 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
188 WHERE user_id = ?");
\r
189 foreach($users as $id){
\r
190 $stmt->bind_param("i", $id);
\r
192 $stmt2->bind_param("i", $id);
\r
201 //Check if a display name exists in the DB
\r
202 function displayNameExists($displayname)
\r
204 global $mysqli,$db_table_prefix;
\r
205 $stmt = $mysqli->prepare("SELECT active
\r
206 FROM ".$db_table_prefix."users
\r
210 $stmt->bind_param("s", $displayname);
\r
212 $stmt->store_result();
\r
213 $num_returns = $stmt->num_rows;
\r
216 if ($num_returns > 0)
\r
226 //Check if an email exists in the DB
\r
227 function emailExists($email)
\r
229 global $mysqli,$db_table_prefix;
\r
230 $stmt = $mysqli->prepare("SELECT active
\r
231 FROM ".$db_table_prefix."users
\r
235 $stmt->bind_param("s", $email);
\r
237 $stmt->store_result();
\r
238 $num_returns = $stmt->num_rows;
\r
241 if ($num_returns > 0)
\r
251 //Check if a user name and email belong to the same user
\r
252 function emailUsernameLinked($email,$username)
\r
254 global $mysqli,$db_table_prefix;
\r
255 $stmt = $mysqli->prepare("SELECT active
\r
256 FROM ".$db_table_prefix."users
\r
257 WHERE user_name = ?
\r
262 $stmt->bind_param("ss", $username, $email);
\r
264 $stmt->store_result();
\r
265 $num_returns = $stmt->num_rows;
\r
268 if ($num_returns > 0)
\r
278 //Retrieve information for all users
\r
279 function fetchAllUsers()
\r
281 global $mysqli,$db_table_prefix;
\r
282 $stmt = $mysqli->prepare("SELECT
\r
289 last_activation_request,
\r
290 lost_password_request,
\r
295 FROM ".$db_table_prefix."users");
\r
297 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
299 while ($stmt->fetch()){
\r
300 $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
306 //Retrieve complete user information by username, token or ID
\r
307 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
309 if($username!=NULL) {
\r
310 $column = "user_name";
\r
313 elseif($token!=NULL) {
\r
314 $column = "activation_token";
\r
317 elseif($id!=NULL) {
\r
321 global $mysqli,$db_table_prefix;
\r
322 $stmt = $mysqli->prepare("SELECT
\r
329 last_activation_request,
\r
330 lost_password_request,
\r
335 FROM ".$db_table_prefix."users
\r
339 $stmt->bind_param("s", $data);
\r
342 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
343 while ($stmt->fetch()){
\r
344 $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
350 //Toggle if lost password request flag on or off
\r
351 function flagLostPasswordRequest($username,$value)
\r
353 global $mysqli,$db_table_prefix;
\r
354 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
355 SET lost_password_request = ?
\r
360 $stmt->bind_param("ss", $value, $username);
\r
361 $result = $stmt->execute();
\r
366 //Check if a user is logged in
\r
367 function isUserLoggedIn()
\r
369 global $loggedInUser,$mysqli,$db_table_prefix;
\r
370 $stmt = $mysqli->prepare("SELECT
\r
373 FROM ".$db_table_prefix."users
\r
381 $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
\r
383 $stmt->store_result();
\r
384 $num_returns = $stmt->num_rows;
\r
387 if($loggedInUser == NULL)
\r
393 if ($num_returns > 0)
\r
399 destroySession("userCakeUser");
\r
405 //Change a user from inactive to active
\r
406 function setUserActive($token)
\r
408 global $mysqli,$db_table_prefix;
\r
409 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
412 activation_token = ?
\r
414 $stmt->bind_param("s", $token);
\r
415 $result = $stmt->execute();
\r
420 //Change a user's display name
\r
421 function updateDisplayName($id, $display)
\r
423 global $mysqli,$db_table_prefix;
\r
424 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
425 SET display_name = ?
\r
429 $stmt->bind_param("si", $display, $id);
\r
430 $result = $stmt->execute();
\r
435 //Update a user's email
\r
436 function updateEmail($id, $email)
\r
438 global $mysqli,$db_table_prefix;
\r
439 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
444 $stmt->bind_param("si", $email, $id);
\r
445 $result = $stmt->execute();
\r
450 //Input new activation token, and update the time of the most recent activation request
\r
451 function updateLastActivationRequest($new_activation_token,$username,$email)
\r
453 global $mysqli,$db_table_prefix;
\r
454 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
455 SET activation_token = ?,
\r
456 last_activation_request = ?
\r
460 $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
\r
461 $result = $stmt->execute();
\r
466 //Generate a random password, and new token
\r
467 function updatePasswordFromToken($pass,$token)
\r
469 global $mysqli,$db_table_prefix;
\r
470 $new_activation_token = generateActivationToken();
\r
471 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
473 activation_token = ?
\r
475 activation_token = ?");
\r
476 $stmt->bind_param("sss", $pass, $new_activation_token, $token);
\r
477 $result = $stmt->execute();
\r
482 //Update a user's title
\r
483 function updateTitle($id, $title)
\r
485 global $mysqli,$db_table_prefix;
\r
486 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
491 $stmt->bind_param("si", $title, $id);
\r
492 $result = $stmt->execute();
\r
497 //Check if a user ID exists in the DB
\r
498 function userIdExists($id)
\r
500 global $mysqli,$db_table_prefix;
\r
501 $stmt = $mysqli->prepare("SELECT active
\r
502 FROM ".$db_table_prefix."users
\r
506 $stmt->bind_param("i", $id);
\r
508 $stmt->store_result();
\r
509 $num_returns = $stmt->num_rows;
\r
512 if ($num_returns > 0)
\r
522 //Checks if a username exists in the DB
\r
523 function usernameExists($username)
\r
525 global $mysqli,$db_table_prefix;
\r
526 $stmt = $mysqli->prepare("SELECT active
\r
527 FROM ".$db_table_prefix."users
\r
531 $stmt->bind_param("s", $username);
\r
533 $stmt->store_result();
\r
534 $num_returns = $stmt->num_rows;
\r
537 if ($num_returns > 0)
\r
547 //Check if activation token exists in DB
\r
548 function validateActivationToken($token,$lostpass=NULL)
\r
550 global $mysqli,$db_table_prefix;
\r
551 if($lostpass == NULL)
\r
553 $stmt = $mysqli->prepare("SELECT active
\r
554 FROM ".$db_table_prefix."users
\r
557 activation_token = ?
\r
562 $stmt = $mysqli->prepare("SELECT active
\r
563 FROM ".$db_table_prefix."users
\r
566 activation_token = ?
\r
568 lost_password_request = 1
\r
571 $stmt->bind_param("s", $token);
\r
573 $stmt->store_result();
\r
574 $num_returns = $stmt->num_rows;
\r
577 if ($num_returns > 0)
\r
587 //Functions that interact mainly with .permissions table
\r
588 //------------------------------------------------------------------------------
\r
590 //Create a permission level in DB
\r
591 function createPermission($permission) {
\r
592 global $mysqli,$db_table_prefix;
\r
593 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
\r
599 $stmt->bind_param("s", $permission);
\r
600 $result = $stmt->execute();
\r
605 //Delete a permission level from the DB
\r
606 function deletePermission($permission) {
\r
607 global $mysqli,$db_table_prefix,$errors;
\r
609 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
\r
611 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
612 WHERE permission_id = ?");
\r
613 $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
614 WHERE permission_id = ?");
\r
615 foreach($permission as $id){
\r
617 $errors[] = lang("CANNOT_DELETE_NEWUSERS");
\r
620 $errors[] = lang("CANNOT_DELETE_ADMIN");
\r
623 $stmt->bind_param("i", $id);
\r
625 $stmt2->bind_param("i", $id);
\r
627 $stmt3->bind_param("i", $id);
\r
638 //Retrieve information for all permission levels
\r
639 function fetchAllPermissions()
\r
641 global $mysqli,$db_table_prefix;
\r
642 $stmt = $mysqli->prepare("SELECT
\r
645 FROM ".$db_table_prefix."permissions");
\r
647 $stmt->bind_result($id, $name);
\r
648 while ($stmt->fetch()){
\r
649 $row[] = array('id' => $id, 'name' => $name);
\r
655 //Retrieve information for a single permission level
\r
656 function fetchPermissionDetails($id)
\r
658 global $mysqli,$db_table_prefix;
\r
659 $stmt = $mysqli->prepare("SELECT
\r
662 FROM ".$db_table_prefix."permissions
\r
666 $stmt->bind_param("i", $id);
\r
668 $stmt->bind_result($id, $name);
\r
669 while ($stmt->fetch()){
\r
670 $row = array('id' => $id, 'name' => $name);
\r
676 //Check if a permission level ID exists in the DB
\r
677 function permissionIdExists($id)
\r
679 global $mysqli,$db_table_prefix;
\r
680 $stmt = $mysqli->prepare("SELECT id
\r
681 FROM ".$db_table_prefix."permissions
\r
685 $stmt->bind_param("i", $id);
\r
687 $stmt->store_result();
\r
688 $num_returns = $stmt->num_rows;
\r
691 if ($num_returns > 0)
\r
701 //Check if a permission level name exists in the DB
\r
702 function permissionNameExists($permission)
\r
704 global $mysqli,$db_table_prefix;
\r
705 $stmt = $mysqli->prepare("SELECT id
\r
706 FROM ".$db_table_prefix."permissions
\r
710 $stmt->bind_param("s", $permission);
\r
712 $stmt->store_result();
\r
713 $num_returns = $stmt->num_rows;
\r
716 if ($num_returns > 0)
\r
726 //Change a permission level's name
\r
727 function updatePermissionName($id, $name)
\r
729 global $mysqli,$db_table_prefix;
\r
730 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
\r
735 $stmt->bind_param("si", $name, $id);
\r
736 $result = $stmt->execute();
\r
741 //Functions that interact mainly with .user_permission_matches table
\r
742 //------------------------------------------------------------------------------
\r
744 //Match permission level(s) with user(s)
\r
745 function addPermission($permission, $user) {
\r
746 global $mysqli,$db_table_prefix;
\r
748 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
\r
756 if (is_array($permission)){
\r
757 foreach($permission as $id){
\r
758 $stmt->bind_param("ii", $id, $user);
\r
763 elseif (is_array($user)){
\r
764 foreach($user as $id){
\r
765 $stmt->bind_param("ii", $permission, $id);
\r
771 $stmt->bind_param("ii", $permission, $user);
\r
779 //Retrieve information for all user/permission level matches
\r
780 function fetchAllMatches()
\r
782 global $mysqli,$db_table_prefix;
\r
783 $stmt = $mysqli->prepare("SELECT
\r
787 FROM ".$db_table_prefix."user_permission_matches");
\r
789 $stmt->bind_result($id, $user, $permission);
\r
790 while ($stmt->fetch()){
\r
791 $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
\r
797 //Retrieve list of permission levels a user has
\r
798 function fetchUserPermissions($user_id)
\r
800 global $mysqli,$db_table_prefix;
\r
801 $stmt = $mysqli->prepare("SELECT
\r
804 FROM ".$db_table_prefix."user_permission_matches
\r
807 $stmt->bind_param("i", $user_id);
\r
809 $stmt->bind_result($id, $permission);
\r
810 while ($stmt->fetch()){
\r
811 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
819 //Retrieve list of users who have a permission level
\r
820 function fetchPermissionUsers($permission_id)
\r
822 global $mysqli,$db_table_prefix;
\r
823 $stmt = $mysqli->prepare("SELECT id, user_id
\r
824 FROM ".$db_table_prefix."user_permission_matches
\r
825 WHERE permission_id = ?
\r
827 $stmt->bind_param("i", $permission_id);
\r
829 $stmt->bind_result($id, $user);
\r
830 while ($stmt->fetch()){
\r
831 $row[$user] = array('id' => $id, 'user_id' => $user);
\r
839 //Unmatch permission level(s) from user(s)
\r
840 function removePermission($permission, $user) {
\r
841 global $mysqli,$db_table_prefix;
\r
843 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
844 WHERE permission_id = ?
\r
846 if (is_array($permission)){
\r
847 foreach($permission as $id){
\r
848 $stmt->bind_param("ii", $id, $user);
\r
853 elseif (is_array($user)){
\r
854 foreach($user as $id){
\r
855 $stmt->bind_param("ii", $permission, $id);
\r
861 $stmt->bind_param("ii", $permission, $user);
\r
869 //Functions that interact mainly with .configuration table
\r
870 //------------------------------------------------------------------------------
\r
872 //Update configuration table
\r
873 function updateConfig($id, $value)
\r
875 global $mysqli,$db_table_prefix;
\r
876 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
\r
881 foreach ($id as $cfg){
\r
882 $stmt->bind_param("si", $value[$cfg], $cfg);
\r
888 //Functions that interact mainly with .pages table
\r
889 //------------------------------------------------------------------------------
\r
891 //Add a page to the DB
\r
892 function createPages($pages) {
\r
893 global $mysqli,$db_table_prefix;
\r
894 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
\r
900 foreach($pages as $page){
\r
901 $stmt->bind_param("s", $page);
\r
907 //Delete a page from the DB
\r
908 function deletePages($pages) {
\r
909 global $mysqli,$db_table_prefix;
\r
910 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
\r
912 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
913 WHERE page_id = ?");
\r
914 foreach($pages as $id){
\r
915 $stmt->bind_param("i", $id);
\r
917 $stmt2->bind_param("i", $id);
\r
924 //Fetch information on all pages
\r
925 function fetchAllPages()
\r
927 global $mysqli,$db_table_prefix;
\r
928 $stmt = $mysqli->prepare("SELECT
\r
932 FROM ".$db_table_prefix."pages");
\r
934 $stmt->bind_result($id, $page, $private);
\r
935 while ($stmt->fetch()){
\r
936 $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
\r
944 //Fetch information for a specific page
\r
945 function fetchPageDetails($id)
\r
947 global $mysqli,$db_table_prefix;
\r
948 $stmt = $mysqli->prepare("SELECT
\r
952 FROM ".$db_table_prefix."pages
\r
956 $stmt->bind_param("i", $id);
\r
958 $stmt->bind_result($id, $page, $private);
\r
959 while ($stmt->fetch()){
\r
960 $row = array('id' => $id, 'page' => $page, 'private' => $private);
\r
966 //Check if a page ID exists
\r
967 function pageIdExists($id)
\r
969 global $mysqli,$db_table_prefix;
\r
970 $stmt = $mysqli->prepare("SELECT private
\r
971 FROM ".$db_table_prefix."pages
\r
975 $stmt->bind_param("i", $id);
\r
977 $stmt->store_result();
\r
978 $num_returns = $stmt->num_rows;
\r
981 if ($num_returns > 0)
\r
991 //Toggle private/public setting of a page
\r
992 function updatePrivate($id, $private)
\r
994 global $mysqli,$db_table_prefix;
\r
995 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
\r
1000 $stmt->bind_param("ii", $private, $id);
\r
1001 $result = $stmt->execute();
\r
1006 //Functions that interact mainly with .permission_page_matches table
\r
1007 //------------------------------------------------------------------------------
\r
1009 //Match permission level(s) with page(s)
\r
1010 function addPage($page, $permission) {
\r
1011 global $mysqli,$db_table_prefix;
\r
1013 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
\r
1021 if (is_array($permission)){
\r
1022 foreach($permission as $id){
\r
1023 $stmt->bind_param("ii", $id, $page);
\r
1028 elseif (is_array($page)){
\r
1029 foreach($page as $id){
\r
1030 $stmt->bind_param("ii", $permission, $id);
\r
1036 $stmt->bind_param("ii", $permission, $page);
\r
1044 //Retrieve list of permission levels that can access a page
\r
1045 function fetchPagePermissions($page_id)
\r
1047 global $mysqli,$db_table_prefix;
\r
1048 $stmt = $mysqli->prepare("SELECT
\r
1051 FROM ".$db_table_prefix."permission_page_matches
\r
1054 $stmt->bind_param("i", $page_id);
\r
1056 $stmt->bind_result($id, $permission);
\r
1057 while ($stmt->fetch()){
\r
1058 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
1066 //Retrieve list of pages that a permission level can access
\r
1067 function fetchPermissionPages($permission_id)
\r
1069 global $mysqli,$db_table_prefix;
\r
1070 $stmt = $mysqli->prepare("SELECT
\r
1073 FROM ".$db_table_prefix."permission_page_matches
\r
1074 WHERE permission_id = ?
\r
1076 $stmt->bind_param("i", $permission_id);
\r
1078 $stmt->bind_result($id, $page);
\r
1079 while ($stmt->fetch()){
\r
1080 $row[$page] = array('id' => $id, 'permission_id' => $page);
\r
1088 //Unmatched permission and page
\r
1089 function removePage($page, $permission) {
\r
1090 global $mysqli,$db_table_prefix;
\r
1092 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1094 AND permission_id =?");
\r
1095 if (is_array($page)){
\r
1096 foreach($page as $id){
\r
1097 $stmt->bind_param("ii", $id, $permission);
\r
1102 elseif (is_array($permission)){
\r
1103 foreach($permission as $id){
\r
1104 $stmt->bind_param("ii", $page, $id);
\r
1110 $stmt->bind_param("ii", $permission, $user);
\r
1118 //Check if a user has access to a page
\r
1119 function securePage($uri){
\r
1121 //Separate document name from uri
\r
1122 $tokens = explode('/', $uri);
\r
1123 $page = $tokens[sizeof($tokens)-1];
\r
1124 global $mysqli,$db_table_prefix,$loggedInUser;
\r
1125 //retrieve page details
\r
1126 $stmt = $mysqli->prepare("SELECT
\r
1130 FROM ".$db_table_prefix."pages
\r
1134 $stmt->bind_param("s", $page);
\r
1136 $stmt->bind_result($id, $page, $private);
\r
1137 while ($stmt->fetch()){
\r
1138 $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1141 //If page does not exist in DB, allow access
\r
1142 if (empty($pageDetails)){
\r
1145 //If page is public, allow access
\r
1146 elseif ($pageDetails['private'] == 0) {
\r
1149 //If user is not logged in, deny access
\r
1150 elseif(!isUserLoggedIn())
\r
1152 header("Location: login.php");
\r
1156 //Retrieve list of permission levels with access to page
\r
1157 $stmt = $mysqli->prepare("SELECT
\r
1159 FROM ".$db_table_prefix."permission_page_matches
\r
1162 $stmt->bind_param("i", $pageDetails['id']);
\r
1164 $stmt->bind_result($permission);
\r
1165 while ($stmt->fetch()){
\r
1166 $pagePermissions[] = $permission;
\r
1169 //Check if user's permission levels allow access to page
\r
1170 if ($loggedInUser->checkPermission($pagePermissions)){
\r
1173 //Grant access if master user
\r
1174 elseif ($loggedInUser->user_id == $master_account){
\r
1178 header("Location: account.php");
\r