3 UserCake Version: 2.0.2
\r
7 //Functions that do not interact with DB
\r
8 //------------------------------------------------------------------------------
\r
10 //Retrieve a list of all .php files in models/languages
\r
11 function getLanguageFiles()
\r
13 $directory = "models/languages/";
\r
14 $languages = glob($directory . "*.php");
\r
15 //print each file name
\r
19 //Retrieve a list of all .css files in models/site-templates
\r
20 function getTemplateFiles()
\r
22 $directory = "models/site-templates/";
\r
23 $languages = glob($directory . "*.css");
\r
24 //print each file name
\r
28 //Retrieve a list of all .php files in root files folder
\r
29 function getPageFiles()
\r
32 $pages = glob($directory . "*.php");
\r
33 //print each file name
\r
34 foreach ($pages as $page){
\r
35 $row[$page] = $page;
\r
40 //Destroys a session as part of logout
\r
41 function destroySession($name)
\r
43 if(isset($_SESSION[$name]))
\r
45 $_SESSION[$name] = NULL;
\r
46 unset($_SESSION[$name]);
\r
50 //Generate a unique code
\r
51 function getUniqueCode($length = "")
\r
53 $code = md5(uniqid(rand(), true));
\r
54 if ($length != "") return substr($code, 0, $length);
\r
58 //Generate an activation key
\r
59 function generateActivationToken($gen = null)
\r
63 $gen = md5(uniqid(mt_rand(), false));
\r
65 while(validateActivationToken($gen));
\r
69 //@ Thanks to - http://phpsec.org
\r
70 function generateHash($plainText, $salt = null)
\r
74 //$salt = substr(md5(uniqid(rand(), true)), 0, 25); // Original UserCake
\r
75 $random = file_get_contents("/dev/urandom", false, null, 0, 25); // Get random number
\r
76 $salt = '$6$'.bin2hex($random).'$'; // Make hex salt
\r
79 //return $salt . sha1($salt . $plainText); // Original UserCake
\r
80 return crypt($plainText, $salt);
\r
84 * Generates a random password for emailing to new users.
\r
85 * User should be asked to change the password.
\r
87 function generatePassword()
\r
89 $random = file_get_contents("/dev/urandom", false, null, 0, 25);
\r
90 return bin2hex($random);
\r
93 //Checks if an email is valid
\r
94 function isValidEmail($email)
\r
96 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
\r
104 //Inputs language strings from selected language.
\r
105 function lang($key,$markers = NULL)
\r
108 if($markers == NULL)
\r
110 $str = $lang[$key];
\r
114 //Replace any dyamic markers
\r
115 $str = $lang[$key];
\r
117 foreach($markers as $marker)
\r
119 $str = str_replace("%m".$iteration."%",$marker,$str);
\r
123 //Ensure we have something to return
\r
126 return ("No language key found");
\r
134 //Checks if a string is within a min and max length
\r
135 function minMaxRange($min, $max, $what)
\r
137 if(strlen(trim($what)) < $min)
\r
139 else if(strlen(trim($what)) > $max)
\r
145 //Replaces hooks with specified text
\r
146 function replaceDefaultHook($str)
\r
148 global $default_hooks,$default_replace;
\r
149 return (str_replace($default_hooks,$default_replace,$str));
\r
152 //Displays error and success messages
\r
153 function resultBlock($errors,$successes){
\r
155 if(count($errors) > 0)
\r
157 echo "<div id='result' class='fail'>";
\r
159 foreach($errors as $error)
\r
161 echo "<p>".$error."</p>";
\r
166 if(count($successes) > 0)
\r
168 echo "<div id='success'>";
\r
169 foreach($successes as $success)
\r
171 echo "<p>".$success."</li>";
\r
177 function notificationBlock($errors, $successes) {
\r
178 if (count($errors) > 0 || count($successes) > 0)
\r
181 <div class="widget dismiss-container">
\r
182 <div class="dismiss right">
\r
183 <a href="#">Dismiss</a>
\r
186 <div class="title large">Notifications</div>
\r
189 foreach ($errors as $error)
\r
191 echo '<p class="fail">'.$error.'</p>';
\r
194 foreach ($successes as $success)
\r
196 echo '<p>'.$success.'</p>';
\r
201 <script type="text/javascript">
\r
202 $(".dismiss").click(function() {
\r
203 $(".dismiss-container").css("display", "none");
\r
210 //Completely sanitizes text
\r
211 function sanitize($str)
\r
213 return strtolower(strip_tags(trim(($str))));
\r
216 //Functions that interact mainly with .users table
\r
217 //------------------------------------------------------------------------------
\r
219 //Delete a defined array of users
\r
220 function deleteUsers($users) {
\r
221 global $mysqli,$db_table_prefix;
\r
223 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
\r
225 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
226 WHERE user_id = ?");
\r
227 foreach($users as $id){
\r
228 $stmt->bind_param("i", $id);
\r
230 $stmt2->bind_param("i", $id);
\r
239 //Check if a display name exists in the DB
\r
240 function displayNameExists($displayname)
\r
242 global $mysqli,$db_table_prefix;
\r
243 $stmt = $mysqli->prepare("SELECT active
\r
244 FROM ".$db_table_prefix."users
\r
248 $stmt->bind_param("s", $displayname);
\r
250 $stmt->store_result();
\r
251 $num_returns = $stmt->num_rows;
\r
254 if ($num_returns > 0)
\r
264 //Check if an email exists in the DB
\r
265 function emailExists($email)
\r
267 global $mysqli,$db_table_prefix;
\r
268 $stmt = $mysqli->prepare("SELECT active
\r
269 FROM ".$db_table_prefix."users
\r
273 $stmt->bind_param("s", $email);
\r
275 $stmt->store_result();
\r
276 $num_returns = $stmt->num_rows;
\r
279 if ($num_returns > 0)
\r
289 //Check if a user name and email belong to the same user
\r
290 function emailUsernameLinked($email,$username)
\r
292 global $mysqli,$db_table_prefix;
\r
293 $stmt = $mysqli->prepare("SELECT active
\r
294 FROM ".$db_table_prefix."users
\r
295 WHERE user_name = ?
\r
300 $stmt->bind_param("ss", $username, $email);
\r
302 $stmt->store_result();
\r
303 $num_returns = $stmt->num_rows;
\r
306 if ($num_returns > 0)
\r
316 function permissionNameToId($permission)
\r
318 global $mysqli,$db_table_prefix;
\r
319 $stmt = $mysqli->prepare("SELECT id
\r
320 FROM ".$db_table_prefix."permissions
\r
324 $stmt->bind_param("s", $permission);
\r
326 $stmt->bind_result($id);
\r
328 while ($stmt->fetch()){
\r
336 function fetchAllUsersWithPerm($perm_name)
\r
338 global $mysqli,$db_table_prefix;
\r
340 $perm_id = permissionNameToId($perm_name);
\r
341 $stmt = $mysqli->prepare("SELECT
\r
343 FROM ".$db_table_prefix."users p1
\r
344 WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
345 WHERE user_id=p1.id AND permission_id=?)"
\r
347 $stmt->bind_param("i", $perm_id);
\r
349 $stmt->bind_result($id);
\r
351 while ($stmt->fetch()){
\r
358 function fetchAllUsersWithoutPerm($perm_name)
\r
360 global $mysqli,$db_table_prefix;
\r
362 $perm_id = permissionNameToId($perm_name);
\r
363 $stmt = $mysqli->prepare("SELECT
\r
365 FROM ".$db_table_prefix."users p1
\r
366 WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
367 WHERE user_id=p1.id AND permission_id=?)"
\r
369 $stmt->bind_param("i", $perm_id);
\r
371 $stmt->bind_result($id);
\r
373 while ($stmt->fetch()){
\r
380 //Retrieve information for all users
\r
381 function fetchAllUsers()
\r
383 global $mysqli,$db_table_prefix;
\r
384 $stmt = $mysqli->prepare("SELECT
\r
391 last_activation_request,
\r
392 lost_password_request,
\r
397 FROM ".$db_table_prefix."users");
\r
399 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
401 while ($stmt->fetch()){
\r
402 $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
408 //Yeah usercake... Fetches the user id from username
\r
409 function fetchUserId($username)
\r
411 global $mysqli,$db_table_prefix;
\r
412 $stmt = $mysqli->prepare("SELECT
\r
414 FROM ".$db_table_prefix."users
\r
418 $stmt->bind_param("s", $username);
\r
421 $stmt->bind_result($id);
\r
422 while ($stmt->fetch()){
\r
429 //Retrieve complete user information by username, token or ID
\r
430 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
432 if($username!=NULL) {
\r
433 $column = "user_name";
\r
436 elseif($token!=NULL) {
\r
437 $column = "activation_token";
\r
440 elseif($id!=NULL) {
\r
444 global $mysqli,$db_table_prefix;
\r
445 $stmt = $mysqli->prepare("SELECT
\r
452 last_activation_request,
\r
453 lost_password_request,
\r
458 FROM ".$db_table_prefix."users
\r
462 $stmt->bind_param("s", $data);
\r
465 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
466 while ($stmt->fetch()){
\r
467 $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
473 //Toggle if lost password request flag on or off
\r
474 function flagLostPasswordRequest($username,$value)
\r
476 global $mysqli,$db_table_prefix;
\r
477 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
478 SET lost_password_request = ?
\r
483 $stmt->bind_param("ss", $value, $username);
\r
484 $result = $stmt->execute();
\r
489 //Check if a user is logged in
\r
490 function isUserLoggedIn()
\r
492 global $loggedInUser,$mysqli,$db_table_prefix;
\r
493 $stmt = $mysqli->prepare("SELECT
\r
496 FROM ".$db_table_prefix."users
\r
504 $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
\r
506 $stmt->store_result();
\r
507 $num_returns = $stmt->num_rows;
\r
510 if($loggedInUser == NULL)
\r
516 if ($num_returns > 0)
\r
522 destroySession("userCakeUser");
\r
528 //Change a user from inactive to active
\r
529 function setUserActive($token)
\r
531 global $mysqli,$db_table_prefix;
\r
532 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
535 activation_token = ?
\r
537 $stmt->bind_param("s", $token);
\r
538 $result = $stmt->execute();
\r
543 //Change a user's display name
\r
544 function updateDisplayName($id, $display)
\r
546 global $mysqli,$db_table_prefix;
\r
547 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
548 SET display_name = ?
\r
552 $stmt->bind_param("si", $display, $id);
\r
553 $result = $stmt->execute();
\r
558 //Update a user's email
\r
559 function updateEmail($id, $email)
\r
561 global $mysqli,$db_table_prefix;
\r
562 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
567 $stmt->bind_param("si", $email, $id);
\r
568 $result = $stmt->execute();
\r
573 //Input new activation token, and update the time of the most recent activation request
\r
574 function updateLastActivationRequest($new_activation_token,$username,$email)
\r
576 global $mysqli,$db_table_prefix;
\r
577 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
578 SET activation_token = ?,
\r
579 last_activation_request = ?
\r
583 $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
\r
584 $result = $stmt->execute();
\r
589 //Generate a random password, and new token
\r
590 function updatePasswordFromToken($pass,$token)
\r
592 global $mysqli,$db_table_prefix;
\r
593 $new_activation_token = generateActivationToken();
\r
594 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
596 activation_token = ?
\r
598 activation_token = ?");
\r
599 $stmt->bind_param("sss", $pass, $new_activation_token, $token);
\r
600 $result = $stmt->execute();
\r
605 //Update a user's title
\r
606 function updateTitle($id, $title)
\r
608 global $mysqli,$db_table_prefix;
\r
609 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
614 $stmt->bind_param("si", $title, $id);
\r
615 $result = $stmt->execute();
\r
620 //Check if a user ID exists in the DB
\r
621 function userIdExists($id)
\r
623 global $mysqli,$db_table_prefix;
\r
624 $stmt = $mysqli->prepare("SELECT active
\r
625 FROM ".$db_table_prefix."users
\r
629 $stmt->bind_param("i", $id);
\r
631 $stmt->store_result();
\r
632 $num_returns = $stmt->num_rows;
\r
635 if ($num_returns > 0)
\r
645 //Checks if a username exists in the DB
\r
646 function usernameExists($username)
\r
648 global $mysqli,$db_table_prefix;
\r
649 $stmt = $mysqli->prepare("SELECT active
\r
650 FROM ".$db_table_prefix."users
\r
654 $stmt->bind_param("s", $username);
\r
656 $stmt->store_result();
\r
657 $num_returns = $stmt->num_rows;
\r
660 if ($num_returns > 0)
\r
670 //Check if activation token exists in DB
\r
671 function validateActivationToken($token,$lostpass=NULL)
\r
673 global $mysqli,$db_table_prefix;
\r
674 if($lostpass == NULL)
\r
676 $stmt = $mysqli->prepare("SELECT active
\r
677 FROM ".$db_table_prefix."users
\r
680 activation_token = ?
\r
685 $stmt = $mysqli->prepare("SELECT active
\r
686 FROM ".$db_table_prefix."users
\r
689 activation_token = ?
\r
691 lost_password_request = 1
\r
694 $stmt->bind_param("s", $token);
\r
696 $stmt->store_result();
\r
697 $num_returns = $stmt->num_rows;
\r
700 if ($num_returns > 0)
\r
710 //Functions that interact mainly with .permissions table
\r
711 //------------------------------------------------------------------------------
\r
713 //Create a permission level in DB
\r
714 function createPermission($permission) {
\r
715 global $mysqli,$db_table_prefix;
\r
716 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
\r
722 $stmt->bind_param("s", $permission);
\r
723 $result = $stmt->execute();
\r
728 //Delete a permission level from the DB
\r
729 function deletePermission($permission) {
\r
730 global $mysqli,$db_table_prefix,$errors;
\r
732 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
\r
734 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
735 WHERE permission_id = ?");
\r
736 $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
737 WHERE permission_id = ?");
\r
738 foreach($permission as $id){
\r
740 $errors[] = lang("CANNOT_DELETE_NEWUSERS");
\r
743 $errors[] = lang("CANNOT_DELETE_ADMIN");
\r
746 $stmt->bind_param("i", $id);
\r
748 $stmt2->bind_param("i", $id);
\r
750 $stmt3->bind_param("i", $id);
\r
761 //Retrieve information for all permission levels
\r
762 function fetchAllPermissions()
\r
764 global $mysqli,$db_table_prefix;
\r
765 $stmt = $mysqli->prepare("SELECT
\r
768 FROM ".$db_table_prefix."permissions");
\r
770 $stmt->bind_result($id, $name);
\r
771 while ($stmt->fetch()){
\r
772 $row[] = array('id' => $id, 'name' => $name);
\r
778 //Retrieve information for a single permission level
\r
779 function fetchPermissionDetails($id)
\r
781 global $mysqli,$db_table_prefix;
\r
782 $stmt = $mysqli->prepare("SELECT
\r
785 FROM ".$db_table_prefix."permissions
\r
789 $stmt->bind_param("i", $id);
\r
791 $stmt->bind_result($id, $name);
\r
792 while ($stmt->fetch()){
\r
793 $row = array('id' => $id, 'name' => $name);
\r
799 //Check if a permission level ID exists in the DB
\r
800 function permissionIdExists($id)
\r
802 global $mysqli,$db_table_prefix;
\r
803 $stmt = $mysqli->prepare("SELECT id
\r
804 FROM ".$db_table_prefix."permissions
\r
808 $stmt->bind_param("i", $id);
\r
810 $stmt->store_result();
\r
811 $num_returns = $stmt->num_rows;
\r
814 if ($num_returns > 0)
\r
824 //Check if a permission level name exists in the DB
\r
825 function permissionNameExists($permission)
\r
827 global $mysqli,$db_table_prefix;
\r
828 $stmt = $mysqli->prepare("SELECT id
\r
829 FROM ".$db_table_prefix."permissions
\r
833 $stmt->bind_param("s", $permission);
\r
835 $stmt->store_result();
\r
836 $num_returns = $stmt->num_rows;
\r
839 if ($num_returns > 0)
\r
849 //Change a permission level's name
\r
850 function updatePermissionName($id, $name)
\r
852 global $mysqli,$db_table_prefix;
\r
853 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
\r
858 $stmt->bind_param("si", $name, $id);
\r
859 $result = $stmt->execute();
\r
864 //Functions that interact mainly with .user_permission_matches table
\r
865 //------------------------------------------------------------------------------
\r
867 //Match permission level(s) with user(s)
\r
868 function addPermission($permission, $user) {
\r
869 global $mysqli,$db_table_prefix;
\r
871 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
\r
879 if (is_array($permission)){
\r
880 foreach($permission as $id){
\r
881 $stmt->bind_param("ii", $id, $user);
\r
886 elseif (is_array($user)){
\r
887 foreach($user as $id){
\r
888 $stmt->bind_param("ii", $permission, $id);
\r
894 $stmt->bind_param("ii", $permission, $user);
\r
902 //Retrieve information for all user/permission level matches
\r
903 function fetchAllMatches()
\r
905 global $mysqli,$db_table_prefix;
\r
906 $stmt = $mysqli->prepare("SELECT
\r
910 FROM ".$db_table_prefix."user_permission_matches");
\r
912 $stmt->bind_result($id, $user, $permission);
\r
913 while ($stmt->fetch()){
\r
914 $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
\r
920 //Retrieve list of permission levels a user has
\r
921 function fetchUserPermissions($user_id)
\r
923 global $mysqli,$db_table_prefix;
\r
924 $stmt = $mysqli->prepare("SELECT
\r
927 FROM ".$db_table_prefix."user_permission_matches
\r
930 $stmt->bind_param("i", $user_id);
\r
932 $stmt->bind_result($id, $permission);
\r
933 while ($stmt->fetch()){
\r
934 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
942 //Retrieve list of users who have a permission level
\r
943 function fetchPermissionUsers($permission_id)
\r
945 global $mysqli,$db_table_prefix;
\r
946 $stmt = $mysqli->prepare("SELECT id, user_id
\r
947 FROM ".$db_table_prefix."user_permission_matches
\r
948 WHERE permission_id = ?
\r
950 $stmt->bind_param("i", $permission_id);
\r
952 $stmt->bind_result($id, $user);
\r
953 while ($stmt->fetch()){
\r
954 $row[$user] = array('id' => $id, 'user_id' => $user);
\r
962 //Unmatch permission level(s) from user(s)
\r
963 function removePermission($permission, $user) {
\r
964 global $mysqli,$db_table_prefix;
\r
966 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
967 WHERE permission_id = ?
\r
969 if (is_array($permission)){
\r
970 foreach($permission as $id){
\r
971 $stmt->bind_param("ii", $id, $user);
\r
976 elseif (is_array($user)){
\r
977 foreach($user as $id){
\r
978 $stmt->bind_param("ii", $permission, $id);
\r
984 $stmt->bind_param("ii", $permission, $user);
\r
992 //Functions that interact mainly with .configuration table
\r
993 //------------------------------------------------------------------------------
\r
995 //Update configuration table
\r
996 function updateConfig($id, $value)
\r
998 global $mysqli,$db_table_prefix;
\r
999 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
\r
1004 foreach ($id as $cfg){
\r
1005 $stmt->bind_param("si", $value[$cfg], $cfg);
\r
1011 //Functions that interact mainly with .pages table
\r
1012 //------------------------------------------------------------------------------
\r
1014 //Add a page to the DB
\r
1015 function createPages($pages) {
\r
1016 global $mysqli,$db_table_prefix;
\r
1017 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
\r
1023 foreach($pages as $page){
\r
1024 $stmt->bind_param("s", $page);
\r
1030 //Delete a page from the DB
\r
1031 function deletePages($pages) {
\r
1032 global $mysqli,$db_table_prefix;
\r
1033 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
\r
1035 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1036 WHERE page_id = ?");
\r
1037 foreach($pages as $id){
\r
1038 $stmt->bind_param("i", $id);
\r
1040 $stmt2->bind_param("i", $id);
\r
1041 $stmt2->execute();
\r
1047 //Fetch information on all pages
\r
1048 function fetchAllPages()
\r
1050 global $mysqli,$db_table_prefix;
\r
1051 $stmt = $mysqli->prepare("SELECT
\r
1055 FROM ".$db_table_prefix."pages");
\r
1057 $stmt->bind_result($id, $page, $private);
\r
1058 while ($stmt->fetch()){
\r
1059 $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1067 //Fetch information for a specific page
\r
1068 function fetchPageDetails($id)
\r
1070 global $mysqli,$db_table_prefix;
\r
1071 $stmt = $mysqli->prepare("SELECT
\r
1075 FROM ".$db_table_prefix."pages
\r
1079 $stmt->bind_param("i", $id);
\r
1081 $stmt->bind_result($id, $page, $private);
\r
1082 while ($stmt->fetch()){
\r
1083 $row = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1089 //Check if a page ID exists
\r
1090 function pageIdExists($id)
\r
1092 global $mysqli,$db_table_prefix;
\r
1093 $stmt = $mysqli->prepare("SELECT private
\r
1094 FROM ".$db_table_prefix."pages
\r
1098 $stmt->bind_param("i", $id);
\r
1100 $stmt->store_result();
\r
1101 $num_returns = $stmt->num_rows;
\r
1104 if ($num_returns > 0)
\r
1114 //Toggle private/public setting of a page
\r
1115 function updatePrivate($id, $private)
\r
1117 global $mysqli,$db_table_prefix;
\r
1118 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
\r
1123 $stmt->bind_param("ii", $private, $id);
\r
1124 $result = $stmt->execute();
\r
1129 //Functions that interact mainly with .permission_page_matches table
\r
1130 //------------------------------------------------------------------------------
\r
1132 //Match permission level(s) with page(s)
\r
1133 function addPage($page, $permission) {
\r
1134 global $mysqli,$db_table_prefix;
\r
1136 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
\r
1144 if (is_array($permission)){
\r
1145 foreach($permission as $id){
\r
1146 $stmt->bind_param("ii", $id, $page);
\r
1151 elseif (is_array($page)){
\r
1152 foreach($page as $id){
\r
1153 $stmt->bind_param("ii", $permission, $id);
\r
1159 $stmt->bind_param("ii", $permission, $page);
\r
1167 //Retrieve list of permission levels that can access a page
\r
1168 function fetchPagePermissions($page_id)
\r
1170 global $mysqli,$db_table_prefix;
\r
1171 $stmt = $mysqli->prepare("SELECT
\r
1174 FROM ".$db_table_prefix."permission_page_matches
\r
1177 $stmt->bind_param("i", $page_id);
\r
1179 $stmt->bind_result($id, $permission);
\r
1180 while ($stmt->fetch()){
\r
1181 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
1189 //Retrieve list of pages that a permission level can access
\r
1190 function fetchPermissionPages($permission_id)
\r
1192 global $mysqli,$db_table_prefix;
\r
1193 $stmt = $mysqli->prepare("SELECT
\r
1196 FROM ".$db_table_prefix."permission_page_matches
\r
1197 WHERE permission_id = ?
\r
1199 $stmt->bind_param("i", $permission_id);
\r
1201 $stmt->bind_result($id, $page);
\r
1202 while ($stmt->fetch()){
\r
1203 $row[$page] = array('id' => $id, 'permission_id' => $page);
\r
1211 //Unmatched permission and page
\r
1212 function removePage($page, $permission) {
\r
1213 global $mysqli,$db_table_prefix;
\r
1215 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1217 AND permission_id =?");
\r
1218 if (is_array($page)){
\r
1219 foreach($page as $id){
\r
1220 $stmt->bind_param("ii", $id, $permission);
\r
1225 elseif (is_array($permission)){
\r
1226 foreach($permission as $id){
\r
1227 $stmt->bind_param("ii", $page, $id);
\r
1233 $stmt->bind_param("ii", $permission, $user);
\r
1241 //Check if a user has access to a page
\r
1242 function securePage($uri){
\r
1244 //Separate document name from uri
\r
1245 $tokens = explode('/', $uri);
\r
1246 $page = $tokens[sizeof($tokens)-1];
\r
1247 global $mysqli,$db_table_prefix,$loggedInUser;
\r
1248 //retrieve page details
\r
1249 $stmt = $mysqli->prepare("SELECT
\r
1253 FROM ".$db_table_prefix."pages
\r
1257 $stmt->bind_param("s", $page);
\r
1259 $stmt->bind_result($id, $page, $private);
\r
1260 while ($stmt->fetch()){
\r
1261 $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1264 //If page does not exist in DB, allow access
\r
1265 if (empty($pageDetails)){
\r
1268 //If page is public, allow access
\r
1269 elseif ($pageDetails['private'] == 0) {
\r
1272 //If user is not logged in, deny access
\r
1273 elseif(!isUserLoggedIn())
\r
1275 header("Location: login.php");
\r
1279 //Retrieve list of permission levels with access to page
\r
1280 $stmt = $mysqli->prepare("SELECT
\r
1282 FROM ".$db_table_prefix."permission_page_matches
\r
1285 $stmt->bind_param("i", $pageDetails['id']);
\r
1287 $stmt->bind_result($permission);
\r
1288 while ($stmt->fetch()){
\r
1289 $pagePermissions[] = $permission;
\r
1292 //Check if user's permission levels allow access to page
\r
1293 if ($loggedInUser->checkPermission($pagePermissions)){
\r
1296 //Grant access if master user
\r
1297 elseif ($loggedInUser->user_id == $master_account){
\r
1301 header("Location: index.php");
\r