X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;ds=sidebyside;f=testing%2FMCTXWeb%2Fpublic_html%2Fusers%2Fmodels%2Ffuncs.php;fp=testing%2FMCTXWeb%2Fpublic_html%2Fusers%2Fmodels%2Ffuncs.php;h=021f3a0539a1beb8f353173f4db9ffa33a97320b;hb=bd5fabfeabdd16cf38642c8cfb2232aab495de31;hp=0000000000000000000000000000000000000000;hpb=e45973cf0c94d57c506b4a3c4a60f3b28278be37;p=matches%2FMCTX3420.git
diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php
new file mode 100644
index 0000000..021f3a0
--- /dev/null
+++ b/testing/MCTXWeb/public_html/users/models/funcs.php
@@ -0,0 +1,1185 @@
+ $max)
+ return true;
+ else
+ return false;
+}
+
+//Replaces hooks with specified text
+function replaceDefaultHook($str)
+{
+ global $default_hooks,$default_replace;
+ return (str_replace($default_hooks,$default_replace,$str));
+}
+
+//Displays error and success messages
+function resultBlock($errors,$successes){
+ //Error block
+ if(count($errors) > 0)
+ {
+ echo "
+
[X]
+
";
+ foreach($errors as $error)
+ {
+ echo "- ".$error."
";
+ }
+ echo "
";
+ echo "
";
+ }
+ //Success block
+ if(count($successes) > 0)
+ {
+ echo "
+
[X]
+
";
+ foreach($successes as $success)
+ {
+ echo "- ".$success."
";
+ }
+ echo "
";
+ echo "
";
+ }
+}
+
+//Completely sanitizes text
+function sanitize($str)
+{
+ return strtolower(strip_tags(trim(($str))));
+}
+
+//Functions that interact mainly with .users table
+//------------------------------------------------------------------------------
+
+//Delete a defined array of users
+function deleteUsers($users) {
+ global $mysqli,$db_table_prefix;
+ $i = 0;
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
+ WHERE id = ?");
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
+ WHERE user_id = ?");
+ foreach($users as $id){
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt2->bind_param("i", $id);
+ $stmt2->execute();
+ $i++;
+ }
+ $stmt->close();
+ $stmt2->close();
+ return $i;
+}
+
+//Check if a display name exists in the DB
+function displayNameExists($displayname)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE
+ display_name = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $displayname);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Check if an email exists in the DB
+function emailExists($email)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE
+ email = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $email);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Check if a user name and email belong to the same user
+function emailUsernameLinked($email,$username)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE user_name = ?
+ AND
+ email = ?
+ LIMIT 1
+ ");
+ $stmt->bind_param("ss", $username, $email);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Retrieve information for all users
+function fetchAllUsers()
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ user_name,
+ display_name,
+ password,
+ email,
+ activation_token,
+ last_activation_request,
+ lost_password_request,
+ active,
+ title,
+ sign_up_stamp,
+ last_sign_in_stamp
+ FROM ".$db_table_prefix."users");
+ $stmt->execute();
+ $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
+
+ while ($stmt->fetch()){
+ $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Retrieve complete user information by username, token or ID
+function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
+{
+ if($username!=NULL) {
+ $column = "user_name";
+ $data = $username;
+ }
+ elseif($token!=NULL) {
+ $column = "activation_token";
+ $data = $token;
+ }
+ elseif($id!=NULL) {
+ $column = "id";
+ $data = $id;
+ }
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ user_name,
+ display_name,
+ password,
+ email,
+ activation_token,
+ last_activation_request,
+ lost_password_request,
+ active,
+ title,
+ sign_up_stamp,
+ last_sign_in_stamp
+ FROM ".$db_table_prefix."users
+ WHERE
+ $column = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $data);
+
+ $stmt->execute();
+ $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
+ while ($stmt->fetch()){
+ $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Toggle if lost password request flag on or off
+function flagLostPasswordRequest($username,$value)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET lost_password_request = ?
+ WHERE
+ user_name = ?
+ LIMIT 1
+ ");
+ $stmt->bind_param("ss", $value, $username);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Check if a user is logged in
+function isUserLoggedIn()
+{
+ global $loggedInUser,$mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ password
+ FROM ".$db_table_prefix."users
+ WHERE
+ id = ?
+ AND
+ password = ?
+ AND
+ active = 1
+ LIMIT 1");
+ $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if($loggedInUser == NULL)
+ {
+ return false;
+ }
+ else
+ {
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ destroySession("userCakeUser");
+ return false;
+ }
+ }
+}
+
+//Change a user from inactive to active
+function setUserActive($token)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET active = 1
+ WHERE
+ activation_token = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $token);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Change a user's display name
+function updateDisplayName($id, $display)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET display_name = ?
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("si", $display, $id);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Update a user's email
+function updateEmail($id, $email)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET
+ email = ?
+ WHERE
+ id = ?");
+ $stmt->bind_param("si", $email, $id);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Input new activation token, and update the time of the most recent activation request
+function updateLastActivationRequest($new_activation_token,$username,$email)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET activation_token = ?,
+ last_activation_request = ?
+ WHERE email = ?
+ AND
+ user_name = ?");
+ $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Generate a random password, and new token
+function updatePasswordFromToken($pass,$token)
+{
+ global $mysqli,$db_table_prefix;
+ $new_activation_token = generateActivationToken();
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET password = ?,
+ activation_token = ?
+ WHERE
+ activation_token = ?");
+ $stmt->bind_param("sss", $pass, $new_activation_token, $token);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Update a user's title
+function updateTitle($id, $title)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
+ SET
+ title = ?
+ WHERE
+ id = ?");
+ $stmt->bind_param("si", $title, $id);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Check if a user ID exists in the DB
+function userIdExists($id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Checks if a username exists in the DB
+function usernameExists($username)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE
+ user_name = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $username);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Check if activation token exists in DB
+function validateActivationToken($token,$lostpass=NULL)
+{
+ global $mysqli,$db_table_prefix;
+ if($lostpass == NULL)
+ {
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE active = 0
+ AND
+ activation_token = ?
+ LIMIT 1");
+ }
+ else
+ {
+ $stmt = $mysqli->prepare("SELECT active
+ FROM ".$db_table_prefix."users
+ WHERE active = 1
+ AND
+ activation_token = ?
+ AND
+ lost_password_request = 1
+ LIMIT 1");
+ }
+ $stmt->bind_param("s", $token);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Functions that interact mainly with .permissions table
+//------------------------------------------------------------------------------
+
+//Create a permission level in DB
+function createPermission($permission) {
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
+ name
+ )
+ VALUES (
+ ?
+ )");
+ $stmt->bind_param("s", $permission);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Delete a permission level from the DB
+function deletePermission($permission) {
+ global $mysqli,$db_table_prefix,$errors;
+ $i = 0;
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
+ WHERE id = ?");
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
+ WHERE permission_id = ?");
+ $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
+ WHERE permission_id = ?");
+ foreach($permission as $id){
+ if ($id == 1){
+ $errors[] = lang("CANNOT_DELETE_NEWUSERS");
+ }
+ elseif ($id == 2){
+ $errors[] = lang("CANNOT_DELETE_ADMIN");
+ }
+ else{
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt2->bind_param("i", $id);
+ $stmt2->execute();
+ $stmt3->bind_param("i", $id);
+ $stmt3->execute();
+ $i++;
+ }
+ }
+ $stmt->close();
+ $stmt2->close();
+ $stmt3->close();
+ return $i;
+}
+
+//Retrieve information for all permission levels
+function fetchAllPermissions()
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ name
+ FROM ".$db_table_prefix."permissions");
+ $stmt->execute();
+ $stmt->bind_result($id, $name);
+ while ($stmt->fetch()){
+ $row[] = array('id' => $id, 'name' => $name);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Retrieve information for a single permission level
+function fetchPermissionDetails($id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ name
+ FROM ".$db_table_prefix."permissions
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt->bind_result($id, $name);
+ while ($stmt->fetch()){
+ $row = array('id' => $id, 'name' => $name);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Check if a permission level ID exists in the DB
+function permissionIdExists($id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT id
+ FROM ".$db_table_prefix."permissions
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Check if a permission level name exists in the DB
+function permissionNameExists($permission)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT id
+ FROM ".$db_table_prefix."permissions
+ WHERE
+ name = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $permission);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Change a permission level's name
+function updatePermissionName($id, $name)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
+ SET name = ?
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("si", $name, $id);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Functions that interact mainly with .user_permission_matches table
+//------------------------------------------------------------------------------
+
+//Match permission level(s) with user(s)
+function addPermission($permission, $user) {
+ global $mysqli,$db_table_prefix;
+ $i = 0;
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
+ permission_id,
+ user_id
+ )
+ VALUES (
+ ?,
+ ?
+ )");
+ if (is_array($permission)){
+ foreach($permission as $id){
+ $stmt->bind_param("ii", $id, $user);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ elseif (is_array($user)){
+ foreach($user as $id){
+ $stmt->bind_param("ii", $permission, $id);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ else {
+ $stmt->bind_param("ii", $permission, $user);
+ $stmt->execute();
+ $i++;
+ }
+ $stmt->close();
+ return $i;
+}
+
+//Retrieve information for all user/permission level matches
+function fetchAllMatches()
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ user_id,
+ permission_id
+ FROM ".$db_table_prefix."user_permission_matches");
+ $stmt->execute();
+ $stmt->bind_result($id, $user, $permission);
+ while ($stmt->fetch()){
+ $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Retrieve list of permission levels a user has
+function fetchUserPermissions($user_id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ permission_id
+ FROM ".$db_table_prefix."user_permission_matches
+ WHERE user_id = ?
+ ");
+ $stmt->bind_param("i", $user_id);
+ $stmt->execute();
+ $stmt->bind_result($id, $permission);
+ while ($stmt->fetch()){
+ $row[$permission] = array('id' => $id, 'permission_id' => $permission);
+ }
+ $stmt->close();
+ if (isset($row)){
+ return ($row);
+ }
+}
+
+//Retrieve list of users who have a permission level
+function fetchPermissionUsers($permission_id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT id, user_id
+ FROM ".$db_table_prefix."user_permission_matches
+ WHERE permission_id = ?
+ ");
+ $stmt->bind_param("i", $permission_id);
+ $stmt->execute();
+ $stmt->bind_result($id, $user);
+ while ($stmt->fetch()){
+ $row[$user] = array('id' => $id, 'user_id' => $user);
+ }
+ $stmt->close();
+ if (isset($row)){
+ return ($row);
+ }
+}
+
+//Unmatch permission level(s) from user(s)
+function removePermission($permission, $user) {
+ global $mysqli,$db_table_prefix;
+ $i = 0;
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
+ WHERE permission_id = ?
+ AND user_id =?");
+ if (is_array($permission)){
+ foreach($permission as $id){
+ $stmt->bind_param("ii", $id, $user);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ elseif (is_array($user)){
+ foreach($user as $id){
+ $stmt->bind_param("ii", $permission, $id);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ else {
+ $stmt->bind_param("ii", $permission, $user);
+ $stmt->execute();
+ $i++;
+ }
+ $stmt->close();
+ return $i;
+}
+
+//Functions that interact mainly with .configuration table
+//------------------------------------------------------------------------------
+
+//Update configuration table
+function updateConfig($id, $value)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
+ SET
+ value = ?
+ WHERE
+ id = ?");
+ foreach ($id as $cfg){
+ $stmt->bind_param("si", $value[$cfg], $cfg);
+ $stmt->execute();
+ }
+ $stmt->close();
+}
+
+//Functions that interact mainly with .pages table
+//------------------------------------------------------------------------------
+
+//Add a page to the DB
+function createPages($pages) {
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
+ page
+ )
+ VALUES (
+ ?
+ )");
+ foreach($pages as $page){
+ $stmt->bind_param("s", $page);
+ $stmt->execute();
+ }
+ $stmt->close();
+}
+
+//Delete a page from the DB
+function deletePages($pages) {
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
+ WHERE id = ?");
+ $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
+ WHERE page_id = ?");
+ foreach($pages as $id){
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt2->bind_param("i", $id);
+ $stmt2->execute();
+ }
+ $stmt->close();
+ $stmt2->close();
+}
+
+//Fetch information on all pages
+function fetchAllPages()
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ page,
+ private
+ FROM ".$db_table_prefix."pages");
+ $stmt->execute();
+ $stmt->bind_result($id, $page, $private);
+ while ($stmt->fetch()){
+ $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
+ }
+ $stmt->close();
+ if (isset($row)){
+ return ($row);
+ }
+}
+
+//Fetch information for a specific page
+function fetchPageDetails($id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ page,
+ private
+ FROM ".$db_table_prefix."pages
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt->bind_result($id, $page, $private);
+ while ($stmt->fetch()){
+ $row = array('id' => $id, 'page' => $page, 'private' => $private);
+ }
+ $stmt->close();
+ return ($row);
+}
+
+//Check if a page ID exists
+function pageIdExists($id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT private
+ FROM ".$db_table_prefix."pages
+ WHERE
+ id = ?
+ LIMIT 1");
+ $stmt->bind_param("i", $id);
+ $stmt->execute();
+ $stmt->store_result();
+ $num_returns = $stmt->num_rows;
+ $stmt->close();
+
+ if ($num_returns > 0)
+ {
+ return true;
+ }
+ else
+ {
+ return false;
+ }
+}
+
+//Toggle private/public setting of a page
+function updatePrivate($id, $private)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
+ SET
+ private = ?
+ WHERE
+ id = ?");
+ $stmt->bind_param("ii", $private, $id);
+ $result = $stmt->execute();
+ $stmt->close();
+ return $result;
+}
+
+//Functions that interact mainly with .permission_page_matches table
+//------------------------------------------------------------------------------
+
+//Match permission level(s) with page(s)
+function addPage($page, $permission) {
+ global $mysqli,$db_table_prefix;
+ $i = 0;
+ $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
+ permission_id,
+ page_id
+ )
+ VALUES (
+ ?,
+ ?
+ )");
+ if (is_array($permission)){
+ foreach($permission as $id){
+ $stmt->bind_param("ii", $id, $page);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ elseif (is_array($page)){
+ foreach($page as $id){
+ $stmt->bind_param("ii", $permission, $id);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ else {
+ $stmt->bind_param("ii", $permission, $page);
+ $stmt->execute();
+ $i++;
+ }
+ $stmt->close();
+ return $i;
+}
+
+//Retrieve list of permission levels that can access a page
+function fetchPagePermissions($page_id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ permission_id
+ FROM ".$db_table_prefix."permission_page_matches
+ WHERE page_id = ?
+ ");
+ $stmt->bind_param("i", $page_id);
+ $stmt->execute();
+ $stmt->bind_result($id, $permission);
+ while ($stmt->fetch()){
+ $row[$permission] = array('id' => $id, 'permission_id' => $permission);
+ }
+ $stmt->close();
+ if (isset($row)){
+ return ($row);
+ }
+}
+
+//Retrieve list of pages that a permission level can access
+function fetchPermissionPages($permission_id)
+{
+ global $mysqli,$db_table_prefix;
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ page_id
+ FROM ".$db_table_prefix."permission_page_matches
+ WHERE permission_id = ?
+ ");
+ $stmt->bind_param("i", $permission_id);
+ $stmt->execute();
+ $stmt->bind_result($id, $page);
+ while ($stmt->fetch()){
+ $row[$page] = array('id' => $id, 'permission_id' => $page);
+ }
+ $stmt->close();
+ if (isset($row)){
+ return ($row);
+ }
+}
+
+//Unmatched permission and page
+function removePage($page, $permission) {
+ global $mysqli,$db_table_prefix;
+ $i = 0;
+ $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
+ WHERE page_id = ?
+ AND permission_id =?");
+ if (is_array($page)){
+ foreach($page as $id){
+ $stmt->bind_param("ii", $id, $permission);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ elseif (is_array($permission)){
+ foreach($permission as $id){
+ $stmt->bind_param("ii", $page, $id);
+ $stmt->execute();
+ $i++;
+ }
+ }
+ else {
+ $stmt->bind_param("ii", $permission, $user);
+ $stmt->execute();
+ $i++;
+ }
+ $stmt->close();
+ return $i;
+}
+
+//Check if a user has access to a page
+function securePage($uri){
+
+ //Separate document name from uri
+ $tokens = explode('/', $uri);
+ $page = $tokens[sizeof($tokens)-1];
+ global $mysqli,$db_table_prefix,$loggedInUser;
+ //retrieve page details
+ $stmt = $mysqli->prepare("SELECT
+ id,
+ page,
+ private
+ FROM ".$db_table_prefix."pages
+ WHERE
+ page = ?
+ LIMIT 1");
+ $stmt->bind_param("s", $page);
+ $stmt->execute();
+ $stmt->bind_result($id, $page, $private);
+ while ($stmt->fetch()){
+ $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
+ }
+ $stmt->close();
+ //If page does not exist in DB, allow access
+ if (empty($pageDetails)){
+ return true;
+ }
+ //If page is public, allow access
+ elseif ($pageDetails['private'] == 0) {
+ return true;
+ }
+ //If user is not logged in, deny access
+ elseif(!isUserLoggedIn())
+ {
+ header("Location: login.php");
+ return false;
+ }
+ else {
+ //Retrieve list of permission levels with access to page
+ $stmt = $mysqli->prepare("SELECT
+ permission_id
+ FROM ".$db_table_prefix."permission_page_matches
+ WHERE page_id = ?
+ ");
+ $stmt->bind_param("i", $pageDetails['id']);
+ $stmt->execute();
+ $stmt->bind_result($permission);
+ while ($stmt->fetch()){
+ $pagePermissions[] = $permission;
+ }
+ $stmt->close();
+ //Check if user's permission levels allow access to page
+ if ($loggedInUser->checkPermission($pagePermissions)){
+ return true;
+ }
+ //Grant access if master user
+ elseif ($loggedInUser->user_id == $master_account){
+ return true;
+ }
+ else {
+ header("Location: account.php");
+ return false;
+ }
+ }
+}
+
+?>