3 UserCake Version: 2.0.2
\r
7 //Functions that do not interact with DB
\r
8 //------------------------------------------------------------------------------
\r
10 //Retrieve a list of all .php files in models/languages
\r
11 function getLanguageFiles()
\r
13 $directory = "models/languages/";
\r
14 $languages = glob($directory . "*.php");
\r
15 //print each file name
\r
19 //Retrieve a list of all .css files in models/site-templates
\r
20 function getTemplateFiles()
\r
22 $directory = "models/site-templates/";
\r
23 $languages = glob($directory . "*.css");
\r
24 //print each file name
\r
28 //Retrieve a list of all .php files in root files folder
\r
29 function getPageFiles()
\r
32 $pages = glob($directory . "*.php");
\r
33 //print each file name
\r
34 foreach ($pages as $page){
\r
35 $row[$page] = $page;
\r
40 //Destroys a session as part of logout
\r
41 function destroySession($name)
\r
43 if(isset($_SESSION[$name]))
\r
45 $_SESSION[$name] = NULL;
\r
46 unset($_SESSION[$name]);
\r
50 //Generate a unique code
\r
51 function getUniqueCode($length = "")
\r
53 $code = md5(uniqid(rand(), true));
\r
54 if ($length != "") return substr($code, 0, $length);
\r
58 //Generate an activation key
\r
59 function generateActivationToken($gen = null)
\r
63 $gen = md5(uniqid(mt_rand(), false));
\r
65 while(validateActivationToken($gen));
\r
69 //@ Thanks to - http://phpsec.org
\r
70 function generateHash($plainText, $salt = null)
\r
74 //$salt = substr(md5(uniqid(rand(), true)), 0, 25); // Original UserCake
\r
75 $random = file_get_contents("/dev/urandom", false, null, 0, 25); // Get random number
\r
76 $salt = '$6$'.bin2hex($random).'$'; // Make hex salt
\r
79 //return $salt . sha1($salt . $plainText); // Original UserCake
\r
80 return crypt($plainText, $salt);
\r
84 * Generates a random password for emailing to new users.
\r
85 * User should be asked to change the password.
\r
87 function generatePassword()
\r
89 $random = file_get_contents("/dev/urandom", false, null, 0, 25);
\r
90 return bin2hex($random);
\r
93 //Checks if an email is valid
\r
94 function isValidEmail($email)
\r
96 if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
\r
104 //Inputs language strings from selected language.
\r
105 function lang($key,$markers = NULL)
\r
108 if($markers == NULL)
\r
110 $str = $lang[$key];
\r
114 //Replace any dyamic markers
\r
115 $str = $lang[$key];
\r
117 foreach($markers as $marker)
\r
119 $str = str_replace("%m".$iteration."%",$marker,$str);
\r
123 //Ensure we have something to return
\r
126 return ("No language key found");
\r
134 //Checks if a string is within a min and max length
\r
135 function minMaxRange($min, $max, $what)
\r
137 if(strlen(trim($what)) < $min)
\r
139 else if(strlen(trim($what)) > $max)
\r
145 //Replaces hooks with specified text
\r
146 function replaceDefaultHook($str)
\r
148 global $default_hooks,$default_replace;
\r
149 return (str_replace($default_hooks,$default_replace,$str));
\r
152 //Displays error and success messages
\r
153 function resultBlock($errors,$successes){
\r
155 if(count($errors) > 0)
\r
157 echo "<div id='result' class='fail'>";
\r
159 foreach($errors as $error)
\r
161 echo "<p>".$error."</p>";
\r
166 if(count($successes) > 0)
\r
168 echo "<div id='success'>
\r
169 <a href='#' onclick=\"showHide('success');\">[X]</a>
\r
171 foreach($successes as $success)
\r
173 echo "<li>".$success."</li>";
\r
180 function notificationBlock($errors, $successes) {
\r
181 if (count($errors) > 0 || count($successes) > 0)
\r
184 <div class="widget dismiss-container">
\r
185 <div class="dismiss right">
\r
186 <a href="#">Dismiss</a>
\r
189 <div class="title large">Notifications</div>
\r
192 foreach ($errors as $error)
\r
194 echo '<p class="fail">'.$error.'</p>';
\r
197 foreach ($successes as $success)
\r
199 echo '<p>'.$success.'</p>';
\r
204 <script type="text/javascript">
\r
205 $(".dismiss").click(function() {
\r
206 $(".dismiss-container").css("display", "none");
\r
213 //Completely sanitizes text
\r
214 function sanitize($str)
\r
216 return strtolower(strip_tags(trim(($str))));
\r
219 //Functions that interact mainly with .users table
\r
220 //------------------------------------------------------------------------------
\r
222 //Delete a defined array of users
\r
223 function deleteUsers($users) {
\r
224 global $mysqli,$db_table_prefix;
\r
226 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."users
\r
228 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
229 WHERE user_id = ?");
\r
230 foreach($users as $id){
\r
231 $stmt->bind_param("i", $id);
\r
233 $stmt2->bind_param("i", $id);
\r
242 //Check if a display name exists in the DB
\r
243 function displayNameExists($displayname)
\r
245 global $mysqli,$db_table_prefix;
\r
246 $stmt = $mysqli->prepare("SELECT active
\r
247 FROM ".$db_table_prefix."users
\r
251 $stmt->bind_param("s", $displayname);
\r
253 $stmt->store_result();
\r
254 $num_returns = $stmt->num_rows;
\r
257 if ($num_returns > 0)
\r
267 //Check if an email exists in the DB
\r
268 function emailExists($email)
\r
270 global $mysqli,$db_table_prefix;
\r
271 $stmt = $mysqli->prepare("SELECT active
\r
272 FROM ".$db_table_prefix."users
\r
276 $stmt->bind_param("s", $email);
\r
278 $stmt->store_result();
\r
279 $num_returns = $stmt->num_rows;
\r
282 if ($num_returns > 0)
\r
292 //Check if a user name and email belong to the same user
\r
293 function emailUsernameLinked($email,$username)
\r
295 global $mysqli,$db_table_prefix;
\r
296 $stmt = $mysqli->prepare("SELECT active
\r
297 FROM ".$db_table_prefix."users
\r
298 WHERE user_name = ?
\r
303 $stmt->bind_param("ss", $username, $email);
\r
305 $stmt->store_result();
\r
306 $num_returns = $stmt->num_rows;
\r
309 if ($num_returns > 0)
\r
319 function permissionNameToId($permission)
\r
321 global $mysqli,$db_table_prefix;
\r
322 $stmt = $mysqli->prepare("SELECT id
\r
323 FROM ".$db_table_prefix."permissions
\r
327 $stmt->bind_param("s", $permission);
\r
329 $stmt->bind_result($id);
\r
331 while ($stmt->fetch()){
\r
339 function fetchAllUsersWithPerm($perm_name)
\r
341 global $mysqli,$db_table_prefix;
\r
343 $perm_id = permissionNameToId($perm_name);
\r
344 $stmt = $mysqli->prepare("SELECT
\r
346 FROM ".$db_table_prefix."users p1
\r
347 WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
348 WHERE user_id=p1.id AND permission_id=?)"
\r
350 $stmt->bind_param("i", $perm_id);
\r
352 $stmt->bind_result($id);
\r
354 while ($stmt->fetch()){
\r
361 function fetchAllUsersWithoutPerm($perm_name)
\r
363 global $mysqli,$db_table_prefix;
\r
365 $perm_id = permissionNameToId($perm_name);
\r
366 $stmt = $mysqli->prepare("SELECT
\r
368 FROM ".$db_table_prefix."users p1
\r
369 WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches
\r
370 WHERE user_id=p1.id AND permission_id=?)"
\r
372 $stmt->bind_param("i", $perm_id);
\r
374 $stmt->bind_result($id);
\r
376 while ($stmt->fetch()){
\r
383 //Retrieve information for all users
\r
384 function fetchAllUsers()
\r
386 global $mysqli,$db_table_prefix;
\r
387 $stmt = $mysqli->prepare("SELECT
\r
394 last_activation_request,
\r
395 lost_password_request,
\r
400 FROM ".$db_table_prefix."users");
\r
402 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
404 while ($stmt->fetch()){
\r
405 $row[] = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
411 //Yeah usercake... Fetches the user id from username
\r
412 function fetchUserId($username)
\r
414 global $mysqli,$db_table_prefix;
\r
415 $stmt = $mysqli->prepare("SELECT
\r
417 FROM ".$db_table_prefix."users
\r
421 $stmt->bind_param("s", $username);
\r
424 $stmt->bind_result($id);
\r
425 while ($stmt->fetch()){
\r
432 //Retrieve complete user information by username, token or ID
\r
433 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)
\r
435 if($username!=NULL) {
\r
436 $column = "user_name";
\r
439 elseif($token!=NULL) {
\r
440 $column = "activation_token";
\r
443 elseif($id!=NULL) {
\r
447 global $mysqli,$db_table_prefix;
\r
448 $stmt = $mysqli->prepare("SELECT
\r
455 last_activation_request,
\r
456 lost_password_request,
\r
461 FROM ".$db_table_prefix."users
\r
465 $stmt->bind_param("s", $data);
\r
468 $stmt->bind_result($id, $user, $display, $password, $email, $token, $activationRequest, $passwordRequest, $active, $title, $signUp, $signIn);
\r
469 while ($stmt->fetch()){
\r
470 $row = array('id' => $id, 'user_name' => $user, 'display_name' => $display, 'password' => $password, 'email' => $email, 'activation_token' => $token, 'last_activation_request' => $activationRequest, 'lost_password_request' => $passwordRequest, 'active' => $active, 'title' => $title, 'sign_up_stamp' => $signUp, 'last_sign_in_stamp' => $signIn);
\r
476 //Toggle if lost password request flag on or off
\r
477 function flagLostPasswordRequest($username,$value)
\r
479 global $mysqli,$db_table_prefix;
\r
480 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
481 SET lost_password_request = ?
\r
486 $stmt->bind_param("ss", $value, $username);
\r
487 $result = $stmt->execute();
\r
492 //Check if a user is logged in
\r
493 function isUserLoggedIn()
\r
495 global $loggedInUser,$mysqli,$db_table_prefix;
\r
496 $stmt = $mysqli->prepare("SELECT
\r
499 FROM ".$db_table_prefix."users
\r
507 $stmt->bind_param("is", $loggedInUser->user_id, $loggedInUser->hash_pw);
\r
509 $stmt->store_result();
\r
510 $num_returns = $stmt->num_rows;
\r
513 if($loggedInUser == NULL)
\r
519 if ($num_returns > 0)
\r
525 destroySession("userCakeUser");
\r
531 //Change a user from inactive to active
\r
532 function setUserActive($token)
\r
534 global $mysqli,$db_table_prefix;
\r
535 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
538 activation_token = ?
\r
540 $stmt->bind_param("s", $token);
\r
541 $result = $stmt->execute();
\r
546 //Change a user's display name
\r
547 function updateDisplayName($id, $display)
\r
549 global $mysqli,$db_table_prefix;
\r
550 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
551 SET display_name = ?
\r
555 $stmt->bind_param("si", $display, $id);
\r
556 $result = $stmt->execute();
\r
561 //Update a user's email
\r
562 function updateEmail($id, $email)
\r
564 global $mysqli,$db_table_prefix;
\r
565 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
570 $stmt->bind_param("si", $email, $id);
\r
571 $result = $stmt->execute();
\r
576 //Input new activation token, and update the time of the most recent activation request
\r
577 function updateLastActivationRequest($new_activation_token,$username,$email)
\r
579 global $mysqli,$db_table_prefix;
\r
580 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
581 SET activation_token = ?,
\r
582 last_activation_request = ?
\r
586 $stmt->bind_param("ssss", $new_activation_token, time(), $email, $username);
\r
587 $result = $stmt->execute();
\r
592 //Generate a random password, and new token
\r
593 function updatePasswordFromToken($pass,$token)
\r
595 global $mysqli,$db_table_prefix;
\r
596 $new_activation_token = generateActivationToken();
\r
597 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
599 activation_token = ?
\r
601 activation_token = ?");
\r
602 $stmt->bind_param("sss", $pass, $new_activation_token, $token);
\r
603 $result = $stmt->execute();
\r
608 //Update a user's title
\r
609 function updateTitle($id, $title)
\r
611 global $mysqli,$db_table_prefix;
\r
612 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."users
\r
617 $stmt->bind_param("si", $title, $id);
\r
618 $result = $stmt->execute();
\r
623 //Check if a user ID exists in the DB
\r
624 function userIdExists($id)
\r
626 global $mysqli,$db_table_prefix;
\r
627 $stmt = $mysqli->prepare("SELECT active
\r
628 FROM ".$db_table_prefix."users
\r
632 $stmt->bind_param("i", $id);
\r
634 $stmt->store_result();
\r
635 $num_returns = $stmt->num_rows;
\r
638 if ($num_returns > 0)
\r
648 //Checks if a username exists in the DB
\r
649 function usernameExists($username)
\r
651 global $mysqli,$db_table_prefix;
\r
652 $stmt = $mysqli->prepare("SELECT active
\r
653 FROM ".$db_table_prefix."users
\r
657 $stmt->bind_param("s", $username);
\r
659 $stmt->store_result();
\r
660 $num_returns = $stmt->num_rows;
\r
663 if ($num_returns > 0)
\r
673 //Check if activation token exists in DB
\r
674 function validateActivationToken($token,$lostpass=NULL)
\r
676 global $mysqli,$db_table_prefix;
\r
677 if($lostpass == NULL)
\r
679 $stmt = $mysqli->prepare("SELECT active
\r
680 FROM ".$db_table_prefix."users
\r
683 activation_token = ?
\r
688 $stmt = $mysqli->prepare("SELECT active
\r
689 FROM ".$db_table_prefix."users
\r
692 activation_token = ?
\r
694 lost_password_request = 1
\r
697 $stmt->bind_param("s", $token);
\r
699 $stmt->store_result();
\r
700 $num_returns = $stmt->num_rows;
\r
703 if ($num_returns > 0)
\r
713 //Functions that interact mainly with .permissions table
\r
714 //------------------------------------------------------------------------------
\r
716 //Create a permission level in DB
\r
717 function createPermission($permission) {
\r
718 global $mysqli,$db_table_prefix;
\r
719 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permissions (
\r
725 $stmt->bind_param("s", $permission);
\r
726 $result = $stmt->execute();
\r
731 //Delete a permission level from the DB
\r
732 function deletePermission($permission) {
\r
733 global $mysqli,$db_table_prefix,$errors;
\r
735 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permissions
\r
737 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
738 WHERE permission_id = ?");
\r
739 $stmt3 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
740 WHERE permission_id = ?");
\r
741 foreach($permission as $id){
\r
743 $errors[] = lang("CANNOT_DELETE_NEWUSERS");
\r
746 $errors[] = lang("CANNOT_DELETE_ADMIN");
\r
749 $stmt->bind_param("i", $id);
\r
751 $stmt2->bind_param("i", $id);
\r
753 $stmt3->bind_param("i", $id);
\r
764 //Retrieve information for all permission levels
\r
765 function fetchAllPermissions()
\r
767 global $mysqli,$db_table_prefix;
\r
768 $stmt = $mysqli->prepare("SELECT
\r
771 FROM ".$db_table_prefix."permissions");
\r
773 $stmt->bind_result($id, $name);
\r
774 while ($stmt->fetch()){
\r
775 $row[] = array('id' => $id, 'name' => $name);
\r
781 //Retrieve information for a single permission level
\r
782 function fetchPermissionDetails($id)
\r
784 global $mysqli,$db_table_prefix;
\r
785 $stmt = $mysqli->prepare("SELECT
\r
788 FROM ".$db_table_prefix."permissions
\r
792 $stmt->bind_param("i", $id);
\r
794 $stmt->bind_result($id, $name);
\r
795 while ($stmt->fetch()){
\r
796 $row = array('id' => $id, 'name' => $name);
\r
802 //Check if a permission level ID exists in the DB
\r
803 function permissionIdExists($id)
\r
805 global $mysqli,$db_table_prefix;
\r
806 $stmt = $mysqli->prepare("SELECT id
\r
807 FROM ".$db_table_prefix."permissions
\r
811 $stmt->bind_param("i", $id);
\r
813 $stmt->store_result();
\r
814 $num_returns = $stmt->num_rows;
\r
817 if ($num_returns > 0)
\r
827 //Check if a permission level name exists in the DB
\r
828 function permissionNameExists($permission)
\r
830 global $mysqli,$db_table_prefix;
\r
831 $stmt = $mysqli->prepare("SELECT id
\r
832 FROM ".$db_table_prefix."permissions
\r
836 $stmt->bind_param("s", $permission);
\r
838 $stmt->store_result();
\r
839 $num_returns = $stmt->num_rows;
\r
842 if ($num_returns > 0)
\r
852 //Change a permission level's name
\r
853 function updatePermissionName($id, $name)
\r
855 global $mysqli,$db_table_prefix;
\r
856 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."permissions
\r
861 $stmt->bind_param("si", $name, $id);
\r
862 $result = $stmt->execute();
\r
867 //Functions that interact mainly with .user_permission_matches table
\r
868 //------------------------------------------------------------------------------
\r
870 //Match permission level(s) with user(s)
\r
871 function addPermission($permission, $user) {
\r
872 global $mysqli,$db_table_prefix;
\r
874 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."user_permission_matches (
\r
882 if (is_array($permission)){
\r
883 foreach($permission as $id){
\r
884 $stmt->bind_param("ii", $id, $user);
\r
889 elseif (is_array($user)){
\r
890 foreach($user as $id){
\r
891 $stmt->bind_param("ii", $permission, $id);
\r
897 $stmt->bind_param("ii", $permission, $user);
\r
905 //Retrieve information for all user/permission level matches
\r
906 function fetchAllMatches()
\r
908 global $mysqli,$db_table_prefix;
\r
909 $stmt = $mysqli->prepare("SELECT
\r
913 FROM ".$db_table_prefix."user_permission_matches");
\r
915 $stmt->bind_result($id, $user, $permission);
\r
916 while ($stmt->fetch()){
\r
917 $row[] = array('id' => $id, 'user_id' => $user, 'permission_id' => $permission);
\r
923 //Retrieve list of permission levels a user has
\r
924 function fetchUserPermissions($user_id)
\r
926 global $mysqli,$db_table_prefix;
\r
927 $stmt = $mysqli->prepare("SELECT
\r
930 FROM ".$db_table_prefix."user_permission_matches
\r
933 $stmt->bind_param("i", $user_id);
\r
935 $stmt->bind_result($id, $permission);
\r
936 while ($stmt->fetch()){
\r
937 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
945 //Retrieve list of users who have a permission level
\r
946 function fetchPermissionUsers($permission_id)
\r
948 global $mysqli,$db_table_prefix;
\r
949 $stmt = $mysqli->prepare("SELECT id, user_id
\r
950 FROM ".$db_table_prefix."user_permission_matches
\r
951 WHERE permission_id = ?
\r
953 $stmt->bind_param("i", $permission_id);
\r
955 $stmt->bind_result($id, $user);
\r
956 while ($stmt->fetch()){
\r
957 $row[$user] = array('id' => $id, 'user_id' => $user);
\r
965 //Unmatch permission level(s) from user(s)
\r
966 function removePermission($permission, $user) {
\r
967 global $mysqli,$db_table_prefix;
\r
969 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."user_permission_matches
\r
970 WHERE permission_id = ?
\r
972 if (is_array($permission)){
\r
973 foreach($permission as $id){
\r
974 $stmt->bind_param("ii", $id, $user);
\r
979 elseif (is_array($user)){
\r
980 foreach($user as $id){
\r
981 $stmt->bind_param("ii", $permission, $id);
\r
987 $stmt->bind_param("ii", $permission, $user);
\r
995 //Functions that interact mainly with .configuration table
\r
996 //------------------------------------------------------------------------------
\r
998 //Update configuration table
\r
999 function updateConfig($id, $value)
\r
1001 global $mysqli,$db_table_prefix;
\r
1002 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."configuration
\r
1007 foreach ($id as $cfg){
\r
1008 $stmt->bind_param("si", $value[$cfg], $cfg);
\r
1014 //Functions that interact mainly with .pages table
\r
1015 //------------------------------------------------------------------------------
\r
1017 //Add a page to the DB
\r
1018 function createPages($pages) {
\r
1019 global $mysqli,$db_table_prefix;
\r
1020 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."pages (
\r
1026 foreach($pages as $page){
\r
1027 $stmt->bind_param("s", $page);
\r
1033 //Delete a page from the DB
\r
1034 function deletePages($pages) {
\r
1035 global $mysqli,$db_table_prefix;
\r
1036 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."pages
\r
1038 $stmt2 = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1039 WHERE page_id = ?");
\r
1040 foreach($pages as $id){
\r
1041 $stmt->bind_param("i", $id);
\r
1043 $stmt2->bind_param("i", $id);
\r
1044 $stmt2->execute();
\r
1050 //Fetch information on all pages
\r
1051 function fetchAllPages()
\r
1053 global $mysqli,$db_table_prefix;
\r
1054 $stmt = $mysqli->prepare("SELECT
\r
1058 FROM ".$db_table_prefix."pages");
\r
1060 $stmt->bind_result($id, $page, $private);
\r
1061 while ($stmt->fetch()){
\r
1062 $row[$page] = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1070 //Fetch information for a specific page
\r
1071 function fetchPageDetails($id)
\r
1073 global $mysqli,$db_table_prefix;
\r
1074 $stmt = $mysqli->prepare("SELECT
\r
1078 FROM ".$db_table_prefix."pages
\r
1082 $stmt->bind_param("i", $id);
\r
1084 $stmt->bind_result($id, $page, $private);
\r
1085 while ($stmt->fetch()){
\r
1086 $row = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1092 //Check if a page ID exists
\r
1093 function pageIdExists($id)
\r
1095 global $mysqli,$db_table_prefix;
\r
1096 $stmt = $mysqli->prepare("SELECT private
\r
1097 FROM ".$db_table_prefix."pages
\r
1101 $stmt->bind_param("i", $id);
\r
1103 $stmt->store_result();
\r
1104 $num_returns = $stmt->num_rows;
\r
1107 if ($num_returns > 0)
\r
1117 //Toggle private/public setting of a page
\r
1118 function updatePrivate($id, $private)
\r
1120 global $mysqli,$db_table_prefix;
\r
1121 $stmt = $mysqli->prepare("UPDATE ".$db_table_prefix."pages
\r
1126 $stmt->bind_param("ii", $private, $id);
\r
1127 $result = $stmt->execute();
\r
1132 //Functions that interact mainly with .permission_page_matches table
\r
1133 //------------------------------------------------------------------------------
\r
1135 //Match permission level(s) with page(s)
\r
1136 function addPage($page, $permission) {
\r
1137 global $mysqli,$db_table_prefix;
\r
1139 $stmt = $mysqli->prepare("INSERT INTO ".$db_table_prefix."permission_page_matches (
\r
1147 if (is_array($permission)){
\r
1148 foreach($permission as $id){
\r
1149 $stmt->bind_param("ii", $id, $page);
\r
1154 elseif (is_array($page)){
\r
1155 foreach($page as $id){
\r
1156 $stmt->bind_param("ii", $permission, $id);
\r
1162 $stmt->bind_param("ii", $permission, $page);
\r
1170 //Retrieve list of permission levels that can access a page
\r
1171 function fetchPagePermissions($page_id)
\r
1173 global $mysqli,$db_table_prefix;
\r
1174 $stmt = $mysqli->prepare("SELECT
\r
1177 FROM ".$db_table_prefix."permission_page_matches
\r
1180 $stmt->bind_param("i", $page_id);
\r
1182 $stmt->bind_result($id, $permission);
\r
1183 while ($stmt->fetch()){
\r
1184 $row[$permission] = array('id' => $id, 'permission_id' => $permission);
\r
1192 //Retrieve list of pages that a permission level can access
\r
1193 function fetchPermissionPages($permission_id)
\r
1195 global $mysqli,$db_table_prefix;
\r
1196 $stmt = $mysqli->prepare("SELECT
\r
1199 FROM ".$db_table_prefix."permission_page_matches
\r
1200 WHERE permission_id = ?
\r
1202 $stmt->bind_param("i", $permission_id);
\r
1204 $stmt->bind_result($id, $page);
\r
1205 while ($stmt->fetch()){
\r
1206 $row[$page] = array('id' => $id, 'permission_id' => $page);
\r
1214 //Unmatched permission and page
\r
1215 function removePage($page, $permission) {
\r
1216 global $mysqli,$db_table_prefix;
\r
1218 $stmt = $mysqli->prepare("DELETE FROM ".$db_table_prefix."permission_page_matches
\r
1220 AND permission_id =?");
\r
1221 if (is_array($page)){
\r
1222 foreach($page as $id){
\r
1223 $stmt->bind_param("ii", $id, $permission);
\r
1228 elseif (is_array($permission)){
\r
1229 foreach($permission as $id){
\r
1230 $stmt->bind_param("ii", $page, $id);
\r
1236 $stmt->bind_param("ii", $permission, $user);
\r
1244 //Check if a user has access to a page
\r
1245 function securePage($uri){
\r
1247 //Separate document name from uri
\r
1248 $tokens = explode('/', $uri);
\r
1249 $page = $tokens[sizeof($tokens)-1];
\r
1250 global $mysqli,$db_table_prefix,$loggedInUser;
\r
1251 //retrieve page details
\r
1252 $stmt = $mysqli->prepare("SELECT
\r
1256 FROM ".$db_table_prefix."pages
\r
1260 $stmt->bind_param("s", $page);
\r
1262 $stmt->bind_result($id, $page, $private);
\r
1263 while ($stmt->fetch()){
\r
1264 $pageDetails = array('id' => $id, 'page' => $page, 'private' => $private);
\r
1267 //If page does not exist in DB, allow access
\r
1268 if (empty($pageDetails)){
\r
1271 //If page is public, allow access
\r
1272 elseif ($pageDetails['private'] == 0) {
\r
1275 //If user is not logged in, deny access
\r
1276 elseif(!isUserLoggedIn())
\r
1278 header("Location: login.php");
\r
1282 //Retrieve list of permission levels with access to page
\r
1283 $stmt = $mysqli->prepare("SELECT
\r
1285 FROM ".$db_table_prefix."permission_page_matches
\r
1288 $stmt->bind_param("i", $pageDetails['id']);
\r
1290 $stmt->bind_result($permission);
\r
1291 while ($stmt->fetch()){
\r
1292 $pagePermissions[] = $permission;
\r
1295 //Check if user's permission levels allow access to page
\r
1296 if ($loggedInUser->checkPermission($pagePermissions)){
\r
1299 //Grant access if master user
\r
1300 elseif ($loggedInUser->user_id == $master_account){
\r
1304 header("Location: index.php");
\r