API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 22nd, 2016
227
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 17.97 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2. /*
  3. UserSpice 4
  4. An Open Source PHP User Management System
  5. by the UserSpice Team at http://UserSpice.com
  6.  
  7. This program is free software: you can redistribute it and/or modify
  8. it under the terms of the GNU General Public License as published by
  9. the Free Software Foundation, either version 3 of the License, or
  10. (at your option) any later version.
  11.  
  12. This program is distributed in the hope that it will be useful,
  13. but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. GNU General Public License for more details.
  16.  
  17. You should have received a copy of the GNU General Public License
  18. along with this program. If not, see <http://www.gnu.org/licenses/>.
  19. */
  20. // UserSpice Specific Functions
  21. function testUS(){
  22. echo "<br>";
  23. echo "UserSpice Functions have been properly included";
  24. echo "<br>";
  25. }
  26.  
  27.  
  28. function get_gravatar($email, $s = 120, $d = 'mm', $r = 'pg', $img = false, $atts = array() ) {
  29. $url = 'https://www.gravatar.com/avatar/';
  30. $url .= md5( strtolower( trim( $email ) ) );
  31. $url .= "?s=$s&d=$d&r=$r";
  32. if ( $img ) {
  33. $url = '<img src="' . $url . '"';
  34. foreach ( $atts as $key => $val )
  35. $url .= ' ' . $key . '="' . $val . '"';
  36. $url .= ' />';
  37. }
  38. return $url;
  39. }
  40.  
  41. //Check if a permission level ID exists in the DB
  42. function permissionIdExists($id) {
  43. $db = DB::getInstance();
  44. $query = $db->query("SELECT id FROM permissions WHERE id = ? LIMIT 1",array($id));
  45. $num_returns = $query->count();
  46.  
  47. if ($num_returns > 0) {
  48. return true;
  49. } else {
  50. return false;
  51. }
  52. }
  53.  
  54. //Check if a user ID exists in the DB
  55. function userIdExists($id) {
  56. $db = DB::getInstance();
  57. $query = $db->query("SELECT * FROM users WHERE id = ?",array($id));
  58. $num_returns = $query->count();
  59. if ($num_returns > 0){
  60. return true;
  61. }else{
  62. return false;
  63. }
  64. }
  65.  
  66. //Retrieve information for a single permission level
  67. function fetchPermissionDetails($id) {
  68. $db = DB::getInstance();
  69. $query = $db->query("SELECT id, name FROM permissions WHERE id = ? LIMIT 1",array($id));
  70. $results = $query->first();
  71. $row = array('id' => $results->id, 'name' => $results->name);
  72. return ($row);
  73. }
  74.  
  75. //Change a permission level's name
  76. function updatePermissionName($id, $name) {
  77. $db = DB::getInstance();
  78. $fields=array('name'=>$name);
  79. $db->update('permissions',$id,$fields);
  80. }
  81.  
  82. //Checks if a username exists in the DB
  83. function usernameExists($username) {
  84. $db = DB::getInstance();
  85. $query = $db->query("SELECT * FROM users WHERE username = ?",array($username));
  86. $results = $query->results();
  87. return ($results);
  88. }
  89.  
  90. //Retrieve information for all users
  91. function fetchAllUsers() {
  92. $db = DB::getInstance();
  93. $query = $db->query("SELECT * FROM users");
  94. $results = $query->results();
  95. return ($results);
  96. }
  97.  
  98. //Retrieve complete user information by username, token or ID
  99. function fetchUserDetails($username=NULL,$token=NULL, $id=NULL){
  100. if($username!=NULL) {
  101. $column = "username";
  102. $data = $username;
  103. }elseif($id!=NULL) {
  104. $column = "id";
  105. $data = $id;
  106. }
  107. $db = DB::getInstance();
  108. $query = $db->query("SELECT * FROM users WHERE $column = $data LIMIT 1");
  109. $results = $query->first();
  110. return ($results);
  111. }
  112.  
  113. //Retrieve list of permission levels a user has
  114. function fetchUserPermissions($user_id) {
  115. $db = DB::getInstance();
  116. $query = $db->query("SELECT * FROM user_permission_matches WHERE user_id = ?",array($user_id));
  117. $results = $query->results();
  118. return ($results);
  119. }
  120.  
  121.  
  122. //Retrieve list of users who have a permission level
  123. function fetchPermissionUsers($permission_id) {
  124. $db = DB::getInstance();
  125. $query = $db->query("SELECT id, user_id FROM user_permission_matches WHERE permission_id = ?",array($permission_id));
  126. $results = $query->results();
  127. return ($results);
  128. $row[$user] = array('id' => $id, 'user_id' => $user);
  129. if (isset($row)){
  130. return ($row);
  131. }
  132. }
  133.  
  134. //Unmatch permission level(s) from user(s)
  135. function removePermission($permissions, $members) {
  136. $db = DB::getInstance();
  137. if(is_array($members)){
  138. $memberString = '';
  139. foreach($members as $member){
  140. $memberString .= $member.',';
  141. }
  142. $memberString = rtrim($memberString,',');
  143.  
  144. $q = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ? AND user_id IN ({$memberString})",[$permissions]);
  145. }elseif(is_array($permissions)){
  146. $permissionString = '';
  147. foreach($permissions as $permission){
  148. $permissionString .= $permission.',';
  149. }
  150. $permissionString = rtrim($permissionString,',');
  151. $q = $db->query("DELETE FROM user_permission_matches WHERE user_id = ? AND permission_id IN ({$permissionString})",[$members]);
  152. }
  153. return $q->count();
  154. }
  155.  
  156. //Retrieve a list of all .php files in root files folder
  157. function getPathPhpFiles($absRoot,$urlRoot,$fullPath) {
  158. $directory = $absRoot.$urlRoot.$fullPath;
  159. //bold ($directory);
  160. $pages = glob($directory . "*.php");
  161.  
  162. foreach ($pages as $page){
  163. $fixed = str_replace($absRoot.$urlRoot,'',$page);
  164. $row[$fixed] = $fixed;
  165. }
  166. return $row;
  167. }
  168.  
  169. //Retrieve a list of all .php files in root files folder
  170. function getPageFiles() {
  171. $directory = "../";
  172. $pages = glob($directory . "*.php");
  173. foreach ($pages as $page){
  174. $fixed = str_replace('../','/'.$us_url_root,$page);
  175. $row[$fixed] = $fixed;
  176. }
  177. return $row;
  178. }
  179.  
  180. //Retrive a list of all .php files in users/ folder
  181. function getUSPageFiles() {
  182. $directory = "../users/";
  183. $pages = glob($directory . "*.php");
  184. foreach ($pages as $page){
  185. $fixed = str_replace('../users/','/'.$us_url_root.'users/',$page);
  186. $row[$fixed] = $fixed;
  187. }
  188. return $row;
  189. }
  190.  
  191. //Delete a page from the DB
  192. function deletePages($pages) {
  193. $db = DB::getInstance();
  194. if(!$query = $db->query("DELETE FROM pages WHERE id IN ({$pages})")){
  195. throw new Exception('There was a problem deleting pages.');
  196. }else{
  197. return true;
  198. }
  199. }
  200.  
  201. //Fetch information on all pages
  202. function fetchAllPages() {
  203. $db = DB::getInstance();
  204. $query = $db->query("SELECT id, page, private FROM pages ORDER BY id DESC");
  205. $pages = $query->results();
  206. //return $pages;
  207.  
  208. if (isset($row)){
  209. return ($row);
  210. }else{
  211. return $pages;
  212. }
  213. }
  214.  
  215. //Fetch information for a specific page
  216. function fetchPageDetails($id) {
  217. $db = DB::getInstance();
  218. $query = $db->query("SELECT id, page, private FROM pages WHERE id = ?",array($id));
  219. $row = $query->first();
  220. return $row;
  221. }
  222.  
  223.  
  224. //Check if a page ID exists
  225. function pageIdExists($id) {
  226. $db = DB::getInstance();
  227. $query = $db->query("SELECT private FROM pages WHERE id = ? LIMIT 1",array($id));
  228. $num_returns = $query->count();
  229. if ($num_returns > 0){
  230. return true;
  231. }else{
  232. return false;
  233. }
  234. }
  235.  
  236. //Toggle private/public setting of a page
  237. function updatePrivate($id, $private) {
  238. $db = DB::getInstance();
  239. $result = $db->query("UPDATE pages SET private = ? WHERE id = ?",array($private,$id));
  240. return $result;
  241. }
  242.  
  243. //Add a page to the DB
  244. function createPages($pages) {
  245. $db = DB::getInstance();
  246. foreach($pages as $page){
  247. $fields=array('page'=>$page, 'private'=>'0');
  248. $db->insert('pages',$fields);
  249. }
  250. }
  251.  
  252. //Match permission level(s) with page(s)
  253. function addPage($page, $permission) {
  254. $db = DB::getInstance();
  255. $i = 0;
  256. if (is_array($permission)){
  257. foreach($permission as $id){
  258. $query = $db->query("INSERT INTO permission_page_matches (
  259. permission_id, page_id ) VALUES ( $id , $page )");
  260. $i++;
  261. }
  262. } elseif (is_array($page)){
  263. foreach($page as $id){
  264. $query = $db->query("INSERT INTO permission_page_matches (
  265. permission_id, page_id ) VALUES ( $permission , $id )");
  266. $i++;
  267. }
  268. } else {
  269. $query = $db->query("INSERT INTO permission_page_matches (
  270. permission_id, page_id ) VALUES ( $permission , $page )");
  271. $i++;
  272. }
  273. return $i;
  274. }
  275.  
  276. //Retrieve list of permission levels that can access a page
  277. function fetchPagePermissions($page_id) {
  278. $db = DB::getInstance();
  279. $query = $db->query("SELECT id, permission_id FROM permission_page_matches WHERE page_id = ? ",array($page_id));
  280. $results = $query->results();
  281. return($results);
  282. }
  283.  
  284. //Retrieve list of pages that a permission level can access
  285. function fetchPermissionPages($permission_id) {
  286. $db = DB::getInstance();
  287.  
  288. $query = $db->query(
  289. "SELECT m.id as id, m.page_id as page_id, p.page as page, p.private as private
  290. FROM permission_page_matches AS m
  291. INNER JOIN pages AS p ON m.page_id = p.id
  292. WHERE m.permission_id = ?",[$permission_id]);
  293. $results = $query->results();
  294. return ($results);
  295. }
  296.  
  297. //Unmatched permission and page
  298. function removePage($pages, $permissions) {
  299. $db = DB::getInstance();
  300. if(is_array($permissions)){
  301. $ids = '';
  302. for($i = 0; $i < count($permissions);$i++){
  303. $ids .= $permissions[$i].',';
  304. }
  305. $ids = rtrim($ids,',');
  306. if($query = $db->query("DELETE FROM permission_page_matches WHERE permission_id IN ({$ids}) AND page_id = ?",array($pages))){
  307. return $query->count();
  308. }
  309. }elseif(is_array($pages)){
  310. $ids = '';
  311. for($i = 0; $i < count($pages);$i++){
  312. $ids .= $pages[$i].',';
  313. }
  314. $ids = rtrim($ids,',');
  315. if($query = $db->query("DELETE FROM permission_page_matches WHERE page_id IN ({$ids}) AND permission_id = ?",array($permissions))){
  316. return $query->count();
  317. }
  318. }
  319. }
  320.  
  321. //Delete a defined array of users
  322. function deleteUsers($users) {
  323. $db = DB::getInstance();
  324. $i = 0;
  325. foreach($users as $id){
  326. $query1 = $db->query("DELETE FROM users WHERE id = ?",array($id));
  327. $query2 = $db->query("DELETE FROM user_permission_matches WHERE user_id = ?",array($id));
  328. $query3 = $db->query("DELETE FROM profiles WHERE user_id = ?",array($id));
  329. $i++;
  330. }
  331. return $i;
  332. }
  333.  
  334.  
  335. //Check if a user has access to a page
  336. function securePage($uri){
  337. //Separate document name from uri
  338. //$tokens = explode('/', $uri);
  339. //$page = end($tokens);
  340.  
  341. $abs_us_root=$_SERVER['DOCUMENT_ROOT'];
  342.  
  343. $self_path=explode("/", $_SERVER['PHP_SELF']);
  344. $self_path_length=count($self_path);
  345. $file_found=FALSE;
  346.  
  347. for($i = 1; $i < $self_path_length; $i++){
  348. array_splice($self_path, $self_path_length-$i, $i);
  349. $us_url_root=implode("/",$self_path)."/";
  350.  
  351. if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
  352. $file_found=TRUE;
  353. break;
  354. }else{
  355. $file_found=FALSE;
  356. }
  357. }
  358.  
  359. $urlRootLength=strlen($us_url_root);
  360. $page=substr($uri,$urlRootLength,strlen($uri)-$urlRootLength);
  361.  
  362. //bold($page);
  363.  
  364. $db = DB::getInstance();
  365. $id = null;
  366. $private = null;
  367. // dnd($page);
  368. global $user;
  369. // dnd($user);
  370. if(isset($user) && $user->data() != null){
  371. if($user->data()->permissions==0){
  372. bold('<br><br><br>Sorry. You have been banned. If you feel this is an error, please contact the administrator.');
  373. die();
  374. }
  375. }
  376. //retrieve page details
  377. $query = $db->query("SELECT id, page, private FROM pages WHERE page = ?",[$page]);
  378. $count = $query->count();
  379. if ($count==0){
  380. //Get line from z_us_root.php that starts with $path
  381. $file = fopen($abs_us_root.$us_url_root."z_us_root.php","r");
  382. while(!feof($file)){
  383. $currentLine=fgets($file);
  384. if (substr($currentLine,0,5)=='$path'){
  385. //echo $currentLine;
  386. //if here, then it found the line starting with $path so break to preserve $currentLine value
  387. break;
  388. }
  389. }
  390. fclose($file);
  391.  
  392. //sample text: $path=('/','/users/','/usersc/');
  393. //Get array of paths, with quotes removed
  394. $lineLength=strlen($currentLine);
  395. $pathString=str_replace("'","",substr($currentLine,7,$lineLength-11));
  396. $paths=explode(',',$pathString);
  397.  
  398. $pages=[];
  399.  
  400. //Get list of php files for each $path
  401. foreach ($paths as $path){
  402. $rows=getPathPhpFiles($abs_us_root,$us_url_root,$path);
  403. foreach ($rows as $row){
  404. $pages[]=$row;
  405. }
  406. }
  407.  
  408. $dbpages = fetchAllPages(); //Retrieve list of pages in pages table
  409.  
  410. $count = 0;
  411. $dbcount = count($dbpages);
  412. $creations = array();
  413.  
  414. foreach ($pages as $page) {
  415. $page_exists = false;
  416. foreach ($dbpages as $k => $dbpage) {
  417. if ($dbpage->page === $page) {
  418. unset($dbpages[$k]);
  419. $page_exists = true;
  420. break;
  421. }
  422. }
  423. if (!$page_exists) {
  424. $creations[] = $page;
  425. }
  426. }
  427. $query = $db->query("SELECT id, page, private FROM pages WHERE page = ?",[$page]);
  428. $count = $query->count();
  429. if ($count==0){
  430. bold('<br><br>You must go into the Admin Panel and click the Manage Pages button to add this page to the database. Doing so will make this error go away.');
  431. die();
  432. }
  433. }
  434. $results = $query->first();
  435.  
  436. $pageDetails = array( 'id' =>$results->id, 'page' => $results->page, 'private' =>$results->private);
  437.  
  438. $pageID = $results->id;
  439.  
  440. //If page does not exist in DB, allow access
  441. if (empty($pageDetails)){
  442. return true;
  443. }elseif ($pageDetails['private'] == 0){//If page is public, allow access
  444. return true;
  445. }elseif(!$user->isLoggedIn()){ //If user is not logged in, deny access
  446. Redirect::to($us_url_root.'users/login.php');
  447. return false;
  448. }else {
  449. //Retrieve list of permission levels with access to page
  450.  
  451. $query = $db->query("SELECT permission_id FROM permission_page_matches WHERE page_id = ?",[$pageID]);
  452.  
  453. $permission = $query->results();
  454. $pagePermissions[] = $permission;
  455.  
  456. //Check if user's permission levels allow access to page
  457. if (checkPermission($pagePermissions)){
  458. return true;
  459. }elseif ($user->data()->id == $master_account){ //Grant access if master user
  460. return true;
  461. }else {
  462. Redirect::to("index.php");
  463. return false;
  464. }
  465. }
  466. }
  467.  
  468. //Does user have permission
  469. //This is the old school UserSpice Permission System
  470. function checkPermission($permission) {
  471. $db = DB::getInstance();
  472. global $user;
  473. //Grant access if master user
  474. $access = 0;
  475.  
  476. foreach($permission[0] as $perm){
  477. if ($access == 0){
  478. $query = $db->query("SELECT id FROM user_permission_matches WHERE user_id = ? AND permission_id = ?",array($user->data()->id,$perm->permission_id));
  479. $results = $query->count();
  480. if ($results > 0){
  481. $access = 1;
  482. }
  483. }
  484. }
  485. if ($access == 1){
  486. return true;
  487. }
  488. if ($user->data()->id == 1){
  489. return true;
  490. }else{
  491. return false;
  492. }
  493. }
  494.  
  495. function checkMenu($permission, $id) {
  496. $db = DB::getInstance();
  497. global $user;
  498. //Grant access if master user
  499. $access = 0;
  500.  
  501. if ($access == 0){
  502. $query = $db->query("SELECT id FROM user_permission_matches WHERE user_id = ? AND permission_id = ?",array($id,$permission));
  503. $results = $query->count();
  504. if ($results > 0){
  505. $access = 1;
  506. }
  507. }
  508. if ($access == 1){
  509. return true;
  510. }
  511. if ($user->data()->id == 1){
  512. return true;
  513. }else{
  514. return false;
  515. }
  516. }
  517.  
  518. //Retrieve information for all permission levels
  519. function fetchAllPermissions() {
  520. $db = DB::getInstance();
  521. $query = $db->query("SELECT id, name FROM permissions");
  522. $results = $query->results();
  523. return ($results);
  524. }
  525.  
  526. //Displays error and success messages
  527. function resultBlock($errors,$successes){
  528. //Error block
  529. if(count($errors) > 0){
  530. echo "<div class='alert alert-danger alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
  531. <ul>";
  532. foreach($errors as $error){
  533. echo "<li>".$error."</li>";
  534. }
  535. echo "</ul>";
  536. echo "</div>";
  537. }
  538.  
  539. //Success block
  540. if(count($successes) > 0){
  541. echo "<div class='alert alert-success alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
  542. <ul>";
  543. foreach($successes as $success){
  544. echo "<li>".$success."</li>";
  545. }
  546. echo "</ul>";
  547. echo "</div>";
  548. }
  549. }
  550.  
  551. //Inputs language strings from selected language.
  552. function lang($key,$markers = NULL){
  553. global $lang;
  554. if($markers == NULL){
  555. $str = $lang[$key];
  556. }else{
  557. //Replace any dyamic markers
  558. $str = $lang[$key];
  559. $iteration = 1;
  560. foreach($markers as $marker){
  561. $str = str_replace("%m".$iteration."%",$marker,$str);
  562. $iteration++;
  563. }
  564. }
  565. //Ensure we have something to return
  566. if($str == ""){
  567. return ("No language key found");
  568. }else{
  569. return $str;
  570. }
  571. }
  572.  
  573.  
  574. //Check if a permission level name exists in the DB
  575. function permissionNameExists($permission) {
  576. $db = DB::getInstance();
  577. $query = $db->query("SELECT id FROM permissions WHERE
  578. name = ?",array($permission));
  579. $results = $query->results();
  580. }
  581.  
  582. //Match permission level(s) with user(s)
  583. function addPermission($permission_ids, $members) {
  584. $db = DB::getInstance();
  585. $i = 0;
  586. if(is_array($permission_ids)){
  587. foreach($permission_ids as $permission_id){
  588. if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$members,$permission_id])){
  589. $i++;
  590. }
  591. }
  592. }elseif(is_array($members)){
  593. foreach($members as $member){
  594. if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$member,$permission_ids])){
  595. $i++;
  596. }
  597. }
  598. }
  599. return $i;
  600. }
  601.  
  602.  
  603. //Delete a permission level from the DB
  604. function deletePermission($permission) {
  605. global $errors;
  606. $i = 0;
  607. $db = DB::getInstance();
  608. foreach($permission as $id){
  609. if ($id == 1){
  610. $errors[] = lang("CANNOT_DELETE_NEWUSERS");
  611. }
  612. elseif ($id == 2){
  613. $errors[] = lang("CANNOT_DELETE_ADMIN");
  614. }else{
  615. $query1 = $db->query("DELETE FROM permissions WHERE id = ?",array($id));
  616. $query2 = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ?",array($id));
  617. $query3 = $db->query("DELETE FROM permission_page_matches WHERE permission_id = ?",array($id));
  618. $i++;
  619. }
  620. }
  621. return $i;
  622.  
  623. //Redirect::to('admin_permissions.php');
  624. }
  625.  
  626. //Checks if an email is valid
  627. function isValidEmail($email){
  628. if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
  629. return true;
  630. }
  631. else {
  632. return false;
  633. }
  634. }
  635.  
  636. //Check if an email exists in the DB
  637. function emailExists($email) {
  638. $db = DB::getInstance();
  639. $query = $db->query("SELECT email FROM users WHERE email = ?",array($email));
  640. $num_returns = $query->count();
  641. if ($num_returns > 0){
  642. return true;
  643. }else{
  644. return false;
  645. }
  646. }
  647.  
  648. //Update a user's email
  649. function updateEmail($id, $email) {
  650. $db = DB::getInstance();
  651. $fields=array('email'=>$email);
  652. $db->update('users',$id,$fields);
  653.  
  654. return true;
  655. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!