class_role_restrictions.php

1. <?php
2.  
3. /*
4. Last updated: 1/16/2013 @ 10:49am by Andrew
5. */
6.  
7. class role_restrictions {
8.  
9.     private $debug = 0;
10.     private $errStr = '';
11.     private $display_title = '';
12.     private $return_url = '';
13.     private $image_url = '';
14.     private $return_link_display_text = '';
15.     private $program_base_url = '';
16.     private $program_name = '';
17.     private $dbh = '';
18.     private $dbprefix = '';
19.     private $username = '';
20.     private $admin_functions = array();
21.     private $existing_roles = array('_total'=>0);
22.     private $existing_role_assignments = array('_total'=>0, 'username'=>array());
23.     private $all_post_form_inputs_used_in_this_class = array(
24.           'doCmd',
25.           'ra_new_username',
26.           'ra_new_role_name',
27.           'ra_new_role_desc',
28.         );
29.  
30.  
31.     function __construct(&$dbh, $username, $return_url, $return_link_display_text='Return to Previous Page', $display_title='Role Admin Page', $admin_functions=array('types','assignments'), $debug=0, $dbprefix=''){
32.         $this->set_debug($debug);
33.         $this->set_dbh($dbh);
34.         $this->set_dbprefix($dbprefix);
35.         $this->set_username($username);
36.         $this->set_return_url($return_url);
37.         $this->set_image_url();
38.         $this->set_return_link_display_text($return_link_display_text);
39.         $this->set_display_title($display_title);
40.         $this->set_admin_functions($admin_functions);
41.     }
42.  
43.     function process_any_commands(){
44.         $this->prevent_undefined_index_notices($this->all_post_form_inputs_used_in_this_class);
45.         if($_POST['doCmd'] == 'draw_role_restrictions_admin_page'){$this->draw_admin_page();}
46.  
47.         if($_POST['doCmd'] == 'role_restrictions_delete_user'){$this->delete_user();}
48.         if($_POST['doCmd'] == 'role_restrictions_update_role_assignments'){$this->update_role_assignments();}
49.         if($_POST['doCmd'] == 'role_restrictions_add_user'){$this->add_user();}
50.  
51.         if($_POST['doCmd'] == 'role_restrictions_delete_role'){$this->delete_role();}
52.         if($_POST['doCmd'] == 'role_restrictions_update_roles'){$this->update_roles();}
53.         if($_POST['doCmd'] == 'role_restrictions_add_role'){$this->add_role();}
54.     }
55.  
56.  
57.     function draw_admin_page($msg=''){
58.  
59.         // prevent annoying undefined index notices
60.         $this->prevent_undefined_index_notices($this->all_post_form_inputs_used_in_this_class);
61.         $this->sanitize_inputs();
62.  
63.         $this->get_existing_roles();
64.         $this->get_existing_role_assignments();
65.  
66.         ?>
67.         <html>
68.         <head>
69.         <title><?php echo $this->display_title; ?></title>
70.         <script>
71.         <?php
72.         if(in_array('types', $this->admin_functions)){
73.             ?>
74.             function deleteRole(role){
75.                 if(confirm("Confirmation Needed:\n\nAre you sure you want to remove the "+role+" role?\n")){
76.                     document.mainform.doCmd.value='role_restrictions_delete_role';
77.                     document.mainform.rr_role.value=role;
78.                     document.mainform.submit();
79.                 }
80.             }
81.             function saveRoleChanges(){
82.                 document.mainform.doCmd.value='role_restrictions_update_roles';
83.                 document.mainform.submit();
84.             }
85.             function addRole(){
86.                 document.mainform.doCmd.value='role_restrictions_add_role';
87.                 document.mainform.submit();
88.             }
89.             <?php
90.         }
91.         if(in_array('assignments', $this->admin_functions)){
92.             ?>
93.             function deleteUsername(user){
94.                 if(confirm("Confirmation Needed:\n\nAre you sure you want to remove "+user+"?\n")){
95.                     document.mainform.doCmd.value='role_restrictions_delete_user';
96.                     document.mainform.rr_username.value=user;
97.                     document.mainform.submit();
98.                 }
99.             }
100.             function saveChanges(){
101.                 document.mainform.doCmd.value='role_restrictions_update_role_assignments';
102.                 document.mainform.submit();
103.             }
104.             function addUser(){
105.                 document.mainform.doCmd.value='role_restrictions_add_user';
106.                 document.mainform.submit();
107.             }
108.             <?php
109.         }
110.         ?>
111.         </script>
112.         </head>
113.         <body>
114.         <form name="mainform" action="<?php echo $this->return_url; ?>" method="post">
115.         <input type="hidden" name="doCmd" value="" />
116.         <input type="hidden" name="rr_username" value="" />
117.         <input type="hidden" name="rr_role" value="" />
118.  
119.  
120.  
121.         <div align="center">
122.  
123.         <h2><?php echo $this->display_title; ?></h2>
124.         <a href="<?php echo $this->return_url; ?>"><?php echo $this->return_link_display_text; ?></a><br />&nbsp;<br />
125.  
126.         <?php
127.         if($msg != ''){
128.         ?>
129.         <table cellpadding="0" cellspacing="0" border="1">
130.         <tr><td>
131.         <table cellpadding="0" cellspacing="0" border="0">
132.         <tr><td><h2>Messages:</h2></td></tr>
133.         <tr><td><blockquote><?php echo $msg; ?></blockquote></td></tr>
134.         </table>
135.         </td></tr>
136.         </table>
137.         <br />&nbsp;<br />
138.         <?php
139.         }
140.         ?>
141.  
142.  
143.         <?php
144.  
145.         $roles = array_keys($this->existing_roles['role_name']);
146.         natcasesort($roles);
147.  
148.         if(in_array('types', $this->admin_functions)){
149.             ?>
150.  
151.  
152.             <table cellpadding="5" cellspacing="0" border="0" style="text-align:center;">
153.             <tr><th>Roles</th></tr>
154.             <tr><td>
155.             <table cellpadding="5" cellspacing="0" border="1" style="text-align:center;">
156.             <tr><th>Role Name</th><th>Role Description</th><th>Delete?</th></tr>
157.             <?php
158.  
159.             foreach ($roles as $role){
160.                 ?>
161.                 <tr>
162.                 <td><input type="text" name="role_name-=-<?php echo $this->existing_roles['role_name'][$role]['ID']; ?>" value="<?php echo $role; ?>" onchange="alert('Changing role names in an established program can cause your program to stop working!');" /></td>
163.                 <td><input type="text" name="role_desc-=-<?php echo $this->existing_roles['role_name'][$role]['ID']; ?>" value="<?php echo $this->existing_roles['role_name'][$role]['desc']; ?>" /></td>
164.                 <td><a href="javascript: deleteRole('<?php echo $role; ?>');"><img border="0" src="<?php echo $this->image_url; ?>/red-x.png"/></a></td>
165.                 </tr>
166.                 <?php
167.             }
168.  
169.             ?>
170.             </table>
171.             <tr><td><input type="button" name="b2" value="Save Role Type Changes" onclick="saveRoleChanges();" /></td></tr>
172.             </table>
173.  
174.             <br />&nbsp;<br />
175.  
176.  
177.             <table cellpadding="5" cellspacing="0" border="0" style="text-align:center;">
178.             <tr><th>Add New Role</th></tr>
179.             <tr><td>
180.             <table cellpadding="5" cellspacing="0" border="1" style="text-align:center;">
181.             <tr><th>Role Name</th><th>Role Description</th></tr>
182.  
183.             <tr>
184.             <td><input type="text" name="ra_new_role_name" value="<?php echo $_POST['ra_new_role_name']; ?>" /></td>
185.             <td><input type="text" name="ra_new_role_desc" value="<?php echo $_POST['ra_new_role_desc']; ?>" /></td>
186.             </tr>
187.  
188.             </table>
189.             <tr><td><input type="button" name="b2" value="Add New Role" onclick="addRole();" /></td></tr>
190.             </table>
191.  
192.             <br />&nbsp;<br />
193.  
194.             <?php
195.         }
196.  
197.  
198.  
199.         if(in_array('assignments', $this->admin_functions)){
200.  
201.             ?>
202.  
203.  
204.             <table cellpadding="5" cellspacing="0" border="0" style="text-align:center;">
205.             <tr><th>Assign Roles</th></tr>
206.             <tr><td>
207.             <table cellpadding="5" cellspacing="0" border="1" style="text-align:center;">
208.             <?php
209.             $new_role_cells = '';
210.             $table_header = "<tr><th>Username</th>";
211.  
212.             foreach ($roles as $role){
213.                 $table_header .= "<th>".$role."</th>";
214.                 $chk = '';
215.                 if(array_key_exists('ra_new-=-'.$role, $_POST)){
216.                     if($_POST['ra_new-=-'.$role]==1){
217.                         $chk = ' checked="checked"';
218.                     }
219.                 }
220.                 $new_role_cells .= '<td><input type="checkbox" name="ra_new-=-'.$role.'" value="1"'.$chk.' /></td>';
221.             }
222.             echo $table_header;
223.             echo "<th>Delete?</th></tr>\n";
224.  
225.             $usernames = array_keys($this->existing_role_assignments['username']);
226.             natcasesort($usernames);
227.             foreach ($usernames  as $username){
228.                 ?>
229.                 <tr><td><?php echo $username; ?></td>
230.                 <?php
231.                 foreach ($roles as $role){
232.                     $chk = array_key_exists($role, $this->existing_role_assignments['username'][$username]['role_name'])?' checked="checked"':'';
233.                     ?>
234.                     <td><input type="checkbox" name="ra-=-<?php echo $username.'-=-'.$role; ?>" value="1"<?php echo $chk; ?> /></td>
235.                     <?php
236.                 } // end foreach role
237.                 ?>
238.  
239.                 <td><a href="javascript: deleteUsername('<?php echo $username; ?>');"><img border="0" src="<?php echo $this->image_url; ?>/red-x.png"/></a></td>
240.                 </tr>
241.                 <?php
242.             } // end foreach username
243.             ?>
244.  
245.             </table>
246.             <tr><td><input type="button" name="b2" value="Save Changes" onclick="saveChanges();" /></td></tr>
247.             </table>
248.  
249.             <br />&nbsp;<br />
250.  
251.             <table cellpadding="5" cellspacing="0" border="0" style="text-align:center;">
252.             <tr><th>Add User</th></tr>
253.             <tr><td>
254.             <table cellpadding="5" cellspacing="0" border="1" style="text-align:center;">
255.             <?php echo $table_header; ?>
256.             <tr>
257.             <td><input type="text" name="ra_new_username" value="<?php echo $_POST['ra_new_username']; ?>" /></td>
258.             <?php echo $new_role_cells; ?>
259.             </tr>
260.             </table>
261.             <tr><td><input type="button" name="b3" value="Add User" onclick="addUser()" /></td></tr>
262.             </table>
263.  
264.  
265.             <?php
266.         }
267.  
268.         ?>
269.  
270.  
271.  
272.         </div>
273.         </form>
274.         </body>
275.         </html>
276.         <?php
277.         exit;
278.     }
279.  
280.  
281.  
282.  
283.  
284.     private function delete_role() {
285.         $msg = '';
286.         // sanitize inputs
287.         if($_POST['rr_role'] == ''){
288.             $msg .= "<font color=red>&bull; No role name given to delete</font><br />\n";
289.         }else{
290.             preg_match('/([\w\.-]+)/', $_POST['rr_role'], $matches);
291.             if($matches[1] != $_POST['rr_role']){
292.                 $msg .= "<font color=red>&bull; The role name given was invalid.  Valid characters are: a-z A-Z 0-9 _ . -</font><br />\n";
293.             }
294.             $_POST['rr_role'] = $matches[1];
295.         }
296.         if($msg != ''){
297.             $this->draw_admin_page($msg);
298.         }
299.         $this->get_existing_roles();
300.         // remove all role assignments for this role
301.         $statement = "delete from ".$this->dbprefix."role_assignments where role_type_ID=".$this->existing_roles['role_name'][$_POST['rr_role']]['ID'];
302.         $sth = $this->dbh->query($statement);
303.         if($this->dbh->error){
304.             $this->draw_admin_page("<font color=red>&bull;Function: delete_role() attempting delete role_assignments (".$statement.") , error: ".$this->dbh->error."</font><br />\n");
305.         }
306.         // remove the role_type record
307.         $statement = "delete from ".$this->dbprefix."role_types where role_type_name='".$_POST['rr_role']."'";
308.         $sth = $this->dbh->query($statement);
309.         if($this->dbh->error){
310.             $this->draw_admin_page("<font color=red>&bull;Function: delete_role() attempting delete role (".$statement.") , error: ".$this->dbh->error."</font><br />\n");
311.         }
312.         $this->get_existing_roles(true);
313.         $this->draw_admin_page("&bull;Successfully deleted ".$_POST['rr_role']." role<br />\n");
314.     }
315.  
316.  
317.     private function update_roles() {
318.         $msg = '';
319.         $this->get_existing_roles();
320.         $this->get_existing_role_assignments();
321.         foreach ($this->existing_roles['ID'] as $roleID => $role_details){
322.             if( $_POST['role_name-=-'.$roleID] != $this->existing_roles['ID'][$roleID]['role_name'] or $_POST['role_desc-=-'.$roleID] != $this->existing_roles['ID'][$roleID]['desc'] ){
323.                 if($_POST['role_name-=-'.$roleID] == ''){
324.                     $msg .= "&bull; The Role Name can't be blank<br />\n";
325.                     continue;
326.                 }
327.                 //echo "changing name from (".$this->existing_roles['ID'][$roleID]['role_name'].") to (".$_POST['role_name-=-'.$roleID].") <br />\nchanging desc from (".$this->existing_roles['ID'][$roleID]['desc'].") to (".$_POST['role_desc-=-'.$roleID].") <br />\n";
328.                 $statement = "update ".$this->dbprefix."role_types set role_type_name='".$_POST['role_name-=-'.$roleID]."', role_type_desc='".$_POST['role_desc-=-'.$roleID]."' where role_type_ID=".$roleID;
329.                 $sth = $this->dbh->query($statement);
330.                 if($this->dbh->error){
331.                     $this->draw_admin_page("<font color=red>&bull;Function: update_roles() attempting update (".$statement.") , error: ".$this->dbh->error."</font><br />\n");
332.                 }
333.                 $msg .= "&bull; Successfully updated the ".$_POST['role_name-=-'.$roleID]." roll<br />\n";
334.             }
335.         } // end foreach roleID
336.  
337.         $this->get_existing_roles(true);
338.         $this->draw_admin_page($msg);
339.     }
340.  
341.  
342.     private function add_role() {
343.         $msg = '';
344.         $this->get_existing_roles();
345.         // sanitize the input
346.         if($_POST['ra_new_role_name'] == ''){
347.             $msg .= "&bull; The new role name field was blank <br />\n";
348.         }else{
349.             preg_match('/([\w\.-]+)/', $_POST['ra_new_role_name'], $matches);
350.             if($_POST['ra_new_role_name'] != $matches[1]){
351.                 $msg .= "&bull; The new role name conntained invalid characters. Valid characters are: a-z A-Z 0-9 _ . - <br />\n";
352.             }
353.             $_POST['ra_new_role_name'] = $matches[1];
354.         }
355.         preg_match('/([\w\s\.!@#\$\%^&\*\+\?\/:-]+)/', $_POST['ra_new_role_desc'], $matches);
356.         if($_POST['ra_new_role_desc'] != $matches[1]){
357.             $msg .= "&bull; The new role description conntained invalid characters. Valid characters are: a-z A-Z 0-9 . - {space} ! @ # \$ % ^ & * + ? / :  <br />\n";
358.         }
359.         $_POST['ra_new_role_desc'] = $matches[1];
360.         // does this role already exist?
361.         if(array_key_exists($_POST['ra_new_role_name'], $this->existing_roles['role_name'])){
362.             $msg .= "&bull; The role name specified (".$_POST['ra_new_role_name'].") already exists <br />\n";
363.         }
364.         if($msg != ''){
365.             $this->draw_admin_page($msg);
366.         }
367.         $insert_statement = "INSERT INTO ".$this->dbprefix."role_types (role_type_name, role_type_desc) VALUES (?,?)";
368.         $dm = '';
369.         $this->dbh->insert($insert_statement, array($_POST['ra_new_role_name'], $_POST['ra_new_role_desc']), $this->debug, $dm);
370.         if($this->debug){echo "$dm <br />\n";}
371.         $msg .= "&bull; Added New Role: ".$_POST['ra_new_role_name']."<br />\n";
372.         $_POST['ra_new_role_name'] = '';
373.         $_POST['ra_new_role_desc'] = '';
374.         $this->get_existing_roles(true);
375.         $this->draw_admin_page($msg);
376.     }
377.  
378.  
379.  
380.  
381.     private function add_user(){
382.         $msg = '';
383.         $this->get_existing_roles();
384.         $this->get_existing_role_assignments();
385.         // sanitize the input
386.         if($_POST['ra_new_username'] == ''){
387.             $msg .= "&bull; The new username field was blank <br />\n";
388.         }else{
389.             preg_match('/([\w\.-]+)/', $_POST['ra_new_username'], $matches);
390.             if($_POST['ra_new_username'] != $matches[1]){
391.                 $msg .= "&bull; The new username conntained invalid characters. Valid characters are: a-z A-Z 0-9 _ . - <br />\n";
392.             }
393.             $_POST['ra_new_username'] = strtolower($matches[1]);
394.         }
395.         // does this user already exist?
396.         if(array_key_exists($_POST['ra_new_username'], $this->existing_role_assignments['username'])){
397.             $msg .= "&bull; The username specified (".$_POST['ra_new_username'].") already exists <br />\n";
398.         }
399.         if($msg != ''){
400.             $this->draw_admin_page($msg);
401.         }
402.         $insert_statement = "INSERT INTO ".$this->dbprefix."role_assignments (role_type_ID, role_assignment_username) VALUES (?,?)";
403.         $roles_assigned = 0;
404.         foreach ($this->existing_roles['role_name'] as $role => $role_details){
405.             if(array_key_exists('ra_new-=-'.$role, $_POST)){
406.                 $dm = '';
407.                 $this->dbh->insert($insert_statement, array($this->existing_roles['role_name'][$role]['ID'], $_POST['ra_new_username']), $this->debug, $dm);
408.                 if($this->debug){echo "$dm <br />\n";}
409.                 $msg .= "&bull; Added ".$_POST['ra_new_username']." to $role<br />\n";
410.                 $roles_assigned++;
411.                 $_POST['ra_new-=-'.$role]='';
412.             }
413.         }
414.         if($roles_assigned==0){
415.             $this->draw_admin_page("&bull; Unable to add user (".$_POST['ra_new_username']."), no roles where selected.");
416.         }
417.         $_POST['ra_new_username'] = '';
418.         $this->get_existing_role_assignments(true);
419.         $this->draw_admin_page($msg);
420.     }
421.  
422.     function assign_user_to_role($username, $rolename, &$errStr=''){
423.         $errStr='';
424.         $this->get_existing_roles();
425.         $this->get_existing_role_assignments();
426.         if(array_key_exists($username, $this->existing_role_assignments['username'])){
427.             $errStr = "Username already exists";
428.             return false;
429.         }
430.         if(! array_key_exists($rolename, $this->existing_roles['role_name'])){
431.             $errStr = "Role does not exist";
432.             return false;
433.         }
434.         $dm = '';
435.         $insert_statement = "INSERT INTO ".$this->dbprefix."role_assignments (role_type_ID, role_assignment_username) VALUES (?,?)";
436.         $this->dbh->insert($insert_statement, array($this->existing_roles['role_name'][$rolename]['ID'], $username), $this->debug, $dm);
437.         if($this->debug){echo "$dm <br />\n";}
438.         $this->get_existing_role_assignments(true);
439.         return true;
440.     }
441.  
442.  
443.     function update_user_roles($username, $roles, &$errStr=''){
444.         $errStr='';
445.  
446.         $this->get_existing_roles();
447.         $this->get_existing_role_assignments();
448.  
449.         $delete_statement = "DELETE FROM ".$this->dbprefix."role_assignments WHERE role_assignment_username=?";
450.         $this->dbh->delete($delete_statement, array($username), $this->debug, $dm);
451.         if($this->debug){echo "$dm <br />\n";}
452.  
453.         $insert_statement = "INSERT INTO ".$this->dbprefix."role_assignments (role_type_ID, role_assignment_username) VALUES (?,?)";
454.         foreach($roles as $role){
455.             $this->dbh->insert($insert_statement, array($this->existing_roles['role_name'][$role]['ID'], $username), $this->debug, $dm);
456.             if($this->debug){echo "$dm <br />\n";}
457.         }
458.  
459.         $this->get_existing_role_assignments(true);
460.         return true;
461.     }
462.  
463.  
464.     private function update_role_assignments(){
465.         $msg = '';
466.  
467.         $this->get_existing_roles();
468.         $this->get_existing_role_assignments();
469.  
470.         $insert_statement = "INSERT INTO ".$this->dbprefix."role_assignments (role_type_ID, role_assignment_username) VALUES (?,?)";
471.         $delete_statement = "DELETE FROM ".$this->dbprefix."role_assignments WHERE role_assignment_username=? and role_type_ID=?";
472.  
473.         foreach ($this->existing_role_assignments['username'] as $username => $assigned_role_details){
474.             foreach($this->existing_roles['role_name'] as $role => $role_details){
475.                 if(array_key_exists('ra-=-'.$username.'-=-'.$role, $_POST)){
476.                     // add user to this role assignment, if needed
477.                     if(! array_key_exists($role, $this->existing_role_assignments['username'][$username]['role_name']) ){
478.                         // need to add
479.                         $dm = '';
480.                         $this->dbh->insert($insert_statement, array($this->existing_roles['role_name'][$role]['ID'], $username), $this->debug, $dm);
481.                         if($this->debug){echo "$dm <br />\n";}
482.                         $msg .= "&bull; Added $username to $role<br />\n";
483.                     }
484.                 }else{
485.                    // remove this user from this role assignment, if needed
486.                    if(array_key_exists($role, $this->existing_role_assignments['username'][$username]['role_name'])){
487.                         // need to remove
488.                         $dm = '';
489.                         $this->dbh->delete($delete_statement, array($username, $this->existing_roles['role_name'][$role]['ID']), $this->debug, $dm);
490.                         if($this->debug){echo "$dm <br />\n";}
491.                         $msg .= "&bull; Removed $username from $role<br />\n";
492.                    }
493.                 }
494.             } // end foreach role
495.         } // end foreach user
496.  
497.         $this->get_existing_role_assignments(true);
498.         $this->draw_admin_page($msg);
499.     }
500.  
501.  
502.     function delete_username($username, &$errStr=''){
503.         // remove the record
504.         $statement = "delete from ".$this->dbprefix."role_assignments where role_assignment_username='".$username."'";
505.         $sth = $this->dbh->query($statement);
506.         if($this->dbh->error){
507.             $errStr = $this->dbh->error;
508.             return false;
509.         }
510.         $this->get_existing_role_assignments(true);
511.         return true;
512.     }
513.  
514.  
515.     private function delete_user(){
516.         $msg = '';
517.         // sanitize inputs
518.         if($_POST['rr_username'] == ''){
519.             $msg .= "<font color=red>&bull; No username Given to Delete</font><br />\n";
520.         }else{
521.             preg_match('/([\w\.-]+)/', $_POST['rr_username'], $matches);
522.             if($matches[1] != $_POST['rr_username']){
523.                 $msg .= "<font color=red>&bull; The username given was invalid.  Valid characters are: a-z A-Z 0-9 _ . -</font><br />\n";
524.             }
525.             $_POST['rr_username'] = $matches[1];
526.         }
527.         if($msg != ''){
528.             $this->draw_admin_page($msg);
529.         }
530.         // remove the record
531.         $statement = "delete from ".$this->dbprefix."role_assignments where role_assignment_username='".$_POST['rr_username']."'";
532.         $sth = $this->dbh->query($statement);
533.         if($this->dbh->error){
534.             $this->draw_admin_page("<font color=red>&bull;Function: delete_user() attempting delete user roles (".$statement.") , error: ".$this->dbh->error."</font><br />\n");
535.         }
536.         $this->get_existing_role_assignments(true);
537.         $this->draw_admin_page("&bull;Successfully deleted ".$_POST['rr_username']." roles<br />\n");
538.     }
539.  
540.  
541.     private function sanitize_inputs(){
542.         if(! $_POST['ra_new_username'] == ''){
543.             preg_match('/([\w\.-]+)/', $_POST['ra_new_username'], $matches);
544.             $_POST['ra_new_username'] = $matches[1];
545.         }
546.         if(! $_POST['ra_new_role_name'] == ''){
547.             preg_match('/([\w\.-]+)/', $_POST['ra_new_role_name'], $matches);
548.             $_POST['ra_new_role_name'] = $matches[1];
549.         }
550.         if(! $_POST['ra_new_role_desc'] == ''){
551.             preg_match('/([\w\s\.!@#\$\%^&\*\+\?\/:-]+)/', $_POST['ra_new_role_desc'], $matches);
552.             $_POST['ra_new_role_desc'] = $matches[1];
553.         }
554.         return true;
555.     }
556.  
557.  
558.     function has_role($roles, $username=''){
559.         if($this->debug){
560.             echo "routine: has_role('$roles', '$username')<br />\n";
561.         }
562.         return $this->restrict_to($roles, $username, true);
563.     }
564.  
565.     function get_user_roles($username){
566.         if($this->debug){
567.             echo "routine: get_user_roles('$username')<br />\n";
568.         }
569.         $this->errStr='';
570.         $this->get_existing_roles();
571.         $this->get_existing_role_assignments();
572.         if($this->determine_username($username) == false){die("class_role_restrictions: restrict_to: Unable to determine Username");}
573.         if( array_key_exists($this->username, $this->existing_role_assignments['username']) ){
574.             return $this->existing_role_assignments['username'][$this->username]['role_name'];
575.         }else{
576.             return array();
577.         }
578.     }
579.  
580.     function restrict_to($roles, $username='', $return_result=false){
581.         if($this->debug){
582.             echo "routine: restrict_to('$roles', '$username', ".($return_result?'1':'0').")<br />\n";
583.         }
584.         $this->errStr='';
585.         $roles_a = preg_split('/[^\w\.-]+/',$roles);
586.  
587.         $this->get_existing_roles();
588.         $this->get_existing_role_assignments();
589.         if($this->determine_username($username) == false){die("class_role_restrictions: restrict_to: Unable to determine Username");}
590.  
591.         if( array_key_exists($this->username, $this->existing_role_assignments['username']) ){
592.             foreach($roles_a as $role_name){
593.                 if($this->debug){
594.                     echo "looking for |$role_name| for user ".$this->username." in this array:<br /> <pre>";
595.                     var_dump($this->existing_role_assignments['username'][$this->username]['role_name']);
596.                     echo "</pre><br />Was it in there? \n";
597.                 }
598.                 if(array_key_exists($role_name, $this->existing_role_assignments['username'][$this->username]['role_name'])){
599.                     if($this->debug){echo "YES<br />\n";}
600.                     return true;
601.                 }
602.                 if($this->debug){echo "NO<br />\n";}
603.             }
604.         }
605.         if($return_result){return false;}
606.         $this->draw_not_authorized_to_use($this->username, $roles);
607.     }
608.  
609.     private function determine_username($username){
610.         if($username==''){
611.             if($this->username==''){
612.                 $this->errStr='determine_username: ERROR: Missing username';
613.                 if($this->debug){echo $this->errStr."<br />\n";}
614.                 return false;
615.             }
616.         }else{
617.             $this->set_username($username);
618.         }
619.         if($this->debug){echo "determine_username: using username: ".$this->username."<br />\n";}
620.         return true;
621.     }
622.  
623.  
624.  
625.     function get_roles($force_refresh=false){
626.         $this->get_existing_roles($force_refresh);
627.         return $this->existing_roles;
628.     }
629.  
630.  
631.     /**
632.     *  private function: get_existing_roles()
633.     *
634.     *  populates the private $existing_roles array:
635.     *
636.     *  $this->existing_roles = array (
637.     *      '_total' => 1,
638.     *
639.     *      'ID' => array (
640.     *           '120' => array (
641.     *                 'ID'   => 120,
642.     *                 'name' => "Admin",
643.     *                 'desc' => "For administrators blah blah ..."
644.     *           )
645.     *      ),
646.     *
647.     *      'name' => array (
648.     *           'Admin' => array (
649.     *                 'ID'   => 120,
650.     *                 'name' => "Admin",
651.     *                 'desc' => "For administrators blah blah ..."
652.     *           )
653.     *      )
654.     *  )
655.     *
656.     * @param bool $force_refresh
657.     *          false = uses previously retrieved db values,
658.     *          true =  will query the db for the values regardless of the existence of any previously stored values
659.     */
660.  
661.     private function get_existing_roles($force_refresh=false){
662.         if($this->debug){
663.             echo "routine: get_existing_roles(".($force_refresh?'1':'0').")<br />\n";
664.         }
665.         $this->errStr = '';
666.         if($force_refresh or $this->existing_roles['_total']==0){
667.             if($this->debug){
668.                 echo "getting roles from DB <br />\n";
669.             }
670.             $this->existing_roles = array('_total'=>0); // clear the array
671.             $stmt = $this->dbh->select("SELECT role_type_ID, role_type_name, role_type_desc FROM ".$this->dbprefix."role_types", $row, array(), $this->debug>1?'1':0, $dm);
672.             if($this->debug){ echo $dm; }
673.             while($stmt->fetch()){
674.                 if($row['role_type_name'] == ''){continue;}
675.                 $this->existing_roles['ID'][$row['role_type_ID']]=array('ID'=>$row['role_type_ID'], 'role_name'=>$row['role_type_name'], 'desc'=>$row['role_type_desc']);
676.                 $this->existing_roles['role_name'][$row['role_type_name']]=array('ID'=>$row['role_type_ID'], 'role_name'=>$row['role_type_name'], 'desc'=>$row['role_type_desc']);
677.                 $this->existing_roles['_total']++;
678.             }
679.         }elseif($this->debug){
680.             echo "Using cached roles <br />\n";
681.         }
682.         if($this->debug){
683.             echo "Available Roles: <br />\n";
684.             var_dump($this->existing_roles);
685.             echo "<br />";
686.         }
687.         return true;
688.     }
689.  
690.  
691.  
692.     function get_role_assignments($force_refresh=false){
693.         $this->get_existing_role_assignments($force_refresh);
694.         return $this->existing_role_assignments;
695.     }
696.  
697.     /**
698.     *  private function: get_existing_role_assignments()
699.     *
700.     *  populates the private $existing_role_assignments array:
701.     *
702.     *  $this->existing_role_assignments = array (
703.     *      '_total' => 2,
704.     *
705.     *      'ID' => array (
706.     *           '120' => array (      // 'ID' of role
707.     *                 "jsmoe",        // usernames assigned to this role
708.     *                 "blah"
709.     *           )
710.     *      ),
711.     *
712.     *      'name' => array (
713.     *             'Admin' => array (  // 'name' of role
714.     *                 "jsmoe",        // usernames assigned to this role
715.     *                 "blah"
716.     *           )
717.     *      ),
718.     *
719.     *      'username' => array (
720.     *           'jsmoe' => array (          // username who has role(s) assigned
721.     *                  'ID' => array (
722.     *                        120,           // 'ID' of role assigned to username
723.     *                        434
724.     *                   ),
725.     *                  'name' => array (
726.     *                        "Admin",       // 'name' of role assigned to username
727.     *                        "Auditor"
728.     *                  )
729.     *           )
730.     *      )
731.     *  )
732.     *
733.     * @param bool $force_refresh
734.     *          false = uses previously retrieved db values,
735.     *          true =  will query the db for the values regardless of the existence of any previously stored values
736.     */
737.  
738.     private function get_existing_role_assignments($force_refresh=false){
739.         if($this->debug){
740.             echo "routine: get_existing_role_assignments(".($force_refresh?'1':'0').")<br />\n";
741.         }
742.         $this->errStr = '';
743.         if($force_refresh or $this->existing_role_assignments['_total']==0){
744.             $this->get_existing_roles(); // make sure this has been populated
745.             if($this->debug){
746.                 echo "getting assignments from DB <br />\n";
747.             }
748.             $this->existing_role_assignments = array('_total'=>0, 'username'=>array()); // clear the array
749.             $stmt = $this->dbh->select("SELECT role_assignment_ID, role_type_ID, role_assignment_username FROM ".$this->dbprefix."role_assignments", $row, array(), $this->debug>1?'1':0, $dm);
750.             if($this->debug){ echo $dm; }
751.             while($stmt->fetch()){
752.                 //echo $row['role_assignment_username'].', '.$row['role_type_ID']. ', '.$this->existing_roles['ID'][$row['role_type_ID']]['name']."<br />\n";
753.                 if($row['role_assignment_username'] == ''){continue;}
754.  
755.                 $this->existing_role_assignments['ID'][$row['role_type_ID']]['username'][$row['role_assignment_username']]=$row['role_assignment_username'];
756.                 $this->existing_role_assignments['ID'][$row['role_type_ID']]['role_name']=$this->existing_roles['ID'][$row['role_type_ID']]['role_name'];
757.  
758.                 $this->existing_role_assignments['role_name'][$this->existing_roles['ID'][$row['role_type_ID']]['role_name']]['ID']=$row['role_type_ID'];
759.                 $this->existing_role_assignments['role_name'][$this->existing_roles['ID'][$row['role_type_ID']]['role_name']]['username'][$row['role_assignment_username']]=$row['role_assignment_username'];
760.  
761.                 $this->existing_role_assignments['username'][$row['role_assignment_username']]['ID'][$row['role_type_ID']]=$this->existing_roles['ID'][$row['role_type_ID']]['role_name'];
762.                 $this->existing_role_assignments['username'][$row['role_assignment_username']]['role_name'][$this->existing_roles['ID'][$row['role_type_ID']]['role_name']]=$row['role_type_ID'];
763.  
764.                 $this->existing_role_assignments['_total']++;
765.             }
766.  
767.  
768.  
769.             /*
770.             $sth = $this->dbh->query("SELECT role_assignment_ID, role_type_ID, role_assignment_username FROM ".$this->dbprefix."role_assignments");
771.             if($this->dbh->error){
772.                 $this->errStr = $this->dbh->error;
773.                 return false;
774.             }
775.             while ($row = $sth->fetch_object()) {
776.                 //echo $row->role_assignment_username.', '.$row->role_type_ID. ', '.$this->existing_roles['ID'][$row->role_type_ID]['name']."<br />\n";
777.                 if($row->role_assignment_username == ''){continue;}
778.  
779.                 $this->existing_role_assignments['ID'][$row->role_type_ID]['username'][$row->role_assignment_username]=$row->role_assignment_username;
780.                 $this->existing_role_assignments['ID'][$row->role_type_ID]['role_name']=$this->existing_roles['ID'][$row->role_type_ID]['role_name'];
781.  
782.                 $this->existing_role_assignments['role_name'][$this->existing_roles['ID'][$row->role_type_ID]['role_name']]['ID']=$row->role_type_ID;
783.                 $this->existing_role_assignments['role_name'][$this->existing_roles['ID'][$row->role_type_ID]['role_name']]['username'][$row->role_assignment_username]=$row->role_assignment_username;
784.  
785.                 $this->existing_role_assignments['username'][$row->role_assignment_username]['ID'][$row->role_type_ID]=$this->existing_roles['ID'][$row->role_type_ID]['role_name'];
786.                 $this->existing_role_assignments['username'][$row->role_assignment_username]['role_name'][$this->existing_roles['ID'][$row->role_type_ID]['role_name']]=$row->role_type_ID;
787.  
788.                 $this->existing_role_assignments['_total']++;
789.             }
790.             $sth->free_result();
791.             */
792.  
793.  
794.         }elseif($this->debug){
795.             echo "Using cached assignments<br />\n";
796.         }
797.         if($this->debug){
798.             echo "Role Assignments: <br />\n";
799.             var_dump($this->existing_role_assignments);
800.             echo "<br />";
801.         }
802.         return true;
803.     }
804.  
805.  
806.  
807.     private function draw_not_authorized_to_use($username, $required_role, $feature='') {
808.       ?>
809.         <p>Sorry, you need the "<?php echo $required_role?>" role(s) to access this <?php echo $feature==''?'page':'feature ('.$feature.')'; ?>.</p>
810.         <p><a href="javascript: history.go(-1)">Return to the previous page?</a></p>
811.       <?php
812.       exit;
813.     }
814.  
815.     private function parse_return_url(){
816.         if(preg_match('/(.+)\/([\w\.-]+\.php)/',$this->return_url,$matches)){
817.             $this->set_program_name($matches[2]);
818.             $this->set_program_base_url($matches[1]);
819.         }elseif($this->debug){
820.             echo "role_restrictions_object->private function parse_return_url_for_program_name(): Unable to determine program name from program url (".$this->return_url.")<br />\n";
821.         }
822.         return true;
823.     }
824.  
825.     private function prevent_undefined_index_notices($potential_keys){
826.         foreach ($potential_keys as $v){
827.             $_POST[$v] = isset($_POST[$v])?$_POST[$v]:'';
828.         }
829.         return true;
830.     }
831.  
832.  
833.     function set_return_url($return_url){
834.         $this->return_url = $return_url;
835.         if($this->debug){echo 'role_restrictions_object->set_return_url('.$this->return_url.");<br />\n";}
836.         $this->parse_return_url();
837.         return true;
838.     }
839.     function set_image_url($image_url=''){
840.         if($image_url==''){
841.             $this->image_url = $this->program_base_url.'/images';
842.         }else{
843.             $this->image_url = $image_url;
844.         }
845.         return true;
846.     }
847.     function set_return_link_display_text($return_link_display_text){
848.         $this->return_link_display_text = $return_link_display_text;
849.         if($this->debug){echo 'role_restrictions_object->set_return_link_display_text('.$this->return_link_display_text.");<br />\n";}
850.         return true;
851.     }
852.     function set_program_name($program_name){
853.         $this->program_name = $program_name;
854.         if($this->debug){echo 'role_restrictions_object->set_program_name('.$this->program_name.");<br />\n";}
855.         return true;
856.     }
857.     function set_program_base_url($program_base_url){
858.         $this->program_base_url = $program_base_url;
859.         if($this->debug){echo 'role_restrictions_object->set_program_base_url('.$this->program_base_url.");<br />\n";}
860.         return true;
861.     }
862.     function set_dbh($dbh){
863.         $this->dbh = $dbh;
864.         if($this->debug){echo 'role_restrictions_object->set_dbh('.(is_object($this->dbh)?'db_object':'unknown').");<br />\n";}
865.         return true;
866.     }
867.     function set_dbprefix($dbprefix){
868.         $this->dbprefix = $dbprefix;
869.         if($this->debug){echo 'role_restrictions_object->set_dbprefix('.$this->dbprefix.");<br />\n";}
870.         return true;
871.     }
872.     function set_display_title($display_title){
873.         $this->display_title = $display_title;
874.         if($this->debug){echo 'role_restrictions_object->set_display_title('.$this->display_title.");<br />\n";}
875.         return true;
876.     }
877.     function set_debug($debug){
878.         $this->debug = $debug?$debug:0;
879.         if($this->debug){echo 'role_restrictions_object->set_debug('.$this->debug.");<br />\n";}
880.         return true;
881.     }
882.     function set_username($username){
883.         $this->username = $username;
884.         if($this->debug){echo 'role_restrictions_object->set_username('.$this->username.");<br />\n";}
885.         return true;
886.     }
887.     function set_admin_functions($admin_functions){
888.         $this->admin_functions = $admin_functions;
889.         if($this->debug){echo 'role_restrictions_object->set_admin_functions('; echo var_dump($this->admin_functions); echo ");<br />\n";}
890.         return true;
891.     }
892.  
893. }
894.  
895.  
896.  
897. /*
898.  
899. CREATE TABLE role_types  (
900.     role_type_ID    int(11) AUTO_INCREMENT NOT NULL,
901.     role_type_name     varchar(255) NOT NULL,
902.     role_type_desc     varchar(255) NULL,
903.     PRIMARY KEY(role_type_ID)
904. )
905. GO
906.  
907. CREATE TABLE role_assignments  (
908.     role_assignment_ID    int(11) AUTO_INCREMENT NOT NULL,
909.     role_type_ID    int(11) NOT NULL,
910.     role_assignment_username     varchar(255) NOT NULL,
911.     PRIMARY KEY(role_assignment_ID)
912. )
913. GO
914.  
915. CREATE TABLE role_feature_types  (
916.     feature_type_ID    int(11) AUTO_INCREMENT NOT NULL,
917.     feature_type_name     varchar(255) NOT NULL,
918.     feature_type_desc     varchar(255) NULL,
919.     PRIMARY KEY(feature_type_ID)
920. )
921. GO
922.  
923. CREATE TABLE role_feature_assignments  (
924.     feature_assignment_ID    int(11) AUTO_INCREMENT NOT NULL,
925.     role_type_ID    int(11) NOT NULL,
926.     feature_type_ID    int(11) NOT NULL,
927.     PRIMARY KEY(feature_assignment_ID)
928. )
929. GO
930.  
931.  
932. */
933.  
934.  
935. ?>