UserSpice: us_helpers.php - banned user redirects to login

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program.  If not, see <http://www.gnu.org/licenses/>.
19. */
20.  // UserSpice Specific Functions
21. function testUS(){
22.     echo "<br>";
23.     echo "UserSpice Functions have been properly included";
24.     echo "<br>";
25. }
26.  
27.  
28. function get_gravatar($email, $s = 120, $d = 'mm', $r = 'pg', $img = false, $atts = array() ) {
29.     $url = 'https://www.gravatar.com/avatar/';
30.     $url .= md5( strtolower( trim( $email ) ) );
31.     $url .= "?s=$s&d=$d&r=$r";
32.     if ( $img ) {
33.         $url = '<img src="' . $url . '"';
34.         foreach ( $atts as $key => $val )
35.         $url .= ' ' . $key . '="' . $val . '"';
36.         $url .= ' />';
37.     }
38.     return $url;
39. }
40.  
41. //Check if a permission level ID exists in the DB
42. function permissionIdExists($id) {
43.     $db = DB::getInstance();
44.     $query = $db->query("SELECT id FROM permissions WHERE id = ? LIMIT 1",array($id));
45.     $num_returns = $query->count();
46.  
47.     if ($num_returns > 0) {
48.         return true;
49.     } else {
50.         return false;
51.     }
52. }
53.  
54. //Check if a user ID exists in the DB
55. function userIdExists($id) {
56.     $db = DB::getInstance();
57.     $query = $db->query("SELECT * FROM users WHERE id = ?",array($id));
58.     $num_returns = $query->count();
59.     if ($num_returns > 0){
60.         return true;
61.     }else{
62.         return false;
63.     }
64. }
65.  
66. //Retrieve information for a single permission level
67. function fetchPermissionDetails($id) {
68.     $db = DB::getInstance();
69.     $query = $db->query("SELECT id, name FROM permissions WHERE id = ? LIMIT 1",array($id));
70.     $results = $query->first();
71.     $row = array('id' => $results->id, 'name' => $results->name);
72.     return ($row);
73. }
74.  
75. //Change a permission level's name
76. function updatePermissionName($id, $name) {
77.     $db = DB::getInstance();
78.     $fields=array('name'=>$name);
79.     $db->update('permissions',$id,$fields);
80. }
81.  
82. //Checks if a username exists in the DB
83. function usernameExists($username)   {
84.     $db = DB::getInstance();
85.     $query = $db->query("SELECT * FROM users WHERE username = ?",array($username));
86.     $results = $query->results();
87.     return ($results);
88. }
89.  
90. //Retrieve information for all users
91. function fetchAllUsers() {
92.     $db = DB::getInstance();
93.     $query = $db->query("SELECT * FROM users");
94.     $results = $query->results();
95.     return ($results);
96. }
97.  
98. //Retrieve complete user information by username, token or ID
99. function fetchUserDetails($username=NULL,$token=NULL, $id=NULL){
100.     if($username!=NULL) {
101.         $column = "username";
102.         $data = $username;
103.     }elseif($id!=NULL) {
104.         $column = "id";
105.         $data = $id;
106.     }
107.     $db = DB::getInstance();
108.     $query = $db->query("SELECT * FROM users WHERE $column = $data LIMIT 1");
109.     $results = $query->first();
110.     return ($results);
111. }
112.  
113. //Retrieve list of permission levels a user has
114. function fetchUserPermissions($user_id) {
115.     $db = DB::getInstance();
116.     $query = $db->query("SELECT * FROM user_permission_matches WHERE user_id = ?",array($user_id));
117.     $results = $query->results();
118.     return ($results);
119. }
120.  
121.  
122. //Retrieve list of users who have a permission level
123. function fetchPermissionUsers($permission_id) {
124.     $db = DB::getInstance();
125.     $query = $db->query("SELECT id, user_id FROM user_permission_matches WHERE permission_id = ?",array($permission_id));
126.     $results = $query->results();
127.     return ($results);
128.     $row[$user] = array('id' => $id, 'user_id' => $user);
129.     if (isset($row)){
130.         return ($row);
131.     }
132. }
133.  
134. //Unmatch permission level(s) from user(s)
135. function removePermission($permissions, $members) {
136.     $db = DB::getInstance();
137.     if(is_array($members)){
138.         $memberString = '';
139.         foreach($members as $member){
140.           $memberString .= $member.',';
141.         }
142.         $memberString = rtrim($memberString,',');
143.  
144.         $q = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ? AND user_id IN ({$memberString})",[$permissions]);
145.     }elseif(is_array($permissions)){
146.         $permissionString = '';
147.         foreach($permissions as $permission){
148.             $permissionString .= $permission.',';
149.         }
150.         $permissionString = rtrim($permissionString,',');
151.         $q = $db->query("DELETE FROM user_permission_matches WHERE user_id = ? AND permission_id IN ({$permissionString})",[$members]);
152.     }
153.     return $q->count();
154. }
155.  
156. //Retrieve a list of all .php files in root files folder
157. function getPathPhpFiles($absRoot,$urlRoot,$fullPath) {
158.     $directory = $absRoot.$urlRoot.$fullPath;
159.     //bold ($directory);
160.     $pages = glob($directory . "*.php");
161.  
162.     foreach ($pages as $page){
163.         $fixed = str_replace($absRoot.$urlRoot,'',$page);
164.         $row[$fixed] = $fixed;
165.     }
166.     return $row;
167. }
168.  
169. //Retrieve a list of all .php files in root files folder
170. function getPageFiles() {
171.     $directory = "../";
172.     $pages = glob($directory . "*.php");
173.     foreach ($pages as $page){
174.         $fixed = str_replace('../','/'.$us_url_root,$page);
175.         $row[$fixed] = $fixed;
176.     }
177.     return $row;
178. }
179.  
180. //Retrive a list of all .php files in users/ folder
181. function getUSPageFiles() {
182.     $directory = "../users/";
183.     $pages = glob($directory . "*.php");
184.     foreach ($pages as $page){
185.         $fixed = str_replace('../users/','/'.$us_url_root.'users/',$page);
186.         $row[$fixed] = $fixed;
187.     }
188.     return $row;
189. }
190.  
191. //Delete a page from the DB
192. function deletePages($pages) {
193.     $db = DB::getInstance();
194.     if(!$query = $db->query("DELETE FROM pages WHERE id IN ({$pages})")){
195.         throw new Exception('There was a problem deleting pages.');
196.     }else{
197.         return true;
198.     }
199. }
200.  
201. //Fetch information on all pages
202. function fetchAllPages() {
203.     $db = DB::getInstance();
204.     $query = $db->query("SELECT id, page, private FROM pages ORDER BY id DESC");
205.     $pages = $query->results();
206.     //return $pages;
207.  
208.     if (isset($row)){
209.         return ($row);
210.     }else{
211.         return $pages;
212.     }
213. }
214.  
215. //Fetch information for a specific page
216. function fetchPageDetails($id) {
217.     $db = DB::getInstance();
218.     $query = $db->query("SELECT id, page, private FROM pages WHERE id = ?",array($id));
219.     $row = $query->first();
220.     return $row;
221. }
222.  
223.  
224. //Check if a page ID exists
225. function pageIdExists($id) {
226.     $db = DB::getInstance();
227.     $query = $db->query("SELECT private FROM pages WHERE id = ? LIMIT 1",array($id));
228.     $num_returns = $query->count();
229.     if ($num_returns > 0){
230.         return true;
231.     }else{
232.         return false;
233.     }
234. }
235.  
236. //Toggle private/public setting of a page
237. function updatePrivate($id, $private) {
238.     $db = DB::getInstance();
239.     $result = $db->query("UPDATE pages SET private = ? WHERE id = ?",array($private,$id));
240.     return $result;
241. }
242.  
243. //Add a page to the DB
244. function createPages($pages) {
245.     $db = DB::getInstance();
246.     foreach($pages as $page){
247.         $fields=array('page'=>$page, 'private'=>'0');
248.         $db->insert('pages',$fields);
249.     }
250. }
251.  
252. //Match permission level(s) with page(s)
253. function addPage($page, $permission) {
254.     $db = DB::getInstance();
255.     $i = 0;
256.     if (is_array($permission)){
257.         foreach($permission as $id){
258.             $query = $db->query("INSERT INTO permission_page_matches (
259.             permission_id, page_id ) VALUES ( $id , $page )");
260.             $i++;
261.         }
262.     } elseif (is_array($page)){
263.         foreach($page as $id){
264.             $query = $db->query("INSERT INTO permission_page_matches (
265.             permission_id, page_id ) VALUES ( $permission , $id )");
266.             $i++;
267.         }
268.     } else {
269.         $query = $db->query("INSERT INTO permission_page_matches (
270.         permission_id, page_id ) VALUES ( $permission , $page )");
271.         $i++;
272.     }
273.     return $i;
274. }
275.  
276.   //Retrieve list of permission levels that can access a page
277. function fetchPagePermissions($page_id) {
278.     $db = DB::getInstance();
279.     $query = $db->query("SELECT id, permission_id FROM permission_page_matches WHERE page_id = ? ",array($page_id));
280.     $results = $query->results();
281.     return($results);
282. }
283.  
284. //Retrieve list of pages that a permission level can access
285. function fetchPermissionPages($permission_id) {
286.     $db = DB::getInstance();
287.  
288.     $query = $db->query(
289.     "SELECT m.id as id, m.page_id as page_id, p.page as page, p.private as private
290.     FROM permission_page_matches AS m
291.     INNER JOIN pages AS p ON m.page_id = p.id
292.     WHERE m.permission_id = ?",[$permission_id]);
293.     $results = $query->results();
294.     return ($results);
295. }
296.  
297. //Unmatched permission and page
298. function removePage($pages, $permissions) {
299.     $db = DB::getInstance();
300.     if(is_array($permissions)){
301.         $ids = '';
302.         for($i = 0; $i < count($permissions);$i++){
303.             $ids .= $permissions[$i].',';
304.         }
305.         $ids = rtrim($ids,',');
306.         if($query = $db->query("DELETE FROM permission_page_matches WHERE permission_id IN ({$ids}) AND page_id = ?",array($pages))){
307.             return $query->count();
308.         }
309.     }elseif(is_array($pages)){
310.         $ids = '';
311.         for($i = 0; $i < count($pages);$i++){
312.             $ids .= $pages[$i].',';
313.         }
314.         $ids = rtrim($ids,',');
315.         if($query = $db->query("DELETE FROM permission_page_matches WHERE page_id IN ({$ids}) AND permission_id = ?",array($permissions))){
316.             return $query->count();
317.         }
318.     }
319. }
320.  
321. //Delete a defined array of users
322. function deleteUsers($users) {
323.     $db = DB::getInstance();
324.     $i = 0;
325.     foreach($users as $id){
326.         $query1 = $db->query("DELETE FROM users WHERE id = ?",array($id));
327.         $query2 = $db->query("DELETE FROM user_permission_matches WHERE user_id = ?",array($id));
328.         $query3 = $db->query("DELETE FROM profiles WHERE user_id = ?",array($id));
329.         $i++;
330.     }
331.     return $i;
332. }
333.  
334.  
335. //Check if a user has access to a page
336. function securePage($uri){
337.     //Separate document name from uri
338.     //$tokens = explode('/', $uri);
339.     //$page = end($tokens);
340.  
341.     $abs_us_root=$_SERVER['DOCUMENT_ROOT'];
342.  
343.     $self_path=explode("/", $_SERVER['PHP_SELF']);
344.     $self_path_length=count($self_path);
345.     $file_found=FALSE;
346.  
347.     for($i = 1; $i < $self_path_length; $i++){
348.         array_splice($self_path, $self_path_length-$i, $i);
349.         $us_url_root=implode("/",$self_path)."/";
350.  
351.         if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
352.             $file_found=TRUE;
353.             break;
354.         }else{
355.             $file_found=FALSE;
356.         }
357.     }
358.  
359.     $urlRootLength=strlen($us_url_root);
360.     $page=substr($uri,$urlRootLength,strlen($uri)-$urlRootLength);
361.  
362.     //bold($page);
363.  
364.     $db = DB::getInstance();
365.     $id = null;
366.     $private = null;
367.     // dnd($page);
368.     global $user;
369.     // dnd($user);
370.     if(isset($user) && $user->data() != null){
371.         if($user->data()->permissions==0){
372.             Redirect::to($us_url_root.'users/login.php', '?err=Sorry. You have been banned. If you feel this is an error, please contact the administrator.');
373.             die();
374.         }
375.     }
376.     //retrieve page details
377.     $query = $db->query("SELECT id, page, private FROM pages WHERE page = ?",[$page]);
378.     $count = $query->count();
379.     if ($count==0){
380.         bold('<br><br>You must go into the Admin Panel and click the Manage Pages button to add this page to the database. Doing so will make this error go away.');
381.         die();
382.     }
383.     $results = $query->first();
384.  
385.     $pageDetails = array( 'id' =>$results->id, 'page' => $results->page, 'private' =>$results->private);
386.  
387.     $pageID = $results->id;
388.  
389.     //If page does not exist in DB, allow access
390.     if (empty($pageDetails)){
391.         return true;
392.     }elseif ($pageDetails['private'] == 0){//If page is public, allow access
393.         return true;
394.     }elseif(!$user->isLoggedIn()){ //If user is not logged in, deny access
395.         Redirect::to($us_url_root.'users/login.php');
396.         return false;
397.     }else {
398.         //Retrieve list of permission levels with access to page
399.  
400.         $query = $db->query("SELECT permission_id FROM permission_page_matches WHERE page_id = ?",[$pageID]);
401.  
402.         $permission = $query->results();
403.         $pagePermissions[] = $permission;
404.  
405.         //Check if user's permission levels allow access to page
406.         if (checkPermission($pagePermissions)){
407.             return true;
408.         }elseif ($user->data()->id == $master_account){ //Grant access if master user
409.             return true;
410.         }else {
411.             Redirect::to("index.php");
412.             return false;
413.         }
414.     }
415. }
416.  
417. //Does user have permission
418. //This is the old school UserSpice Permission System
419. function checkPermission($permission) {
420.     $db = DB::getInstance();
421.     global $user;
422.     //Grant access if master user
423.     $access = 0;
424.  
425.     foreach($permission[0] as $perm){
426.         if ($access == 0){
427.             $query = $db->query("SELECT id FROM user_permission_matches  WHERE user_id = ? AND permission_id = ?",array($user->data()->id,$perm->permission_id));
428.             $results = $query->count();
429.             if ($results > 0){
430.                 $access = 1;
431.             }
432.         }
433.     }
434.     if ($access == 1){
435.         return true;
436.     }
437.     if ($user->data()->id == 1){
438.         return true;
439.     }else{
440.         return false;
441.     }
442. }
443.  
444. function checkMenu($permission, $id) {
445.     $db = DB::getInstance();
446.     global $user;
447.     //Grant access if master user
448.     $access = 0;
449.  
450.     if ($access == 0){
451.         $query = $db->query("SELECT id FROM user_permission_matches  WHERE user_id = ? AND permission_id = ?",array($id,$permission));
452.         $results = $query->count();
453.         if ($results > 0){
454.             $access = 1;
455.         }
456.     }
457.     if ($access == 1){
458.         return true;
459.     }
460.     if ($user->data()->id == 1){
461.         return true;
462.     }else{
463.         return false;
464.     }
465. }
466.  
467. //Retrieve information for all permission levels
468. function fetchAllPermissions() {
469.     $db = DB::getInstance();
470.     $query = $db->query("SELECT id, name FROM permissions");
471.     $results = $query->results();
472.     return ($results);
473. }
474.  
475. //Displays error and success messages
476. function resultBlock($errors,$successes){
477.     //Error block
478.     if(count($errors) > 0){
479.         echo "<div class='alert alert-danger alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
480.         <ul>";
481.         foreach($errors as $error){
482.             echo "<li>".$error."</li>";
483.         }
484.         echo "</ul>";
485.         echo "</div>";
486.     }
487.  
488.     //Success block
489.     if(count($successes) > 0){
490.         echo "<div class='alert alert-success alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
491.         <ul>";
492.         foreach($successes as $success){
493.             echo "<li>".$success."</li>";
494.         }
495.         echo "</ul>";
496.         echo "</div>";
497.     }
498. }
499.  
500. //Inputs language strings from selected language.
501. function lang($key,$markers = NULL){
502.     global $lang;
503.     if($markers == NULL){
504.         $str = $lang[$key];
505.     }else{
506.     //Replace any dyamic markers
507.     $str = $lang[$key];
508.     $iteration = 1;
509.         foreach($markers as $marker){
510.             $str = str_replace("%m".$iteration."%",$marker,$str);
511.             $iteration++;
512.         }
513.     }
514.     //Ensure we have something to return
515.     if($str == ""){
516.         return ("No language key found");
517.     }else{
518.         return $str;
519.     }
520. }
521.  
522.  
523. //Check if a permission level name exists in the DB
524. function permissionNameExists($permission) {
525.     $db = DB::getInstance();
526.     $query = $db->query("SELECT id FROM permissions WHERE
527.     name = ?",array($permission));
528.     $results = $query->results();
529. }
530.  
531. //Match permission level(s) with user(s)
532. function addPermission($permission_ids, $members) {
533.     $db = DB::getInstance();
534.     $i = 0;
535.     if(is_array($permission_ids)){
536.         foreach($permission_ids as $permission_id){
537.             if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$members,$permission_id])){
538.                 $i++;
539.             }
540.         }
541.     }elseif(is_array($members)){
542.         foreach($members as $member){
543.             if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$member,$permission_ids])){
544.                 $i++;
545.             }
546.         }
547.     }
548.     return $i;
549. }
550.  
551.  
552. //Delete a permission level from the DB
553. function deletePermission($permission) {
554.     global $errors;
555.     $i = 0;
556.     $db = DB::getInstance();
557.     foreach($permission as $id){
558.         if ($id == 1){
559.         $errors[] = lang("CANNOT_DELETE_NEWUSERS");
560.         }
561.         elseif ($id == 2){
562.             $errors[] = lang("CANNOT_DELETE_ADMIN");
563.         }else{
564.             $query1 = $db->query("DELETE FROM permissions WHERE id = ?",array($id));
565.             $query2 = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ?",array($id));
566.             $query3 = $db->query("DELETE FROM permission_page_matches WHERE permission_id = ?",array($id));
567.             $i++;
568.         }
569.     }
570.     return $i;
571.  
572.     //Redirect::to('admin_permissions.php');
573. }
574.  
575. //Checks if an email is valid
576. function isValidEmail($email){
577.     if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
578.         return true;
579.     }
580.     else {
581.         return false;
582.     }
583. }
584.  
585. //Check if an email exists in the DB
586. function emailExists($email) {
587.     $db = DB::getInstance();
588.     $query = $db->query("SELECT email FROM users WHERE email = ?",array($email));
589.     $num_returns = $query->count();
590.     if ($num_returns > 0){
591.         return true;
592.     }else{
593.         return false;
594.     }
595. }
596.  
597. //Update a user's email
598. function updateEmail($id, $email) {
599.     $db = DB::getInstance();
600.     $fields=array('email'=>$email);
601.     $db->update('users',$id,$fields);
602.  
603.     return true;
604. }