UserSpice: us_helpers.php - redirect to referrer after login

1. <?php
2. /*
3. UserSpice 4
4. An Open Source PHP User Management System
5. by the UserSpice Team at http://UserSpice.com
6.  
7. This program is free software: you can redistribute it and/or modify
8. it under the terms of the GNU General Public License as published by
9. the Free Software Foundation, either version 3 of the License, or
10. (at your option) any later version.
11.  
12. This program is distributed in the hope that it will be useful,
13. but WITHOUT ANY WARRANTY; without even the implied warranty of
14. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
15. GNU General Public License for more details.
16.  
17. You should have received a copy of the GNU General Public License
18. along with this program.  If not, see <http://www.gnu.org/licenses/>.
19. */
20.  // UserSpice Specific Functions
21. function testUS(){
22.     echo "<br>";
23.     echo "UserSpice Functions have been properly included";
24.     echo "<br>";
25. }
26.  
27.  
28. function get_gravatar($email, $s = 120, $d = 'mm', $r = 'pg', $img = false, $atts = array() ) {
29.     $url = 'https://www.gravatar.com/avatar/';
30.     $url .= md5( strtolower( trim( $email ) ) );
31.     $url .= "?s=$s&d=$d&r=$r";
32.     if ( $img ) {
33.         $url = '<img src="' . $url . '"';
34.         foreach ( $atts as $key => $val )
35.         $url .= ' ' . $key . '="' . $val . '"';
36.         $url .= ' />';
37.     }
38.     return $url;
39. }
40.  
41. //Check if a permission level ID exists in the DB
42. function permissionIdExists($id) {
43.     $db = DB::getInstance();
44.     $query = $db->query("SELECT id FROM permissions WHERE id = ? LIMIT 1",array($id));
45.     $num_returns = $query->count();
46.  
47.     if ($num_returns > 0) {
48.         return true;
49.     } else {
50.         return false;
51.     }
52. }
53.  
54. //Check if a user ID exists in the DB
55. function userIdExists($id) {
56.     $db = DB::getInstance();
57.     $query = $db->query("SELECT * FROM users WHERE id = ?",array($id));
58.     $num_returns = $query->count();
59.     if ($num_returns > 0){
60.         return true;
61.     }else{
62.         return false;
63.     }
64. }
65.  
66. //Retrieve information for a single permission level
67. function fetchPermissionDetails($id) {
68.     $db = DB::getInstance();
69.     $query = $db->query("SELECT id, name FROM permissions WHERE id = ? LIMIT 1",array($id));
70.     $results = $query->first();
71.     $row = array('id' => $results->id, 'name' => $results->name);
72.     return ($row);
73. }
74.  
75. //Change a permission level's name
76. function updatePermissionName($id, $name) {
77.     $db = DB::getInstance();
78.     $fields=array('name'=>$name);
79.     $db->update('permissions',$id,$fields);
80. }
81.  
82. //Checks if a username exists in the DB
83. function usernameExists($username)   {
84.     $db = DB::getInstance();
85.     $query = $db->query("SELECT * FROM users WHERE username = ?",array($username));
86.     $results = $query->results();
87.     return ($results);
88. }
89.  
90. //Retrieve information for all users
91. function fetchAllUsers() {
92.     $db = DB::getInstance();
93.     $query = $db->query("SELECT * FROM users");
94.     $results = $query->results();
95.     return ($results);
96. }
97.  
98. //Retrieve complete user information by username, token or ID
99. function fetchUserDetails($username=NULL,$token=NULL, $id=NULL){
100.     if($username!=NULL) {
101.         $column = "username";
102.         $data = $username;
103.     }elseif($id!=NULL) {
104.         $column = "id";
105.         $data = $id;
106.     }
107.     $db = DB::getInstance();
108.     $query = $db->query("SELECT * FROM users WHERE $column = $data LIMIT 1");
109.     $results = $query->first();
110.     return ($results);
111. }
112.  
113. //Retrieve list of permission levels a user has
114. function fetchUserPermissions($user_id) {
115.     $db = DB::getInstance();
116.     $query = $db->query("SELECT * FROM user_permission_matches WHERE user_id = ?",array($user_id));
117.     $results = $query->results();
118.     return ($results);
119. }
120.  
121.  
122. //Retrieve list of users who have a permission level
123. function fetchPermissionUsers($permission_id) {
124.     $db = DB::getInstance();
125.     $query = $db->query("SELECT id, user_id FROM user_permission_matches WHERE permission_id = ?",array($permission_id));
126.     $results = $query->results();
127.     return ($results);
128.     $row[$user] = array('id' => $id, 'user_id' => $user);
129.     if (isset($row)){
130.         return ($row);
131.     }
132. }
133.  
134. //Unmatch permission level(s) from user(s)
135. function removePermission($permissions, $members) {
136.     $db = DB::getInstance();
137.     if(is_array($members)){
138.         $memberString = '';
139.         foreach($members as $member){
140.           $memberString .= $member.',';
141.         }
142.         $memberString = rtrim($memberString,',');
143.  
144.         $q = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ? AND user_id IN ({$memberString})",[$permissions]);
145.     }elseif(is_array($permissions)){
146.         $permissionString = '';
147.         foreach($permissions as $permission){
148.             $permissionString .= $permission.',';
149.         }
150.         $permissionString = rtrim($permissionString,',');
151.         $q = $db->query("DELETE FROM user_permission_matches WHERE user_id = ? AND permission_id IN ({$permissionString})",[$members]);
152.     }
153.     return $q->count();
154. }
155.  
156. //Retrieve a list of all .php files in root files folder
157. function getPathPhpFiles($absRoot,$urlRoot,$fullPath) {
158.     $directory = $absRoot.$urlRoot.$fullPath;
159.     //bold ($directory);
160.     $pages = glob($directory . "*.php");
161.  
162.     foreach ($pages as $page){
163.         $fixed = str_replace($absRoot.$urlRoot,'',$page);
164.         $row[$fixed] = $fixed;
165.     }
166.     return $row;
167. }
168.  
169. //Retrieve a list of all .php files in root files folder
170. function getPageFiles() {
171.     $directory = "../";
172.     $pages = glob($directory . "*.php");
173.     foreach ($pages as $page){
174.         $fixed = str_replace('../','/'.$us_url_root,$page);
175.         $row[$fixed] = $fixed;
176.     }
177.     return $row;
178. }
179.  
180. //Retrive a list of all .php files in users/ folder
181. function getUSPageFiles() {
182.     $directory = "../users/";
183.     $pages = glob($directory . "*.php");
184.     foreach ($pages as $page){
185.         $fixed = str_replace('../users/','/'.$us_url_root.'users/',$page);
186.         $row[$fixed] = $fixed;
187.     }
188.     return $row;
189. }
190.  
191. //Delete a page from the DB
192. function deletePages($pages) {
193.     $db = DB::getInstance();
194.     if(!$query = $db->query("DELETE FROM pages WHERE id IN ({$pages})")){
195.         throw new Exception('There was a problem deleting pages.');
196.     }else{
197.         return true;
198.     }
199. }
200.  
201. //Fetch information on all pages
202. function fetchAllPages() {
203.     $db = DB::getInstance();
204.     $query = $db->query("SELECT id, page, private FROM pages ORDER BY id DESC");
205.     $pages = $query->results();
206.     //return $pages;
207.  
208.     if (isset($row)){
209.         return ($row);
210.     }else{
211.         return $pages;
212.     }
213. }
214.  
215. //Fetch information for a specific page
216. function fetchPageDetails($id) {
217.     $db = DB::getInstance();
218.     $query = $db->query("SELECT id, page, private FROM pages WHERE id = ?",array($id));
219.     $row = $query->first();
220.     return $row;
221. }
222.  
223.  
224. //Check if a page ID exists
225. function pageIdExists($id) {
226.     $db = DB::getInstance();
227.     $query = $db->query("SELECT private FROM pages WHERE id = ? LIMIT 1",array($id));
228.     $num_returns = $query->count();
229.     if ($num_returns > 0){
230.         return true;
231.     }else{
232.         return false;
233.     }
234. }
235.  
236. //Toggle private/public setting of a page
237. function updatePrivate($id, $private) {
238.     $db = DB::getInstance();
239.     $result = $db->query("UPDATE pages SET private = ? WHERE id = ?",array($private,$id));
240.     return $result;
241. }
242.  
243. //Add a page to the DB
244. function createPages($pages) {
245.     $db = DB::getInstance();
246.     foreach($pages as $page){
247.         $fields=array('page'=>$page, 'private'=>'0');
248.         $db->insert('pages',$fields);
249.     }
250. }
251.  
252. //Match permission level(s) with page(s)
253. function addPage($page, $permission) {
254.     $db = DB::getInstance();
255.     $i = 0;
256.     if (is_array($permission)){
257.         foreach($permission as $id){
258.             $query = $db->query("INSERT INTO permission_page_matches (
259.             permission_id, page_id ) VALUES ( $id , $page )");
260.             $i++;
261.         }
262.     } elseif (is_array($page)){
263.         foreach($page as $id){
264.             $query = $db->query("INSERT INTO permission_page_matches (
265.             permission_id, page_id ) VALUES ( $permission , $id )");
266.             $i++;
267.         }
268.     } else {
269.         $query = $db->query("INSERT INTO permission_page_matches (
270.         permission_id, page_id ) VALUES ( $permission , $page )");
271.         $i++;
272.     }
273.     return $i;
274. }
275.  
276.   //Retrieve list of permission levels that can access a page
277. function fetchPagePermissions($page_id) {
278.     $db = DB::getInstance();
279.     $query = $db->query("SELECT id, permission_id FROM permission_page_matches WHERE page_id = ? ",array($page_id));
280.     $results = $query->results();
281.     return($results);
282. }
283.  
284. //Retrieve list of pages that a permission level can access
285. function fetchPermissionPages($permission_id) {
286.     $db = DB::getInstance();
287.  
288.     $query = $db->query(
289.     "SELECT m.id as id, m.page_id as page_id, p.page as page, p.private as private
290.     FROM permission_page_matches AS m
291.     INNER JOIN pages AS p ON m.page_id = p.id
292.     WHERE m.permission_id = ?",[$permission_id]);
293.     $results = $query->results();
294.     return ($results);
295. }
296.  
297. //Unmatched permission and page
298. function removePage($pages, $permissions) {
299.     $db = DB::getInstance();
300.     if(is_array($permissions)){
301.         $ids = '';
302.         for($i = 0; $i < count($permissions);$i++){
303.             $ids .= $permissions[$i].',';
304.         }
305.         $ids = rtrim($ids,',');
306.         if($query = $db->query("DELETE FROM permission_page_matches WHERE permission_id IN ({$ids}) AND page_id = ?",array($pages))){
307.             return $query->count();
308.         }
309.     }elseif(is_array($pages)){
310.         $ids = '';
311.         for($i = 0; $i < count($pages);$i++){
312.             $ids .= $pages[$i].',';
313.         }
314.         $ids = rtrim($ids,',');
315.         if($query = $db->query("DELETE FROM permission_page_matches WHERE page_id IN ({$ids}) AND permission_id = ?",array($permissions))){
316.             return $query->count();
317.         }
318.     }
319. }
320.  
321. //Delete a defined array of users
322. function deleteUsers($users) {
323.     $db = DB::getInstance();
324.     $i = 0;
325.     foreach($users as $id){
326.         $query1 = $db->query("DELETE FROM users WHERE id = ?",array($id));
327.         $query2 = $db->query("DELETE FROM user_permission_matches WHERE user_id = ?",array($id));
328.         $query3 = $db->query("DELETE FROM profiles WHERE user_id = ?",array($id));
329.         $i++;
330.     }
331.     return $i;
332. }
333.  
334.  
335. //Check if a user has access to a page
336. function securePage($uri){
337.     //Separate document name from uri
338.     //$tokens = explode('/', $uri);
339.     //$page = end($tokens);
340.  
341.     $abs_us_root=$_SERVER['DOCUMENT_ROOT'];
342.  
343.     $self_path=explode("/", $_SERVER['PHP_SELF']);
344.     $self_path_length=count($self_path);
345.     $file_found=FALSE;
346.  
347.     for($i = 1; $i < $self_path_length; $i++){
348.         array_splice($self_path, $self_path_length-$i, $i);
349.         $us_url_root=implode("/",$self_path)."/";
350.  
351.         if (file_exists($abs_us_root.$us_url_root.'z_us_root.php')){
352.             $file_found=TRUE;
353.             break;
354.         }else{
355.             $file_found=FALSE;
356.         }
357.     }
358.  
359.     $urlRootLength=strlen($us_url_root);
360.     $page=substr($uri,$urlRootLength,strlen($uri)-$urlRootLength);
361.  
362.     //bold($page);
363.  
364.     $db = DB::getInstance();
365.     $id = null;
366.     $private = null;
367.     // dnd($page);
368.     global $user;
369.     // dnd($user);
370.     if(isset($user) && $user->data() != null){
371.         if($user->data()->permissions==0){
372.             bold('<br><br><br>Sorry. You have been banned. If you feel this is an error, please contact the administrator.');
373.             die();
374.         }
375.     }
376.     //retrieve page details
377.     $query = $db->query("SELECT id, page, private FROM pages WHERE page = ?",[$page]);
378.     $count = $query->count();
379.     if ($count==0){
380.         bold('<br><br>You must go into the Admin Panel and click the Manage Pages button to add this page to the database. Doing so will make this error go away.');
381.         die();
382.     }
383.     $results = $query->first();
384.  
385.     $pageDetails = array( 'id' =>$results->id, 'page' => $results->page, 'private' =>$results->private);
386.  
387.     $pageID = $results->id;
388.  
389.     //If page does not exist in DB, allow access
390.     if (empty($pageDetails)){
391.         return true;
392.     }elseif ($pageDetails['private'] == 0){//If page is public, allow access
393.         return true;
394.     }elseif(!$user->isLoggedIn()){ //If user is not logged in, deny access
395.         Redirect::to($us_url_root.'users/login.php', '?afterLoginGoto='.$_SERVER['PHP_SELF']);
396.         return false;
397.     }else {
398.         //Retrieve list of permission levels with access to page
399.  
400.         $query = $db->query("SELECT permission_id FROM permission_page_matches WHERE page_id = ?",[$pageID]);
401.  
402.         $permission = $query->results();
403.         $pagePermissions[] = $permission;
404.  
405.         //Check if user's permission levels allow access to page
406.         if (checkPermission($pagePermissions)){
407.             return true;
408.         }elseif ($user->data()->id == $master_account){ //Grant access if master user
409.             return true;
410.         }else {
411.             if (!$homepage = Config::get('homepage'))
412.                 $homepage = '$us_url_root'."index.php";
413.             Redirect::to($homepage);
414.             return false;
415.         }
416.     }
417. }
418.  
419. //Does user have permission
420. //This is the old school UserSpice Permission System
421. function checkPermission($permission) {
422.     $db = DB::getInstance();
423.     global $user;
424.     //Grant access if master user
425.     $access = 0;
426.  
427.     foreach($permission[0] as $perm){
428.         if ($access == 0){
429.             $query = $db->query("SELECT id FROM user_permission_matches  WHERE user_id = ? AND permission_id = ?",array($user->data()->id,$perm->permission_id));
430.             $results = $query->count();
431.             if ($results > 0){
432.                 $access = 1;
433.             }
434.         }
435.     }
436.     if ($access == 1){
437.         return true;
438.     }
439.     if ($user->data()->id == 1){
440.         return true;
441.     }else{
442.         return false;
443.     }
444. }
445.  
446. function checkMenu($permission, $id) {
447.     $db = DB::getInstance();
448.     global $user;
449.     //Grant access if master user
450.     $access = 0;
451.  
452.     if ($access == 0){
453.         $query = $db->query("SELECT id FROM user_permission_matches  WHERE user_id = ? AND permission_id = ?",array($id,$permission));
454.         $results = $query->count();
455.         if ($results > 0){
456.             $access = 1;
457.         }
458.     }
459.     if ($access == 1){
460.         return true;
461.     }
462.     if ($user->data()->id == 1){
463.         return true;
464.     }else{
465.         return false;
466.     }
467. }
468.  
469. //Retrieve information for all permission levels
470. function fetchAllPermissions() {
471.     $db = DB::getInstance();
472.     $query = $db->query("SELECT id, name FROM permissions");
473.     $results = $query->results();
474.     return ($results);
475. }
476.  
477. //Displays error and success messages
478. function resultBlock($errors,$successes){
479.     //Error block
480.     if(count($errors) > 0){
481.         echo "<div class='alert alert-danger alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
482.         <ul>";
483.         foreach($errors as $error){
484.             echo "<li>".$error."</li>";
485.         }
486.         echo "</ul>";
487.         echo "</div>";
488.     }
489.  
490.     //Success block
491.     if(count($successes) > 0){
492.         echo "<div class='alert alert-success alert-dismissible' role='alert'> <button type='button' class='close' data-dismiss='alert' aria-label='Close'><span aria-hidden='true'>&times;</span></button>
493.         <ul>";
494.         foreach($successes as $success){
495.             echo "<li>".$success."</li>";
496.         }
497.         echo "</ul>";
498.         echo "</div>";
499.     }
500. }
501.  
502. //Inputs language strings from selected language.
503. function lang($key,$markers = NULL){
504.     global $lang;
505.     if($markers == NULL){
506.         $str = $lang[$key];
507.     }else{
508.     //Replace any dyamic markers
509.     $str = $lang[$key];
510.     $iteration = 1;
511.         foreach($markers as $marker){
512.             $str = str_replace("%m".$iteration."%",$marker,$str);
513.             $iteration++;
514.         }
515.     }
516.     //Ensure we have something to return
517.     if($str == ""){
518.         return ("No language key found");
519.     }else{
520.         return $str;
521.     }
522. }
523.  
524.  
525. //Check if a permission level name exists in the DB
526. function permissionNameExists($permission) {
527.     $db = DB::getInstance();
528.     $query = $db->query("SELECT id FROM permissions WHERE
529.     name = ?",array($permission));
530.     $results = $query->results();
531. }
532.  
533. //Match permission level(s) with user(s)
534. function addPermission($permission_ids, $members) {
535.     $db = DB::getInstance();
536.     $i = 0;
537.     if(is_array($permission_ids)){
538.         foreach($permission_ids as $permission_id){
539.             if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$members,$permission_id])){
540.                 $i++;
541.             }
542.         }
543.     }elseif(is_array($members)){
544.         foreach($members as $member){
545.             if($db->query("INSERT INTO user_permission_matches (user_id,permission_id) VALUES (?,?)",[$member,$permission_ids])){
546.                 $i++;
547.             }
548.         }
549.     }
550.     return $i;
551. }
552.  
553.  
554. //Delete a permission level from the DB
555. function deletePermission($permission) {
556.     global $errors;
557.     $i = 0;
558.     $db = DB::getInstance();
559.     foreach($permission as $id){
560.         if ($id == 1){
561.         $errors[] = lang("CANNOT_DELETE_NEWUSERS");
562.         }
563.         elseif ($id == 2){
564.             $errors[] = lang("CANNOT_DELETE_ADMIN");
565.         }else{
566.             $query1 = $db->query("DELETE FROM permissions WHERE id = ?",array($id));
567.             $query2 = $db->query("DELETE FROM user_permission_matches WHERE permission_id = ?",array($id));
568.             $query3 = $db->query("DELETE FROM permission_page_matches WHERE permission_id = ?",array($id));
569.             $i++;
570.         }
571.     }
572.     return $i;
573.  
574.     //Redirect::to('admin_permissions.php');
575. }
576.  
577. //Checks if an email is valid
578. function isValidEmail($email){
579.     if (filter_var($email, FILTER_VALIDATE_EMAIL)) {
580.         return true;
581.     }
582.     else {
583.         return false;
584.     }
585. }
586.  
587. //Check if an email exists in the DB
588. function emailExists($email) {
589.     $db = DB::getInstance();
590.     $query = $db->query("SELECT email FROM users WHERE email = ?",array($email));
591.     $num_returns = $query->count();
592.     if ($num_returns > 0){
593.         return true;
594.     }else{
595.         return false;
596.     }
597. }
598.  
599. //Update a user's email
600. function updateEmail($id, $email) {
601.     $db = DB::getInstance();
602.     $fields=array('email'=>$email);
603.     $db->update('users',$id,$fields);
604.  
605.     return true;
606. }