Global classes

1. //*******************************************************************************************************************************************
2. //
3. // User object
4. //
5. //*******************************************************************************************************************************************
6. class User {
7.   public $id = "";
8.   public $username = "";
9.   public $password = "";
10.   public $email = "";
11.   public $flags = 0;
12.   public $datecreated = 0;
13.   public $datedisabled = 0;
14.   public $daterequested = 0;
15.   public $datelogin = 0;
16.   public $resetkey = "";
17.   public $tfacode = "";
18.   public $verification = "";
19.   public $rights = 0;
20.   public $roles = [];
21.   public $authtoken = "";
22.  
23.   function __construct($uid = "", $opts = []) {
24.     if (empty($uid)) return;
25.    
26.     $this->id = $uid;
27.     $this->populate($opts);
28.   }
29.  
30.   function getAclPrincipal() {
31.     $ret = new ACLPrincipal();
32.     $ret->set($this->id, $this->username);
33.     return $ret;
34.   }
35.  
36.   function populate() {
37.     global $pdo;
38.     if (empty($this->id)) return;
39.    
40.     $sql = $pdo->prepare("SELECT * FROM users WHERE uid = ?");
41.     $sql->execute([$this->id]); $row = $sql->fetch(PDO::FETCH_ASSOC);
42.     if (!$row) return;
43.    
44.     if (empty($row["userobj"])) {
45.       $this->email = $row["email"];
46.       $this->username = $row["username"];
47.       $this->populateRoles();
48.       return;
49.     }
50.    
51.     $obj = unserialize($row["userobj"]);
52.     foreach ((new ReflectionClass("User"))->getProperties() AS $k=>$v) {
53.       $this->{$v->getName()} = $obj->{$v->getName()};
54.     }
55.   }
56.  
57.   function populateRoles() {
58.     global $pdo;
59.     if (empty($this->id)) return;
60.    
61.     $this->roles = [];
62.     $data = getData($pdo, "users_roles", ["criteria"=>["uid = ?"=>$this->id]]);
63.     foreach ($data AS $rid=>$data) {
64.       $this->roles[] = new Role($rid);
65.     }
66.   }
67.      
68.   function flush() {
69.     global $pdo;
70.     if (empty($this->id)) $this->datecreated = time();
71.     if (empty(password_get_info($this->password)["algo"]) && !empty($this->password)) $this->password = password_hash($this->password, PASSWORD_DEFAULT);
72.     $data = ["userobj"=>serialize($this)];
73.     foreach (["username","email"] AS $f) $data[$f] = $this->$f;
74.    
75.     if (empty($this->id)) {
76.       $this->id = setData($pdo, "users", $data);
77.       setData($pdo, "users", ["uid"=>$this->id, "userobj"=>serialize($this)]);
78.       delData($pdo, "users_roles", ["uid = ?"=>$this->id]);
79.       foreach ($this->roles AS $role) setData($pdo, "roles", ["id"=>$this->id, "rid"=>$role->id]);
80.       return $this->id;
81.     }
82.  
83.     $data["uid"] = $this->id;
84.     setData($pdo, "users", $data);
85.     delData($pdo, "users_roles", ["id = ?"=>$this->id]);
86.     foreach ($this->roles AS $role) setData($pdo, "roles", ["id"=>$this->id, "rid"=>$role->id]);
87.   }
88.  
89.   function hasPermission($perm, $opts = []) {
90.     $class = array_key_exists("class", $opts) ? $opts["class"] : "Perm";
91.     $admin = array_key_exists("admin", $opts) ? $opts["admin"] : Perm::Administrator;
92.     $deny  = array_key_exists("deny",  $opts) ? $opts["deny"]  : Perm::Deny;
93.    
94.     if ($this->rights & $admin) return true;
95.     if ($this->rights & $deny) return false;
96.     foreach ($roles AS $role) {
97.       if ($role->rights & $deny) return false;
98.       if ($role->rights & $perm) return true;
99.     }
100.     if ($this->rights & $perm) return true;
101.   }
102. }
103.  
104.  
105. //*******************************************************************************************************************************************
106. //
107. // Status files
108. //
109. //*******************************************************************************************************************************************
110. class Status {
111.   const Invalid = 1;
112.   const Expired = 2;
113.   const OK = 4;
114.   const Aborted = 8;
115.   const Error = 16;
116.   const Save = 32;
117. }
118.  
119.  
120. //*******************************************************************************************************************************************
121. //
122. // Flags
123. //
124. //*******************************************************************************************************************************************
125. class Flag {
126.   const Debug = 1;
127.   const CookieLogin = 2;
128.   const Registration = 4;
129.   const PasswordRetrieval = 8;
130.   const RequireValidation = 16;
131.   const ImplementsEmail = 32;
132.   const ImplementsUsername = 64;
133.   const ManualAcctApproval = 128;
134.   const Disabled = 256;
135.   const NavTop = 512;
136.   const NavLeft = 1024;
137.   const Clipboard = 2048;
138.   const RequireLogin = 4096;
139.   const AllowEternalCookieLogin = 8192;
140. }
141.  
142.  
143. //*******************************************************************************************************************************************
144. //
145. // Base permission flags
146. //
147. //*******************************************************************************************************************************************
148. class Perm {
149.   const Read = 1;
150.   const Add = 2;
151.   const Edit = 4;
152.   const Delete = 8;
153.   const Deny = 16;
154.   const Administrator = 32;
155. }
156.  
157.  
158. //*******************************************************************************************************************************************
159. //
160. // ACL
161. //
162. //*******************************************************************************************************************************************
163. class ACL {
164.   public $entries = [];
165.  
166.   function __construct($aclentries = []) {
167.     foreach ($aclentries AS $aclentry) {
168.       if (!($aclentry instanceof ACLEntry)) continue;
169.      
170.       $this->entries[] = $aclentry;
171.     }
172.   }
173.      
174.   function add($aclentry) {
175.     $this->entries[] = $aclentry;
176.   }
177.  
178.   function remove($obj) {
179.     if ($obj instanceof ACLEntry) {
180.     }
181.    
182.     for ($x=0; $x<count($this->entries); $x++) {
183.       if ($this->entries[$x]->principal != $obj) continue;
184.       unset($this->entries[$x]);
185.       break;
186.     }
187.   }
188.  
189.   function getPermission($principal, $deny = -1) {
190.     global $cfg;
191.    
192.     $primary = 0; $anon = 0; $deny = $deny == -1 ? Perm::Deny : $deny;
193.     $principal = $principal instanceof User ? $principal->getAclPrincipal() : ($principal == null ? new ACLPrincipal(-1) : $principal);
194.    
195.     foreach ($this->entries AS $entry) {
196.       if ($entry->principal instanceof ACLPrincipal) {
197.         if ($entry->principal->id == -1) {
198.           $anon = $entry->rights;
199.           continue;
200.         }
201.         if ($entry->principal->id != $principal->id) continue;
202.        
203.         $primary = $entry->rights;
204.       }
205.     }
206.  
207.     return $primary & $deny ? 0 : (empty($primary) ? $anon : $primary);
208.   }
209.  
210.   function zhasPermission($principal, $permission, $opts = []) {
211.     $class = array_key_exists("class", $opts) ? $opts["class"] : "Perm";
212.     $deny = array_key_exists("deny", $opts) ? $opts["deny"] : Perm::Deny;
213.     $rights = $this->getPermission($principal);
214.    
215.   }
216.  
217.   function hasPermission($principal, $permission, $opts = []) {
218.     global $cfg;
219.  
220.     $admin = array_key_exists("admin", $opts) ? $opts["admin"] : Perm::Administrator;
221.     $deny = array_key_exists("deny", $opts) ? $opts["deny"] : Perm::Deny;
222.     $rights = $this->getPermission($principal);
223.  
224.     if ($admin > -1 && $principal != null && $principal->hasPermission($admin)) return true;
225.    
226.     if (!($principal instanceof ACLRole) && $principal != null) {
227.       $user = $principal instanceof User ? $principal : new User($principal->id);
228.       if ($user instanceof User && count($user->roles) > 0) {
229.         foreach ($user->roles AS $r) {
230.           $rolerights = $this->getPermission($r);
231.           if ($rolerights & $deny) return false;
232.           if (isset($cfg) && array_key_exists("perm.inheritance", $cfg) && array_key_exists($permission, $cfg["perm.inheritance"])) {
233.             foreach ($cfg["perm.inheritance"][$permission] AS $ir) {
234.               $rolerights = getEnabledBitwise("SitePerms", [$rolerights, $ir]);
235.             }
236.           }
237.           if ($admin > 0 && ($rolerights & $admin)) return true;
238.  
239.           $rights = $rolerights & $permission;
240.         }
241.       }
242.     }
243.    
244.     return $rights & $deny ? false : $rights & $permission;
245.   }
246. }
247.  
248. //*******************************************************************************************************************************************
249. //
250. // Entry object.  Holds a principal and its permissions
251. //
252. //*******************************************************************************************************************************************
253. class ACLEntry {
254.   public $principal;
255.   public $rights = 0;
256.  
257.   function __construct($principal = "", $rights = 0) {
258.     if (empty($principal)) return;
259.    
260.     if (!($principal instanceof ACLPrincipal)) showError("Cannot add a non-ACL based principal to an ACLEntry!", true);
261.     if (empty($principal->id)) showError("Attempted to add an empty principal!", true);
262.    
263.     $this->principal = $principal;
264.     $this->rights = $rights;
265.   }
266.  
267.   function set($principal, $rights) {
268.     if (!($principal instanceof ACLPrincipal)) showError("Cannot add a non-ACL based principal to an ACLEntry!", true);
269.  
270.     $this->principal = $principal;
271.     $this->rights = $rights;
272.   }
273. }
274.  
275.  
276. //*******************************************************************************************************************************************
277. //
278. // Principal, typically a user but also the base for a role
279. //
280. //*******************************************************************************************************************************************
281. class ACLPrincipal {
282.   public $id;
283.   public $name;
284.  
285.   function __construct($id = 0, $name = "") {
286.     global $cfg;
287.     if (empty($id)) return;
288.    
289.     if ($id == -1) {
290.       $this->id = array_key_exists("anonkey", $cfg) ? $cfg["anonkey"] : "-1";
291.       $this->name = array_key_exists("anondisp", $cfg) ? $cfg["anondisp"] : "(Anonymous)";
292.       return;
293.     }
294.     if ($id == -2) {
295.       $this->id = array_key_exists("authkey", $cfg) ? $cfg["authkey"] : "-2";
296.       $this->name = array_key_exists("authdisp", $cfg) ? $cfg["authdisp"] : "(Authenticated User)";
297.       return;
298.     }
299.    
300.     $this->id = $id;
301.     $this->name = $name;
302.   }
303.      
304.   function set($id, $name) {
305.     $this->id = $id;
306.     $this->name = $name;
307.   }
308.  
309.   function hasPermission($perm, $opts = []) {
310.     global $cfg;
311.    
312.     $anon = array_key_exists("anonkey", $cfg) ? $cfg["anonkey"] : "-1";
313.     $auth = array_key_exists("authkey", $cfg) ? $cfg["authkey"] : "-2";
314.     if ($this->id == $anon || $this->id == $auth) return false;
315.     $user = new User($this->id);
316.     if ($user == null) return false;
317.    
318.     return $user->hasPermission($perm, $opts);
319.   }
320. }
321.  
322. //*******************************************************************************************************************************************
323. //
324. // A principal that is specifically for a group
325. //
326. //*******************************************************************************************************************************************
327. class ACLRole extends ACLPrincipal {
328.   public $rights = 0;
329.   public $datecreated = 0;
330.   public $createdby = 0;
331.  
332.   function __construct($id = "") {
333.     if (empty($id)) return;
334.    
335.     if (is_numeric($id)) {
336.       $this->id = $id;
337.     } else {
338.       $this->name = $id;
339.     }
340.     $this->populate();
341.   }
342.  
343.   function set($id, $name) {
344.     $this->id = $id;
345.     $this->name = $name;
346.   }
347.  
348.   function populate() {
349.     global $pdo;
350.    
351.     if (!empty($this->id)) {
352.       $sql = $pdo->prepare("SELECT * FROM roles WHERE rid = ?");
353.       $sql->execute([$this->id]);
354.     } else if (!empty($this->name)) {
355.       $sql = $pdo->prepare("SELECT * FROM roles WHERE rolename = ?");
356.       $sql->execute([$this->name]);
357.     } else {
358.       showError("Attempting to populate an invalid role!", true);
359.     }
360.     $row = $sql->fetch(PDO::FETCH_ASSOC);
361.     if (!$row) return;
362.  
363.     $this->id = $row["rid"];      
364.     $this->name = $row["rolename"];
365.     $this->rights = $row["rights"];
366.     $this->datecreated = $row["datecreated"];
367.     $this->createdby = $row["createdby"];
368.   }
369.  
370.   function flush() {
371.     global $pdo;
372.  
373.     if (!isset($_SESSION["user"])) showError("Could not flush role; no valid user logged in!", true);      
374.     if (empty($this->id)) {
375.       $sql = $pdo->prepare("INSERT INTO roles (rolename, rights, datecreated, createdby) VALUES (?, ?, NOW(), ?)");
376.       $sql->execute([$this->name, $this->rights, $_SESSION["user"]->id]);
377.       $this->id = lastID($pdo, "roles");
378.       return;
379.     }
380.    
381.     $sql = $pdo->prepare("UPDATE roles SET rolename = ?, rights = ? WHERE rid = ?");
382.     $sql->execute([$this->name, $this->rights, $this->id]);
383.   }
384. }
385.  
386.  
387. //*******************************************************************************************************************************************
388. //
389. // Honestly, I can't remember why I still have this when I have the ACLRole object lol
390. //
391. //*******************************************************************************************************************************************
392. class Role {
393.   public $id = 0;
394.   public $name = "";
395.   public $rights = 0;
396.   public $datecreated = 0;
397.   public $createdby = 0;
398.  
399.   function __construct($id = null) {
400.     if (empty($id)) return;
401.    
402.     $this->populate($id);
403.   }
404.  
405.   function set($id, $name, $rights, $datecreated, $createdby) {
406.     $this->id = $id;
407.     $this->name = $name;
408.     $this->rights = $rights;
409.     $this->datecreated = $datecreated;
410.     $this->createdby = $createdby;
411.   }
412.  
413.   function getCreatedDate() {
414.     if (empty($this->datecreated)) return "Unknown";
415.     return date("m/d/Y @ g:i A", strtotime($this->datecreated));
416.   }
417.  
418.   function getCreatedBy() {
419.     $system = new User();
420.     $system->id = 0;
421.     $system->username = "System Account";
422.  
423.     if ($this->createdby == 0) return $system;
424.    
425.     $tmp = getUserObject(["uid"=>$this->createdby]);
426.     return $tmp == null ? $system : $tmp;      
427.   }
428.  
429.   function populate($id) {
430.     global $pdo;
431.    
432.     if (empty($id)) return;
433.     if (is_array($id)) {
434.       foreach (["rid","rolename","rights","datecreated","createdby"] AS $f) {
435.         if (!array_key_exists($f, $id)) errorMsg("Failed to populate role - missing field(s)!  ($f)");
436.       }
437.     } else {      
438.       $id = getData($pdo, "roles", ["criteria"=>["rid = ?"=>$id], "onlyone"=>true]);
439.       if (count($id) == 0) return;
440.     }
441.  
442.     $this->id = $id["rid"];
443.     $this->name = $id["rolename"];
444.     $this->rights = $id["rights"];
445.     $this->datecreated = strtotime($id["datecreated"]);
446.     $this->createdby = $id["createdby"];      
447.   }
448.  
449.   function flush() {
450.     global $pdo;
451.     if (empty($this->id)) {
452.       if (empty($this->name)) return null;
453.      
454.       $sql = $pdo->prepare("INSERT INTO roles (rolename, rights, datecreated, createdby) VALUES (?, ?, NOW(), ?)");
455.       $sql->execute([$this->name, $this->rights, isset($_SESSION["user"]) ? $_SESSION["user"]->id : 0]);
456.       $sql = $pdo->query("SELECT LAST_INSERT_ID() AS newid FROM roles");
457.       $row = $sql->fetch(PDO::FETCH_ASSOC);
458.       $this->id = $row["newid"];
459.       $_SESSION["rolecache"][$this->id] = $this;
460.       return $this->id;
461.     }
462.    
463.     $sql = $pdo->prepare("UPDATE roles SET rolename = ?, rights = ? WHERE rid = ?");
464.     $sql->execute([$this->name, $this->rights, $this->id]);
465.   }
466. }
467.