<?php/* functions-acl.php (for A3S 3.0, Canadian Broadcasting Corporation)

1. <?php
2.  
3. /* functions-acl.php (for A3S 3.0, Canadian Broadcasting Corporation)
4.  * Michael Baker (InteGain Corporation)
5.  * 2008-09-26
6.  *
7.  * Used for ACL-related functions.
8.  * A thrown exception skips the rest of the function.
9.  *
10.  */
11.  
12. require_once( "functions.php" );
13.  
14. $aclErrors = array(
15. "USER_EXIST" => 0,
16. "USER_NOEXIST" => 1,
17. "FLAG_EXIST" => 2,
18. "FLAG_NOEXIST" => 3
19. );
20.  
21. function usernameExists( $username ) {
22.   /* Returns a boolean indicating whether
23.    * the user name in question exists.
24.    *
25.    */
26.    
27.   $username = mysql_real_escape_string( $username );
28.  
29.   $query = "SELECT `id` FROM acl_users WHERE `username`='$username'";
30.   $result = mysql_query( $query );
31.   $numrows = mysql_num_rows( $result );
32.  
33.   if ( !$numrows ) {
34.     // username doesn't exist
35.     return 0;
36.   }
37.   else {
38.     // return the looked-up userID
39.     $row = mysql_fetch_row( $result );
40.     return $row[ 0 ];
41.   }
42.  
43. }
44.  
45. function userExists( $userID ) {
46.   /* Returns a boolean indicating whether
47.    * the user ID in question exists.
48.    *
49.    */
50.  
51.   $userID = mysql_real_escape_string( $userID );
52.  
53.   $query = "SELECT `id` FROM acl_users WHERE `id`='$userID'";
54.   $result = mysql_query( $query );
55.   $numrows = mysql_num_rows( $result );
56.  
57.   return $numrows;
58.  
59. }
60.  
61. function getFlags( $userID ) {
62.   /* Returns an array of the string flags
63.    * the user ID has access to.
64.    *
65.    */
66.  
67.   $userID = mysql_real_escape_string( $userID );
68.  
69.   if ( !userExists( $userID ) ) {
70.     // user does not exist
71.     throw new Exception( $aclErrors[ "USER_NOEXIST" ] );
72.   }
73.  
74.   $query = "SELECT `flag_name` FROM acl_flags WHERE `user_id`='$userID'";
75.   $result = mysql_query( $query );
76.   $numrows = mysql_num_rows( $result );
77.  
78.   // Initialize an empty array for the user's flags
79.   $flags = array();
80.   $counter = 0;
81.  
82.   while ( $counter < $numrows ) {
83.     // Iterate through the flags and add them to an array
84.    
85.     $row = mysql_fetch_row( $result );
86.     $flagName = $row[ 0 ];
87.    
88.     array_push( $flags, $flagName );
89.     $counter++;
90.   }
91.  
92.   return $flags;
93.  
94. }
95.  
96. function hasPermission( $userID, $flag ) {
97.   /* Returns a boolean indicating whether the
98.    * user ID in question has access to the
99.    * specified string flag.
100.    *
101.    */
102.  
103.   if ( !userExists( $userID ) ) {
104.     // user does not exist
105.     throw new Exception( $aclErrors[ "USER_NOEXIST" ] );
106.   }
107.  
108.   $flags = getFlags( $userID );
109.  
110.   /* Return true if they either have the flag in question
111.    * or if they possess "carte blanche" (unrestricted access)
112.    *
113.    * Otherwise, return false.
114.    *
115.    */
116.   $carteBlanche = in_array( "admin", $flags );
117.   $authorized = in_array( $flag, $flags );
118.  
119.   return ( $authorized || $carteBlanche );
120.  
121. }
122.  
123. function addUser( $username, $password ) {
124.   /* Adds a user to the ACL.
125.    * Note that this does not give them any permissive flags.
126.    * Both arguments are in cleartext.
127.    *
128.    */
129.  
130.   if ( usernameExists( $username ) ) {
131.     // username already exists
132.     throw new Exception( $aclErrors[ "USER_EXIST" ] );
133.   }
134.  
135.   $username = mysql_real_escape_string( $username );
136.  
137.   // Generate md5 sum of password
138.   $passwordHash = md5( $password );
139.   $query = "INSERT INTO acl_users ( `username`, `password` ) VALUES ( '$username', '$passwordHash' )";
140.   mysql_query( $query );
141.  
142.   // Tell the user how many rows were affected (should be 1)
143.   return mysql_affected_rows();
144.  
145. }
146.  
147. function deleteUser( $userID ) {
148.   /* Deletes a user from the ACL,
149.    * removing any flags they may possess.
150.    *
151.    */
152.  
153.   $userID = mysql_real_escape_string( $userID );
154.  
155.   if ( !userExists( $userID ) ) {
156.     // user ID does not exist
157.     throw new Exception( $aclErrors[ "USER_EXIST" ] );
158.   }
159.  
160.   // Clean out their user record...
161.   $query = "DELETE FROM acl_users WHERE id='$userID'";
162.   mysql_query( $query );
163.  
164.   // Now delete any permissions they had
165.   $query = "DELETE FROM acl_flags WHERE user_id='$userID'";
166.   mysql_query( $query );
167.   $affected = mysql_affected_rows();
168.  
169.   // Tell us how many flags they lost
170.   return $affected;
171.  
172. }
173.  
174. function grantPermission( $userID, $flag ) {
175.   /* Adds a certain flag for a user.
176.    * $userID = the user's ID
177.    * $flag = a string flag
178.    *
179.    * Note that this will check if the user
180.    * already possesses said flag before adding it.
181.    */
182.    
183.   $flag = mysql_real_escape_string( $flag );
184.   $userID = mysql_real_escape_string( $userID );
185.  
186.   // Calling hasPermission here could invoke a USER_NOEXIST error
187.   if ( hasPermission( $userID, $flag ) ) {
188.     // User already has flag!
189.     throw new Exception( $aclErrors[ "FLAG_EXIST" ] );
190.   }
191.  
192.   // Add this flag to the user
193.   $query = "INSERT INTO acl_flags ( `user_id`, `flag_name` ) VALUES ( '$userID', '$flag' )";
194.   mysql_query( $query );
195.  
196.   return mysql_affected_rows();
197.  
198. }
199.  
200. function revokePermission( $userID, $flag ) {
201.   /* Revokes a certain permission flag from a user.
202.    * $userID = the user's ID
203.    * $flag = a string flag
204.    *
205.    * This will check if the user possesses said flag
206.    * before attempting to remove it.
207.    * An error will be thrown if the user does not have
208.    * said flag.
209.    *
210.    */
211.  
212.   $flag = mysql_real_escape_string( $flag );
213.   $userID = mysql_real_escape_string( $userID );
214.  
215.   // Calling hasPermission here could invoke a USER_NOEXIST error
216.   if ( !hasPermission( $userID, $flag ) ) {
217.     // User doesn't possess it in the first place!
218.     throw new Exception( $aclErrors[ "FLAG_NOEXIST" ] );
219.   }
220.  
221.   // Remove this flag from the user
222.   $query = "DELETE FROM acl_flags WHERE user_id='$userID' AND flag_name='$flag'";
223.   mysql_query( $query );
224.  
225.   return mysql_affected_rows();
226.  
227. }
228.  
229. function validateLogin( $username, $password ) {
230.   /* Validates login credentials.
231.    * Returns 0 if login fails, otherwise 1.
232.    *
233.    */
234.  
235.   $username = mysql_real_escape_string( $username );
236.   $passwordHash = md5( $password );
237.  
238.   $query = "SELECT id FROM acl_users WHERE username='$username' AND password='$passwordHash'";
239.   $result = mysql_query( $query );
240.  
241.   $numrows = mysql_num_rows( $result );
242.  
243.   if ( !$numrows ) {
244.     // user does not exist
245.     return 0;
246.   }
247.   else {
248.     // user exists; return their ID
249.     $row = mysql_fetch_row( $result );
250.     return $row[ 0 ];
251.   }
252.  
253. }
254.  
255. ?>