Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /* functions-acl.php (for A3S 3.0, Canadian Broadcasting Corporation)
- * Michael Baker (InteGain Corporation)
- * 2008-09-26
- *
- * Used for ACL-related functions.
- * A thrown exception skips the rest of the function.
- *
- */
- require_once( "functions.php" );
- $aclErrors = array(
- "USER_EXIST" => 0,
- "USER_NOEXIST" => 1,
- "FLAG_EXIST" => 2,
- "FLAG_NOEXIST" => 3
- );
- function usernameExists( $username ) {
- /* Returns a boolean indicating whether
- * the user name in question exists.
- *
- */
- $username = mysql_real_escape_string( $username );
- $query = "SELECT `id` FROM acl_users WHERE `username`='$username'";
- $result = mysql_query( $query );
- $numrows = mysql_num_rows( $result );
- if ( !$numrows ) {
- // username doesn't exist
- return 0;
- }
- else {
- // return the looked-up userID
- $row = mysql_fetch_row( $result );
- return $row[ 0 ];
- }
- }
- function userExists( $userID ) {
- /* Returns a boolean indicating whether
- * the user ID in question exists.
- *
- */
- $userID = mysql_real_escape_string( $userID );
- $query = "SELECT `id` FROM acl_users WHERE `id`='$userID'";
- $result = mysql_query( $query );
- $numrows = mysql_num_rows( $result );
- return $numrows;
- }
- function getFlags( $userID ) {
- /* Returns an array of the string flags
- * the user ID has access to.
- *
- */
- $userID = mysql_real_escape_string( $userID );
- if ( !userExists( $userID ) ) {
- // user does not exist
- throw new Exception( $aclErrors[ "USER_NOEXIST" ] );
- }
- $query = "SELECT `flag_name` FROM acl_flags WHERE `user_id`='$userID'";
- $result = mysql_query( $query );
- $numrows = mysql_num_rows( $result );
- // Initialize an empty array for the user's flags
- $flags = array();
- $counter = 0;
- while ( $counter < $numrows ) {
- // Iterate through the flags and add them to an array
- $row = mysql_fetch_row( $result );
- $flagName = $row[ 0 ];
- array_push( $flags, $flagName );
- $counter++;
- }
- return $flags;
- }
- function hasPermission( $userID, $flag ) {
- /* Returns a boolean indicating whether the
- * user ID in question has access to the
- * specified string flag.
- *
- */
- if ( !userExists( $userID ) ) {
- // user does not exist
- throw new Exception( $aclErrors[ "USER_NOEXIST" ] );
- }
- $flags = getFlags( $userID );
- /* Return true if they either have the flag in question
- * or if they possess "carte blanche" (unrestricted access)
- *
- * Otherwise, return false.
- *
- */
- $carteBlanche = in_array( "admin", $flags );
- $authorized = in_array( $flag, $flags );
- return ( $authorized || $carteBlanche );
- }
- function addUser( $username, $password ) {
- /* Adds a user to the ACL.
- * Note that this does not give them any permissive flags.
- * Both arguments are in cleartext.
- *
- */
- if ( usernameExists( $username ) ) {
- // username already exists
- throw new Exception( $aclErrors[ "USER_EXIST" ] );
- }
- $username = mysql_real_escape_string( $username );
- // Generate md5 sum of password
- $passwordHash = md5( $password );
- $query = "INSERT INTO acl_users ( `username`, `password` ) VALUES ( '$username', '$passwordHash' )";
- mysql_query( $query );
- // Tell the user how many rows were affected (should be 1)
- return mysql_affected_rows();
- }
- function deleteUser( $userID ) {
- /* Deletes a user from the ACL,
- * removing any flags they may possess.
- *
- */
- $userID = mysql_real_escape_string( $userID );
- if ( !userExists( $userID ) ) {
- // user ID does not exist
- throw new Exception( $aclErrors[ "USER_EXIST" ] );
- }
- // Clean out their user record...
- $query = "DELETE FROM acl_users WHERE id='$userID'";
- mysql_query( $query );
- // Now delete any permissions they had
- $query = "DELETE FROM acl_flags WHERE user_id='$userID'";
- mysql_query( $query );
- $affected = mysql_affected_rows();
- // Tell us how many flags they lost
- return $affected;
- }
- function grantPermission( $userID, $flag ) {
- /* Adds a certain flag for a user.
- * $userID = the user's ID
- * $flag = a string flag
- *
- * Note that this will check if the user
- * already possesses said flag before adding it.
- */
- $flag = mysql_real_escape_string( $flag );
- $userID = mysql_real_escape_string( $userID );
- // Calling hasPermission here could invoke a USER_NOEXIST error
- if ( hasPermission( $userID, $flag ) ) {
- // User already has flag!
- throw new Exception( $aclErrors[ "FLAG_EXIST" ] );
- }
- // Add this flag to the user
- $query = "INSERT INTO acl_flags ( `user_id`, `flag_name` ) VALUES ( '$userID', '$flag' )";
- mysql_query( $query );
- return mysql_affected_rows();
- }
- function revokePermission( $userID, $flag ) {
- /* Revokes a certain permission flag from a user.
- * $userID = the user's ID
- * $flag = a string flag
- *
- * This will check if the user possesses said flag
- * before attempting to remove it.
- * An error will be thrown if the user does not have
- * said flag.
- *
- */
- $flag = mysql_real_escape_string( $flag );
- $userID = mysql_real_escape_string( $userID );
- // Calling hasPermission here could invoke a USER_NOEXIST error
- if ( !hasPermission( $userID, $flag ) ) {
- // User doesn't possess it in the first place!
- throw new Exception( $aclErrors[ "FLAG_NOEXIST" ] );
- }
- // Remove this flag from the user
- $query = "DELETE FROM acl_flags WHERE user_id='$userID' AND flag_name='$flag'";
- mysql_query( $query );
- return mysql_affected_rows();
- }
- function validateLogin( $username, $password ) {
- /* Validates login credentials.
- * Returns 0 if login fails, otherwise 1.
- *
- */
- $username = mysql_real_escape_string( $username );
- $passwordHash = md5( $password );
- $query = "SELECT id FROM acl_users WHERE username='$username' AND password='$passwordHash'";
- $result = mysql_query( $query );
- $numrows = mysql_num_rows( $result );
- if ( !$numrows ) {
- // user does not exist
- return 0;
- }
- else {
- // user exists; return their ID
- $row = mysql_fetch_row( $result );
- return $row[ 0 ];
- }
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement