154 lines
4.9 KiB
PHP
154 lines
4.9 KiB
PHP
<?php
|
|
global $c;
|
|
|
|
$intInitialize = 1;
|
|
if (!file_exists("sqlite.db"))
|
|
$intInitialize = 1;
|
|
|
|
$c = new DatabaseConnection(
|
|
"sqlite",
|
|
"sqlite.db");
|
|
|
|
if ($intInitialize == 1)
|
|
{
|
|
$c->query(
|
|
"CREATE table if not exists globals (
|
|
id integer primary key autoincrement,
|
|
global text not null,
|
|
content text not null)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists credentials (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
hash text not null)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists users (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
user_name text not null,
|
|
display_name text not null)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists sessions (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
token text not null,
|
|
expires timestamp null)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists permissions (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
permission text not null)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists links (
|
|
id integer primary key autoincrement,
|
|
label text not null,
|
|
url text not null,
|
|
icon text not null,
|
|
position text not null,
|
|
sort integer not null default 0)");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists posts (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
path text not null,
|
|
content text not null,
|
|
created timestamp not null default current_timestamp,
|
|
updated timestamp not null default current_timestamp,
|
|
sort integer not null default 0)");
|
|
|
|
$varLinks = $c->query("SELECT * from links");
|
|
|
|
if (count($varLinks) < 1)
|
|
{
|
|
$c->query(
|
|
"INSERT into links (label, url, icon, position)
|
|
values
|
|
('Home', '/', 'home', 'navbar'),
|
|
('Post', '/post?to=/', 'edit', 'navbar'),
|
|
('Links', '/edit/links', 'link', 'navbar'),
|
|
('Go home', '/', 'home', 'sidebar'),
|
|
('Copyright © 2025 Your Company.', '/', 'home', 'footer')");
|
|
}
|
|
|
|
}
|
|
|
|
|
|
class UserAuth
|
|
{
|
|
public static function getUser()
|
|
{
|
|
global $c;
|
|
try
|
|
{
|
|
$strToken = Cookie::get("token");
|
|
|
|
if ($strToken !== null)
|
|
if (strlen($strToken) > 0)
|
|
{
|
|
$varSessions = $c->query(
|
|
"SELECT
|
|
u.*,
|
|
c.*,
|
|
s.*
|
|
from sessions as s
|
|
join credentials as c on c.email = s.email
|
|
left join users as u on u.email = s.email
|
|
where
|
|
s.token = ?
|
|
and (
|
|
s.expires is null
|
|
or s.expires > current_timestamp
|
|
)",
|
|
$strToken);
|
|
|
|
if (count($varSessions) == 1)
|
|
return $varSessions[0];
|
|
}
|
|
}
|
|
catch (Exception $x) {}
|
|
return null;
|
|
}
|
|
|
|
public static function hasPermission($strPermission)
|
|
{
|
|
global $c;
|
|
$varUser = UserAuth::getUser();
|
|
|
|
if ($varUser == null)
|
|
return false;
|
|
|
|
$varPermissions = $c->query(
|
|
"SELECT *
|
|
from permissions
|
|
where
|
|
email like ?
|
|
and (
|
|
permission like ?
|
|
or permission like '*'
|
|
)",
|
|
$varUser["email"],
|
|
$strPermission);
|
|
|
|
if (count($varPermissions) > 0)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function requirePermission($strPermission)
|
|
{
|
|
if (!UserAuth::hasPermission($strPermission))
|
|
{
|
|
BootstrapRender::message("You do not have permission to do that, please sign into an account that does.", "warning");
|
|
Respond::redirect("/user/signin");
|
|
}
|
|
}
|
|
}
|
|
?>
|