124 lines
3.8 KiB
PHP
124 lines
3.8 KiB
PHP
<?php
|
|
global $c;
|
|
|
|
$c = new DatabaseConnection(
|
|
"sqlite",
|
|
"sqlite.db");
|
|
|
|
$c->query(
|
|
"CREATE table if not exists links (
|
|
id integer primary key autoincrement,
|
|
label text not null,
|
|
url text not null,
|
|
icon text not null,
|
|
position text not null,
|
|
sort integer not null default 0)");
|
|
|
|
$varLinks = $c->query("SELECT * from links");
|
|
|
|
if (count($varLinks) < 1)
|
|
{
|
|
$c->query(
|
|
"INSERT into links (label, url, icon, position)
|
|
values
|
|
('Home', '/', 'home', 'navbar'),
|
|
('Post', '/edit', 'edit', 'navbar'),
|
|
('Links', '/edit/links', 'link', 'navbar'),
|
|
('Go home', '/', 'home', 'sidebar'),
|
|
('Copyright © 2025 Your Company.', '/', 'home', 'footer')");
|
|
}
|
|
|
|
|
|
class UserAuth
|
|
{
|
|
public static function getUser()
|
|
{
|
|
global $c;
|
|
try
|
|
{
|
|
$strToken = Cookie::get("token");
|
|
|
|
if ($strToken !== null)
|
|
if (strlen($strToken) > 0)
|
|
{
|
|
$varTokenUsers = $c->query(
|
|
"SELECT *
|
|
from tokens as t
|
|
join user as u on u.email = t.email
|
|
where
|
|
t.token = ?
|
|
and (
|
|
t.expires is null
|
|
or t.expires > current_timestamp
|
|
)",
|
|
$strToken);
|
|
|
|
$varUser = null;
|
|
|
|
if (count($varTokenUsers) == 1)
|
|
$varUser = $varTokenUsers[0];
|
|
else return null;
|
|
|
|
try
|
|
{
|
|
$varUserDetails = $c->query(
|
|
"SELECT *
|
|
from user_info as ui
|
|
where
|
|
ui.email = ?",
|
|
$varUser["email"]);
|
|
|
|
if (count($varUserDetails) == 1)
|
|
$varUser = array_merge($varUser, $varUserDetails[0]);
|
|
}
|
|
catch (Exception $x) {}
|
|
return $varUser;
|
|
}
|
|
}
|
|
catch (Exception $x) {}
|
|
return null;
|
|
}
|
|
|
|
public static function hasPermission($strPermission)
|
|
{
|
|
global $c;
|
|
$varUser = UserAuth::getUser();
|
|
|
|
if ($varUser == null)
|
|
return false;
|
|
|
|
$c->query(
|
|
"CREATE table if not exists permission (
|
|
id integer primary key autoincrement,
|
|
email text not null,
|
|
name text not null)");
|
|
|
|
$varPermissions = $c->query(
|
|
"SELECT *
|
|
from permission
|
|
where
|
|
email like ?
|
|
and (
|
|
name like ?
|
|
or name like '*'
|
|
)",
|
|
$varUser["email"],
|
|
$strPermission);
|
|
|
|
if (count($varPermissions) > 0)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function requirePermission($strPermission)
|
|
{
|
|
if (!UserAuth::hasPermission($strPermission))
|
|
{
|
|
BootstrapRender::message("You do not have permission to do that, please sign into an account that does.", "warning");
|
|
Respond::redirect("/user/signin");
|
|
}
|
|
}
|
|
}
|
|
?>
|