111 lines
3.4 KiB
PHP
111 lines
3.4 KiB
PHP
<?php
|
|
class UserAuth
|
|
{
|
|
public static function getUser()
|
|
{
|
|
global $c;
|
|
try
|
|
{
|
|
$strToken = Cookie::get("token");
|
|
|
|
if ($strToken !== null)
|
|
if (strlen($strToken) > 0)
|
|
{
|
|
$varSessions = $c->query(
|
|
"SELECT *
|
|
from sessions as s
|
|
join users as u on u.username = s.username
|
|
where
|
|
s.token = ?
|
|
and (
|
|
s.expires is null
|
|
or s.expires > current_timestamp
|
|
)",
|
|
$strToken);
|
|
|
|
if (count($varSessions) == 1)
|
|
return $varSessions[0];
|
|
}
|
|
}
|
|
catch (Exception $x) {}
|
|
return null;
|
|
}
|
|
|
|
public static function has($strColumnName)
|
|
{
|
|
global $c;
|
|
$varUser = UserAuth::getUser();
|
|
|
|
if ($varUser == null)
|
|
return false;
|
|
|
|
if (array_key_exists($strColumnName, $varUser))
|
|
if (intval($varUser[$strColumnName]) > 0)
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
public static function require($strColumnName)
|
|
{
|
|
if (!UserAuth::has($strColumnName))
|
|
{
|
|
PageRender::message("You do not have permission to do that, please sign into an account that does.", "warning");
|
|
Respond::redirect("/user/signin");
|
|
}
|
|
}
|
|
|
|
public static function visible($strVisibility)
|
|
{
|
|
global $c;
|
|
|
|
if (UserAuth::has("is_admin"))
|
|
return true;
|
|
|
|
$varUser = UserAuth::getUser();
|
|
$strUsername = $varUser["username"] ?? null;
|
|
$varRegex = [
|
|
["/user/i", ($varUser == null)],
|
|
["/admin/i", (!UserAuth::has("is_admin"))],
|
|
];
|
|
|
|
// Support arrays with username and visibility keys:
|
|
if (is_array($strVisibility))
|
|
{
|
|
if (array_key_exists("username", $strVisibility))
|
|
if ($strVisibility["username"] == $strUsername)
|
|
return true;
|
|
|
|
if (!array_key_exists("visibility", $strVisibility))
|
|
return false;
|
|
|
|
$strVisibility = $strVisibility["visibility"];
|
|
}
|
|
|
|
if ($strVisibility == null)
|
|
$strVisibility = "";
|
|
|
|
// Handle hiding the post from non-admins:
|
|
if (preg_match("/^(admin|hid(e|den)|invisible|no(ne|body)|private)$/i", $strVisibility))
|
|
return false;
|
|
|
|
if (preg_match("/{$strUsername}/i", $strVisibility)) return true;
|
|
|
|
// Handle showing the post to everyone:
|
|
if (preg_match("/^(|(every|any)(body|one))|all|public)$/i", $strVisibility))
|
|
return true;
|
|
|
|
$intExit = 0;
|
|
|
|
foreach ($varRegex as $re)
|
|
if (preg_match($re[0], $strVisibility))
|
|
if ($re[1])
|
|
$intExit = 1;
|
|
|
|
if ($intExit == 1)
|
|
return false;
|
|
return true;
|
|
}
|
|
}
|
|
?>
|