Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //*******************************************************************************************************************************************
- //
- // User object
- //
- //*******************************************************************************************************************************************
- class User {
- public $id = "";
- public $username = "";
- public $password = "";
- public $email = "";
- public $flags = 0;
- public $datecreated = 0;
- public $datedisabled = 0;
- public $daterequested = 0;
- public $datelogin = 0;
- public $resetkey = "";
- public $tfacode = "";
- public $verification = "";
- public $rights = 0;
- public $roles = [];
- public $authtoken = "";
- function __construct($uid = "", $opts = []) {
- if (empty($uid)) return;
- $this->id = $uid;
- $this->populate($opts);
- }
- function getAclPrincipal() {
- $ret = new ACLPrincipal();
- $ret->set($this->id, $this->username);
- return $ret;
- }
- function populate() {
- global $pdo;
- if (empty($this->id)) return;
- $sql = $pdo->prepare("SELECT * FROM users WHERE uid = ?");
- $sql->execute([$this->id]); $row = $sql->fetch(PDO::FETCH_ASSOC);
- if (!$row) return;
- if (empty($row["userobj"])) {
- $this->email = $row["email"];
- $this->username = $row["username"];
- $this->populateRoles();
- return;
- }
- $obj = unserialize($row["userobj"]);
- foreach ((new ReflectionClass("User"))->getProperties() AS $k=>$v) {
- $this->{$v->getName()} = $obj->{$v->getName()};
- }
- }
- function populateRoles() {
- global $pdo;
- if (empty($this->id)) return;
- $this->roles = [];
- $data = getData($pdo, "users_roles", ["criteria"=>["uid = ?"=>$this->id]]);
- foreach ($data AS $rid=>$data) {
- $this->roles[] = new Role($rid);
- }
- }
- function flush() {
- global $pdo;
- if (empty($this->id)) $this->datecreated = time();
- if (empty(password_get_info($this->password)["algo"]) && !empty($this->password)) $this->password = password_hash($this->password, PASSWORD_DEFAULT);
- $data = ["userobj"=>serialize($this)];
- foreach (["username","email"] AS $f) $data[$f] = $this->$f;
- if (empty($this->id)) {
- $this->id = setData($pdo, "users", $data);
- setData($pdo, "users", ["uid"=>$this->id, "userobj"=>serialize($this)]);
- delData($pdo, "users_roles", ["uid = ?"=>$this->id]);
- foreach ($this->roles AS $role) setData($pdo, "roles", ["id"=>$this->id, "rid"=>$role->id]);
- return $this->id;
- }
- $data["uid"] = $this->id;
- setData($pdo, "users", $data);
- delData($pdo, "users_roles", ["id = ?"=>$this->id]);
- foreach ($this->roles AS $role) setData($pdo, "roles", ["id"=>$this->id, "rid"=>$role->id]);
- }
- function hasPermission($perm, $opts = []) {
- $class = array_key_exists("class", $opts) ? $opts["class"] : "Perm";
- $admin = array_key_exists("admin", $opts) ? $opts["admin"] : Perm::Administrator;
- $deny = array_key_exists("deny", $opts) ? $opts["deny"] : Perm::Deny;
- if ($this->rights & $admin) return true;
- if ($this->rights & $deny) return false;
- foreach ($roles AS $role) {
- if ($role->rights & $deny) return false;
- if ($role->rights & $perm) return true;
- }
- if ($this->rights & $perm) return true;
- }
- }
- //*******************************************************************************************************************************************
- //
- // Status files
- //
- //*******************************************************************************************************************************************
- class Status {
- const Invalid = 1;
- const Expired = 2;
- const OK = 4;
- const Aborted = 8;
- const Error = 16;
- const Save = 32;
- }
- //*******************************************************************************************************************************************
- //
- // Flags
- //
- //*******************************************************************************************************************************************
- class Flag {
- const Debug = 1;
- const CookieLogin = 2;
- const Registration = 4;
- const PasswordRetrieval = 8;
- const RequireValidation = 16;
- const ImplementsEmail = 32;
- const ImplementsUsername = 64;
- const ManualAcctApproval = 128;
- const Disabled = 256;
- const NavTop = 512;
- const NavLeft = 1024;
- const Clipboard = 2048;
- const RequireLogin = 4096;
- const AllowEternalCookieLogin = 8192;
- }
- //*******************************************************************************************************************************************
- //
- // Base permission flags
- //
- //*******************************************************************************************************************************************
- class Perm {
- const Read = 1;
- const Add = 2;
- const Edit = 4;
- const Delete = 8;
- const Deny = 16;
- const Administrator = 32;
- }
- //*******************************************************************************************************************************************
- //
- // ACL
- //
- //*******************************************************************************************************************************************
- class ACL {
- public $entries = [];
- function __construct($aclentries = []) {
- foreach ($aclentries AS $aclentry) {
- if (!($aclentry instanceof ACLEntry)) continue;
- $this->entries[] = $aclentry;
- }
- }
- function add($aclentry) {
- $this->entries[] = $aclentry;
- }
- function remove($obj) {
- if ($obj instanceof ACLEntry) {
- }
- for ($x=0; $x<count($this->entries); $x++) {
- if ($this->entries[$x]->principal != $obj) continue;
- unset($this->entries[$x]);
- break;
- }
- }
- function getPermission($principal, $deny = -1) {
- global $cfg;
- $primary = 0; $anon = 0; $deny = $deny == -1 ? Perm::Deny : $deny;
- $principal = $principal instanceof User ? $principal->getAclPrincipal() : ($principal == null ? new ACLPrincipal(-1) : $principal);
- foreach ($this->entries AS $entry) {
- if ($entry->principal instanceof ACLPrincipal) {
- if ($entry->principal->id == -1) {
- $anon = $entry->rights;
- continue;
- }
- if ($entry->principal->id != $principal->id) continue;
- $primary = $entry->rights;
- }
- }
- return $primary & $deny ? 0 : (empty($primary) ? $anon : $primary);
- }
- function zhasPermission($principal, $permission, $opts = []) {
- $class = array_key_exists("class", $opts) ? $opts["class"] : "Perm";
- $deny = array_key_exists("deny", $opts) ? $opts["deny"] : Perm::Deny;
- $rights = $this->getPermission($principal);
- }
- function hasPermission($principal, $permission, $opts = []) {
- global $cfg;
- $admin = array_key_exists("admin", $opts) ? $opts["admin"] : Perm::Administrator;
- $deny = array_key_exists("deny", $opts) ? $opts["deny"] : Perm::Deny;
- $rights = $this->getPermission($principal);
- if ($admin > -1 && $principal != null && $principal->hasPermission($admin)) return true;
- if (!($principal instanceof ACLRole) && $principal != null) {
- $user = $principal instanceof User ? $principal : new User($principal->id);
- if ($user instanceof User && count($user->roles) > 0) {
- foreach ($user->roles AS $r) {
- $rolerights = $this->getPermission($r);
- if ($rolerights & $deny) return false;
- if (isset($cfg) && array_key_exists("perm.inheritance", $cfg) && array_key_exists($permission, $cfg["perm.inheritance"])) {
- foreach ($cfg["perm.inheritance"][$permission] AS $ir) {
- $rolerights = getEnabledBitwise("SitePerms", [$rolerights, $ir]);
- }
- }
- if ($admin > 0 && ($rolerights & $admin)) return true;
- $rights = $rolerights & $permission;
- }
- }
- }
- return $rights & $deny ? false : $rights & $permission;
- }
- }
- //*******************************************************************************************************************************************
- //
- // Entry object. Holds a principal and its permissions
- //
- //*******************************************************************************************************************************************
- class ACLEntry {
- public $principal;
- public $rights = 0;
- function __construct($principal = "", $rights = 0) {
- if (empty($principal)) return;
- if (!($principal instanceof ACLPrincipal)) showError("Cannot add a non-ACL based principal to an ACLEntry!", true);
- if (empty($principal->id)) showError("Attempted to add an empty principal!", true);
- $this->principal = $principal;
- $this->rights = $rights;
- }
- function set($principal, $rights) {
- if (!($principal instanceof ACLPrincipal)) showError("Cannot add a non-ACL based principal to an ACLEntry!", true);
- $this->principal = $principal;
- $this->rights = $rights;
- }
- }
- //*******************************************************************************************************************************************
- //
- // Principal, typically a user but also the base for a role
- //
- //*******************************************************************************************************************************************
- class ACLPrincipal {
- public $id;
- public $name;
- function __construct($id = 0, $name = "") {
- global $cfg;
- if (empty($id)) return;
- if ($id == -1) {
- $this->id = array_key_exists("anonkey", $cfg) ? $cfg["anonkey"] : "-1";
- $this->name = array_key_exists("anondisp", $cfg) ? $cfg["anondisp"] : "(Anonymous)";
- return;
- }
- if ($id == -2) {
- $this->id = array_key_exists("authkey", $cfg) ? $cfg["authkey"] : "-2";
- $this->name = array_key_exists("authdisp", $cfg) ? $cfg["authdisp"] : "(Authenticated User)";
- return;
- }
- $this->id = $id;
- $this->name = $name;
- }
- function set($id, $name) {
- $this->id = $id;
- $this->name = $name;
- }
- function hasPermission($perm, $opts = []) {
- global $cfg;
- $anon = array_key_exists("anonkey", $cfg) ? $cfg["anonkey"] : "-1";
- $auth = array_key_exists("authkey", $cfg) ? $cfg["authkey"] : "-2";
- if ($this->id == $anon || $this->id == $auth) return false;
- $user = new User($this->id);
- if ($user == null) return false;
- return $user->hasPermission($perm, $opts);
- }
- }
- //*******************************************************************************************************************************************
- //
- // A principal that is specifically for a group
- //
- //*******************************************************************************************************************************************
- class ACLRole extends ACLPrincipal {
- public $rights = 0;
- public $datecreated = 0;
- public $createdby = 0;
- function __construct($id = "") {
- if (empty($id)) return;
- if (is_numeric($id)) {
- $this->id = $id;
- } else {
- $this->name = $id;
- }
- $this->populate();
- }
- function set($id, $name) {
- $this->id = $id;
- $this->name = $name;
- }
- function populate() {
- global $pdo;
- if (!empty($this->id)) {
- $sql = $pdo->prepare("SELECT * FROM roles WHERE rid = ?");
- $sql->execute([$this->id]);
- } else if (!empty($this->name)) {
- $sql = $pdo->prepare("SELECT * FROM roles WHERE rolename = ?");
- $sql->execute([$this->name]);
- } else {
- showError("Attempting to populate an invalid role!", true);
- }
- $row = $sql->fetch(PDO::FETCH_ASSOC);
- if (!$row) return;
- $this->id = $row["rid"];
- $this->name = $row["rolename"];
- $this->rights = $row["rights"];
- $this->datecreated = $row["datecreated"];
- $this->createdby = $row["createdby"];
- }
- function flush() {
- global $pdo;
- if (!isset($_SESSION["user"])) showError("Could not flush role; no valid user logged in!", true);
- if (empty($this->id)) {
- $sql = $pdo->prepare("INSERT INTO roles (rolename, rights, datecreated, createdby) VALUES (?, ?, NOW(), ?)");
- $sql->execute([$this->name, $this->rights, $_SESSION["user"]->id]);
- $this->id = lastID($pdo, "roles");
- return;
- }
- $sql = $pdo->prepare("UPDATE roles SET rolename = ?, rights = ? WHERE rid = ?");
- $sql->execute([$this->name, $this->rights, $this->id]);
- }
- }
- //*******************************************************************************************************************************************
- //
- // Honestly, I can't remember why I still have this when I have the ACLRole object lol
- //
- //*******************************************************************************************************************************************
- class Role {
- public $id = 0;
- public $name = "";
- public $rights = 0;
- public $datecreated = 0;
- public $createdby = 0;
- function __construct($id = null) {
- if (empty($id)) return;
- $this->populate($id);
- }
- function set($id, $name, $rights, $datecreated, $createdby) {
- $this->id = $id;
- $this->name = $name;
- $this->rights = $rights;
- $this->datecreated = $datecreated;
- $this->createdby = $createdby;
- }
- function getCreatedDate() {
- if (empty($this->datecreated)) return "Unknown";
- return date("m/d/Y @ g:i A", strtotime($this->datecreated));
- }
- function getCreatedBy() {
- $system = new User();
- $system->id = 0;
- $system->username = "System Account";
- if ($this->createdby == 0) return $system;
- $tmp = getUserObject(["uid"=>$this->createdby]);
- return $tmp == null ? $system : $tmp;
- }
- function populate($id) {
- global $pdo;
- if (empty($id)) return;
- if (is_array($id)) {
- foreach (["rid","rolename","rights","datecreated","createdby"] AS $f) {
- if (!array_key_exists($f, $id)) errorMsg("Failed to populate role - missing field(s)! ($f)");
- }
- } else {
- $id = getData($pdo, "roles", ["criteria"=>["rid = ?"=>$id], "onlyone"=>true]);
- if (count($id) == 0) return;
- }
- $this->id = $id["rid"];
- $this->name = $id["rolename"];
- $this->rights = $id["rights"];
- $this->datecreated = strtotime($id["datecreated"]);
- $this->createdby = $id["createdby"];
- }
- function flush() {
- global $pdo;
- if (empty($this->id)) {
- if (empty($this->name)) return null;
- $sql = $pdo->prepare("INSERT INTO roles (rolename, rights, datecreated, createdby) VALUES (?, ?, NOW(), ?)");
- $sql->execute([$this->name, $this->rights, isset($_SESSION["user"]) ? $_SESSION["user"]->id : 0]);
- $sql = $pdo->query("SELECT LAST_INSERT_ID() AS newid FROM roles");
- $row = $sql->fetch(PDO::FETCH_ASSOC);
- $this->id = $row["newid"];
- $_SESSION["rolecache"][$this->id] = $this;
- return $this->id;
- }
- $sql = $pdo->prepare("UPDATE roles SET rolename = ?, rights = ? WHERE rid = ?");
- $sql->execute([$this->name, $this->rights, $this->id]);
- }
- }
Add Comment
Please, Sign In to add comment