Taylor/trojans-trophy-room
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Re-factored "isAdmin" to a more generic "privileges" to store different levels of access

Browse Source
This commit is contained in:
Taylor Courage 2025-03-09 08:39:59 -04:00
parent f71a485b6e
commit 748c476a4b
8 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/index.php
View File

@ -82,7 +82,7 @@ session_start();
} else { // Otherwise we'll show the nav page
if (!isset($_SESSION["userID"])){
echo "<iframe src=\"../login_page.php?redirect=admin\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
} else if (isset($_SESSION["userID"]) && $_SESSION["isAdmin"] == 1) {
} else if (isset($_SESSION["userID"]) && $_SESSION["privileges"] == 1) {
echo "<iframe src=\"admin_nav.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
} else {
echo "<iframe src=\"not_admin.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
@ -93,7 +93,7 @@ session_start();
<div class="subNav">
<?php
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) {
if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
echo "<a href=\"./\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN HOME</a>";
}
?>

14
admin/user_management/add_safe_admin.php
View File

@ -55,14 +55,14 @@
$youtubeLink = $_POST["youtubeLink"];
// Gotta check and make sure the user we're creating is an admin
$isAdmin = 0;
$privileges = 0;
if (filter_has_var(INPUT_POST, "isAdmin")) {
$isAdmin = 1;
if (filter_has_var(INPUT_POST, "privileges")) {
$privileges = 1;
}
// Prepare the query
$insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
$insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
// Bind parameters to the query
$insert->bindParam(":username", $username);
@ -72,7 +72,7 @@
$insert->bindParam(":twitch", $twitch);
$insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin);
$insert->bindParam(":privileges", $privileges);
// Execute
$insert->execute();
@ -87,7 +87,7 @@
// Now add them to the regular users table as well
// Prepare the query
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
// Bind parameters to the query
$insert->bindParam(":username", $username);
@ -97,7 +97,7 @@
$insert->bindParam(":twitch", $twitch);
$insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin);
$insert->bindParam(":privileges", $privileges);
// Execute
$insert->execute();

12
admin/user_management/add_user.php
View File

@ -54,13 +54,13 @@
$youtube = $_POST["youtube"];
$youtubeLink = $_POST["youtubeLink"];
$isAdmin = 0;
$privileges = 0;
if (filter_has_var(INPUT_POST, "isAdmin")) {
$isAdmin = 1;
if (filter_has_var(INPUT_POST, "privileges")) {
$privileges = 1;
}
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
$insert->bindParam(":username", $username);
@ -71,10 +71,10 @@
$insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin);
$insert->bindParam(":privileges", $privileges);
$insert->execute();
if ($isAdmin == 1) {
if ($privileges == 1) {
echo "New admin user \"" . $username . "\" created successfully";
} else {
echo "<div class=userMessage>";

4
admin/user_management/create_safe_admin.php
View File

@ -45,8 +45,8 @@
<div id="extraOptions">
<h4>EXTRA OPTIONS</h4>
<p class="newLine">&nbsp;</p>
<input type="checkbox" id="isAdmin" name="isAdmin" value="isAdmin" class="extraOptions" checked onclick="return false;">
<label for="isAdmin" class="extraOptions">Make administrator?</label>
<input type="checkbox" id="privileges" name="privileges" value="privileges" class="extraOptions" checked onclick="return false;">
<label for="privileges" class="extraOptions">Make administrator?</label>
<p class="newLine">
This is a safe admin. This person will have all of the privileges of a normal administrator,
in addition to surviving database deletes (ONLY THE USER ACCOUNT, any saved game or replay

4
admin/user_management/user_form.php
View File

@ -45,8 +45,8 @@
<div id="extraOptions">
<h4>EXTRA OPTIONS</h4>
<p class="newLine">&nbsp;</p>
<input type="checkbox" id="isAdmin" name="isAdmin" class="extraOptions">
<label for="isAdmin" class="extraOptions">Make administrator?</label>
<input type="checkbox" id="privileges" name="privileges" class="extraOptions">
<label for="privileges" class="extraOptions">Make administrator?</label>
<p class="newLine">An administrator will have FULL access to the administrator panel. In the hands of the wrong user, THIS COULD CAUSE SERIOUS DAMAGE AND IRREPARABLE HARM TO YOUR SERVER! Proceed with caution, and only with those you trust.</p>
<p class="newLine"></p>
</div>

2
index.php
View File

@ -44,7 +44,7 @@ session_start();
echo "<a href=\"/logout.php \" class=\"subNavLink\">LOGOUT</a>";
echo "<a href=\"/admin/data_management/game_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD GAME DETAILS</a>";
// Anything we need to show to logged in admins will be below
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1){
if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1){
echo "<a href=\"/admin/data_management/tourney_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD A TOURNEY</a>";
echo "<a href=\"/admin \" class=\"subNavLink\">ADMIN PANEL</a>";
}

6
login.php
View File

@ -31,7 +31,7 @@ session_start();
$password = $_POST["password"];
// Get SQL data
$sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\"");
$sqlGetData = $conn->prepare("SELECT userID,password,privileges FROM " . $userTableName . " WHERE username=\"" . $username . "\"");
$sqlGetData->execute();
@ -45,7 +45,7 @@ $result = $sqlGetData->fetch(PDO::FETCH_ASSOC);
// Grab the hash from the fetched SQL data
$passwordHash = $result["password"];
$userID = $result["userID"];
$isAdmin = $result["isAdmin"];
$privileges = $result["privileges"];
// Verify that the entered password matches the hashed one
@ -53,7 +53,7 @@ if (password_verify($password, $passwordHash)) {
echo "<p>Welcome $username, please wait while we redirect you...</p>";
$_SESSION["userID"] = $userID;
$_SESSION["username"] = $username;
$_SESSION["isAdmin"] = $isAdmin;
$_SESSION["privileges"] = $privileges;
// Function from StackOverflow used to get the base URL, to which we append
// the redirect (where the user came from)

2
user/user.php
View File

@ -80,7 +80,7 @@ try { // Try opening the SQL database connection
<div class="subNav">
<?php
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) {
if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
echo "<a href=\"/admin/\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN PANEL</a>";
}
?>