From 748c476a4bfab0026119a534eaaf55ba967a1daa Mon Sep 17 00:00:00 2001
From: Taylor Courage <taylorjamescourage@gmail.com>
Date: Sun, 9 Mar 2025 08:39:59 -0400
Subject: [PATCH] Re-factored "isAdmin" to a more generic "privileges" to store
 different levels of access

---
 admin/index.php                             |  4 ++--
 admin/user_management/add_safe_admin.php    | 14 +++++++-------
 admin/user_management/add_user.php          | 12 ++++++------
 admin/user_management/create_safe_admin.php |  4 ++--
 admin/user_management/user_form.php         |  4 ++--
 index.php                                   |  2 +-
 login.php                                   |  6 +++---
 user/user.php                               |  2 +-
 8 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/admin/index.php b/admin/index.php
index 5697c5a..4d91c7c 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -82,7 +82,7 @@ session_start();
             } else { // Otherwise we'll show the nav page
                 if (!isset($_SESSION["userID"])){
                     echo "<iframe src=\"../login_page.php?redirect=admin\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
-                } else if (isset($_SESSION["userID"]) && $_SESSION["isAdmin"] == 1) {
+                } else if (isset($_SESSION["userID"]) && $_SESSION["privileges"] == 1) {
                     echo "<iframe src=\"admin_nav.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
                 } else {
                     echo "<iframe src=\"not_admin.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
@@ -93,7 +93,7 @@ session_start();
             
             <div class="subNav">
                 <?php
-                if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) {
+                if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
                     echo "<a href=\"./\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN HOME</a>";
                 }
                 ?>
diff --git a/admin/user_management/add_safe_admin.php b/admin/user_management/add_safe_admin.php
index a89773a..2dee68f 100644
--- a/admin/user_management/add_safe_admin.php
+++ b/admin/user_management/add_safe_admin.php
@@ -55,14 +55,14 @@
     $youtubeLink = $_POST["youtubeLink"];
 
     // Gotta check and make sure the user we're creating is an admin
-    $isAdmin = 0;
+    $privileges = 0;
 
-    if (filter_has_var(INPUT_POST, "isAdmin")) {
-      $isAdmin = 1;
+    if (filter_has_var(INPUT_POST, "privileges")) {
+      $privileges = 1;
     }
 
     // Prepare the query
-    $insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
+    $insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
 
     // Bind parameters to the query
     $insert->bindParam(":username", $username);
@@ -72,7 +72,7 @@
     $insert->bindParam(":twitch", $twitch);
     $insert->bindParam(":youtube", $youtube);
     $insert->bindParam(":youtubeLink", $youtubeLink);
-    $insert->bindParam(":isAdmin", $isAdmin);
+    $insert->bindParam(":privileges", $privileges);
 
     // Execute
     $insert->execute();
@@ -87,7 +87,7 @@
     
       // Now add them to the regular users table as well
       // Prepare the query
-      $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
+      $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
 
       // Bind parameters to the query
       $insert->bindParam(":username", $username);
@@ -97,7 +97,7 @@
       $insert->bindParam(":twitch", $twitch);
       $insert->bindParam(":youtube", $youtube);
       $insert->bindParam(":youtubeLink", $youtubeLink);
-      $insert->bindParam(":isAdmin", $isAdmin);
+      $insert->bindParam(":privileges", $privileges);
 
       // Execute
       $insert->execute();
diff --git a/admin/user_management/add_user.php b/admin/user_management/add_user.php
index 0288050..914afea 100644
--- a/admin/user_management/add_user.php
+++ b/admin/user_management/add_user.php
@@ -54,13 +54,13 @@
     $youtube = $_POST["youtube"];
     $youtubeLink = $_POST["youtubeLink"];
 
-    $isAdmin = 0;
+    $privileges = 0;
 
-    if (filter_has_var(INPUT_POST, "isAdmin")) {
-      $isAdmin = 1;
+    if (filter_has_var(INPUT_POST, "privileges")) {
+      $privileges = 1;
     }
 
-    $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)");
+    $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
 
 
     $insert->bindParam(":username", $username);
@@ -71,10 +71,10 @@
     $insert->bindParam(":youtube", $youtube);
     $insert->bindParam(":youtubeLink", $youtubeLink);
 
-    $insert->bindParam(":isAdmin", $isAdmin);
+    $insert->bindParam(":privileges", $privileges);
 
     $insert->execute();
-    if ($isAdmin == 1) {
+    if ($privileges == 1) {
       echo "New admin user \"" . $username . "\" created successfully";
     } else {
       echo "<div class=userMessage>";
diff --git a/admin/user_management/create_safe_admin.php b/admin/user_management/create_safe_admin.php
index 6edcbe9..abad5af 100644
--- a/admin/user_management/create_safe_admin.php
+++ b/admin/user_management/create_safe_admin.php
@@ -45,8 +45,8 @@
                 <div id="extraOptions">
                     <h4>EXTRA OPTIONS</h4>
                     <p class="newLine">&nbsp;</p>
-                    <input type="checkbox" id="isAdmin" name="isAdmin" value="isAdmin" class="extraOptions" checked  onclick="return false;">
-                    <label for="isAdmin" class="extraOptions">Make administrator?</label>
+                    <input type="checkbox" id="privileges" name="privileges" value="privileges" class="extraOptions" checked  onclick="return false;">
+                    <label for="privileges" class="extraOptions">Make administrator?</label>
                     <p class="newLine">
                     This is a safe admin. This person will have all of the privileges of a normal administrator, 
                     in addition to surviving database deletes (ONLY THE USER ACCOUNT, any saved game or replay 
diff --git a/admin/user_management/user_form.php b/admin/user_management/user_form.php
index 514eefb..cdf4ae8 100644
--- a/admin/user_management/user_form.php
+++ b/admin/user_management/user_form.php
@@ -45,8 +45,8 @@
                 <div id="extraOptions">
                     <h4>EXTRA OPTIONS</h4>
                     <p class="newLine">&nbsp;</p>
-                    <input type="checkbox" id="isAdmin" name="isAdmin" class="extraOptions">
-                    <label for="isAdmin" class="extraOptions">Make administrator?</label>
+                    <input type="checkbox" id="privileges" name="privileges" class="extraOptions">
+                    <label for="privileges" class="extraOptions">Make administrator?</label>
                     <p class="newLine">An administrator will have FULL access to the administrator panel. In the hands of the wrong user, THIS COULD CAUSE SERIOUS DAMAGE AND IRREPARABLE HARM TO YOUR SERVER! Proceed with caution, and only with those you trust.</p>
                     <p class="newLine"></p>
                 </div>
diff --git a/index.php b/index.php
index b58fea0..5b10e7b 100644
--- a/index.php
+++ b/index.php
@@ -44,7 +44,7 @@ session_start();
                     echo "<a href=\"/logout.php \" class=\"subNavLink\">LOGOUT</a>";
                     echo "<a href=\"/admin/data_management/game_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD GAME DETAILS</a>";
                     // Anything we need to show to logged in admins will be below
-                    if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1){
+                    if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1){
                         echo "<a href=\"/admin/data_management/tourney_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD A TOURNEY</a>";
                         echo "<a href=\"/admin \" class=\"subNavLink\">ADMIN PANEL</a>";
                     }
diff --git a/login.php b/login.php
index a7ca596..8db00a8 100644
--- a/login.php
+++ b/login.php
@@ -31,7 +31,7 @@ session_start();
     $password = $_POST["password"];
 
     // Get SQL data
-    $sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\"");
+    $sqlGetData = $conn->prepare("SELECT userID,password,privileges FROM " . $userTableName . " WHERE username=\"" . $username . "\"");
 
     $sqlGetData->execute();
     
@@ -45,7 +45,7 @@ $result = $sqlGetData->fetch(PDO::FETCH_ASSOC);
   // Grab the hash from the fetched SQL data
 $passwordHash = $result["password"];
 $userID = $result["userID"];
-$isAdmin = $result["isAdmin"];
+$privileges = $result["privileges"];
 
 
 // Verify that the entered password matches the hashed one
@@ -53,7 +53,7 @@ if (password_verify($password, $passwordHash)) {
     echo "<p>Welcome $username, please wait while we redirect you...</p>";
     $_SESSION["userID"] = $userID;
     $_SESSION["username"] = $username;
-    $_SESSION["isAdmin"] = $isAdmin;
+    $_SESSION["privileges"] = $privileges;
 
     // Function from StackOverflow used to get the base URL, to which we append
     // the redirect (where the user came from)
diff --git a/user/user.php b/user/user.php
index ed747ae..d79afcc 100644
--- a/user/user.php
+++ b/user/user.php
@@ -80,7 +80,7 @@ try {  // Try opening the SQL database connection
                       
             <div class="subNav">
                 <?php
-                if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) {
+                if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
                     echo "<a href=\"/admin/\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN PANEL</a>";
                 }
                 ?>