Taylor/trojans-trophy-room
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Re-factored "isAdmin" to a more generic "privileges" to store different levels of access

Browse Source
This commit is contained in:
Taylor Courage 2025-03-09 08:39:59 -04:00
parent f71a485b6e
commit 748c476a4b
8 changed files with 24 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
admin/index.php
View File

@ -82,7 +82,7 @@ session_start();
} else { // Otherwise we'll show the nav page } else { // Otherwise we'll show the nav page
if (!isset($_SESSION["userID"])){ if (!isset($_SESSION["userID"])){
echo "<iframe src=\"../login_page.php?redirect=admin\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>"; echo "<iframe src=\"../login_page.php?redirect=admin\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
} else if (isset($_SESSION["userID"]) && $_SESSION["isAdmin"] == 1) { } else if (isset($_SESSION["userID"]) && $_SESSION["privileges"] == 1) {
echo "<iframe src=\"admin_nav.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>"; echo "<iframe src=\"admin_nav.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
} else { } else {
echo "<iframe src=\"not_admin.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>"; echo "<iframe src=\"not_admin.php\" name=\"dataFrame\" class=\"dataFrame\" id=\"dataFrame\" onload=\"resizeIframe(this);\"></iframe>";
@ -93,7 +93,7 @@ session_start();
<div class="subNav"> <div class="subNav">
<?php <?php
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) { if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
echo "<a href=\"./\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN HOME</a>"; echo "<a href=\"./\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN HOME</a>";
} }
?> ?>

14
admin/user_management/add_safe_admin.php
View File

@ -55,14 +55,14 @@
$youtubeLink = $_POST["youtubeLink"]; $youtubeLink = $_POST["youtubeLink"];
// Gotta check and make sure the user we're creating is an admin // Gotta check and make sure the user we're creating is an admin
$isAdmin = 0; $privileges = 0;
if (filter_has_var(INPUT_POST, "isAdmin")) { if (filter_has_var(INPUT_POST, "privileges")) {
$isAdmin = 1; $privileges = 1;
} }
// Prepare the query // Prepare the query
$insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)"); $insert = $conn->prepare("INSERT INTO " . $adminUserTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
// Bind parameters to the query // Bind parameters to the query
$insert->bindParam(":username", $username); $insert->bindParam(":username", $username);
@ -72,7 +72,7 @@
$insert->bindParam(":twitch", $twitch); $insert->bindParam(":twitch", $twitch);
$insert->bindParam(":youtube", $youtube); $insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink); $insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin); $insert->bindParam(":privileges", $privileges);
// Execute // Execute
$insert->execute(); $insert->execute();
@ -87,7 +87,7 @@
// Now add them to the regular users table as well // Now add them to the regular users table as well
// Prepare the query // Prepare the query
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)"); $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
// Bind parameters to the query // Bind parameters to the query
$insert->bindParam(":username", $username); $insert->bindParam(":username", $username);
@ -97,7 +97,7 @@
$insert->bindParam(":twitch", $twitch); $insert->bindParam(":twitch", $twitch);
$insert->bindParam(":youtube", $youtube); $insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink); $insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin); $insert->bindParam(":privileges", $privileges);
// Execute // Execute
$insert->execute(); $insert->execute();

12
admin/user_management/add_user.php
View File

@ -54,13 +54,13 @@
$youtube = $_POST["youtube"]; $youtube = $_POST["youtube"];
$youtubeLink = $_POST["youtubeLink"]; $youtubeLink = $_POST["youtubeLink"];
$isAdmin = 0; $privileges = 0;
if (filter_has_var(INPUT_POST, "isAdmin")) { if (filter_has_var(INPUT_POST, "privileges")) {
$isAdmin = 1; $privileges = 1;
} }
$insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, isAdmin) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :isAdmin)"); $insert = $conn->prepare("INSERT INTO " . $userTableName . " (username, password, discord, discordLink, twitch, youtube, youtubeLink, privileges) VALUES (:username, :password, :discord, :discordLink, :twitch, :youtube, :youtubeLink, :privileges)");
$insert->bindParam(":username", $username); $insert->bindParam(":username", $username);
@ -71,10 +71,10 @@
$insert->bindParam(":youtube", $youtube); $insert->bindParam(":youtube", $youtube);
$insert->bindParam(":youtubeLink", $youtubeLink); $insert->bindParam(":youtubeLink", $youtubeLink);
$insert->bindParam(":isAdmin", $isAdmin); $insert->bindParam(":privileges", $privileges);
$insert->execute(); $insert->execute();
if ($isAdmin == 1) { if ($privileges == 1) {
echo "New admin user \"" . $username . "\" created successfully"; echo "New admin user \"" . $username . "\" created successfully";
} else { } else {
echo "<div class=userMessage>"; echo "<div class=userMessage>";

4
admin/user_management/create_safe_admin.php
View File

@ -45,8 +45,8 @@
<div id="extraOptions"> <div id="extraOptions">
<h4>EXTRA OPTIONS</h4> <h4>EXTRA OPTIONS</h4>
<p class="newLine">&nbsp;</p> <p class="newLine">&nbsp;</p>
<input type="checkbox" id="isAdmin" name="isAdmin" value="isAdmin" class="extraOptions" checked onclick="return false;"> <input type="checkbox" id="privileges" name="privileges" value="privileges" class="extraOptions" checked onclick="return false;">
<label for="isAdmin" class="extraOptions">Make administrator?</label> <label for="privileges" class="extraOptions">Make administrator?</label>
<p class="newLine"> <p class="newLine">
This is a safe admin. This person will have all of the privileges of a normal administrator, This is a safe admin. This person will have all of the privileges of a normal administrator,
in addition to surviving database deletes (ONLY THE USER ACCOUNT, any saved game or replay in addition to surviving database deletes (ONLY THE USER ACCOUNT, any saved game or replay

4
admin/user_management/user_form.php
View File

@ -45,8 +45,8 @@
<div id="extraOptions"> <div id="extraOptions">
<h4>EXTRA OPTIONS</h4> <h4>EXTRA OPTIONS</h4>
<p class="newLine">&nbsp;</p> <p class="newLine">&nbsp;</p>
<input type="checkbox" id="isAdmin" name="isAdmin" class="extraOptions"> <input type="checkbox" id="privileges" name="privileges" class="extraOptions">
<label for="isAdmin" class="extraOptions">Make administrator?</label> <label for="privileges" class="extraOptions">Make administrator?</label>
<p class="newLine">An administrator will have FULL access to the administrator panel. In the hands of the wrong user, THIS COULD CAUSE SERIOUS DAMAGE AND IRREPARABLE HARM TO YOUR SERVER! Proceed with caution, and only with those you trust.</p> <p class="newLine">An administrator will have FULL access to the administrator panel. In the hands of the wrong user, THIS COULD CAUSE SERIOUS DAMAGE AND IRREPARABLE HARM TO YOUR SERVER! Proceed with caution, and only with those you trust.</p>
<p class="newLine"></p> <p class="newLine"></p>
</div> </div>

2
index.php
View File

@ -44,7 +44,7 @@ session_start();
echo "<a href=\"/logout.php \" class=\"subNavLink\">LOGOUT</a>"; echo "<a href=\"/logout.php \" class=\"subNavLink\">LOGOUT</a>";
echo "<a href=\"/admin/data_management/game_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD GAME DETAILS</a>"; echo "<a href=\"/admin/data_management/game_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD GAME DETAILS</a>";
// Anything we need to show to logged in admins will be below // Anything we need to show to logged in admins will be below
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1){ if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1){
echo "<a href=\"/admin/data_management/tourney_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD A TOURNEY</a>"; echo "<a href=\"/admin/data_management/tourney_form.php \" target=\"dataFrame\" class=\"subNavLink\">ADD A TOURNEY</a>";
echo "<a href=\"/admin \" class=\"subNavLink\">ADMIN PANEL</a>"; echo "<a href=\"/admin \" class=\"subNavLink\">ADMIN PANEL</a>";
} }

6
login.php
View File

@ -31,7 +31,7 @@ session_start();
$password = $_POST["password"]; $password = $_POST["password"];
// Get SQL data // Get SQL data
$sqlGetData = $conn->prepare("SELECT userID,password,isAdmin FROM " . $userTableName . " WHERE username=\"" . $username . "\""); $sqlGetData = $conn->prepare("SELECT userID,password,privileges FROM " . $userTableName . " WHERE username=\"" . $username . "\"");
$sqlGetData->execute(); $sqlGetData->execute();
@ -45,7 +45,7 @@ $result = $sqlGetData->fetch(PDO::FETCH_ASSOC);
// Grab the hash from the fetched SQL data // Grab the hash from the fetched SQL data
$passwordHash = $result["password"]; $passwordHash = $result["password"];
$userID = $result["userID"]; $userID = $result["userID"];
$isAdmin = $result["isAdmin"]; $privileges = $result["privileges"];
// Verify that the entered password matches the hashed one // Verify that the entered password matches the hashed one
@ -53,7 +53,7 @@ if (password_verify($password, $passwordHash)) {
echo "<p>Welcome $username, please wait while we redirect you...</p>"; echo "<p>Welcome $username, please wait while we redirect you...</p>";
$_SESSION["userID"] = $userID; $_SESSION["userID"] = $userID;
$_SESSION["username"] = $username; $_SESSION["username"] = $username;
$_SESSION["isAdmin"] = $isAdmin; $_SESSION["privileges"] = $privileges;
// Function from StackOverflow used to get the base URL, to which we append // Function from StackOverflow used to get the base URL, to which we append
// the redirect (where the user came from) // the redirect (where the user came from)

2
user/user.php
View File

@ -80,7 +80,7 @@ try { // Try opening the SQL database connection
<div class="subNav"> <div class="subNav">
<?php <?php
if (isset($_SESSION["isAdmin"]) && $_SESSION["isAdmin"] == 1) { if (isset($_SESSION["privileges"]) && $_SESSION["privileges"] == 1) {
echo "<a href=\"/admin/\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN PANEL</a>"; echo "<a href=\"/admin/\" class=\"subNavLink\" id=\"adminHomeButton\">ADMIN PANEL</a>";
} }
?> ?>