diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/accounts.php | 14 | ||||
| -rw-r--r-- | src/config.php | 6 | ||||
| -rw-r--r-- | src/partials.php | 26 |
3 files changed, 34 insertions, 12 deletions
diff --git a/src/accounts.php b/src/accounts.php index 87c8ef0..f97998a 100644 --- a/src/accounts.php +++ b/src/accounts.php @@ -41,6 +41,19 @@ function authorize_user(bool $required = false): bool $stmt = $db->prepare("UPDATE users SET last_active_at = UTC_TIMESTAMP WHERE id = ?"); $stmt->execute([$row["id"]]); + + // fetching role + $stmt = $db->prepare("SELECT * FROM roles r + INNER JOIN role_assigns ra ON ra.user_id = ? + WHERE r.id = ra.role_id + "); + $stmt->execute([$row["id"]]); + + $_SESSION["user_role"] = null; + + if ($role_row = $stmt->fetch(PDO::FETCH_ASSOC)) { + $_SESSION["user_role"] = $role_row; + } } else { session_regenerate_id(); session_unset(); @@ -61,5 +74,6 @@ function authorize_user(bool $required = false): bool } $db = null; + $stmt = null; return isset($_SESSION["user_name"]); }
\ No newline at end of file diff --git a/src/config.php b/src/config.php index 2752566..3f4c52d 100644 --- a/src/config.php +++ b/src/config.php @@ -8,4 +8,8 @@ define("DB_URL", "mysql:host=localhost;dbname=tinyemotes;port=3306"); define("RATING_NAMES", [ "-1" => "COAL", "1" => "GEM", -]);
\ No newline at end of file +]); + +// UPLOADS +define("ANONYMOUS_UPLOAD", false); +define("ANONYMOUS_DEFAULT_NAME", "chud");
\ No newline at end of file diff --git a/src/partials.php b/src/partials.php index 2e7ee56..0b21b50 100644 --- a/src/partials.php +++ b/src/partials.php @@ -11,7 +11,9 @@ function html_navigation_bar() <a href="/emotes" class="button">Emotes</a> <a href="/emotesets.php" class="button">Emotesets</a> <a href="/users.php" class="button">Users</a> - <a href="/emotes/upload.php" class="button">Upload</a> + <?php if (ANONYMOUS_UPLOAD || (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_upload"])) { + echo '<a href="/emotes/upload.php" class="button">Upload</a>'; + } ?> <a href="/account" class="button">Account</a> <?php if (isset($_SESSION["user_id"])) { @@ -28,18 +30,20 @@ function html_navigation_bar() <?php ; $stmt = null; - // getting reports - $stmt = $db->prepare("SELECT COUNT(*) FROM reports WHERE sender_id = ? AND resolved_by IS NULL"); - $stmt->execute([$_SESSION["user_id"]]); - $unread_count = intval($stmt->fetch()[0]); - echo '' ?> - <a href="/report/list.php" class="button"> - Reports <?php echo $unread_count > 0 ? "($unread_count)" : "" ?> - </a> - <?php ; - $stmt = null; + if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_report"]) { + // getting reports + $stmt = $db->prepare("SELECT COUNT(*) FROM reports WHERE sender_id = ? AND resolved_by IS NULL"); + $stmt->execute([$_SESSION["user_id"]]); + $unread_count = intval($stmt->fetch()[0]); + echo '' ?> + <a href="/report/list.php" class="button"> + Reports <?php echo $unread_count > 0 ? "($unread_count)" : "" ?> + </a> + <?php ; + } + $stmt = null; $db = null; } ?> |