From 9f1906c4cbb9878c5888723b7923fa8e4bebb51f Mon Sep 17 00:00:00 2001
From: ilotterytea <iltsu@alright.party>
Date: Sun, 27 Apr 2025 21:12:02 +0500
Subject: feat: roles

---
 src/accounts.php | 14 ++++++++++++++
 src/config.php   |  6 +++++-
 src/partials.php | 26 +++++++++++++++-----------
 3 files changed, 34 insertions(+), 12 deletions(-)

(limited to 'src')

diff --git a/src/accounts.php b/src/accounts.php
index 87c8ef0..f97998a 100644
--- a/src/accounts.php
+++ b/src/accounts.php
@@ -41,6 +41,19 @@ function authorize_user(bool $required = false): bool
 
         $stmt = $db->prepare("UPDATE users SET last_active_at = UTC_TIMESTAMP WHERE id = ?");
         $stmt->execute([$row["id"]]);
+
+        // fetching role
+        $stmt = $db->prepare("SELECT * FROM roles r
+        INNER JOIN role_assigns ra ON ra.user_id = ?
+        WHERE r.id = ra.role_id
+        ");
+        $stmt->execute([$row["id"]]);
+
+        $_SESSION["user_role"] = null;
+
+        if ($role_row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+            $_SESSION["user_role"] = $role_row;
+        }
     } else {
         session_regenerate_id();
         session_unset();
@@ -61,5 +74,6 @@ function authorize_user(bool $required = false): bool
     }
 
     $db = null;
+    $stmt = null;
     return isset($_SESSION["user_name"]);
 }
\ No newline at end of file
diff --git a/src/config.php b/src/config.php
index 2752566..3f4c52d 100644
--- a/src/config.php
+++ b/src/config.php
@@ -8,4 +8,8 @@ define("DB_URL", "mysql:host=localhost;dbname=tinyemotes;port=3306");
 define("RATING_NAMES", [
     "-1" => "COAL",
     "1" => "GEM",
-]);
\ No newline at end of file
+]);
+
+// UPLOADS
+define("ANONYMOUS_UPLOAD", false);
+define("ANONYMOUS_DEFAULT_NAME", "chud");
\ No newline at end of file
diff --git a/src/partials.php b/src/partials.php
index 2e7ee56..0b21b50 100644
--- a/src/partials.php
+++ b/src/partials.php
@@ -11,7 +11,9 @@ function html_navigation_bar()
             <a href="/emotes" class="button">Emotes</a>
             <a href="/emotesets.php" class="button">Emotesets</a>
             <a href="/users.php" class="button">Users</a>
-            <a href="/emotes/upload.php" class="button">Upload</a>
+            <?php if (ANONYMOUS_UPLOAD || (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_upload"])) {
+                echo '<a href="/emotes/upload.php" class="button">Upload</a>';
+            } ?>
             <a href="/account" class="button">Account</a>
             <?php
             if (isset($_SESSION["user_id"])) {
@@ -28,18 +30,20 @@ function html_navigation_bar()
                 <?php ;
                 $stmt = null;
 
-                // getting reports
-                $stmt = $db->prepare("SELECT COUNT(*) FROM reports WHERE sender_id = ? AND resolved_by IS NULL");
-                $stmt->execute([$_SESSION["user_id"]]);
-                $unread_count = intval($stmt->fetch()[0]);
-                echo '' ?>
-                <a href="/report/list.php" class="button">
-                    Reports <?php echo $unread_count > 0 ? "($unread_count)" : "" ?>
-                </a>
-                <?php ;
-                $stmt = null;
+                if (isset($_SESSION["user_role"]) && $_SESSION["user_role"]["permission_report"]) {
+                    // getting reports
+                    $stmt = $db->prepare("SELECT COUNT(*) FROM reports WHERE sender_id = ? AND resolved_by IS NULL");
+                    $stmt->execute([$_SESSION["user_id"]]);
+                    $unread_count = intval($stmt->fetch()[0]);
 
+                    echo '' ?>
+                    <a href="/report/list.php" class="button">
+                        Reports <?php echo $unread_count > 0 ? "($unread_count)" : "" ?>
+                    </a>
+                    <?php ;
+                }
 
+                $stmt = null;
                 $db = null;
             }
             ?>
-- 
cgit v1.2.3