Initial file import for admin panel
* Added isAdmin to user class * Run isAdmin on EACH page to ensure admin status hasn't changed * Added main page with no content * Added user query page with basic form, no content
This commit is contained in:
Sebastian Grewe
parent
c6347a8ba8
commit
ed0853202b
@ -26,26 +26,28 @@ class User {
|
||||
public function getError() {
|
||||
return $this->sError;
|
||||
}
|
||||
|
||||
public function getUserName($id) {
|
||||
return $this->getSingle($id, 'username', 'id');
|
||||
}
|
||||
|
||||
public function getUserId($username) {
|
||||
return $this->getSingle($username, 'id', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserEmail($username) {
|
||||
return $this->getSingle($username, 'email', 'username', 's');
|
||||
}
|
||||
|
||||
public function getUserAdmin($id) {
|
||||
return $this->getSingle($id, 'admin', 'id');
|
||||
}
|
||||
public function getUserToken($id) {
|
||||
return $this->getSingle($id, 'token', 'id');
|
||||
}
|
||||
|
||||
public function getIdFromToken($token) {
|
||||
return $this->getSingle($token, 'id', 'token', 's');
|
||||
}
|
||||
public function isAdmin($id) {
|
||||
if ($this->getUserAdmin($id) == 1) return true;
|
||||
return false;
|
||||
}
|
||||
|
||||
public function setUserToken($id) {
|
||||
$field = array(
|
||||
@ -266,15 +268,15 @@ class User {
|
||||
private function checkUserPassword($username, $password) {
|
||||
$this->debug->append("STA " . __METHOD__, 4);
|
||||
$user = array();
|
||||
$stmt = $this->mysqli->prepare("SELECT username, id FROM $this->table WHERE username=? AND pass=? LIMIT 1");
|
||||
$stmt = $this->mysqli->prepare("SELECT username, id, admin FROM $this->table WHERE username=? AND pass=? LIMIT 1");
|
||||
if ($this->checkStmt($stmt)) {
|
||||
$stmt->bind_param('ss', $username, hash('sha256', $password.$this->salt));
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($row_username, $row_id);
|
||||
$stmt->bind_result($row_username, $row_id, $row_admin);
|
||||
$stmt->fetch();
|
||||
$stmt->close();
|
||||
// Store the basic login information
|
||||
$this->user = array('username' => $row_username, 'id' => $row_id);
|
||||
$this->user = array('username' => $row_username, 'id' => $row_id, 'admin' => $row_admin);
|
||||
return $username === $row_username;
|
||||
}
|
||||
return false;
|
||||
|
||||
15
public/include/pages/admin.inc.php
Normal file
15
public/include/pages/admin.inc.php
Normal file
@ -0,0 +1,15 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
// Check user to ensure they are admin
|
||||
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) {
|
||||
header("HTTP/1.1 404 Page not found");
|
||||
die();
|
||||
}
|
||||
|
||||
// Tempalte specifics
|
||||
$smarty->assign("CONTENT", "default.tpl");
|
||||
?>
|
||||
19
public/include/pages/admin/user.inc.php
Normal file
19
public/include/pages/admin/user.inc.php
Normal file
@ -0,0 +1,19 @@
|
||||
<?php
|
||||
|
||||
// Make sure we are called from index.php
|
||||
if (!defined('SECURITY'))
|
||||
die('Hacking attempt');
|
||||
|
||||
// Check user to ensure they are admin
|
||||
if (!$user->isAdmin($_SESSION['USERDATA']['id'])) {
|
||||
header("HTTP/1.1 404 Page not found");
|
||||
die();
|
||||
}
|
||||
|
||||
if ($_POST['query']) {
|
||||
// Fetch all users from DB cross referencing all stats
|
||||
}
|
||||
|
||||
// Tempalte specifics
|
||||
$smarty->assign("CONTENT", "default.tpl");
|
||||
?>
|
||||
3
public/templates/mmcFE/admin/default.tpl
Normal file
3
public/templates/mmcFE/admin/default.tpl
Normal file
@ -0,0 +1,3 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Admin Panel"}
|
||||
<p>Welcome to the admin panel. Please select an option from the drop-down menu.</p>
|
||||
{include file="global/block_footer.tpl"}
|
||||
8
public/templates/mmcFE/admin/user/default.tpl
Normal file
8
public/templates/mmcFE/admin/user/default.tpl
Normal file
@ -0,0 +1,8 @@
|
||||
{include file="global/block_header.tpl" BLOCK_HEADER="Query User Database"}
|
||||
<form action="{$smarty.server.PHP_SELF}" method="POST">
|
||||
<input type="hidden" name="page" value="{$smarty.request.page}">
|
||||
<input type="hidden" name="action" value="{$smarty.request.action}">
|
||||
<input type="text" name="query" value="{$smarty.request.query|default:"%"}">
|
||||
<input type="submit" value="Query">
|
||||
</form>
|
||||
{include file="global/block_footer.tpl"}
|
||||
@ -11,6 +11,12 @@
|
||||
</li>
|
||||
{/if}
|
||||
{if $smarty.session.AUTHENTICATED|default:"0" == 1 && $GLOBAL.userdata.admin == 1}<li><a href="#">Admin Panel</a></li>{/if}
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=admin">Admin Panel</a>
|
||||
<ul>
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=admin&action=user">User Info</a></li>
|
||||
</ul>
|
||||
</li>
|
||||
{/if}
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=statistics">Statistics</a>
|
||||
<ul>
|
||||
<li><a href="{$smarty.server.PHP_SELF}?page=statistics&action=pool">Pool Stats</a></li>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user