Location: PHPKode > projects > eqEpic > eqEpic0.7.8/advsecu.php
<?php
/******************************************************************************
* advsecu.php                                                                 *
* Security File                                                               *
* See readme.txt for additional information                                   *
*******************************************************************************
* eqEpic - The Epic Raid Manager                                              *
* Open-Source Project By Ryan Christenson                                     *
* =========================================================================== *
* Software Version:           eqEpic 0.7.8                                    *
* Software by:                The RSWR Network (http://www.rswr.net)          *
* Copyright 2006-2007 by:     Ryan Christenson (http://www.rswr.net)          *
* Support, News, Updates at:  http://forum.rswr.net/                          *
*******************************************************************************
* This program is free software; you can redistribute it and/or modify        *
* it under the terms of the GNU General Public License as published by        *
* the Free Software Foundation; either version 2 of the License, or           *
* (at your option) any later version.                                         *
*                                                                             *
* This program is distributed in the hope that it will be useful,             *
* but WITHOUT ANY WARRANTY; without even the implied warranty of              *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               *
* GNU General Public License for more details.                                *
*                                                                             *
* You should have received a copy of the GNU General Public License           *
* along with DownloadCounter; if not, write to the Free Software              *
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA   *
******************************************************************************/

// User levels

define("ewAllowAdd", 1, true);
define("ewAllowDelete", 2, true);
define("ewAllowEdit", 4, true);
define("ewAllowView", 8, true);
define("ewAllowList", 8, true);
define("ewAllowReport", 8, true);
define("ewAllowSearch", 8, true);
define("ewAllowAdmin", 16, true);
$arUserLevel = NULL;
$arUserLevelPriv = NULL;
$ewCurLvl = CurrentUserLevel();
$dTableSecurity = NULL;
$dUserLevelPriv = NULL;

// Set Up User Levels when they Login

function SetUpUserLevel()
{
	global $arUserLevel;
	global $arUserLevelPriv;

	// User Level definitions
	$arUserLevel = NULL;
	$arUserLevel[] = array(0=>"0", 1=>"Anonymous");
	$arUserLevel[] = array(0=>"1", 1=>"Normal");
	$arUserLevelPriv = NULL;
	$arUserLevelPriv[] = array(0=>"players",1=>0,2=>8);
	$arUserLevelPriv[] = array(0=>"players",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"sec",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"sec",1=>1,2=>0);
	$arUserLevelPriv[] = array(0=>"steps",1=>0,2=>8);
	$arUserLevelPriv[] = array(0=>"steps",1=>1,2=>8);
	$arUserLevelPriv[] = array(0=>"chklist_ber",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_ber",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_brd",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_brd",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_bst",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_bst",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_clr",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_clr",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_dru",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_dru",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_enc",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_enc",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_mag",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_mag",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_mnk",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_mnk",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_nec",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_nec",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_pal",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_pal",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_rng",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_rng",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_rog",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_rog",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_shd",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_shd",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_shm",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_shm",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_war",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_war",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"chklist_wiz",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"chklist_wiz",1=>1,2=>13);
	$arUserLevelPriv[] = array(0=>"MyProfile",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"MyProfile",1=>1,2=>8);
	$arUserLevelPriv[] = array(0=>"settings",1=>0,2=>0);
	$arUserLevelPriv[] = array(0=>"settings",1=>1,2=>13);

	// Save the user level to session variable
	SaveUserLevel();
}

// Get current user privilege
function CurrentUserLevelPriv($TableName)
{
	return GetUserLevelPrivEx($TableName, CurrentUserLevel());
}

// Get anonymous user privilege
function GetAnonymousPriv($TableName)
{
	return GetUserLevelPrivEx($TableName, 0);
}

// Get user privilege based on table name and user level
function GetUserLevelPrivEx($TableName, $UserLevel)
{
	global $arUserLevelPriv;
	$userLevelPrivEx = 0;
	if (strval($UserLevel) == "-1") {
		return 31;
	} elseif ($UserLevel >=0) {
		if (is_array($arUserLevelPriv)) {
			foreach ($arUserLevelPriv as $row) {
				if ((strtolower($row[0]) == strtolower($TableName)) And (strval($row[1]) == strval($UserLevel))) {
					$userLevelPrivEx = $row[2];
				if ((is_null($userLevelPrivEx))) $userLevelPrivEx = 0;
				if (!is_numeric($userLevelPrivEx)) $userLevelPrivEx = 0;
				return (int)($userLevelPrivEx);
				}
			}
		}
	}	
}

// Get current user level name
function CurrentUserLevelName()
{
	return GetUserLevelName(CurrentUserLevel());
}

// Get user level name based on user level
function GetUserLevelName($UserLevel)
{
	global $arUserLevel;
	if (strval($UserLevel) == "-1") {
		return "Administrator";
	} elseif ($UserLevel >= 0) {
		if (is_array($arUserLevel)) {
			foreach ($arUserLevel as $row) {
				if (strval($row[0]) == strval($UserLevel)) {
					return $row[1];
				}
			}
		}
	}
}

// Function to display all the User Level settings (for debug only)
function ShowUserLevelInfo()
{
	if (is_array($GLOBALS["arUserLevel"])) {
		print "User Levels:<br />";
		print "UserLevelID, UserLevelName<br />";
		$rows = $GLOBALS["arUserLevel"];
		for ($i=0;$i<count($rows);$i++) {
			print "&nbsp;&nbsp;".$rows[$i][0].",".$rows[$i][1]."<br />";
		}
	}	else {
		print "No User Level definitions."."<br />";
	}
	if (is_array($GLOBALS["arUserLevelPriv"])) {
		print "User Levels Privs:<br />";
		print "TableName, UserLevelID, UserLevelPriv<br />";
		$rows = $GLOBALS["arUserLevelPriv"];
		for ($i=0; $i<count($rows); $i++) {
			print "&nbsp;&nbsp;".$rows[$i][0].",".$rows[$i][1].",".$rows[$i][2]."<br />";
		}
	}	else {
		print "No User Level privilege settings."."<br />";
	}
	print "CurrentUserLevel = " . CurrentUserLevel()."<br />";
}

// Function to check privilege for List page (for menu items)
function AllowList($TableName)
{
	return (CurrentUserLevelPriv($TableName) & ewAllowList);
}

// Get current user name from session
function CurrentUserName()
{
	return @$_SESSION[ewSessionUserName];
}

// Get current user id from session
function CurrentUserID()
{
	return @$_SESSION[ewSessionUserID];
}

// Get current parent user id from session
function CurrentParentUserID()
{
	return @$_SESSION[ewSessionParentUserID];
}

// Get current user level from session
function CurrentUserLevel()
{
	if (IsLoggedIn()) {
		return @$_SESSION[ewSessionUserLevel];
	} else {
		return 0; //Anonymous if not logged in
	}
}

// Check if user is logged in
function IsLoggedIn()
{
	return (@$_SESSION[ewSessionStatus] == "login");
}

// Check if user is system administrator
function IsSysAdmin()
{
	return (@$_SESSION[ewSessionSysAdmin] == 1);
}

// Save user level to session
function SaveUserLevel()
{
	$_SESSION[ewSessionArUserLevel] = $GLOBALS["arUserLevel"];
	$_SESSION[ewSessionArUserLevelPriv] = $GLOBALS["arUserLevelPriv"];
}

// Load user level from session
function LoadUserLevel()
{
	if (!is_array(@$_SESSION[ewSessionArUserLevel])) {
		SetupUserLevel();
		SaveUserLevel();
	}
	$GLOBALS["arUserLevel"] = @$_SESSION[ewSessionArUserLevel];
	$GLOBALS["arUserLevelPriv"] = @$_SESSION[ewSessionArUserLevelPriv];
}
?>
Return current item: eqEpic