userID = floatval($userID); } else { $this->userID = floatval($_SESSION['userID']); } $this->userRoles = $this->getUserRoles('ids'); $this->buildACL(); } function ACL($userID = ''){ $this->__constructor($userID); //crutch for PHP4 setups } function buildACL(){ //first, get the rules for the user's role if (count($this->userRoles) > 0){ $this->perms = array_merge($this->perms,$this->getRolePerms($this->userRoles)); } //then, get the individual user permissions $this->perms = array_merge($this->perms,$this->getUserPerms($this->userID)); } function getPermKeyFromID($permID){ global $db; $strSQL = "SELECT `permKey` FROM `permissions` WHERE `ID` = " . floatval($permID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } function getPermNameFromID($permID){ global $db; $strSQL = "SELECT `permName` FROM `permissions` WHERE `ID` = " . floatval($permID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } function getRoleNameFromID($roleID){ global $db; $strSQL = "SELECT `roleName` FROM `roles` WHERE `ID` = " . floatval($roleID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } function getUserRoles(){ global $db; $strSQL = "SELECT * FROM `user_roles` WHERE `userID` = " . floatval($this->userID) . " ORDER BY `addDate` ASC"; $data = $db->query($strSQL); $resp = array(); while($row = $db->fetchNextArray($data)){ $resp[] = $row['roleID']; } return $resp; } function getUserRolesExpire($roleId){ global $db; $strSQL = "SELECT * FROM `user_roles` WHERE `userID` = " . floatval($this->userID) . " AND `roleID` = " . (int)$roleId; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row['expireDate']; } function getAllRoles($format='ids'){ global $db; $format = strtolower($format); $strSQL = "SELECT * FROM `roles` ORDER BY `roleName` ASC"; $data = $db->query($strSQL); $resp = array(); while($row = $db->fetchNextArray($data)){ if ($format == 'full'){ $resp[] = array("ID" => $row['ID'],"Name" => $row['roleName']); } else { $resp[] = $row['ID']; } } return $resp; } function getAllPerms($format='ids') { global $db; $format = strtolower($format); $strSQL = "SELECT * FROM `permissions` ORDER BY `permName` ASC"; $data = $db->query($strSQL); $resp = array(); while($row = $db->fetchNextArray($data)) { if ($format == 'full'){ $resp[$row['permKey']] = array('ID' => $row['ID'], 'Name' => $row['permName'], 'Key' => $row['permKey']); } else { $resp[] = $row['ID']; } } return $resp; } function getRolePerms($role){ global $db; if (is_array($role)){ $roleSQL = "SELECT * FROM `role_perms` WHERE `roleID` IN (" . implode(",",$role) . ") ORDER BY `ID` ASC"; } else { $roleSQL = "SELECT * FROM `role_perms` WHERE `roleID` = " . floatval($role) . " ORDER BY `ID` ASC"; } $data = $db->query($roleSQL); $perms = array(); while($row = $db->fetchNextArray($data)){ $pK = strtolower($this->getPermKeyFromID($row['permID'])); if ($pK == '') { continue; } if ($row['value'] === '1') { $hP = true; } else { $hP = false; } $perms[$pK] = array('perm' => $pK,'inheritted' => true,'value' => $hP,'Name' => $this->getPermNameFromID($row['permID']),'ID' => $row['permID']); } return $perms; } function getUserPerms($userID){ global $db; $strSQL = "SELECT * FROM `user_perms` WHERE `userID` = " . floatval($userID) . " ORDER BY `addDate` ASC"; $data = $db->query($strSQL); $perms = array(); while($row = $db->fetchNextArray($data)){ $pK = strtolower($this->getPermKeyFromID($row['permID'])); if ($pK == '') { continue; } if ($row['value'] == '1') { $hP = true; } else { $hP = false; } $perms[$pK] = array('perm' => $pK,'inheritted' => false,'value' => $hP,'Name' => $this->getPermNameFromID($row['permID']),'ID' => $row['permID']); } return $perms; } function userHasRole($roleID){ foreach($this->userRoles as $k => $v){ if (floatval($v) === floatval($roleID)){ return true; } } return false; } function hasPermission($permKey){ $permKey = strtolower($permKey); if (array_key_exists($permKey,$this->perms)){ if ($this->perms[$permKey]['value'] === '1' || $this->perms[$permKey]['value'] === true){ return true; } else { return false; } } else { return false; } } function getObjectRoles($obj,$objID){ global $db; $roleSQL = "SELECT * FROM `object_roles` WHERE `objName` = '" . $db->safe_string($obj) . "' AND `objID` = '" . (int)$objID . "'"; $data = $db->query($roleSQL); $roles = array(); while($row = $db->fetchNextArray($data)){ $roles[] = $row['roleID']; } return $roles; } function hasPermission2object($objectName, $objectID){ $objectName = strtolower($objectName); $objRoles = $this->getObjectRoles($objectName, $objectID); if(count($objRoles) == 0){ return true; }else{ $userRoles = $this->getUserRoles(); //pr($userRoles); //pr($objRoles); $intersect = array_intersect($objRoles, $userRoles); if(count($intersect) > 0){ return true; }else{ return false; } } } function RoleIcon($objectName, $objectID){ return $this->hasPermission2objectRoleIcon($this->hasPermission2objectRole($objectName, $objectID)); } function hasPermission2objectRoleIcon($role){ if($role == 'guest'){ return ' کاربر مهمان '; }elseif($role == 'member'){ return ' کاربر عضو '; }elseif($role == 'premium'){ return ' کاربر ویژه '; }elseif($role == 'writer'){ return ' کاربر نویسنده '; }elseif($role == 'administrator'){ return ' مدیر '; } } function hasPermission2objectRole($objectName, $objectID){ $objectName = strtolower($objectName); $objRoles = $this->getObjectRoles($objectName, $objectID); if(count($objRoles) == 0){ return 'guest'; }else{ foreach($objRoles as $role => $val){ if( $val == 2){ return 'member' ; break; } } foreach($objRoles as $role => $val){ if($val == 4){ return 'premium'; break; } } foreach($objRoles as $role => $val){ if($val == 5){ return 'writer'; break; } } foreach($objRoles as $role => $val){ if($val == 1){ return 'administrator'; break; } } } } function objectHasRole($roleID, $objectName, $objectID){ if((int)$objectID == 0){ return true; }else{ $objRoles = $this->getObjectRoles($objectName, $objectID); if(count($objRoles) > 0){ foreach($objRoles as $k => $v){ if (floatval($v) === floatval($roleID)){ return true; } } }else{ return true; } } return false; } function getUsername($userID){ global $db; $strSQL = "SELECT `username` FROM `users` WHERE `ID` = " . floatval($userID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } function getEmail($userID){ global $db; $strSQL = "SELECT email FROM `users` WHERE `ID` = " . floatval($userID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } function getNameLastname($userID){ global $db; $strSQL = "SELECT name,lastName FROM `users` WHERE `ID` = " . floatval($userID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0] . ' ' . $row['1']; } function getStras($userID){ global $db; $strSQL = "SELECT stars FROM `users` WHERE `ID` = " . floatval($userID) . " LIMIT 1"; $data = $db->query($strSQL); $row = $db->fetchNextArray($data); return $row[0]; } } ?>