Sindbad~EG File Manager
<?php
require_once __DIR__ . '/../config/config.php';
require_once __DIR__ . '/../config/database.php';
// Authentication functions
function authenticate($username_or_email, $password) {
global $db;
$query = "SELECT * FROM users WHERE (username = :login OR email = :login) AND is_active = 1";
$stmt = $db->prepare($query);
$stmt->bindParam(':login', $username_or_email);
$stmt->execute();
if ($stmt->rowCount() == 1) {
$user = $stmt->fetch(PDO::FETCH_ASSOC);
if (password_verify($password, $user['password_hash'])) {
// Update last login
$update_query = "UPDATE users SET last_login = NOW() WHERE id = :id";
$update_stmt = $db->prepare($update_query);
$update_stmt->bindParam(':id', $user['id']);
$update_stmt->execute();
return $user;
}
}
return false;
}
function createSession($user) {
session_regenerate_id(true);
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['email'] = $user['email'];
$_SESSION['first_name'] = $user['first_name'];
$_SESSION['last_name'] = $user['last_name'];
$_SESSION['user_level'] = $user['user_level'];
$_SESSION['user_role'] = $user['user_role'];
$_SESSION['area_id'] = $user['area_id'];
$_SESSION['district_id'] = $user['district_id'];
$_SESSION['assembly_id'] = $user['assembly_id'];
$_SESSION['last_activity'] = time();
}
function checkPermission($required_role) {
if (!isset($_SESSION['user_id'])) {
return false;
}
$user_role = $_SESSION['user_role'];
$roles_hierarchy = ['viewer' => 1, 'dataentry' => 2, 'admin' => 3];
return $roles_hierarchy[$user_role] >= $roles_hierarchy[$required_role];
}
function checkLevel($allowed_levels) {
if (!isset($_SESSION['user_level'])) {
return false;
}
return in_array($_SESSION['user_level'], $allowed_levels);
}
// Audit logging
function logAudit($action, $table_name, $record_id = null, $old_values = null, $new_values = null) {
global $db;
if (!isset($_SESSION['user_id'])) {
return;
}
$query = "INSERT INTO audit_logs (user_id, action, table_name, record_id, old_values, new_values, ip_address, user_agent)
VALUES (:user_id, :action, :table_name, :record_id, :old_values, :new_values, :ip_address, :user_agent)";
$stmt = $db->prepare($query);
$old_values_json = json_encode($old_values);
$new_values_json = json_encode($new_values);
$stmt->bindParam(':user_id', $_SESSION['user_id']);
$stmt->bindParam(':action', $action);
$stmt->bindParam(':table_name', $table_name);
$stmt->bindParam(':record_id', $record_id);
$stmt->bindParam(':old_values', $old_values_json);
$stmt->bindParam(':new_values', $new_values_json);
$stmt->bindParam(':ip_address', $_SERVER['REMOTE_ADDR']);
$stmt->bindParam(':user_agent', $_SERVER['HTTP_USER_AGENT']);
$stmt->execute();
}
// Notification functions
function createNotification($user_id, $title, $message, $type = 'info') {
global $db;
$query = "INSERT INTO notifications (user_id, title, message, type) VALUES (:user_id, :title, :message, :type)";
$stmt = $db->prepare($query);
$stmt->bindParam(':user_id', $user_id);
$stmt->bindParam(':title', $title);
$stmt->bindParam(':message', $message);
$stmt->bindParam(':type', $type);
return $stmt->execute();
}
function getNotifications($user_id, $unread_only = false) {
global $db;
$query = "SELECT * FROM notifications WHERE user_id = :user_id";
if ($unread_only) {
$query .= " AND is_read = 0";
}
$query .= " ORDER BY created_at DESC";
$stmt = $db->prepare($query);
$stmt->bindParam(':user_id', $user_id);
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function markNotificationRead($notification_id) {
global $db;
$query = "UPDATE notifications SET is_read = 1 WHERE id = :id";
$stmt = $db->prepare($query);
$stmt->bindParam(':id', $notification_id);
return $stmt->execute();
}
// Settings functions
function getSetting($key, $default = null) {
global $db;
$query = "SELECT setting_value FROM settings WHERE setting_key = :key";
$stmt = $db->prepare($query);
$stmt->bindParam(':key', $key);
$stmt->execute();
if ($stmt->rowCount() > 0) {
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return $result['setting_value'];
}
return $default;
}
function updateSetting($key, $value) {
global $db;
if (!isset($_SESSION['user_id'])) {
return false;
}
$query = "INSERT INTO settings (setting_key, setting_value, updated_by)
VALUES (:key, :value, :updated_by)
ON DUPLICATE KEY UPDATE
setting_value = :value, updated_by = :updated_by, updated_at = NOW()";
$stmt = $db->prepare($query);
$stmt->bindParam(':key', $key);
$stmt->bindParam(':value', $value);
$stmt->bindParam(':updated_by', $_SESSION['user_id']);
return $stmt->execute();
}
// Utility functions
function sanitizeInput($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function generateRandomPassword($length = 12) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%^&*';
$password = '';
for ($i = 0; $i < $length; $i++) {
$password .= $characters[rand(0, strlen($characters) - 1)];
}
return $password;
}
function formatDateTime($datetime) {
return date('M j, Y g:i A', strtotime($datetime));
}
function getRelativeTime($datetime) {
$time = time() - strtotime($datetime);
if ($time < 60) return 'just now';
if ($time < 3600) return floor($time/60) . ' minutes ago';
if ($time < 86400) return floor($time/3600) . ' hours ago';
if ($time < 2592000) return floor($time/86400) . ' days ago';
return formatDateTime($datetime);
}
// Session timeout check
function checkSessionTimeout() {
if (isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity'] > SESSION_TIMEOUT)) {
session_unset();
session_destroy();
return false;
}
$_SESSION['last_activity'] = time();
return true;
}
// Get user's accessible areas/districts/assemblies based on level
function getAccessibleAreas($user_level, $area_id = null) {
global $db;
$query = "SELECT * FROM areas WHERE is_active = 1";
if ($user_level !== 'superuser' && $area_id) {
$query .= " AND id = :area_id";
}
$stmt = $db->prepare($query);
if ($user_level !== 'superuser' && $area_id) {
$stmt->bindParam(':area_id', $area_id);
}
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function getAccessibleDistricts($user_level, $area_id = null, $district_id = null) {
global $db;
$query = "SELECT d.*, a.name as area_name FROM districts d
JOIN areas a ON d.area_id = a.id
WHERE d.is_active = 1";
if ($user_level === 'area' && $area_id) {
$query .= " AND d.area_id = :area_id";
} elseif ($user_level === 'district' && $district_id) {
$query .= " AND d.id = :district_id";
}
$stmt = $db->prepare($query);
if ($user_level === 'area' && $area_id) {
$stmt->bindParam(':area_id', $area_id);
} elseif ($user_level === 'district' && $district_id) {
$stmt->bindParam(':district_id', $district_id);
}
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function getAccessibleAssemblies($user_level, $area_id = null, $district_id = null, $assembly_id = null) {
global $db;
$query = "SELECT ass.*, d.name as district_name, a.name as area_name
FROM assemblies ass
JOIN districts d ON ass.district_id = d.id
JOIN areas a ON d.area_id = a.id
WHERE ass.is_active = 1";
if ($user_level === 'area' && $area_id) {
$query .= " AND a.id = :area_id";
} elseif ($user_level === 'district' && $district_id) {
$query .= " AND d.id = :district_id";
} elseif ($user_level === 'assembly' && $assembly_id) {
$query .= " AND ass.id = :assembly_id";
}
$stmt = $db->prepare($query);
if ($user_level === 'area' && $area_id) {
$stmt->bindParam(':area_id', $area_id);
} elseif ($user_level === 'district' && $district_id) {
$stmt->bindParam(':district_id', $district_id);
} elseif ($user_level === 'assembly' && $assembly_id) {
$stmt->bindParam(':assembly_id', $assembly_id);
}
$stmt->execute();
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
?>
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists