AcuGIS
/
GeoLite
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
GeoLite/incl/Auth.php

259 lines
6.6 KiB
PHP
Raw Permalink Blame History

<?php
// Authentication helper functions
/**
* Start session if not already started
*/
function ensureSession() {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
}
/**
* Check if user is logged in
* @return bool True if logged in, false otherwise
*/
function isLoggedIn() {
ensureSession();
return isset($_SESSION['authenticated']) && $_SESSION['authenticated'] === true && isset($_SESSION['user_id']);
}
/**
* Authenticate user with username and password
* @param string $username Username
* @param string $password Password
* @return bool True if authentication successful
*/
function authenticate($username, $password) {
try {
$user = getUserByUsername($username);
// PostgreSQL returns booleans as 't'/'f' strings, convert to boolean
$isActive = ($user['is_active'] === true || $user['is_active'] === 't' || $user['is_active'] === 1 || $user['is_active'] === '1');
if ($user && $isActive && password_verify($password, $user['password_hash'])) {
ensureSession();
$_SESSION['authenticated'] = true;
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
$_SESSION['full_name'] = $user['full_name'];
$_SESSION['group_id'] = $user['group_id'];
$_SESSION['group_name'] = $user['group_name'];
$_SESSION['login_time'] = time();
// Update last login time
updateUserLastLogin($user['id']);
return true;
}
} catch (Exception $e) {
error_log("Authentication error: " . $e->getMessage());
}
return false;
}
/**
* Logout the current user
*/
function logout() {
ensureSession();
$_SESSION = array();
// Destroy session cookie
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time() - 3600, '/');
}
session_destroy();
}
/**
* Require authentication - redirect to login if not authenticated
* @param string $loginPage Path to login page (default: login.php)
*/
function requireAuth($loginPage = 'login.php') {
if (!isLoggedIn()) {
header('Location: ' . $loginPage);
exit;
}
}
/**
* Get current username
* @return string|null Username if logged in, null otherwise
*/
function getCurrentUsername() {
ensureSession();
return isset($_SESSION['username']) ? $_SESSION['username'] : null;
}
/**
* Get current fullname
* @return string|null Username if logged in, null otherwise
*/
function getCurrentFullname() {
ensureSession();
return isset($_SESSION['full_name']) ? $_SESSION['full_name'] : null;
}
/**
* Get current user ID
* @return int|null User ID if logged in, null otherwise
*/
function getCurrentUserId() {
ensureSession();
return isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
}
/**
* Get current user's group ID
* @return int|null Group ID if logged in, null otherwise
*/
function getCurrentUserGroupId() {
ensureSession();
return isset($_SESSION['group_id']) ? $_SESSION['group_id'] : null;
}
/**
* Get current user's group name
* @return string|null Group name if logged in, null otherwise
*/
function getCurrentUserGroupName() {
ensureSession();
return isset($_SESSION['group_name']) ? $_SESSION['group_name'] : null;
}
/**
* Check if current user is admin
* @return bool True if user is in Admin group
*/
function isAdmin() {
ensureSession();
return isset($_SESSION['group_name']) && $_SESSION['group_name'] === 'Admin';
}
/**
* Require admin privileges - redirect or show error
* @param string $redirectPage Page to redirect to if not admin (default: index.php)
*/
function requireAdmin($redirectPage = 'index.php') {
if (!isLoggedIn()) {
header('Location: login.php');
exit;
}
if (!isAdmin()) {
header('Location: ' . $redirectPage . '?error=access_denied');
exit;
}
}
/**
* Check if user has permission to view an item
* @param string $itemType Type of item (map, dashboard, document, html_page)
* @param int $itemId ID of the item
* @return bool True if user has permission
*/
function canView($itemType, $itemId) {
if (!isLoggedIn()) {
return checkPermission(1, $itemType, $itemId, 'can_view');
}
// Admins can view everything
if (isAdmin()) {
return true;
}
$groupId = getCurrentUserGroupId();
if (!$groupId) {
return false;
}
try {
return checkPermission($groupId, $itemType, $itemId, 'can_view') ||
checkPermission(1, $itemType, $itemId, 'can_view');
} catch (Exception $e) {
error_log("Permission check error: " . $e->getMessage());
return false;
}
}
/**
* Check if user has permission to edit an item
* @param string $itemType Type of item (map, dashboard, document, html_page)
* @param int $itemId ID of the item
* @return bool True if user has permission
*/
function canEdit($itemType, $itemId) {
if (!isLoggedIn()) {
return false;
}
// Admins can edit everything
if (isAdmin()) {
return true;
}
$groupId = getCurrentUserGroupId();
if (!$groupId) {
return false;
}
try {
return checkPermission($groupId, $itemType, $itemId, 'can_edit');
} catch (Exception $e) {
error_log("Permission check error: " . $e->getMessage());
return false;
}
}
/**
* Check if user has permission to delete an item
* @param string $itemType Type of item (map, dashboard, document, html_page)
* @param int $itemId ID of the item
* @return bool True if user has permission
*/
function canDelete($itemType, $itemId) {
if (!isLoggedIn()) {
return false;
}
// Admins can delete everything
if (isAdmin()) {
return true;
}
$groupId = getCurrentUserGroupId();
if (!$groupId) {
return false;
}
try {
return checkPermission($groupId, $itemType, $itemId, 'can_delete');
} catch (Exception $e) {
error_log("Permission check error: " . $e->getMessage());
return false;
}
}
/**
* Get all items that the current user has permission to view
* @param string $itemType Type of item
* @param array $allItems Array of all items
* @return array Filtered array of items user can view
*/
function filterItemsByPermission($itemType, $allItems) {
// Admins can see everything
if (isAdmin()) {
return $allItems;
}
// Filter items based on permissions
return array_filter($allItems, function($item) use ($itemType) {
return canView($itemType, $item['id']);
});
}
Reference in New Issue View Git Blame Copy Permalink