82 lines
2.5 KiB
PHP
82 lines
2.5 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/db/config.php';
|
|
require_once __DIR__ . '/includes/SupabaseAuth.php';
|
|
|
|
function get_user() {
|
|
if (!isset($_SESSION['user_id'])) return null;
|
|
$stmt = db()->prepare("SELECT * FROM users WHERE id = ?");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
return $stmt->fetch();
|
|
}
|
|
|
|
function require_login() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header('Location: login.php');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function require_role($roles) {
|
|
$user = get_user();
|
|
if (!$user || !in_array($user['role'], (array)$roles)) {
|
|
header('Location: index.php?error=Unauthorized');
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function uuid() {
|
|
return sprintf('%04x%04x-%04x-%04x-%04x-%04x%04x%04x',
|
|
mt_rand(0, 0xffff), mt_rand(0, 0xffff),
|
|
mt_rand(0, 0xffff),
|
|
mt_rand(0, 0x0fff) | 0x4000,
|
|
mt_rand(0, 0x3fff) | 0x8000,
|
|
mt_rand(0, 0xffff), mt_rand(0, 0xffff), mt_rand(0, 0xffff)
|
|
);
|
|
}
|
|
|
|
function audit_log($action, $table = null, $record_id = null, $old = null, $new = null, $details = null) {
|
|
$electionId = get_active_election_id();
|
|
$stmt = db()->prepare("INSERT INTO audit_logs (id, user_id, action, details, table_name, record_id, old_values, new_values, election_id) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([
|
|
uuid(),
|
|
$_SESSION['user_id'] ?? null,
|
|
$action,
|
|
$details,
|
|
$table,
|
|
$record_id,
|
|
$old ? json_encode($old) : null,
|
|
$new ? json_encode($new) : null,
|
|
$electionId
|
|
]);
|
|
}
|
|
|
|
function get_active_election_id() {
|
|
if (isset($_GET['set_election_id'])) {
|
|
$_SESSION['active_election_id'] = $_GET['set_election_id'];
|
|
// Redirect to same page without the query param to keep URL clean
|
|
$url = strtok($_SERVER["REQUEST_URI"], '?');
|
|
header("Location: " . $url);
|
|
exit;
|
|
}
|
|
|
|
if (!isset($_SESSION['active_election_id'])) {
|
|
$election = db()->query("SELECT id FROM elections WHERE archived = FALSE ORDER BY created_at DESC LIMIT 1")->fetch();
|
|
$_SESSION['active_election_id'] = $election['id'] ?? null;
|
|
}
|
|
|
|
return $_SESSION['active_election_id'];
|
|
}
|
|
|
|
function get_active_election() {
|
|
$id = get_active_election_id();
|
|
if (!$id) return null;
|
|
$stmt = db()->prepare("SELECT * FROM elections WHERE id = ?");
|
|
$stmt->execute([$id]);
|
|
return $stmt->fetch();
|
|
}
|
|
|
|
function get_all_elections() {
|
|
return db()->query("SELECT * FROM elections WHERE archived = FALSE ORDER BY created_at DESC")->fetchAll();
|
|
}
|