80 lines
1.9 KiB
PHP
80 lines
1.9 KiB
PHP
<?php
|
|
if (session_status() === PHP_SESSION_NONE) {
|
|
session_start();
|
|
}
|
|
|
|
require_once __DIR__ . '/../db/config.php';
|
|
|
|
function check_auth() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
header("Location: login.php");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
function current_user() {
|
|
if (!isset($_SESSION['user_id'])) {
|
|
return null;
|
|
}
|
|
|
|
global $db;
|
|
if (!isset($db)) {
|
|
$db = db();
|
|
}
|
|
|
|
// Check cache first (optional, but good for performance)
|
|
if (isset($_SESSION['user_cache']) && $_SESSION['user_cache']['id'] == $_SESSION['user_id']) {
|
|
return $_SESSION['user_cache'];
|
|
}
|
|
|
|
$stmt = $db->prepare("
|
|
SELECT u.*, r.slug as role_slug, r.permissions
|
|
FROM users u
|
|
JOIN roles r ON u.role_id = r.id
|
|
WHERE u.id = ? AND u.active = 1
|
|
");
|
|
$stmt->execute([$_SESSION['user_id']]);
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if ($user) {
|
|
$_SESSION['user_cache'] = $user;
|
|
return $user;
|
|
}
|
|
|
|
// User not found or inactive, logout
|
|
session_destroy();
|
|
header("Location: login.php");
|
|
exit;
|
|
}
|
|
|
|
function has_role($role_slug) {
|
|
$user = current_user();
|
|
if (!$user) return false;
|
|
|
|
if ($user['role_slug'] === 'admin') return true; // Admin has all roles
|
|
|
|
return $user['role_slug'] === $role_slug;
|
|
}
|
|
|
|
function has_permission($permission) {
|
|
$user = current_user();
|
|
if (!$user) return false;
|
|
|
|
if ($user['role_slug'] === 'admin') return true; // Admin has all permissions
|
|
|
|
// Decode permissions JSON
|
|
$perms = json_decode($user['permissions'], true);
|
|
if (!$perms) return false;
|
|
|
|
if (in_array('*', $perms)) return true;
|
|
|
|
return in_array($permission, $perms);
|
|
}
|
|
|
|
function require_role($role_slug) {
|
|
if (!has_role($role_slug)) {
|
|
http_response_code(403);
|
|
die("Access Denied: You do not have the required role.");
|
|
}
|
|
}
|