[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php

<?php
/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
define('PERMISSION_MANAGE_USERS', 'manage_users'); 
/** Relating to Users tab: Can ban users connected to IRC */
define('PERMISSION_BAN_USERS', 'ban_users');
/** Change properties of a user, i.e. vhost, modes and more */
define('PERMISSION_EDIT_USER', 'edit_user');
/** Change properties of a channel, i.e. topic, modes and more */
define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); 
/** Change properties of a user on a channel i.e give/remove voice or ops and more */
define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); 
/** Can add manual bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); 
/** Can remove set bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
/** Can add Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_ADD', 'nb_add');
/** Can delete Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_DEL', 'nb_del'); 
/** Can add ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); 
/** Can delete ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); 
/** Can add spamfilter entries */
define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); 
/** Can delete spamfilter entries */
define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
/** Can rehash servers */
define('PERMISSION_REHASH', 'rhs');
/**
 * PanelUser
 * This is the User class for the SQL_Auth plugin
 */
class PanelUser
{
	public $id = NULL;
	public $username = NULL;
	private $passhash = NULL;
	public $first_name = NULL;
	public $last_name = NULL;
	public $created = NULL;
	public $user_meta = [];
	public $bio = NULL;
	public $email = NULL;

	/**
	 * Find a user in the database by name or ID
	 * @param string $name
	 * @param mixed $id
	 */
	function __construct(string $name = NULL, int $id = NULL)
	{
		$user["name"] = $name;
		$user["id"] = $id;
		$user["object"] = NULL;
		Hook::run(HOOKTYPE_USER_LOOKUP, $user);
		if ($user['object'] === null)
			return; /* no auth module loaded? */
		foreach ($user['object'] as $key => $value)
			$this->$key = $value;
	}

	/**
	 * Verify a user's password
	 * @param string $input
	 * @return bool
	 */
	function password_verify(string $password, bool &$hash_needs_updating = false) : bool
	{
		GLOBAL $config;
		$hash_needs_updating = false;

		if (str_starts_with($this->passhash, "peppered:"))
		{
			/* Argon2 with pepper */
			$password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
			if (password_verify($password, substr($this->passhash,9)))
				return true;
		} else {
			/* Old standard argon2 */
			if (password_verify($password, $this->passhash))
			{
				$hash_needs_updating = true;
				return true;
			}
		}
		return false;
	}

	/**
	 * Generate hash of user's password
	 * @param string $password
	 * @return string
	 */
	public static function password_hash(string $password) : string
	{
		GLOBAL $config;
		$input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
		return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
	}

	/**
	 * Add user meta data
	 * @param string $key
	 * @param string $value
	 */
	function add_meta(string $key, string $value)
	{
		
		if (!$key || !$value)
			return false;

		$meta = [
			"id" => $this->id,
			"key" => $key,
			"value" => $value
		];

		$array['meta'] = $meta;
		$array['user'] = $this;
		Hook::run(HOOKTYPE_USERMETA_ADD, $array);
		
	}

	/**
	 * Delete user meta data by key
	 * @param string $key
	 */
	function delete_meta(string $key)
	{
		if (!$key )
			return false;

		$meta = [
			"id" => $this->id,
			"key" => $key,
		];
		Hook::run(HOOKTYPE_USERMETA_DEL, $meta);

	}

	/** PERMISSIONS */

	function add_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		if (!in_array($permission,$meta))
			$meta[] = $permission;
		$this->add_meta("permissions", serialize($meta)); // updet de dettabess
		$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	}
	function delete_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		foreach($meta as $key => $value)
		{
			if (!strcmp($permission, $value))
				unset($meta[$key]);
		}
		$this->add_meta("permissions", serialize($meta));
		$this->user_meta['permissions'] = serialize($meta);
	}

	/** Updates core user info.
	 * CAUTION: Updating a non-existent column will crash
	 * your shit
	 */
	function update_core_info($array)
	{
		$arr = ['info' => $array, 'user' => $this];
		Hook::run(HOOKTYPE_EDIT_USER, $arr);
	}
}


/**
 * This class looks up and returns any user meta.
 * This is used by PanelUser, so you won't need to 
 * call it separately from PanelUser.
 */
class PanelUser_Meta
{
	public $list = [];
	function __construct($id)
	{
		$array = [];
		$arr["id"] = $id;
		$arr['meta'] = &$array;
		Hook::run(HOOKTYPE_USERMETA_GET, $arr);
		$this->list = $arr['meta'];
		
	}
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array &$user) : bool
{
	if (!isset($user['user_name']) || !isset($user['user_pass']))
		throw new Exception("Attempted to add user without specifying user_name or user_pass");

	$user['user_name'] = htmlspecialchars($user['user_name']);
	$user['user_pass'] = PanelUser::password_hash($user['user_pass']);
	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;

	if (($u = new PanelUser($user['user_name']))->id)
	{
		$user['err'] = "User already exists";
		return false;
	}
	// internal use
	$user['success'] = false;
	$user['errmsg'] = [];
	
	Hook::run(HOOKTYPE_USER_CREATE, $user);
	if (!$user['success'])
		return false;
	
	return true;
}

/**
 * Gets the user object for the current session
 * @return PanelUser|bool
 */
function unreal_get_current_user() : PanelUser|bool
{
	if (isset($_SESSION) && isset($_SESSION['id']))
	{
		$user = new PanelUser(NULL, $_SESSION['id']);
		if ($user->id)
			return $user;
	}
	return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can($permission) : bool
{
	$user = unreal_get_current_user();
	if (!$user)
		return false;
	return user_can($user, $permission);
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function user_can(PanelUser $user, $permission) : bool
{
	global $config;
	if (!$user)
		return false;

	if (isset($user->user_meta['role']))
	{
		if ($user->user_meta['role'] == "Super-Admin")
			return true;

		else if ($user->user_meta['role'] == "Read-Only")
			return false;

		else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
			return true;
			
		return false;
	}

	/* compatibility fallback */
	if (isset($user->user_meta['permissions']))
	{
		$perms = unserialize($user->user_meta['permissions']);
		if (in_array($permission, $perms))
			return true;
	}
	return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
	$user = new PanelUser(NULL, $id);
	if (!$user->id) {
		$info[] = "Could not find user";
		return 0;
	}
	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	return $arr["boolint"];
}

function get_panel_user_permission_list()
{
	$list = [
		"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
		"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
		"Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
		"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
		"Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
		"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
		"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
		"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
		"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
		"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
		"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
		"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
		"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
	];
	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	return $list;
}

function generate_panel_user_permission_table($user)
{
	
	$list = get_panel_user_permission_list();
	foreach($list as $desc => $slug)
	{
		$attributes = "";
		$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
		?>
		<div class="input-group">
			<div class="input-group-prepend">
				<div class="input-group-text">
					<input <?php
						$attributes .= (user_can($user, $slug)) ? "checked" : "";
						echo $attributes;
					?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
				</div>
			</div>
			<input type="text" readonly  class="form-control" value="<?php echo "$desc ($slug)"; ?>">
		</div>

		<?php
	}
}

function get_panel_user_roles_list()
{
	/* Defaults */
	$list = [
        "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
        "Read-Only" => [], // Read Only can do nothing
	];

	Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
	return $list;
}

function generate_role_list($list)
{
	$list2 = get_panel_user_permission_list();
	?>
		<h5>Roles List:</h5>
		<div id="permlist">
		<div class="container-xxl" style="max-width: 1430px;">
		<div class="accordion" id="roles_accord">

<?php foreach($list as $role => $slug) {?>
	<div class="card">
		<div class="card-header" id="<?php echo to_slug($role); ?>_heading">
			<div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
				<?php echo $role ?>
				
			</div>
		</div>

		<div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
			<div id="results_rpc" class="card-body">
				<form method="post">
				<?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
					<div class="container row mb-2">
						<button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
						<button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
					</div>
					
				<?php } ?>
				<div id="<?php echo $role; ?>_input_area"><?php
					foreach($list2 as $desc => $slug)
					{
					$attributes = "";
					$attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";

						?>
						<div class="input-group">
							<div class="input-group-prepend">
								<div class="input-group-text">
									<input <?php
										$attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
										echo $attributes;
									?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
								</div>
							</div>
							<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
						</div>
				
						<?php
					}
				?>	</div>
				</form>
			</div>
		</div>
	</div>
<?php }?>

		</div></div><br>
			
</div><?php

}
Commit	Line	Data
961b0aa7	1	<?php
cc9898cc VP	2	/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
	3	define('PERMISSION_MANAGE_USERS', 'manage_users');
	4	/** Relating to Users tab: Can ban users connected to IRC */
	5	define('PERMISSION_BAN_USERS', 'ban_users');
	6	/** Change properties of a user, i.e. vhost, modes and more */
	7	define('PERMISSION_EDIT_USER', 'edit_user');
	8	/** Change properties of a channel, i.e. topic, modes and more */
	9	define('PERMISSION_EDIT_CHANNEL', 'edit_channel');
	10	/** Change properties of a user on a channel i.e give/remove voice or ops and more */
	11	define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user');
	12	/** Can add manual bans, including G-Lines, Z-Lines and more */
	13	define('PERMISSION_SERVER_BAN_ADD', 'tkl_add');
	14	/** Can remove set bans, including G-Lines, Z-Lines and more */
	15	define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
	16	/** Can add Name Bans (Q-Lines) */
	17	define('PERMISSION_NAME_BAN_ADD', 'nb_add');
	18	/** Can delete Name Bans (Q-Lines) */
	19	define('PERMISSION_NAME_BAN_DEL', 'nb_del');
	20	/** Can add ban exceptions (E-Lines) */
	21	define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add');
	22	/** Can delete ban exceptions (E-Lines) */
	23	define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del');
	24	/** Can add spamfilter entries */
	25	define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
	26	/** Can delete spamfilter entries */
	27	define('PERMISSION_SPAMFILTER_DEL', 'sf_del');
5a7f0cde VP	28	/** Can rehash servers */
5a7f0cde VP	29	define('PERMISSION_REHASH', 'rhs');
6b3d3f83	30	/**
6930484c	31	* PanelUser
6b3d3f83 VP	32	* This is the User class for the SQL_Auth plugin
6b3d3f83 VP	33	*/
6930484c	34	class PanelUser
961b0aa7	35	{
d72d1923 VP	36	public $id = NULL;
	37	public $username = NULL;
	38	private $passhash = NULL;
	39	public $first_name = NULL;
	40	public $last_name = NULL;
	41	public $created = NULL;
	42	public $user_meta = [];
	43	public $bio = NULL;
0b546dde	44	public $email = NULL;
d72d1923 VP	45
	46	/**
	47	* Find a user in the database by name or ID
	48	* @param string $name
	49	* @param mixed $id
	50	*/
	51	function __construct(string $name = NULL, int $id = NULL)
	52	{
6930484c VP	53	$user["name"] = $name;
	54	$user["id"] = $id;
	55	$user["object"] = NULL;
6930484c	56	Hook::run(HOOKTYPE_USER_LOOKUP, $user);
cd1dee97 BM	57	if ($user['object'] === null)
cd1dee97 BM	58	return; /* no auth module loaded? */
6930484c VP	59	foreach ($user['object'] as $key => $value)
6930484c VP	60	$this->$key = $value;
d72d1923 VP	61	}
	62
	63	/**
	64	* Verify a user's password
	65	* @param string $input
	66	* @return bool
	67	*/
6b08fcb9	68	function password_verify(string $password, bool &$hash_needs_updating = false) : bool
d72d1923	69	{
6b08fcb9 BM	70	GLOBAL $config;
	71	$hash_needs_updating = false;
	72
	73	if (str_starts_with($this->passhash, "peppered:"))
	74	{
	75	/* Argon2 with pepper */
	76	$password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
	77	if (password_verify($password, substr($this->passhash,9)))
	78	return true;
	79	} else {
	80	/* Old standard argon2 */
	81	if (password_verify($password, $this->passhash))
	82	{
	83	$hash_needs_updating = true;
	84	return true;
	85	}
	86	}
d72d1923 VP	87	return false;
	88	}
	89
6b08fcb9 BM	90	/**
	91	* Generate hash of user's password
	92	* @param string $password
	93	* @return string
	94	*/
	95	public static function password_hash(string $password) : string
	96	{
	97	GLOBAL $config;
	98	$input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
	99	return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
	100	}
	101
d72d1923 VP	102	/**
	103	* Add user meta data
	104	* @param string $key
	105	* @param string $value
d72d1923 VP	106	*/
	107	function add_meta(string $key, string $value)
	108	{
6930484c	109
d72d1923 VP	110	if (!$key \|\| !$value)
	111	return false;
	112
	113	$meta = [
	114	"id" => $this->id,
	115	"key" => $key,
	116	"value" => $value
	117	];
d72d1923	118
6930484c VP	119	$array['meta'] = $meta;
	120	$array['user'] = $this;
	121	Hook::run(HOOKTYPE_USERMETA_ADD, $array);
	122
d72d1923 VP	123	}
	124
	125	/**
	126	* Delete user meta data by key
	127	* @param string $key
d72d1923 VP	128	*/
	129	function delete_meta(string $key)
	130	{
	131	if (!$key )
	132	return false;
	133
	134	$meta = [
	135	"id" => $this->id,
	136	"key" => $key,
	137	];
6930484c	138	Hook::run(HOOKTYPE_USERMETA_DEL, $meta);
d72d1923 VP	139
	140	}
	141
	142	/** PERMISSIONS */
	143
	144	function add_permission($permission)
	145	{
	146	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	147	if (!in_array($permission,$meta))
	148	$meta[] = $permission;
	149	$this->add_meta("permissions", serialize($meta)); // updet de dettabess
	150	$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	151	}
	152	function delete_permission($permission)
	153	{
	154	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	155	foreach($meta as $key => $value)
	156	{
	157	if (!strcmp($permission, $value))
	158	unset($meta[$key]);
	159	}
	160	$this->add_meta("permissions", serialize($meta));
	161	$this->user_meta['permissions'] = serialize($meta);
	162	}
	163
5a7f0cde VP	164	/** Updates core user info.
	165	* CAUTION: Updating a non-existent column will crash
	166	* your shit
	167	*/
	168	function update_core_info($array)
	169	{
	170	$arr = ['info' => $array, 'user' => $this];
	171	Hook::run(HOOKTYPE_EDIT_USER, $arr);
	172	}
4d634d0a	173	}
a3151e7c	174
6b3d3f83 VP	175
	176	/**
	177	* This class looks up and returns any user meta.
6930484c VP	178	* This is used by PanelUser, so you won't need to
6930484c VP	179	* call it separately from PanelUser.
6b3d3f83	180	*/
6930484c	181	class PanelUser_Meta
4d634d0a	182	{
d72d1923 VP	183	public $list = [];
	184	function __construct($id)
	185	{
6930484c VP	186	$array = [];
	187	$arr["id"] = $id;
	188	$arr['meta'] = &$array;
	189	Hook::run(HOOKTYPE_USERMETA_GET, $arr);
6930484c VP	190	$this->list = $arr['meta'];
6930484c VP	191
d72d1923	192	}
a3151e7c VP	193	}
a3151e7c VP	194
4225314c VP	195	/**
	196	* Array of user
	197	*
	198	* Required:
	199	* user_name
	200	* user_pass
	201	*
	202	* Optional:
	203	* user_fname
	204	* user_lname
	205	*
	206	* @param array $user
	207	* @throws Exception
	208	* @return bool
	209	*/
180b8ec1	210	function create_new_user(array &$user) : bool
4d634d0a	211	{
d72d1923 VP	212	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	213	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	214
180b8ec1	215	$user['user_name'] = htmlspecialchars($user['user_name']);
6b08fcb9	216	$user['user_pass'] = PanelUser::password_hash($user['user_pass']);
180b8ec1 VP	217	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	218	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	219	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
9a674833	220	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;
d72d1923	221
180b8ec1 VP	222	if (($u = new PanelUser($user['user_name']))->id)
	223	{
	224	$user['err'] = "User already exists";
	225	return false;
	226	}
	227	// internal use
	228	$user['success'] = false;
	229	$user['errmsg'] = [];
	230
	231	Hook::run(HOOKTYPE_USER_CREATE, $user);
	232	if (!$user['success'])
	233	return false;
d72d1923 VP	234
d72d1923 VP	235	return true;
4d634d0a VP	236	}
	237
	238	/**
	239	* Gets the user object for the current session
6930484c	240	* @return PanelUser\|bool
4d634d0a	241	*/
6930484c	242	function unreal_get_current_user() : PanelUser\|bool
a3151e7c	243	{
d3e3ec08	244	if (isset($_SESSION) && isset($_SESSION['id']))
d72d1923	245	{
6930484c	246	$user = new PanelUser(NULL, $_SESSION['id']);
d72d1923 VP	247	if ($user->id)
	248	return $user;
	249	}
	250	return false;
4d634d0a VP	251	}
	252
	253	/**
	254	* Checks if a user can do something
	255	* @param string $permission
	256	* @return bool
	257	*/
d72d1923	258	function current_user_can($permission) : bool
4d634d0a	259	{
d72d1923	260	$user = unreal_get_current_user();
6c67bf53 VP	261	if (!$user)
6c67bf53 VP	262	return false;
2405dc8e VP	263	return user_can($user, $permission);
	264	}
	265
	266	/**
	267	* Checks if a user can do something
	268	* @param string $permission
	269	* @return bool
	270	*/
	271	function user_can(PanelUser $user, $permission) : bool
	272	{
6f0e7ce4	273	global $config;
d72d1923 VP	274	if (!$user)
d72d1923 VP	275	return false;
2405dc8e	276
6f0e7ce4 VP	277	if (isset($user->user_meta['role']))
	278	{
	279	if ($user->user_meta['role'] == "Super-Admin")
	280	return true;
	281
	282	else if ($user->user_meta['role'] == "Read-Only")
	283	return false;
	284
	285	else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
	286	return true;
	287
	288	return false;
	289	}
	290
	291	/* compatibility fallback */
d72d1923 VP	292	if (isset($user->user_meta['permissions']))
	293	{
	294	$perms = unserialize($user->user_meta['permissions']);
	295	if (in_array($permission, $perms))
d72d1923	296	return true;
d72d1923 VP	297	}
d72d1923 VP	298	return false;
4d634d0a VP	299	}
4d634d0a VP	300
7aad7c29 VP	301	/**
	302	* Delete a user and related meta
	303	* @param int $id The ID of the user in the SQL database.
d72d1923	304	* @param array $info This will fill with a response.
7aad7c29 VP	305	* @return int
	306	*
	307	* Return values:
	308	* 1 The user was successfully deleted.
	309	* 0 The user was not found
	310	* -1 The admin does not have permission to delete users [TODO]
	311	*/
	312	function delete_user(int $id, &$info = []) : int
	313	{
6930484c	314	$user = new PanelUser(NULL, $id);
d72d1923 VP	315	if (!$user->id) {
	316	$info[] = "Could not find user";
	317	return 0;
	318	}
180b8ec1 VP	319	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	320	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	321	return $arr["boolint"];
54b5ea90 VP	322	}
54b5ea90 VP	323
2405dc8e VP	324	function get_panel_user_permission_list()
	325	{
	326	$list = [
	327	"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
	328	"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
9616b8e6	329	"Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
2405dc8e	330	"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
462bd723	331	"Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
2405dc8e VP	332	"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
	333	"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
	334	"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
	335	"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
	336	"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
	337	"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
	338	"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
	339	"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
	340	];
	341	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	342	return $list;
	343	}
	344
	345	function generate_panel_user_permission_table($user)
	346	{
	347
	348	$list = get_panel_user_permission_list();
	349	foreach($list as $desc => $slug)
	350	{
	351	$attributes = "";
	352	$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
	353	?>
	354	<div class="input-group">
	355	<div class="input-group-prepend">
	356	<div class="input-group-text">
	357	<input <?php
	358	$attributes .= (user_can($user, $slug)) ? "checked" : "";
	359	echo $attributes;
	360	?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
	361	</div>
	362	</div>
	363	<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
	364	</div>
	365
	366	<?php
	367	}
9616b8e6	368	}
4b48b46f VP	369
	370	function get_panel_user_roles_list()
	371	{
	372	/* Defaults */
	373	$list = [
6f0e7ce4 VP	374	"Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
6f0e7ce4 VP	375	"Read-Only" => [], // Read Only can do nothing
4b48b46f VP	376	];
	377
	378	Hook::run(HOOKTYPE_USER_ROLE_LIST, $list);
	379	return $list;
	380	}
	381
	382	function generate_role_list($list)
	383	{
	384	$list2 = get_panel_user_permission_list();
	385	?>
	386	<h5>Roles List:</h5>
	387	<div id="permlist">
088733d4	388	<div class="container-xxl" style="max-width: 1430px;">
4b48b46f VP	389	<div class="accordion" id="roles_accord">
	390
	391	<?php foreach($list as $role => $slug) {?>
	392	<div class="card">
	393	<div class="card-header" id="<?php echo to_slug($role); ?>_heading">
	394	<div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
	395	<?php echo $role ?>
1634b6ac	396
4b48b46f VP	397	</div>
	398	</div>
	399
	400	<div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
	401	<div id="results_rpc" class="card-body">
1634b6ac	402	<form method="post">
6f0e7ce4	403	<?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
1634b6ac VP	404	<div class="container row mb-2">
	405	<button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
	406	<button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
	407	</div>
	408
	409	<?php } ?>
	410	<div id="<?php echo $role; ?>_input_area"><?php
4b48b46f VP	411	foreach($list2 as $desc => $slug)
	412	{
	413	$attributes = "";
6f0e7ce4	414	$attributes .= ($role == "Super-Admin" \|\| $role == "Read-Only") ? "disabled " : "";
4b48b46f VP	415
	416	?>
	417	<div class="input-group">
	418	<div class="input-group-prepend">
	419	<div class="input-group-text">
	420	<input <?php
	421	$attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
	422	echo $attributes;
1634b6ac	423	?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
4b48b46f VP	424	</div>
	425	</div>
	426	<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
	427	</div>
	428
	429	<?php
	430	}
1634b6ac VP	431	?> </div>
1634b6ac VP	432	</form>
4b48b46f VP	433	</div>
	434	</div>
	435	</div>
	436	<?php }?>
	437
	438	</div></div><br>
1634b6ac	439
4b48b46f VP	440	</div><?php
	441
	442	}