[irc/unrealircd/unrealircd-webpanel.git] / Classes / class-paneluser.php

<?php
/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
define('PERMISSION_MANAGE_USERS', 'manage_users'); 
/** Relating to Users tab: Can ban users connected to IRC */
define('PERMISSION_BAN_USERS', 'ban_users');
/** Change properties of a user, i.e. vhost, modes and more */
define('PERMISSION_EDIT_USER', 'edit_user');
/** Change properties of a channel, i.e. topic, modes and more */
define('PERMISSION_EDIT_CHANNEL', 'edit_channel'); 
/** Change properties of a user on a channel i.e give/remove voice or ops and more */
define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user'); 
/** Can add manual bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_ADD', 'tkl_add'); 
/** Can remove set bans, including G-Lines, Z-Lines and more */
define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
/** Can add Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_ADD', 'nb_add');
/** Can delete Name Bans (Q-Lines) */
define('PERMISSION_NAME_BAN_DEL', 'nb_del'); 
/** Can add ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add'); 
/** Can delete ban exceptions (E-Lines) */
define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del'); 
/** Can add spamfilter entries */
define('PERMISSION_SPAMFILTER_ADD', 'sf_add'); 
/** Can delete spamfilter entries */
define('PERMISSION_SPAMFILTER_DEL', 'sf_del'); 
/** Can rehash servers */
define('PERMISSION_REHASH', 'rhs');
/** Can install and uninstall plugins */
define('PERMISSION_MANAGE_PLUGINS', 'mng_plg');
/**
 * PanelUser
 * This is the User class for the SQL_Auth plugin
 */
class PanelUser
{
	public $id = NULL;
	public $username = NULL;
	private $passhash = NULL;
	public $first_name = NULL;
	public $last_name = NULL;
	public $created = NULL;
	public $user_meta = [];
	public $bio = NULL;
	public $email = NULL;

	/**
	 * Find a user in the database by name or ID
	 * @param string $name
	 * @param mixed $id
	 */
	function __construct(string $name = NULL, int $id = NULL)
	{
		$user["name"] = $name;
		$user["id"] = $id;
		$user["object"] = NULL;
		Hook::run(HOOKTYPE_USER_LOOKUP, $user);
		if ($user['object'] === null)
			return; /* no auth module loaded? */
		foreach ($user['object'] as $key => $value)
			$this->$key = $value;
	}

	/**
	 * Verify a user's password
	 * @param string $input
	 * @return bool
	 */
	function password_verify(string $password, bool &$hash_needs_updating = false) : bool
	{
		GLOBAL $config;
		$hash_needs_updating = false;

		if (str_starts_with($this->passhash, "peppered:"))
		{
			/* Argon2 with pepper */
			$password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
			if (password_verify($password, substr($this->passhash,9)))
				return true;
		} else {
			/* Old standard argon2 */
			if (password_verify($password, $this->passhash))
			{
				$hash_needs_updating = true;
				return true;
			}
		}
		return false;
	}

	/**
	 * Generate hash of user's password
	 * @param string $password
	 * @return string
	 */
	public static function password_hash(string $password) : string
	{
		GLOBAL $config;
		$input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
		return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
	}

	/**
	 * Add user meta data
	 * If using an array for the first param then you
	 * must also use an array for the second param
	 * @param array|string $key
	 * @param array|string|int|bool|null $value
	 */
	function add_meta(array|string $key, array|string|int|bool|null $value)
	{
		
		if (!$key)
			return false;

		if (is_array($key))
		{
			foreach ($key as $i => $k)
				$arr[$k] = $value[$i];
		} else {
			$arr[$key] = $value;
		}

		foreach($arr as $k => $v)
		{
			$meta = [
				"id" => $this->id,
				"key" => $k,
				"value" => $v
			];

			$array['meta'] = $meta;
			$array['user'] = $this;
			Hook::run(HOOKTYPE_USERMETA_ADD, $array);
		}
		
	}

	/**
	 * Delete user meta data by key
	 * @param string $key
	 */
	function delete_meta(string $key)
	{
		if (!$key )
			return false;

		$meta = [
			"id" => $this->id,
			"key" => $key,
		];
		$array['meta'] = $meta;
		$array['user'] = $this;
		Hook::run(HOOKTYPE_USERMETA_DEL, $array);

	}

	/** PERMISSIONS */

	function add_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		if (!in_array($permission,$meta))
			$meta[] = $permission;
		$this->add_meta("permissions", serialize($meta)); // updet de dettabess
		$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	}
	function delete_permission($permission)
	{
		$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
		foreach($meta as $key => $value)
		{
			if (!strcmp($permission, $value))
				unset($meta[$key]);
		}
		$this->add_meta("permissions", serialize($meta));
		$this->user_meta['permissions'] = serialize($meta);
	}

	/** Updates core user info.
	 * CAUTION: Updating a non-existent column will crash
	 * your shit
	 */
	function update_core_info($array)
	{
		$arr = ['info' => $array, 'user' => $this];
		Hook::run(HOOKTYPE_EDIT_USER, $arr);
	}
}


/**
 * This class looks up and returns any user meta.
 * This is used by PanelUser, so you won't need to 
 * call it separately from PanelUser.
 */
class PanelUser_Meta
{
	public $list = [];
	function __construct($id)
	{
		$array = [];
		$arr["id"] = $id;
		$arr['meta'] = &$array;
		Hook::run(HOOKTYPE_USERMETA_GET, $arr);
		$this->list = $arr['meta'];
		
	}
}

/**
 * Array of user
 * 
 * Required:
 * user_name
 * user_pass
 * 
 * Optional:
 * user_fname
 * user_lname
 * 
 * @param array $user
 * @throws Exception
 * @return bool
 */
function create_new_user(array &$user) : bool
{
	if (!isset($user['user_name']) || !isset($user['user_pass']))
		throw new Exception("Attempted to add user without specifying user_name or user_pass");

	$user['user_name'] = htmlspecialchars($user['user_name']);
	$user['user_pass'] = PanelUser::password_hash($user['user_pass']);
	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;

	if (($u = new PanelUser($user['user_name']))->id)
	{
		$user['err'] = "User already exists";
		return false;
	}
	// internal use
	$user['success'] = false;
	$user['errmsg'] = [];
	
	Hook::run(HOOKTYPE_USER_CREATE, $user);
	if (!$user['success'])
		return false;
	
	return true;
}

/**
 * Gets the user object for the current session
 * @return PanelUser|bool
 */
function unreal_get_current_user() : PanelUser|bool
{
	if (isset($_SESSION) && isset($_SESSION['id']))
	{
		$user = new PanelUser(NULL, $_SESSION['id']);
		if ($user->id)
			return $user;
	}
	return false;
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function current_user_can($permission) : bool
{
	$user = unreal_get_current_user();
	if (!$user)
		return false;
	return user_can($user, $permission);
}

/**
 * Checks if a user can do something
 * @param string $permission
 * @return bool
 */
function user_can(PanelUser $user, $permission) : bool
{
	global $config;
	if (!$user)
		return false;

	if (isset($user->user_meta['role']))
	{
		if ($user->user_meta['role'] == "Super-Admin")
			return true;

		else if ($user->user_meta['role'] == "Read-Only")
			return false;

		else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
			return true;
			
		return false;
	}

	/* compatibility fallback */
	if (isset($user->user_meta['permissions']))
	{
		$perms = unserialize($user->user_meta['permissions']);
		if (in_array($permission, $perms))
			return true;
	}
	return false;
}

/**
 * Delete a user and related meta
 * @param int $id The ID of the user in the SQL database.
 * @param array $info This will fill with a response.
 * @return int
 * 
 * Return values:
 *  1   The user was successfully deleted.
 *  0   The user was not found
 *  -1  The admin does not have permission to delete users [TODO]
 */
function delete_user(int $id, &$info = []) : int
{
	$user = new PanelUser(NULL, $id);
	if (!$user->id) {
		$info[] = "Could not find user";
		return 0;
	}
	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	return $arr["boolint"];
}

function get_panel_user_permission_list()
{
	$list = [
		"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
		"Can add/delete/manage plugins" => PERMISSION_MANAGE_PLUGINS,
		"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
		"Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
		"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
		"Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
		"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
		"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
		"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
		"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
		"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
		"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
		"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
		"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL

	];
	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	return $list;
}

function generate_panel_user_permission_table($user)
{
	
	$list = get_panel_user_permission_list();
	foreach($list as $desc => $slug)
	{
		$attributes = "";
		$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
		?>
		<div class="input-group">
			<div class="input-group-prepend">
				<div class="input-group-text">
					<input <?php
						$attributes .= (user_can($user, $slug)) ? "checked" : "";
						echo $attributes;
					?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
				</div>
			</div>
			<input type="text" readonly  class="form-control" value="<?php echo "$desc ($slug)"; ?>">
		</div>

		<?php
	}
}

function get_panel_user_roles_list()
{
	GLOBAL $config;

	/* Defaults */
	$list = [
	        "Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
	        "Read-Only" => [], // Read Only can do nothing
	];

	if (isset($config["user_roles"]))
		foreach($config['user_roles'] as $r => $role)
			$list[$r] = $role;

	return $list;
}

function generate_role_list($list)
{
	$list2 = get_panel_user_permission_list();
	?>
		<h5>Roles List:</h5>
		<div id="permlist">
		<div class="container-xxl" style="max-width: 1430px;">
		<div class="accordion" id="roles_accord">

<?php foreach($list as $role => $slug) {?>
	<div class="card">
		<div class="card-header" id="<?php echo to_slug($role); ?>_heading">
			<div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
				<?php echo $role ?>
				
			</div>
		</div>

		<div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
			<div id="results_rpc" class="card-body">
				<form method="post">
				<?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
					<div class="container row mb-2">
						<button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
						<button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
					</div>
					
				<?php } ?>
				<div id="<?php echo $role; ?>_input_area"><?php
					foreach($list2 as $desc => $slug)
					{
					$attributes = "";
					$attributes .= ($role == "Super-Admin" || $role == "Read-Only") ? "disabled " : "";

						?>
						<div class="input-group">
							<div class="input-group-prepend">
								<div class="input-group-text">
									<input <?php
										$attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
										echo $attributes;
									?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
								</div>
							</div>
							<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
						</div>
				
						<?php
					}
				?>	</div>
				</form>
			</div>
		</div>
	</div>
<?php }?>

		</div></div><br>
			
</div><?php

}
Commit	Line	Data
961b0aa7	1	<?php
cc9898cc VP	2	/** Relating to Panel Access: Can add, delete and edit users. Big boss. */
	3	define('PERMISSION_MANAGE_USERS', 'manage_users');
	4	/** Relating to Users tab: Can ban users connected to IRC */
	5	define('PERMISSION_BAN_USERS', 'ban_users');
	6	/** Change properties of a user, i.e. vhost, modes and more */
	7	define('PERMISSION_EDIT_USER', 'edit_user');
	8	/** Change properties of a channel, i.e. topic, modes and more */
	9	define('PERMISSION_EDIT_CHANNEL', 'edit_channel');
	10	/** Change properties of a user on a channel i.e give/remove voice or ops and more */
	11	define('PERMISSION_EDIT_CHANNEL_USER', 'edit_channel_user');
	12	/** Can add manual bans, including G-Lines, Z-Lines and more */
	13	define('PERMISSION_SERVER_BAN_ADD', 'tkl_add');
	14	/** Can remove set bans, including G-Lines, Z-Lines and more */
	15	define('PERMISSION_SERVER_BAN_DEL', 'tkl_del');
	16	/** Can add Name Bans (Q-Lines) */
	17	define('PERMISSION_NAME_BAN_ADD', 'nb_add');
	18	/** Can delete Name Bans (Q-Lines) */
	19	define('PERMISSION_NAME_BAN_DEL', 'nb_del');
	20	/** Can add ban exceptions (E-Lines) */
	21	define('PERMISSION_BAN_EXCEPTION_ADD', 'be_add');
	22	/** Can delete ban exceptions (E-Lines) */
	23	define('PERMISSION_BAN_EXCEPTION_DEL', 'be_del');
	24	/** Can add spamfilter entries */
	25	define('PERMISSION_SPAMFILTER_ADD', 'sf_add');
	26	/** Can delete spamfilter entries */
	27	define('PERMISSION_SPAMFILTER_DEL', 'sf_del');
5a7f0cde VP	28	/** Can rehash servers */
5a7f0cde VP	29	define('PERMISSION_REHASH', 'rhs');
fae5cd15 VP	30	/** Can install and uninstall plugins */
fae5cd15 VP	31	define('PERMISSION_MANAGE_PLUGINS', 'mng_plg');
6b3d3f83	32	/**
6930484c	33	* PanelUser
6b3d3f83 VP	34	* This is the User class for the SQL_Auth plugin
6b3d3f83 VP	35	*/
6930484c	36	class PanelUser
961b0aa7	37	{
d72d1923 VP	38	public $id = NULL;
	39	public $username = NULL;
	40	private $passhash = NULL;
	41	public $first_name = NULL;
	42	public $last_name = NULL;
	43	public $created = NULL;
	44	public $user_meta = [];
	45	public $bio = NULL;
0b546dde	46	public $email = NULL;
d72d1923 VP	47
	48	/**
	49	* Find a user in the database by name or ID
	50	* @param string $name
	51	* @param mixed $id
	52	*/
	53	function __construct(string $name = NULL, int $id = NULL)
	54	{
6930484c VP	55	$user["name"] = $name;
	56	$user["id"] = $id;
	57	$user["object"] = NULL;
6930484c	58	Hook::run(HOOKTYPE_USER_LOOKUP, $user);
cd1dee97 BM	59	if ($user['object'] === null)
cd1dee97 BM	60	return; /* no auth module loaded? */
6930484c VP	61	foreach ($user['object'] as $key => $value)
6930484c VP	62	$this->$key = $value;
d72d1923 VP	63	}
	64
	65	/**
	66	* Verify a user's password
	67	* @param string $input
	68	* @return bool
	69	*/
6b08fcb9	70	function password_verify(string $password, bool &$hash_needs_updating = false) : bool
d72d1923	71	{
6b08fcb9 BM	72	GLOBAL $config;
	73	$hash_needs_updating = false;
	74
	75	if (str_starts_with($this->passhash, "peppered:"))
	76	{
	77	/* Argon2 with pepper */
	78	$password = hash_hmac("sha256", $password, $config['secrets']['pepper']);
	79	if (password_verify($password, substr($this->passhash,9)))
	80	return true;
	81	} else {
	82	/* Old standard argon2 */
	83	if (password_verify($password, $this->passhash))
	84	{
	85	$hash_needs_updating = true;
	86	return true;
	87	}
	88	}
d72d1923 VP	89	return false;
	90	}
	91
6b08fcb9 BM	92	/**
	93	* Generate hash of user's password
	94	* @param string $password
	95	* @return string
	96	*/
	97	public static function password_hash(string $password) : string
	98	{
	99	GLOBAL $config;
	100	$input = hash_hmac("sha256", $password, $config['secrets']['pepper']);
	101	return "peppered:".password_hash($input, PASSWORD_ARGON2ID);
	102	}
	103
d72d1923 VP	104	/**
d72d1923 VP	105	* Add user meta data
3ca012c9 VP	106	* If using an array for the first param then you
3ca012c9 VP	107	* must also use an array for the second param
7a345d4a	108	* @param array\|string $key
75b243f6	109	* @param array\|string\|int\|bool\|null $value
d72d1923	110	*/
75b243f6	111	function add_meta(array\|string $key, array\|string\|int\|bool\|null $value)
d72d1923	112	{
6930484c	113
75b243f6	114	if (!$key)
d72d1923 VP	115	return false;
d72d1923 VP	116
75b243f6 BM	117	if (is_array($key))
75b243f6 BM	118	{
7a345d4a VP	119	foreach ($key as $i => $k)
7a345d4a VP	120	$arr[$k] = $value[$i];
75b243f6 BM	121	} else {
	122	$arr[$key] = $value;
	123	}
	124
7a345d4a VP	125	foreach($arr as $k => $v)
	126	{
	127	$meta = [
	128	"id" => $this->id,
	129	"key" => $k,
	130	"value" => $v
	131	];
	132
	133	$array['meta'] = $meta;
	134	$array['user'] = $this;
	135	Hook::run(HOOKTYPE_USERMETA_ADD, $array);
	136	}
6930484c	137
d72d1923 VP	138	}
	139
	140	/**
	141	* Delete user meta data by key
	142	* @param string $key
d72d1923 VP	143	*/
	144	function delete_meta(string $key)
	145	{
	146	if (!$key )
	147	return false;
	148
	149	$meta = [
	150	"id" => $this->id,
	151	"key" => $key,
	152	];
c53841fe BM	153	$array['meta'] = $meta;
	154	$array['user'] = $this;
	155	Hook::run(HOOKTYPE_USERMETA_DEL, $array);
d72d1923 VP	156
	157	}
	158
	159	/** PERMISSIONS */
	160
	161	function add_permission($permission)
	162	{
	163	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	164	if (!in_array($permission,$meta))
	165	$meta[] = $permission;
	166	$this->add_meta("permissions", serialize($meta)); // updet de dettabess
	167	$this->user_meta['permissions'] = serialize($meta); // put it back in our object in case it still needs to be used
	168	}
	169	function delete_permission($permission)
	170	{
	171	$meta = (isset($this->user_meta['permissions'])) ? unserialize($this->user_meta['permissions']) : [];
	172	foreach($meta as $key => $value)
	173	{
	174	if (!strcmp($permission, $value))
	175	unset($meta[$key]);
	176	}
	177	$this->add_meta("permissions", serialize($meta));
	178	$this->user_meta['permissions'] = serialize($meta);
	179	}
	180
5a7f0cde VP	181	/** Updates core user info.
	182	* CAUTION: Updating a non-existent column will crash
	183	* your shit
	184	*/
	185	function update_core_info($array)
	186	{
	187	$arr = ['info' => $array, 'user' => $this];
	188	Hook::run(HOOKTYPE_EDIT_USER, $arr);
	189	}
4d634d0a	190	}
a3151e7c	191
6b3d3f83 VP	192
	193	/**
	194	* This class looks up and returns any user meta.
6930484c VP	195	* This is used by PanelUser, so you won't need to
6930484c VP	196	* call it separately from PanelUser.
6b3d3f83	197	*/
6930484c	198	class PanelUser_Meta
4d634d0a	199	{
d72d1923 VP	200	public $list = [];
	201	function __construct($id)
	202	{
6930484c VP	203	$array = [];
	204	$arr["id"] = $id;
	205	$arr['meta'] = &$array;
	206	Hook::run(HOOKTYPE_USERMETA_GET, $arr);
6930484c VP	207	$this->list = $arr['meta'];
6930484c VP	208
d72d1923	209	}
a3151e7c VP	210	}
a3151e7c VP	211
4225314c VP	212	/**
	213	* Array of user
	214	*
	215	* Required:
	216	* user_name
	217	* user_pass
	218	*
	219	* Optional:
	220	* user_fname
	221	* user_lname
	222	*
	223	* @param array $user
	224	* @throws Exception
	225	* @return bool
	226	*/
180b8ec1	227	function create_new_user(array &$user) : bool
4d634d0a	228	{
d72d1923 VP	229	if (!isset($user['user_name']) \|\| !isset($user['user_pass']))
	230	throw new Exception("Attempted to add user without specifying user_name or user_pass");
	231
180b8ec1	232	$user['user_name'] = htmlspecialchars($user['user_name']);
6b08fcb9	233	$user['user_pass'] = PanelUser::password_hash($user['user_pass']);
180b8ec1 VP	234	$user['fname'] = (isset($user['fname'])) ? htmlspecialchars($user['fname']) : NULL;
	235	$last['lname'] = (isset($user['lname'])) ? htmlspecialchars($user['lname']) : NULL;
	236	$user['user_bio'] = (isset($user['user_bio'])) ? htmlspecialchars($user['user_bio']) : NULL;
9a674833	237	$user['email'] = (isset($user['user_email'])) ? htmlspecialchars($user['user_email']) : NULL;
d72d1923	238
180b8ec1 VP	239	if (($u = new PanelUser($user['user_name']))->id)
	240	{
	241	$user['err'] = "User already exists";
	242	return false;
	243	}
	244	// internal use
	245	$user['success'] = false;
	246	$user['errmsg'] = [];
	247
	248	Hook::run(HOOKTYPE_USER_CREATE, $user);
	249	if (!$user['success'])
	250	return false;
d72d1923 VP	251
d72d1923 VP	252	return true;
4d634d0a VP	253	}
	254
	255	/**
	256	* Gets the user object for the current session
6930484c	257	* @return PanelUser\|bool
4d634d0a	258	*/
6930484c	259	function unreal_get_current_user() : PanelUser\|bool
a3151e7c	260	{
d3e3ec08	261	if (isset($_SESSION) && isset($_SESSION['id']))
d72d1923	262	{
6930484c	263	$user = new PanelUser(NULL, $_SESSION['id']);
d72d1923 VP	264	if ($user->id)
	265	return $user;
	266	}
	267	return false;
4d634d0a VP	268	}
	269
	270	/**
	271	* Checks if a user can do something
	272	* @param string $permission
	273	* @return bool
	274	*/
d72d1923	275	function current_user_can($permission) : bool
4d634d0a	276	{
d72d1923	277	$user = unreal_get_current_user();
6c67bf53 VP	278	if (!$user)
6c67bf53 VP	279	return false;
2405dc8e VP	280	return user_can($user, $permission);
	281	}
	282
	283	/**
	284	* Checks if a user can do something
	285	* @param string $permission
	286	* @return bool
	287	*/
	288	function user_can(PanelUser $user, $permission) : bool
	289	{
6f0e7ce4	290	global $config;
d72d1923 VP	291	if (!$user)
d72d1923 VP	292	return false;
2405dc8e	293
6f0e7ce4 VP	294	if (isset($user->user_meta['role']))
	295	{
	296	if ($user->user_meta['role'] == "Super-Admin")
	297	return true;
	298
	299	else if ($user->user_meta['role'] == "Read-Only")
	300	return false;
	301
	302	else if (in_array($permission, $config['user_roles'][$user->user_meta['role']]))
	303	return true;
	304
	305	return false;
	306	}
	307
	308	/* compatibility fallback */
d72d1923 VP	309	if (isset($user->user_meta['permissions']))
	310	{
	311	$perms = unserialize($user->user_meta['permissions']);
	312	if (in_array($permission, $perms))
d72d1923	313	return true;
d72d1923 VP	314	}
d72d1923 VP	315	return false;
4d634d0a VP	316	}
4d634d0a VP	317
7aad7c29 VP	318	/**
	319	* Delete a user and related meta
	320	* @param int $id The ID of the user in the SQL database.
d72d1923	321	* @param array $info This will fill with a response.
7aad7c29 VP	322	* @return int
	323	*
	324	* Return values:
	325	* 1 The user was successfully deleted.
	326	* 0 The user was not found
	327	* -1 The admin does not have permission to delete users [TODO]
	328	*/
	329	function delete_user(int $id, &$info = []) : int
	330	{
6930484c	331	$user = new PanelUser(NULL, $id);
d72d1923 VP	332	if (!$user->id) {
	333	$info[] = "Could not find user";
	334	return 0;
	335	}
180b8ec1 VP	336	$arr = ["user" => $user, "info" => &$info, "boolint" => 0];
	337	Hook::run(HOOKTYPE_USER_DELETE, $arr);
	338	return $arr["boolint"];
54b5ea90 VP	339	}
54b5ea90 VP	340
2405dc8e VP	341	function get_panel_user_permission_list()
	342	{
	343	$list = [
	344	"Can add/delete/edit Admin Panel users" => PERMISSION_MANAGE_USERS,
fae5cd15	345	"Can add/delete/manage plugins" => PERMISSION_MANAGE_PLUGINS,
2405dc8e	346	"Can ban/kill IRC users" => PERMISSION_BAN_USERS,
9616b8e6	347	"Can change properties of a user, i.e. vhost, modes and more" => PERMISSION_EDIT_USER,
2405dc8e	348	"Can change properties of a channel, i.e. topic, modes and more" => PERMISSION_EDIT_CHANNEL,
462bd723	349	"Can change properties of a user on a channel i.e give/remove voice or ops and more" => PERMISSION_EDIT_CHANNEL_USER,
2405dc8e VP	350	"Can add manual bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_ADD,
	351	"Can remove set bans, including G-Lines, Z-Lines and more" => PERMISSION_SERVER_BAN_DEL,
	352	"Can forbid usernames and channels" => PERMISSION_NAME_BAN_ADD,
	353	"Can unforbid usernames and channels" => PERMISSION_NAME_BAN_DEL,
	354	"Can add server ban exceptions" => PERMISSION_BAN_EXCEPTION_ADD,
	355	"Can remove server ban exceptions" => PERMISSION_BAN_EXCEPTION_DEL,
	356	"Can add Spamfilter entries" => PERMISSION_SPAMFILTER_ADD,
	357	"Can remove Spamfilter entries" => PERMISSION_SPAMFILTER_DEL
fae5cd15	358
2405dc8e VP	359	];
	360	Hook::run(HOOKTYPE_USER_PERMISSION_LIST, $list); // so plugin writers can add their own permissions
	361	return $list;
	362	}
	363
	364	function generate_panel_user_permission_table($user)
	365	{
	366
	367	$list = get_panel_user_permission_list();
	368	foreach($list as $desc => $slug)
	369	{
	370	$attributes = "";
	371	$attributes .= (current_user_can(PERMISSION_MANAGE_USERS)) ? "" : "disabled ";
	372	?>
	373	<div class="input-group">
	374	<div class="input-group-prepend">
	375	<div class="input-group-text">
	376	<input <?php
	377	$attributes .= (user_can($user, $slug)) ? "checked" : "";
	378	echo $attributes;
	379	?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
	380	</div>
	381	</div>
	382	<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
	383	</div>
	384
	385	<?php
	386	}
9616b8e6	387	}
4b48b46f VP	388
	389	function get_panel_user_roles_list()
	390	{
8c415815 BM	391	GLOBAL $config;
8c415815 BM	392
4b48b46f VP	393	/* Defaults */
4b48b46f VP	394	$list = [
8c415815 BM	395	"Super-Admin" => get_panel_user_permission_list(), // SuperAdmin can do everything
8c415815 BM	396	"Read-Only" => [], // Read Only can do nothing
4b48b46f VP	397	];
4b48b46f VP	398
8c415815 BM	399	if (isset($config["user_roles"]))
	400	foreach($config['user_roles'] as $r => $role)
	401	$list[$r] = $role;
	402
4b48b46f VP	403	return $list;
	404	}
	405
	406	function generate_role_list($list)
	407	{
	408	$list2 = get_panel_user_permission_list();
	409	?>
	410	<h5>Roles List:</h5>
	411	<div id="permlist">
088733d4	412	<div class="container-xxl" style="max-width: 1430px;">
4b48b46f VP	413	<div class="accordion" id="roles_accord">
	414
	415	<?php foreach($list as $role => $slug) {?>
	416	<div class="card">
	417	<div class="card-header" id="<?php echo to_slug($role); ?>_heading">
	418	<div class="btn-header-link btn-block text-left collapsed" type="button" data-toggle="collapse" data-target="#collapse_<?php echo to_slug($role); ?>" aria-expanded="true" aria-controls="collapse_<?php echo to_slug($role); ?>">
	419	<?php echo $role ?>
1634b6ac	420
4b48b46f VP	421	</div>
	422	</div>
	423
	424	<div id="collapse_<?php echo to_slug($role); ?>" class="collapse" aria-labelledby="<?php echo to_slug($role); ?>_heading" data-parent="#roles_accord">
	425	<div id="results_rpc" class="card-body">
1634b6ac	426	<form method="post">
6f0e7ce4	427	<?php if ($role !== "Super-Admin" && $role !== "Read-Only") { ?>
1634b6ac VP	428	<div class="container row mb-2">
	429	<button id="update_role" name="update_role" value="<?php echo $role ?>" class="btn btn-primary ml-1 mr-2" >Update</button>
	430	<button id="delete_role" name="del_role_name" value="<?php echo $role ?>" class="btn btn-danger"><i class="fa fa-trash fa-1" aria-hidden="true"></i></button>
	431	</div>
	432
	433	<?php } ?>
	434	<div id="<?php echo $role; ?>_input_area"><?php
4b48b46f VP	435	foreach($list2 as $desc => $slug)
	436	{
	437	$attributes = "";
6f0e7ce4	438	$attributes .= ($role == "Super-Admin" \|\| $role == "Read-Only") ? "disabled " : "";
4b48b46f VP	439
	440	?>
	441	<div class="input-group">
	442	<div class="input-group-prepend">
	443	<div class="input-group-text">
	444	<input <?php
	445	$attributes .= (in_array($slug, $list[$role])) ? "checked" : "";
	446	echo $attributes;
1634b6ac	447	?> name="permissions[]" value="<?php echo $slug; ?>" type="checkbox">
4b48b46f VP	448	</div>
	449	</div>
	450	<input type="text" readonly class="form-control" value="<?php echo "$desc ($slug)"; ?>">
	451	</div>
	452
	453	<?php
	454	}
1634b6ac VP	455	?> </div>
1634b6ac VP	456	</form>
4b48b46f VP	457	</div>
	458	</div>
	459	</div>
	460	<?php }?>
	461
	462	</div></div><br>
1634b6ac	463
4b48b46f VP	464	</div><?php
	465
	466	}