michael
/
Podcast-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Podcast-server/includes/functions.php

143 lines
4.0 KiB
PHP
Raw Permalink Blame History

<?php
session_start();
/**
* Check if the user is logged in as admin
*/
function isAdmin() {
return isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
}
/**
* Check if the user has a specific role
*/
function hasRole($role) {
return isAdmin() && ($_SESSION['user_role'] ?? 'editor') === $role;
}
/**
* Redirect to login if not authenticated
*/
function requireAdmin() {
if (!isAdmin()) {
header("Location: login.php");
exit;
}
}
/**
* Require a specific role or redirect
*/
function requireRole($role) {
requireAdmin();
if (!hasRole($role)) {
logActivity(null, 'UNAUTHORIZED_ACCESS', 'User tried to access a restricted page.');
header("Location: dashboard.php?error=unauthorized");
exit;
}
}
/**
* Log an activity to the database
*/
function logActivity($user_id, $action, $details = null) {
global $pdo;
$username = $_SESSION['admin_username'] ?? 'GUEST';
$ip = 'UNKNOWN';
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR'])[0];
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
$ip = $_SERVER['REMOTE_ADDR'];
}
$stmt = $pdo->prepare("INSERT INTO activity_log (user_id, username, action, details, ip_address) VALUES (?, ?, ?, ?, ?)");
$stmt->execute([$user_id, $username, $action, $details, $ip]);
}
/**
* Get a setting value by key
*/
function getSetting($pdo, $key) {
$stmt = $pdo->prepare("SELECT value FROM settings WHERE `key` = ?");
$stmt->execute([$key]);
return $stmt->fetchColumn();
}
/**
* Update a setting value
*/
function updateSetting($pdo, $key, $value) {
$stmt = $pdo->prepare("UPDATE settings SET value = ? WHERE `key` = ?");
return $stmt->execute([$value, $key]);
}
/**
* Handle audio file upload
*/
function uploadAudio($file) {
$targetDir = "../assets/uploads/audio/";
$fileName = time() . '_' . basename($file["name"]);
$targetFilePath = $targetDir . $fileName;
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
// Allow certain file formats
$allowTypes = array('mp3', 'wav', 'm4a', 'ogg');
if (in_array(strtolower($fileType), $allowTypes)) {
if (!is_dir($targetDir)) {
error_log("Upload failed: Directory $targetDir does not exist.");
return false;
}
if (!is_writable($targetDir)) {
error_log("Upload failed: Directory $targetDir is not writable.");
return false;
}
if (move_uploaded_file($file["tmp_name"], $targetFilePath)) {
return $fileName;
} else {
error_log("Upload failed: move_uploaded_file returned false. Tmp: " . $file["tmp_name"] . " Dest: " . $targetFilePath);
}
} else {
error_log("Upload failed: Invalid file type $fileType.");
}
return false;
}
/**
* Handle image file upload
*/
function uploadImage($file) {
$targetDir = "../assets/uploads/images/";
$fileName = time() . '_' . basename($file["name"]);
$targetFilePath = $targetDir . $fileName;
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
$allowTypes = array('jpg', 'png', 'jpeg', 'gif');
if (in_array(strtolower($fileType), $allowTypes)) {
if (move_uploaded_file($file["tmp_name"], $targetFilePath)) {
return $fileName;
}
}
return false;
}
/**
* Format date to a readable format
*/
function formatDate($date) {
return date("F j, Y", strtotime($date));
}
/**
* Parse text for URLs and convert to clickable links
*/
function parseFooterText($text) {
$escaped = htmlspecialchars($text);
// Regex for URLs
$pattern = '/(https?:\/\/[^\s]+)/';
$replacement = '<a href="$1" target="_blank" style="color: var(--primary-color); text-decoration: none; font-weight: 600;">$1</a>';
return preg_replace($pattern, $replacement, $escaped);
}
?>
Reference in New Issue View Git Blame Copy Permalink