125 lines
3.3 KiB
PHP
125 lines
3.3 KiB
PHP
<?php
|
|
session_start();
|
|
|
|
/**
|
|
* Check if the user is logged in as admin
|
|
*/
|
|
function isAdmin() {
|
|
return isset($_SESSION['admin_logged_in']) && $_SESSION['admin_logged_in'] === true;
|
|
}
|
|
|
|
/**
|
|
* Check if the user has a specific role
|
|
*/
|
|
function hasRole($role) {
|
|
return isAdmin() && ($_SESSION['user_role'] ?? 'editor') === $role;
|
|
}
|
|
|
|
/**
|
|
* Redirect to login if not authenticated
|
|
*/
|
|
function requireAdmin() {
|
|
if (!isAdmin()) {
|
|
header("Location: login.php");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Require a specific role or redirect
|
|
*/
|
|
function requireRole($role) {
|
|
requireAdmin();
|
|
if (!hasRole($role)) {
|
|
logActivity(null, 'UNAUTHORIZED_ACCESS', 'User tried to access a restricted page.');
|
|
header("Location: dashboard.php?error=unauthorized");
|
|
exit;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Log an activity to the database
|
|
*/
|
|
function logActivity($user_id, $action, $details = null) {
|
|
global $pdo;
|
|
$username = $_SESSION['admin_username'] ?? 'GUEST';
|
|
$ip = $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN';
|
|
|
|
$stmt = $pdo->prepare("INSERT INTO activity_log (user_id, username, action, details, ip_address) VALUES (?, ?, ?, ?, ?)");
|
|
$stmt->execute([$user_id, $username, $action, $details, $ip]);
|
|
}
|
|
|
|
/**
|
|
* Get a setting value by key
|
|
*/
|
|
function getSetting($pdo, $key) {
|
|
$stmt = $pdo->prepare("SELECT value FROM settings WHERE `key` = ?");
|
|
$stmt->execute([$key]);
|
|
return $stmt->fetchColumn();
|
|
}
|
|
|
|
/**
|
|
* Update a setting value
|
|
*/
|
|
function updateSetting($pdo, $key, $value) {
|
|
$stmt = $pdo->prepare("UPDATE settings SET value = ? WHERE `key` = ?");
|
|
return $stmt->execute([$value, $key]);
|
|
}
|
|
|
|
/**
|
|
* Handle audio file upload
|
|
*/
|
|
function uploadAudio($file) {
|
|
$targetDir = "../assets/uploads/audio/";
|
|
$fileName = time() . '_' . basename($file["name"]);
|
|
$targetFilePath = $targetDir . $fileName;
|
|
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
|
|
|
|
// Allow certain file formats
|
|
$allowTypes = array('mp3', 'wav', 'm4a', 'ogg');
|
|
if (in_array(strtolower($fileType), $allowTypes)) {
|
|
if (!is_dir($targetDir)) {
|
|
error_log("Upload failed: Directory $targetDir does not exist.");
|
|
return false;
|
|
}
|
|
if (!is_writable($targetDir)) {
|
|
error_log("Upload failed: Directory $targetDir is not writable.");
|
|
return false;
|
|
}
|
|
if (move_uploaded_file($file["tmp_name"], $targetFilePath)) {
|
|
return $fileName;
|
|
} else {
|
|
error_log("Upload failed: move_uploaded_file returned false. Tmp: " . $file["tmp_name"] . " Dest: " . $targetFilePath);
|
|
}
|
|
} else {
|
|
error_log("Upload failed: Invalid file type $fileType.");
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Handle image file upload
|
|
*/
|
|
function uploadImage($file) {
|
|
$targetDir = "../assets/uploads/images/";
|
|
$fileName = time() . '_' . basename($file["name"]);
|
|
$targetFilePath = $targetDir . $fileName;
|
|
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
|
|
|
|
$allowTypes = array('jpg', 'png', 'jpeg', 'gif');
|
|
if (in_array(strtolower($fileType), $allowTypes)) {
|
|
if (move_uploaded_file($file["tmp_name"], $targetFilePath)) {
|
|
return $fileName;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
/**
|
|
* Format date to a readable format
|
|
*/
|
|
function formatDate($date) {
|
|
return date("F j, Y", strtotime($date));
|
|
}
|
|
?>
|