ponepaste/public/admin/common.php

<?php
if (!defined('IN_PONEPASTE')) {
    die('This file may not be accessed directly.');
}

require_once('../../includes/common.php');

use PonePaste\Models\User;

if ($current_user === null || $current_user->role < User::ROLE_MODERATOR) {
    header('Location: ..');
    die();
}

if (!isset($_SESSION['admin_login'])) {
    // this is a hack, paste_id is set when POSTing to admin/paste_action.php, which we can only arrive at from a paste page
    if (isset($_POST['paste_id'])) {
        flashError('You must authenticate to perform that action.');
        $_SESSION['redirect_back'] = urlForPaste($_POST['paste_id']);
    }

    header('Location: .');
    exit();
}

if (isset($_GET['logout'])) {
    if (isset($_SESSION['login']))
        unset($_SESSION['login']);

    session_destroy();
    header("Location: .");
    exit();
}

function checkAdminAccess(int $role) {
    global $current_user;

    if ($current_user === null || $current_user->role < $role) {
        flashError('You do not have access to this page.');
        header('Location: /admin/');
        die();
    }
}

$flashes = getFlashes();
Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00			`<?php`
Some admin page fixes. 2021-08-09 04:21:39 -04:00			`if (!defined('IN_PONEPASTE')) {`
			`die('This file may not be accessed directly.');`
Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00			`}`
More Eloquent moves 2021-11-02 08:46:40 -04:00
fix: some admin pages implementation 2023-05-12 02:06:31 -04:00			`require_once('../../includes/common.php');`
Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00
More Eloquent moves 2021-11-02 08:46:40 -04:00			`use PonePaste\Models\User;`
Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00
feat: add moderator role system 2023-05-13 21:19:35 -04:00			`if ($current_user === null \|\| $current_user->role < User::ROLE_MODERATOR) {`
More Eloquent moves 2021-11-02 08:46:40 -04:00			`header('Location: ..');`
			`die();`
Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00			`}`

More Eloquent moves 2021-11-02 08:46:40 -04:00			`if (!isset($_SESSION['admin_login'])) {`
chore: move paste actions to paste_action.php to require admin authentication 2023-07-05 03:22:09 -04:00			`// this is a hack, paste_id is set when POSTing to admin/paste_action.php, which we can only arrive at from a paste page`
			`if (isset($_POST['paste_id'])) {`
			`flashError('You must authenticate to perform that action.');`
			`$_SESSION['redirect_back'] = urlForPaste($_POST['paste_id']);`
			`}`

Admin works well enough to update the site settings at least; removed a bunch of duplicate code. 2021-07-10 16:51:15 -04:00			`header('Location: .');`
			`exit();`
			`}`

			`if (isset($_GET['logout'])) {`
			`if (isset($_SESSION['login']))`
			`unset($_SESSION['login']);`

			`session_destroy();`
			`header("Location: .");`
			`exit();`
			`}`

feat: add moderator role system 2023-05-13 21:19:35 -04:00			`function checkAdminAccess(int $role) {`
			`global $current_user;`

			`if ($current_user === null \|\| $current_user->role < $role) {`
			`flashError('You do not have access to this page.');`
			`header('Location: /admin/');`
			`die();`
			`}`
			`}`

feat: reporting, lots of admin improvements 2023-05-13 20:05:10 -04:00			`$flashes = getFlashes();`