12 Sep 2023

1) Added a hidden "Suspended" user level - Should anyone want to suspend and not delete user accounts.
2) Push - Added user ID. It is now possible to send to specific users.
3) Small route fix for funky URLs such as http://site.com//FOO

Author: code-boxx

lib/CORE-Config.php

@@ -57,7 +57,7 @@
 
 // (H) USER LEVELS - IF YOU WANT TO INCLUDE ROLES IN THE FUTURE
 define("USR_LVL", [
-  "A" => "Admin", "U" => "User"
+  "A" => "Admin", "U" => "User", "S" => "Suspended"
 ]);
 
 // (I) PUSH NOTIFICATION

lib/HOOK-SESS-Load.php

@@ -7,11 +7,11 @@
   $user = $this->DB->fetch(
     "SELECT * FROM `users` WHERE `user_id`=?", [$_SESSION["user"]["user_id"]]
   );
-  if (is_array($user)) {
-    unset($user["user_password"]);
-    $_SESSION["user"] = $user;
-  } else {
+  if (!is_array($user) || (isset($user["user_level"]) && $user["user_level"]=="S")) {
     $this->destroy();
     throw new Exception("Invalid or expired session.");
+  } else {
+    unset($user["user_password"]);
+    $_SESSION["user"] = $user;
   }
 }

lib/LIB-Forgot.php

@@ -24,6 +24,10 @@ function request ($email) {
       $this->error = "$email is not an active account.";
       return false;
     }
+    if ($user["user_level"] == "S") {
+      $this->error = "$email is not an active account.";
+      return false;
+    }
 
     // (B3) CHECK PREVIOUS REQUEST (PREVENT SPAM)
     $req = $this->Users->hashGet($user["user_id"], "P");

lib/LIB-MInstall.php

@@ -0,0 +1,69 @@
+<?php
+class MInstall extends Core {
+  // (A) IMPORT SQL FILE
+  function sql ($module) {
+    $file = PATH_LIB . "SQL-$module.sql";
+    if (!file_exists($file)) { exit("$file not found!"); }
+    try {
+      $this->DB->query(file_get_contents($file));
+    } catch (Exception $ex) {
+      exit("Unable to import $file - " . $ex->getMessage());
+    }
+  }
+
+  // (B) BACKUP FILE
+  function backup ($file) {
+    if (!file_exists($file)) { exit("$file not found!"); }
+    $ext = pathinfo($file, PATHINFO_EXTENSION);
+    $bak = $ext == "htaccess" ? "$file.old" : str_replace(".$ext", ".old", $file) ;
+    if (!copy($file, $bak)) { exit("Failed to backup $file"); }
+  }
+
+  // (C) APPEND TO FILE
+  function append ($file, $add) {
+    $this->backup($file);
+    $fh = fopen($file, "a") or exit("Cannot open $file");
+    if (fwrite($fh, $add) === false) {
+      fclose($fh);
+      exit("Failed to write to $file");
+    }
+    fclose($fh);
+  }
+
+  // (D) INSERT INTO FILE
+  function insert ($file, $search, $add, $offset=0) {
+    // (D1) BACKUP SPECIFIED FILE
+    $this->backup($file);
+
+    // (D2) SEEK "LINE TO INSERT AT"
+    $lines = file($file);
+    $at = -1;
+    foreach ($lines as $l=>$line) {
+      if (strpos($line, $search) !== false) { $at = $l + 1 + $offset; break; }
+    }
+    if ($at == -1) { exit("Failed to update $file"); }
+
+    // (D3) INSERT INTO FILE
+    array_splice($lines, $at, 0, $add);
+    if (file_put_contents($file, implode("", $lines)) == false) {
+      exit("Failed to update $file");
+    }
+  }
+
+  // (E) CONDITIONAL INSERT
+  function cinsert ($condition, $file, $search, $add, $offset=0) {
+    $insert = true;
+    $stream = fopen($file, "r");
+    while($line = fgets($stream)) {
+      if (strpos($line, $condition) !== false) { $insert = false; break; }
+    }
+    if ($insert) { $this->insert($file, $search, $add, $offset); }
+  }
+
+  // (F) CLEAN UP
+  function clean ($module) {
+    $file = PATH_PAGES . "PAGE-install-$module.php";
+    if (!unlink($file)) { echo "Failed to delete $file, please do so manually."; }
+    echo "Installation complete";
+  }
+}

lib/LIB-Push.php

@@ -2,7 +2,14 @@
 class Push extends Core {
   // (A) SAVE SUBSCRIBER
   function save ($endpoint, $sub) {
-    $this->DB->replace("webpush", ["endpoint", "data"], [$endpoint, $sub]);
+    $this->DB->replace("webpush",
+      ["endpoint", "user_id", "data"],
+      [
+        $endpoint,
+        isset($_SESSION["user"]) ? $_SESSION["user"]["user_id"] : null,
+        $sub
+      ]
+    );
     return true;
   }
 
@@ -12,8 +19,8 @@ function del ($endpoint) {
     return true;
   }
 
-  // (C) SEND PUSH
-  function send ($title, $body, $icon=null, $image=null) {
+  // (C) SEND PUSH NOTIFICATION
+  function send ($title, $body, $icon=null, $image=null, $uid=null) {
     // (C1) MAY TAKE A LONG TIME IF THERE ARE A LOT OF INACTIVE...
     set_time_limit(45);
 
@@ -25,8 +32,12 @@ function send ($title, $body, $icon=null, $image=null) {
       "privateKey" => PUSH_PRIVATE
     ]]);
 
-    // (C3) SEND TO SUBSCRIBERS
-    $this->DB->query("SELECT `data` FROM `webpush`");
+    // (C3) SEND TO SUBSCRIBER(S)
+    $this->DB->query(
+      "SELECT `data` FROM `webpush`" . 
+      ($uid==null ? "" : " WHERE `user_id`=?"),
+      $uid==null ? null : [$uid]
+    );
     while ($r = $this->DB->stmt->fetchColumn()) {
       // (C3-1) SUBSCRIBER
       $sub = Minishlink\WebPush\Subscription::create(json_decode($r, true));

lib/LIB-Route.php

@@ -9,10 +9,20 @@ class Route extends Core {
 
   // (A) RUN URL ROUTING ENGINE
   function run () : void {
-    // (A1) CLEAN CURRENT URL PATH
+    // (A1) GET URL PATH SEGMENT
+    $this->path = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
+
+    // (A2) SPECIAL CASE
+    // e.g. http://site.com//, http://site.com//XYZ
+    if ($this->path == "") {
+      $this->load("PAGE-404.php", 404);
+      exit();
+    }
+
+    // (A3) CLEAN CURRENT URL PATH
     // http://site.com/ > $this->path = "/"
     // http://site.com/hello/world/ > $this->path = "hello/world/"
-    $this->path = parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
+    $this->path = preg_replace("~/{2,}~", "/", $this->path);
     if (substr($this->path, 0, strlen(HOST_BASE_PATH)) == HOST_BASE_PATH) {
       $this->path = substr($this->path, strlen(HOST_BASE_PATH));
     }