Tul xxx Tul
User / IP
:
216.73.217.21
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
comidarapida
/
components
/
Viewing: admin_roles.php
<?php if (!function_exists('ensureAdminRolesSchema')) { function ensureAdminRolesSchema(PDO $conn): void { static $checked = false; if ($checked) { return; } $checked = true; $columnExistsStmt = $conn->prepare( "SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'admin' AND COLUMN_NAME = 'role'" ); $columnExistsStmt->execute(); if (!$columnExistsStmt->fetchColumn()) { // Ensure the first administrator keeps full access after adding the column. } $permissionsColumnStmt = $conn->prepare( "SELECT 1 FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_SCHEMA = DATABASE() AND TABLE_NAME = 'admin' AND COLUMN_NAME = 'permissions'" ); $permissionsColumnStmt->execute(); if (!$permissionsColumnStmt->fetchColumn()) { } } function getAvailableAdminRoles(): array { return [ 'owner' => 'Propietario', 'manager' => 'Gerente', 'staff' => 'Operativo', 'viewer' => 'Solo lectura', ]; } function getAdminRolePermissions(): array { return [ 'owner' => ['*'], 'manager' => [ 'dashboard', 'orders_insights', 'dine_in_orders', 'dine_in_history', 'delivery_orders', 'delivery_history', 'delivery_zones', 'inventory', 'recipes', 'products', 'product_preparers', 'preparers', 'gallery', 'profit_reports', 'profile', ], 'staff' => [ 'dashboard', 'orders_insights', 'dine_in_orders', 'dine_in_history', 'delivery_orders', 'delivery_history', 'inventory', 'recipes', 'products', 'product_preparers', 'preparers', 'profit_reports', 'profile', ], 'viewer' => [ 'dashboard', 'orders_insights', 'dine_in_history', 'delivery_history', 'profile', ], ]; } function getAdminPermissionLabels(): array { return [ 'dashboard' => 'Panel Principal', 'orders_insights' => 'Comandas/Historial - Filtros y resúmenes', 'dine_in_orders' => 'Comandas salón - Activas', 'dine_in_history' => 'Comandas salón - Historial', 'delivery_orders' => 'Pedidos domicilio - Activos', 'delivery_history' => 'Pedidos domicilio - Historial', 'delivery_zones' => 'Zonas de entrega', 'inventory' => 'Inventario', 'recipes' => 'Recetas', 'products' => 'Productos', 'product_preparers' => 'Asignación de preparadores por comida', 'preparers' => 'Preparadores de comidas', 'gallery' => 'Galería', 'profit_reports' => 'Reporte de ganancias', 'admin_accounts' => 'Gestión de usuarios', 'settings' => 'Configuración', 'profile' => 'Perfil de administrador', ]; } function getAllAdminPermissions(): array { static $allPermissions = null; if ($allPermissions !== null) { return $allPermissions; } $labels = getAdminPermissionLabels(); $allPermissions = array_keys($labels); return $allPermissions; } function addAdminFlashMessage(string $text): void { if (!isset($_SESSION['flash_messages']) || !is_array($_SESSION['flash_messages'])) { $_SESSION['flash_messages'] = []; } $_SESSION['flash_messages'][] = $text; } function getAdminPagePermissionMap(): array { return [ 'dashboard.php' => 'dashboard', 'dine_in_orders.php' => 'dine_in_orders', 'dine_in_history.php' => 'dine_in_history', 'dine_in_order_ticket.php' => 'dine_in_orders', 'delivery_orders.php' => 'delivery_orders', 'add_delivery.php' => 'delivery_orders', 'delivery_history.php' => 'delivery_history', 'delivery_zones.php' => 'delivery_zones', 'profit_reports.php' => 'profit_reports', 'inventory.php' => 'inventory', 'recipes.php' => 'recipes', 'products.php' => 'products', 'product_preparers.php' => 'product_preparers', 'preparers.php' => 'preparers', 'gallery.php' => 'gallery', 'admin_accounts.php' => 'admin_accounts', 'register_admin.php' => 'admin_accounts', 'admin_permissions.php' => 'admin_accounts', 'settings.php' => 'settings', 'update_profile.php' => 'profile', ]; } function normalizeAdminRole(?string $role): string { $roles = array_keys(getAvailableAdminRoles()); return in_array($role, $roles, true) ? $role : 'staff'; } function normalizeAdminPermissionList($permissions): array { if (!is_array($permissions)) { return []; } $validPermissions = getAllAdminPermissions(); $normalized = []; foreach ($permissions as $permission) { $permission = trim((string)$permission); if ($permission !== '' && in_array($permission, $validPermissions, true)) { $normalized[$permission] = true; } } return array_keys($normalized); } function decodeAdminPermissionsColumn(?string $rawPermissions): array { if ($rawPermissions === null || $rawPermissions === '') { return []; } $decoded = json_decode($rawPermissions, true); if (!is_array($decoded)) { return []; } return normalizeAdminPermissionList($decoded); } function getAdminCustomPermissionsFromDb(PDO $conn, int $adminId): array { $stmt = $conn->prepare('SELECT permissions FROM `admin` WHERE id = ? LIMIT 1'); $stmt->execute([$adminId]); $raw = $stmt->fetchColumn(); if ($raw === false || $raw === null || $raw === '') { return [[], false]; } return [decodeAdminPermissionsColumn($raw), true]; } function saveAdminCustomPermissions(PDO $conn, int $adminId, ?array $permissions): void { if ($permissions === null) { $stmt = $conn->prepare('UPDATE `admin` SET permissions = NULL WHERE id = ?'); $stmt->execute([$adminId]); return; } $normalized = normalizeAdminPermissionList($permissions); $stmt = $conn->prepare('UPDATE `admin` SET permissions = ? WHERE id = ?'); $stmt->execute([json_encode($normalized, JSON_UNESCAPED_UNICODE), $adminId]); } function countAdminsByRole(PDO $conn, string $role): int { $stmt = $conn->prepare('SELECT COUNT(*) FROM `admin` WHERE role = ?'); $stmt->execute([normalizeAdminRole($role)]); return (int)$stmt->fetchColumn(); } function adminHasPermission(?string $role, string $permission): bool { $customPermissions = $_SESSION['admin_permissions'] ?? null; $customMode = $_SESSION['admin_permissions_custom'] ?? false; if ($customMode) { if (is_array($customPermissions) && in_array('*', $customPermissions, true)) { return true; } return is_array($customPermissions) && in_array($permission, $customPermissions, true); } $role = normalizeAdminRole($role); $permissionsMatrix = getAdminRolePermissions(); $rolePermissions = $permissionsMatrix[$role] ?? []; if (in_array('*', $rolePermissions, true)) { return true; } return in_array($permission, $rolePermissions, true); } function getAdminRoleFromDb(PDO $conn, int $adminId): string { $stmt = $conn->prepare('SELECT role FROM `admin` WHERE id = ? LIMIT 1'); $stmt->execute([$adminId]); $role = $stmt->fetchColumn() ?: 'staff'; return normalizeAdminRole($role); } function getAdminRole(?int $sessionAdminId = null, ?PDO $conn = null): ?string { if (isset($_SESSION['admin_role'])) { return normalizeAdminRole($_SESSION['admin_role']); } if ($sessionAdminId === null || $conn === null) { return null; } refreshAdminAccess($conn, $sessionAdminId); return $_SESSION['admin_role'] ?? null; } function refreshAdminRole(PDO $conn, int $adminId): string { [$role] = refreshAdminAccess($conn, $adminId); return $role; } function getRoleBySession(PDO $conn): string { $adminId = $_SESSION['admin_id'] ?? null; if (!$adminId) { return 'viewer'; } $role = getAdminRole($adminId, $conn); if ($role === null) { [$role] = refreshAdminAccess($conn, (int)$adminId); } return $role; } function refreshAdminAccess(PDO $conn, int $adminId): array { $role = getAdminRoleFromDb($conn, $adminId); $_SESSION['admin_role'] = $role; [$customPermissions, $customMode] = getAdminCustomPermissionsFromDb($conn, $adminId); $_SESSION['admin_permissions'] = $customPermissions; $_SESSION['admin_permissions_custom'] = $customMode; return [$role, $customPermissions]; } function enforceAdminPermission(string $permission, string $redirectTo = 'dashboard.php'): void { $role = $_SESSION['admin_role'] ?? null; if (adminHasPermission($role, $permission)) { return; } addAdminFlashMessage('No tienes permisos para acceder a esta sección.'); header('location:' . $redirectTo); exit(); } function enforceAdminPermissionForFile(string $fileName, string $redirectTo = 'dashboard.php'): void { $map = getAdminPagePermissionMap(); $permission = $map[$fileName] ?? 'dashboard'; // Permit access to login or unspecified pages by default. if ($permission === null) { return; } enforceAdminPermission($permission, $redirectTo); } function adminCanAccess(string $role, string $permission): bool { return adminHasPermission($role, $permission); } } ?>
Coded With 💗 by
0x6ick