diff --git a/app/classes/database.php b/app/classes/database.php
index ca90434..a70a5f8 100644
--- a/app/classes/database.php
+++ b/app/classes/database.php
@@ -42,6 +42,8 @@ class Database {
try {
$this->pdo = new PDO("sqlite:" . $options['dbFile']);
$this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+ // enable foreign key constraints (not ON by default in SQLite3)
+ $this->pdo->exec('PRAGMA foreign_keys = ON;');
} catch (PDOException $e) {
$error = getError('SQLite connection failed: ', $e->getMessage());
}
diff --git a/app/classes/user.php b/app/classes/user.php
index 4014990..d31e7fe 100644
--- a/app/classes/user.php
+++ b/app/classes/user.php
@@ -47,14 +47,46 @@ class User {
}
// get user details
- public function getUserDetails($username) {
- $sql = 'SELECT * FROM users_meta um
+ public function getUserDetails($user_id) {
+ $sql = 'SELECT
+ um.*,
+ u.username
+ FROM
+ users_meta um
LEFT JOIN users u
- ON um.user_id = u.id
- WHERE u.username = :username';
+ ON um.user_id = u.id
+ WHERE
+ u.id = :user_id';
+
$query = $this->db->prepare($sql);
$query->execute([
- ':username' => $username,
+ ':user_id' => $user_id,
+ ]);
+
+ return $query->fetchAll(PDO::FETCH_ASSOC);
+
+ }
+
+ // get user rights
+ public function getUserRights($user_id) {
+ $sql = 'SELECT
+ u.id AS user_id,
+ u.username,
+ r.item AS right_name
+ FROM
+ users u
+ LEFT JOIN users_rights ur
+ ON u.id = ur.user_id
+ LEFT JOIN rights r
+ ON ur.right_id = r.id
+ WHERE
+ u.id = :user_id
+ AND
+ ur.enabled = 1';
+
+ $query = $this->db->prepare($sql);
+ $query->execute([
+ ':user_id' => $user_id,
]);
return $query->fetchAll(PDO::FETCH_ASSOC);
diff --git a/app/pages/profile.php b/app/pages/profile.php
index f1639aa..4e81f84 100644
--- a/app/pages/profile.php
+++ b/app/pages/profile.php
@@ -5,20 +5,20 @@ require '../app/classes/user.php';
$userObject = new User($dbWeb);
-$userDetails = $userObject->getUserDetails($user);
+$user_id = $userObject->getUserId($user)[0]['id'];
+$userDetails = $userObject->getUserDetails($user_id);
+$userRights = $userObject->getUserRights($user_id);
// if a form is submitted, it's from the edit page
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $user_id = $userObject->getUserId($user)[0]['id'];
-
$item = $_REQUEST['item'] ?? '';
// avatar removal
if ($item === 'avatar' && $action === 'remove') {
$result = $userObject->removeAvatar($user_id, $config['avatars_path'].$userDetails[0]['avatar']);
if ($result === true) {
- $_SESSION['notice'] .= "Avatar for user \"{$user}\" is removed. ";
+ $_SESSION['notice'] .= "Avatar for user \"{$userDetails[0]['username']}\" is removed. ";
} else {
$_SESSION['error'] .= "Removing the avatar failed. Error: $result ";
}
diff --git a/app/templates/profile-edit.php b/app/templates/profile-edit.php
index 3501041..174233f 100644
--- a/app/templates/profile-edit.php
+++ b/app/templates/profile-edit.php
@@ -101,7 +101,7 @@
This action cannot be undone.
-