PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ] ); $pdo->exec("SET time_zone = '+05:30'"); return $pdo; } catch (PDOException $e) { error_log("Connection failed: " . $e->getMessage()); die("Database connection failed. Please try again later."); } } // Create connection for Panel Database (Customer Portal) function getPanelDBConnection() { try { $pdo = new PDO( "mysql:host=" . DB_HOST . ";dbname=" . PANEL_DB_NAME . ";charset=utf8mb4", PANEL_DB_USER, // Use the panel-specific user DB_PASS, // Assuming same password [ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC, PDO::ATTR_EMULATE_PREPARES => false, ] ); $pdo->exec("SET time_zone = '+05:30'"); return $pdo; } catch (PDOException $e) { error_log("Panel DB Connection failed: " . $e->getMessage()); die("Panel database connection failed. Please try again later."); } } // Helper function to check if user is logged in function isLoggedIn() { return isset($_SESSION['admin_id']) && isset($_SESSION['admin_role']); } // Helper function to check if user is admin function isAdmin() { return isset($_SESSION['admin_role']) && $_SESSION['admin_role'] === 'admin'; } // Helper function to check if user can access page function canAccessPage($page) { if (!isLoggedIn()) { return false; } // Admin can access everything if (isAdmin()) { return true; } // Manager cannot access users page if ($page === 'users' && $_SESSION['admin_role'] === 'manager') { return false; } return true; } // Helper function to redirect if not authorized function requireLogin() { if (!isLoggedIn()) { header('Location: index.php'); exit; } } // Helper function to require admin role function requireAdmin() { requireLogin(); if (!isAdmin()) { header('Location: index.php'); exit; } } // Helper function to log admin activity function logActivity($admin_id, $action, $description, $resource_type = null, $resource_id = null) { try { $pdo = getDBConnection(); $stmt = $pdo->prepare(" INSERT INTO admin_activity_log (admin_id, action, resource_type, resource_id, description, ip_address) VALUES (?, ?, ?, ?, ?, ?) "); $stmt->execute([ $admin_id, $action, $resource_type, $resource_id, $description, $_SERVER['REMOTE_ADDR'] ?? null ]); } catch (Exception $e) { error_log("Activity log error: " . $e->getMessage()); } } // ========================================================= // COMPANY SETTINGS HELPERS // ========================================================= /** * Read a value from the company_settings key-value table. * Caches results in a static array so the table is queried at most once per request. */ function getCompanySetting($key, $default = '') { static $cache = null; if ($cache === null) { $cache = []; try { $pdo = getDBConnection(); $stmt = $pdo->query("SELECT setting_key, setting_value FROM company_settings"); while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $cache[$row['setting_key']] = $row['setting_value']; } } catch (Exception $e) { // Leave cache empty; defaults will be returned } } return $cache[$key] ?? $default; } /** * Mask an email address for privacy display. * "john.doe@gmail.com" -> "jo*****@gmail.com" * Keeps first 2 chars of local part, masks the rest, leaves domain visible. * Short local parts (<=2 chars) are masked to "j***" form. */ function maskEmail($email) { if (empty($email) || !is_string($email) || strpos($email, '@') === false) { return $email; } list($local, $domain) = explode('@', $email, 2); $localLen = strlen($local); if ($localLen <= 2) { $maskedLocal = substr($local, 0, 1) . '***'; } else { $maskedLocal = substr($local, 0, 2) . str_repeat('*', max(3, $localLen - 2)); } return $maskedLocal . '@' . $domain; } /** * Convenience: returns email masked or unmasked based on the * `email_mask_enabled` company setting (set via settings.php). * - "1" or "on" or true -> masked * - anything else -> raw email */ function displayEmail($email) { $enabled = getCompanySetting('email_mask_enabled', '0'); if ($enabled === '1' || $enabled === 'on' || $enabled === 'true' || $enabled === 1 || $enabled === true) { return maskEmail($email); } return $email; } ?>