add authentication

website/public/admin.php

@@ -12,6 +12,14 @@
  * This view adds the main layout over the screen.
  * Header and menu.
  */
+include_once ("../queries/user.php");
+
+$userinfo = getRoleByID($_SESSION['userID'])->fetch(PDO::FETCH_ASSOC);
+
+if ($userinfo['role'] != 'admin' AND $userinfo['role'] != 'owner') {
+    header("location:profile.php");
+}
+
 include("../views/main.php");
 
 /* Add your view files here. */

website/queries/user.php

@@ -370,3 +370,18 @@ function countSomeUsers($search) {
         $q->execute();
         return $q;
 }
+
+function getRoleByID($userID) {
+    $stmt = $GLOBALS['db']->prepare("
+        SELECT
+            `role`
+        FROM
+            `user`
+        WHERE
+            `userID` = :userID
+    ");
+
+    $stmt->bindParam(':userID', $userID);
+    $stmt->execute();
+    return $stmt;
+}

website/views/adminpanel.php

@@ -2,6 +2,7 @@
 <?php
 require_once ("../queries/user.php");
 require_once ("../queries/group_page.php");
+
 ?>
 <!-- function test_input taken from http://www.w3schools.com/php/php_form_validation.asp -->
 <?php