| [ Index ] |
PHP Cross Reference of Unnamed Project |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * admin_ug_auth.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: admin_ug_auth.php 8378 2008-02-10 17:18:29Z acydburn $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 define('IN_PHPBB', 1); 24 25 if( !empty($setmodules) ) 26 { 27 $filename = basename(__FILE__); 28 $module['Users']['Permissions'] = $filename . "?mode=user"; 29 $module['Groups']['Permissions'] = $filename . "?mode=group"; 30 31 return; 32 } 33 34 // 35 // Load default header 36 // 37 $no_page_header = TRUE; 38 39 $phpbb_root_path = "./../"; 40 require ($phpbb_root_path . 'extension.inc'); 41 require('./pagestart.' . $phpEx); 42 43 $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv'); 44 45 while( list($var, $param) = @each($params) ) 46 { 47 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) 48 { 49 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param]; 50 } 51 else 52 { 53 $$var = ""; 54 } 55 } 56 57 $user_id = intval($user_id); 58 $group_id = intval($group_id); 59 $adv = intval($adv); 60 $mode = htmlspecialchars($mode); 61 62 // 63 // Start program - define vars 64 // 65 $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); 66 67 $auth_field_match = array( 68 'auth_view' => AUTH_VIEW, 69 'auth_read' => AUTH_READ, 70 'auth_post' => AUTH_POST, 71 'auth_reply' => AUTH_REPLY, 72 'auth_edit' => AUTH_EDIT, 73 'auth_delete' => AUTH_DELETE, 74 'auth_sticky' => AUTH_STICKY, 75 'auth_announce' => AUTH_ANNOUNCE, 76 'auth_vote' => AUTH_VOTE, 77 'auth_pollcreate' => AUTH_POLLCREATE); 78 79 $field_names = array( 80 'auth_view' => $lang['View'], 81 'auth_read' => $lang['Read'], 82 'auth_post' => $lang['Post'], 83 'auth_reply' => $lang['Reply'], 84 'auth_edit' => $lang['Edit'], 85 'auth_delete' => $lang['Delete'], 86 'auth_sticky' => $lang['Sticky'], 87 'auth_announce' => $lang['Announce'], 88 'auth_vote' => $lang['Vote'], 89 'auth_pollcreate' => $lang['Pollcreate']); 90 91 // --------------- 92 // Start Functions 93 // 94 function check_auth($type, $key, $u_access, $is_admin) 95 { 96 $auth_user = 0; 97 98 if( count($u_access) ) 99 { 100 for($j = 0; $j < count($u_access); $j++) 101 { 102 $result = 0; 103 switch($type) 104 { 105 case AUTH_ACL: 106 $result = $u_access[$j][$key]; 107 108 case AUTH_MOD: 109 $result = $result || $u_access[$j]['auth_mod']; 110 111 case AUTH_ADMIN: 112 $result = $result || $is_admin; 113 break; 114 } 115 116 $auth_user = $auth_user || $result; 117 } 118 } 119 else 120 { 121 $auth_user = $is_admin; 122 } 123 124 return $auth_user; 125 } 126 // 127 // End Functions 128 // ------------- 129 130 if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) ) 131 { 132 $user_level = ''; 133 if ( $mode == 'user' ) 134 { 135 // 136 // Get group_id for this user_id 137 // 138 $sql = "SELECT g.group_id, u.user_level 139 FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g 140 WHERE u.user_id = $user_id 141 AND ug.user_id = u.user_id 142 AND g.group_id = ug.group_id 143 AND g.group_single_user = " . TRUE; 144 if ( !($result = $db->sql_query($sql)) ) 145 { 146 message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql); 147 } 148 149 $row = $db->sql_fetchrow($result); 150 151 $group_id = $row['group_id']; 152 $user_level = $row['user_level']; 153 154 $db->sql_freeresult($result); 155 } 156 157 // 158 // Carry out requests 159 // 160 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN ) 161 { 162 // 163 // Make user an admin (if already user) 164 // 165 if ( $userdata['user_id'] != $user_id ) 166 { 167 $sql = "UPDATE " . USERS_TABLE . " 168 SET user_level = " . ADMIN . " 169 WHERE user_id = $user_id"; 170 if ( !($result = $db->sql_query($sql)) ) 171 { 172 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 173 } 174 175 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 176 WHERE group_id = $group_id 177 AND auth_mod = 0"; 178 if ( !($result = $db->sql_query($sql)) ) 179 { 180 message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql); 181 } 182 183 // 184 // Delete any entries in auth_access, they are not required if user is becoming an 185 // admin 186 // 187 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 188 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0 189 WHERE group_id = $group_id"; 190 if ( !($result = $db->sql_query($sql)) ) 191 { 192 message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql); 193 } 194 } 195 196 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 197 message_die(GENERAL_MESSAGE, $message); 198 } 199 else 200 { 201 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN ) 202 { 203 // 204 // Make admin a user (if already admin) ... ignore if you're trying 205 // to change yourself from an admin to user! 206 // 207 if ( $userdata['user_id'] != $user_id ) 208 { 209 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 210 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0 211 WHERE group_id = $group_id"; 212 if ( !($result = $db->sql_query($sql)) ) 213 { 214 message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql); 215 } 216 217 // 218 // Update users level, reset to USER 219 // 220 $sql = "UPDATE " . USERS_TABLE . " 221 SET user_level = " . USER . " 222 WHERE user_id = $user_id"; 223 if ( !($result = $db->sql_query($sql)) ) 224 { 225 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 226 } 227 } 228 229 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 230 } 231 else 232 { 233 234 $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : array(); 235 236 if ( empty($adv) ) 237 { 238 $sql = "SELECT f.* 239 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c 240 WHERE f.cat_id = c.cat_id 241 ORDER BY c.cat_order, f.forum_order ASC"; 242 if ( !($result = $db->sql_query($sql)) ) 243 { 244 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 245 } 246 247 $forum_access = $forum_auth_level_fields = array(); 248 while( $row = $db->sql_fetchrow($result) ) 249 { 250 $forum_access[] = $row; 251 } 252 $db->sql_freeresult($result); 253 254 for($i = 0; $i < count($forum_access); $i++) 255 { 256 $forum_id = $forum_access[$i]['forum_id']; 257 258 for($j = 0; $j < count($forum_auth_fields); $j++) 259 { 260 $forum_auth_level_fields[$forum_id][$forum_auth_fields[$j]] = $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL; 261 } 262 } 263 264 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private']) ) 265 { 266 while( list($auth_field, $exists) = @each($forum_auth_level_fields[$forum_id]) ) 267 { 268 if ($exists) 269 { 270 $change_acl_list[$forum_id][$auth_field] = $value; 271 } 272 } 273 } 274 } 275 else 276 { 277 $change_acl_list = array(); 278 for($j = 0; $j < count($forum_auth_fields); $j++) 279 { 280 $auth_field = $forum_auth_fields[$j]; 281 282 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) ) 283 { 284 $change_acl_list[$forum_id][$auth_field] = $value; 285 } 286 } 287 } 288 289 $sql = 'SELECT f.* 290 FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c 291 WHERE f.cat_id = c.cat_id 292 ORDER BY c.cat_order, f.forum_order'; 293 if ( !($result = $db->sql_query($sql)) ) 294 { 295 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 296 } 297 298 $forum_access = array(); 299 while( $row = $db->sql_fetchrow($result) ) 300 { 301 $forum_access[] = $row; 302 } 303 $db->sql_freeresult($result); 304 305 $sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id"; 306 if ( !($result = $db->sql_query($sql)) ) 307 { 308 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 309 } 310 311 $auth_access = array(); 312 while( $row = $db->sql_fetchrow($result) ) 313 { 314 $auth_access[$row['forum_id']] = $row; 315 } 316 $db->sql_freeresult($result); 317 318 $forum_auth_action = array(); 319 $update_acl_status = array(); 320 $update_mod_status = array(); 321 322 for($i = 0; $i < count($forum_access); $i++) 323 { 324 $forum_id = $forum_access[$i]['forum_id']; 325 326 if ( 327 ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id] != $auth_access[$forum_id]['auth_mod'] ) || 328 ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]) ) 329 ) 330 { 331 $update_mod_status[$forum_id] = $change_mod_list[$forum_id]; 332 333 if ( !$update_mod_status[$forum_id] ) 334 { 335 $forum_auth_action[$forum_id] = 'delete'; 336 } 337 else if ( !isset($auth_access[$forum_id]['auth_mod']) ) 338 { 339 $forum_auth_action[$forum_id] = 'insert'; 340 } 341 else 342 { 343 $forum_auth_action[$forum_id] = 'update'; 344 } 345 } 346 347 for($j = 0; $j < count($forum_auth_fields); $j++) 348 { 349 $auth_field = $forum_auth_fields[$j]; 350 351 if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) ) 352 { 353 if ( ( empty($auth_access[$forum_id]['auth_mod']) && 354 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) || 355 ( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) || 356 !empty($update_mod_status[$forum_id]) 357 ) 358 { 359 $update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field]; 360 361 if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' ) 362 { 363 $forum_auth_action[$forum_id] = 'delete'; 364 } 365 else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) ) 366 { 367 $forum_auth_action[$forum_id] = 'insert'; 368 } 369 else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) ) 370 { 371 $forum_auth_action[$forum_id] = 'update'; 372 } 373 } 374 else if ( ( empty($auth_access[$forum_id]['auth_mod']) && 375 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' ) 376 { 377 $forum_auth_action[$forum_id] = 'update'; 378 } 379 } 380 } 381 } 382 383 // 384 // Checks complete, make updates to DB 385 // 386 $delete_sql = ''; 387 while( list($forum_id, $action) = @each($forum_auth_action) ) 388 { 389 if ( $action == 'delete' ) 390 { 391 $delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id; 392 } 393 else 394 { 395 if ( $action == 'insert' ) 396 { 397 $sql_field = ''; 398 $sql_value = ''; 399 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 400 { 401 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type; 402 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value; 403 } 404 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod'; 405 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 406 407 $sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field) 408 VALUES ($forum_id, $group_id, $sql_value)"; 409 } 410 else 411 { 412 $sql_values = ''; 413 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 414 { 415 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value; 416 } 417 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 418 419 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 420 SET $sql_values 421 WHERE group_id = $group_id 422 AND forum_id = $forum_id"; 423 } 424 if( !($result = $db->sql_query($sql)) ) 425 { 426 message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql); 427 } 428 } 429 } 430 431 if ( $delete_sql != '' ) 432 { 433 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 434 WHERE group_id = $group_id 435 AND forum_id IN ($delete_sql)"; 436 if( !($result = $db->sql_query($sql)) ) 437 { 438 message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql); 439 } 440 } 441 442 $l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth']; 443 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 444 } 445 446 // 447 // Update user level to mod for appropriate users 448 // 449 $sql = "SELECT u.user_id 450 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u 451 WHERE ug.group_id = aa.group_id 452 AND u.user_id = ug.user_id 453 AND ug.user_pending = 0 454 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") 455 GROUP BY u.user_id 456 HAVING SUM(aa.auth_mod) > 0"; 457 if ( !($result = $db->sql_query($sql)) ) 458 { 459 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 460 } 461 462 $set_mod = ''; 463 while( $row = $db->sql_fetchrow($result) ) 464 { 465 $set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id']; 466 } 467 $db->sql_freeresult($result); 468 469 // 470 // Update user level to user for appropriate users 471 // 472 switch ( SQL_LAYER ) 473 { 474 case 'postgresql': 475 $sql = "SELECT u.user_id 476 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 477 WHERE ug.user_id = u.user_id 478 AND aa.group_id = ug.group_id 479 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 480 GROUP BY u.user_id 481 HAVING SUM(aa.auth_mod) = 0 482 UNION ( 483 SELECT u.user_id 484 FROM " . USERS_TABLE . " u 485 WHERE NOT EXISTS ( 486 SELECT aa.auth_mod 487 FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 488 WHERE ug.user_id = u.user_id 489 AND aa.group_id = ug.group_id 490 ) 491 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 492 GROUP BY u.user_id 493 )"; 494 break; 495 case 'oracle': 496 $sql = "SELECT u.user_id 497 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 498 WHERE ug.user_id = u.user_id(+) 499 AND aa.group_id = ug.group_id(+) 500 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 501 GROUP BY u.user_id 502 HAVING SUM(aa.auth_mod) = 0"; 503 break; 504 default: 505 $sql = "SELECT u.user_id 506 FROM ( ( " . USERS_TABLE . " u 507 LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id ) 508 LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id ) 509 WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ") 510 GROUP BY u.user_id 511 HAVING SUM(aa.auth_mod) = 0"; 512 break; 513 } 514 if ( !($result = $db->sql_query($sql)) ) 515 { 516 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 517 } 518 519 $unset_mod = ""; 520 while( $row = $db->sql_fetchrow($result) ) 521 { 522 $unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id']; 523 } 524 $db->sql_freeresult($result); 525 526 if ( $set_mod != '' ) 527 { 528 $sql = "UPDATE " . USERS_TABLE . " 529 SET user_level = " . MOD . " 530 WHERE user_id IN ($set_mod)"; 531 if( !($result = $db->sql_query($sql)) ) 532 { 533 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 534 } 535 } 536 537 if ( $unset_mod != '' ) 538 { 539 $sql = "UPDATE " . USERS_TABLE . " 540 SET user_level = " . USER . " 541 WHERE user_id IN ($unset_mod)"; 542 if( !($result = $db->sql_query($sql)) ) 543 { 544 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 545 } 546 } 547 548 $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " 549 WHERE group_id = $group_id"; 550 $result = $db->sql_query($sql); 551 552 $group_user = array(); 553 while ($row = $db->sql_fetchrow($result)) 554 { 555 $group_user[$row['user_id']] = $row['user_id']; 556 } 557 $db->sql_freeresult($result); 558 559 $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 560 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 561 WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 562 AND aa.group_id = ug.group_id 563 AND aa.auth_mod = 1 564 GROUP BY ug.user_id"; 565 if ( !($result = $db->sql_query($sql)) ) 566 { 567 message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); 568 } 569 570 while ($row = $db->sql_fetchrow($result)) 571 { 572 if ($row['is_auth_mod']) 573 { 574 unset($group_user[$row['user_id']]); 575 } 576 } 577 $db->sql_freeresult($result); 578 579 if (sizeof($group_user)) 580 { 581 $sql = "UPDATE " . USERS_TABLE . " 582 SET user_level = " . USER . " 583 WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; 584 if ( !($result = $db->sql_query($sql)) ) 585 { 586 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 587 } 588 } 589 590 message_die(GENERAL_MESSAGE, $message); 591 } 592 } 593 else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) ) 594 { 595 if ( isset($HTTP_POST_VARS['username']) ) 596 { 597 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); 598 if ( !is_array($this_userdata) ) 599 { 600 message_die(GENERAL_MESSAGE, $lang['No_such_user']); 601 } 602 $user_id = $this_userdata['user_id']; 603 } 604 605 // 606 // Front end 607 // 608 $sql = "SELECT f.* 609 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c 610 WHERE f.cat_id = c.cat_id 611 ORDER BY c.cat_order, f.forum_order ASC"; 612 if ( !($result = $db->sql_query($sql)) ) 613 { 614 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 615 } 616 617 $forum_access = array(); 618 while( $row = $db->sql_fetchrow($result) ) 619 { 620 $forum_access[] = $row; 621 } 622 $db->sql_freeresult($result); 623 624 if( empty($adv) ) 625 { 626 for($i = 0; $i < count($forum_access); $i++) 627 { 628 $forum_id = $forum_access[$i]['forum_id']; 629 630 $forum_auth_level[$forum_id] = AUTH_ALL; 631 632 for($j = 0; $j < count($forum_auth_fields); $j++) 633 { 634 $forum_access[$i][$forum_auth_fields[$j]] . ' :: '; 635 if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL ) 636 { 637 $forum_auth_level[$forum_id] = AUTH_ACL; 638 $forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j]; 639 } 640 } 641 } 642 } 643 644 $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; 645 $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; 646 if ( !($result = $db->sql_query($sql)) ) 647 { 648 message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql); 649 } 650 $ug_info = array(); 651 while( $row = $db->sql_fetchrow($result) ) 652 { 653 $ug_info[] = $row; 654 } 655 $db->sql_freeresult($result); 656 657 $sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id"; 658 if ( !($result = $db->sql_query($sql)) ) 659 { 660 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 661 } 662 663 $auth_access = array(); 664 $auth_access_count = array(); 665 while( $row = $db->sql_fetchrow($result) ) 666 { 667 $auth_access[$row['forum_id']][] = $row; 668 $auth_access_count[$row['forum_id']]++; 669 } 670 $db->sql_freeresult($result); 671 672 $is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0; 673 674 for($i = 0; $i < count($forum_access); $i++) 675 { 676 $forum_id = $forum_access[$i]['forum_id']; 677 678 unset($prev_acl_setting); 679 for($j = 0; $j < count($forum_auth_fields); $j++) 680 { 681 $key = $forum_auth_fields[$j]; 682 $value = $forum_access[$i][$key]; 683 684 switch( $value ) 685 { 686 case AUTH_ALL: 687 case AUTH_REG: 688 $auth_ug[$forum_id][$key] = 1; 689 break; 690 691 case AUTH_ACL: 692 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0; 693 $auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key]; 694 695 if ( isset($prev_acl_setting) ) 696 { 697 if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) ) 698 { 699 $adv = 1; 700 } 701 } 702 703 $prev_acl_setting = $auth_ug[$forum_id][$key]; 704 705 break; 706 707 case AUTH_MOD: 708 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0; 709 break; 710 711 case AUTH_ADMIN: 712 $auth_ug[$forum_id][$key] = $is_admin; 713 break; 714 715 default: 716 $auth_ug[$forum_id][$key] = 0; 717 break; 718 } 719 } 720 721 // 722 // Is user a moderator? 723 // 724 $auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0; 725 } 726 727 $i = 0; 728 @reset($auth_ug); 729 while( list($forum_id, $user_ary) = @each($auth_ug) ) 730 { 731 if ( empty($adv) ) 732 { 733 if ( $forum_auth_level[$forum_id] == AUTH_ACL ) 734 { 735 $allowed = 1; 736 737 for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++) 738 { 739 if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] ) 740 { 741 $allowed = 0; 742 } 743 } 744 745 $optionlist_acl = '<select name="private[' . $forum_id . ']">'; 746 747 if ( $is_admin || $user_ary['auth_mod'] ) 748 { 749 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>'; 750 } 751 else if ( $allowed ) 752 { 753 $optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>'; 754 } 755 else 756 { 757 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>'; 758 } 759 760 $optionlist_acl .= '</select>'; 761 } 762 else 763 { 764 $optionlist_acl = ' '; 765 } 766 } 767 else 768 { 769 for($j = 0; $j < count($forum_access); $j++) 770 { 771 if ( $forum_access[$j]['forum_id'] == $forum_id ) 772 { 773 for($k = 0; $k < count($forum_auth_fields); $k++) 774 { 775 $field_name = $forum_auth_fields[$k]; 776 777 if( $forum_access[$j][$field_name] == AUTH_ACL ) 778 { 779 $optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">'; 780 781 if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) ) 782 { 783 if( !$auth_field_acl[$forum_id][$field_name] ) 784 { 785 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 786 } 787 else 788 { 789 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>'; 790 } 791 } 792 else 793 { 794 if( $is_admin || $user_ary['auth_mod'] ) 795 { 796 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>'; 797 } 798 else 799 { 800 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 801 } 802 } 803 804 $optionlist_acl_adv[$forum_id][$k] .= '</select>'; 805 806 } 807 } 808 } 809 } 810 } 811 812 $optionlist_mod = '<select name="moderator[' . $forum_id . ']">'; 813 $optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>'; 814 $optionlist_mod .= '</select>'; 815 816 $row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1'; 817 $row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2']; 818 819 $template->assign_block_vars('forums', array( 820 'ROW_COLOR' => '#' . $row_color, 821 'ROW_CLASS' => $row_class, 822 'FORUM_NAME' => $forum_access[$i]['forum_name'], 823 824 'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']), 825 826 'S_MOD_SELECT' => $optionlist_mod) 827 ); 828 829 if( !$adv ) 830 { 831 $template->assign_block_vars('forums.aclvalues', array( 832 'S_ACL_SELECT' => $optionlist_acl) 833 ); 834 } 835 else 836 { 837 for($j = 0; $j < count($forum_auth_fields); $j++) 838 { 839 $template->assign_block_vars('forums.aclvalues', array( 840 'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j]) 841 ); 842 } 843 } 844 845 $i++; 846 } 847 // @reset($auth_user); 848 849 if ( $mode == 'user' ) 850 { 851 $t_username = $ug_info[0]['username']; 852 $s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>'; 853 } 854 else 855 { 856 $t_groupname = $ug_info[0]['group_name']; 857 } 858 859 $name = array(); 860 $id = array(); 861 for($i = 0; $i < count($ug_info); $i++) 862 { 863 if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' ) 864 { 865 $name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username']; 866 $id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']); 867 } 868 } 869 870 $t_usergroup_list = $t_pending_list = ''; 871 if( count($name) ) 872 { 873 for($i = 0; $i < count($ug_info); $i++) 874 { 875 $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; 876 877 if (!$ug_info[$i]['user_pending']) 878 { 879 $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 880 } 881 else 882 { 883 $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 884 } 885 } 886 } 887 888 $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list; 889 $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list; 890 891 $s_column_span = 2; // Two columns always present 892 if( !$adv ) 893 { 894 $template->assign_block_vars('acltype', array( 895 'L_UG_ACL_TYPE' => $lang['Simple_Permission']) 896 ); 897 $s_column_span++; 898 } 899 else 900 { 901 for($i = 0; $i < count($forum_auth_fields); $i++) 902 { 903 $cell_title = $field_names[$forum_auth_fields[$i]]; 904 905 $template->assign_block_vars('acltype', array( 906 'L_UG_ACL_TYPE' => $cell_title) 907 ); 908 $s_column_span++; 909 } 910 } 911 912 // 913 // Dump in the page header ... 914 // 915 include('./page_header_admin.'.$phpEx); 916 917 $template->set_filenames(array( 918 "body" => 'admin/auth_ug_body.tpl') 919 ); 920 921 $adv_switch = ( empty($adv) ) ? 1 : 0; 922 $u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id; 923 $switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch"); 924 $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode']; 925 $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>'; 926 927 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />'; 928 $s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />'; 929 930 if ( $mode == 'user' ) 931 { 932 $template->assign_block_vars('switch_user_auth', array()); 933 934 $template->assign_vars(array( 935 'USERNAME' => $t_username, 936 'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type, 937 'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list) 938 ); 939 } 940 else 941 { 942 $template->assign_block_vars("switch_group_auth", array()); 943 944 $template->assign_vars(array( 945 'USERNAME' => $t_groupname, 946 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list) 947 ); 948 } 949 950 $template->assign_vars(array( 951 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'], 952 953 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 954 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 955 'L_MODERATOR_STATUS' => $lang['Moderator_status'], 956 'L_PERMISSIONS' => $lang['Permissions'], 957 'L_SUBMIT' => $lang['Submit'], 958 'L_RESET' => $lang['Reset'], 959 'L_FORUM' => $lang['Forum'], 960 961 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"), 962 'U_SWITCH_MODE' => $u_switch_mode, 963 964 'S_COLUMN_SPAN' => $s_column_span, 965 'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"), 966 'S_HIDDEN_FIELDS' => $s_hidden_fields) 967 ); 968 } 969 else 970 { 971 // 972 // Select a user/group 973 // 974 include('./page_header_admin.'.$phpEx); 975 976 $template->set_filenames(array( 977 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl') 978 ); 979 980 if ( $mode == 'user' ) 981 { 982 $template->assign_vars(array( 983 'L_FIND_USERNAME' => $lang['Find_username'], 984 985 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser")) 986 ); 987 } 988 else 989 { 990 $sql = "SELECT group_id, group_name 991 FROM " . GROUPS_TABLE . " 992 WHERE group_single_user <> " . TRUE; 993 if ( !($result = $db->sql_query($sql)) ) 994 { 995 message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql); 996 } 997 998 if ( $row = $db->sql_fetchrow($result) ) 999 { 1000 $select_list = '<select name="' . POST_GROUPS_URL . '">'; 1001 do 1002 { 1003 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; 1004 } 1005 while ( $row = $db->sql_fetchrow($result) ); 1006 $select_list .= '</select>'; 1007 } 1008 1009 $template->assign_vars(array( 1010 'S_AUTH_SELECT' => $select_list) 1011 ); 1012 } 1013 1014 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; 1015 1016 $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH'; 1017 1018 $template->assign_vars(array( 1019 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 1020 'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 1021 'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'], 1022 'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'], 1023 1024 'S_HIDDEN_FIELDS' => $s_hidden_fields, 1025 'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx")) 1026 ); 1027 1028 } 1029 1030 $template->pparse('body'); 1031 1032 include('./page_footer_admin.'.$phpEx); 1033 1034 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Jan 14 19:21:40 2013 | Cross-referenced by PHPXref 0.7.1 |