| [ Index ] |
PHP Cross Reference of phpBB 2.0.21 |
[Summary view] [Print] [Text view]
1 <?php 2 /*************************************************************************** 3 * admin_ug_auth.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * $Id: admin_ug_auth.php,v 1.13.2.10 2005/09/14 18:14:29 acydburn Exp $ 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 define('IN_PHPBB', 1); 24 25 if( !empty($setmodules) ) 26 { 27 $filename = basename(__FILE__); 28 $module['Users']['Permissions'] = $filename . "?mode=user"; 29 $module['Groups']['Permissions'] = $filename . "?mode=group"; 30 31 return; 32 } 33 34 // 35 // Load default header 36 // 37 $no_page_header = TRUE; 38 39 $phpbb_root_path = "./../"; 40 require ($phpbb_root_path . 'extension.inc'); 41 require('./pagestart.' . $phpEx); 42 43 $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv'); 44 45 while( list($var, $param) = @each($params) ) 46 { 47 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) 48 { 49 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param]; 50 } 51 else 52 { 53 $$var = ""; 54 } 55 } 56 57 $user_id = intval($user_id); 58 $group_id = intval($group_id); 59 $adv = intval($adv); 60 $mode = htmlspecialchars($mode); 61 62 // 63 // Start program - define vars 64 // 65 $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); 66 67 $auth_field_match = array( 68 'auth_view' => AUTH_VIEW, 69 'auth_read' => AUTH_READ, 70 'auth_post' => AUTH_POST, 71 'auth_reply' => AUTH_REPLY, 72 'auth_edit' => AUTH_EDIT, 73 'auth_delete' => AUTH_DELETE, 74 'auth_sticky' => AUTH_STICKY, 75 'auth_announce' => AUTH_ANNOUNCE, 76 'auth_vote' => AUTH_VOTE, 77 'auth_pollcreate' => AUTH_POLLCREATE); 78 79 $field_names = array( 80 'auth_view' => $lang['View'], 81 'auth_read' => $lang['Read'], 82 'auth_post' => $lang['Post'], 83 'auth_reply' => $lang['Reply'], 84 'auth_edit' => $lang['Edit'], 85 'auth_delete' => $lang['Delete'], 86 'auth_sticky' => $lang['Sticky'], 87 'auth_announce' => $lang['Announce'], 88 'auth_vote' => $lang['Vote'], 89 'auth_pollcreate' => $lang['Pollcreate']); 90 91 // --------------- 92 // Start Functions 93 // 94 function check_auth($type, $key, $u_access, $is_admin) 95 { 96 $auth_user = 0; 97 98 if( count($u_access) ) 99 { 100 for($j = 0; $j < count($u_access); $j++) 101 { 102 $result = 0; 103 switch($type) 104 { 105 case AUTH_ACL: 106 $result = $u_access[$j][$key]; 107 108 case AUTH_MOD: 109 $result = $result || $u_access[$j]['auth_mod']; 110 111 case AUTH_ADMIN: 112 $result = $result || $is_admin; 113 break; 114 } 115 116 $auth_user = $auth_user || $result; 117 } 118 } 119 else 120 { 121 $auth_user = $is_admin; 122 } 123 124 return $auth_user; 125 } 126 // 127 // End Functions 128 // ------------- 129 130 if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) ) 131 { 132 $user_level = ''; 133 if ( $mode == 'user' ) 134 { 135 // 136 // Get group_id for this user_id 137 // 138 $sql = "SELECT g.group_id, u.user_level 139 FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g 140 WHERE u.user_id = $user_id 141 AND ug.user_id = u.user_id 142 AND g.group_id = ug.group_id 143 AND g.group_single_user = " . TRUE; 144 if ( !($result = $db->sql_query($sql)) ) 145 { 146 message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql); 147 } 148 149 $row = $db->sql_fetchrow($result); 150 151 $group_id = $row['group_id']; 152 $user_level = $row['user_level']; 153 154 $db->sql_freeresult($result); 155 } 156 157 // 158 // Carry out requests 159 // 160 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN ) 161 { 162 // 163 // Make user an admin (if already user) 164 // 165 if ( $userdata['user_id'] != $user_id ) 166 { 167 $sql = "UPDATE " . USERS_TABLE . " 168 SET user_level = " . ADMIN . " 169 WHERE user_id = $user_id"; 170 if ( !($result = $db->sql_query($sql)) ) 171 { 172 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 173 } 174 175 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 176 WHERE group_id = $group_id 177 AND auth_mod = 0"; 178 if ( !($result = $db->sql_query($sql)) ) 179 { 180 message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql); 181 } 182 183 // 184 // Delete any entries in auth_access, they are not required if user is becoming an 185 // admin 186 // 187 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 188 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0 189 WHERE group_id = $group_id"; 190 if ( !($result = $db->sql_query($sql)) ) 191 { 192 message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql); 193 } 194 } 195 196 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 197 message_die(GENERAL_MESSAGE, $message); 198 } 199 else 200 { 201 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN ) 202 { 203 // 204 // Make admin a user (if already admin) ... ignore if you're trying 205 // to change yourself from an admin to user! 206 // 207 if ( $userdata['user_id'] != $user_id ) 208 { 209 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 210 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0 211 WHERE group_id = $group_id"; 212 if ( !($result = $db->sql_query($sql)) ) 213 { 214 message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql); 215 } 216 217 // 218 // Update users level, reset to USER 219 // 220 $sql = "UPDATE " . USERS_TABLE . " 221 SET user_level = " . USER . " 222 WHERE user_id = $user_id"; 223 if ( !($result = $db->sql_query($sql)) ) 224 { 225 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 226 } 227 } 228 229 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 230 } 231 else 232 { 233 234 $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false; 235 236 if ( empty($adv) ) 237 { 238 $change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false; 239 } 240 else 241 { 242 $change_acl_list = array(); 243 for($j = 0; $j < count($forum_auth_fields); $j++) 244 { 245 $auth_field = $forum_auth_fields[$j]; 246 247 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) ) 248 { 249 $change_acl_list[$forum_id][$auth_field] = $value; 250 } 251 } 252 } 253 254 $sql = 'SELECT f.* 255 FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c 256 WHERE f.cat_id = c.cat_id 257 ORDER BY c.cat_order, f.forum_order'; 258 if ( !($result = $db->sql_query($sql)) ) 259 { 260 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 261 } 262 263 $forum_access = array(); 264 while( $row = $db->sql_fetchrow($result) ) 265 { 266 $forum_access[] = $row; 267 } 268 $db->sql_freeresult($result); 269 270 $sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id"; 271 if ( !($result = $db->sql_query($sql)) ) 272 { 273 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 274 } 275 276 $auth_access = array(); 277 while( $row = $db->sql_fetchrow($result) ) 278 { 279 $auth_access[$row['forum_id']] = $row; 280 } 281 $db->sql_freeresult($result); 282 283 $forum_auth_action = array(); 284 $update_acl_status = array(); 285 $update_mod_status = array(); 286 287 for($i = 0; $i < count($forum_access); $i++) 288 { 289 $forum_id = $forum_access[$i]['forum_id']; 290 291 if ( 292 ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) || 293 ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) ) 294 ) 295 { 296 $update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod']; 297 298 if ( !$update_mod_status[$forum_id] ) 299 { 300 $forum_auth_action[$forum_id] = 'delete'; 301 } 302 else if ( !isset($auth_access[$forum_id]['auth_mod']) ) 303 { 304 $forum_auth_action[$forum_id] = 'insert'; 305 } 306 else 307 { 308 $forum_auth_action[$forum_id] = 'update'; 309 } 310 } 311 312 for($j = 0; $j < count($forum_auth_fields); $j++) 313 { 314 $auth_field = $forum_auth_fields[$j]; 315 316 if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) ) 317 { 318 if ( ( empty($auth_access[$forum_id]['auth_mod']) && 319 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) || 320 ( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) || 321 !empty($update_mod_status[$forum_id]) 322 ) 323 { 324 $update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field]; 325 326 if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' ) 327 { 328 $forum_auth_action[$forum_id] = 'delete'; 329 } 330 else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) ) 331 { 332 $forum_auth_action[$forum_id] = 'insert'; 333 } 334 else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) ) 335 { 336 $forum_auth_action[$forum_id] = 'update'; 337 } 338 } 339 else if ( ( empty($auth_access[$forum_id]['auth_mod']) && 340 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' ) 341 { 342 $forum_auth_action[$forum_id] = 'update'; 343 } 344 } 345 } 346 } 347 348 // 349 // Checks complete, make updates to DB 350 // 351 $delete_sql = ''; 352 while( list($forum_id, $action) = @each($forum_auth_action) ) 353 { 354 if ( $action == 'delete' ) 355 { 356 $delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id; 357 } 358 else 359 { 360 if ( $action == 'insert' ) 361 { 362 $sql_field = ''; 363 $sql_value = ''; 364 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 365 { 366 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type; 367 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value; 368 } 369 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod'; 370 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 371 372 $sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field) 373 VALUES ($forum_id, $group_id, $sql_value)"; 374 } 375 else 376 { 377 $sql_values = ''; 378 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 379 { 380 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value; 381 } 382 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 383 384 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 385 SET $sql_values 386 WHERE group_id = $group_id 387 AND forum_id = $forum_id"; 388 } 389 if( !($result = $db->sql_query($sql)) ) 390 { 391 message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql); 392 } 393 } 394 } 395 396 if ( $delete_sql != '' ) 397 { 398 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 399 WHERE group_id = $group_id 400 AND forum_id IN ($delete_sql)"; 401 if( !($result = $db->sql_query($sql)) ) 402 { 403 message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql); 404 } 405 } 406 407 $l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth']; 408 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 409 } 410 411 // 412 // Update user level to mod for appropriate users 413 // 414 $sql = "SELECT u.user_id 415 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u 416 WHERE ug.group_id = aa.group_id 417 AND u.user_id = ug.user_id 418 AND ug.user_pending = 0 419 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") 420 GROUP BY u.user_id 421 HAVING SUM(aa.auth_mod) > 0"; 422 if ( !($result = $db->sql_query($sql)) ) 423 { 424 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 425 } 426 427 $set_mod = ''; 428 while( $row = $db->sql_fetchrow($result) ) 429 { 430 $set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id']; 431 } 432 $db->sql_freeresult($result); 433 434 // 435 // Update user level to user for appropriate users 436 // 437 switch ( SQL_LAYER ) 438 { 439 case 'postgresql': 440 $sql = "SELECT u.user_id 441 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 442 WHERE ug.user_id = u.user_id 443 AND aa.group_id = ug.group_id 444 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 445 GROUP BY u.user_id 446 HAVING SUM(aa.auth_mod) = 0 447 UNION ( 448 SELECT u.user_id 449 FROM " . USERS_TABLE . " u 450 WHERE NOT EXISTS ( 451 SELECT aa.auth_mod 452 FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 453 WHERE ug.user_id = u.user_id 454 AND aa.group_id = ug.group_id 455 ) 456 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 457 GROUP BY u.user_id 458 )"; 459 break; 460 case 'oracle': 461 $sql = "SELECT u.user_id 462 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 463 WHERE ug.user_id = u.user_id(+) 464 AND aa.group_id = ug.group_id(+) 465 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 466 GROUP BY u.user_id 467 HAVING SUM(aa.auth_mod) = 0"; 468 break; 469 default: 470 $sql = "SELECT u.user_id 471 FROM ( ( " . USERS_TABLE . " u 472 LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id ) 473 LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id ) 474 WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ") 475 GROUP BY u.user_id 476 HAVING SUM(aa.auth_mod) = 0"; 477 break; 478 } 479 if ( !($result = $db->sql_query($sql)) ) 480 { 481 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 482 } 483 484 $unset_mod = ""; 485 while( $row = $db->sql_fetchrow($result) ) 486 { 487 $unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id']; 488 } 489 $db->sql_freeresult($result); 490 491 if ( $set_mod != '' ) 492 { 493 $sql = "UPDATE " . USERS_TABLE . " 494 SET user_level = " . MOD . " 495 WHERE user_id IN ($set_mod)"; 496 if( !($result = $db->sql_query($sql)) ) 497 { 498 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 499 } 500 } 501 502 if ( $unset_mod != '' ) 503 { 504 $sql = "UPDATE " . USERS_TABLE . " 505 SET user_level = " . USER . " 506 WHERE user_id IN ($unset_mod)"; 507 if( !($result = $db->sql_query($sql)) ) 508 { 509 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 510 } 511 } 512 513 $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " 514 WHERE group_id = $group_id"; 515 $result = $db->sql_query($sql); 516 517 $group_user = array(); 518 while ($row = $db->sql_fetchrow($result)) 519 { 520 $group_user[$row['user_id']] = $row['user_id']; 521 } 522 $db->sql_freeresult($result); 523 524 $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 525 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 526 WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 527 AND aa.group_id = ug.group_id 528 AND aa.auth_mod = 1 529 GROUP BY ug.user_id"; 530 if ( !($result = $db->sql_query($sql)) ) 531 { 532 message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); 533 } 534 535 while ($row = $db->sql_fetchrow($result)) 536 { 537 if ($row['is_auth_mod']) 538 { 539 unset($group_user[$row['user_id']]); 540 } 541 } 542 $db->sql_freeresult($result); 543 544 if (sizeof($group_user)) 545 { 546 $sql = "UPDATE " . USERS_TABLE . " 547 SET user_level = " . USER . " 548 WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; 549 if ( !($result = $db->sql_query($sql)) ) 550 { 551 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 552 } 553 } 554 555 message_die(GENERAL_MESSAGE, $message); 556 } 557 } 558 else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) ) 559 { 560 if ( isset($HTTP_POST_VARS['username']) ) 561 { 562 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); 563 if ( !is_array($this_userdata) ) 564 { 565 message_die(GENERAL_MESSAGE, $lang['No_such_user']); 566 } 567 $user_id = $this_userdata['user_id']; 568 } 569 570 // 571 // Front end 572 // 573 $sql = "SELECT f.* 574 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c 575 WHERE f.cat_id = c.cat_id 576 ORDER BY c.cat_order, f.forum_order ASC"; 577 if ( !($result = $db->sql_query($sql)) ) 578 { 579 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 580 } 581 582 $forum_access = array(); 583 while( $row = $db->sql_fetchrow($result) ) 584 { 585 $forum_access[] = $row; 586 } 587 $db->sql_freeresult($result); 588 589 if( empty($adv) ) 590 { 591 for($i = 0; $i < count($forum_access); $i++) 592 { 593 $forum_id = $forum_access[$i]['forum_id']; 594 595 $forum_auth_level[$forum_id] = AUTH_ALL; 596 597 for($j = 0; $j < count($forum_auth_fields); $j++) 598 { 599 $forum_access[$i][$forum_auth_fields[$j]] . ' :: '; 600 if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL ) 601 { 602 $forum_auth_level[$forum_id] = AUTH_ACL; 603 $forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j]; 604 } 605 } 606 } 607 } 608 609 $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; 610 $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; 611 if ( !($result = $db->sql_query($sql)) ) 612 { 613 message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql); 614 } 615 $ug_info = array(); 616 while( $row = $db->sql_fetchrow($result) ) 617 { 618 $ug_info[] = $row; 619 } 620 $db->sql_freeresult($result); 621 622 $sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id"; 623 if ( !($result = $db->sql_query($sql)) ) 624 { 625 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 626 } 627 628 $auth_access = array(); 629 $auth_access_count = array(); 630 while( $row = $db->sql_fetchrow($result) ) 631 { 632 $auth_access[$row['forum_id']][] = $row; 633 $auth_access_count[$row['forum_id']]++; 634 } 635 $db->sql_freeresult($result); 636 637 $is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0; 638 639 for($i = 0; $i < count($forum_access); $i++) 640 { 641 $forum_id = $forum_access[$i]['forum_id']; 642 643 unset($prev_acl_setting); 644 for($j = 0; $j < count($forum_auth_fields); $j++) 645 { 646 $key = $forum_auth_fields[$j]; 647 $value = $forum_access[$i][$key]; 648 649 switch( $value ) 650 { 651 case AUTH_ALL: 652 case AUTH_REG: 653 $auth_ug[$forum_id][$key] = 1; 654 break; 655 656 case AUTH_ACL: 657 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0; 658 $auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key]; 659 660 if ( isset($prev_acl_setting) ) 661 { 662 if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) ) 663 { 664 $adv = 1; 665 } 666 } 667 668 $prev_acl_setting = $auth_ug[$forum_id][$key]; 669 670 break; 671 672 case AUTH_MOD: 673 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0; 674 break; 675 676 case AUTH_ADMIN: 677 $auth_ug[$forum_id][$key] = $is_admin; 678 break; 679 680 default: 681 $auth_ug[$forum_id][$key] = 0; 682 break; 683 } 684 } 685 686 // 687 // Is user a moderator? 688 // 689 $auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0; 690 } 691 692 $i = 0; 693 @reset($auth_ug); 694 while( list($forum_id, $user_ary) = @each($auth_ug) ) 695 { 696 if ( empty($adv) ) 697 { 698 if ( $forum_auth_level[$forum_id] == AUTH_ACL ) 699 { 700 $allowed = 1; 701 702 for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++) 703 { 704 if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] ) 705 { 706 $allowed = 0; 707 } 708 } 709 710 $optionlist_acl = '<select name="private[' . $forum_id . ']">'; 711 712 if ( $is_admin || $user_ary['auth_mod'] ) 713 { 714 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>'; 715 } 716 else if ( $allowed ) 717 { 718 $optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>'; 719 } 720 else 721 { 722 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>'; 723 } 724 725 $optionlist_acl .= '</select>'; 726 } 727 else 728 { 729 $optionlist_acl = ' '; 730 } 731 } 732 else 733 { 734 for($j = 0; $j < count($forum_access); $j++) 735 { 736 if ( $forum_access[$j]['forum_id'] == $forum_id ) 737 { 738 for($k = 0; $k < count($forum_auth_fields); $k++) 739 { 740 $field_name = $forum_auth_fields[$k]; 741 742 if( $forum_access[$j][$field_name] == AUTH_ACL ) 743 { 744 $optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">'; 745 746 if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) ) 747 { 748 if( !$auth_field_acl[$forum_id][$field_name] ) 749 { 750 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 751 } 752 else 753 { 754 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>'; 755 } 756 } 757 else 758 { 759 if( $is_admin || $user_ary['auth_mod'] ) 760 { 761 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>'; 762 } 763 else 764 { 765 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 766 } 767 } 768 769 $optionlist_acl_adv[$forum_id][$k] .= '</select>'; 770 771 } 772 } 773 } 774 } 775 } 776 777 $optionlist_mod = '<select name="moderator[' . $forum_id . ']">'; 778 $optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>'; 779 $optionlist_mod .= '</select>'; 780 781 $row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1'; 782 $row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2']; 783 784 $template->assign_block_vars('forums', array( 785 'ROW_COLOR' => '#' . $row_color, 786 'ROW_CLASS' => $row_class, 787 'FORUM_NAME' => $forum_access[$i]['forum_name'], 788 789 'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']), 790 791 'S_MOD_SELECT' => $optionlist_mod) 792 ); 793 794 if( !$adv ) 795 { 796 $template->assign_block_vars('forums.aclvalues', array( 797 'S_ACL_SELECT' => $optionlist_acl) 798 ); 799 } 800 else 801 { 802 for($j = 0; $j < count($forum_auth_fields); $j++) 803 { 804 $template->assign_block_vars('forums.aclvalues', array( 805 'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j]) 806 ); 807 } 808 } 809 810 $i++; 811 } 812 // @reset($auth_user); 813 814 if ( $mode == 'user' ) 815 { 816 $t_username = $ug_info[0]['username']; 817 $s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>'; 818 } 819 else 820 { 821 $t_groupname = $ug_info[0]['group_name']; 822 } 823 824 $name = array(); 825 $id = array(); 826 for($i = 0; $i < count($ug_info); $i++) 827 { 828 if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' ) 829 { 830 $name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username']; 831 $id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']); 832 } 833 } 834 835 $t_usergroup_list = $t_pending_list = ''; 836 if( count($name) ) 837 { 838 for($i = 0; $i < count($ug_info); $i++) 839 { 840 $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; 841 842 if (!$ug_info[$i]['user_pending']) 843 { 844 $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 845 } 846 else 847 { 848 $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 849 } 850 } 851 } 852 853 $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list; 854 $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list; 855 856 $s_column_span = 2; // Two columns always present 857 if( !$adv ) 858 { 859 $template->assign_block_vars('acltype', array( 860 'L_UG_ACL_TYPE' => $lang['Simple_Permission']) 861 ); 862 $s_column_span++; 863 } 864 else 865 { 866 for($i = 0; $i < count($forum_auth_fields); $i++) 867 { 868 $cell_title = $field_names[$forum_auth_fields[$i]]; 869 870 $template->assign_block_vars('acltype', array( 871 'L_UG_ACL_TYPE' => $cell_title) 872 ); 873 $s_column_span++; 874 } 875 } 876 877 // 878 // Dump in the page header ... 879 // 880 include('./page_header_admin.'.$phpEx); 881 882 $template->set_filenames(array( 883 "body" => 'admin/auth_ug_body.tpl') 884 ); 885 886 $adv_switch = ( empty($adv) ) ? 1 : 0; 887 $u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id; 888 $switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch"); 889 $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode']; 890 $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>'; 891 892 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />'; 893 $s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />'; 894 895 if ( $mode == 'user' ) 896 { 897 $template->assign_block_vars('switch_user_auth', array()); 898 899 $template->assign_vars(array( 900 'USERNAME' => $t_username, 901 'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type, 902 'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list) 903 ); 904 } 905 else 906 { 907 $template->assign_block_vars("switch_group_auth", array()); 908 909 $template->assign_vars(array( 910 'USERNAME' => $t_groupname, 911 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list) 912 ); 913 } 914 915 $template->assign_vars(array( 916 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'], 917 918 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 919 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 920 'L_MODERATOR_STATUS' => $lang['Moderator_status'], 921 'L_PERMISSIONS' => $lang['Permissions'], 922 'L_SUBMIT' => $lang['Submit'], 923 'L_RESET' => $lang['Reset'], 924 'L_FORUM' => $lang['Forum'], 925 926 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"), 927 'U_SWITCH_MODE' => $u_switch_mode, 928 929 'S_COLUMN_SPAN' => $s_column_span, 930 'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"), 931 'S_HIDDEN_FIELDS' => $s_hidden_fields) 932 ); 933 } 934 else 935 { 936 // 937 // Select a user/group 938 // 939 include('./page_header_admin.'.$phpEx); 940 941 $template->set_filenames(array( 942 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl') 943 ); 944 945 if ( $mode == 'user' ) 946 { 947 $template->assign_vars(array( 948 'L_FIND_USERNAME' => $lang['Find_username'], 949 950 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser")) 951 ); 952 } 953 else 954 { 955 $sql = "SELECT group_id, group_name 956 FROM " . GROUPS_TABLE . " 957 WHERE group_single_user <> " . TRUE; 958 if ( !($result = $db->sql_query($sql)) ) 959 { 960 message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql); 961 } 962 963 if ( $row = $db->sql_fetchrow($result) ) 964 { 965 $select_list = '<select name="' . POST_GROUPS_URL . '">'; 966 do 967 { 968 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; 969 } 970 while ( $row = $db->sql_fetchrow($result) ); 971 $select_list .= '</select>'; 972 } 973 974 $template->assign_vars(array( 975 'S_AUTH_SELECT' => $select_list) 976 ); 977 } 978 979 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; 980 981 $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH'; 982 983 $template->assign_vars(array( 984 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 985 'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 986 'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'], 987 'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'], 988 989 'S_HIDDEN_FIELDS' => $s_hidden_fields, 990 'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx")) 991 ); 992 993 } 994 995 $template->pparse('body'); 996 997 include('./page_footer_admin.'.$phpEx); 998 999 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jun 15 00:04:58 2006 | Cross-referenced by PHPXref 0.6 |