mirror of
https://github.com/phpbb/phpbb.git
synced 2025-04-22 00:32:29 +02:00
Small error correction that could be show stopping
git-svn-id: file:///svn/phpbb/trunk@380 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
02cfff6046
commit
18476eeae9
@ -31,17 +31,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
{
|
||||
global $db;
|
||||
|
||||
//
|
||||
// If not logged on all we
|
||||
// need do is find out
|
||||
// if $forum_id has ANY
|
||||
// auth for $type
|
||||
//
|
||||
// If logged on we want to
|
||||
// find out if $forum_id has
|
||||
// ALL, REG, ACL, MOD or ADMIN
|
||||
// for $type
|
||||
//
|
||||
switch($type)
|
||||
{
|
||||
case VIEW:
|
||||
@ -72,9 +61,15 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
break;
|
||||
}
|
||||
|
||||
//
|
||||
// If f_access has been passed, or auth
|
||||
// is needed to return an array of forums
|
||||
// then we need to pull the auth information
|
||||
// on the given forum (or all forums)
|
||||
//
|
||||
if($f_access == -1 || $forum_id == LIST_ALL)
|
||||
{
|
||||
$forum_match_sql = ($forum_id != LIST_ALL) ? "" : "WHERE forum_id = $forum_id";
|
||||
$forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : "";
|
||||
$sql = "SELECT $a_sql AS forum_auth
|
||||
FROM ".AUTH_FORUMS_TABLE."
|
||||
$forum_match_sql";
|
||||
@ -91,6 +86,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// If the user isn't logged on then
|
||||
// all we need do is check if the forum
|
||||
// has the type set to ALL, if yes then
|
||||
// they're good to go, if not then they
|
||||
// are denied access
|
||||
//
|
||||
if(!$userdata['session_logged_in'])
|
||||
{
|
||||
if($forum_id != LIST_ALL)
|
||||
@ -109,12 +111,25 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
}
|
||||
else
|
||||
{
|
||||
//
|
||||
// If the user is logged on and the forum
|
||||
// type is either ALL or REG then the user
|
||||
// has access
|
||||
//
|
||||
if($f_access == ALL || $f_access == REG)
|
||||
{
|
||||
$auth_user = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
//
|
||||
// If the type if ACL, MOD or ADMIN
|
||||
// then we need to see if the user has
|
||||
// specific permissions to do whatever it
|
||||
// is they want to do ... to do this
|
||||
// we pull relevant information for the user
|
||||
// (and any groups they belong to)
|
||||
//
|
||||
$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
|
||||
$sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user
|
||||
FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g
|
||||
@ -127,10 +142,9 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
if(!$db->sql_numrows($au_result))
|
||||
{
|
||||
//
|
||||
// No entry was found
|
||||
// for this forum and user
|
||||
// thus they don't have
|
||||
// access
|
||||
// No entry was found for this user
|
||||
// thus they don't have access,
|
||||
// You are the Weakest Link, Goodbye!
|
||||
//
|
||||
$auth_user = false;
|
||||
}
|
||||
@ -141,11 +155,25 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
|
||||
$single_user = false;
|
||||
|
||||
// echo "<br><BR>".$f_access."<BR>".ADMIN."<BR>";
|
||||
//
|
||||
// Now we compare the users access level
|
||||
// against the forums We assume here that
|
||||
// a moderator and admin automatically have
|
||||
// access to an ACL forum, similarly we assume
|
||||
// admins meet an auth requirement of MOD
|
||||
//
|
||||
// The access level assigned to a single user
|
||||
// automatically takes precedence over any
|
||||
// levels granted by that user being a member
|
||||
// of a multi-user usergroup, eg. a user
|
||||
// who is banned from a forum won't gain
|
||||
// access to it even if they belong to a group
|
||||
// which has access (and vice versa). This
|
||||
// check is done via the single_user check
|
||||
//
|
||||
switch($f_access)
|
||||
{
|
||||
case ACL:
|
||||
// echo "HERE1";
|
||||
for($i = 0; $i < count($u_access); $i++)
|
||||
{
|
||||
if(!$single_user)
|
||||
@ -157,7 +185,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
break;
|
||||
|
||||
case MOD:
|
||||
// echo "HERE2";
|
||||
for($i = 0; $i < count($u_access); $i++)
|
||||
{
|
||||
if(!$single_user)
|
||||
@ -169,7 +196,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
break;
|
||||
|
||||
case ADMIN:
|
||||
// echo "HERE3";
|
||||
for($i = 0; $i < count($u_access); $i++)
|
||||
{
|
||||
if(!$single_user)
|
||||
@ -181,13 +207,17 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
||||
break;
|
||||
|
||||
default:
|
||||
// echo "HERE4";
|
||||
$auth_user = false;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// This currently only returns true or false
|
||||
// however it will also return an array if a listing
|
||||
// of all forums to which a user has access was requested.
|
||||
//
|
||||
return ( ($forum_id != LIST_ALL) ? $auth_user : $auth_user_list );
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user