mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-04-20 15:53:14 +02:00
Code Issues Releases Wiki Activity

Changes to allow all auth types to be returned

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@388 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-05-31 15:39:59 +00:00
parent eb9734b237
commit 3ed50ce0b7
7 changed files with 193 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

244
phpBB/includes/auth.php
View File

@ -22,40 +22,75 @@
*
***************************************************************************/
/* Notes:
* auth() returns:
* TRUE if the user authorized
* FALSE if the user is not
*/
/*
Possible options to send to auth (not all are functional yet!):
* If you include a type then a specific lookup will
be done and the single result returned
* If you set type to ALL an array of all auth types
will be returned
* If you provide a forum_id a specific lookup on that
forum will be done
* If you set forum_id to LIST_ALL an array of all
forums to which the user has access of type will be returned
<- used for index and search? (type VIEW and READ respectively)
* If you set forum_id to LIST_ALL and type to ALL a
multidimensional array containing the auth permissions
for all types and all forums for that user is returned
* If you set $userdata to ALL, then the permissions of all
users listed in the auth_access table will be returned for
the given type and forum_id <- use to check for moderators?
All results are returned as associative arrays, even
when a single auth type is specified
*/
function auth($type, $forum_id, $userdata, $f_access = -1)
{
global $db;
switch($type)
{
case ALL:
$a_sql = "auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_votecreate, auth_vote";
$auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote");
break;
case VIEW:
$a_sql = "auth_view";
$auth_fields = array("auth_view");
break;
case READ:
$a_sql = "auth_read";
$auth_fields = array("auth_read");
break;
case POST:
$a_sql = "auth_post";
$auth_fields = array("auth_post");
break;
case REPLY:
$a_sql = "auth_reply";
$auth_fields = array("auth_reply");
break;
case EDIT:
$a_sql = "auth_edit";
$auth_fields = array("auth_edit");
break;
case DELETE:
$a_sql = "auth_delete";
$auth_fields = array("auth_delete");
break;
case VOTECREATE:
$a_sql = "auth_votecreate";
$auth_fields = array("auth_votecreate");
break;
case VOTE:
$a_sql = "auth_vote";
$auth_fields = array("auth_vote");
break;
default:
break;
@ -70,14 +105,14 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
if($f_access == -1 || $forum_id == LIST_ALL)
{
$forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : "";
$sql = "SELECT $a_sql AS forum_auth
$sql = "SELECT $a_sql
FROM ".AUTH_FORUMS_TABLE."
$forum_match_sql";
$af_result = $db->sql_query($sql);
if($forum_id != LIST_ALL)
{
$f_access = $db->sql_fetchfield("forum_auth", -1, $af_result);
$f_access = $db->sql_fetchrow($af_result);
}
else
{
@ -97,118 +132,139 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
{
if($forum_id != LIST_ALL)
{
$auth_user = ($f_access == ALL) ? true : false;
for($i = 0; $i < count($f_access); $i++)
{
$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == ALL) ? true : false;
}
}
else
{
$auth_user_list = array();
for($i = 0; $i < count($auth_forum_rows); $i++)
{
$auth_user_list[] = ($f_access_rows['0']['forum_auth'] == ALL) ? true : false;
for($j = 0; $j < count($f_access); $j++)
{
$auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == ALL) ? true : false;
}
}
}
}
else
{
//
// If the user is logged on and the forum
// type is either ALL or REG then the user
// has access
//
if($f_access == ALL || $f_access == REG)
{
$auth_user = true;
}
else
{
//
// If the type if ACL, MOD or ADMIN
// then we need to see if the user has
// specific permissions to do whatever it
// is they want to do ... to do this
// we pull relevant information for the user
// (and any groups they belong to)
//
$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
$sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user
FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = ".$userdata['user_id']. "
AND g.group_id = ug.group_id
AND aa.group_id = ug.group_id
$forum_match_sql";
$au_result = $db->sql_query($sql);
if(!$db->sql_numrows($au_result))
$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
$sql = "SELECT $a_sql, auth_mod, auth_admin, g.single_user
FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = ".$userdata['user_id']. "
AND g.group_id = ug.group_id
AND aa.group_id = ug.group_id
$forum_match_sql";
$au_result = $db->sql_query($sql);
$u_access = $db->sql_fetchrowset($au_result);
for($i = 0; $i < count($auth_fields); $i++)
{
$key = $auth_fields[$i];
$value = $f_access[$key];
//
// If the user is logged on and the forum
// type is either ALL or REG then the user
// has access
//
if($value == ALL || $value == REG)
{
//
// No entry was found for this user
// thus they don't have access,
// You are the Weakest Link, Goodbye!
//
$auth_user = false;
$auth_user[$key] = true;
}
else
{
$u_access = $db->sql_fetchrowset($au_result);
}
//
// If the type if ACL, MOD or ADMIN
// then we need to see if the user has
// specific permissions to do whatever it
// is they want to do ... to do this
// we pull relevant information for the user
// (and any groups they belong to)
//
$single_user = false;
$single_user = false;
//
// Now we compare the users access level
// against the forums We assume here that
// a moderator and admin automatically have
// access to an ACL forum, similarly we assume
// admins meet an auth requirement of MOD
//
// The access level assigned to a single user
// automatically takes precedence over any
// levels granted by that user being a member
// of a multi-user usergroup, eg. a user
// who is banned from a forum won't gain
// access to it even if they belong to a group
// which has access (and vice versa). This
// check is done via the single_user check
//
switch($f_access)
{
case ACL:
for($i = 0; $i < count($u_access); $i++)
{
if(!$single_user)
//
// Now we compare the users access level
// against the forums We assume here that
// a moderator and admin automatically have
// access to an ACL forum, similarly we assume
// admins meet an auth requirement of MOD
//
// The access level assigned to a single user
// automatically takes precedence over any
// levels granted by that user being a member
// of a multi-user usergroup, eg. a user
// who is banned from a forum won't gain
// access to it even if they belong to a group
// which has access (and vice versa). This
// check is done via the single_user check
//
switch($value)
{
case ACL:
for($j = 0; $j < count($u_access); $j++)
{
$auth_user = $auth_user || $u_access[$i]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
$single_user = $u_access[$i]['single_user'];
if(!$single_user)
{
$auth_user[$key] = $auth_user[$key] || $u_access[$j]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$j]['auth_admin'];
$single_user = $u_access[$j]['single_user'];
}
}
}
break;
break;
case MOD:
for($j = 0; $j < count($u_access); $j++)
{
if(!$single_user)
{
$auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_mod'] || $u_access[$j]['auth_admin'];
$single_user = $u_access[$j]['single_user'];
}
}
break;
case MOD:
for($i = 0; $i < count($u_access); $i++)
{
if(!$single_user)
case ADMIN:
for($j = 0; $j < count($u_access); $j++)
{
$auth_user = $auth_user || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
$single_user = $u_access[$i]['single_user'];
if(!$single_user)
{
$auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_admin'];
$single_user = $u_access[$j]['single_user'];
}
}
}
break;
case ADMIN:
for($i = 0; $i < count($u_access); $i++)
{
if(!$single_user)
{
$auth_user = $auth_user || $u_access[$i]['auth_admin'];
$single_user = $u_access[$i]['single_user'];
}
}
break;
break;
default:
$auth_user = false;
break;
default:
$auth_user[$auth_fields[$i]] = false;
break;
}
}
}
$single_user = false;
for($j = 0; $j < count($u_access); $j++)
{
if(!$single_user)
{
$auth_user['auth_mod'] = $auth_user['auth_mod'] || $u_access[$j]['auth_mod'];
$single_user = $u_access[$j]['single_user'];
}
}
$single_user = false;
for($j = 0; $j < count($u_access); $j++)
{
if(!$single_user)
{
$auth_user['auth_admin'] = $auth_user['auth_admin'] || $u_access[$j]['auth_admin'];
$single_user = $u_access[$j]['single_user'];
}
}
}

3
phpBB/templates/Default/viewforum_body.tpl
View File

@ -99,6 +99,9 @@
</td>
</tr>
<tr>
<td align="left" style="{font-size: 8pt; height: 55px;}">{S_AUTH_LIST}</td>
</tr>
</table>
</td>
</tr>

3
phpBB/templates/Default/viewtopic_body.tpl
View File

@ -145,6 +145,9 @@
</td>
</tr>
<tr>
<td align="left" style="{font-size: 8pt; height: 55px;}">{S_AUTH_LIST}</td>
</tr>
</table>
</td>
</tr>

2
phpBB/templates/PSO/viewforum_body.tpl
View File

@ -51,7 +51,7 @@
<tr>
<td width="20"></td>
<td width="40%"><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}"><b>{S_TIMEZONE}</b></font></td>
<td rowspan="6" align="right" valign="top" nowrap>{JUMPBOX}</td>
<td rowspan="6" align="right" valign="top" nowrap>{JUMPBOX}<br><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}">{S_AUTH_LIST}</font></td>
</tr>
<tr>
<td><img src="images/red_folder.gif"></td>

14
phpBB/templates/PSO/viewtopic_body.tpl
View File

@ -9,12 +9,12 @@
<tr>
<td bgcolor="{T_TH_COLOR1}"><table border="0" cellpadding="4" cellspacing="1" width="100%">
<tr>
<td colspan="2" bgcolor="{T_TH_COLOR2}"><table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td><font face="{T_FONTFACE1}" size="{T_FONTSIZE3}"><b>{TOPIC_TITLE}</b></font></td>
<td align="right" valign="middle"><a href="{U_POST_REPLY_TOPIC}"><img src="templates/PSO/images/reply.gif" border="1" /></a>&nbsp;&nbsp;<a href="{U_POST_NEW_TOPIC}"><img src="templates/PSO/images/post.gif" border="1" /></a>&nbsp;</td>
</tr>
</table></td>
<td colspan="2" bgcolor="{T_TH_COLOR2}"><table width="100%" cellspacing="0" cellpadding="0" border="0">
<tr>
<td><font face="{T_FONTFACE1}" size="{T_FONTSIZE3}"><b>{TOPIC_TITLE}</b></font></td>
<td align="right" valign="middle"><a href="{U_POST_REPLY_TOPIC}"><img src="templates/PSO/images/reply.gif" border="1" /></a>&nbsp;&nbsp;<a href="{U_POST_NEW_TOPIC}"><img src="templates/PSO/images/post.gif" border="1" /></a>&nbsp;</td>
</tr>
</table></td>
</tr>
<tr>
<td width="20%" bgcolor="{T_TH_COLOR3}"><font face="{T_FONTFACE1}" size="{T_FONTSIZE2}"><b>{L_AUTHOR}</b></font></td>
@ -59,6 +59,6 @@
<div align="center"><table cellspacing="2" border="0" width="98%">
<tr>
<td width="40%" valign="top"><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}"><b>{S_TIMEZONE}</b></font></td>
<td align="right" valign="top" nowrap>{JUMPBOX}</td>
<td align="right" valign="top" nowrap>{JUMPBOX}<br><font face="{T_FONTFACE1}" size="{T_FONTSIZE1}">{S_AUTH_LIST}</font></td>
</tr>
</table></div>

19
phpBB/viewforum.php
View File

@ -56,7 +56,7 @@ init_userprefs($userdata);
//
if(isset($forum_id))
{
$sql = "SELECT f.forum_type, f.forum_name, f.forum_topics, u.username, u.user_id, fa.*
$sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.*
FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa
WHERE f.forum_id = $forum_id
AND fa.forum_id = f.forum_id
@ -88,9 +88,9 @@ if(!$forum_row)
//
// Start auth check
//
$is_auth = auth(READ, $forum_id, $userdata, $forum_row['0']['auth_read']);
$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]);
if(!$is_auth)
if(!$is_auth['auth_read'])
{
//
// Ooopss, user is not authed
@ -304,10 +304,21 @@ if($total_topics)
);
}
$s_auth_can = "";
$s_auth_can .= "You " . (($is_auth['auth_read']) ? "<b>can</b>" : "<b>cannot</b>" ) . " read posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_post']) ? "<b>can</b>" : "<b>cannot</b>") . " add new topics to this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b>") . " reply to posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : "";
$template->assign_vars(array(
"PAGINATION" => generate_pagination("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id&postdays=$post_days", $topics_count, $board_config['topics_per_page'], $start),
"ON_PAGE" => (floor($start/$board_config['topics_per_page'])+1),
"TOTAL_PAGES" => ceil($topics_count/$board_config['topics_per_page']),
"TOTAL_PAGES" => ceil($topics_count/$board_config['topics_per_page']),
"S_AUTH_LIST" => $s_auth_can,
"L_OF" => $lang['of'],
"L_PAGE" => $lang['Page'],

17
phpBB/viewtopic.php
View File

@ -136,9 +136,9 @@ else
$join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,";
$join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id";
$count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts";
$order_sql = (!isset($post_id)) ? "" : "GROUP BY fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id ORDER BY p.post_id ASC";
$order_sql = (!isset($post_id)) ? "" : "GROUP BY fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read ORDER BY p.post_id ASC";
$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read".$count_sql."
$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.*".$count_sql."
FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa
WHERE $join_sql
AND f.forum_id = t.forum_id
@ -213,7 +213,7 @@ init_userprefs($userdata);
//
// Start auth check
//
$is_auth = auth(READ, $forum_id, $userdata, $forum_row[0]['auth_read']);
$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]);
if(!$is_auth)
{
@ -515,11 +515,22 @@ else
$pages = "1 $l_page";
}
$s_auth_can = "";
$s_auth_can .= "You " . (($is_auth['auth_read']) ? "<b>can</b>" : "<b>cannot</b>" ) . " read posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_post']) ? "<b>can</b>" : "<b>cannot</b>") . " add new topics to this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b>") . " reply to posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : "";
$template->assign_vars(array(
"PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id", $total_replies, $board_config['posts_per_page'], $start),
"ON_PAGE" => (floor($start/$board_config['posts_per_page'])+1),
"TOTAL_PAGES" => ceil(($total_replies)/$board_config['posts_per_page']),
"S_AUTH_LIST" => $s_auth_can,
"L_OF" => $lang['of'],
"L_PAGE" => $lang['Page'],
"L_GOTO_PAGE" => $lang['Goto_page'])