1
0
mirror of https://github.com/phpbb/phpbb.git synced 2025-08-01 14:30:32 +02:00

- Fix some bugs

- fixed retrieving of permissions if the LIKE statement is used as well as proper supporting (needs testing on mssql)


git-svn-id: file:///svn/phpbb/trunk@6366 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen
2006-09-14 14:57:29 +00:00
parent 665adc1722
commit 79137c312c
11 changed files with 221 additions and 74 deletions

View File

@@ -478,18 +478,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
$sql_opts = $sql_escape = '';
if ($opts !== false)
{
if (!is_array($opts))
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -519,7 +512,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
$result = $db->sql_query($sql);
$result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -595,18 +588,11 @@ class auth
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = '';
$sql_opts = $sql_escape = '';
if ($opts !== false)
{
if (!is_array($opts))
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -634,7 +620,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
$result = $db->sql_query($sql);
$result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -656,16 +642,11 @@ class auth
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : '';
$sql_opts = $sql_escape = '';
if ($opts !== false)
{
if (!is_array($opts))
{
$sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'";
}
else
{
$sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts);
}
$this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape);
}
$hold_ary = array();
@@ -693,7 +674,7 @@ class auth
'ORDER_BY' => 'a.forum_id, ao.auth_option'
));
$result = $db->sql_query($sql);
$result = $db->sql_query($sql . $sql_escape);
while ($row = $db->sql_fetchrow($result))
{
@@ -781,6 +762,72 @@ class auth
trigger_error('Authentication method not found', E_USER_ERROR);
}
/**
* Fill auth_option statement for later querying based on the supplied options
*/
function build_auth_option_statement($key, $auth_options, &$sql_opts, &$sql_escape)
{
global $db;
if (!is_array($auth_options))
{
if (strpos($auth_options, '%') !== false)
{
if (strpos($auth_options, '_') !== false)
{
$sql_opts = "AND $key LIKE '" . $db->sql_escape(str_replace('_', "\_", $auth_options)) . "'";
$sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
}
else
{
$sql_opts = "AND $key LIKE '" . $db->sql_escape($auth_options) . "'";
}
}
else
{
$sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'";
}
}
else
{
$is_like_expression = $is_underline = false;
foreach ($auth_options as $option)
{
if (strpos($option, '%') !== false)
{
$is_like_expression = true;
}
if (strpos($option, '_') !== false)
{
$is_underline = true;
}
}
if (!$is_like_expression)
{
$sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options);
}
else
{
$sql = array();
foreach ($auth_options as $option)
{
$sql[] = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'";
}
$sql_opts = 'AND (' . implode(' OR ', $sql) . ')';
if ($is_underline)
{
$sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : '';
}
}
}
}
}
?>