mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-30 21:40:43 +02:00
Code Issues Releases Wiki Activity

Some basic user auth layout tests

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@440 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
2001-06-08 00:37:26 +00:00
parent 8752cd075c
commit 820df16055
5 changed files with 490 additions and 291 deletions
Download Patch File Download Diff File Expand all files Collapse all files

505
phpBB/admin/userauth.php
View File

@@ -8,8 +8,8 @@ include('common.'.$phpEx);
//
// Start session management
//
//$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
//init_userprefs($userdata);
$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
init_userprefs($userdata);
//
// End session management
//
@@ -21,178 +21,80 @@ $auth_field_match = array(
"auth_reply" => AUTH_REPLY,
"auth_edit" => AUTH_EDIT,
"auth_delete" => AUTH_DELETE,
"auth_sticky" => AUTH_STICKY,
"auth_announce" => AUTH_ANNOUNCE,
"auth_vote" => AUTH_VOTE,
"auth_votecreate" => AUTH_VOTECREATE,
"auth_attachments" => AUTH_ATTACH
);
$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote", "auth_attachments");
$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_votecreate", "auth_vote", "auth_attachments");
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>phpBB - auth testing</title>
<style type="text/css">
<!--
P {font-family:Verdana,serif;font-size:8pt}
H1 {font-family:Arial,Helvetica,sans-serif;font-size:14pt;}
H2 {font-family:Arial,Helvetica,sans-serif;font-size:12pt;}
H3 {font-family:Arial,Helvetica,sans-serif;font-size:10pt;}
TH {font-family:Verdana,serif;font-size:8pt}
TD {font-family:Verdana,serif;font-size:8pt}
SELECT.small {width:140px;font-family:"Courier New",courier;font-size:8pt;}
INPUT.text {font-family:"Courier New",courier;font-size:8pt;}
//-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<h1>User Authorisation Control</h1>
<?php
if(!empty($HTTP_GET_VARS[POST_FORUM_URL]))
//
//
//
if(isset($HTTP_GET_VARS['adv']))
{
$forum_id = $HTTP_GET_VARS[POST_FORUM_URL];
if(!empty($HTTP_GET_VARS['auth']))
{
// $fields = $HTTP_GET_VARS['auth'] . ", ";
$fields = "af.".$HTTP_GET_VARS['auth'] . ", ";
$forum_field_name[0] = $HTTP_GET_VARS['auth'];
}
else
{
$fields = "";
$i = 0;
while(list($key, $value) = each($auth_field_match))
{
// $fields .= $key . ", ";
$fields .= "af.".$key . ", ";
$forum_field_name[$i] = $key;
$i++;
}
}
/* $sql = "SELECT " . $fields . "forum_id, forum_name
FROM ".FORUMS_TABLE."
WHERE forum_id = $forum_id";*/
$sql = "SELECT " . $fields. "f.forum_id, f.forum_name
FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." af
WHERE af.forum_id = f.forum_id
AND f.forum_id = $forum_id";
$f_result = $db->sql_query($sql);
$forum_fields = $db->sql_fetchrow($f_result);
$sql = "SELECT aa.*, g.group_name, u.user_id, u.username, u.user_level, f.forum_name
FROM ".AUTH_ACCESS_TABLE." aa, ".GROUPS_TABLE." g, ".USER_GROUP_TABLE." ug, ".USERS_TABLE." u, ".FORUMS_TABLE." f
WHERE f.forum_id = $forum_id
AND aa.forum_id = f.forum_id
AND ug.group_id = aa.group_id
AND g.group_id = ug.group_id
AND u.user_id = ug.user_id
ORDER BY u.user_id, aa.group_id";
$aa_result = $db->sql_query($sql);
$user_list = $db->sql_fetchrowset($aa_result);
for($i = 0; $i < count($user_list); $i++)
{
$user_id = $user_list[$i]['user_id'];
$userinfo[$user_id]['username'] = $user_list[$i]['username'];
$is_admin = ($user_list[$i]['user_level'] == ADMIN) ? 1 : 0;
for($j = 0; $j < count($forum_field_name); $j++)
{
$this_field = $forum_field_name[$j];
$is_auth[$this_field][$user_id] = auth_check_user($forum_fields[$this_field], $this_field, $user_list[$i], $is_admin);
}
}
echo "<h2>Forum: ".$forum_fields['forum_name']."</h2>\n";
?>
<div align="center"><table cellspacing="1" cellpadding="4" border="0">
<tr>
<th bgcolor="#CCCCCC">Forum Auth Field</th>
<th bgcolor="#CCCCCC">Users with Access</th>
</tr>
<?php
for($i = 0; $i < count($forum_field_name); $i++)
{
echo "\t<tr><form method=\"get\" action=\"userauth.php\">\n";
echo "\t\t<td bgcolor=\"#DDDDDD\">" . $forum_field_name[$i] . "</td>\n";
reset($is_auth);
$user_auth_ary = $is_auth[$forum_field_name[$i]];
if($forum_fields[$forum_field_name[$i]] == AUTH_ALL || $forum_fields[$forum_field_name[$i]] == AUTH_REG)
{
if($forum_fields[$forum_field_name[$i]] == AUTH_ALL)
{
echo "\t\t<td align=\"center\" bgcolor=\"#EEEEEE\">&nbsp;All Users&nbsp;</td>";
}
else
{
echo "\t\t<td align=\"center\" bgcolor=\"#EEEEEE\">&nbsp;Registered Users&nbsp;</td>";
}
}
else
{
echo "\t\t<td bgcolor=\"#EEEEEE\">&nbsp;<select name=\"u\">";
while(list($userkey, $auth_value) = each($user_auth_ary))
{
if($auth_value)
{
echo "<option value=\"$userkey\">" . $userinfo[$userkey]['username'] . "</option>";
}
}
echo "</select>&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Look up User\">&nbsp;</td>\n";
}
echo "\t</form></tr>\n";
}
?>
</table></div>
<?php
$adv = $HTTP_GET_VARS['adv'];
}
else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
else
{
$adv = -1;
}
if(isset($HTTP_GET_VARS[POST_USERS_URL]))
{
$template->set_filenames(array(
"body" => "admin/userauth_body.tpl"));
$user_id = $HTTP_GET_VARS[POST_USERS_URL];
/* $sql = "SELECT *
FROM " . FORUMS_TABLE;*/
$sql = "SELECT f.forum_id, f.forum_name, fa.*
$sql = "SELECT f.forum_id, f.forum_name, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_announce, fa.auth_sticky, fa.auth_votecreate, fa.auth_vote, fa.auth_attachments
FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa
WHERE fa.forum_id = f.forum_id";
$af_result = $db->sql_query($sql);
$f_access = $db->sql_fetchrowset($af_result);
$fa_result = $db->sql_query($sql);
$forum_access = $db->sql_fetchrowset($fa_result);
$sql = "SELECT user_id, username, user_level
FROM " . USERS_TABLE . "
WHERE user_id = $user_id";
for($i = 0; $i < count($forum_access); $i++)
{
while(list($forum_id, $forum_row) = each($forum_access))
{
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$basic_auth_level[$forum_row['forum_id']] = "public";
if($forum_row[$forum_auth_fields[$j]] == AUTH_ACL)
{
$basic_auth_level[$forum_row['forum_id']] = "private";
$basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
}
}
if($forum_row['auth_view'] == AUTH_MOD || $forum_row['auth_read'] == AUTH_MOD || $forum_row['auth_post'] == AUTH_MOD || $forum_row['auth_reply'] == AUTH_MOD)
{
$basic_auth_level[$forum_row['forum_id']] = "moderate";
}
if($forum_row['auth_view'] == AUTH_ADMIN || $forum_row['auth_read'] == AUTH_ADMIN || $forum_row['auth_post'] == AUTH_ADMIN || $forum_row['auth_reply'] == AUTH_ADMIN)
{
$basic_auth_level[$forum_row['forum_id']] = "admin";
}
}
}
$sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE u.user_id = $user_id
AND ug.user_id = u.user_id
AND g.group_id = ug.group_id";
$u_result = $db->sql_query($sql);
$userinf = $db->sql_fetchrow($u_result);
$userinf = $db->sql_fetchrowset($u_result);
$sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
AND aa.group_id = ug.group_id";
AND aa.group_id = ug.group_id
AND g.group_single_user = 1";
$au_result = $db->sql_query($sql);
$num_u_access = $db->sql_numrows($au_result);
@@ -201,11 +103,11 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
$u_access = $db->sql_fetchrowset($au_result);
}
$is_admin = ($userinf['user_level'] == ADMIN) ? 1 : 0;
$is_admin = ($userinf[0]['user_level'] == ADMIN) ? 1 : 0;
for($i = 0; $i < count($f_access); $i++)
for($i = 0; $i < count($forum_access); $i++)
{
$f_forum_id = $f_access[$i]['forum_id'];
$f_forum_id = $forum_access[$i]['forum_id'];
$is_forum_restricted[$f_forum_id] = 0;
for($j = 0; $j < count($forum_auth_fields); $j++)
@@ -213,192 +115,213 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
$key = $forum_auth_fields[$j];
$value = $f_access[$i][$key];
if($user_id == ANONYMOUS)
switch($value)
{
$auth_user[$f_forum_id][$key] = ($value == AUTH_ALL) ? 1 : 0;
if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN)
{
$is_forum_restricted[$f_forum_id] = 1;
}
}
else if(!$num_u_access)
{
$auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN)
{
$is_forum_restricted[$f_forum_id] = 1;
}
}
else
{
switch($value)
{
case AUTH_ALL:
$auth_user[$f_forum_id][$key] = 1;
break;
case AUTH_ALL:
$auth_user[$f_forum_id][$key] = 1;
break;
case AUTH_REG:
$auth_user[$f_forum_id][$key] = 1;
break;
case AUTH_REG:
$auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? 1 : 0;
break;
case AUTH_ACL:
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
$is_forum_restricted[$f_forum_id] = 1;
break;
case AUTH_ACL:
$auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
break;
case AUTH_MOD:
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_MOD, $key, $u_access, $is_admin);
$is_forum_restricted[$f_forum_id] = 1;
break;
case AUTH_MOD:
$auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0;
break;
case AUTH_ADMIN:
$auth_user[$f_forum_id][$key] = $is_admin;
$is_forum_restricted[$f_forum_id] = 1;
break;
case AUTH_ADMIN:
$auth_user[$f_forum_id][$key] = $is_admin;
break;
default:
$auth_user[$f_forum_id][$key] = 0;
break;
}
default:
$auth_user[$f_forum_id][$key] = 0;
break;
}
}
//
// Is user a moderator?
//
$auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
$auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
}
?>
<h2><?php
echo $userinf['username'] . " is ";
if($userinf['user_level'] == ADMIN)
while(list($forumkey, $user_ary) = each($auth_user))
{
echo "an Administrator";
$simple_auth[$forumkey] = 1;
while(list($fieldkey, $value) = each($user_ary))
{
$simple_auth[$forumkey] = $simple_auth[$forumkey] && $value;
}
}
reset($auth_user);
$t_username .= $userinf[0]['username'];
$t_usertype = ($userinf[0]['user_level'] == ADMIN) ? "an <b>Administrator</b>" : "a <b>User</b>";
for($i = 0; $i < count($userinf); $i++)
{
if(!$userinf[$i]['group_single_user'])
{
$group_name[] = $userinf[$i]['group_name'];
$group_id[] = $userinf[$i]['group_name'];
}
}
if(count($group_name))
{
$t_usergroup_list = "belongs to the following groups; ";
for($i = 0; $i < count($userinf); $i++)
{
$t_usergroup_list .= $group_name[$i];
if($i < count($group_name) - 1)
{
$t_usergroup_list .= ", ";
}
}
}
else
{
echo "a User";
$t_usergroup_list = "belongs to no usergroups.";
}
?></h2>
<h3>Restricted forums</h3>
<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0">
<tr>
<th width="25%" bgcolor="#CCCCCC">Forum Name</th>
<?php
for($j = 0; $j < count($forum_auth_fields); $j++)
{
echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n";
}
echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n";
echo "</tr>\n";
$i = 0;
while(list($forumkey, $user_ary) = each($auth_user))
if($adv == -1)
{
if($is_forum_restricted[$forumkey])
while(list($forumkey, $user_ary) = each($auth_user))
{
if($basic_auth_level[$forumkey] == "private")
{
$allowed = 1;
for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++)
{
if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]])
{
$allowed = 0;
}
}
$optionlist_grant = "<select name=\"simple[$forumkey]\">";
if($allowed)
{
$optionlist_grant .= "<option value=\"1\" selected>Allow Access</option><option value=\"0\">Disallow Access</option>";
}
else
{
$optionlist_grant .= "<option value=\"1\">Allow Access</option><option value=\"0\" selected>Disallow Access</option>";
}
$optionlist_grant .= "</select>";
}
else
{
$optionlist_grant = "";
}
if($user_ary['auth_mod'])
{
$optionlist_mod = "<option value=\"1\">Remove Moderator</option><option value=\"0\" selected>Make Moderator</option>";
}
else
{
$optionlist_mod = "<option value=\"1\" selected>Remove Moderator</option><option value=\"0\">Make Moderator</option>";
}
switch($basic_auth_level[$forumkey])
{
case 'public':
$row_class = "authall";
break;
case 'private':
$row_class = "authacl";
break;
case 'moderate':
$row_class = "authmod";
break;
case 'admin':
$row_class = "authadmin";
break;
default:
$row_class = "authall";
break;
}
$template->assign_block_vars("restrictedforums", array(
"ROW_CLASS" => $row_class,
"FORUM_NAME" => $forum_access[$i]['forum_name'],
"SELECT_GRANT_LIST" => "$optionlist_grant",
"SELECT_MOD_LIST" => "<select name=\"moderator[$forumkey]\">$optionlist_mod</select>")
);
$i++;
}
}
else
{
while(list($forumkey, $user_ary) = each($auth_user))
{
echo "<tr>\n";
echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.php?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">".$f_access[$i]['forum_name']."</a></td>\n";
echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.php?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">" . $f_access[$i]['forum_name'] . "</a></td>\n";
while(list($fieldkey, $value) = each($user_ary))
{
$can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No";
echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n";
}
echo "</tr>\n";
$i++;
}
$i++;
}
reset($auth_user);
?>
</table></div>
<h3>Forums with general (public or registered) access</h3>
$template->assign_vars(array(
"USERNAME" => $t_username,
"USERTYPE" => $t_usertype,
"USER_GROUP_LIST" => $t_usergroup_list)
);
<p>The following forums are set to be generally accessible to most users, either everyone or just registered users. To limit these forums (or certain fields) to specific users you need to change the forum authorisation type via the <a href="forumauth.php">Forum Authorisation Admin</a> panel.</p>
$template->pparse("body");
<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0">
<tr>
<th width="25%" bgcolor="#CCCCCC">Forum Name</th>
<?php
for($j = 0; $j < count($forum_auth_fields); $j++)
{
echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n";
}
echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n";
echo "</tr>\n";
$i = 0;
while(list($forumkey, $user_ary) = each($auth_user))
{
if(!$is_forum_restricted[$forumkey])
{
echo "<tr>\n";
echo "\t<td bgcolor=\"#DDDDDD\">".$f_access[$i]['forum_name']."</td>\n";
while(list($fieldkey, $value) = each($user_ary))
{
$can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No";
echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n";
}
echo "</tr>\n";
}
$i++;
}
reset($auth_user);
?>
</table></div>
<?php
}
else
{
//
// Default user selection box
// This should be altered on the final
// system to list users via an alphabetical
// selection system ... otherwise this
// could get 'cumbersome' for boards
// with several thousand users!
//
$sql = "SELECT user_id, username
FROM ".USERS_TABLE;
$u_result = $db->sql_query($sql);
$user_list = $db->sql_fetchrowset($u_result);
?>
<div align="center"><table cellspacing="1" cellpadding="4" border="0">
<tr>
<th bgcolor="#CCCCCC">Select a User</th>
</tr>
<tr><form method="get" action="userauth.php">
<td bgcolor="#DDDDDD" align="center"><select name="<?php echo POST_USERS_URL; ?>"><?php
$select_list = "<select name=\"" . POST_USERS_URL . "\">";
for($i = 0; $i < count($user_list); $i++)
{
echo "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";
$select_list .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";
}
$select_list .= "</select>";
?></select>&nbsp;&nbsp;<input type="submit" value="Look up User">&nbsp;</td>
</form></tr>
</table></div>
<?php
$template->set_filenames(array(
"body" => "admin/userauth_select_body.tpl"));
$template->assign_vars(array(
"S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"),
"S_USERS_SELECT" => $select_list,
"U_FORUMAUTH" => append_sid("forumauth.$phpEx"))
);
$template->pparse("body");
}
?>
<center>
<p><a href="forumauth.php">Forum Authorisation Admin</a></p>
<font face="Verdana,serif" size="1">Powered By <a href="http://www.phpbb.com/" target="_phpbb">phpBB 2.0</a></font>
<br clear="all">
<font face="Verdana,serif" size="1">
Copyright &copy; 2001 phpBB Group, All Rights Reserved</font>
<br>
</body>
</html>
?>