mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-14 19:45:21 +02:00
Code Issues Releases Wiki Activity

Advanced user auth working, use it, abuse it

Browse Source 
git-svn-id: file:///svn/phpbb/trunk@701 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-07-19 20:07:21 +00:00
parent a43e27711d
commit b69afe920c
2 changed files with 376 additions and 256 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

218
phpBB/admin/admin_userauth.php
View File

@ -135,6 +135,7 @@ $adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1;
if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
{ {
$user_id = $HTTP_POST_VARS[POST_USERS_URL]; $user_id = $HTTP_POST_VARS[POST_USERS_URL];
$adv = (isset($HTTP_POST_VARS['adv'])) ? TRUE : FALSE;
// //
// This is where things become fun ... // This is where things become fun ...
@ -230,15 +231,6 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
} }
else else
{ {
$change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : array();
$change_prv_ary = (isset($HTTP_POST_VARS['private'])) ? $HTTP_POST_VARS['private'] : array();
if( !isset($change_prv_ary) )
{
}
// //
// Pull all the auth/group // Pull all the auth/group
// for this user // for this user
@ -263,6 +255,38 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
$forum_access = $db->sql_fetchrowset($fa_result); $forum_access = $db->sql_fetchrowset($fa_result);
$change_prv_list = array();
$change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : array();
for($i = 0; $i < count($forum_access); $i++)
{
$forum_id = $forum_access[$i]['forum_id'];
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$field = $forum_auth_fields[$j];
if( isset($HTTP_POST_VARS['private']) )
{
if( $forum_access[$i][$field] == AUTH_ACL )
{
if( isset($HTTP_POST_VARS['private'][$forum_id]) )
{
$change_prv_list[$forum_id][$field] = $HTTP_POST_VARS['private'][$forum_id];
}
}
}
else
{
if( isset($HTTP_POST_VARS[$field][$forum_id]) )
{
$change_prv_list[$forum_id][$field] = $HTTP_POST_VARS[$field][$forum_id];
}
}
}
}
// //
// The data above lists access and moderator permissions // The data above lists access and moderator permissions
// for this user given by all the groups they belong to. // for this user given by all the groups they belong to.
@ -284,14 +308,11 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
$warning_mod_grpname = array(); $warning_mod_grpname = array();
$warning_mod_frmname = array(); $warning_mod_frmname = array();
$valid_auth_mod_sql = array(); $valid_auth_mod_sql = array();
$valid_auth_mod_sql_val = "";
$warning_prv_grpid = array(); $warning_prv_grpid = array();
$warning_prv_grpname = array(); $warning_prv_grpname = array();
$warning_prv_frmname = array(); $warning_prv_frmname = array();
$valid_auth_prv_sql = array(); $valid_auth_prv_sql = array();
$valid_auth_prv_sql_fld = "";
$valid_auth_prv_sql_val = "";
for($i = 0; $i < count($forum_access); $i++) for($i = 0; $i < count($forum_access); $i++)
{ {
@ -300,8 +321,12 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
$update_mod = FALSE; $update_mod = FALSE;
$update_acl = FALSE; $update_acl = FALSE;
$valid_auth_mod_sql_val = "";
$valid_auth_prv_sql_fld = "";
$valid_auth_prv_sql_val = "";
@reset($change_mod_ary); @reset($change_mod_ary);
@reset($change_mod_prv); @reset($change_prv_list);
// //
// Moderator control // Moderator control
@ -367,7 +392,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
// //
// Private/ACL control // Private/ACL control
// //
while(list($prv_forum_id, $new_prv_status) = @each($change_prv_ary)) while(list($prv_forum_id, $new_prv_ary) = @each($change_prv_list))
{ {
if($prv_forum_id == $this_forum_id && empty($valid_auth_mod_sql[$this_forum_id]) ) if($prv_forum_id == $this_forum_id && empty($valid_auth_mod_sql[$this_forum_id]) )
{ {
@ -388,15 +413,12 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
// //
// Step through all auth fields // Step through all auth fields
// //
for($k = 0; $k < count($forum_auth_fields); $k++) @reset($new_prv_ary);
while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
{ {
$this_prv_field = $forum_auth_fields[$k];
// //
// Is this field set to ACL? // Is this field set to ACL?
// //
if($forum_access[$i][$this_prv_field] == AUTH_ACL)
{
$cur_prv_status = $u_access[$j][$this_prv_field]; $cur_prv_status = $u_access[$j][$this_prv_field];
if($cur_prv_status == $new_prv_status && $is_single_user) if($cur_prv_status == $new_prv_status && $is_single_user)
@ -419,7 +441,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
} }
else if($cur_prv_status != $new_prv_status && $is_single_user) else if($cur_prv_status != $new_prv_status && $is_single_user)
{ {
if(!empty($valid_auth_prv_sql_val)) if( $valid_auth_prv_sql_val != "")
{ {
$valid_auth_prv_sql_val .= ", "; $valid_auth_prv_sql_val .= ", ";
} }
@ -433,7 +455,6 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
} }
} }
} }
}
if($is_single_user) if($is_single_user)
{ {
@ -452,37 +473,41 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))
} }
} }
if(!$update_acl && $new_prv_status) if(!$update_acl)
{ {
$valid_auth_prv_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, ";
// //
// Step through all auth fields // Step through all auth fields
// //
for($k = 0; $k < count($forum_auth_fields); $k++) $all_zeroed = TRUE;
{
$this_prv_field = $forum_auth_fields[$k];
@reset($new_prv_ary);
while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
{
// //
// Is this field set to ACL? // Is this field set to ACL?
// //
if($forum_access[$i][$this_prv_field] == AUTH_ACL) if( $valid_auth_prv_sql_fld != "" )
{
if( !empty($valid_auth_prv_sql_fld) )
{ {
$valid_auth_prv_sql_fld .= ", "; $valid_auth_prv_sql_fld .= ", ";
} }
if( !empty($valid_auth_prv_sql_val) ) if( $valid_auth_prv_sql_val != "" )
{ {
$valid_auth_prv_sql_val .= ", "; $valid_auth_prv_sql_val .= ", ";
} }
$valid_auth_prv_sql_fld .= "$this_prv_field"; $valid_auth_prv_sql_fld .= "$this_prv_field";
$valid_auth_prv_sql_val .= "$new_prv_status"; $valid_auth_prv_sql_val .= "$new_prv_status";
if($new_prv_status)
{
$all_zeroed = FALSE;
} }
} }
$valid_auth_prv_sql[$this_forum_id] .= $valid_auth_prv_sql_fld . ") VALUES ($this_forum_id, " . $ug_info['group_id'] . ", " . $valid_auth_prv_sql_val . ")"; if(!$all_zeroed)
{
$valid_auth_prv_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_prv_sql_fld) VALUES ($this_forum_id, " . $ug_info['group_id'] . ", $valid_auth_prv_sql_val)";
}
$update_acl = TRUE; $update_acl = TRUE;
} }
@ -605,6 +630,14 @@ else
// Front end // Front end
// //
$user_id = $HTTP_GET_VARS[POST_USERS_URL]; $user_id = $HTTP_GET_VARS[POST_USERS_URL];
if( isset($HTTP_GET_VARS['adv']) )
{
$adv = $HTTP_GET_VARS['adv'];
}
else
{
$adv = FALSE;
}
$template_header = "admin/page_header.tpl"; $template_header = "admin/page_header.tpl";
include('page_header_admin.'.$phpEx); include('page_header_admin.'.$phpEx);
@ -614,7 +647,7 @@ else
); );
$sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_announce, f.auth_sticky $sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id WHERE c.cat_id = f.cat_id
ORDER BY c.cat_order ASC, f.forum_order ASC"; ORDER BY c.cat_order ASC, f.forum_order ASC";
@ -622,7 +655,7 @@ else
$forum_access = $db->sql_fetchrowset($fa_result); $forum_access = $db->sql_fetchrowset($fa_result);
if($adv == -1) if( empty($adv) )
{ {
for($i = 0; $i < count($forum_access); $i++) for($i = 0; $i < count($forum_access); $i++)
{ {
@ -655,6 +688,7 @@ else
} }
} }
} }
}
$sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
@ -664,7 +698,7 @@ else
$u_result = $db->sql_query($sql); $u_result = $db->sql_query($sql);
$userinf = $db->sql_fetchrowset($u_result); $userinf = $db->sql_fetchrowset($u_result);
$sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_mod $sql = "SELECT aa.*
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = $user_id WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id AND g.group_id = ug.group_id
@ -710,6 +744,7 @@ else
{ {
$result = a_auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin); $result = a_auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin);
$auth_user[$f_forum_id][$key] = $result['auth']; $auth_user[$f_forum_id][$key] = $result['auth'];
$auth_field_acl[$f_forum_id][$key] = $result['auth'];
} }
else else
{ {
@ -738,6 +773,7 @@ else
break; break;
} }
} }
// //
// Is user a moderator? // Is user a moderator?
// //
@ -752,24 +788,15 @@ else
} }
} }
while(list($forumkey, $user_ary) = each($auth_user))
{
$simple_auth[$forumkey] = 1;
while(list($fieldkey, $value) = each($user_ary))
{
$simple_auth[$forumkey] = $simple_auth[$forumkey] && $value;
}
}
reset($auth_user);
$i = 0; $i = 0;
if($adv == -1)
{
while(list($forumkey, $user_ary) = each($auth_user)) while(list($forumkey, $user_ary) = each($auth_user))
{
if( empty($adv) )
{ {
if($basic_auth_level[$forumkey] == "private") if($basic_auth_level[$forumkey] == "private")
{ {
$allowed = 1; $allowed = 1;
for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++) for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++)
{ {
if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]]) if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]])
@ -796,15 +823,60 @@ else
{ {
$optionlist_acl = "&nbsp;"; $optionlist_acl = "&nbsp;";
} }
}
else
{
@reset($forum_access);
while(list($key, $forum_row) = each($forum_access))
{
$forum_id = $forum_row['forum_id'];
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$field_name = $forum_auth_fields[$j];
if( $forum_row[$field_name] == AUTH_ACL )
{
$optionlist_acl_adv[$forum_id][$j] = "<select name=\"" . $field_name . "[$forum_id]\">";
if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) )
{
if(!$auth_field_acl[$forum_id][$field_name])
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option><option value=\"0\" selected>Off</option>";
}
else
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\" selected>On</option><option value=\"0\">Off</option>";
}
}
else
{
if($is_admin || $user_ary['auth_mod'])
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option>";
}
else
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option><option value=\"0\" selected>Off</option>";
}
}
$optionlist_acl_adv[$forum_id][$j] .= "</select>";
}
}
}
}
$optionlist_mod = "<select name=\"moderator[$forumkey]\">"; $optionlist_mod = "<select name=\"moderator[$forumkey]\">";
if($user_ary['auth_mod']) if($user_ary['auth_mod'])
{ {
$optionlist_mod .= "<option value=\"1\" selected>Is a Moderator</option><option value=\"0\">Is not a Moderator</option>"; $optionlist_mod .= "<option value=\"1\" selected>Moderator</option><option value=\"0\">Not Moderator</option>";
} }
else else
{ {
$optionlist_mod .= "<option value=\"1\">Is a Moderator</option><option value=\"0\" selected>Is not a Moderator</option>"; $optionlist_mod .= "<option value=\"1\">Moderator</option><option value=\"0\" selected>Not Moderator</option>";
} }
$optionlist_mod .= "</select>"; $optionlist_mod .= "</select>";
@ -816,11 +888,26 @@ else
"U_FORUM_AUTH" => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']), "U_FORUM_AUTH" => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
"S_ACL_SELECT" => $optionlist_acl,
"S_MOD_SELECT" => $optionlist_mod) "S_MOD_SELECT" => $optionlist_mod)
); );
$i++;
if(!$adv)
{
$template->assign_block_vars("forums.aclvalues", array(
"S_ACL_SELECT" => $optionlist_acl)
);
} }
else
{
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$template->assign_block_vars("forums.aclvalues", array(
"S_ACL_SELECT" => $optionlist_acl_adv[$forumkey][$j])
);
}
}
$i++;
} }
reset($auth_user); reset($auth_user);
@ -856,6 +943,30 @@ else
$s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_USERS_URL . "\" value=\"$user_id\">"; $s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_USERS_URL . "\" value=\"$user_id\">";
$s_hidden_fields .= "<input type=\"hidden\" name=\"curadmin\" value=\"" . $is_admin ."\">"; $s_hidden_fields .= "<input type=\"hidden\" name=\"curadmin\" value=\"" . $is_admin ."\">";
$s_column_span = 2; // Two columns always present
if(!$adv)
{
$template->assign_block_vars("acltype", array(
"L_UG_ACL_TYPE" => "Simple Auth Setting")
);
$s_column_span++;
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$template->assign_block_vars("acltype", array(
"L_UG_ACL_TYPE" => ucfirst(preg_replace("/auth_/", "", $forum_auth_fields[$i])))
);
$s_column_span++;
}
}
$switch_mode = "admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id . "&adv=";
$switch_mode .= ( !$adv ) ? "1" : "0";
$switch_mode_text = ( !$adv ) ? "Advanced Mode" : "Simple Mode";
$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
$template->assign_vars(array( $template->assign_vars(array(
"USERNAME" => $t_username, "USERNAME" => $t_username,
"USER_GROUP_MEMBERSHIPS" => "This user is a $s_user_type and belongs to the following groups: $t_usergroup_list", "USER_GROUP_MEMBERSHIPS" => "This user is a $s_user_type and belongs to the following groups: $t_usergroup_list",
@ -864,14 +975,13 @@ else
"L_USER_OR_GROUP" => "User", "L_USER_OR_GROUP" => "User",
"U_USER_OR_GROUP" => append_sid("admin_userauth.$phpEx"), "U_USER_OR_GROUP" => append_sid("admin_userauth.$phpEx"),
"U_FORUMAUTH" => append_sid("admin_forumauth.$phpEx"), "U_SWITCH_MODE" => $u_switch_mode,
"S_COLUMN_SPAN" => $s_column_span,
"S_USER_AUTH_ACTION" => append_sid("admin_userauth.$phpEx"), "S_USER_AUTH_ACTION" => append_sid("admin_userauth.$phpEx"),
"S_HIDDEN_FIELDS" => $s_hidden_fields) "S_HIDDEN_FIELDS" => $s_hidden_fields)
); );
} // if adv == -1
} }
$template->pparse("body"); $template->pparse("body");

22
phpBB/templates/PSO/admin/ug_auth_body.tpl
View File

@ -11,23 +11,33 @@
<p>Remember that there are two possible places for controlling access to forums, user and group auth control. Removing access rights from a user will not affect any rights granted via group membership. You will be warned if you remove access rights from a user (or group) but access is still granted via membership of a group (or via individual user rights)</p> <p>Remember that there are two possible places for controlling access to forums, user and group auth control. Removing access rights from a user will not affect any rights granted via group membership. You will be warned if you remove access rights from a user (or group) but access is still granted via membership of a group (or via individual user rights)</p>
<div align="center"><table cellspacing="1" cellpadding="4" border="0"> <table cellspacing="1" cellpadding="4" border="0" align="center">
<tr> <tr>
<th width="30%">Forum Name</th> <th width="30%">Forum Name</th>
<th>Simple Access Control</th> <!-- BEGIN acltype -->
<th>{acltype.L_UG_ACL_TYPE}</th>
<!-- END acltype -->
<th>Moderator</th> <th>Moderator</th>
</tr> </tr>
<!-- BEGIN forums --> <!-- BEGIN forums -->
<tr> <tr>
<td class="{forums.ROW_CLASS}" align="center"><a href="{forums.U_FORUM_AUTH}" onClick="open_new_window('{forums.U_FORUM_AUTH}');return false" target="_new">{forums.FORUM_NAME}</a></td> <td class="{forums.ROW_CLASS}" align="center"><a href="{forums.U_FORUM_AUTH}" onClick="open_new_window('{forums.U_FORUM_AUTH}');return false" target="_new">{forums.FORUM_NAME}</a></td>
<td class="{forums.ROW_CLASS}" align="center">{forums.S_ACL_SELECT}</td> <!-- BEGIN aclvalues -->
<td class="{forums.ROW_CLASS}" align="center">{forums.aclvalues.S_ACL_SELECT}</td>
<!-- END aclvalues -->
<td class="{forums.ROW_CLASS}" align="center">{forums.S_MOD_SELECT}</td> <td class="{forums.ROW_CLASS}" align="center">{forums.S_MOD_SELECT}</td>
</tr> </tr>
<!-- END forums --> <!-- END forums -->
<tr> <tr>
<td colspan="4" align="center"><br clear="all"> <td colspan="{S_COLUMN_SPAN}"><table width="100%" cellspacing="0" cellpadding="4" border="0">
{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="Request Update">&nbsp;&nbsp;&nbsp;<input type="reset" value="Reset Changes"></td> <tr>
<td align="center">{U_SWITCH_MODE}</td>
</tr> </tr>
</table></div> <tr>
<td align="center">{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="Request Update">&nbsp;&nbsp;&nbsp;<input type="reset" value="Reset Changes"></td>
</tr>
</table></td>
</tr>
</table>
</form> </form>