From de43ceac369fca2e35c8dbf7e2315e6aaf7e48d3 Mon Sep 17 00:00:00 2001
From: Meik Sievertsen <acydburn@phpbb.com>
Date: Wed, 11 Feb 2004 21:09:47 +0000
Subject: [PATCH] use logical expression for module permissions + prefixes for
 acl's and config variables (acl_ and cfg_).

git-svn-id: file:///svn/phpbb/trunk@4829 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/install/schemas/schema_data.sql |  4 ++--
 phpBB/ucp.php                         | 14 ++++----------
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql
index dd420a555f..ab10f9eacd 100644
--- a/phpBB/install/schemas/schema_data.sql
+++ b/phpBB/install/schemas/schema_data.sql
@@ -382,8 +382,8 @@ INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_or
 INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('ucp', 'PROFILE', 'profile', 2, 1, 'profile_info\r\nreg_details\r\nsignature\r\navatar', '');
 INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('ucp', 'PREFS', 'prefs', 3, 1, 'personal\r\nview\r\npost', '');
 INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('ucp', 'ZEBRA', 'zebra', 4, 1, 'friends\r\nfoes', '');
-INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('ucp', 'ATTACHMENTS', 'attachments', 5, 1, '', 'u_attach');
-INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('mcp', 'QUEUE', 'queue', 2, 1, 'unapproved_topics\r\nunapproved_posts', 'm_approve');
+INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('ucp', 'ATTACHMENTS', 'attachments', 5, 1, '', 'acl_u_attach && cfg_allow_attachments');
+INSERT INTO phpbb_modules (module_type, module_title, module_filename, module_order, module_enabled, module_subs, module_acl) VALUES ('mcp', 'QUEUE', 'queue', 2, 1, 'unapproved_topics\r\nunapproved_posts', 'acl_m_approve');
 
 # MSSQL IDENTITY phpbb_modules OFF #
 
diff --git a/phpBB/ucp.php b/phpBB/ucp.php
index bac1c5d51c..ddd595ce99 100755
--- a/phpBB/ucp.php
+++ b/phpBB/ucp.php
@@ -50,7 +50,7 @@ class module
 	// Private methods, should not be overwritten
 	function create($module_type, $module_url, $selected_mod = false, $selected_submod = false)
 	{
-		global $template, $auth, $db, $user;
+		global $template, $auth, $db, $user, $config;
 
 		$sql = 'SELECT module_id, module_title, module_filename, module_subs, module_acl
 			FROM ' . MODULES_TABLE . "
@@ -64,15 +64,9 @@ class module
 			// Authorisation is required for the basic module
 			if ($row['module_acl'])
 			{
-				$is_auth = FALSE;
-				foreach (explode(',', $row['module_acl']) as $auth_option)
-				{
-					if ($auth->acl_get($auth_option))
-					{
-						$is_auth = TRUE;
-						break;
-					}
-				}
+				$is_auth = false;
+
+				eval('$is_auth = (' . preg_replace(array('#acl_([a-z_]+)#e', '#cfg_([a-z_]+)#e'), array('$auth->acl_get("\\1")', '$config["\\1"]'), $row['module_acl']) . ');');
 
 				// The user is not authorised to use this module, skip it
 				if (!$is_auth)