acl_get('a_auth')) ? "$filename$SID&mode=forum" : ''; $module['PERM']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? "$filename$SID&mode=mod" : ''; $module['PERM']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? "$filename$SID&mode=supermod" : ''; $module['PERM']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? "$filename$SID&mode=admin" : ''; $module['PERM']['USER_PERMS'] = ($auth->acl_get('a_authusers')) ? "$filename$SID&mode=user" : ''; $module['PERM']['GROUP_PERMS'] = ($auth->acl_get('a_authgroups')) ? "$filename$SID&mode=group" : ''; return; } define('IN_PHPBB', 1); // Include files $phpbb_root_path = '../'; $phpEx = substr(strrchr(__FILE__, '.'), 1); require('pagestart.' . $phpEx); // Grab and set some basic parameters // // 'mode' determines what we're altering; administrators, users, deps, etc. // 'submit' is used to determine what we're doing ... special format $mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; $submode = (isset($_REQUEST['submode'])) ? htmlspecialchars($_REQUEST['submode']) : ''; $which_mode = (!empty($submode) && $submode != $mode) ? $submode : $mode; $submit = array_values(preg_grep('#^submit_(.*)$#i', array_keys($_REQUEST))); $submit = (sizeof($submit)) ? substr($submit[0], strpos($submit[0], '_') + 1) : ''; // Submitted setting data // // 'auth_settings' contains the submitted option settings assigned to options, should be an // associative array with integer values $auth_settings = (isset($_POST['settings'])) ? $_POST['settings'] : ''; // Forum, User or Group information // // 'ug_type' is either user or groups used mainly for forum/admin/mod permissions // 'ug_data' contains the list of usernames, user_id's or group_ids for the 'ug_type' // 'forum_id' contains the list of forums, 0 is used for "All forums", can be array or scalar $ug_type = (isset($_REQUEST['ug_type'])) ? htmlspecialchars($_REQUEST['ug_type']) : ''; $ug_data = (isset($_POST['ug_data'])) ? $_POST['ug_data'] : ''; if (isset($_REQUEST['f'])) { $forum_id = (is_array($_REQUEST['f'])) ? $_REQUEST['f'] : intval($_REQUEST['f']); } if (!isset($forum_id[$which_mode])) { $forum_id[$which_mode][] = 0; } $sql_forum_id = implode(', ', array_map('intval', $forum_id[$which_mode])); // Generate list of forum id's $s_forum_id = ''; foreach ($forum_id as $forum_submode => $forum_submode_ids) { foreach ($forum_submode_ids as $submode_forum_id) { $s_forum_id .= ''; } } unset($forum_submode_ids); unset($forum_submode); unset($submode_forum_id); // Instantiate a new auth admin object in readiness $auth_admin = new auth_admin(); // What mode are we running? So we can output the correct title, explanation // and set the sql_option_mode/acl check switch ($mode) { case 'forum': $l_title = $user->lang['PERMISSIONS']; $l_title_explain = $user->lang['PERMISSIONS_EXPLAIN']; $which_acl = 'a_auth'; $sql_option_mode = 'f'; break; case 'mod': $l_title = $user->lang['MODERATORS']; $l_title_explain = $user->lang['MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'supermod': $l_title = $user->lang['SUPER_MODERATORS']; $l_title_explain = $user->lang['SUPER_MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'admin': $l_title = $user->lang['ADMINISTRATORS']; $l_title_explain = $user->lang['ADMINISTRATORS_EXPLAIN']; $which_acl = 'a_authadmins'; $sql_option_mode = 'a'; break; case 'user': $l_title = $user->lang['USER_PERMISSIONS']; $l_title_explain = $user->lang['USER_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authusers'; $sql_option_mode = 'u'; break; case 'group': $l_title = $user->lang['GROUP_PERMISSIONS']; $l_title_explain = $user->lang['GROUP_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authgroups'; $sql_option_mode = 'u'; break; case 'deps': $l_title = $user->lang['DEPENDENCIES']; $l_title_explain = $user->lang['DEPENDENCIES_EXPLAIN']; $which_acl = 'a_authdeps'; break; } // Permission check if (!$auth->acl_get($which_acl)) { trigger_error($user->lang['NO_ADMIN']); } // Are we setting deps? If we are we need to re-run the mode match above for the // relevant 'new' mode if (!empty($submode)) { switch ($submode) { case 'forum': $l_title_explain = $user->lang['PERMISSIONS_EXPLAIN']; $which_acl = 'a_auth'; $sql_option_mode = 'f'; break; case 'mod': $l_title_explain = $user->lang['MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'supermod': $l_title_explain = $user->lang['SUPER_MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; } // Permission check if (!$auth->acl_get($which_acl)) { trigger_error($user->lang['NO_ADMIN']); } } // Does user want to update anything? Check here to find out // and act appropriately switch ($submit) { case 'update': if (sizeof($auth_settings)) { // Admin wants subforums to inherit permissions ... so add these // forums to the list ... since inheritance is only available for // forum and moderator primary modes we deal with '$forum_id[$mode]' if (!empty($_POST['inherit'])) { $forum_id[$mode] = array_merge($forum_id[$mode], array_map('intval', $_POST['inherit'])); } // Update the permission set ... we loop through each auth setting array foreach ($auth_settings as $auth_submode => $auth_setting) { // Are any entries * ? If so we need to remove them since they // are options the user wishes to ignore if (in_array('*', $auth_setting)) { $temp = array(); foreach ($auth_setting as $option => $setting) { if ($setting != '*') { $temp[$option] = $setting; } } $auth_setting = $temp; } if (sizeof($auth_setting)) { // Loop through all user/group ids foreach ($ug_data as $id) { $auth_admin->acl_set($ug_type, $forum_id[$auth_submode], intval($id), $auth_setting); } } } // Do we need to recache the moderator lists? We do if the mode // was mod or auth_settings['mod'] is a non-zero size array if ($mode == 'mod' || sizeof($auth_settings['mod'])) { cache_moderators(); } // Remove users who are now moderators or admins from everyones foes // list if ($mode == 'mod' || sizeof($auth_settings['mod']) || $mode == 'admin' || sizeof($auth_settings['admin'])) { update_foes(); } // Logging ... first grab user or groupnames ... $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id'; $sql .= ' IN (' . implode(', ', array_map('intval', $ug_data)) . ')'; $result = $db->sql_query($sql); $l_ug_list = ''; while ($row = $db->sql_fetchrow($result)) { $l_ug_list .= (($l_ug_list != '') ? ', ' : '') . ((isset($row['group_type']) && $row['group_type'] == GROUP_SPECIAL) ? '' . $user->lang['G_' . $row['name']] . '' : $row['name']); } $db->sql_freeresult($result); foreach (array_keys($auth_settings) as $submode) { if (!in_array(0, $forum_id[$submode])) { // Grab the forum details if non-zero forum_id $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . " WHERE forum_id IN ($sql_forum_id)"; $result = $db->sql_query($sql); $l_forum_list = ''; while ($row = $db->sql_fetchrow($result)) { $l_forum_list .= (($l_forum_list != '') ? ', ' : '') . $row['forum_name']; } $db->sql_freeresult($result); add_log('admin', 'LOG_ACL_' . strtoupper($submode) . '_ADD', $l_forum_list, $l_ug_list); } else { add_log('admin', 'LOG_ACL_' . strtoupper($submode) . '_ADD', $l_ug_list); } } unset($l_ug_list); } unset($auth_submode); unset($auth_setting); trigger_error($user->lang['AUTH_UPDATED']); break; case 'delete': $sql = "SELECT auth_option_id FROM " . ACL_OPTIONS_TABLE . " WHERE auth_option LIKE '{$sql_option_mode}_%'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $option_id_ary = array(); do { $option_id_ary[] = $row['auth_option_id']; } while($row = $db->sql_fetchrow($result)); foreach ($ug_data as $id) { $auth_admin->acl_delete($ug_type, $forum_id[$mode], $id, $option_id_ary); } unset($option_id_ary); } $db->sql_freeresult($result); // Do we need to recache the moderator lists? We do if the mode // was mod or auth_settings['mod'] is a non-zero size array if ($mode == 'mod' || sizeof($auth_settings['mod'])) { cache_moderators(); } // Logging ... first grab user or groupnames ... $sql = ($ug_type == 'group') ? 'SELECT group_name as name, group_type FROM ' . GROUPS_TABLE . ' WHERE group_id' : 'SELECT username as name FROM ' . USERS_TABLE . ' WHERE user_id'; $sql .= ' IN (' . implode(', ', array_map('intval', $ug_data)) . ')'; $result = $db->sql_query($sql); $l_ug_list = ''; while ($row = $db->sql_fetchrow($result)) { $l_ug_list .= (($l_ug_list != '') ? ', ' : '') . ((isset($row['group_type']) && $row['group_type'] == GROUP_SPECIAL) ? '' . $user->lang['G_' . $row['name']] . '' : $row['name']); } $db->sql_freeresult($result); // Grab the forum details if non-zero forum_id if (!in_array(0, $forum_id[$which_mode])) { $sql = 'SELECT forum_name FROM ' . FORUMS_TABLE . " WHERE forum_id IN ($sql_forum_id)"; $result = $db->sql_query($sql); $l_forum_list = ''; while ($row = $db->sql_fetchrow($result)) { $l_forum_list .= (($l_forum_list != '') ? ', ' : '') . $row['forum_name']; } $db->sql_freeresult($result); add_log('admin', 'LOG_ACL_' . strtoupper($which_mode) . '_DEL', $l_forum_list, $l_ug_list); } else { add_log('admin', 'LOG_ACL_' . strtoupper($which_mode) . '_DEL', $l_ug_list); } trigger_error($user->lang['AUTH_UPDATED']); break; case 'presetsave': $holding_ary = array(); foreach ($auth_settings as $option => $setting) { switch ($setting) { case ACL_YES: $holding_ary['yes'][] = $option; break; case ACL_NO: $holding_ary['no'][] = $option; break; case ACL_UNSET: $holding_ary['unset'][] = $option; break; } } unset($option); unset($setting); $sql = array( 'preset_user_id'=> intval($user->data['user_id']), 'preset_type' => $sql_option_mode, 'preset_data' => $db->sql_escape(serialize($holding_ary)) ); if (!empty($_POST['presetname'])) { $sql['preset_name'] = $db->sql_escape($_POST['presetname']); } if (!empty($_POST['presetname']) || $_POST['presetoption'] != -1) { $sql = ($_POST['presetoption'] == -1) ? 'INSERT INTO ' . ACL_PRESETS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql) : 'UPDATE ' . ACL_PRESETS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql) . ' WHERE preset_id =' . intval($_POST['presetoption']); $db->sql_query($sql); add_log('admin', 'LOG_ACL_PRESET_ADD', $sql['preset_name']); } break; case 'presetdel': if (!empty($_POST['presetoption'])) { $sql = "SELECT preset_name FROM " . ACL_PRESETS_TABLE . " WHERE preset_id = " . intval($_POST['presetoption']); $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $db->sql_freeresult($result); $sql = "DELETE FROM " . ACL_PRESETS_TABLE . " WHERE preset_id = " . intval($_POST['presetoption']); $db->sql_query($sql); add_log('admin', 'LOG_ACL_PRESET_DEL', $row['preset_name']); unset($row); } break; } // End update // Output page header adm_page_header($l_title); // First potential form ... this is for selecting forums, users // or groups. if (in_array($mode, array('user', 'group', 'forum', 'mod')) && empty($submit)) { ?>
| lang['USERS']; ?> | lang['USERGROUPS']; ?> | 
lang['ACL_EXPLAIN']; ?>
' . $user->lang[$l_selected_forums] . ': ' . $forum_list . ''; unset($forum_list); unset($l_selected_forums); } // Now output the list of users or groups ... these will always exist $l_selected_users = ($ug_type == 'user') ? ((sizeof($ug_data) == 1) ? 'SELECTED_USER' : 'SELECTED_USERS') : ((sizeof($ug_data) == 1) ? 'SELECTED_GROUP' : 'SELECTED_GROUPS'); echo '' . $user->lang[$l_selected_users] . ': ' . $l_ug_list . '
'; unset($l_selected_users); unset($ug_data); ?>lang['WARNING_EXPLAIN']; ?>
$forum_ary) { foreach ($forum_ary as $auth_option => $user_ary) { $perms += $user_ary; } } if (sizeof($perms)) { $sql = 'DELETE FROM ' . ZEBRA_TABLE . ' WHERE zebra_id IN (' . implode(', ', $perms) . ')'; $db->sql_query($sql); } unset($perms); } // // FUNCTIONS // --------- ?>