mirror of
https://github.com/phpbb/phpbb.git
synced 2025-05-07 08:05:25 +02:00
345 lines
9.8 KiB
PHP
345 lines
9.8 KiB
PHP
<?php
|
|
/***************************************************************************
|
|
* auth.php
|
|
* -------------------
|
|
* begin : Saturday, Feb 13, 2001
|
|
* copyright : (C) 2001 The phpBB Group
|
|
* email : support@phpbb.com
|
|
*
|
|
* $Id$
|
|
*
|
|
*
|
|
***************************************************************************/
|
|
|
|
|
|
/***************************************************************************
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 2 of the License, or
|
|
* (at your option) any later version.
|
|
*
|
|
*
|
|
***************************************************************************/
|
|
|
|
/*
|
|
$type's accepted (eventually!):
|
|
VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN
|
|
|
|
Possible options to send to auth (not all are functional yet!):
|
|
|
|
* If you include a type then a specific lookup will
|
|
be done and the single result returned
|
|
|
|
* If you set type to ALL an array of all auth types
|
|
will be returned
|
|
|
|
* If you provide a forum_id a specific lookup on that
|
|
forum will be done
|
|
|
|
* If you set forum_id to LIST_ALL an array of all
|
|
forums to which the user has access of type will be returned
|
|
<- used for index and search? (type VIEW and READ respectively)
|
|
|
|
* If you set forum_id to LIST_ALL and type to ALL a
|
|
multidimensional array containing the auth permissions
|
|
for all types and all forums for that user is returned
|
|
|
|
* If you set $userdata to ALL, then the permissions of all
|
|
users listed in the auth_access table will be returned for
|
|
the given type and forum_id <- use to check for moderators?
|
|
|
|
All results are returned as associative arrays, even
|
|
when a single auth type is specified
|
|
|
|
*/
|
|
function auth($type, $forum_id, $userdata, $f_access = -1)
|
|
{
|
|
global $db;
|
|
|
|
switch($type)
|
|
{
|
|
case AUTH_ALL:
|
|
$a_sql = "aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote";
|
|
$auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote");
|
|
break;
|
|
case AUTH_VIEW:
|
|
$a_sql = "aa.auth_view";
|
|
$auth_fields = array("auth_view");
|
|
break;
|
|
case AUTH_READ:
|
|
$a_sql = "aa.auth_read";
|
|
$auth_fields = array("auth_read");
|
|
break;
|
|
case AUTH_POST:
|
|
$a_sql = "aa.auth_post";
|
|
$auth_fields = array("auth_post");
|
|
break;
|
|
case AUTH_REPLY:
|
|
$a_sql = "aa.auth_reply";
|
|
$auth_fields = array("auth_reply");
|
|
break;
|
|
case AUTH_EDIT:
|
|
$a_sql = "aa.auth_edit";
|
|
$auth_fields = array("auth_edit");
|
|
break;
|
|
case AUTH_DELETE:
|
|
$a_sql = "aa.auth_delete";
|
|
$auth_fields = array("auth_delete");
|
|
break;
|
|
case AUTH_VOTECREATE:
|
|
$a_sql = "aa.auth_votecreate";
|
|
$auth_fields = array("auth_votecreate");
|
|
break;
|
|
case AUTH_VOTE:
|
|
$a_sql = "aa.auth_vote";
|
|
$auth_fields = array("auth_vote");
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
|
|
//
|
|
// If f_access has been passed, or auth
|
|
// is needed to return an array of forums
|
|
// then we need to pull the auth information
|
|
// on the given forum (or all forums)
|
|
//
|
|
if($f_access == -1)
|
|
{
|
|
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
|
|
$sql = "SELECT $a_sql
|
|
FROM ".AUTH_FORUMS_TABLE." aa
|
|
$forum_match_sql";
|
|
$af_result = $db->sql_query($sql);
|
|
|
|
$f_access = $db->sql_fetchrow($af_result);
|
|
}
|
|
|
|
//
|
|
// If the user isn't logged on then
|
|
// all we need do is check if the forum
|
|
// has the type set to ALL, if yes then
|
|
// they're good to go, if not then they
|
|
// are denied access
|
|
//
|
|
if(!$userdata['session_logged_in'])
|
|
{
|
|
$auth_user = array();
|
|
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
for($i = 0; $i < count($f_access); $i++)
|
|
{
|
|
$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? 1 : 0;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
for($i = 0; $i < count($f_access); $i++)
|
|
{
|
|
for($j = 0; $j < count($auth_fields); $j++)
|
|
{
|
|
$auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND aa.forum_id = $forum_id" : "";
|
|
$sql = "SELECT aa.forum_id, $a_sql, aa.auth_mod, g.single_user
|
|
FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g
|
|
WHERE ug.user_id = ".$userdata['user_id']. "
|
|
AND g.group_id = ug.group_id
|
|
AND aa.group_id = ug.group_id
|
|
$forum_match_sql";
|
|
$au_result = $db->sql_query($sql);
|
|
$u_access = $db->sql_fetchrowset($au_result);
|
|
|
|
$num_forums = (is_array($f_access[0])) ? count($f_access) : 1;
|
|
|
|
$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
|
|
|
|
$auth_user = array();
|
|
for($k = 0; $k < $num_forums; $k++)
|
|
{
|
|
for($i = 0; $i < count($auth_fields); $i++)
|
|
{
|
|
$key = $auth_fields[$i];
|
|
$value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key];
|
|
|
|
//
|
|
// If the user is logged on and the forum
|
|
// type is either ALL or REG then the user
|
|
// has access
|
|
//
|
|
if($value == AUTH_ALL || $value == AUTH_REG)
|
|
{
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user[$key] = 1;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']][$key] = 1;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// If the type if ACL, MOD or ADMIN
|
|
// then we need to see if the user has
|
|
// specific permissions to do whatever it
|
|
// is they want to do ... to do this
|
|
// we pull relevant information for the user
|
|
// (and any groups they belong to)
|
|
//
|
|
|
|
$single_user = 0;
|
|
|
|
//
|
|
// Now we compare the users access level
|
|
// against the forums We assume here that
|
|
// a moderator and admin automatically have
|
|
// access to an ACL forum, similarly we assume
|
|
// admins meet an auth requirement of MOD
|
|
//
|
|
// The access level assigned to a single user
|
|
// automatically takes precedence over any
|
|
// levels granted by that user being a member
|
|
// of a multi-user usergroup, eg. a user
|
|
// who is banned from a forum won't gain
|
|
// access to it even if they belong to a group
|
|
// which has access (and vice versa). This
|
|
// check is done via the single_user check
|
|
//
|
|
// PS : I appologise for the fantastically clear
|
|
// and hugely readable code here ;) Simple gist
|
|
// is, if this row of auth_access doesn't represent
|
|
// a single user then OR the contents of relevant auth_access
|
|
// levels against the current level (allows
|
|
// maximum group privileges to be assigned). If
|
|
// the row does represent a single user then forget
|
|
// any previous group results and instead set
|
|
// the auth to whatever the OR'd contents of the
|
|
// access levels are.
|
|
//
|
|
switch($value)
|
|
{
|
|
case AUTH_ACL:
|
|
for($j = 0; $j < count($u_access); $j++)
|
|
{
|
|
if(!$single_user)
|
|
{
|
|
$single_user = $u_access[$j]['single_user'];
|
|
|
|
$result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
|
|
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user[$key] = $result;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
case AUTH_MOD:
|
|
for($j = 0; $j < count($u_access); $j++)
|
|
{
|
|
if(!$single_user)
|
|
{
|
|
$single_user = $u_access[$j]['single_user'];
|
|
|
|
$auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
|
|
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user[$key] = $result;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
case AUTH_ADMIN:
|
|
//
|
|
// Pretty redundant right now ...
|
|
//
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user[$key] = $is_admin;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']][$key] = $is_admin;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user[$key] = 0;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']][$key] = 0;
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
//
|
|
// Is user a moderator?
|
|
//
|
|
$single_user = 0;
|
|
for($j = 0; $j < count($u_access); $j++)
|
|
{
|
|
if(!$single_user)
|
|
{
|
|
$single_user = $u_access[$j]['single_user'];
|
|
|
|
$result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
|
|
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user['auth_mod'] = $result;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Is user an admin (this is
|
|
// really redundant at this time)
|
|
//
|
|
if($forum_id != AUTH_LIST_ALL)
|
|
{
|
|
$auth_user['auth_admin'] = $is_admin;
|
|
}
|
|
else
|
|
{
|
|
$auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// This currently only returns 1 or 0
|
|
// however it will also return an array if a listing
|
|
// of all forums to which a user has access was requested.
|
|
//
|
|
return $auth_user;
|
|
}
|
|
|
|
?>
|