mirror of
https://github.com/phpbb/phpbb.git
synced 2025-10-24 13:16:16 +02:00
412 lines
11 KiB
PHP
412 lines
11 KiB
PHP
<?php
|
|
/**
|
|
*
|
|
* @package phpBB3
|
|
* @copyright (c) 2004 phpBB Group
|
|
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
|
|
*
|
|
*/
|
|
|
|
//
|
|
// Security message:
|
|
//
|
|
// This script is potentially dangerous.
|
|
// Remove or comment the next line (die(".... ) to enable this script.
|
|
// Do NOT FORGET to either remove this script or disable it after you have used it.
|
|
//
|
|
die("Please read the first lines of this script for instructions on how to enable it");
|
|
|
|
|
|
// This script adds missing permissions
|
|
$db = $dbhost = $dbuser = $dbpasswd = $dbport = $dbname = '';
|
|
|
|
define('IN_PHPBB', 1);
|
|
define('ANONYMOUS', 1);
|
|
$phpEx = substr(strrchr(__FILE__, '.'), 1);
|
|
$phpbb_root_path='./../';
|
|
include($phpbb_root_path . 'config.'.$phpEx);
|
|
require($phpbb_root_path . 'includes/acm/acm_' . $acm_type . '.'.$phpEx);
|
|
require($phpbb_root_path . 'includes/db/' . $dbms . '.'.$phpEx);
|
|
include($phpbb_root_path . 'includes/functions.'.$phpEx);
|
|
|
|
define('ACL_NEVER', 0);
|
|
define('ACL_YES', 1);
|
|
define('ACL_NO', -1);
|
|
|
|
define('ACL_GROUPS_TABLE', $table_prefix.'acl_groups');
|
|
define('ACL_OPTIONS_TABLE', $table_prefix.'acl_options');
|
|
define('ACL_USERS_TABLE', $table_prefix.'acl_users');
|
|
define('GROUPS_TABLE', $table_prefix.'groups');
|
|
define('USERS_TABLE', $table_prefix.'users');
|
|
|
|
$cache = new acm();
|
|
$db = new sql_db();
|
|
|
|
// Connect to DB
|
|
$db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
|
|
|
|
// auth => is_local, is_global
|
|
$f_permissions = array(
|
|
'f_' => array(1, 0),
|
|
'f_list' => array(1, 0),
|
|
'f_read' => array(1, 0),
|
|
'f_post' => array(1, 0),
|
|
'f_reply' => array(1, 0),
|
|
'f_edit' => array(1, 0),
|
|
'f_user_lock' => array(1, 0),
|
|
'f_delete' => array(1, 0),
|
|
'f_bump' => array(1, 0),
|
|
'f_poll' => array(1, 0),
|
|
'f_vote' => array(1, 0),
|
|
'f_votechg' => array(1, 0),
|
|
'f_announce'=> array(1, 0),
|
|
'f_sticky' => array(1, 0),
|
|
'f_attach' => array(1, 0),
|
|
'f_download'=> array(1, 0),
|
|
'f_icons' => array(1, 0),
|
|
'f_bbcode' => array(1, 0),
|
|
'f_smilies' => array(1, 0),
|
|
'f_img' => array(1, 0),
|
|
'f_flash' => array(1, 0),
|
|
'f_sigs' => array(1, 0),
|
|
'f_search' => array(1, 0),
|
|
'f_email' => array(1, 0),
|
|
'f_print' => array(1, 0),
|
|
'f_ignoreflood' => array(1, 0),
|
|
'f_postcount' => array(1, 0),
|
|
'f_noapprove'=> array(1, 0),
|
|
'f_report' => array(1, 0),
|
|
'f_subscribe' => array(1, 0),
|
|
);
|
|
|
|
$m_permissions = array(
|
|
'm_' => array(1, 1),
|
|
'm_edit' => array(1, 1),
|
|
'm_delete' => array(1, 1),
|
|
'm_move' => array(1, 1),
|
|
'm_lock' => array(1, 1),
|
|
'm_split' => array(1, 1),
|
|
'm_merge' => array(1, 1),
|
|
'm_approve' => array(1, 1),
|
|
'm_unrate' => array(1, 1),
|
|
'm_auth' => array(1, 1),
|
|
'm_ip' => array(1, 1),
|
|
'm_info' => array(1, 1),
|
|
);
|
|
|
|
$a_permissions = array(
|
|
'a_' => array(0, 1),
|
|
'a_server' => array(0, 1),
|
|
'a_board' => array(0, 1),
|
|
'a_clearlogs' => array(0, 1),
|
|
'a_words' => array(0, 1),
|
|
'a_icons' => array(0, 1),
|
|
'a_bbcode' => array(0, 1),
|
|
'a_attach' => array(0, 1),
|
|
'a_email' => array(0, 1),
|
|
'a_styles' => array(0, 1),
|
|
'a_user' => array(0, 1),
|
|
'a_useradd' => array(0, 1),
|
|
'a_userdel' => array(0, 1),
|
|
'a_ranks' => array(0, 1),
|
|
'a_ban' => array(0, 1),
|
|
'a_names' => array(0, 1),
|
|
'a_group' => array(0, 1),
|
|
'a_groupadd'=> array(0, 1),
|
|
'a_groupdel'=> array(0, 1),
|
|
'a_forum' => array(0, 1),
|
|
'a_forumadd'=> array(0, 1),
|
|
'a_forumdel'=> array(0, 1),
|
|
'a_prune' => array(0, 1),
|
|
'a_auth' => array(0, 1),
|
|
'a_authmods'=> array(0, 1),
|
|
'a_authadmins' => array(0, 1),
|
|
'a_authusers' => array(0, 1),
|
|
'a_authgroups' => array(0, 1),
|
|
'a_authdeps'=> array(0, 1),
|
|
'a_backup' => array(0, 1),
|
|
'a_restore' => array(0, 1),
|
|
'a_search' => array(0, 1),
|
|
'a_events' => array(0, 1),
|
|
'a_cron' => array(0, 1),
|
|
);
|
|
|
|
$u_permissions = array(
|
|
'u_' => array(0, 1),
|
|
'u_sendemail' => array(0, 1),
|
|
'u_readpm' => array(0, 1),
|
|
'u_sendpm' => array(0, 1),
|
|
'u_sendim' => array(0, 1),
|
|
'u_hideonline' => array(0, 1),
|
|
'u_viewonline' => array(0, 1),
|
|
'u_viewprofile' => array(0, 1),
|
|
'u_chgavatar' => array(0, 1),
|
|
'u_chggrp' => array(0, 1),
|
|
'u_chgemail' => array(0, 1),
|
|
'u_chgname' => array(0, 1),
|
|
'u_chgpasswd' => array(0, 1),
|
|
'u_chgcensors' => array(0, 1),
|
|
'u_search' => array(0, 1),
|
|
'u_savedrafts' => array(0, 1),
|
|
'u_download' => array(0, 1),
|
|
'u_attach' => array(0, 1),
|
|
'u_sig' => array(0, 1),
|
|
'u_pm_attach' => array(0, 1),
|
|
'u_pm_bbcode' => array(0, 1),
|
|
'u_pm_smilies' => array(0, 1),
|
|
'u_pm_download' => array(0, 1),
|
|
'u_pm_edit' => array(0, 1),
|
|
'u_pm_printpm' => array(0, 1),
|
|
'u_pm_emailpm' => array(0, 1),
|
|
'u_pm_forward' => array(0, 1),
|
|
'u_pm_delete' => array(0, 1),
|
|
'u_pm_img' => array(0, 1),
|
|
'u_pm_flash' => array(0, 1),
|
|
);
|
|
|
|
echo "<p><b>Determining existing permissions</b></p>\n";
|
|
|
|
$sql = 'SELECT auth_option_id, auth_option FROM ' . ACL_OPTIONS_TABLE;
|
|
$result = $db->sql_query($sql);
|
|
|
|
$remove_auth_options = array();
|
|
while ($row = $db->sql_fetchrow($result))
|
|
{
|
|
if (!in_array($row['auth_option'], array_keys(${substr($row['auth_option'], 0, 2) . 'permissions'})))
|
|
{
|
|
$remove_auth_options[$row['auth_option']] = $row['auth_option_id'];
|
|
}
|
|
unset(${substr($row['auth_option'], 0, 2) . 'permissions'}[$row['auth_option']]);
|
|
}
|
|
$db->sql_freeresult($result);
|
|
|
|
if (sizeof($remove_auth_options))
|
|
{
|
|
$db->sql_query('DELETE FROM ' . ACL_USERS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
|
|
$db->sql_query('DELETE FROM ' . ACL_GROUPS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
|
|
$db->sql_query('DELETE FROM ' . ACL_OPTIONS_TABLE . ' WHERE auth_option_id IN (' . implode(', ', $remove_auth_options) . ')');
|
|
|
|
echo '<p><b>Removed the following auth options... [<i>' . implode(', ', array_keys($remove_auth_options)) . "</i>]</b></p>\n\n";
|
|
}
|
|
|
|
$prefixes = array('f_', 'a_', 'm_', 'u_');
|
|
|
|
foreach ($prefixes as $prefix)
|
|
{
|
|
$var = $prefix . 'permissions';
|
|
if (sizeof($$var))
|
|
{
|
|
foreach ($$var as $auth_option => $l_ary)
|
|
{
|
|
$sql_ary = array(
|
|
'auth_option' => $auth_option,
|
|
'is_local' => $l_ary[0],
|
|
'is_global' => $l_ary[1]
|
|
);
|
|
|
|
$db->sql_query('INSERT INTO ' . ACL_OPTIONS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql_ary));
|
|
|
|
echo "<p><b>Adding $auth_option...</b></p>\n";
|
|
|
|
mass_auth('group', 0, 'guests', $auth_option, ACL_NEVER);
|
|
mass_auth('group', 0, 'inactive', $auth_option, ACL_NEVER);
|
|
mass_auth('group', 0, 'inactive_coppa', $auth_option, ACL_NEVER);
|
|
mass_auth('group', 0, 'registered_coppa', $auth_option, ACL_NEVER);
|
|
mass_auth('group', 0, 'registered', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
|
|
mass_auth('group', 0, 'global_moderators', $auth_option, (($prefix != 'a_') ? ACL_YES : ACL_NEVER));
|
|
mass_auth('group', 0, 'administrators', $auth_option, ACL_YES);
|
|
mass_auth('group', 0, 'bots', $auth_option, (($prefix != 'm_' && $prefix != 'a_') ? ACL_YES : ACL_NEVER));
|
|
}
|
|
}
|
|
}
|
|
|
|
$sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = ''";
|
|
$db->sql_query($sql);
|
|
|
|
$cache->destroy('_acl_options');
|
|
|
|
echo "<p><b>Done</b></p>\n";
|
|
|
|
/*
|
|
$ug_type = user|group
|
|
$forum_id = forum ids (array|int|0) -> 0 == all forums
|
|
$ug_id = [int] user_id|group_id : [string] usergroup name
|
|
$acl_list = [string] acl entry : [array] acl entries
|
|
$setting = ACL_YES|ACL_NEVER|ACL_NO
|
|
*/
|
|
function mass_auth($ug_type, $forum_id, $ug_id, $acl_list, $setting)
|
|
{
|
|
global $db;
|
|
static $acl_option_ids, $group_ids;
|
|
|
|
if ($ug_type == 'group' && is_string($ug_id))
|
|
{
|
|
if (!isset($group_ids[$ug_id]))
|
|
{
|
|
$sql = 'SELECT group_id FROM ' . GROUPS_TABLE . "
|
|
WHERE group_name = '" . strtoupper($ug_id) . "'";
|
|
$result = $db->sql_query_limit($sql, 1);
|
|
$id = (int) $db->sql_fetchfield('group_id', 0, $result);
|
|
$db->sql_freeresult($result);
|
|
|
|
if (!$id)
|
|
{
|
|
return;
|
|
}
|
|
|
|
$group_ids[$ug_id] = $id;
|
|
}
|
|
|
|
$ug_id = (int) $group_ids[$ug_id];
|
|
}
|
|
|
|
// Build correct parameters
|
|
$auth = array();
|
|
|
|
if (!is_array($acl_list))
|
|
{
|
|
$auth = array($acl_list => $setting);
|
|
}
|
|
else
|
|
{
|
|
foreach ($acl_list as $auth_option)
|
|
{
|
|
$auth[$auth_option] = $setting;
|
|
}
|
|
}
|
|
unset($acl_list);
|
|
|
|
if (!is_array($forum_id))
|
|
{
|
|
$forum_id = array($forum_id);
|
|
}
|
|
|
|
// Set any flags as required
|
|
foreach ($auth as $auth_option => $acl_setting)
|
|
{
|
|
$flag = substr($auth_option, 0, strpos($auth_option, '_') + 1);
|
|
if (empty($auth[$flag]))
|
|
{
|
|
$auth[$flag] = $acl_setting;
|
|
}
|
|
}
|
|
|
|
if (!is_array($acl_option_ids) || empty($acl_option_ids))
|
|
{
|
|
$sql = 'SELECT auth_option_id, auth_option
|
|
FROM ' . ACL_OPTIONS_TABLE;
|
|
$result = $db->sql_query($sql);
|
|
|
|
while ($row = $db->sql_fetchrow($result))
|
|
{
|
|
$acl_option_ids[$row['auth_option']] = $row['auth_option_id'];
|
|
}
|
|
$db->sql_freeresult($result);
|
|
}
|
|
|
|
$sql_forum = 'AND a.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')';
|
|
|
|
$sql = ($ug_type == 'user') ? 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.user_id = $ug_id" : 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.group_id = $ug_id";
|
|
$result = $db->sql_query($sql);
|
|
|
|
$cur_auth = array();
|
|
while ($row = $db->sql_fetchrow($result))
|
|
{
|
|
$cur_auth[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting'];
|
|
}
|
|
$db->sql_freeresult($result);
|
|
|
|
$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
|
|
$id_field = $ug_type . '_id';
|
|
|
|
$sql_ary = array();
|
|
foreach ($forum_id as $forum)
|
|
{
|
|
foreach ($auth as $auth_option => $setting)
|
|
{
|
|
$auth_option_id = $acl_option_ids[$auth_option];
|
|
|
|
if (!$auth_option_id)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
switch ($setting)
|
|
{
|
|
case ACL_NO:
|
|
if (isset($cur_auth[$forum][$auth_option_id]))
|
|
{
|
|
$sql_ary['delete'][] = "DELETE FROM $table
|
|
WHERE forum_id = $forum
|
|
AND auth_option_id = $auth_option_id
|
|
AND $id_field = $ug_id";
|
|
}
|
|
break;
|
|
|
|
default:
|
|
if (!isset($cur_auth[$forum][$auth_option_id]))
|
|
{
|
|
$sql_ary['insert'][] = "$ug_id, $forum, $auth_option_id, $setting";
|
|
}
|
|
else if ($cur_auth[$forum][$auth_option_id] != $setting)
|
|
{
|
|
$sql_ary['update'][] = "UPDATE " . $table . "
|
|
SET auth_setting = $setting
|
|
WHERE $id_field = $ug_id
|
|
AND forum_id = $forum
|
|
AND auth_option_id = $auth_option_id";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
unset($cur_auth);
|
|
|
|
$sql = '';
|
|
foreach ($sql_ary as $sql_type => $sql_subary)
|
|
{
|
|
switch ($sql_type)
|
|
{
|
|
case 'insert':
|
|
switch ($db->sql_layer)
|
|
{
|
|
case 'mysql':
|
|
case 'mysql4':
|
|
$sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary));
|
|
break;
|
|
|
|
case 'mssql':
|
|
case 'sqlite':
|
|
$sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary));
|
|
break;
|
|
|
|
default:
|
|
foreach ($sql_subary as $sql)
|
|
{
|
|
$sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES ($sql)";
|
|
$result = $db->sql_query($sql);
|
|
$sql = '';
|
|
}
|
|
}
|
|
|
|
if ($sql != '')
|
|
{
|
|
$sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) $sql";
|
|
$result = $db->sql_query($sql);
|
|
}
|
|
break;
|
|
|
|
case 'update':
|
|
case 'delete':
|
|
foreach ($sql_subary as $sql)
|
|
{
|
|
$result = $db->sql_query($sql);
|
|
$sql = '';
|
|
}
|
|
break;
|
|
}
|
|
unset($sql_ary[$sql_type]);
|
|
}
|
|
unset($sql_ary);
|
|
|
|
}
|