admin_ug_auth.php

Revision 252, 29.8 kB (checked in by Nafania, 3 years ago)
мелкие фиксы, один запросик к базе

Line
1	<?php
2	/***************************************************************************</span>
3	<span class="code-comment"> * admin_ug_auth.php
4	* -------------------
5	* begin : Saturday, Feb 13, 2001
6	* copyright : (C) 2001 The phpBB Group
7	* email : support@phpbb.com
8	*
9	* $Id: admin_ug_auth.php,v 1.13.2.10 2005/09/14 18:14:29 acydburn Exp $
10	*
11	*
12	***************************************************************************/
13
14	/***************************************************************************
15	*
16	* This program is free software; you can redistribute it and/or modify
17	* it under the terms of the GNU General Public License as published by
18	* the Free Software Foundation; either version 2 of the License, or
19	* (at your option) any later version.
20	*
21	***************************************************************************/
22
23	if( !empty($setmodules) )</span>
24	<span class="code-keyword">{
25	$filename = basename(__FILE__);
26	$module['users']['permissions'] = $filename . "?mode=user";
27	$module['groups']['permissions'] = $filename . "?mode=group";
28
29	return;
30	}
31
32	define('IN_PHPBB', 1);
33
34	//</span>
35	<span class="code-comment">// Load default header
36	//
37	$no_page_header = TRUE;
38
39	$root_path = './../';</span>
40	<span class="code-lang">require($root_path . 'extension.inc');
41	require('./pagestart.' . $phpEx);
42
43	$user_id = request_var(POST_USERS_URL, 0);
44	$group_id = request_var(POST_GROUPS_URL, 0);
45	$adv = request_var('adv', 0);
46	$mode = request_var('mode', '');
47	$userlevel = request_var('userlevel', '');
48	$username = request_var('username', '');
49
50	//$moderator_ary = request_var('moderator', array( 0 => 0 ));</span>
51	<span class="code-comment">//$private_ary = request_var('private', array( 0 => 0 ));
52
53	//
54	// Start program - define vars
55	//
56	$forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
57
58	$auth_field_match = array(</span>
59	<span class="code-lang"> 'auth_view' => AUTH_VIEW,
60	'auth_read' => AUTH_READ,
61	'auth_post' => AUTH_POST,
62	'auth_reply' => AUTH_REPLY,
63	'auth_edit' => AUTH_EDIT,
64	'auth_delete' => AUTH_DELETE,
65	'auth_sticky' => AUTH_STICKY,
66	'auth_announce' => AUTH_ANNOUNCE,
67	'auth_vote' => AUTH_VOTE,
68	'auth_pollcreate' => AUTH_POLLCREATE);
69
70	$field_names = array(</span>
71	<span class="code-lang"> 'auth_view' => $lang['view'],
72	'auth_read' => $lang['read'],
73	'auth_post' => $lang['post'],
74	'auth_reply' => $lang['reply'],
75	'auth_edit' => $lang['edit'],
76	'auth_delete' => $lang['delete'],
77	'auth_sticky' => $lang['sticky'],
78	'auth_announce' => $lang['announce'],
79	'auth_vote' => $lang['vote'],
80	'auth_pollcreate' => $lang['pollcreate']);
81
82	// ---------------</span>
83	<span class="code-comment">// Start Functions
84	//
85	function check_auth($type, $key, $u_access, $is_admin)</span>
86	<span class="code-keyword">{
87	$auth_user = 0;
88
89	if( count($u_access) )
90	{
91	for($j = 0; $j < count($u_access); $j++)
92	{
93	$result = 0;
94	switch($type)
95	{
96	case AUTH_ACL:
97	$result = $u_access[$j][$key];
98
99	case AUTH_MOD:
100	$result = $result \|\| $u_access[$j]['auth_mod'];
101
102	case AUTH_ADMIN:
103	$result = $result \|\| $is_admin;
104	break;
105	}
106
107	$auth_user = $auth_user \|\| $result;
108	}
109	}
110	else
111	{
112	$auth_user = $is_admin;
113	}
114
115	return $auth_user;
116	}
117	//</span>
118	<span class="code-comment">// End Functions
119	// -------------
120
121	if ( isset($_POST['submit']) && ( ( $mode == 'user' && $user_id ) \|\| ( $mode == 'group' && $group_id ) ) )</span>
122	<span class="code-keyword">{
123	$user_level = '';
124	if ( $mode == 'user' )
125	{
126	//
127	// Get group_id for this user_id
128	//
129	$sql = "SELECT g.group_id, u.user_level
130	FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
131	WHERE u.uid = $user_id
132	AND ug.user_id = u.uid
133	AND g.group_id = ug.group_id
134	AND g.group_single_user = " . TRUE;
135	$result = $db->sql_query($sql);
136
137	$row = $db->sql_fetchrow($result);
138
139	$group_id = $row['group_id'];
140	$user_level = $row['user_level'];
141
142	$db->sql_freeresult($result);
143	}
144
145	//
146	// Carry out requests
147	//
148	if ( $mode == 'user' && $userlevel == 'admin' && $user_level != ADMIN )
149	{
150	//
151	// Make user an admin (if already user)
152	//
153	if ( $userdata['uid'] != $user_id )
154	{
155	$sql = "UPDATE " . USERS_TABLE . "
156	SET user_level = " . ADMIN . "
157	WHERE uid = $user_id";
158	$result = $db->sql_query($sql);
159
160	$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
161	WHERE group_id = $group_id
162	AND auth_mod = 0";
163	$result = $db->sql_query($sql);
164
165	//
166	// Delete any entries in auth_access, they are not required if user is becoming an
167	// admin
168	//
169	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
170	SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
171	WHERE group_id = $group_id";
172	$result = $db->sql_query($sql);
173	}
174
175	$message = $lang['auth_updated'] . '<br /><br />' . sprintf($lang['click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
176	trigger_error($message);
177	return;
178	}
179	else
180	{
181	if ( $mode == 'user' && $userlevel == 'user' && $user_level == ADMIN )
182	{
183	//
184	// Make admin a user (if already admin) ... ignore if you're trying
185	// to change yourself from an admin to user!
186	//
187	if ( $userdata['uid'] != $user_id )
188	{
189	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
190	SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
191	WHERE group_id = $group_id";
192	$result = $db->sql_query($sql);
193
194	//
195	// Update users level, reset to USER
196	//
197	$sql = "UPDATE " . USERS_TABLE . "
198	SET user_level = " . USER . "
199	WHERE uid = $user_id";
200	$result = $db->sql_query($sql);
201	}
202
203	$message = $lang['auth_updated'] . '<br /><br />' . sprintf($lang['click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
204	}
205	else
206	{
207
208	$change_mod_list = ( isset($_POST['moderator']) ) ? $_POST['moderator'] : false;
209
210	if ( empty($adv) )
211	{
212	$change_acl_list = ( isset($_POST['private']) ) ? $_POST['private'] : false;
213	}
214	else
215	{
216	$change_acl_list = array();
217	for($j = 0; $j < count($forum_auth_fields); $j++)
218	{
219	$auth_field = $forum_auth_fields[$j];
220
221	while( list($forum_id, $value) = @each($_POST['private_' . $auth_field]) )
222	{
223	$change_acl_list[$forum_id][$auth_field] = $value;
224	}
225	}
226	}
227
228	$sql = 'SELECT f.*
229	FROM ' . FORUMS_TABLE . ' f, ' . FORUM_CATEGORIES_TABLE . ' c
230	WHERE f.cat_id = c.cat_id
231	ORDER BY c.cat_order, f.forum_order';
232	$result = $db->sql_query($sql);
233
234	$forum_access = array();
235	while( $row = $db->sql_fetchrow($result) )
236	{
237	$forum_access[] = $row;
238	}
239	$db->sql_freeresult($result);
240
241	if ( $mode == 'user' ) {
242	$sql = "SELECT aa.*
243	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
244	WHERE ug.user_id = $user_id
245	AND g.group_id = ug.group_id
246	AND aa.group_id = ug.group_id
247	AND g.group_single_user = " . TRUE;
248	}
249	else {
250	$sql = "SELECT *
251	FROM " . AUTH_ACCESS_TABLE . "
252	WHERE group_id = $group_id";
253	}
254
255	$result = $db->sql_query($sql);
256
257	$auth_access = array();
258	while( $row = $db->sql_fetchrow($result) )
259	{
260	$auth_access[$row['forum_id']] = $row;
261	}
262	$db->sql_freeresult($result);
263
264	$forum_auth_action = array();
265	$update_acl_status = array();
266	$update_mod_status = array();
267
268	for($i = 0; $i < count($forum_access); $i++)
269	{
270	$forum_id = $forum_access[$i]['forum_id'];
271
272	if (
273	( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) \|\|
274	( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) )
275	)
276	{
277	$update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod'];
278
279	if ( !$update_mod_status[$forum_id] )
280	{
281	$forum_auth_action[$forum_id] = 'delete';
282	}
283	else if ( !isset($auth_access[$forum_id]['auth_mod']) )
284	{
285	$forum_auth_action[$forum_id] = 'insert';
286	}
287	else
288	{
289	$forum_auth_action[$forum_id] = 'update';
290	}
291	}
292
293	for($j = 0; $j < count($forum_auth_fields); $j++)
294	{
295	$auth_field = $forum_auth_fields[$j];
296
297	if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
298	{
299	if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
300	( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) \|\|
301	( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) \|\|
302	!empty($update_mod_status[$forum_id])
303	)
304	{
305	$update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field];
306
307	if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
308	{
309	$forum_auth_action[$forum_id] = 'delete';
310	}
311	else if ( !isset($auth_access[$forum_id][$auth_field]) && !( @$forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
312	{
313	$forum_auth_action[$forum_id] = 'insert';
314	}
315	else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) )
316	{
317	$forum_auth_action[$forum_id] = 'update';
318	}
319	}
320	else if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
321	( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && @$forum_auth_action[$forum_id] == 'delete' )
322	{
323	$forum_auth_action[$forum_id] = 'update';
324	}
325	}
326	}
327	}
328
329	//
330	// Checks complete, make updates to DB
331	//
332	$delete_sql = '';
333	while( list($forum_id, $action) = @each($forum_auth_action) )
334	{
335	if ( $action == 'delete' )
336	{
337	$delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
338	}
339	else
340	{
341	if ( $action == 'insert' )
342	{
343	$sql_field = '';
344	$sql_value = '';
345	while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
346	{
347	$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
348	$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
349	}
350	$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
351	$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
352
353	$sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field)
354	VALUES ($forum_id, $group_id, $sql_value)";
355	}
356	else
357	{
358	$sql_values = '';
359	while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
360	{
361	$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
362	}
363	$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
364
365	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
366	SET $sql_values
367	WHERE group_id = $group_id
368	AND forum_id = $forum_id";
369	}
370	$result = $db->sql_query($sql);
371	$cache->destroy('sql', AUTH_ACCESS_TABLE);
372	}
373	}
374
375	if ( $delete_sql != '' )
376	{
377	$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
378	WHERE group_id = $group_id
379	AND forum_id IN ($delete_sql)";
380	$result = $db->sql_query($sql);
381	$cache->destroy('sql', AUTH_ACCESS_TABLE);
382	}
383
384	$l_auth_return = ( $mode == 'user' ) ? $lang['click_return_userauth'] : $lang['click_return_groupauth'];
385	$message = $lang['auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
386	}
387
388	//
389	// Update user level to mod for appropriate users
390	//
391	$sql = "SELECT u.uid
392	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
393	WHERE ug.group_id = aa.group_id
394	AND u.uid = ug.user_id
395	AND ug.user_pending = 0
396	AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
397	GROUP BY u.uid
398	HAVING SUM(aa.auth_mod) > 0";
399	$result = $db->sql_query($sql);
400
401	$set_mod = '';
402	while( $row = $db->sql_fetchrow($result) )
403	{
404	$set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['uid'];
405	}
406	$db->sql_freeresult($result);
407
408	//
409	// Update user level to user for appropriate users
410	//
411	switch ( $db_type )
412	{
413	case 'postgresql':
414	$sql = "SELECT u.uid
415	FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
416	WHERE ug.user_id = u.uid
417	AND aa.group_id = ug.group_id
418	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
419	GROUP BY u.uid
420	HAVING SUM(aa.auth_mod) = 0
421	UNION (
422	SELECT u.uid
423	FROM " . USERS_TABLE . " u
424	WHERE NOT EXISTS (
425	SELECT aa.auth_mod
426	FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
427	WHERE ug.user_id = u.uid
428	AND aa.group_id = ug.group_id
429	)
430	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
431	GROUP BY u.uid
432	)";
433	break;
434	case 'oracle':
435	$sql = "SELECT u.uid
436	FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
437	WHERE ug.user_id = u.uid(+)
438	AND aa.group_id = ug.group_id(+)
439	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
440	GROUP BY u.uid
441	HAVING SUM(aa.auth_mod) = 0";
442	break;
443	default:
444	$sql = "SELECT u.uid
445	FROM ( ( " . USERS_TABLE . " u
446	LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.uid )
447	LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id )
448	WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
449	GROUP BY u.uid
450	HAVING SUM(aa.auth_mod) = 0";
451	break;
452	}
453	$result = $db->sql_query($sql);
454
455	$unset_mod = "";
456	while( $row = $db->sql_fetchrow($result) )
457	{
458	$unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['uid'];
459	}
460	$db->sql_freeresult($result);
461
462	if ( $set_mod != '' )
463	{
464	$sql = "UPDATE " . USERS_TABLE . "
465	SET user_level = " . MOD . "
466	WHERE uid IN ($set_mod)";
467	$db->sql_query($sql);
468	}
469
470	if ( $unset_mod != '' )
471	{
472	$sql = "UPDATE " . USERS_TABLE . "
473	SET user_level = " . USER . "
474	WHERE uid IN ($unset_mod)";
475	$db->sql_query($sql);
476	}
477
478	$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
479	WHERE group_id = $group_id";
480	$result = $db->sql_query($sql);
481
482	$group_user = array();
483	while ($row = $db->sql_fetchrow($result))
484	{
485	$group_user[$row['user_id']] = $row['user_id'];
486	}
487	$db->sql_freeresult($result);
488
489	$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
490	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
491	WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
492	AND aa.group_id = ug.group_id
493	AND aa.auth_mod = 1
494	GROUP BY ug.user_id";
495	$result = $db->sql_query($sql);
496
497	while ($row = $db->sql_fetchrow($result))
498	{
499	if ($row['is_auth_mod'])
500	{
501	unset($group_user[$row['user_id']]);
502	}
503	}
504	$db->sql_freeresult($result);
505
506	if (sizeof($group_user))
507	{
508	$sql = "UPDATE " . USERS_TABLE . "
509	SET user_level = " . USER . "
510	WHERE uid IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
511	$result = $db->sql_query($sql);
512	}
513
514	trigger_error($message);
515	return;
516	}
517	}
518	else if ( ( $mode == 'user' && ( $username \|\| $user_id ) ) \|\| ( $mode == 'group' && $group_id ) )
519	{
520	if ( $username )
521	{
522	$this_userdata = get_userdata($username, true);
523	if ( !is_array($this_userdata) )
524	{
525	trigger_error($lang['no_such_user']);
526	return;
527	}
528	$user_id = $this_userdata['uid'];
529	}
530
531	$optionlist_acl_adv = array();
532
533	//
534	// Front end
535	//
536	$sql = "SELECT f.*
537	FROM " . FORUMS_TABLE . " f, " . FORUM_CATEGORIES_TABLE . " c
538	WHERE f.cat_id = c.cat_id
539	ORDER BY c.cat_order, f.forum_order ASC";
540	$result = $db->sql_query($sql);
541
542	$forum_access = array();
543	while( $row = $db->sql_fetchrow($result) )
544	{
545	$forum_access[] = $row;
546	}
547	$db->sql_freeresult($result);
548
549	if( empty($adv) )
550	{
551	for($i = 0; $i < count($forum_access); $i++)
552	{
553	$forum_id = $forum_access[$i]['forum_id'];
554
555	$forum_auth_level[$forum_id] = AUTH_ALL;
556
557	for($j = 0; $j < count($forum_auth_fields); $j++)
558	{
559	$forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
560	if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
561	{
562	$forum_auth_level[$forum_id] = AUTH_ACL;
563	$forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
564	}
565	}
566	}
567	}
568
569	$sql = "SELECT u.uid, u.name AS username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending
570	FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
571	WHERE ";
572
573	$sql .= ( $mode == 'user' ) ? "u.uid = $user_id AND ug.user_id = u.uid AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.uid = ug.user_id";
574	$result = $db->sql_query($sql);
575	$ug_info = array();
576
577	while( $row = $db->sql_fetchrow($result) )
578	{
579	$ug_info[] = $row;
580	}
581	$db->sql_freeresult($result);
582
583	if ( $mode == 'user' ) {
584	$sql = "SELECT aa.*, g.group_single_user
585	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
586	WHERE ug.user_id = $user_id
587	AND g.group_id = ug.group_id
588	AND aa.group_id = ug.group_id
589	AND g.group_single_user = 1";
590	}
591	else {
592	$sql = "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";;
593	}
594
595	$result = $db->sql_query($sql);
596
597	$auth_access = array();
598	$auth_access_count = array();
599	while( $row = $db->sql_fetchrow($result) )
600	{
601	$auth_access[$row['forum_id']][] = $row;
602	@$auth_access_count[$row['forum_id']]++;
603	}
604	$db->sql_freeresult($result);
605
606	$is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['uid'] != ANONYMOUS ) ? 1 : 0 ) : 0;
607	$auth_ug = array();
608
609	for($i = 0; $i < count($forum_access); $i++)
610	{
611	$forum_id = $forum_access[$i]['forum_id'];
612
613	unset($prev_acl_setting);
614	for($j = 0; $j < count($forum_auth_fields); $j++)
615	{
616	$key = $forum_auth_fields[$j];
617	$value = $forum_access[$i][$key];
618
619	switch( $value )
620	{
621	case AUTH_ALL:
622	case AUTH_REG:
623	$auth_ug[$forum_id][$key] = 1;
624	break;
625
626	case AUTH_ACL:
627	$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
628	$auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
629
630	if ( isset($prev_acl_setting) )
631	{
632	if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
633	{
634	$adv = 1;
635	}
636	}
637
638	$prev_acl_setting = $auth_ug[$forum_id][$key];
639
640	break;
641
642	case AUTH_MOD:
643	$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
644	break;
645
646	case AUTH_ADMIN:
647	$auth_ug[$forum_id][$key] = $is_admin;
648	break;
649
650	default:
651	$auth_ug[$forum_id][$key] = 0;
652	break;
653	}
654	}
655
656	//
657	// Is user a moderator?
658	//
659	$auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
660	}
661
662	$i = 0;
663	@reset($auth_ug);
664
665	foreach ( $auth_ug AS $forum_id => $user_ary ) {
666	if ( empty($adv) )
667	{
668	if ( $forum_auth_level[$forum_id] == AUTH_ACL )
669	{
670	$allowed = 1;
671
672	for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
673	{
674	if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
675	{
676	$allowed = 0;
677	}
678	}
679
680	$optionlist_acl = '<select name="private[' . $forum_id . ']">';
681
682	if ( $is_admin \|\| $user_ary['auth_mod'] )
683	{
684	$optionlist_acl .= '<option value="1">' . $lang['allowed_access'] . '</option>';
685	}
686	else if ( $allowed )
687	{
688	$optionlist_acl .= '<option value="1" selected="selected">' . $lang['allowed_access'] . '</option><option value="0">'. $lang['disallowed_access'] . '</option>';
689	}
690	else
691	{
692	$optionlist_acl .= '<option value="1">' . $lang['allowed_access'] . '</option><option value="0" selected="selected">' . $lang['disallowed_access'] . '</option>';
693	}
694
695	$optionlist_acl .= '</select>';
696	}
697	else
698	{
699	$optionlist_acl = ' ';
700	}
701	}
702	else
703	{
704	for($j = 0; $j < count($forum_access); $j++)
705	{
706	if ( $forum_access[$j]['forum_id'] == $forum_id )
707	{
708	for($k = 0; $k < count($forum_auth_fields); $k++)
709	{
710	$field_name = $forum_auth_fields[$k];
711
712	if( $forum_access[$j][$field_name] == AUTH_ACL )
713	{
714	$optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
715
716	if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin \|\| $user_ary['auth_mod']) )
717	{
718	if( !$auth_field_acl[$forum_id][$field_name] )
719	{
720	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['on'] . '</option><option value="0" selected="selected">' . $lang['off'] . '</option>';
721	}
722	else
723	{
724	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['on'] . '</option><option value="0">' . $lang['off'] . '</option>';
725	}
726	}
727	else
728	{
729	if( $is_admin \|\| $user_ary['auth_mod'] )
730	{
731	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['on'] . '</option>';
732	}
733	else
734	{
735	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['on'] . '</option><option value="0" selected="selected">' . $lang['off'] . '</option>';
736	}
737	}
738
739	$optionlist_acl_adv[$forum_id][$k] .= '</select>';
740
741	}
742	}
743	}
744	}
745	}
746
747	$optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
748	$optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['is_moderator'] . '</option><option value="0">' . $lang['not_moderator'] . '</option>' : '<option value="1">' . $lang['is_moderator'] . '</option><option value="0" selected="selected">' . $lang['not_moderator'] . '</option>';
749	$optionlist_mod .= '</select>';
750
751	$row_class = ( !( $i % 2 ) ) ? $theme['td_class2'] : $theme['td_class1'];
752	$row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2'];
753
754	$template->assign_block_vars('forums', array(
755	'ROW_COLOR' => '#' . $row_color,
756	'ROW_CLASS' => $row_class,
757	'FORUM_NAME' => $forum_access[$i]['forum_name'],
758
759	'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
760
761	'S_MOD_SELECT' => $optionlist_mod)
762	);
763
764	if( !$adv )
765	{
766	$template->assign_block_vars('forums.aclvalues', array(
767	'S_ACL_SELECT' => $optionlist_acl)
768	);
769	}
770	else
771	{
772	for($j = 0; $j < count($forum_auth_fields); $j++)
773	{
774	$s_acl_select = ( isset($optionlist_acl_adv[$forum_id][$j]) ? $optionlist_acl_adv[$forum_id][$j] : '' );
775	$template->assign_block_vars('forums.aclvalues', array(
776	'S_ACL_SELECT' => $s_acl_select
777	));
778	}
779	}
780
781	$i++;
782	}
783	// @reset($auth_user);</span>
784	<span class="code-comment">
785	if ( $mode == 'user' )
786	{
787	$t_username = $ug_info[0]['username'];
788	$s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['auth_admin'] . '</option><option value="user">' . $lang['auth_user'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['auth_admin'] . '</option><option value="user" selected="selected">' . $lang['auth_user'] . '</option></select>';
789	}
790	else
791	{
792	$t_groupname = $ug_info[0]['group_name'];
793	}
794
795	$name = array();
796	$id = array();
797	for($i = 0; $i < count($ug_info); $i++)
798	{
799	if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) \|\| $mode == 'group' )
800	{
801	$name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username'];
802	$id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['uid']);
803	}
804	}
805
806	$t_usergroup_list = $t_pending_list = '';
807	if( $count = sizeof($name) )
808	{
809	for($i = 0; $i < count($name); $i++)
810	{
811	$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
812
813	if (!$ug_info[$i]['user_pending'])
814	{
815	$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
816	}
817	else
818	{
819	$t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
820	}
821	}
822	}
823
824	$t_usergroup_list = ($t_usergroup_list == '') ? $lang['none'] : $t_usergroup_list;
825	$t_pending_list = ($t_pending_list == '') ? $lang['none'] : $t_pending_list;
826
827	$s_column_span = 2; // Two columns always present
828	if( !$adv )
829	{
830	$template->assign_block_vars('acltype', array(
831	'L_UG_ACL_TYPE' => $lang['simple_permission'])
832	);
833	$s_column_span++;
834	}
835	else
836	{
837	for($i = 0; $i < count($forum_auth_fields); $i++)
838	{
839	$cell_title = $field_names[$forum_auth_fields[$i]];
840
841	$template->assign_block_vars('acltype', array(
842	'L_UG_ACL_TYPE' => $cell_title)
843	);
844	$s_column_span++;
845	}
846	}
847
848	//
849	// Dump in the page header ...
850	//
851	include('./page_header_admin.'.$phpEx);
852
853	$template->set_filenames(array(
854	"body" => '../admin/auth_ug_body.tpl')
855	);
856
857	$adv_switch = ( empty($adv) ) ? 1 : 0;
858	$u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
859	$switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch");
860	$switch_mode_text = ( empty($adv) ) ? $lang['advanced_mode'] : $lang['simple_mode'];
861	$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
862
863	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
864	$s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
865
866	if ( $mode == 'user' )
867	{
868	$template->assign_block_vars('switch_user_auth', array());
869
870	$template->assign_vars(array(
871	'USERNAME' => $t_username,
872	'USER_LEVEL' => $lang['user_level'] . " : " . $s_user_type,
873	'USER_GROUP_MEMBERSHIPS' => $lang['group_memberships'] . ' : ' . $t_usergroup_list)
874	);
875	}
876	else
877	{
878	$template->assign_block_vars("switch_group_auth", array());
879
880	$template->assign_vars(array(
881	'USERNAME' => $t_groupname,
882	'GROUP_MEMBERSHIP' => $lang['usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['pending_members'] . ' : ' . $t_pending_list)
883	);
884	}
885
886	$template->assign_vars(array(
887	'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['username'] : $lang['group_name'],
888
889	'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['auth_control_user'] : $lang['auth_control_group'],
890	'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['user_auth_explain'] : $lang['group_auth_explain'],
891
892	'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
893	'U_SWITCH_MODE' => $u_switch_mode,
894
895	'S_COLUMN_SPAN' => $s_column_span,
896	'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"),
897	'S_HIDDEN_FIELDS' => $s_hidden_fields)
898	);
899	}
900	else
901	{
902	//
903	// Select a user/group
904	//
905	include('./page_header_admin.'.$phpEx);
906
907	$template->set_filenames(array(
908	'body' => ( $mode == 'user' ) ? '../admin/user_select_body.tpl' : '../admin/auth_select_body.tpl')
909	);
910
911	if ( $mode == 'user' )
912	{
913	$template->assign_vars(array(
914	'L_FIND_USERNAME' => $lang['find_username'],
915
916	//'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
917	'U_SEARCH_USER' => append_sid($root_path . "/phpbb2.php?page=search&mode=searchuser"))
918	);
919	}
920	else
921	{
922	$sql = "SELECT group_id, group_name
923	FROM " . GROUPS_TABLE . "
924	WHERE group_single_user <> " . TRUE;
925	$result = $db->sql_query($sql);
926
927	if ( $row = $db->sql_fetchrow($result) )
928	{
929	$select_list = '<select name="' . POST_GROUPS_URL . '">';
930	do
931	{
932	$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
933	}
934	while ( $row = $db->sql_fetchrow($result) );
935	$select_list .= '</select>';
936	}
937
938	$template->assign_vars(array(
939	'S_AUTH_SELECT' => $select_list)
940	);
941	}
942
943	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
944
945	$l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
946
947	$template->assign_vars(array(
948	'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['auth_control_user'] : $lang['auth_control_group'],
949	'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['user_auth_explain'] : $lang['group_auth_explain'],
950	'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['select_a_user'] : $lang['select_a_group'],
951	'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['look_up_user'] : $lang['look_up_group'],
952
953	'S_HIDDEN_FIELDS' => $s_hidden_fields,
954	'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
955	);
956
957	}
958
959	$template->display('body');</span>
960	<span class="code-lang">
961	include('./page_footer_admin.'.$phpEx);
962
963	?>

Note: See TracBrowser for help on using the browser.

root/admin/admin_ug_auth.php

Download in other formats: