auth.php

Revision 266, 14.1 kB (checked in by Nafania, 3 years ago)
Фикс по не обновлению таймзоны в админке (фигасе фикс, переписал везде функцию :)). Мелкие правки. Избавляемся от лишних данных в табличке users (пара дропов).

Line
1	<?php
2	/***************************************************************************</span>
3	<span class="code-comment"> * auth.php
4	* -------------------
5	* begin : Saturday, Feb 13, 2001
6	* copyright : (C) 2001 The phpBB Group
7	* email : support@phpbb.com
8	*
9	* $Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp $
10	*
11	*
12	***************************************************************************/
13
14	/***************************************************************************
15	*
16	* This program is free software; you can redistribute it and/or modify
17	* it under the terms of the GNU General Public License as published by
18	* the Free Software Foundation; either version 2 of the License, or
19	* (at your option) any later version.
20	*
21	***************************************************************************/
22
23	/*
24	$type's accepted (pre-pend with AUTH_):
25	VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE
26
27	Possible options ($type/forum_id combinations):
28
29	* If you include a type and forum_id then a specific lookup will be done and
30	the single result returned
31
32	* If you set type to AUTH_ALL and specify a forum_id an array of all auth types
33	will be returned
34
35	* If you provide a forum_id a specific lookup on that forum will be done
36
37	* If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the
38	results for all forums will be returned
39
40	* If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional
41	array containing the auth permissions for all types and all forums for that
42	user is returned
43
44	All results are returned as associative arrays, even when a single auth type is
45	specified.
46
47	If available you can send an array (either one or two dimensional) containing the
48	forum auth levels, this will prevent the auth function having to do its own
49	lookup
50	*/
51	function auth($type, $forum_id, $userdata, $f_access = '')</span>
52	<span class="code-keyword">{
53	global $db, $lang;
54
55	switch( $type )
56	{
57	case AUTH_ALL:
58	$a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate';
59	$auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
60	break;
61
62	case AUTH_VIEW:
63	$a_sql = 'a.auth_view';
64	$auth_fields = array('auth_view');
65	break;
66
67	case AUTH_READ:
68	$a_sql = 'a.auth_read';
69	$auth_fields = array('auth_read');
70	break;
71	case AUTH_POST:
72	$a_sql = 'a.auth_post';
73	$auth_fields = array('auth_post');
74	break;
75	case AUTH_REPLY:
76	$a_sql = 'a.auth_reply';
77	$auth_fields = array('auth_reply');
78	break;
79	case AUTH_EDIT:
80	$a_sql = 'a.auth_edit';
81	$auth_fields = array('auth_edit');
82	break;
83	case AUTH_DELETE:
84	$a_sql = 'a.auth_delete';
85	$auth_fields = array('auth_delete');
86	break;
87
88	case AUTH_ANNOUNCE:
89	$a_sql = 'a.auth_announce';
90	$auth_fields = array('auth_announce');
91	break;
92	case AUTH_STICKY:
93	$a_sql = 'a.auth_sticky';
94	$auth_fields = array('auth_sticky');
95	break;
96
97	case AUTH_POLLCREATE:
98	$a_sql = 'a.auth_pollcreate';
99	$auth_fields = array('auth_pollcreate');
100	break;
101	case AUTH_VOTE:
102	$a_sql = 'a.auth_vote';
103	$auth_fields = array('auth_vote');
104	break;
105	case AUTH_ATTACH:
106	break;
107
108	default:
109	break;
110	}
111
112	//
113	// If f_access has been passed, or auth is needed to return an array of forums
114	// then we need to pull the auth information on the given forum (or all forums)
115	//
116	if ( empty($f_access) )
117	{
118	$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : '';
119
120	$sql = "SELECT a.forum_id, $a_sql
121	FROM " . FORUMS_TABLE . " a
122	$forum_match_sql";
123	$result = $db->sql_query($sql, 30 * 60);
124
125	$sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset';
126
127	if ( !($f_access = $db->$sql_fetchrow($result)) )
128	{
129	$db->sql_freeresult($result);
130	return array();
131	}
132	$db->sql_freeresult($result);
133	}
134
135	//
136	// If the user isn't logged on then all we need do is check if the forum
137	// has the type set to ALL, if yes they are good to go, if not then they
138	// are denied access
139	//
140	$u_access = array();
141	if ( $userdata['session_logged_in'] )
142	{
143	$forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : '';
144
145	$sql = "SELECT a.forum_id, $a_sql, a.auth_mod
146	FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
147	WHERE ug.user_id = ".$userdata['uid']. "
148	AND ug.user_pending = 0
149	AND a.group_id = ug.group_id
150	$forum_match_sql";
151	$result = $db->sql_query($sql);
152
153	if ( $row = $db->sql_fetchrow($result) )
154	{
155	do
156	{
157	if ( $forum_id != AUTH_LIST_ALL)
158	{
159	$u_access[] = $row;
160	}
161	else
162	{
163	$u_access[$row['forum_id']][] = $row;
164	}
165	}
166	while( $row = $db->sql_fetchrow($result) );
167	}
168	$db->sql_freeresult($result);
169	}
170
171	$is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0;
172
173	$auth_user = array();
174	for($i = 0; $i < count($auth_fields); $i++)
175	{
176	$key = $auth_fields[$i];
177
178	//
179	// If the user is logged on and the forum type is either ALL or REG then the user has access
180	//
181	// If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
182	// to do whatever it is they want to do ... to do this we pull relevant information for the
183	// user (and any groups they belong to)
184	//
185	// Now we compare the users access level against the forums. We assume here that a moderator
186	// and admin automatically have access to an ACL forum, similarly we assume admins meet an
187	// auth requirement of MOD
188	//
189	if ( $forum_id != AUTH_LIST_ALL )
190	{
191	$value = $f_access[$key];
192
193	switch( $value )
194	{
195	case AUTH_ALL:
196	$auth_user[$key] = TRUE;
197	$auth_user[$key . '_type'] = $lang['auth_anonymous_users'];
198	break;
199
200	case AUTH_REG:
201	$auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
202	$auth_user[$key . '_type'] = $lang['auth_registered_users'];
203	break;
204
205	case AUTH_ACL:
206	$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
207	$auth_user[$key . '_type'] = $lang['auth_users_granted_access'];
208	break;
209
210	case AUTH_MOD:
211	$auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
212	$auth_user[$key . '_type'] = $lang['auth_moderators'];
213	break;
214
215	case AUTH_ADMIN:
216	$auth_user[$key] = $is_admin;
217	$auth_user[$key . '_type'] = $lang['auth_administrators'];
218	break;
219
220	default:
221	$auth_user[$key] = 0;
222	break;
223	}
224	}
225	else
226	{
227	for($k = 0; $k < count($f_access); $k++)
228	{
229	$value = $f_access[$k][$key];
230	$f_forum_id = $f_access[$k]['forum_id'];
231	$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
232
233	switch( $value )
234	{
235	case AUTH_ALL:
236	$auth_user[$f_forum_id][$key] = TRUE;
237	$auth_user[$f_forum_id][$key . '_type'] = $lang['auth_anonymous_users'];
238	break;
239
240	case AUTH_REG:
241	$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
242	$auth_user[$f_forum_id][$key . '_type'] = $lang['auth_registered_users'];
243	break;
244
245	case AUTH_ACL:
246	$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0;
247	$auth_user[$f_forum_id][$key . '_type'] = $lang['auth_users_granted_access'];
248	break;
249
250	case AUTH_MOD:
251	$auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
252	$auth_user[$f_forum_id][$key . '_type'] = $lang['auth_moderators'];
253	break;
254
255	case AUTH_ADMIN:
256	$auth_user[$f_forum_id][$key] = $is_admin;
257	$auth_user[$f_forum_id][$key . '_type'] = $lang['auth_administrators'];
258	break;
259
260	default:
261	$auth_user[$f_forum_id][$key] = 0;
262	break;
263	}
264	}
265	}
266	}
267
268	//
269	// Is user a moderator?
270	//
271	if ( $forum_id != AUTH_LIST_ALL )
272	{
273	$auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
274	}
275	else
276	{
277	for($k = 0; $k < count($f_access); $k++)
278	{
279	$f_forum_id = $f_access[$k]['forum_id'];
280	$u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
281	$auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
282	}
283	}
284
285	return $auth_user;
286	}
287
288	function auth_check_user($type, $key, $u_access, $is_admin)
289	{
290	$auth_user = 0;
291
292	if ( count($u_access) )
293	{
294	for($j = 0; $j < count($u_access); $j++)
295	{
296	$result = 0;
297	switch($type)
298	{
299	case AUTH_ACL:
300	$result = $u_access[$j][$key];
301
302	case AUTH_MOD:
303	$result = $result \|\| $u_access[$j]['auth_mod'];
304
305	case AUTH_ADMIN:
306	$result = $result \|\| $is_admin;
307	break;
308	}
309
310	$auth_user = $auth_user \|\| $result;
311	}
312	}
313	else
314	{
315	$auth_user = $is_admin;
316	}
317
318	return $auth_user;
319	}
320
321	?>

Note: See TracBrowser for help on using the browser.

root/include/auth.php

Download in other formats: