Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: forum/admin/admin_ug_auth.php@ 5

Last change on this file since 5 was 5, checked in by george, 18 years ago
import
File size: 31.3 KB

Line
1	<?php
2	/***************************************************************************
3	* admin_ug_auth.php
4	* -------------------
5	* begin : Saturday, Feb 13, 2001
6	* copyright : (C) 2001 The phpBB Group
7	* email : support@phpbb.com
8	*
9	* $Id: admin_ug_auth.php,v 1.13.2.10 2005/09/14 18:14:29 acydburn Exp $
10	*
11	*
12	***************************************************************************/
13
14	/***************************************************************************
15	*
16	* This program is free software; you can redistribute it and/or modify
17	* it under the terms of the GNU General Public License as published by
18	* the Free Software Foundation; either version 2 of the License, or
19	* (at your option) any later version.
20	*
21	***************************************************************************/
22
23	define('IN_PHPBB', 1);
24
25	if( !empty($setmodules) )
26	{
27	$filename = basename(__FILE__);
28	$module['Users']['Permissions'] = $filename . "?mode=user";
29	$module['Groups']['Permissions'] = $filename . "?mode=group";
30
31	return;
32	}
33
34	//
35	// Load default header
36	//
37	$no_page_header = TRUE;
38
39	$phpbb_root_path = "./../";
40	require($phpbb_root_path . 'extension.inc');
41	require('./pagestart.' . $phpEx);
42
43	$params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
44
45	while( list($var, $param) = @each($params) )
46	{
47	if ( !empty($HTTP_POST_VARS[$param]) \|\| !empty($HTTP_GET_VARS[$param]) )
48	{
49	$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
50	}
51	else
52	{
53	$$var = "";
54	}
55	}
56
57	$user_id = intval($user_id);
58	$group_id = intval($group_id);
59	$adv = intval($adv);
60	$mode = htmlspecialchars($mode);
61
62	//
63	// Start program - define vars
64	//
65	$forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
66
67	$auth_field_match = array(
68	'auth_view' => AUTH_VIEW,
69	'auth_read' => AUTH_READ,
70	'auth_post' => AUTH_POST,
71	'auth_reply' => AUTH_REPLY,
72	'auth_edit' => AUTH_EDIT,
73	'auth_delete' => AUTH_DELETE,
74	'auth_sticky' => AUTH_STICKY,
75	'auth_announce' => AUTH_ANNOUNCE,
76	'auth_vote' => AUTH_VOTE,
77	'auth_pollcreate' => AUTH_POLLCREATE);
78
79	$field_names = array(
80	'auth_view' => $lang['View'],
81	'auth_read' => $lang['Read'],
82	'auth_post' => $lang['Post'],
83	'auth_reply' => $lang['Reply'],
84	'auth_edit' => $lang['Edit'],
85	'auth_delete' => $lang['Delete'],
86	'auth_sticky' => $lang['Sticky'],
87	'auth_announce' => $lang['Announce'],
88	'auth_vote' => $lang['Vote'],
89	'auth_pollcreate' => $lang['Pollcreate']);
90
91	// ---------------
92	// Start Functions
93	//
94	function check_auth($type, $key, $u_access, $is_admin)
95	{
96	$auth_user = 0;
97
98	if( count($u_access) )
99	{
100	for($j = 0; $j < count($u_access); $j++)
101	{
102	$result = 0;
103	switch($type)
104	{
105	case AUTH_ACL:
106	$result = $u_access[$j][$key];
107
108	case AUTH_MOD:
109	$result = $result \|\| $u_access[$j]['auth_mod'];
110
111	case AUTH_ADMIN:
112	$result = $result \|\| $is_admin;
113	break;
114	}
115
116	$auth_user = $auth_user \|\| $result;
117	}
118	}
119	else
120	{
121	$auth_user = $is_admin;
122	}
123
124	return $auth_user;
125	}
126	//
127	// End Functions
128	// -------------
129
130	if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) \|\| ( $mode == 'group' && $group_id ) ) )
131	{
132	$user_level = '';
133	if ( $mode == 'user' )
134	{
135	//
136	// Get group_id for this user_id
137	//
138	$sql = "SELECT g.group_id, u.user_level
139	FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
140	WHERE u.user_id = $user_id
141	AND ug.user_id = u.user_id
142	AND g.group_id = ug.group_id
143	AND g.group_single_user = " . TRUE;
144	if ( !($result = $db->sql_query($sql)) )
145	{
146	message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql);
147	}
148
149	$row = $db->sql_fetchrow($result);
150
151	$group_id = $row['group_id'];
152	$user_level = $row['user_level'];
153
154	$db->sql_freeresult($result);
155	}
156
157	//
158	// Carry out requests
159	//
160	if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN )
161	{
162	//
163	// Make user an admin (if already user)
164	//
165	if ( $userdata['user_id'] != $user_id )
166	{
167	$sql = "UPDATE " . USERS_TABLE . "
168	SET user_level = " . ADMIN . "
169	WHERE user_id = $user_id";
170	if ( !($result = $db->sql_query($sql)) )
171	{
172	message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
173	}
174
175	$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
176	WHERE group_id = $group_id
177	AND auth_mod = 0";
178	if ( !($result = $db->sql_query($sql)) )
179	{
180	message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql);
181	}
182
183	//
184	// Delete any entries in auth_access, they are not required if user is becoming an
185	// admin
186	//
187	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
188	SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
189	WHERE group_id = $group_id";
190	if ( !($result = $db->sql_query($sql)) )
191	{
192	message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql);
193	}
194	}
195
196	$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
197	message_die(GENERAL_MESSAGE, $message);
198	}
199	else
200	{
201	if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN )
202	{
203	//
204	// Make admin a user (if already admin) ... ignore if you're trying
205	// to change yourself from an admin to user!
206	//
207	if ( $userdata['user_id'] != $user_id )
208	{
209	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
210	SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
211	WHERE group_id = $group_id";
212	if ( !($result = $db->sql_query($sql)) )
213	{
214	message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql);
215	}
216
217	//
218	// Update users level, reset to USER
219	//
220	$sql = "UPDATE " . USERS_TABLE . "
221	SET user_level = " . USER . "
222	WHERE user_id = $user_id";
223	if ( !($result = $db->sql_query($sql)) )
224	{
225	message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
226	}
227	}
228
229	$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
230	}
231	else
232	{
233
234	$change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false;
235
236	if ( empty($adv) )
237	{
238	$change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false;
239	}
240	else
241	{
242	$change_acl_list = array();
243	for($j = 0; $j < count($forum_auth_fields); $j++)
244	{
245	$auth_field = $forum_auth_fields[$j];
246
247	while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) )
248	{
249	$change_acl_list[$forum_id][$auth_field] = $value;
250	}
251	}
252	}
253
254	$sql = 'SELECT f.*
255	FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c
256	WHERE f.cat_id = c.cat_id
257	ORDER BY c.cat_order, f.forum_order';
258	if ( !($result = $db->sql_query($sql)) )
259	{
260	message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
261	}
262
263	$forum_access = array();
264	while( $row = $db->sql_fetchrow($result) )
265	{
266	$forum_access[] = $row;
267	}
268	$db->sql_freeresult($result);
269
270	$sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
271	if ( !($result = $db->sql_query($sql)) )
272	{
273	message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
274	}
275
276	$auth_access = array();
277	while( $row = $db->sql_fetchrow($result) )
278	{
279	$auth_access[$row['forum_id']] = $row;
280	}
281	$db->sql_freeresult($result);
282
283	$forum_auth_action = array();
284	$update_acl_status = array();
285	$update_mod_status = array();
286
287	for($i = 0; $i < count($forum_access); $i++)
288	{
289	$forum_id = $forum_access[$i]['forum_id'];
290
291	if (
292	( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) \|\|
293	( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) )
294	)
295	{
296	$update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod'];
297
298	if ( !$update_mod_status[$forum_id] )
299	{
300	$forum_auth_action[$forum_id] = 'delete';
301	}
302	else if ( !isset($auth_access[$forum_id]['auth_mod']) )
303	{
304	$forum_auth_action[$forum_id] = 'insert';
305	}
306	else
307	{
308	$forum_auth_action[$forum_id] = 'update';
309	}
310	}
311
312	for($j = 0; $j < count($forum_auth_fields); $j++)
313	{
314	$auth_field = $forum_auth_fields[$j];
315
316	if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
317	{
318	if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
319	( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) \|\|
320	( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) \|\|
321	!empty($update_mod_status[$forum_id])
322	)
323	{
324	$update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field];
325
326	if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
327	{
328	$forum_auth_action[$forum_id] = 'delete';
329	}
330	else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
331	{
332	$forum_auth_action[$forum_id] = 'insert';
333	}
334	else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) )
335	{
336	$forum_auth_action[$forum_id] = 'update';
337	}
338	}
339	else if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
340	( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' )
341	{
342	$forum_auth_action[$forum_id] = 'update';
343	}
344	}
345	}
346	}
347
348	//
349	// Checks complete, make updates to DB
350	//
351	$delete_sql = '';
352	while( list($forum_id, $action) = @each($forum_auth_action) )
353	{
354	if ( $action == 'delete' )
355	{
356	$delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
357	}
358	else
359	{
360	if ( $action == 'insert' )
361	{
362	$sql_field = '';
363	$sql_value = '';
364	while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
365	{
366	$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
367	$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
368	}
369	$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
370	$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
371
372	$sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field)
373	VALUES ($forum_id, $group_id, $sql_value)";
374	}
375	else
376	{
377	$sql_values = '';
378	while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
379	{
380	$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
381	}
382	$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
383
384	$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
385	SET $sql_values
386	WHERE group_id = $group_id
387	AND forum_id = $forum_id";
388	}
389	if( !($result = $db->sql_query($sql)) )
390	{
391	message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql);
392	}
393	}
394	}
395
396	if ( $delete_sql != '' )
397	{
398	$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
399	WHERE group_id = $group_id
400	AND forum_id IN ($delete_sql)";
401	if( !($result = $db->sql_query($sql)) )
402	{
403	message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql);
404	}
405	}
406
407	$l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth'];
408	$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
409	}
410
411	//
412	// Update user level to mod for appropriate users
413	//
414	$sql = "SELECT u.user_id
415	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
416	WHERE ug.group_id = aa.group_id
417	AND u.user_id = ug.user_id
418	AND ug.user_pending = 0
419	AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
420	GROUP BY u.user_id
421	HAVING SUM(aa.auth_mod) > 0";
422	if ( !($result = $db->sql_query($sql)) )
423	{
424	message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
425	}
426
427	$set_mod = '';
428	while( $row = $db->sql_fetchrow($result) )
429	{
430	$set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id'];
431	}
432	$db->sql_freeresult($result);
433
434	//
435	// Update user level to user for appropriate users
436	//
437	switch ( SQL_LAYER )
438	{
439	case 'postgresql':
440	$sql = "SELECT u.user_id
441	FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
442	WHERE ug.user_id = u.user_id
443	AND aa.group_id = ug.group_id
444	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
445	GROUP BY u.user_id
446	HAVING SUM(aa.auth_mod) = 0
447	UNION (
448	SELECT u.user_id
449	FROM " . USERS_TABLE . " u
450	WHERE NOT EXISTS (
451	SELECT aa.auth_mod
452	FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
453	WHERE ug.user_id = u.user_id
454	AND aa.group_id = ug.group_id
455	)
456	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
457	GROUP BY u.user_id
458	)";
459	break;
460	case 'oracle':
461	$sql = "SELECT u.user_id
462	FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
463	WHERE ug.user_id = u.user_id(+)
464	AND aa.group_id = ug.group_id(+)
465	AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
466	GROUP BY u.user_id
467	HAVING SUM(aa.auth_mod) = 0";
468	break;
469	default:
470	$sql = "SELECT u.user_id
471	FROM ( ( " . USERS_TABLE . " u
472	LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id )
473	LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id )
474	WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
475	GROUP BY u.user_id
476	HAVING SUM(aa.auth_mod) = 0";
477	break;
478	}
479	if ( !($result = $db->sql_query($sql)) )
480	{
481	message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
482	}
483
484	$unset_mod = "";
485	while( $row = $db->sql_fetchrow($result) )
486	{
487	$unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id'];
488	}
489	$db->sql_freeresult($result);
490
491	if ( $set_mod != '' )
492	{
493	$sql = "UPDATE " . USERS_TABLE . "
494	SET user_level = " . MOD . "
495	WHERE user_id IN ($set_mod)";
496	if( !($result = $db->sql_query($sql)) )
497	{
498	message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
499	}
500	}
501
502	if ( $unset_mod != '' )
503	{
504	$sql = "UPDATE " . USERS_TABLE . "
505	SET user_level = " . USER . "
506	WHERE user_id IN ($unset_mod)";
507	if( !($result = $db->sql_query($sql)) )
508	{
509	message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
510	}
511	}
512
513	$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
514	WHERE group_id = $group_id";
515	$result = $db->sql_query($sql);
516
517	$group_user = array();
518	while ($row = $db->sql_fetchrow($result))
519	{
520	$group_user[$row['user_id']] = $row['user_id'];
521	}
522	$db->sql_freeresult($result);
523
524	$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
525	FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
526	WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
527	AND aa.group_id = ug.group_id
528	AND aa.auth_mod = 1
529	GROUP BY ug.user_id";
530	if ( !($result = $db->sql_query($sql)) )
531	{
532	message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
533	}
534
535	while ($row = $db->sql_fetchrow($result))
536	{
537	if ($row['is_auth_mod'])
538	{
539	unset($group_user[$row['user_id']]);
540	}
541	}
542	$db->sql_freeresult($result);
543
544	if (sizeof($group_user))
545	{
546	$sql = "UPDATE " . USERS_TABLE . "
547	SET user_level = " . USER . "
548	WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
549	if ( !($result = $db->sql_query($sql)) )
550	{
551	message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
552	}
553	}
554
555	message_die(GENERAL_MESSAGE, $message);
556	}
557	}
558	else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) \|\| $user_id ) ) \|\| ( $mode == 'group' && $group_id ) )
559	{
560	if ( isset($HTTP_POST_VARS['username']) )
561	{
562	$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
563	if ( !is_array($this_userdata) )
564	{
565	message_die(GENERAL_MESSAGE, $lang['No_such_user']);
566	}
567	$user_id = $this_userdata['user_id'];
568	}
569
570	//
571	// Front end
572	//
573	$sql = "SELECT f.*
574	FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
575	WHERE f.cat_id = c.cat_id
576	ORDER BY c.cat_order, f.forum_order ASC";
577	if ( !($result = $db->sql_query($sql)) )
578	{
579	message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
580	}
581
582	$forum_access = array();
583	while( $row = $db->sql_fetchrow($result) )
584	{
585	$forum_access[] = $row;
586	}
587	$db->sql_freeresult($result);
588
589	if( empty($adv) )
590	{
591	for($i = 0; $i < count($forum_access); $i++)
592	{
593	$forum_id = $forum_access[$i]['forum_id'];
594
595	$forum_auth_level[$forum_id] = AUTH_ALL;
596
597	for($j = 0; $j < count($forum_auth_fields); $j++)
598	{
599	$forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
600	if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
601	{
602	$forum_auth_level[$forum_id] = AUTH_ACL;
603	$forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
604	}
605	}
606	}
607	}
608
609	$sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
610	$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
611	if ( !($result = $db->sql_query($sql)) )
612	{
613	message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql);
614	}
615	$ug_info = array();
616	while( $row = $db->sql_fetchrow($result) )
617	{
618	$ug_info[] = $row;
619	}
620	$db->sql_freeresult($result);
621
622	$sql = ( $mode == 'user' ) ? "SELECT aa., g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
623	if ( !($result = $db->sql_query($sql)) )
624	{
625	message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
626	}
627
628	$auth_access = array();
629	$auth_access_count = array();
630	while( $row = $db->sql_fetchrow($result) )
631	{
632	$auth_access[$row['forum_id']][] = $row;
633	$auth_access_count[$row['forum_id']]++;
634	}
635	$db->sql_freeresult($result);
636
637	$is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0;
638
639	for($i = 0; $i < count($forum_access); $i++)
640	{
641	$forum_id = $forum_access[$i]['forum_id'];
642
643	unset($prev_acl_setting);
644	for($j = 0; $j < count($forum_auth_fields); $j++)
645	{
646	$key = $forum_auth_fields[$j];
647	$value = $forum_access[$i][$key];
648
649	switch( $value )
650	{
651	case AUTH_ALL:
652	case AUTH_REG:
653	$auth_ug[$forum_id][$key] = 1;
654	break;
655
656	case AUTH_ACL:
657	$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
658	$auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
659
660	if ( isset($prev_acl_setting) )
661	{
662	if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
663	{
664	$adv = 1;
665	}
666	}
667
668	$prev_acl_setting = $auth_ug[$forum_id][$key];
669
670	break;
671
672	case AUTH_MOD:
673	$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
674	break;
675
676	case AUTH_ADMIN:
677	$auth_ug[$forum_id][$key] = $is_admin;
678	break;
679
680	default:
681	$auth_ug[$forum_id][$key] = 0;
682	break;
683	}
684	}
685
686	//
687	// Is user a moderator?
688	//
689	$auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
690	}
691
692	$i = 0;
693	@reset($auth_ug);
694	while( list($forum_id, $user_ary) = @each($auth_ug) )
695	{
696	if ( empty($adv) )
697	{
698	if ( $forum_auth_level[$forum_id] == AUTH_ACL )
699	{
700	$allowed = 1;
701
702	for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
703	{
704	if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
705	{
706	$allowed = 0;
707	}
708	}
709
710	$optionlist_acl = '<select name="private[' . $forum_id . ']">';
711
712	if ( $is_admin \|\| $user_ary['auth_mod'] )
713	{
714	$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>';
715	}
716	else if ( $allowed )
717	{
718	$optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>';
719	}
720	else
721	{
722	$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>';
723	}
724
725	$optionlist_acl .= '</select>';
726	}
727	else
728	{
729	$optionlist_acl = ' ';
730	}
731	}
732	else
733	{
734	for($j = 0; $j < count($forum_access); $j++)
735	{
736	if ( $forum_access[$j]['forum_id'] == $forum_id )
737	{
738	for($k = 0; $k < count($forum_auth_fields); $k++)
739	{
740	$field_name = $forum_auth_fields[$k];
741
742	if( $forum_access[$j][$field_name] == AUTH_ACL )
743	{
744	$optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
745
746	if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin \|\| $user_ary['auth_mod']) )
747	{
748	if( !$auth_field_acl[$forum_id][$field_name] )
749	{
750	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
751	}
752	else
753	{
754	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>';
755	}
756	}
757	else
758	{
759	if( $is_admin \|\| $user_ary['auth_mod'] )
760	{
761	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>';
762	}
763	else
764	{
765	$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
766	}
767	}
768
769	$optionlist_acl_adv[$forum_id][$k] .= '</select>';
770
771	}
772	}
773	}
774	}
775	}
776
777	$optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
778	$optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>';
779	$optionlist_mod .= '</select>';
780
781	$row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1';
782	$row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2'];
783
784	$template->assign_block_vars('forums', array(
785	'ROW_COLOR' => '#' . $row_color,
786	'ROW_CLASS' => $row_class,
787	'FORUM_NAME' => $forum_access[$i]['forum_name'],
788
789	'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
790
791	'S_MOD_SELECT' => $optionlist_mod)
792	);
793
794	if( !$adv )
795	{
796	$template->assign_block_vars('forums.aclvalues', array(
797	'S_ACL_SELECT' => $optionlist_acl)
798	);
799	}
800	else
801	{
802	for($j = 0; $j < count($forum_auth_fields); $j++)
803	{
804	$template->assign_block_vars('forums.aclvalues', array(
805	'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j])
806	);
807	}
808	}
809
810	$i++;
811	}
812	// @reset($auth_user);
813
814	if ( $mode == 'user' )
815	{
816	$t_username = $ug_info[0]['username'];
817	$s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>';
818	}
819	else
820	{
821	$t_groupname = $ug_info[0]['group_name'];
822	}
823
824	$name = array();
825	$id = array();
826	for($i = 0; $i < count($ug_info); $i++)
827	{
828	if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) \|\| $mode == 'group' )
829	{
830	$name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username'];
831	$id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']);
832	}
833	}
834
835	$t_usergroup_list = $t_pending_list = '';
836	if( count($name) )
837	{
838	for($i = 0; $i < count($ug_info); $i++)
839	{
840	$ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
841
842	if (!$ug_info[$i]['user_pending'])
843	{
844	$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
845	}
846	else
847	{
848	$t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
849	}
850	}
851	}
852
853	$t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list;
854	$t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list;
855
856	$s_column_span = 2; // Two columns always present
857	if( !$adv )
858	{
859	$template->assign_block_vars('acltype', array(
860	'L_UG_ACL_TYPE' => $lang['Simple_Permission'])
861	);
862	$s_column_span++;
863	}
864	else
865	{
866	for($i = 0; $i < count($forum_auth_fields); $i++)
867	{
868	$cell_title = $field_names[$forum_auth_fields[$i]];
869
870	$template->assign_block_vars('acltype', array(
871	'L_UG_ACL_TYPE' => $cell_title)
872	);
873	$s_column_span++;
874	}
875	}
876
877	//
878	// Dump in the page header ...
879	//
880	include('./page_header_admin.'.$phpEx);
881
882	$template->set_filenames(array(
883	"body" => 'admin/auth_ug_body.tpl')
884	);
885
886	$adv_switch = ( empty($adv) ) ? 1 : 0;
887	$u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
888	$switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch");
889	$switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
890	$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
891
892	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
893	$s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
894
895	if ( $mode == 'user' )
896	{
897	$template->assign_block_vars('switch_user_auth', array());
898
899	$template->assign_vars(array(
900	'USERNAME' => $t_username,
901	'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type,
902	'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list)
903	);
904	}
905	else
906	{
907	$template->assign_block_vars("switch_group_auth", array());
908
909	$template->assign_vars(array(
910	'USERNAME' => $t_groupname,
911	'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list)
912	);
913	}
914
915	$template->assign_vars(array(
916	'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
917
918	'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
919	'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
920	'L_MODERATOR_STATUS' => $lang['Moderator_status'],
921	'L_PERMISSIONS' => $lang['Permissions'],
922	'L_SUBMIT' => $lang['Submit'],
923	'L_RESET' => $lang['Reset'],
924	'L_FORUM' => $lang['Forum'],
925
926	'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
927	'U_SWITCH_MODE' => $u_switch_mode,
928
929	'S_COLUMN_SPAN' => $s_column_span,
930	'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"),
931	'S_HIDDEN_FIELDS' => $s_hidden_fields)
932	);
933	}
934	else
935	{
936	//
937	// Select a user/group
938	//
939	include('./page_header_admin.'.$phpEx);
940
941	$template->set_filenames(array(
942	'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
943	);
944
945	if ( $mode == 'user' )
946	{
947	$template->assign_vars(array(
948	'L_FIND_USERNAME' => $lang['Find_username'],
949
950	'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
951	);
952	}
953	else
954	{
955	$sql = "SELECT group_id, group_name
956	FROM " . GROUPS_TABLE . "
957	WHERE group_single_user <> " . TRUE;
958	if ( !($result = $db->sql_query($sql)) )
959	{
960	message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql);
961	}
962
963	if ( $row = $db->sql_fetchrow($result) )
964	{
965	$select_list = '<select name="' . POST_GROUPS_URL . '">';
966	do
967	{
968	$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
969	}
970	while ( $row = $db->sql_fetchrow($result) );
971	$select_list .= '</select>';
972	}
973
974	$template->assign_vars(array(
975	'S_AUTH_SELECT' => $select_list)
976	);
977	}
978
979	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
980
981	$l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
982
983	$template->assign_vars(array(
984	'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
985	'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
986	'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'],
987	'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'],
988
989	'S_HIDDEN_FIELDS' => $s_hidden_fields,
990	'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
991	);
992
993	}
994
995	$template->pparse('body');
996
997	include('./page_footer_admin.'.$phpEx);
998
999	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: