diff --git a/phpBB/admin/forumauth.php b/phpBB/admin/forumauth.php index fb3d7e3e64..d5fde35778 100644 --- a/phpBB/admin/forumauth.php +++ b/phpBB/admin/forumauth.php @@ -38,8 +38,7 @@ $forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN); if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL])) { $forum_id = (isset($HTTP_POST_VARS[POST_FORUM_URL])) ? $HTTP_POST_VARS[POST_FORUM_URL] : $HTTP_GET_VARS[POST_FORUM_URL]; -// $forum_sql = "WHERE forum_id = $forum_id"; - $forum_sql = "AND f.forum_id = $forum_id"; + $forum_sql = "WHERE forum_id = $forum_id"; } else { @@ -60,8 +59,7 @@ if(isset($HTTP_POST_VARS['submit'])) { if(!empty($forum_id)) { -// $sql = "UPDATE " . FORUMS_TABLE . " SET "; - $sql = "UPDATE " . AUTH_FORUMS_TABLE . " SET "; + $sql = "UPDATE " . FORUMS_TABLE . " SET "; if(isset($HTTP_POST_VARS['simpleauth'])) { @@ -79,8 +77,7 @@ if(isset($HTTP_POST_VARS['submit'])) } else { -// $sql = "UPDATE " . FORUMS_TABLE . " SET "; - $sql = "UPDATE " . AUTH_FORUMS_TABLE . " SET "; + $sql = "UPDATE " . FORUMS_TABLE . " SET "; for($i = 0; $i < count($forum_auth_fields); $i++) { @@ -122,37 +119,13 @@ if(isset($HTTP_POST_VARS['submit'])) // // Start output // -/*$sql = "SELECT * +$sql = "SELECT * FROM ".FORUMS_TABLE." $forum_sql - ORDER BY forum_id ASC";*/ -$sql = "SELECT f.forum_id, f.forum_name, fa.* - FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa - WHERE fa.forum_id = f.forum_id - $forum_sql - ORDER BY f.forum_id ASC"; + ORDER BY forum_id ASC"; $f_result = $db->sql_query($sql); $forum_rows = $db->sql_fetchrowset($f_result); -$sql = "SELECT f.forum_id, u.username, u.user_id - FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa - WHERE aa.forum_id = f.forum_id - AND aa.auth_mod = 1 - AND ug.group_id = aa.group_id - AND u.user_id = ug.user_id - ORDER BY f.forum_id, u.user_id"; -if(!$q_forum_mods = $db->sql_query($sql)) -{ - error_die(SQL_QUERY, "Could not query forum moderator information.", __LINE__, __FILE__); -} -$forum_mods_list = $db->sql_fetchrowset($q_forum_mods); - -for($i = 0; $i < count($forum_mods_list); $i++) -{ - $forum_mods['forum_'.$forum_mods_list[$i]['forum_id'].'_name'][] = $forum_mods_list[$i]['username']; - $forum_mods['forum_'.$forum_mods_list[$i]['forum_id'].'_id'][] = $forum_mods_list[$i]['user_id']; -} - // // Show data // diff --git a/phpBB/admin/userauth.php b/phpBB/admin/userauth.php index 529e49e7d7..45aa01d456 100644 --- a/phpBB/admin/userauth.php +++ b/phpBB/admin/userauth.php @@ -29,31 +29,187 @@ $auth_field_match = array( ); $forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_votecreate", "auth_vote", "auth_attachments"); +// +// +// +$adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1; -// -// -// -if(isset($HTTP_GET_VARS['adv'])) +if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL])) { - $adv = $HTTP_GET_VARS['adv']; + $user_id = $HTTP_POST_VARS[POST_USERS_URL]; + + // + // This is where things become fun ... + // + // We have to do a pile of cross-checking + // to ensure what the admin has requested + // for a user doesn't conflict with + // permissions already assigned. If they + // do we warn the admin and give them + // options ... where possible + // + + // + // Get group_id for this user_id + // + $sql_groupid = "SELECT group_id + FROM " . USER_GROUP_TABLE . " + WHERE user_id = $user_id"; + if(!$result = $db->sql_query($sql_groupid)) + { + // Error no such user/group + } + list($group_id) = $db->sql_fetchrow($result); + + // + // Carry out requests + // + if( !$HTTP_POST_VARS['makeadmin'] && $HTTP_POST_VARS['curadmin'] ) + { + // + // Delete any entries granting moderator + // status in auth_access + // + $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . " + WHERE group_id = $group_id"; + if(!$result = $db->sql_query($sql_unmod)) + { + // Error, couldn't delete entries + } + + $sql_userlevel = "UPDATE " . USERS_TABLE . " + SET user_level = " . USER . " + WHERE user_id = $user_id"; + if(!$result = $db->sql_query($sql_userlevel)) + { + // Error, couldn't set user level + } + + header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id"); + + } + else if( $HTTP_POST_VARS['makeadmin'] && !$HTTP_POST_VARS['curadmin'] ) + { + // + // Need to switch on admin + // level, this also requires + // we remove this user from all + // auth fields(?) + // + $sql_userlevel = "UPDATE " . USERS_TABLE . " + SET user_level = " . ADMIN . " + WHERE user_id = $user_id"; + if(!$result = $db->sql_query($sql_userlevel)) + { + // Error, couldn't set user level + } + + // + // Delete any entries in auth_access, they + // are unrequired if user is becoming an + // admin + // + $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . " + WHERE aa.group_id = $group_id"; + if(!$result = $db->sql_query($sql_unmod)) + { + // Error, couldn't delete entries + } + + // + // Remove user from any groups + // + $sql_rmgrp = "DELETE FROM " . USER_GROUP_TABLE . " + WHERE user_id = $user_id + AND group_id <> $group_id"; + if(!$result = $db->sql_query($sql_rmgrp)) + { + // Error, couldn't delete entries + } + + + $sql_mod = "INSERT INTO " . AUTH_ACCESS_TABLE . " (group_id, forum_id, auth_mod) + VALUES ($group_id, 0, 1)"; + if(!$result = $db->sql_query($sql_mod)) + { + // Error, couldn't delete entries + } + + header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id"); + + } + else + { + // + // Pull all the group info + // for this user + // + $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g + WHERE ug.user_id = $user_id + AND g.group_id = ug.group_id + AND aa.group_id = ug.group_id + AND g.group_single_user <> 1"; + $au_result = $db->sql_query($sql); + + $num_u_access = $db->sql_numrows($au_result); + if($num_u_access) + { + $u_access = $db->sql_fetchrowset($au_result); + } + + header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id"); + + } + } -else +else if(empty($HTTP_GET_VARS[POST_USERS_URL])) { - $adv = -1; -} + // + // Default user selection box + // This should be altered on the final + // system to list users via an alphabetical + // selection system ... otherwise this + // could get 'cumbersome' for boards + // with several thousand users! + // + $sql = "SELECT user_id, username + FROM ".USERS_TABLE; + $u_result = $db->sql_query($sql); + $user_list = $db->sql_fetchrowset($u_result); -if(isset($HTTP_GET_VARS[POST_USERS_URL])) -{ + $select_list = ""; $template->set_filenames(array( - "body" => "admin/userauth_body.tpl")); + "body" => "admin/userauth_select_body.tpl")); + + $template->assign_vars(array( + "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"), + "S_USERS_SELECT" => $select_list, + + "U_FORUMAUTH" => append_sid("forumauth.$phpEx")) + ); + + $template->pparse("body"); + + exit; + +} + + $template->set_filenames(array( + "body" => "admin/userauth_body.tpl") + ); $user_id = $HTTP_GET_VARS[POST_USERS_URL]; - $sql = "SELECT f.forum_id, f.forum_name, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_announce, fa.auth_sticky, fa.auth_votecreate, fa.auth_vote, fa.auth_attachments - FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa - WHERE fa.forum_id = f.forum_id"; + $sql = "SELECT forum_id, forum_name, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_votecreate, auth_vote, auth_attachments + FROM " . FORUMS_TABLE; $fa_result = $db->sql_query($sql); $forum_access = $db->sql_fetchrowset($fa_result); @@ -89,7 +245,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) $u_result = $db->sql_query($sql); $userinf = $db->sql_fetchrowset($u_result); - $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user + $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, aa.auth_admin, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id @@ -103,7 +259,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) $u_access = $db->sql_fetchrowset($au_result); } - $is_admin = ($userinf[0]['user_level'] == ADMIN) ? 1 : 0; + $is_admin = ($userinf[0]['user_level'] == ADMIN && $userinf[0]['user_id'] != ANONYMOUS) ? 1 : 0; for($i = 0; $i < count($forum_access); $i++) { @@ -113,7 +269,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) for($j = 0; $j < count($forum_auth_fields); $j++) { $key = $forum_auth_fields[$j]; - $value = $f_access[$i][$key]; + $value = $forum_access[$i][$key]; switch($value) { @@ -126,11 +282,11 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) break; case AUTH_ACL: - $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; + $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; break; case AUTH_MOD: - $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0; + $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0; break; case AUTH_ADMIN: @@ -145,7 +301,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) // // Is user a moderator? // - $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; + $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; } while(list($forumkey, $user_ary) = each($auth_user)) @@ -154,41 +310,10 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) while(list($fieldkey, $value) = each($user_ary)) { $simple_auth[$forumkey] = $simple_auth[$forumkey] && $value; - } } reset($auth_user); - $t_username .= $userinf[0]['username']; - $t_usertype = ($userinf[0]['user_level'] == ADMIN) ? "an Administrator" : "a User"; - - for($i = 0; $i < count($userinf); $i++) - { - if(!$userinf[$i]['group_single_user']) - { - $group_name[] = $userinf[$i]['group_name']; - $group_id[] = $userinf[$i]['group_name']; - } - } - - if(count($group_name)) - { - $t_usergroup_list = "belongs to the following groups; "; - for($i = 0; $i < count($userinf); $i++) - { - $t_usergroup_list .= $group_name[$i]; - if($i < count($group_name) - 1) - { - $t_usergroup_list .= ", "; - } - } - } - else - { - $t_usergroup_list = "belongs to no usergroups."; - } - - $i = 0; if($adv == -1) { @@ -207,11 +332,11 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) $optionlist_grant = ""; } @@ -221,11 +346,11 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) } if($user_ary['auth_mod']) { - $optionlist_mod = ""; + $optionlist_mod = ""; } else { - $optionlist_mod = ""; + $optionlist_mod = ""; } switch($basic_auth_level[$forumkey]) { @@ -246,7 +371,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) break; } - $template->assign_block_vars("restrictedforums", array( + $template->assign_block_vars("forums", array( "ROW_CLASS" => $row_class, "FORUM_NAME" => $forum_access[$i]['forum_name'], @@ -260,8 +385,7 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) { while(list($forumkey, $user_ary) = each($auth_user)) { - echo "\n"; - echo "\t" . $f_access[$i]['forum_name'] . "\n"; + echo "\t" . $f_access[$i]['forum_name'] . "\n"; while(list($fieldkey, $value) = each($user_ary)) { $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No"; @@ -273,55 +397,53 @@ if(isset($HTTP_GET_VARS[POST_USERS_URL])) } reset($auth_user); + $t_username .= $userinf[0]['username']; + $t_usertype = ($is_admin) ? "an Administrator" : "a User"; + + for($i = 0; $i < count($userinf); $i++) + { + if(!$userinf[$i]['group_single_user']) + { + $group_name[] = $userinf[$i]['group_name']; + $group_id[] = $userinf[$i]['group_id']; + } + } + + if(count($group_name)) + { + $t_usergroup_list = "belongs to the following groups; "; + for($i = 0; $i < count($userinf); $i++) + { + $t_usergroup_list .= "" . $group_name[$i] . ""; + if($i < count($group_name) - 1) + { + $t_usergroup_list .= ", "; + } + } + } + else + { + $t_usergroup_list = "belongs to no usergroups."; + } + + $s_hidden_fields = ""; + $s_hidden_fields .= ""; + $s_hidden_fields .= ""; $template->assign_vars(array( "USERNAME" => $t_username, "USERTYPE" => $t_usertype, + "S_ADMIN_CHECK_SELECTED" => (($is_admin) ? " checked" : ""), + + "S_USER_AUTH_ACTION" => append_sid("userauth.$phpEx"), + "S_HIDDEN_FIELDS" => $s_hidden_fields, + "USER_GROUP_LIST" => $t_usergroup_list) ); $template->pparse("body"); - -} -else -{ - - // - // Default user selection box - // This should be altered on the final - // system to list users via an alphabetical - // selection system ... otherwise this - // could get 'cumbersome' for boards - // with several thousand users! - // - - $sql = "SELECT user_id, username - FROM ".USERS_TABLE; - $u_result = $db->sql_query($sql); - $user_list = $db->sql_fetchrowset($u_result); - - $select_list = ""; - - $template->set_filenames(array( - "body" => "admin/userauth_select_body.tpl")); - - $template->assign_vars(array( - "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"), - "S_USERS_SELECT" => $select_list, - - "U_FORUMAUTH" => append_sid("forumauth.$phpEx")) - ); - - $template->pparse("body"); - -} - + exit; ?> \ No newline at end of file diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 18906ebc34..8c7cde2f4f 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -132,7 +132,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1) { $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE au.forum_id = $forum_id" : ""; $sql = "SELECT au.forum_id, $a_sql - FROM ".AUTH_FORUMS_TABLE." au + FROM ".FORUMS_TABLE." au $forum_match_sql"; $af_result = $db->sql_query($sql); @@ -164,7 +164,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1) if($userdata['session_logged_in']) { - $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND au.forum_id = $forum_id" : ""; + $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND ( au.forum_id = $forum_id OR au.forum_id = 0 )" : ""; $sql = "SELECT au.forum_id, $a_sql, au.auth_mod, g.group_single_user FROM ".AUTH_ACCESS_TABLE." au, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = ".$userdata['user_id']. " diff --git a/phpBB/index.php b/phpBB/index.php index 9f88c7febd..c2049e9c34 100644 --- a/phpBB/index.php +++ b/phpBB/index.php @@ -173,7 +173,7 @@ if($total_categories) default: // This works on: MySQL, MSSQL and ODBC (Access) $limit_forums = ($viewcat != -1) ? "WHERE f.cat_id = $viewcat " : ""; -/* + $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time FROM ((( ".FORUMS_TABLE." f LEFT JOIN ".POSTS_TABLE." p ON f.forum_last_post_id = p.post_id ) @@ -181,15 +181,6 @@ if($total_categories) LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id ) $limit_forums ORDER BY f.cat_id, f.forum_order"; -*/ - $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time, p.post_username, af.auth_view, af.auth_read, af.auth_post, af.auth_reply, af.auth_edit, af.auth_delete, af.auth_votecreate, af.auth_vote - FROM ((( ".FORUMS_TABLE." f - LEFT JOIN ".POSTS_TABLE." p ON f.forum_last_post_id = p.post_id ) - LEFT JOIN ".TOPICS_TABLE." t ON p.post_id = t.topic_last_post_id ) - LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id ) - LEFT JOIN ".AUTH_FORUMS_TABLE." af ON af.forum_id = f.forum_id - $limit_forums - ORDER BY f.cat_id, f.forum_order"; break; } @@ -214,7 +205,7 @@ if($total_categories) // $sql = "SELECT f.forum_id, u.username, u.user_id FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa - WHERE aa.forum_id = f.forum_id + WHERE ( aa.forum_id = f.forum_id OR aa.forum_id = 0 ) AND aa.auth_mod = 1 AND ug.group_id = aa.group_id AND u.user_id = ug.user_id diff --git a/phpBB/search.php b/phpBB/search.php index ae33e1ca86..c7cd358f18 100644 --- a/phpBB/search.php +++ b/phpBB/search.php @@ -312,7 +312,7 @@ if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && // Limit to search to accessible // forums // - $is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); + $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); // // Start building appropriate SQL query @@ -355,7 +355,7 @@ if((isset($HTTP_POST_VARS['dosearch']) || isset($HTTP_GET_VARS['dosearch'])) && if($searchforum != "all") { - $sql .= ($is_auth_ary[$searchforum]['auth_view']) ? " AND (f.forum_id = '$searchforum')" : ""; + $sql .= ($is_auth_ary[$searchforum]['auth_read']) ? " AND (f.forum_id = '$searchforum')" : ""; } while(list($key, $value) = each($is_auth_ary)) @@ -493,12 +493,13 @@ if(!$result) error_die(QUERY_ERROR, "Couldn't obtain forum_name/forum_id", __LINE__, __FILE__); } -$is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); +$is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata); $s_forums = ""; + while($row = $db->sql_fetchrow($result)) { - if($is_auth_ary[$row['forum_id']]['auth_view']) + if($is_auth_ary[$row['forum_id']]['auth_read']) { $s_forums .= ""; } diff --git a/phpBB/templates/PSO/admin/userauth_body.tpl b/phpBB/templates/PSO/admin/userauth_body.tpl index 3c9ce596bb..23ea56dd73 100644 --- a/phpBB/templates/PSO/admin/userauth_body.tpl +++ b/phpBB/templates/PSO/admin/userauth_body.tpl @@ -33,14 +33,16 @@

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

-

Username: {USERNAME}

-

This user is {USERTYPE} and {USER_GROUP_LIST}

+

This user is {USERTYPE} and {USER_GROUP_LIST} +

+ Checked if user should be an Administrator
+ Checked if user should be a Super Moderator

-

Restricted Forums

+

Access to Forums

-

These forums need users to be granted specific access for one or more auth fields. Please keep in mind that when you grant access you are giving a user the maximum rights to the forum. So, if this forum has auth fields set for admin only access the user will be made an admin! So think before granting rights!

+

The following table lists all forums on you board. Different colour rows indicate different levels of authorisation required for a user to do one or more basic function, eg. view, read, post, reply. By design Administrators have access to and are moderators of every forum (you cannot alter individual settings for Administrators, you must first set them as users by unchecking the box above)

@@ -48,16 +50,19 @@ - + - - - + + + + + + + -
Simple Access Control Moderator
{restrictedforums.FORUM_NAME}{restrictedforums.SELECT_GRANT_LIST}{restrictedforums.SELECT_MOD_LIST}{forums.FORUM_NAME}{forums.SELECT_GRANT_LIST}{forums.SELECT_MOD_LIST}
{S_HIDDEN_FIELDS}   
-
+

The colour coded rows in the table indicate the access level required to view, read, post or reply in the forum.

diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php index 7986d4abf2..7f92827a42 100644 --- a/phpBB/viewforum.php +++ b/phpBB/viewforum.php @@ -56,21 +56,11 @@ init_userprefs($userdata); // if(isset($forum_id)) { -/* $sql = "SELECT f.forum_name, f.forum_topics, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_votecreate, f.auth_vote, u.username, u.user_id FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa - WHERE f.forum_id = $forum_id + WHERE f.forum_id = $forum_id AND aa.auth_mod = 1 - AND aa.forum_id = f.forum_id - AND ug.group_id = aa.group_id - AND u.user_id = ug.user_id"; -*/ - $sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.* - FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa, ".AUTH_FORUMS_TABLE." fa - WHERE f.forum_id = $forum_id - AND fa.forum_id = f.forum_id - AND aa.auth_mod = 1 - AND aa.forum_id = f.forum_id + AND ( aa.forum_id = f.forum_id OR aa.forum_id = 0 ) AND ug.group_id = aa.group_id AND u.user_id = ug.user_id"; } diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php index c5fe3c8581..aac18e3b01 100644 --- a/phpBB/viewtopic.php +++ b/phpBB/viewtopic.php @@ -139,7 +139,7 @@ else $join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,"; $join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; $count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts"; -/* + $order_sql = (!isset($post_id)) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_votecreate, f.auth_vote, f.auth_attachments ORDER BY p.post_id ASC"; $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_votecreate, f.auth_vote, f.auth_attachments" . $count_sql . " @@ -147,16 +147,6 @@ else WHERE $join_sql AND f.forum_id = t.forum_id $order_sql"; -*/ - $order_sql = (!isset($post_id)) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_announce, fa.auth_sticky, fa.auth_votecreate, fa.auth_vote ORDER BY p.post_id ASC"; - - $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_announce, fa.auth_sticky, fa.auth_delete, fa.auth_votecreate, fa.auth_vote" . $count_sql . " - FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".AUTH_FORUMS_TABLE." fa - WHERE $join_sql - AND f.forum_id = t.forum_id - AND fa.forum_id = f.forum_id - $order_sql"; - // This closes out the opening braces above // Needed for the view/next query @@ -456,6 +446,8 @@ for($x = 0; $x < $total_posts; $x++) $profile_img = "\"$l_profileof"; + $pm_img = "\"""; + $email_img = ($postrow[$x]['user_viewemail'] == 1) ? "\"$l_email" : ""; $www_img = ($postrow[$x]['user_website']) ? "\"$l_viewsite\"" : ""; @@ -554,6 +546,7 @@ for($x = 0; $x < $total_posts; $x++) "POST_SUBJECT" => $post_subject, "MESSAGE" => $message, "PROFILE_IMG" => $profile_img, + "PM_IMG" => $pm_img, "EMAIL_IMG" => $email_img, "WWW_IMG" => $www_img, "ICQ_STATUS_IMG" => $icq_status_img,