makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More changes ... admin level now set in phpbb_users rather than via auth system

Browse source 
git-svn-id: file:///svn/phpbb/trunk@397 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-05-31 23:14:15 +00:00
parent eec6b08295
commit 3238631c1f
4 changed files with 86 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

79
phpBB/includes/auth.php
View file

@ -23,6 +23,9 @@
***************************************************************************/ ***************************************************************************/
/* /*
$type's accepted (eventually!):
VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN
Possible options to send to auth (not all are functional yet!): Possible options to send to auth (not all are functional yet!):
* If you include a type then a specific lookup will * If you include a type then a specific lookup will
@ -56,40 +59,40 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
switch($type) switch($type)
{ {
case ALL: case AUTH_ALL:
$a_sql = "auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_votecreate, auth_vote"; $a_sql = "aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote";
$auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote"); $auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote");
break; break;
case VIEW: case AUTH_VIEW:
$a_sql = "auth_view"; $a_sql = "aa.auth_view";
$auth_fields = array("auth_view"); $auth_fields = array("auth_view");
break; break;
case READ: case AUTH_READ:
$a_sql = "auth_read"; $a_sql = "aa.auth_read";
$auth_fields = array("auth_read"); $auth_fields = array("auth_read");
break; break;
case POST: case AUTH_POST:
$a_sql = "auth_post"; $a_sql = "aa.auth_post";
$auth_fields = array("auth_post"); $auth_fields = array("auth_post");
break; break;
case REPLY: case AUTH_REPLY:
$a_sql = "auth_reply"; $a_sql = "aa.auth_reply";
$auth_fields = array("auth_reply"); $auth_fields = array("auth_reply");
break; break;
case EDIT: case AUTH_EDIT:
$a_sql = "auth_edit"; $a_sql = "aa.auth_edit";
$auth_fields = array("auth_edit"); $auth_fields = array("auth_edit");
break; break;
case DELETE: case AUTH_DELETE:
$a_sql = "auth_delete"; $a_sql = "aa.auth_delete";
$auth_fields = array("auth_delete"); $auth_fields = array("auth_delete");
break; break;
case VOTECREATE: case AUTH_VOTECREATE:
$a_sql = "auth_votecreate"; $a_sql = "aa.auth_votecreate";
$auth_fields = array("auth_votecreate"); $auth_fields = array("auth_votecreate");
break; break;
case VOTE: case AUTH_VOTE:
$a_sql = "auth_vote"; $a_sql = "aa.auth_vote";
$auth_fields = array("auth_vote"); $auth_fields = array("auth_vote");
break; break;
default: default:
@ -102,15 +105,15 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// then we need to pull the auth information // then we need to pull the auth information
// on the given forum (or all forums) // on the given forum (or all forums)
// //
if($f_access == -1 || $forum_id == LIST_ALL) if(($f_access == -1 && $type != AUTH_MOD) || $forum_id == AUTH_LIST_ALL)
{ {
$forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : ""; $forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
$sql = "SELECT $a_sql $sql = "SELECT $a_sql
FROM ".AUTH_FORUMS_TABLE." FROM ".AUTH_FORUMS_TABLE." aa
$forum_match_sql"; $forum_match_sql";
$af_result = $db->sql_query($sql); $af_result = $db->sql_query($sql);
if($forum_id != LIST_ALL) if($forum_id != AUTH_LIST_ALL)
{ {
$f_access = $db->sql_fetchrow($af_result); $f_access = $db->sql_fetchrow($af_result);
} }
@ -128,13 +131,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// they're good to go, if not then they // they're good to go, if not then they
// are denied access // are denied access
// //
if(!$userdata['session_logged_in']) if(!$userdata['session_logged_in'] && $type != AUTH_MOD)
{ {
if($forum_id != LIST_ALL) if($forum_id != AUTH_LIST_ALL)
{ {
for($i = 0; $i < count($f_access); $i++) for($i = 0; $i < count($f_access); $i++)
{ {
$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == ALL) ? true : false; $auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? true : false;
} }
} }
else else
@ -144,7 +147,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
{ {
for($j = 0; $j < count($f_access); $j++) for($j = 0; $j < count($f_access); $j++)
{ {
$auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == ALL) ? true : false; $auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == AUTH_ALL) ? true : false;
} }
} }
} }
@ -152,13 +155,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
} }
else else
{ {
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND aa.forum_id = $forum_id" : "";
$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : ""; $sql = "SELECT aa.forum_id, $a_sql, aa.auth_mod, g.single_user, u.user_level
$sql = "SELECT $a_sql, auth_mod, auth_admin, g.single_user FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g, " . USERS_TABLE . " u
FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = ".$userdata['user_id']. " WHERE ug.user_id = ".$userdata['user_id']. "
AND g.group_id = ug.group_id AND g.group_id = ug.group_id
AND aa.group_id = ug.group_id AND aa.group_id = ug.group_id
AND u.user_id = ug.user_id
$forum_match_sql"; $forum_match_sql";
$au_result = $db->sql_query($sql); $au_result = $db->sql_query($sql);
@ -174,7 +177,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// type is either ALL or REG then the user // type is either ALL or REG then the user
// has access // has access
// //
if($value == ALL || $value == REG) if($value == AUTH_ALL || $value == AUTH_REG)
{ {
$auth_user[$key] = true; $auth_user[$key] = true;
} }
@ -209,7 +212,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// //
switch($value) switch($value)
{ {
case ACL: case AUTH_ACL:
for($j = 0; $j < count($u_access); $j++) for($j = 0; $j < count($u_access); $j++)
{ {
if(!$single_user) if(!$single_user)
@ -220,7 +223,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
} }
break; break;
case MOD: case AUTH_MOD:
for($j = 0; $j < count($u_access); $j++) for($j = 0; $j < count($u_access); $j++)
{ {
if(!$single_user) if(!$single_user)
@ -231,12 +234,12 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
} }
break; break;
case ADMIN: case AUTH_ADMIN:
for($j = 0; $j < count($u_access); $j++) for($j = 0; $j < count($u_access); $j++)
{ {
if(!$single_user) if($single_user)
{ {
$auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_admin']; $auth_user[$key] = ($u_access[$j]['group_type'] == ADMIN) ? true : false;
$single_user = $u_access[$j]['single_user']; $single_user = $u_access[$j]['single_user'];
} }
} }
@ -261,9 +264,9 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
$single_user = false; $single_user = false;
for($j = 0; $j < count($u_access); $j++) for($j = 0; $j < count($u_access); $j++)
{ {
if(!$single_user) if($single_user)
{ {
$auth_user['auth_admin'] = $auth_user['auth_admin'] || $u_access[$j]['auth_admin']; $auth_user['auth_admin'] = ($u_access[$j]['group_type'] == ADMIN) ? true : false;
$single_user = $u_access[$j]['single_user']; $single_user = $u_access[$j]['single_user'];
} }
} }

52
phpBB/includes/constants.php
View file

@ -22,27 +22,19 @@
* *
***************************************************************************/ ***************************************************************************/
//
// Constants // Constants
//
// Debug Level // Debug Level
define(DEBUG, 1); // Debugging on define(DEBUG, 1); // Debugging on
//define(DEBUG, 0); // Debugging off //define(DEBUG, 0); // Debugging off
// User Levels // User Levels <- Do not change the values of USER or ADMIN
//define(ADMIN, 4);
//define(SUPERMOD, 3);
//define(MODERATOR, 2);
define(USER, 1);
define(DELETED, -1); define(DELETED, -1);
define(ANONYMOUS, -1); define(ANONYMOUS, -1);
define(USER, 0);
// Forum access levels define(ADMIN, 1);
define(PUBLIC, 1);
define(PRIVATE, 2);
// Forum posting levels
define(ANONALLOWED, 2);
define(REGONLY, 1);
define(MODONLY, 3);
// Topic state // Topic state
define(UNLOCKED, 0); define(UNLOCKED, 0);
@ -86,22 +78,24 @@ define(PAGE_FAQ, -8);
define(PAGE_POSTING, -9); define(PAGE_POSTING, -9);
// Auth settings // Auth settings
define(ALL, 0); define(AUTH_ALL, 0);
define(REG, 1);
define(ACL, 2);
define(MOD, 3);
define(SUPERMOD, 4);
define(ADMIN, 5);
define(VIEW, 0); define(AUTH_REG, 1);
define(READ, 1); define(AUTH_ACL, 2);
define(POST, 2); define(AUTH_MOD, 3);
define(REPLY, 3); define(AUTH_SUPERMOD, 4);
define(EDIT, 4); define(AUTH_ADMIN, 5);
define(DELETE, 5);
define(VOTECREATE, 6); define(AUTH_VIEW, 0);
define(VOTE, 7); define(AUTH_READ, 1);
define(LIST_ALL, 10); define(AUTH_POST, 2);
define(AUTH_REPLY, 3);
define(AUTH_EDIT, 4);
define(AUTH_DELETE, 5);
define(AUTH_VOTECREATE, 6);
define(AUTH_VOTE, 7);
define(AUTH_ATTACH, 8);
define(AUTH_LIST_ALL, 10);
// Table names // Table names
define('BANLIST_TABLE', $table_prefix.'banlist'); define('BANLIST_TABLE', $table_prefix.'banlist');

12
phpBB/viewforum.php
View file

@ -57,11 +57,13 @@ init_userprefs($userdata);
if(isset($forum_id)) if(isset($forum_id))
{ {
$sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.* $sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.*
FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa, ".AUTH_FORUMS_TABLE." fa
WHERE f.forum_id = $forum_id WHERE f.forum_id = $forum_id
AND fa.forum_id = f.forum_id AND fa.forum_id = f.forum_id
AND fm.forum_id = f.forum_id AND aa.auth_mod = 1
AND u.user_id = fm.user_id"; AND aa.forum_id = f.forum_id
AND ug.group_id = aa.group_id
AND u.user_id = ug.user_id";
} }
else else
{ {
@ -88,7 +90,7 @@ if(!$forum_row)
// //
// Start auth check // Start auth check
// //
$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]); $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
if(!$is_auth['auth_read']) if(!$is_auth['auth_read'])
{ {
@ -311,7 +313,7 @@ if($total_topics)
$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>"; $s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>"; $s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : ""; $s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : ""; $s_auth_can .= ($userdata['user_level'] == ADMIN) ? "You are a board admin<br>" : "";
$template->assign_vars(array( $template->assign_vars(array(
"PAGINATION" => generate_pagination("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id&postdays=$post_days", $topics_count, $board_config['topics_per_page'], $start), "PAGINATION" => generate_pagination("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id&postdays=$post_days", $topics_count, $board_config['topics_per_page'], $start),

17
phpBB/viewtopic.php
View file

@ -131,20 +131,21 @@ else
// This is perhaps a bodged(?) way // This is perhaps a bodged(?) way
// of allowing a direct link to a post // of allowing a direct link to a post
// it also allows calculation of which // it also allows calculation of which
// page the post should be on // page the post should be on. This query
// no longer grabs moderator info for this
// forum ... right now that's fine, but
// if needed it can be easily replaced/added
// //
$join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,"; $join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,";
$join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id"; $join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id";
$count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts"; $count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts";
$order_sql = (!isset($post_id)) ? "" : "GROUP BY fa.forum_id, fa.auth_view, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_vote, fa.auth_votecreate, fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read ORDER BY p.post_id ASC"; $order_sql = (!isset($post_id)) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_votecreate, fa.auth_vote ORDER BY p.post_id ASC";
$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.*".$count_sql." $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_votecreate, fa.auth_vote" . $count_sql . "
FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".AUTH_FORUMS_TABLE." fa
WHERE $join_sql WHERE $join_sql
AND f.forum_id = t.forum_id AND f.forum_id = t.forum_id
AND fa.forum_id = f.forum_id AND fa.forum_id = f.forum_id
AND fm.forum_id = t.forum_id
AND u.user_id = fm.user_id
$order_sql"; $order_sql";
// This closes out the opening braces above // This closes out the opening braces above
@ -213,7 +214,7 @@ init_userprefs($userdata);
// //
// Start auth check // Start auth check
// //
$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]); $is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
if(!$is_auth) if(!$is_auth)
{ {
@ -522,7 +523,7 @@ $s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b
$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>"; $s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>"; $s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : ""; $s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : ""; $s_auth_can .= ($userdata['user_level'] == ADMIN) ? "You are a board admin<br>" : "";
$template->assign_vars(array( $template->assign_vars(array(
"PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id", $total_replies, $board_config['posts_per_page'], $start), "PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id", $total_replies, $board_config['posts_per_page'], $start),