More changes ... admin level now set in phpbb_users rather than via auth system

git-svn-id: file:///svn/phpbb/trunk@397 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 06:08:52 +00:00 · 2001-05-31 23:14:15 +00:00 · 2001-05-31 23:14:15 +00:00 · 3238631c1f
commit 3238631c1f
parent eec6b08295
4 changed files with 86 additions and 86 deletions
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@ -23,6 +23,9 @@
 ***************************************************************************/ 
 /*
 	$type's accepted (eventually!):
 	VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN
 	Possible options to send to auth (not all are functional yet!):
 	* If you include a type then a specific lookup will
@ -56,40 +59,40 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 	switch($type)
 	{
-		case ALL:
+		case AUTH_ALL:
-			$a_sql = "auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_votecreate, auth_vote";
+			$a_sql = "aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote";
 			$auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote");
 			break;
-		case VIEW:
+		case AUTH_VIEW:
-			$a_sql = "auth_view";
+			$a_sql = "aa.auth_view";
 			$auth_fields = array("auth_view");
 			break;
-		case READ:
+		case AUTH_READ:
-			$a_sql = "auth_read";
+			$a_sql = "aa.auth_read";
 			$auth_fields = array("auth_read");
 			break;
-		case POST:
+		case AUTH_POST:
-			$a_sql = "auth_post";
+			$a_sql = "aa.auth_post";
 			$auth_fields = array("auth_post");
 			break;
-		case REPLY:
+		case AUTH_REPLY:
-			$a_sql = "auth_reply";
+			$a_sql = "aa.auth_reply";
 			$auth_fields = array("auth_reply");
 			break;
-		case EDIT:
+		case AUTH_EDIT:
-			$a_sql = "auth_edit";
+			$a_sql = "aa.auth_edit";
 			$auth_fields = array("auth_edit");
 			break;
-		case DELETE:
+		case AUTH_DELETE:
-			$a_sql = "auth_delete";
+			$a_sql = "aa.auth_delete";
 			$auth_fields = array("auth_delete");
 			break;
-		case VOTECREATE:
+		case AUTH_VOTECREATE:
-			$a_sql = "auth_votecreate";
+			$a_sql = "aa.auth_votecreate";
 			$auth_fields = array("auth_votecreate");
 			break;
-		case VOTE:
+		case AUTH_VOTE:
-			$a_sql = "auth_vote";
+			$a_sql = "aa.auth_vote";
 			$auth_fields = array("auth_vote");
 			break;
 		default:
@ -102,15 +105,15 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 	// then we need to pull the auth information
 	// on the given forum (or all forums)
 	//
-	if($f_access == -1 || $forum_id == LIST_ALL)
+	if(($f_access == -1 && $type != AUTH_MOD) || $forum_id == AUTH_LIST_ALL)
 	{
-		$forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : "";
+		$forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
 		$sql = "SELECT $a_sql 
-			FROM ".AUTH_FORUMS_TABLE." 
+			FROM ".AUTH_FORUMS_TABLE." aa 
 			$forum_match_sql";
 		$af_result = $db->sql_query($sql);
-		if($forum_id != LIST_ALL)
+		if($forum_id != AUTH_LIST_ALL)
 		{
 			$f_access = $db->sql_fetchrow($af_result);
 		}
@ -128,13 +131,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 	// they're good to go, if not then they
 	// are denied access
 	//
-	if(!$userdata['session_logged_in'])
+	if(!$userdata['session_logged_in'] && $type != AUTH_MOD)
 	{
-		if($forum_id != LIST_ALL)
+		if($forum_id != AUTH_LIST_ALL)
 		{
 			for($i = 0; $i < count($f_access); $i++)
 			{
-				$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == ALL) ? true : false;
+				$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? true : false;
 			}
 		}
 		else
@ -144,7 +147,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 			{
 				for($j = 0; $j < count($f_access); $j++)
 				{
-					$auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == ALL) ? true : false;
+					$auth_user_list[][$auth_fields[$j]] = ($f_access_rows[$i][$auth_fields[$j]] == AUTH_ALL) ? true : false;
 				}
 			}
 		}
@ -152,13 +155,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 	}
 	else 
 	{
-
+		$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND aa.forum_id = $forum_id" : "";
-		$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
+		$sql = "SELECT aa.forum_id, $a_sql, aa.auth_mod, g.single_user, u.user_level  
-		$sql = "SELECT $a_sql, auth_mod, auth_admin, g.single_user 
+			FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g, " . USERS_TABLE . " u 
 			FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g 
 			WHERE ug.user_id = ".$userdata['user_id']. " 
 				AND g.group_id = ug.group_id 
 				AND aa.group_id = ug.group_id 
 				AND u.user_id = ug.user_id 
 				$forum_match_sql";
 		$au_result = $db->sql_query($sql);
@ -174,7 +177,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 			// type is either ALL or REG then the user
 			// has access
 			//
-			if($value == ALL || $value == REG)
+			if($value == AUTH_ALL || $value == AUTH_REG)
 			{
 				$auth_user[$key] = true;
 			}
@ -188,7 +191,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 				// we pull relevant information for the user
 				// (and any groups they belong to)
 				//
-
+	
 				$single_user = false;
 				//
@ -209,7 +212,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 				//
 				switch($value)
 				{
-					case ACL:
+					case AUTH_ACL:
 						for($j = 0; $j < count($u_access); $j++)
 						{
 							if(!$single_user)
@ -219,8 +222,8 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 							}
 						}
 						break;
-			
+		
-					case MOD:
+					case AUTH_MOD:
 						for($j = 0; $j < count($u_access); $j++)
 						{
 							if(!$single_user)
@ -230,13 +233,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 							}
 						}
 						break;
-		
+	
-					case ADMIN:
+					case AUTH_ADMIN:
 						for($j = 0; $j < count($u_access); $j++)
 						{
-							if(!$single_user)
+							if($single_user)
 							{
-								$auth_user[$key] = $auth_user[$key] || $u_access[$j]['auth_admin'];
+								$auth_user[$key] = ($u_access[$j]['group_type'] == ADMIN) ? true : false;
 								$single_user = $u_access[$j]['single_user'];
 							}
 						}
@ -261,9 +264,9 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
 		$single_user = false;
 		for($j = 0; $j < count($u_access); $j++)
 		{
-			if(!$single_user)
+			if($single_user)
 			{
-				$auth_user['auth_admin'] = $auth_user['auth_admin'] || $u_access[$j]['auth_admin'];
+				$auth_user['auth_admin'] = ($u_access[$j]['group_type'] == ADMIN) ? true : false;
 				$single_user = $u_access[$j]['single_user'];
 			}
 		}
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@ -22,27 +22,19 @@
 *
 ***************************************************************************/
 //
 // Constants
 //
 // Debug Level
 define(DEBUG, 1); // Debugging on
 //define(DEBUG, 0); // Debugging off
-// User Levels
+// User Levels <- Do not change the values of USER or ADMIN
 //define(ADMIN, 4);
 //define(SUPERMOD, 3);
 //define(MODERATOR, 2);
 define(USER, 1);
 define(DELETED, -1);
 define(ANONYMOUS, -1);
-
+define(USER, 0);
-// Forum access levels
+define(ADMIN, 1);
 define(PUBLIC, 1);
 define(PRIVATE, 2);
 // Forum posting levels
 define(ANONALLOWED, 2);
 define(REGONLY, 1);
 define(MODONLY, 3);
 // Topic state
 define(UNLOCKED, 0);
@ -86,22 +78,24 @@ define(PAGE_FAQ, -8);
 define(PAGE_POSTING, -9);
 // Auth settings
-define(ALL, 0);
+define(AUTH_ALL, 0);
 define(REG, 1);
 define(ACL, 2);
 define(MOD, 3);
 define(SUPERMOD, 4);
 define(ADMIN, 5);
-define(VIEW, 0);
+define(AUTH_REG, 1);
-define(READ, 1);
+define(AUTH_ACL, 2);
-define(POST, 2);
+define(AUTH_MOD, 3);
-define(REPLY, 3);
+define(AUTH_SUPERMOD, 4);
-define(EDIT, 4);
+define(AUTH_ADMIN, 5);
-define(DELETE, 5);
+
-define(VOTECREATE, 6);
+define(AUTH_VIEW, 0);
-define(VOTE, 7);
+define(AUTH_READ, 1);
-define(LIST_ALL, 10);
+define(AUTH_POST, 2);
 define(AUTH_REPLY, 3);
 define(AUTH_EDIT, 4);
 define(AUTH_DELETE, 5);
 define(AUTH_VOTECREATE, 6);
 define(AUTH_VOTE, 7);
 define(AUTH_ATTACH, 8);
 define(AUTH_LIST_ALL, 10);
 // Table names
 define('BANLIST_TABLE', $table_prefix.'banlist');
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -56,12 +56,14 @@ init_userprefs($userdata);
 //
 if(isset($forum_id))
 {
-	$sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.* 
+	$sql = "SELECT f.forum_name, f.forum_topics, u.username, u.user_id, fa.*   
-		FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa 
+		FROM ".FORUMS_TABLE." f, ".USERS_TABLE." u, ".USER_GROUP_TABLE." ug, ".AUTH_ACCESS_TABLE." aa, ".AUTH_FORUMS_TABLE." fa  
-		WHERE f.forum_id = $forum_id 
+		WHERE f.forum_id = $forum_id
-			AND fa.forum_id = f.forum_id 
+			AND fa.forum_id = f.forum_id
-			AND fm.forum_id = f.forum_id 
+			AND aa.auth_mod = 1 
-			AND u.user_id = fm.user_id";
+			AND aa.forum_id = f.forum_id 
 			AND ug.group_id = aa.group_id 
 			AND u.user_id = ug.user_id";
 }
 else 
 {
@ -88,7 +90,7 @@ if(!$forum_row)
 //
 // Start auth check
 //
-$is_auth = auth(ALL, $forum_id, $userdata, $forum_row[0]);
+$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
 if(!$is_auth['auth_read'])
 {
@ -311,7 +313,7 @@ if($total_topics)
 	$s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
 	$s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
 	$s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
-	$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : "";
+	$s_auth_can .= ($userdata['user_level'] == ADMIN) ? "You are a board admin<br>" : "";
 	$template->assign_vars(array(
 		"PAGINATION" => generate_pagination("viewforum.$phpEx?".POST_FORUM_URL."=$forum_id&postdays=$post_days", $topics_count, $board_config['topics_per_page'], $start),
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -131,20 +131,21 @@ else
 	// This is perhaps a bodged(?) way
 	// of allowing a direct link to a post
 	// it also allows calculation of which
-	// page the post should be on
+	// page the post should be on. This query
 	// no longer grabs moderator info for this
 	// forum ... right now that's fine, but
 	// if needed it can be easily replaced/added
 	//
 	$join_sql_table = (!isset($post_id)) ? "" : "".POSTS_TABLE." p, ".POSTS_TABLE." p2,";
 	$join_sql = (!isset($post_id)) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_id <= $post_id";
 	$count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts";
-	$order_sql = (!isset($post_id)) ? "" : "GROUP BY fa.forum_id, fa.auth_view, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_vote, fa.auth_votecreate, fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read ORDER BY p.post_id ASC";
+	$order_sql = (!isset($post_id)) ? "" : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_votecreate, fa.auth_vote ORDER BY p.post_id ASC";
-	$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, u.username, u.user_id, fa.*".$count_sql." 
+	$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_name, f.forum_id, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_votecreate, fa.auth_vote" . $count_sql . " 
-		FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa  
+		FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".AUTH_FORUMS_TABLE." fa 
 		WHERE $join_sql 
 			AND f.forum_id = t.forum_id 
 			AND fa.forum_id = f.forum_id 
 			AND fm.forum_id = t.forum_id
 			AND u.user_id = fm.user_id 
 			$order_sql";
 // This closes out the opening braces above
@ -213,7 +214,7 @@ init_userprefs($userdata);
 //
 // Start auth check
 //
-$is_auth = auth(ALL,  $forum_id, $userdata, $forum_row[0]);
+$is_auth = auth(AUTH_ALL,  $forum_id, $userdata, $forum_row[0]);
 if(!$is_auth)
 {
@ -522,7 +523,7 @@ $s_auth_can .= "You " . (($is_auth['auth_reply']) ? "<b>can</b>" : "<b>cannot</b
 $s_auth_can .= "You " . (($is_auth['auth_edit']) ? "<b>can</b>" : "<b>cannot</b>") . " edit your posts in this forum<br>";
 $s_auth_can .= "You " . (($is_auth['auth_delete']) ? "<b>can</b>" : "<b>cannot</b>") . " delete your posts in this forum<br>";
 $s_auth_can .= ($is_auth['auth_mod']) ? "You are a moderator of this forum<br>" : "";
-$s_auth_can .= ($is_auth['auth_admin']) ? "You are a board admin<br>" : "";
+$s_auth_can .= ($userdata['user_level'] == ADMIN) ? "You are a board admin<br>" : "";
 $template->assign_vars(array(
 	"PAGINATION" => generate_pagination("viewtopic.$phpEx?".POST_TOPIC_URL."=$topic_id", $total_replies, $board_config['posts_per_page'], $start),