makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More internal changes

Browse source 
git-svn-id: file:///svn/phpbb/trunk@409 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-06-02 16:48:22 +00:00
parent 2ee46df51c
commit 4be30f3a82
1 changed files with 239 additions and 170 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

409
phpBB/includes/auth.php
View file

@ -24,7 +24,7 @@
/* /*
$type's accepted (eventually!): $type's accepted (eventually!):
VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE
Possible options to send to auth (not all are functional yet!): Possible options to send to auth (not all are functional yet!):
@ -108,12 +108,30 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
if($f_access == -1) if($f_access == -1)
{ {
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : ""; $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
$sql = "SELECT $a_sql $sql = "SELECT aa.forum_id, $a_sql
FROM ".AUTH_FORUMS_TABLE." aa FROM ".AUTH_FORUMS_TABLE." aa
$forum_match_sql"; $forum_match_sql";
$af_result = $db->sql_query($sql); $af_result = $db->sql_query($sql);
$f_access = $db->sql_fetchrow($af_result); if(!$af_result)
{
error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
}
else
{
if(!$db->sql_numrows($af_result))
{
error_die(GENERAL_ERROR, "No forum access control lists exist!");
}
else
{
$f_access = $db->sql_fetchrowset($af_result);
}
}
}
else
{
} }
// //
@ -123,24 +141,24 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// they're good to go, if not then they // they're good to go, if not then they
// are denied access // are denied access
// //
$auth_user = array();
if(!$userdata['session_logged_in']) if(!$userdata['session_logged_in'])
{ {
$auth_user = array(); for($j = 0; $j < count($auth_fields); $j++)
{
$key = $auth_fields[$j];
if($forum_id != AUTH_LIST_ALL) if($forum_id != AUTH_LIST_ALL)
{
for($i = 0; $i < count($f_access); $i++)
{ {
$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? 1 : 0; $auth_user[$key] = ($f_access[$key] == AUTH_ALL) ? 1 : 0;
} }
} else
else
{
for($i = 0; $i < count($f_access); $i++)
{ {
for($j = 0; $j < count($auth_fields); $j++) for($i = 0; $i < count($f_access); $i++)
{ {
$auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0; $forum_id = $f_access[$i]['forum_id'];
$auth_user[$forum_id][$key] = ($f_access[$i][$key] == AUTH_ALL) ? 1 : 0;
} }
} }
} }
@ -155,190 +173,241 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
AND aa.group_id = ug.group_id AND aa.group_id = ug.group_id
$forum_match_sql"; $forum_match_sql";
$au_result = $db->sql_query($sql); $au_result = $db->sql_query($sql);
$u_access = $db->sql_fetchrowset($au_result); if(!$au_result)
{
error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
}
$num_forums = (is_array($f_access[0])) ? count($f_access) : 1; $num_u_access = $db->sql_numrows($au_result);
if($num_u_access)
{
$u_access = $db->sql_fetchrowset($au_result);
}
$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0; $is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
$auth_user = array(); $auth_user = array();
for($k = 0; $k < $num_forums; $k++)
{
for($i = 0; $i < count($auth_fields); $i++)
{
$key = $auth_fields[$i];
$value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key];
for($i = 0; $i < count($auth_fields); $i++)
{
$key = $auth_fields[$i];
$value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$k][$key];
if(!$num_u_access)
{
// //
// If the user is logged on and the forum // If no rows for this user where
// type is either ALL or REG then the user // returned then auth is only true
// has access // if the key has a value of ALL || REG
// //
if($value == AUTH_ALL || $value == AUTH_REG) if($forum_id != AUTH_LIST_ALL)
{ {
if($forum_id != AUTH_LIST_ALL) $auth_user[$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
{
$auth_user[$key] = 1;
}
else
{
$auth_user[$f_access[$k]['forum_id']][$key] = 1;
}
} }
else else
{ {
// for($k = 0; $k < count($f_access); $k++)
// If the type if ACL, MOD or ADMIN
// then we need to see if the user has
// specific permissions to do whatever it
// is they want to do ... to do this
// we pull relevant information for the user
// (and any groups they belong to)
//
$single_user = 0;
//
// Now we compare the users access level
// against the forums We assume here that
// a moderator and admin automatically have
// access to an ACL forum, similarly we assume
// admins meet an auth requirement of MOD
//
// The access level assigned to a single user
// automatically takes precedence over any
// levels granted by that user being a member
// of a multi-user usergroup, eg. a user
// who is banned from a forum won't gain
// access to it even if they belong to a group
// which has access (and vice versa). This
// check is done via the single_user check
//
// PS : I appologise for the fantastically clear
// and hugely readable code here ;) Simple gist
// is, if this row of auth_access doesn't represent
// a single user then OR the contents of relevant auth_access
// levels against the current level (allows
// maximum group privileges to be assigned). If
// the row does represent a single user then forget
// any previous group results and instead set
// the auth to whatever the OR'd contents of the
// access levels are.
//
switch($value)
{ {
case AUTH_ACL: $f_forum_id = $f_access[$k]['forum_id'];
for($j = 0; $j < count($u_access); $j++) $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
{
if(!$single_user)
{
$single_user = $u_access[$j]['group_single_user'];
$result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = $result;
}
else
{
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
}
}
}
break;
case AUTH_MOD:
for($j = 0; $j < count($u_access); $j++)
{
if(!$single_user)
{
$single_user = $u_access[$j]['group_single_user'];
$auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = $result;
}
else
{
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
}
}
}
break;
case AUTH_ADMIN:
//
// Pretty redundant right now ...
//
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = $is_admin;
}
else
{
$auth_user[$f_access[$k]['forum_id']][$key] = $is_admin;
}
break;
default:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = 0;
}
else
{
$auth_user[$f_access[$k]['forum_id']][$key] = 0;
}
break;
} }
} }
} }
// else
// Is user a moderator?
//
$single_user = 0;
for($j = 0; $j < count($u_access); $j++)
{ {
if(!$single_user) //
// If the user is logged on and the forum type is either
// ALL or REG then the user has access
//
// If the type if ACL, MOD or ADMIN then we need to see
// if the user has specific permissions to do whatever it
// is they want to do ... to do this we pull relevant
// information for the user (and any groups they belong to)
//
// Now we compare the users access level against the forums
// We assume here that a moderator and admin automatically
// have access to an ACL forum, similarly we assume admins
// meet an auth requirement of MOD
//
// The access level assigned to a single user automatically
// takes precedence over any levels granted by that user being
// a member of a multi-user usergroup, eg. a user who is banned
// from a forum won't gain access to it even if they belong to
// a group which has access (and vice versa). This check is
// done via the single_user check
//
// PS : I appologise for the fantastically clear and hugely
// readable code here ;) Simple gist is, if this row of
// auth_access doesn't represent a single user then OR the
// contents of relevant auth_access levels against the current
// level (allows maximum group privileges to be assigned). If
// the row does represent a single user then forget any previous
// group results and instead set the auth to whatever the OR'd
// contents of the access levels are.
//
switch($value)
{ {
$single_user = $u_access[$j]['group_single_user']; case AUTH_ALL:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = 1;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = 1;
}
}
break;
$result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); case AUTH_REG:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = 1;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = 1;
}
}
break;
if($forum_id != AUTH_LIST_ALL) case AUTH_ACL:
{ if($forum_id != AUTH_LIST_ALL)
$auth_user['auth_mod'] = $result; {
} $auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
else }
{ else
$auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result; {
} for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
}
}
break;
case AUTH_MOD:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
}
}
break;
case AUTH_ADMIN:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = $is_admin;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = $is_admin;
}
}
break;
default:
if($forum_id != AUTH_LIST_ALL)
{
$auth_user[$key] = 0;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{
$f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id][$key] = 0;
}
}
break;
} }
} }
}
// //
// Is user an admin (this is // Is user a moderator?
// really redundant at this time) //
// if($forum_id != AUTH_LIST_ALL)
if($forum_id != AUTH_LIST_ALL) {
$auth_user['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
}
else
{
for($k = 0; $k < count($f_access); $k++)
{ {
$auth_user['auth_admin'] = $is_admin; $f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
} }
else }
//
// Is user an admin (this is
// really redundant at this time)
//
if($forum_id != AUTH_LIST_ALL)
{
$auth_user['auth_admin'] = $is_admin;
}
else
{
for($k = 0; $k < count($f_access); $k++)
{ {
$auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin; $f_forum_id = $f_access[$k]['forum_id'];
$auth_user[$f_forum_id]['auth_admin'] = $is_admin;
} }
} }
} }
// return $auth_user;
// This currently only returns 1 or 0
// however it will also return an array if a listing }
// of all forums to which a user has access was requested.
// function auth_check_user($type, $key, $u_access, $is_admin)
{
$single_user = 0;
$auth_user = 0;
for($j = 0; $j < count($u_access); $j++)
{
if(!$single_user)
{
$single_user = $u_access[$j]['group_single_user'];
$result = 0;
switch($type)
{
case AUTH_ACL:
$result = $u_access[$j][$key];
case AUTH_MOD:
$result = $result || $u_access[$j]['auth_mod'];
case AUTH_ADMIN:
$result = $result || $is_admin;
break;
}
$auth_user = (!$single_user) ? ( $auth_user || $result ) : $result;
}
}
return $auth_user; return $auth_user;
} }