mirror of
https://github.com/phpbb/phpbb.git
synced 2025-06-28 14:18:52 +00:00
More internal changes
git-svn-id: file:///svn/phpbb/trunk@409 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen
parent
2ee46df51c
commit
4be30f3a82
1 changed files with 239 additions and 170 deletions
|
|
@ -24,7 +24,7 @@
|
|||
|
||||
/*
|
||||
$type's accepted (eventually!):
|
||||
VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN
|
||||
VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE
|
||||
|
||||
Possible options to send to auth (not all are functional yet!):
|
||||
|
||||
|
|
@ -108,12 +108,30 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
if($f_access == -1)
|
||||
{
|
||||
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
|
||||
$sql = "SELECT $a_sql
|
||||
$sql = "SELECT aa.forum_id, $a_sql
|
||||
FROM ".AUTH_FORUMS_TABLE." aa
|
||||
$forum_match_sql";
|
||||
$af_result = $db->sql_query($sql);
|
||||
|
||||
$f_access = $db->sql_fetchrow($af_result);
|
||||
if(!$af_result)
|
||||
{
|
||||
error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
|
||||
}
|
||||
else
|
||||
{
|
||||
if(!$db->sql_numrows($af_result))
|
||||
{
|
||||
error_die(GENERAL_ERROR, "No forum access control lists exist!");
|
||||
}
|
||||
else
|
||||
{
|
||||
$f_access = $db->sql_fetchrowset($af_result);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
}
|
||||
|
||||
//
|
||||
|
|
@ -123,24 +141,24 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
// they're good to go, if not then they
|
||||
// are denied access
|
||||
//
|
||||
$auth_user = array();
|
||||
|
||||
if(!$userdata['session_logged_in'])
|
||||
{
|
||||
$auth_user = array();
|
||||
for($j = 0; $j < count($auth_fields); $j++)
|
||||
{
|
||||
$key = $auth_fields[$j];
|
||||
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
for($i = 0; $i < count($f_access); $i++)
|
||||
{
|
||||
$auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? 1 : 0;
|
||||
}
|
||||
$auth_user[$key] = ($f_access[$key] == AUTH_ALL) ? 1 : 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
for($i = 0; $i < count($f_access); $i++)
|
||||
{
|
||||
for($j = 0; $j < count($auth_fields); $j++)
|
||||
{
|
||||
$auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0;
|
||||
$forum_id = $f_access[$i]['forum_id'];
|
||||
$auth_user[$forum_id][$key] = ($f_access[$i][$key] == AUTH_ALL) ? 1 : 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -155,131 +173,152 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
AND aa.group_id = ug.group_id
|
||||
$forum_match_sql";
|
||||
$au_result = $db->sql_query($sql);
|
||||
$u_access = $db->sql_fetchrowset($au_result);
|
||||
if(!$au_result)
|
||||
{
|
||||
error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
|
||||
}
|
||||
|
||||
$num_forums = (is_array($f_access[0])) ? count($f_access) : 1;
|
||||
$num_u_access = $db->sql_numrows($au_result);
|
||||
if($num_u_access)
|
||||
{
|
||||
$u_access = $db->sql_fetchrowset($au_result);
|
||||
}
|
||||
|
||||
$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
|
||||
|
||||
$auth_user = array();
|
||||
for($k = 0; $k < $num_forums; $k++)
|
||||
{
|
||||
|
||||
for($i = 0; $i < count($auth_fields); $i++)
|
||||
{
|
||||
$key = $auth_fields[$i];
|
||||
$value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key];
|
||||
$value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$k][$key];
|
||||
|
||||
//
|
||||
// If the user is logged on and the forum
|
||||
// type is either ALL or REG then the user
|
||||
// has access
|
||||
//
|
||||
if($value == AUTH_ALL || $value == AUTH_REG)
|
||||
if(!$num_u_access)
|
||||
{
|
||||
//
|
||||
// If no rows for this user where
|
||||
// returned then auth is only true
|
||||
// if the key has a value of ALL || REG
|
||||
//
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
|
||||
}
|
||||
else
|
||||
{
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
//
|
||||
// If the user is logged on and the forum type is either
|
||||
// ALL or REG then the user has access
|
||||
//
|
||||
// If the type if ACL, MOD or ADMIN then we need to see
|
||||
// if the user has specific permissions to do whatever it
|
||||
// is they want to do ... to do this we pull relevant
|
||||
// information for the user (and any groups they belong to)
|
||||
//
|
||||
// Now we compare the users access level against the forums
|
||||
// We assume here that a moderator and admin automatically
|
||||
// have access to an ACL forum, similarly we assume admins
|
||||
// meet an auth requirement of MOD
|
||||
//
|
||||
// The access level assigned to a single user automatically
|
||||
// takes precedence over any levels granted by that user being
|
||||
// a member of a multi-user usergroup, eg. a user who is banned
|
||||
// from a forum won't gain access to it even if they belong to
|
||||
// a group which has access (and vice versa). This check is
|
||||
// done via the single_user check
|
||||
//
|
||||
// PS : I appologise for the fantastically clear and hugely
|
||||
// readable code here ;) Simple gist is, if this row of
|
||||
// auth_access doesn't represent a single user then OR the
|
||||
// contents of relevant auth_access levels against the current
|
||||
// level (allows maximum group privileges to be assigned). If
|
||||
// the row does represent a single user then forget any previous
|
||||
// group results and instead set the auth to whatever the OR'd
|
||||
// contents of the access levels are.
|
||||
//
|
||||
|
||||
switch($value)
|
||||
{
|
||||
case AUTH_ALL:
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']][$key] = 1;
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = 1;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
//
|
||||
// If the type if ACL, MOD or ADMIN
|
||||
// then we need to see if the user has
|
||||
// specific permissions to do whatever it
|
||||
// is they want to do ... to do this
|
||||
// we pull relevant information for the user
|
||||
// (and any groups they belong to)
|
||||
//
|
||||
|
||||
$single_user = 0;
|
||||
|
||||
//
|
||||
// Now we compare the users access level
|
||||
// against the forums We assume here that
|
||||
// a moderator and admin automatically have
|
||||
// access to an ACL forum, similarly we assume
|
||||
// admins meet an auth requirement of MOD
|
||||
//
|
||||
// The access level assigned to a single user
|
||||
// automatically takes precedence over any
|
||||
// levels granted by that user being a member
|
||||
// of a multi-user usergroup, eg. a user
|
||||
// who is banned from a forum won't gain
|
||||
// access to it even if they belong to a group
|
||||
// which has access (and vice versa). This
|
||||
// check is done via the single_user check
|
||||
//
|
||||
// PS : I appologise for the fantastically clear
|
||||
// and hugely readable code here ;) Simple gist
|
||||
// is, if this row of auth_access doesn't represent
|
||||
// a single user then OR the contents of relevant auth_access
|
||||
// levels against the current level (allows
|
||||
// maximum group privileges to be assigned). If
|
||||
// the row does represent a single user then forget
|
||||
// any previous group results and instead set
|
||||
// the auth to whatever the OR'd contents of the
|
||||
// access levels are.
|
||||
//
|
||||
switch($value)
|
||||
{
|
||||
case AUTH_ACL:
|
||||
for($j = 0; $j < count($u_access); $j++)
|
||||
{
|
||||
if(!$single_user)
|
||||
{
|
||||
$single_user = $u_access[$j]['group_single_user'];
|
||||
|
||||
$result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
|
||||
break;
|
||||
|
||||
case AUTH_REG:
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = $result;
|
||||
$auth_user[$key] = 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = 1;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case AUTH_ACL:
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
|
||||
}
|
||||
else
|
||||
{
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case AUTH_MOD:
|
||||
for($j = 0; $j < count($u_access); $j++)
|
||||
{
|
||||
if(!$single_user)
|
||||
{
|
||||
$single_user = $u_access[$j]['group_single_user'];
|
||||
|
||||
$auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
|
||||
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = $result;
|
||||
$auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
|
||||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']][$key] = $result;
|
||||
}
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
case AUTH_ADMIN:
|
||||
//
|
||||
// Pretty redundant right now ...
|
||||
//
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user[$key] = $is_admin;
|
||||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']][$key] = $is_admin;
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = $is_admin;
|
||||
}
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
@ -290,7 +329,11 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']][$key] = 0;
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id][$key] = 0;
|
||||
}
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
@ -299,23 +342,16 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
//
|
||||
// Is user a moderator?
|
||||
//
|
||||
$single_user = 0;
|
||||
for($j = 0; $j < count($u_access); $j++)
|
||||
{
|
||||
if(!$single_user)
|
||||
{
|
||||
$single_user = $u_access[$j]['group_single_user'];
|
||||
|
||||
$result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
|
||||
|
||||
if($forum_id != AUTH_LIST_ALL)
|
||||
{
|
||||
$auth_user['auth_mod'] = $result;
|
||||
$auth_user['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
|
||||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result;
|
||||
}
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -329,16 +365,49 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
|
|||
}
|
||||
else
|
||||
{
|
||||
$auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin;
|
||||
for($k = 0; $k < count($f_access); $k++)
|
||||
{
|
||||
$f_forum_id = $f_access[$k]['forum_id'];
|
||||
$auth_user[$f_forum_id]['auth_admin'] = $is_admin;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//
|
||||
// This currently only returns 1 or 0
|
||||
// however it will also return an array if a listing
|
||||
// of all forums to which a user has access was requested.
|
||||
//
|
||||
return $auth_user;
|
||||
|
||||
}
|
||||
|
||||
function auth_check_user($type, $key, $u_access, $is_admin)
|
||||
{
|
||||
|
||||
$single_user = 0;
|
||||
$auth_user = 0;
|
||||
|
||||
for($j = 0; $j < count($u_access); $j++)
|
||||
{
|
||||
if(!$single_user)
|
||||
{
|
||||
$single_user = $u_access[$j]['group_single_user'];
|
||||
|
||||
$result = 0;
|
||||
switch($type)
|
||||
{
|
||||
case AUTH_ACL:
|
||||
$result = $u_access[$j][$key];
|
||||
|
||||
case AUTH_MOD:
|
||||
$result = $result || $u_access[$j]['auth_mod'];
|
||||
|
||||
case AUTH_ADMIN:
|
||||
$result = $result || $is_admin;
|
||||
break;
|
||||
}
|
||||
|
||||
$auth_user = (!$single_user) ? ( $auth_user || $result ) : $result;
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
return $auth_user;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue