Auth Stage-1 goes in

git-svn-id: file:///svn/phpbb/trunk@377 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-28 22:28:51 +00:00 · 2001-05-30 20:21:42 +00:00 · 2001-05-30 20:21:42 +00:00 · 53c41d08d1
commit 53c41d08d1
parent 7401fc7d07
5 changed files with 304 additions and 86 deletions
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@ -23,71 +23,172 @@
 ***************************************************************************/ 
 /* Notes:
 * auth() is going to become a very complex function and can take in a LARGE number of arguments. 
 * The currently included argements should be enough to handle any situation, however, if you need access to another
 * the best option would be to create a global variable and access it that way if you can.
 * 
 * auth() returns: 
 * TRUE if the user authorized
 * FALSE if the user is not
 */
-function auth($type, $id = "", $user_ip = "")
+function auth($type, $forum_id, $userdata, $f_access = -1)
 {
-	global $db, $userdata;
+	global $db;
 	//
 	// If not logged on all we
 	// need do is find out
 	// if $forum_id has ANY 
 	// auth for $type
 	//
 	// If logged on we want to
 	// find out if $forum_id has
 	// ALL, REG, ACL, MOD or ADMIN
 	// for $type
 	//
 	switch($type)
 	{
-	// Empty for the moment.
+		case VIEW:
 			$a_sql = "auth_view";
 			break;
 		case READ:
 			$a_sql = "auth_read";
 			break;
 		case POST:
 			$a_sql = "auth_post";
 			break;
 		case REPLY:
 			$a_sql = "auth_reply";
 			break;
 		case EDIT:
 			$a_sql = "auth_edit";
 			break;
 		case DELETE:
 			$a_sql = "auth_delete";
 			break;
 		case VOTECREATE:
 			$a_sql = "auth_votecreate";
 			break;
 		case VOTE:
 			$a_sql = "auth_vote";
 			break;
 		default:
 			break;
 	}
 }
-
+	if($f_access == -1 || $forum_id == LIST_ALL)
 /*
 * The following functions are used for getting user information. They are not related directly to auth()
 */
 function get_userdata_from_id($userid) 
 {
 	global $db;
 	$sql = "SELECT * FROM ".USERS_TABLE." WHERE user_id = $userid";
 	if(!$result = $db->sql_query($sql)) 
 	{
-		$userdata = array("error" => "1");
+		$forum_match_sql = ($forum_id != LIST_ALL) ? "" : "WHERE forum_id = $forum_id";
-		return ($userdata);
+		$sql = "SELECT $a_sql AS forum_auth 
 			FROM ".AUTH_FORUMS_TABLE." 
 			$forum_match_sql";
 		$af_result = $db->sql_query($sql);
 		if($forum_id != LIST_ALL)
 		{
 			$f_access = $db->sql_fetchfield("forum_auth", -1, $af_result);
 		}
 		else
 		{
 			$f_access_rows = $db->sql_fetchrowset($af_result);
 		}
 	}
-	if($db->sql_numrows($result))
+
 	if(!$userdata['session_logged_in'])
 	{
-		$myrow = $db->sql_fetchrowset($result);
+		if($forum_id != LIST_ALL)
-		return($myrow[0]);
+		{
 			$auth_user = ($f_access == ALL) ? true : false;
 		}
 		else
 		{
 			$auth_user_list = array();
 			for($i = 0; $i < count($auth_forum_rows); $i++)
 			{
 				$auth_user_list[] = ($f_access_rows['0']['forum_auth'] == ALL) ? true : false;
 			}
 		}
 	}
 	else 
 	{
-		$userdata = array("error" => "1");
+		if($f_access == ALL || $f_access == REG)
-		return ($userdata);
+		{
-	}
+			$auth_user = true;
-}
+		}
 		else
 		{
 			$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
 			$sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user 
 				FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g 
 				WHERE ug.user_id = ".$userdata['user_id']. " 
 					AND g.group_id = ug.group_id 
 					AND aa.group_id = ug.group_id 
 					$forum_match_sql";
 			$au_result = $db->sql_query($sql);
-function get_userdata($username) {
+			if(!$db->sql_numrows($au_result))
 			{
 				//
 				// No entry was found
 				// for this forum and user
 				// thus they don't have
 				// access
 				//
 				$auth_user = false;
 			}
 			else
 			{
 				$u_access = $db->sql_fetchrowset($au_result);
 			}
-	global $db;
+			$single_user = false;
-	$sql = "SELECT * FROM ".USERS_TABLE." WHERE username = '$username' AND user_level != ".DELETED;
+//			echo "<br><BR>".$f_access."<BR>".ADMIN."<BR>";
-	if(!$result = $db->sql_query($sql))
+			switch($f_access)
-	{
+			{
-		$userdata = array("error" => "1");
+				case ACL:
 //					echo "HERE1";
 					for($i = 0; $i < count($u_access); $i++)
 					{
 						if(!$single_user)
 						{
 							$auth_user = $auth_user || $u_access[$i]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
 							$single_user = $u_access[$i]['single_user'];
 						}
 					}
 					break;
 				case MOD:
 //					echo "HERE2";
 					for($i = 0; $i < count($u_access); $i++)
 					{
 						if(!$single_user)
 						{
 							$auth_user = $auth_user || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
 							$single_user = $u_access[$i]['single_user'];
 						}
 					}
 					break;
 				case ADMIN:
 //					echo "HERE3";
 					for($i = 0; $i < count($u_access); $i++)
 					{
 						if(!$single_user)
 						{
 							$auth_user = $auth_user || $u_access[$i]['auth_admin'];
 							$single_user = $u_access[$i]['single_user'];
 						}
 					}
 					break;
 				default:
 //					echo "HERE4";
 					$auth_user = false;
 					break;
 			}
 		}
 	}
-	if($db->sql_numrows($result))
+	return ( ($forum_id != LIST_ALL) ? $auth_user : $auth_user_list );
 	{
 		$myrow = $db->sql_fetchrowset($result);
 		return($myrow[0]);
 	}
 	else
 	{
 		$userdata = array("error" => "1");
 		return ($userdata);
 	}
 }
 ?>
--- a/phpBB/includes/constants.php
+++ b/phpBB/includes/constants.php
@ -28,9 +28,9 @@ define(DEBUG, 1); // Debugging on
 //define(DEBUG, 0); // Debugging off
 // User Levels
-define(ADMIN, 4);
+//define(ADMIN, 4);
-define(SUPERMOD, 3);
+//define(SUPERMOD, 3);
-define(MODERATOR, 2);
+//define(MODERATOR, 2);
 define(USER, 1);
 define(DELETED, -1);
 define(ANONYMOUS, -1);
@ -85,6 +85,25 @@ define(PAGE_VIEWMEMBERS, -7);
 define(PAGE_FAQ, -8);
 define(PAGE_POSTING, -9);
 // Auth settings
 define(ALL, 0);
 define(REG, 1);
 define(ACL, 2);
 define(MOD, 3);
 define(SUPERMOD, 4);
 define(ADMIN, 5);
 define(VIEW, 0);
 define(READ, 1);
 define(POST, 2);
 define(REPLY, 3);
 define(EDIT, 4);
 define(DELETE, 5);
 define(VOTECREATE, 6);
 define(VOTE, 7);
 define(LIST_ALL, 10);
 // Table names
 define('BANLIST_TABLE', $table_prefix.'banlist');
 define('CATEGORIES_TABLE', $table_prefix.'categories');
 define('CONFIG_TABLE', $table_prefix.'config');
@ -101,6 +120,10 @@ define('SESSIONS_KEY_TABLE', $table_prefix.'session_keys');
 define('THEMES_TABLE', $table_prefix.'themes');
 define('TOPICS_TABLE', $table_prefix.'topics');
 define('USERS_TABLE', $table_prefix.'users');
 define('GROUPS_TABLE', $table_prefix.'groups');
 define('USER_GROUP_TABLE', $table_prefix.'user_group');
 define('WORDS_TABLE', $table_prefix.'words');
 define('AUTH_ACCESS_TABLE', $table_prefix.'auth_access');
 define('AUTH_FORUMS_TABLE', $table_prefix.'auth_forums');
 ?>
--- a/phpBB/includes/functions.php
+++ b/phpBB/includes/functions.php
@ -77,6 +77,54 @@ function get_db_stat($mode)
 	}
 }
 function get_userdata_from_id($userid) 
 {
 	global $db;
 	$sql = "SELECT * 
 		FROM ".USERS_TABLE." 
 		WHERE user_id = $userid";
 	if(!$result = $db->sql_query($sql)) 
 	{
 		$userdata = array("error" => "1");
 		return ($userdata);
 	}
 	if($db->sql_numrows($result))
 	{
 		$myrow = $db->sql_fetchrowset($result);
 		return($myrow[0]);
 	}
 	else
 	{
 		$userdata = array("error" => "1");
 		return ($userdata);
 	}
 }
 function get_userdata($username) {
 	global $db;
 	$sql = "SELECT * 
 		FROM ".USERS_TABLE." 
 		WHERE username = '$username' 
 			AND user_level != ".DELETED;
 	if(!$result = $db->sql_query($sql))
 	{
 		$userdata = array("error" => "1");
 	}
 	if($db->sql_numrows($result))
 	{
 		$myrow = $db->sql_fetchrowset($result);
 		return($myrow[0]);
 	}
 	else
 	{
 		$userdata = array("error" => "1");
 		return ($userdata);
 	}
 }
 function make_jumpbox()
 {
@ -245,13 +293,16 @@ function generate_activation_key()
 	return($act_key_md);
 }
 function encode_ip($dotquad_ip)
 {
 	$ip_sep = explode(".", $dotquad_ip);
 	return (sprintf("%02x%02x%02x%02x", $ip_sep[0], $ip_sep[1], $ip_sep[2], $ip_sep[3]));
-	//return (( $ip_sep[0] * 0xFFFFFF + $ip_sep[0] ) + ( $ip_sep[1] *   0xFFFF + $ip_sep[1] ) + ( $ip_sep[2] *     0xFF + $ip_sep[2] ) + ( $ip_sep[3] ) );
+//	$ip_p = (!empty($dotquad_proxy_ip)) ? explode(".", $dotquad_proxy_ip) : explode(".", "0.0.0.0");
 //	return (sprintf("%03d.%03d.%03d.%03d:%03d.%03d.%03d.%03d", $ip[0], $ip[1], $ip[2], $ip[3], $ip_p[0], $ip_p[1], $ip_p[2], $ip_p[3]));
 //	return (( $ip_sep[0] * 0xFFFFFF + $ip_sep[0] ) + ( $ip_sep[1] *   0xFFFF + $ip_sep[1] ) + ( $ip_sep[2] *     0xFF + $ip_sep[2] ) + ( $ip_sep[3] ) );
 }
 function decode_ip($int_ip)
@ -259,8 +310,8 @@ function decode_ip($int_ip)
 	$hexipbang = explode(".",chunk_split($int_ip, 2, "."));
 	return hexdec($hexipbang[0]).".".hexdec($hexipbang[1]).".".hexdec($hexipbang[2]).".".hexdec($hexipbang[3]);
-	//return sprintf( "%d.%d.%d.%d", ( ( $int_ip >> 24 ) & 0xFF ), ( ( $int_ip >> 16 ) & 0xFF ), ( ( $int_ip >>  8 ) & 0xFF ), ( ( $int_ip       ) & 0xFF ) );
+//	list($ip['remote'], $ip['forwarded']) = explode(":", $c_ip);
-
+//	return sprintf( "%d.%d.%d.%d", ( ( $int_ip >> 24 ) & 0xFF ), ( ( $int_ip >> 16 ) & 0xFF ), ( ( $int_ip >>  8 ) & 0xFF ), ( ( $int_ip       ) & 0xFF ) );
 }
 //
@ -345,11 +396,11 @@ function generate_pagination($base_url, $num_items, $per_page, $start_item, $add
 	{
 		if($on_page > 1)
 		{
-			$page_string = "<a href=\"".append_sid($base_url."&start=".(($on_page-2) * $per_page))."\">Previous</a> : " . $page_string;
+			$page_string = " <a href=\"".append_sid($base_url."&start=".(($on_page-2) * $per_page))."\">Previous</a>&nbsp;&nbsp;" . $page_string;
 		}
 		if($on_page < $total_pages)
 		{
-			$page_string .= " : <a href=\"".append_sid($base_url."&start=".($on_page * $per_page))."\">Next</a>";
+			$page_string .= "&nbsp;&nbsp;<a href=\"".append_sid($base_url."&start=".($on_page * $per_page))."\">Next</a>";
 		}
 	}
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@ -56,10 +56,11 @@ init_userprefs($userdata);
 //
 if(isset($forum_id))
 {
-	$sql = "SELECT f.forum_type, f.forum_name, f.forum_topics, u.username, u.user_id
+	$sql = "SELECT f.forum_type, f.forum_name, f.forum_topics, u.username, u.user_id, fa.* 
-		FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u
+		FROM ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa 
 		WHERE f.forum_id = $forum_id 
-			AND fm.forum_id = $forum_id
+			AND fa.forum_id = f.forum_id 
 			AND fm.forum_id = f.forum_id 
 			AND u.user_id = fm.user_id";
 }
 else 
@ -78,22 +79,41 @@ if(!$total_rows = $db->sql_numrows($result))
   error_die(GENERAL_ERROR, "The forum you selected does not exist. Please go back and try again.");
 }
 //
 // Start auth check
 //
 //
 // End of auth check
 //
 $forum_row = $db->sql_fetchrowset($result);
 if(!$forum_row)
 {
 	error_die(SQL_QUERY, "Couldn't obtain rowset.", __LINE__, __FILE__);
 }
 //
 // Start auth check
 //
 $is_auth = auth(READ, $forum_id, $userdata, $forum_row['0']['auth_read']);
 if(!$is_auth)
 {
 	//
 	// Ooopss, user is not authed
 	// to read this forum ...
 	//
 	include('includes/page_header.'.$phpEx);
 	$msg = "I am sorry but you are not currently authorised to read this forum. You could try logging on and trying again. If you are logged on then this is a private forum for which you have not been granted access.";
 	$template->set_filenames(array(
 		"reg_header" => "error_body.tpl"
 	));
 	$template->assign_vars(array(
 		"ERROR_MESSAGE" => $msg
 	));
 	$template->pparse("reg_header");
 	include('includes/page_tail.'.$phpEx);
 }
 //
 // End of auth check
 //
 $forum_name = stripslashes($forum_row[0]['forum_name']);
 if(empty($HTTP_POST_VARS['postdays']))
 {
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@ -138,10 +138,11 @@ else
 	$count_sql = (!isset($post_id)) ? "" : ", COUNT(p2.post_id) AS prev_posts";
 	$order_sql = (!isset($post_id)) ? "" : "GROUP BY fm.user_id, p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id ORDER BY p.post_id ASC";
-	$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id".$count_sql." 
+	$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, f.forum_type, f.forum_name, f.forum_id, u.username, u.user_id, fa.auth_read".$count_sql." 
-		FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u
+		FROM $join_sql_table ".TOPICS_TABLE." t, ".FORUMS_TABLE." f, ".FORUM_MODS_TABLE." fm, ".USERS_TABLE." u, ".AUTH_FORUMS_TABLE." fa  
 		WHERE $join_sql 
 			AND f.forum_id = t.forum_id 
 			AND fa.forum_id = f.forum_id 
 			AND fm.forum_id = t.forum_id
 			AND u.user_id = fm.user_id 
 			$order_sql";
@ -209,6 +210,36 @@ init_userprefs($userdata);
 // End session management
 //
 //
 // Start auth check
 //
 $is_auth = auth(READ, $forum_id, $userdata, $forum_row[0]['auth_read']);
 if(!$is_auth)
 {
 	//
 	// Ooopss, user is not authed
 	// to read this forum ...
 	//
 	include('includes/page_header.'.$phpEx);
 	$msg = "I am sorry but you are not currently authorised to read this forum. You could try logging on and trying again. If you are logged on then this is a private forum for which you have not been granted access.";
 	$template->set_filenames(array(
 		"reg_header" => "error_body.tpl"
 	));
 	$template->assign_vars(array(
 		"ERROR_MESSAGE" => $msg
 	));
 	$template->pparse("reg_header");
 	include('includes/page_tail.'.$phpEx);
 }
 //
 // End auth check
 // 
 for($x = 0; $x < $total_rows; $x++)
 {
 	$moderators[] = array("user_id" => $forum_row[$x]['user_id'],
@ -219,14 +250,6 @@ for($x = 0; $x < $total_rows; $x++)
 	}
 }
 //
 // Start auth check
 //
 //
 // End auth check
 // 
 //
 // Get next and previous topic_id's
 //