diff --git a/phpBB/admin/userauth.php b/phpBB/admin/userauth.php index ffd92d7e42..529e49e7d7 100644 --- a/phpBB/admin/userauth.php +++ b/phpBB/admin/userauth.php @@ -8,8 +8,8 @@ include('common.'.$phpEx); // // Start session management // -//$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length); -//init_userprefs($userdata); +$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length); +init_userprefs($userdata); // // End session management // @@ -21,178 +21,80 @@ $auth_field_match = array( "auth_reply" => AUTH_REPLY, "auth_edit" => AUTH_EDIT, "auth_delete" => AUTH_DELETE, + "auth_sticky" => AUTH_STICKY, + "auth_announce" => AUTH_ANNOUNCE, "auth_vote" => AUTH_VOTE, "auth_votecreate" => AUTH_VOTECREATE, "auth_attachments" => AUTH_ATTACH ); -$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote", "auth_attachments"); +$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_votecreate", "auth_vote", "auth_attachments"); - -?> - - - -phpBB - auth testing - - - - -

User Authorisation Control

- -sql_query($sql); - $forum_fields = $db->sql_fetchrow($f_result); - - $sql = "SELECT aa.*, g.group_name, u.user_id, u.username, u.user_level, f.forum_name - FROM ".AUTH_ACCESS_TABLE." aa, ".GROUPS_TABLE." g, ".USER_GROUP_TABLE." ug, ".USERS_TABLE." u, ".FORUMS_TABLE." f - WHERE f.forum_id = $forum_id - AND aa.forum_id = f.forum_id - AND ug.group_id = aa.group_id - AND g.group_id = ug.group_id - AND u.user_id = ug.user_id - ORDER BY u.user_id, aa.group_id"; - $aa_result = $db->sql_query($sql); - $user_list = $db->sql_fetchrowset($aa_result); - - - for($i = 0; $i < count($user_list); $i++) - { - $user_id = $user_list[$i]['user_id']; - $userinfo[$user_id]['username'] = $user_list[$i]['username']; - - $is_admin = ($user_list[$i]['user_level'] == ADMIN) ? 1 : 0; - - for($j = 0; $j < count($forum_field_name); $j++) - { - $this_field = $forum_field_name[$j]; - $is_auth[$this_field][$user_id] = auth_check_user($forum_fields[$this_field], $this_field, $user_list[$i], $is_admin); - } - } - - - echo "

Forum: ".$forum_fields['forum_name']."

\n"; - -?> -
- - - - -\n"; - - echo "\t\t\n"; - - reset($is_auth); - $user_auth_ary = $is_auth[$forum_field_name[$i]]; - - if($forum_fields[$forum_field_name[$i]] == AUTH_ALL || $forum_fields[$forum_field_name[$i]] == AUTH_REG) - { - if($forum_fields[$forum_field_name[$i]] == AUTH_ALL) - { - echo "\t\t"; - } - else - { - echo "\t\t"; - } - } - else - { - echo "\t\t\n"; - } - - echo "\t\n"; - - } - -?> -
Forum Auth FieldUsers with Access
" . $forum_field_name[$i] . " All Users  Registered Users      
-set_filenames(array( + "body" => "admin/userauth_body.tpl")); + $user_id = $HTTP_GET_VARS[POST_USERS_URL]; -/* $sql = "SELECT * - FROM " . FORUMS_TABLE;*/ - $sql = "SELECT f.forum_id, f.forum_name, fa.* + $sql = "SELECT f.forum_id, f.forum_name, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_announce, fa.auth_sticky, fa.auth_votecreate, fa.auth_vote, fa.auth_attachments FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa WHERE fa.forum_id = f.forum_id"; - $af_result = $db->sql_query($sql); - $f_access = $db->sql_fetchrowset($af_result); + $fa_result = $db->sql_query($sql); + $forum_access = $db->sql_fetchrowset($fa_result); - $sql = "SELECT user_id, username, user_level - FROM " . USERS_TABLE . " - WHERE user_id = $user_id"; + for($i = 0; $i < count($forum_access); $i++) + { + while(list($forum_id, $forum_row) = each($forum_access)) + { + for($j = 0; $j < count($forum_auth_fields); $j++) + { + $basic_auth_level[$forum_row['forum_id']] = "public"; + if($forum_row[$forum_auth_fields[$j]] == AUTH_ACL) + { + $basic_auth_level[$forum_row['forum_id']] = "private"; + $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j]; + } + } + if($forum_row['auth_view'] == AUTH_MOD || $forum_row['auth_read'] == AUTH_MOD || $forum_row['auth_post'] == AUTH_MOD || $forum_row['auth_reply'] == AUTH_MOD) + { + $basic_auth_level[$forum_row['forum_id']] = "moderate"; + } + if($forum_row['auth_view'] == AUTH_ADMIN || $forum_row['auth_read'] == AUTH_ADMIN || $forum_row['auth_post'] == AUTH_ADMIN || $forum_row['auth_reply'] == AUTH_ADMIN) + { + $basic_auth_level[$forum_row['forum_id']] = "admin"; + } + } + } + + $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user + FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug + WHERE u.user_id = $user_id + AND ug.user_id = u.user_id + AND g.group_id = ug.group_id"; $u_result = $db->sql_query($sql); - $userinf = $db->sql_fetchrow($u_result); + $userinf = $db->sql_fetchrowset($u_result); $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id - AND aa.group_id = ug.group_id"; + AND aa.group_id = ug.group_id + AND g.group_single_user = 1"; $au_result = $db->sql_query($sql); $num_u_access = $db->sql_numrows($au_result); @@ -201,11 +103,11 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL])) $u_access = $db->sql_fetchrowset($au_result); } - $is_admin = ($userinf['user_level'] == ADMIN) ? 1 : 0; + $is_admin = ($userinf[0]['user_level'] == ADMIN) ? 1 : 0; - for($i = 0; $i < count($f_access); $i++) + for($i = 0; $i < count($forum_access); $i++) { - $f_forum_id = $f_access[$i]['forum_id']; + $f_forum_id = $forum_access[$i]['forum_id']; $is_forum_restricted[$f_forum_id] = 0; for($j = 0; $j < count($forum_auth_fields); $j++) @@ -213,192 +115,213 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL])) $key = $forum_auth_fields[$j]; $value = $f_access[$i][$key]; - if($user_id == ANONYMOUS) + switch($value) { - $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL) ? 1 : 0; - if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN) - { - $is_forum_restricted[$f_forum_id] = 1; - } - } - else if(!$num_u_access) - { - $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0; - if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN) - { - $is_forum_restricted[$f_forum_id] = 1; - } - } - else - { - switch($value) - { - case AUTH_ALL: - $auth_user[$f_forum_id][$key] = 1; - break; + case AUTH_ALL: + $auth_user[$f_forum_id][$key] = 1; + break; - case AUTH_REG: - $auth_user[$f_forum_id][$key] = 1; - break; + case AUTH_REG: + $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? 1 : 0; + break; - case AUTH_ACL: - $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); - $is_forum_restricted[$f_forum_id] = 1; - break; + case AUTH_ACL: + $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; + break; - case AUTH_MOD: - $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_MOD, $key, $u_access, $is_admin); - $is_forum_restricted[$f_forum_id] = 1; - break; + case AUTH_MOD: + $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0; + break; - case AUTH_ADMIN: - $auth_user[$f_forum_id][$key] = $is_admin; - $is_forum_restricted[$f_forum_id] = 1; - break; + case AUTH_ADMIN: + $auth_user[$f_forum_id][$key] = $is_admin; + break; - default: - $auth_user[$f_forum_id][$key] = 0; - break; - } + default: + $auth_user[$f_forum_id][$key] = 0; + break; } } // // Is user a moderator? // - $auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin); + $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; } -?> - -

Administrator" : "a User"; + + for($i = 0; $i < count($userinf); $i++) + { + if(!$userinf[$i]['group_single_user']) + { + $group_name[] = $userinf[$i]['group_name']; + $group_id[] = $userinf[$i]['group_name']; + } + } + + if(count($group_name)) + { + $t_usergroup_list = "belongs to the following groups; "; + for($i = 0; $i < count($userinf); $i++) + { + $t_usergroup_list .= $group_name[$i]; + if($i < count($group_name) - 1) + { + $t_usergroup_list .= ", "; + } + } } else { - echo "a User"; + $t_usergroup_list = "belongs to no usergroups."; } - -?>

- -

Restricted forums

- -
- - -".preg_replace("/auth_/", "", $forum_auth_fields[$j])."\n"; - } - echo "\t\n"; - - echo "\n"; $i = 0; - while(list($forumkey, $user_ary) = each($auth_user)) + if($adv == -1) { - if($is_forum_restricted[$forumkey]) + while(list($forumkey, $user_ary) = each($auth_user)) + { + if($basic_auth_level[$forumkey] == "private") + { + $allowed = 1; + for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++) + { + if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]]) + { + $allowed = 0; + } + } + $optionlist_grant = ""; + } + else + { + $optionlist_grant = ""; + } + if($user_ary['auth_mod']) + { + $optionlist_mod = ""; + } + else + { + $optionlist_mod = ""; + } + switch($basic_auth_level[$forumkey]) + { + case 'public': + $row_class = "authall"; + break; + case 'private': + $row_class = "authacl"; + break; + case 'moderate': + $row_class = "authmod"; + break; + case 'admin': + $row_class = "authadmin"; + break; + default: + $row_class = "authall"; + break; + } + + $template->assign_block_vars("restrictedforums", array( + "ROW_CLASS" => $row_class, + "FORUM_NAME" => $forum_access[$i]['forum_name'], + + "SELECT_GRANT_LIST" => "$optionlist_grant", + "SELECT_MOD_LIST" => "") + ); + $i++; + } + } + else + { + while(list($forumkey, $user_ary) = each($auth_user)) { echo "\n"; - echo "\t\n"; + echo "\t\n"; while(list($fieldkey, $value) = each($user_ary)) { $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No"; echo "\t\n"; } echo "\n"; + $i++; } - $i++; } reset($auth_user); -?> -
Forum NameModerator
".$f_access[$i]['forum_name']."" . $f_access[$i]['forum_name'] . "$can_they
-

Forums with general (public or registered) access

+ $template->assign_vars(array( + "USERNAME" => $t_username, + "USERTYPE" => $t_usertype, + + "USER_GROUP_LIST" => $t_usergroup_list) + ); -

The following forums are set to be generally accessible to most users, either everyone or just registered users. To limit these forums (or certain fields) to specific users you need to change the forum authorisation type via the Forum Authorisation Admin panel.

+ $template->pparse("body"); -
- - -".preg_replace("/auth_/", "", $forum_auth_fields[$j])."\n"; - } - echo "\t\n"; - - echo "\n"; - - $i = 0; - while(list($forumkey, $user_ary) = each($auth_user)) - { - if(!$is_forum_restricted[$forumkey]) - { - echo "\n"; - echo "\t\n"; - while(list($fieldkey, $value) = each($user_ary)) - { - $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No"; - echo "\t\n"; - } - echo "\n"; - } - $i++; - } - reset($auth_user); - -?> -
Forum NameModerator
".$f_access[$i]['forum_name']."$can_they
- -sql_query($sql); $user_list = $db->sql_fetchrowset($u_result); -?> -
- - - - - - -
Select a User
"; -?>   
-set_filenames(array( + "body" => "admin/userauth_select_body.tpl")); + + $template->assign_vars(array( + "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"), + "S_USERS_SELECT" => $select_list, + + "U_FORUMAUTH" => append_sid("forumauth.$phpEx")) + ); + + $template->pparse("body"); } -?> -
-

Forum Authorisation Admin

-Powered By phpBB 2.0 -
- -Copyright © 2001 phpBB Group, All Rights Reserved -
- - - \ No newline at end of file +?> \ No newline at end of file diff --git a/phpBB/templates/Default/admin/userauth_body.tpl b/phpBB/templates/Default/admin/userauth_body.tpl new file mode 100644 index 0000000000..3c9ce596bb --- /dev/null +++ b/phpBB/templates/Default/admin/userauth_body.tpl @@ -0,0 +1,91 @@ + + + +phpBB - auth testing + + + + +

User Authorisation Control

+ +

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

+ + +

Username: {USERNAME}

+

This user is {USERTYPE} and {USER_GROUP_LIST}

+ + +

Restricted Forums

+ +

These forums need users to be granted specific access for one or more auth fields. Please keep in mind that when you grant access you are giving a user the maximum rights to the forum. So, if this forum has auth fields set for admin only access the user will be made an admin! So think before granting rights!

+ +
+ + + + + + + + + + + + +
Forum NameSimple Access ControlModerator
{restrictedforums.FORUM_NAME}{restrictedforums.SELECT_GRANT_LIST}{restrictedforums.SELECT_MOD_LIST}
+ +
+ +

The colour coded rows in the table indicate the access level required to view, read, post or reply in the forum.

+ + + + + + + + + + + + + + +
Any or registered users can access this forum
Users must be granted special access
Users must be moderators
Users must be admins
+ +
+ +
+

Forum Authorisation Admin

+ +Powered By phpBB 2.0 +
+ +Copyright © 2001 phpBB Group, All Rights Reserved +
+ + + \ No newline at end of file diff --git a/phpBB/templates/Default/admin/userauth_select_body.tpl b/phpBB/templates/Default/admin/userauth_select_body.tpl new file mode 100644 index 0000000000..35c55ff9da --- /dev/null +++ b/phpBB/templates/Default/admin/userauth_select_body.tpl @@ -0,0 +1,47 @@ + + + +phpBB - auth testing + + + + +

User Authorisation Control

+ +

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

+ +
+ + + + + + +
Select a User
{S_USERS_SELECT}   
+ +
+

Forum Authorisation Admin

+ +Powered By phpBB 2.0 +
+ +Copyright © 2001 phpBB Group, All Rights Reserved +
+ + + diff --git a/phpBB/templates/PSO/admin/userauth_body.tpl b/phpBB/templates/PSO/admin/userauth_body.tpl new file mode 100644 index 0000000000..3c9ce596bb --- /dev/null +++ b/phpBB/templates/PSO/admin/userauth_body.tpl @@ -0,0 +1,91 @@ + + + +phpBB - auth testing + + + + +

User Authorisation Control

+ +

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

+ + +

Username: {USERNAME}

+

This user is {USERTYPE} and {USER_GROUP_LIST}

+ + +

Restricted Forums

+ +

These forums need users to be granted specific access for one or more auth fields. Please keep in mind that when you grant access you are giving a user the maximum rights to the forum. So, if this forum has auth fields set for admin only access the user will be made an admin! So think before granting rights!

+ +
+ + + + + + + + + + + + +
Forum NameSimple Access ControlModerator
{restrictedforums.FORUM_NAME}{restrictedforums.SELECT_GRANT_LIST}{restrictedforums.SELECT_MOD_LIST}
+ +
+ +

The colour coded rows in the table indicate the access level required to view, read, post or reply in the forum.

+ + + + + + + + + + + + + + +
Any or registered users can access this forum
Users must be granted special access
Users must be moderators
Users must be admins
+ +
+ +
+

Forum Authorisation Admin

+ +Powered By phpBB 2.0 +
+ +Copyright © 2001 phpBB Group, All Rights Reserved +
+ + + \ No newline at end of file diff --git a/phpBB/templates/PSO/admin/userauth_select_body.tpl b/phpBB/templates/PSO/admin/userauth_select_body.tpl new file mode 100644 index 0000000000..35c55ff9da --- /dev/null +++ b/phpBB/templates/PSO/admin/userauth_select_body.tpl @@ -0,0 +1,47 @@ + + + +phpBB - auth testing + + + + +

User Authorisation Control

+ +

Remember that users are also granted access via usergroups so be sure to check group auth control when assigning and changing access rights!

+ +
+ + + + + + +
Select a User
{S_USERS_SELECT}   
+ +
+

Forum Authorisation Admin

+ +Powered By phpBB 2.0 +
+ +Copyright © 2001 phpBB Group, All Rights Reserved +
+ + +