makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 06:08:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

More session changes to accomodate ACL_PERMIT/PREVENT ...

Browse source 
git-svn-id: file:///svn/phpbb/trunk@2853 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2002-08-15 15:45:22 +00:00
parent 67f4e334ec
commit 8bf310b6b2
15 changed files with 343 additions and 464 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
phpBB/common.php
View file

@ -38,8 +38,6 @@ if ( !defined('PHPBB_INSTALLED') )
// //
// Define some constants/variables // Define some constants/variables
// //
// User Levels <- Do not change the values of USER or ADMIN
define('ANONYMOUS', -1); define('ANONYMOUS', -1);
// User related // User related
@ -54,10 +52,10 @@ define('USER_AVATAR_REMOTE', 2);
define('USER_AVATAR_GALLERY', 3); define('USER_AVATAR_GALLERY', 3);
// ACL // ACL
define('ACL_PREVENT', 0); define('ACL_PREVENT', 1);
define('ACL_DENY', 1); define('ACL_DENY', 2);
define('ACL_ALLOW', 2); define('ACL_ALLOW', 4);
define('ACL_PERMIT', 3); define('ACL_PERMIT', 8);
// Group settings // Group settings
define('GROUP_OPEN', 0); define('GROUP_OPEN', 0);
@ -196,12 +194,10 @@ function slash_input_data(&$data)
{ {
if ( is_array($data) ) if ( is_array($data) )
{ {
while ( list($k, $v) = each($data) ) foreach ( $data as $k => $v )
{ {
$data[$k] = ( is_array($v) ) ? slash_input_data($v) : addslashes($v); $data[$k] = ( is_array($v) ) ? slash_input_data($v) : addslashes($v);
} }
@reset($data);
} }
return $data; return $data;
} }

2
phpBB/faq.php
View file

@ -28,7 +28,7 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

2
phpBB/groupcp.php
View file

@ -112,7 +112,7 @@ function generate_user_info(&$row, $date_format, $group_mod, &$from, &$posts, &$
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

190
phpBB/includes/session.php
View file

@ -377,28 +377,30 @@ class session {
// //
class acl class acl
{ {
function acl($mode, $userdata, $forum_id = false) var $founder = false;
var $acl = array();
function acl(&$userdata, $forum_id = false, $extra_options = false)
{ {
global $db; global $db;
switch( $mode ) $this->founder = $userdata['user_founder'];
if ( !($this->founder = $userdata['user_founder']) )
{ {
case 'admin': $and_sql = "ao.auth_option LIKE 'list'";
$and_sql = "ao.auth_type LIKE 'admin'";
break; if ( $extra_options )
case 'list': {
$and_sql = "ao.auth_option LIKE 'list' OR ao.auth_type LIKE 'admin'"; $tmp_ary = explode(',', $extra_options);
break; foreach ( $tmp_ary as $option )
case 'read': {
$and_sql = "ao.auth_option LIKE 'read' OR ao.auth_type LIKE 'admin'"; $and_sql .= " OR ao.auth_option LIKE '" . trim($option) . "'";
break;
case 'forum':
$and_sql = "( a.forum_id = $forum_id ) OR ( a.forum_id <> $forum_id AND ( ao.auth_option LIKE 'list' OR ao.auth_type LIKE 'mod' OR ao.auth_type LIKE 'admin' ) )";
break;
case 'listmod':
$and_sql = "ao.auth_option LIKE 'list' OR ao.auth_type LIKE 'mod' OR ao.auth_type LIKE 'admin'";
break;
} }
}
$and_sql = ( !$forum_id ) ? $and_sql : "( a.forum_id = $forum_id ) OR ( a.forum_id <> $forum_id AND ( ao.auth_option LIKE 'list' OR ao.auth_type LIKE 'mod' ) )";
$and_sql .= " OR ao.auth_type LIKE 'admin'";
$sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_type, ao.auth_option $sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_type, ao.auth_option
FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " ao, " . USER_GROUP_TABLE . " ug FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " ao, " . USER_GROUP_TABLE . " ug
@ -412,8 +414,16 @@ class acl
{ {
do do
{ {
switch ( $this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] )
{
case ACL_PERMIT:
case ACL_DENY:
case ACL_PREVENT:
break;
default:
$this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] = $row['auth_allow_deny']; $this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] = $row['auth_allow_deny'];
} }
}
while ( $row = $db->sql_fetchrow($result) ); while ( $row = $db->sql_fetchrow($result) );
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
@ -429,49 +439,76 @@ class acl
{ {
do do
{ {
switch ( $this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] )
{
case ACL_PERMIT:
case ACL_PREVENT:
break;
default:
$this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] = $row['auth_allow_deny']; $this->acl[$row['forum_id']][$row['auth_type']][$row['auth_option']] = $row['auth_allow_deny'];
break;
}
} }
while ( $row = $db->sql_fetchrow($result) ); while ( $row = $db->sql_fetchrow($result) );
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
if ( is_array($this->acl) )
{
foreach ( $this->acl as $forum_id => $auth_ary )
{
foreach ( $auth_ary as $type => $option_ary )
{
foreach ( $option_ary as $option => $value )
{
switch ( $value )
{
case ACL_ALLOW:
case ACL_PERMIT:
$this->acl[$forum_id][$type][$option] = 1;
break;
case ACL_DENY:
case ACL_PREVENT:
$this->acl[$forum_id][$type][$option] = 0;
break;
}
}
}
}
}
}
return; return;
} }
function get_acl($forum_id, $auth_main = false, $auth_type = false) function get_acl($forum_id, $auth_main, $auth_type = false)
{ {
if ( $auth_main && $auth_type ) if ( $this->founder )
{ {
return $this->acl[$forum_id][$auth_main][$auth_type]; return true;
}
else if ( $auth_main && $auth_type )
{
return ( $this->get_acl(0, 'admin') ) ? true : ( ( $this->acl[$forum_id][$auth_main][$auth_type] ) ? true : false );
} }
else if ( !$auth_type && is_array($this->acl[$forum_id][$auth_main]) ) else if ( !$auth_type && is_array($this->acl[$forum_id][$auth_main]) )
{ {
return ( array_sum($this->acl[$forum_id][$auth_main]) ) ? true : false; return ( $this->get_acl(0, 'admin') ) ? true : ( ( array_sum($this->acl[$forum_id][$auth_main]) ) ? true : false );
} }
return $this->acl[$forum_id];
} }
function get_acl_admin($auth_type = false) function get_acl_admin($auth_type = false)
{ {
return $this->get_acl(0, 'admin', $auth_type); return ( $this->founder ) ? true : $this->get_acl(0, 'admin', $auth_type);
} }
function set_acl($forum_id, $user_id = false, $group_id = false, $auth = false, $dependencies = array()) function set_acl_user(&$forum_id, &$user_id, &$auth, $dependencies = array())
{ {
global $db; global $db;
if ( !$auth || ( $user_id && $group_id ) )
{
return;
}
$forum_sql = ( $forum_id ) ? "AND a.forum_id IN ($forum_id, 0)" : ''; $forum_sql = ( $forum_id ) ? "AND a.forum_id IN ($forum_id, 0)" : '';
// $sql = "SELECT a.user_id, o.auth_type, o.auth_option_id, o.auth_option, a.auth_allow_deny FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o, " . USERS_TABLE . " u WHERE a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND a.user_id = $user_id";
//
//
$sql = ( $user_id !== false ) ? "SELECT a.user_id, o.auth_type, o.auth_option_id, o.auth_option, a.auth_allow_deny FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o, " . USERS_TABLE . " u WHERE a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND a.user_id = $user_id" : "SELECT ug.user_id, o.auth_type, o.auth_option, a.auth_allow_deny FROM " . USER_GROUP_TABLE . " ug, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o, " . USERS_TABLE . " u WHERE a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND a.user_id = ug.user_id AND ug.group_id = $group_id";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$user_auth = array(); $user_auth = array();
@ -485,7 +522,42 @@ class acl
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
$sql = ( $group_id !== false ) ? "SELECT a.group_id, o.auth_type, o.auth_option_id, o.auth_option, a.auth_allow_deny FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $forum_sql AND a.group_id = $group_id" : "SELECT ug.group_id, o.auth_type, o.auth_option, a.auth_allow_deny FROM " . USER_GROUP_TABLE . " ug, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $forum_sql AND a.group_id = ug.group_id AND ug.user_id = $user_id"; foreach ( $auth as $auth_type => $auth_option_ary )
{
foreach ( $auth_option_ary as $auth_option => $allow )
{
if ( !empty($user_auth) )
{
foreach ( $user_auth as $user => $user_auth_ary )
{
$user_auth[$user][$auth_type][$auth_option] = $allow;
$sql_ary[] = ( !isset($user_auth_ary[$auth_type][$auth_option]) ) ? "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option, $allow)" : ( ( $user_auth_ary[$auth_type][$auth_option] != $allow ) ? "UPDATE " . ACL_USERS_TABLE . " SET auth_allow_deny = $allow WHERE user_id = $user_id AND forum_id = $forum_id and auth_option_id = $auth_option" : '' );
}
}
else
{
$user_auth[$user_id][$auth_type][$auth_option] = $allow;
$sql_ary[] = "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option, $allow)";
}
}
}
foreach ( $sql_ary as $sql )
{
$db->sql_query($sql);
}
unset($user_auth);
unset($sql_ary);
}
function set_acl_group(&$forum_id, &$group_id, &$auth, $dependencies = array())
{
global $db;
$forum_sql = ( $forum_id ) ? "AND a.forum_id IN ($forum_id, 0)" : '';
$sql = "SELECT a.group_id, o.auth_type, o.auth_option_id, o.auth_option, a.auth_allow_deny FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $forum_sql AND a.group_id = $group_id";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
$group_auth = array(); $group_auth = array();
@ -502,42 +574,20 @@ class acl
foreach ( $auth as $auth_type => $auth_option_ary ) foreach ( $auth as $auth_type => $auth_option_ary )
{ {
foreach ( $auth_option_ary as $auth_option => $allow ) foreach ( $auth_option_ary as $auth_option => $allow )
{
if ( $user_id !== false )
{
if ( !empty($user_auth) )
{
foreach ( $user_auth as $user => $user_auth_ary )
{
$user_auth[$user][$auth_type][$auth_option] = $allow;
$sql_ary[] = ( !isset($user_auth_ary[$auth_type][$auth_option]) ) ? "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option, $allow)" : ( ( $user_auth_ary[$auth_type][$auth_option] != $allow ) ? "UPDATE " . ACL_USERS_TABLE . " SET auth_allow_deny = $allow WHERE user_id = $user_id AND forum_id = $forum_id and auth_option_id = $auth_option" : '' );
}
}
else
{
$user_auth[$user_id][$auth_type][$auth_option] = $allow;
$sql_ary[] = "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option, $allow)";
}
}
if ( $group_id !== false )
{ {
if ( !empty($group_auth) ) if ( !empty($group_auth) )
{ {
foreach ( $group_auth as $group => $group_auth_ary ) foreach ( $group_auth as $group => $group_auth_ary )
{ {
$group_auth[$group][$auth_type][$auth_option] = $allow;
$sql_ary[] = ( !isset($group_auth_ary[$auth_type][$auth_option]) ) ? "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option, $allow)" : ( ( $group_auth_ary[$auth_type][$auth_option] != $allow ) ? "UPDATE " . ACL_GROUPS_TABLE . " SET auth_allow_deny = $allow WHERE group_id = $group_id AND forum_id = $forum_id and auth_option_id = $auth_option" : '' ); $sql_ary[] = ( !isset($group_auth_ary[$auth_type][$auth_option]) ) ? "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option, $allow)" : ( ( $group_auth_ary[$auth_type][$auth_option] != $allow ) ? "UPDATE " . ACL_GROUPS_TABLE . " SET auth_allow_deny = $allow WHERE group_id = $group_id AND forum_id = $forum_id and auth_option_id = $auth_option" : '' );
} }
} }
else else
{ {
$group_auth[$group_id][$auth_type][$auth_option] = $allow;
$sql_ary[] = "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option, $allow)"; $sql_ary[] = "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option, $allow)";
} }
} }
} }
}
foreach ( $sql_ary as $sql ) foreach ( $sql_ary as $sql )
{ {
@ -545,7 +595,31 @@ class acl
} }
unset($group_auth); unset($group_auth);
unset($user_auth); unset($sql_ary);
}
function delete_acl_user($forum_id, $user_id, $auth_type = false)
{
global $db;
$auth_sql = ( $auth_type != '' ) ? " AND auth_option_id IN ()" : "";
$sql = "DELETE FROM " . ACL_USERS_TABLE . "
WHERE user_id = $user_id
AND forum_id = $forum_id";
$db->sql_query($sql);
}
function delete_acl_group($forum_id, $group_id, $auth_type = false)
{
global $db;
$auth_sql = ( $auth_type != '' ) ? " AND auth_option_id IN ()" : "";
$sql = "DELETE FROM " . ACL_GROUPS_TABLE . "
WHERE group_id = $group_id
AND forum_id = $forum_id";
$db->sql_query($sql);
} }
} }

217
phpBB/index.php
View file

@ -24,20 +24,6 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
$acl = new acl('list', $userdata);
//
// End session management
//
//
// Configure style, language, etc.
//
$session->configure($userdata);
$viewcat = ( !empty($HTTP_GET_VARS['c']) ) ? intval($HTTP_GET_VARS['c']) : -1; $viewcat = ( !empty($HTTP_GET_VARS['c']) ) ? intval($HTTP_GET_VARS['c']) : -1;
$forum_id = ( !empty($HTTP_GET_VARS['f']) ) ? intval($HTTP_GET_VARS['f']) : 0; $forum_id = ( !empty($HTTP_GET_VARS['f']) ) ? intval($HTTP_GET_VARS['f']) : 0;
@ -50,6 +36,20 @@ else
$mark_read = ''; $mark_read = '';
} }
//
// Start session management
//
$userdata = $session->start();
$acl = new acl($userdata);
//
// End session management
//
//
// Configure style, language, etc.
//
$session->configure($userdata);
// //
// Handle marking posts // Handle marking posts
// //
@ -109,175 +109,6 @@ else
$l_total_user_s = $lang['Registered_users_total']; $l_total_user_s = $lang['Registered_users_total'];
} }
/*
switch ( SQL_LAYER )
{
case 'oracle':
break;
default:
$sql = "SELECT f1.*, p.post_time, p.post_username, u.username, u.user_id
FROM ((( " . FORUMS_TABLE . " f1
LEFT JOIN " . FORUMS_TABLE . " f2
LEFT JOIN " . POSTS_TABLE . " p ON p.post_id = f2.forum_last_post_id )
LEFT JOIN " . USERS_TABLE . " u ON u.user_id = p.poster_id )
WHERE f1.forum_left_id BETWEEN f2.forum_left_id AND f2.forum_right_id
ORDER BY f2.forum_id";
break;
}
$result = $db->sql_query($sql);
$forum_data = array();
if ( $row = $db->sql_fetchrow($result) )
{
do
{
$forum_data[] = $row;
}
while ( $row = $db->sql_fetchrow($result) );
$total_forums = sizeof($forum_data);
}
if ( $total_forums > 1 )
{
$last_forum_right_id = 0;
for( $i = 0; $i < $total_forums; $i++)
{
$row_forum_id = $forum_data[$i]['forum_id'];
//
// A non-postable forum on the index is treated as a category
//
if ( $forum_data[$i]['forum_status'] == 2 || $row_forum_id == $forum_id )
{
$template->assign_block_vars('catrow', array(
'CAT_ID' => $forum_id,
'CAT_DESC' => $forum_data[$i]['forum_name'],
'U_VIEWCAT' => "index.$phpEx?$SID&amp;" . POST_FORUM_URL . "=$forum_id")
);
$current_parent = $row_forum_id;
}
else
{
if ( $forum_data[$i]['parent_id'] == $current_parent )
{
if ( $acl->get_acl($row_forum_id, 'forum', 'list') )
{
if ( $forum_data[$i]['forum_status'] == FORUM_LOCKED )
{
$folder_image = $theme['forum_locked'];
$folder_alt = $lang['Forum_locked'];
}
else
{
$unread_topics = false;
if ( $userdata['user_id'] != ANONYMOUS )
{
if ( !empty($new_topic_data[$row_forum_id]) )
{
$forum_last_post_time = 0;
while( list($check_topic_id, $check_post_time) = @each($new_topic_data[$row_forum_id]) )
{
if ( empty($tracking_topics[$check_topic_id]) )
{
$unread_topics = true;
$forum_last_post_time = max($check_post_time, $forum_last_post_time);
}
else
{
if ( $tracking_topics[$check_topic_id] < $check_post_time )
{
$unread_topics = true;
$forum_last_post_time = max($check_post_time, $forum_last_post_time);
}
}
}
if ( !empty($tracking_forums[$row_forum_id]) )
{
if ( $tracking_forums[$row_forum_id] > $forum_last_post_time )
{
$unread_topics = false;
}
}
if ( isset($HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f_all']) )
{
if ( $HTTP_COOKIE_VARS[$board_config['cookie_name'] . '_f_all'] > $forum_last_post_time )
{
$unread_topics = false;
}
}
}
}
$folder_image = ( $unread_topics ) ? $theme['forum_new'] : $theme['forum'];
$folder_alt = ( $unread_topics ) ? $lang['New_posts'] : $lang['No_new_posts'];
}
$posts = $forum_data[$i]['forum_posts'];
$topics = $forum_data[$i]['forum_topics'];
if ( $forum_data[$i]['forum_last_post_id'] )
{
$last_post_time = create_date($board_config['default_dateformat'], $forum_data[$i]['post_time'], $board_config['board_timezone']);
$last_post = $last_post_time . '<br />';
$last_post .= ( $forum_data[$i]['user_id'] == ANONYMOUS ) ? ( ($forum_data[$i]['post_username'] != '' ) ? $forum_data[$i]['post_username'] . ' ' : $lang['Guest'] . ' ' ) : '<a href="' . "profile.$phpEx$SID&amp;mode=viewprofile&amp;" . POST_USERS_URL . '=' . $forum_data[$i]['user_id'] . '">' . $forum_data[$i]['username'] . '</a> ';
$last_post .= '<a href="' . "viewtopic.$phpEx$SID&amp;" . POST_POST_URL . '=' . $forum_data[$i]['forum_last_post_id'] . '#' . $forum_data[$i]['forum_last_post_id'] . '"><img src="' . $theme['icon_latest_reply'] . '" border="0" alt="' . $lang['View_latest_post'] . '" title="' . $lang['View_latest_post'] . '" /></a>';
}
else
{
$last_post = $lang['No_Posts'];
}
if ( count($forum_moderators[$row_forum_id]) > 0 )
{
$l_moderators = ( count($forum_moderators[$row_forum_id]) == 1 ) ? $lang['Moderator'] : $lang['Moderators'];
$moderator_list = implode(', ', $forum_moderators[$row_forum_id]);
}
else
{
$l_moderators = '&nbsp;';
$moderator_list = '&nbsp;';
}
$row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
$row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
$template->assign_block_vars('catrow.forumrow', array(
'ROW_COLOR' => '#' . $row_color,
'ROW_CLASS' => $row_class,
'FORUM_FOLDER_IMG' => $folder_image,
'FORUM_NAME' => $forum_data[$i]['forum_name'],
'FORUM_DESC' => $forum_data[$i]['forum_desc'],
'POSTS' => $forum_data[$i]['forum_posts'],
'TOPICS' => $forum_data[$i]['forum_topics'],
'LAST_POST' => $last_post,
'MODERATORS' => $moderator_list,
'L_MODERATOR' => $l_moderators,
'L_FORUM_FOLDER_ALT' => $folder_alt,
'U_VIEWFORUM' => "viewforum.$phpEx$SID&amp;" . POST_FORUM_URL . "=$row_forum_id")
);
}
}
}
}
$template->assign_var_from_handle('SUB_FORUM', 'forum');
}
*/
// //
// Start page proper // Start page proper
// //
@ -319,26 +150,6 @@ if ( ( $total_categories = count($category_rows) ) )
$forum_data[] = $row; $forum_data[] = $row;
} }
//
// Obtain a list of topic ids which contain
// posts made since user last visited
//
/* if ( $userdata['user_id'] != ANONYMOUS )
{
$sql = "SELECT t.forum_id, t.topic_id, p.post_time
FROM " . TOPICS_TABLE . " t, " . POSTS_TABLE . " p
WHERE p.post_id = t.topic_last_post_id
AND p.post_time > " . $userdata['user_lastvisit'] . "
AND t.topic_moved_id = 0";
$result = $db->sql_query($sql);
$new_topic_data = array();
while( $topic_data = $db->sql_fetchrow($result) )
{
$new_topic_data[$topic_data['forum_id']][$topic_data['topic_id']] = $topic_data['post_time'];
}
}
*/
// //
// Obtain list of moderators of each forum // Obtain list of moderators of each forum
// First users, then groups ... broken into two queries // First users, then groups ... broken into two queries

2
phpBB/login.php
View file

@ -30,7 +30,7 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Set page ID for session management // Set page ID for session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
$session->configure($userdata); $session->configure($userdata);
// //

2
phpBB/memberlist.php
View file

@ -28,7 +28,7 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
$session->configure($userdata); $session->configure($userdata);
// //

2
phpBB/modcp.php
View file

@ -124,7 +124,7 @@ else
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('forum', $userdata, $forum_id); $acl = new acl($userdata, $forum_id);
// //
// End session management // End session management
// //

2
phpBB/posting.php
View file

@ -104,7 +104,7 @@ if ( isset($HTTP_POST_VARS['cancel']) )
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

2
phpBB/privmsg.php
View file

@ -82,7 +82,7 @@ if ( $cancel )
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

2
phpBB/profile.php
View file

@ -29,7 +29,7 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

2
phpBB/search.php
View file

@ -30,7 +30,7 @@ include($phpbb_root_path . 'includes/functions_posting.'.$phpEx);
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('read', $userdata); $acl = new acl($userdata, false, 'read');
// //
// End session management // End session management
// //

24
phpBB/viewforum.php
View file

@ -24,14 +24,6 @@ $phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx); include($phpbb_root_path . 'common.'.$phpEx);
//
// Start session management
//
$userdata = $session->start();
//
// End session management
//
// //
// Start initial var setup // Start initial var setup
// //
@ -58,6 +50,15 @@ $start = ( isset($HTTP_GET_VARS['start']) ) ? intval($HTTP_GET_VARS['start']) :
// End initial var setup // End initial var setup
// //
//
// Start session management
//
$userdata = $session->start();
$acl = new acl($userdata, $forum_id);
//
// End session management
//
// //
// Check if the user has actually sent a forum ID with his/her request // Check if the user has actually sent a forum ID with his/her request
// If not give them a nice error page. // If not give them a nice error page.
@ -82,14 +83,13 @@ if ( !($forum_data = $db->sql_fetchrow($result)) )
// //
// Configure style, language, etc. // Configure style, language, etc.
// //
$acl = new acl('forum', $userdata, $forum_id);
$userdata['user_style'] = ( $forum_data['forum_style'] ) ? $forum_data['user_style'] : $userdata['user_style']; $userdata['user_style'] = ( $forum_data['forum_style'] ) ? $forum_data['user_style'] : $userdata['user_style'];
$session->configure($userdata); $session->configure($userdata);
// //
// Auth check // Auth check
// //
if ( !$acl->get_acl($forum_id, 'forum', 'list') || !$acl->get_acl($forum_id, 'forum', 'read') ) if ( !$acl->get_acl($forum_id, 'forum', 'read') )
{ {
if ( $userdata['user_id'] == ANONYMOUS ) if ( $userdata['user_id'] == ANONYMOUS )
{ {
@ -102,9 +102,7 @@ if ( !$acl->get_acl($forum_id, 'forum', 'list') || !$acl->get_acl($forum_id, 'fo
// //
// The user is not authed to read this forum ... // The user is not authed to read this forum ...
// //
$message = ( !$acl->get_acl($forum_id, 'forum', 'list') ) ? $lang['Forum_not_exist'] : sprintf($lang['Sorry_auth_read'], $is_auth[$forum_id]['auth_read_type']); message_die(MESSAGE, $lang['Sorry_auth_read']);
message_die(MESSAGE, $message);
} }
// //
// End of auth check // End of auth check

2
phpBB/viewonline.php
View file

@ -28,7 +28,7 @@ include($phpbb_root_path . 'common.'.$phpEx);
// Start session management // Start session management
// //
$userdata = $session->start(); $userdata = $session->start();
$acl = new acl('list', $userdata); $acl = new acl($userdata);
// //
// End session management // End session management
// //

8
phpBB/viewtopic.php
View file

@ -145,9 +145,9 @@ if ( $userdata['user_id'] != ANONYMOUS && isset($HTTP_POST_VARS['rating']) )
$join_sql_table = ( !$post_id ) ? '' : ', ' . POSTS_TABLE . ' p, ' . POSTS_TABLE . ' p2 '; $join_sql_table = ( !$post_id ) ? '' : ', ' . POSTS_TABLE . ' p, ' . POSTS_TABLE . ' p2 ';
$join_sql = ( !$post_id ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND p.post_approved = " . TRUE . " AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_approved = " . TRUE . " AND p2.post_id <= $post_id"; $join_sql = ( !$post_id ) ? "t.topic_id = $topic_id" : "p.post_id = $post_id AND p.post_approved = " . TRUE . " AND t.topic_id = p.topic_id AND p2.topic_id = p.topic_id AND p2.post_approved = " . TRUE . " AND p2.post_id <= $post_id";
$count_sql = ( !$post_id ) ? '' : ", COUNT(p2.post_id) AS prev_posts"; $count_sql = ( !$post_id ) ? '' : ", COUNT(p2.post_id) AS prev_posts";
$order_sql = ( !$post_id ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, f.forum_name, f.forum_status, f.forum_id, f.default_style ORDER BY p.post_id ASC"; $order_sql = ( !$post_id ) ? '' : "GROUP BY p.post_id, t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, f.forum_name, f.forum_status, f.forum_id, f.forum_style ORDER BY p.post_id ASC";
$sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, f.forum_name, f.forum_status, f.forum_id, f.default_style" . $count_sql . " $sql = "SELECT t.topic_id, t.topic_title, t.topic_status, t.topic_replies, t.topic_time, t.topic_type, f.forum_name, f.forum_status, f.forum_id, f.forum_style" . $count_sql . "
FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . " FROM " . TOPICS_TABLE . " t, " . FORUMS_TABLE . " f" . $join_sql_table . "
WHERE $join_sql WHERE $join_sql
AND f.forum_id = t.forum_id AND f.forum_id = t.forum_id
@ -162,10 +162,10 @@ if ( !(extract($db->sql_fetchrow($result))) )
// //
// Configure style, language, etc. // Configure style, language, etc.
// //
$userdata['user_style'] = ( $default_style ) ? $default_style : $userdata['user_style']; $userdata['user_style'] = ( $forum_style ) ? $forum_style : $userdata['user_style'];
$session->configure($userdata); $session->configure($userdata);
$acl = new acl('forum', $userdata, $forum_id); $acl = new acl($userdata, $forum_id);
// //
// Start auth check // Start auth check