diff --git a/phpBB/adm/style/acp_main.html b/phpBB/adm/style/acp_main.html index 1b521e1ec9..f293c31147 100644 --- a/phpBB/adm/style/acp_main.html +++ b/phpBB/adm/style/acp_main.html @@ -61,39 +61,43 @@ -
-
- + + +
+ - -
- + +
+ + -

{L_ADMIN_LOG}

+ +

{L_ADMIN_LOG}

-

{L_ADMIN_LOG_INDEX_EXPLAIN}

+

{L_ADMIN_LOG_INDEX_EXPLAIN}

- - - - - - - - - - - - - - - - - +
{L_USERNAME}{L_IP}{L_TIME}{L_ACTION}
{log.USERNAME}{log.IP}{log.DATE}{log.ACTION}
+ + + + + + - - -
{L_USERNAME}{L_IP}{L_TIME}{L_ACTION}
+ + + + + + {log.USERNAME} + {log.IP} + {log.DATE} + {log.ACTION} + + + + +

{L_INACTIVE_USERS}

diff --git a/phpBB/adm/style/acp_users.html b/phpBB/adm/style/acp_users.html index 0df5e86b97..a7a66f5d5e 100644 --- a/phpBB/adm/style/acp_users.html +++ b/phpBB/adm/style/acp_users.html @@ -84,6 +84,7 @@

{L_NAME_CHARS_EXPLAIN}
+
[ {L_USE_PERMISSIONS} ]
diff --git a/phpBB/adm/style/overall_header.html b/phpBB/adm/style/overall_header.html index 9345ae0682..f719ec8074 100644 --- a/phpBB/adm/style/overall_header.html +++ b/phpBB/adm/style/overall_header.html @@ -50,6 +50,11 @@ function dE(n, s, type) function marklist(id, name, state) { var parent = document.getElementById(id); + if (!parent) + { + eval('parent = document.' + id); + } + if (!parent) { return; diff --git a/phpBB/includes/acp/acp_main.php b/phpBB/includes/acp/acp_main.php index 8a7bf5ff75..acc1c50112 100644 --- a/phpBB/includes/acp/acp_main.php +++ b/phpBB/includes/acp/acp_main.php @@ -154,7 +154,7 @@ class acp_main switch ($action) { case 'online': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -165,7 +165,7 @@ class acp_main break; case 'stats': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -215,7 +215,7 @@ class acp_main break; case 'user': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -256,7 +256,7 @@ class acp_main break; case 'date': - if (!$auth->acl_get('a_defaults')) + if (!$auth->acl_get('a_board')) { trigger_error($user->lang['NO_ADMIN']); } @@ -347,7 +347,7 @@ class acp_main 'U_ACTION' => "{$phpbb_admin_path}index.$phpEx$SID", - 'S_ACTION_OPTIONS' => $s_action_options, + 'S_ACTION_OPTIONS' => ($auth->acl_get('a_board')) ? $s_action_options : '', ) ); diff --git a/phpBB/includes/acp/acp_users.php b/phpBB/includes/acp/acp_users.php index 29572b7147..62a9a38d98 100644 --- a/phpBB/includes/acp/acp_users.php +++ b/phpBB/includes/acp/acp_users.php @@ -734,7 +734,9 @@ class acp_users 'U_SHOW_IP' => $this->u_action . "&u=$user_id&ip=" . (($ip == 'ip') ? 'hostname' : 'ip'), 'U_WHOIS' => $this->u_action . "&action=whois&user_ip={$user_row['user_ip']}", - + + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_row['user_id']) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_row['user_id']}" : '', + 'USER' => $user_row['username'], 'USER_REGISTERED' => $user->format_date($user_row['user_regdate']), 'REGISTERED_IP' => ($ip == 'hostname') ? gethostbyaddr($user_row['user_ip']) : $user_row['user_ip'], diff --git a/phpBB/includes/acp/auth.php b/phpBB/includes/acp/auth.php index 2307d413fa..e8c2c12079 100644 --- a/phpBB/includes/acp/auth.php +++ b/phpBB/includes/acp/auth.php @@ -1101,6 +1101,59 @@ class auth_admin extends auth } } } + + /** + * Use permissions from another user. This transferes a permission set from one user to another. + * The other user is always able to revert back to his permission set. + * This function does not check for lower/higher permissions, it is possible for the user to gain + * "more" permissions by this. + * + */ + function ghost_permissions($from_user_id, $to_user_id) + { + global $db; + + if ($to_user_id == ANONYMOUS) + { + return false; + } + + $hold_ary = $this->acl_raw_data($from_user_id, false, false); + + if (isset($hold_ary[$from_user_id])) + { + $hold_ary = $hold_ary[$from_user_id]; + } + + // Key 0 in $hold_ary are global options, all others are forum_ids + + // We disallow copying admin permissions + foreach ($this->acl_options['global'] as $opt => $id) + { + if (strpos($opt, 'a_') === 0) + { + $hold_ary[0][$opt] = ACL_NO; + } + } + + // Force a_switchperm to be allowed + $hold_ary[0]['a_switchperm'] = ACL_YES; + + $user_permissions = $this->build_bitstring($hold_ary); + + if (!$user_permissions) + { + return false; + } + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($user_permissions) . "', + user_perm_from = $from_user_id + WHERE user_id = " . $to_user_id; + $db->sql_query($sql); + + return true; + } } ?> \ No newline at end of file diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index c4dc4cb84a..fb1d2126a7 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -325,12 +325,34 @@ class auth { if (strpos($opt, 'a_') === 0) { - $hold_ary[0][$opt] = 1; + $hold_ary[0][$opt] = ACL_YES; } } } + $hold_str = $this->build_bitstring($hold_ary); + + if ($hold_str) + { + $userdata['user_permissions'] = $hold_str; + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "', + user_perm_from = 0 + WHERE user_id = " . $userdata['user_id']; + $db->sql_query($sql); + } + + return; + } + + /** + * Build bitstring from permission set + */ + function build_bitstring(&$hold_ary) + { $hold_str = ''; + if (sizeof($hold_ary)) { ksort($hold_ary); @@ -379,16 +401,10 @@ class auth } unset($bitstring); - $userdata['user_permissions'] = rtrim($hold_str); - - $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "' - WHERE user_id = " . $userdata['user_id']; - $db->sql_query($sql); + $hold_str = rtrim($hold_str); } - unset($hold_ary); - return; + return $hold_str; } /** @@ -401,7 +417,8 @@ class auth $where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : ''; $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '' + SET user_permissions = '', + user_perm_from = 0 $where_sql"; $db->sql_query($sql); diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 38e9448ecb..5ca15e493d 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -147,23 +147,6 @@ function unique_id($extra = 0, $prefix = false) return uniqid(($prefix === false) ? mt_rand() : $prefix, true); } -/** -* Get userdata -* @param mixed $user user id or username -*/ -function get_userdata($user) -{ - global $db; - - $sql = 'SELECT * - FROM ' . USERS_TABLE . ' - WHERE '; - $sql .= ((is_integer($user)) ? "user_id = $user" : "username = '" . $db->sql_escape($user) . "'") . " AND user_id <> " . ANONYMOUS; - $result = $db->sql_query($sql); - - return ($row = $db->sql_fetchrow($result)) ? $row : false; -} - /** * Generate sort selection fields */ @@ -1654,10 +1637,11 @@ function decode_message(&$message, $bbcode_uid = '') '#.*?#', '#.*?#', '# "{$phpbb_root_path}ucp.$phpEx$SID&mode=delete_cookies", 'U_TEAM' => "{$phpbb_root_path}memberlist.$phpEx$SID&mode=leaders", + 'U_RESTORE_PERMISSIONS' => ($user->data['user_perm_from'] && $auth->acl_get('a_switchperm')) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=restore_perm" : '', 'S_USER_LOGGED_IN' => ($user->data['user_id'] != ANONYMOUS) ? true : false, 'S_REGISTERED_USER' => $user->data['is_registered'], diff --git a/phpBB/includes/functions_display.php b/phpBB/includes/functions_display.php index 7384217c31..b64e2b2ad0 100644 --- a/phpBB/includes/functions_display.php +++ b/phpBB/includes/functions_display.php @@ -578,13 +578,13 @@ function gen_forum_auth_level($mode, $forum_id, $forum_status) global $SID, $template, $auth, $user; $locked = ($forum_status == ITEM_LOCKED && !$auth->acl_get('m_edit', $forum_id)) ? true : false; - + $rules = array( ($auth->acl_get('f_post', $forum_id) && !$locked) ? $user->lang['RULES_POST_CAN'] : $user->lang['RULES_POST_CANNOT'], ($auth->acl_get('f_reply', $forum_id) && !$locked) ? $user->lang['RULES_REPLY_CAN'] : $user->lang['RULES_REPLY_CANNOT'], ($auth->acl_gets('f_edit', 'm_edit', $forum_id) && !$locked) ? $user->lang['RULES_EDIT_CAN'] : $user->lang['RULES_EDIT_CANNOT'], ($auth->acl_gets('f_delete', 'm_delete', $forum_id) && !$locked) ? $user->lang['RULES_DELETE_CAN'] : $user->lang['RULES_DELETE_CANNOT'], - ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach', $forum_id) && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] + ($auth->acl_get('f_attach', $forum_id) && $auth->acl_get('u_attach') && !$locked) ? $user->lang['RULES_ATTACH_CAN'] : $user->lang['RULES_ATTACH_CANNOT'] ); foreach ($rules as $rule) @@ -670,41 +670,13 @@ function topic_status(&$topic_row, $replies, $unread_topic, &$folder_img, &$fold function display_attachments($forum_id, $blockname, &$attachment_data, &$update_count, $force_physical = false, $return = false) { global $template, $cache, $user; - global $attachment_tpl, $extensions, $config, $phpbb_root_path, $phpEx, $SID; + global $extensions, $config, $phpbb_root_path, $phpEx, $SID; -// $starttime = explode(' ', microtime()); -// $starttime = $starttime[1] + $starttime[0]; $return_tpl = array(); - $blocks = array(ATTACHMENT_CATEGORY_WM => 'WM_STREAM', ATTACHMENT_CATEGORY_RM => 'RM_STREAM', ATTACHMENT_CATEGORY_THUMB => 'THUMBNAIL', ATTACHMENT_CATEGORY_IMAGE => 'IMAGE'); - - if (!isset($attachment_tpl)) - { - if (!($attachment_tpl = $cache->get('attachment_tpl'))) - { - $attachment_tpl = array(); - - $template_filename = $phpbb_root_path . 'styles/' . $user->theme['template_path'] . '/template/attachment.html'; - if (($attachment_template = file_get_contents($template_filename)) === false) - { - trigger_error('Could not load template file "' . $template_filename . '"'); - } - - // replace \ with \\ and then ' with \'. - $attachment_template = str_replace('\\', '\\\\', $attachment_template); - $attachment_template = str_replace("'", "\'", $attachment_template); - - preg_match_all('#(.*?)#s', $attachment_template, $tpl); - - foreach ($tpl[1] as $num => $block_name) - { - $attachment_tpl[$block_name] = $tpl[2][$num]; - } - unset($tpl); - - $cache->put('attachment_tpl', $attachment_tpl); - } - } + $template->set_filenames(array( + 'attachment_tpl' => 'attachment.html') + ); if (empty($extensions) || !is_array($extensions)) { @@ -714,62 +686,55 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ foreach ($attachment_data as $attachment) { + // We need to reset/empty the _file block var, because this function might be called more than once + $template->reset_block_vars('_file'); + + $block_array = array(); + // Some basics... $attachment['extension'] = strtolower(trim($attachment['extension'])); $filename = $phpbb_root_path . $config['upload_path'] . '/' . basename($attachment['physical_filename']); $thumbnail_filename = $phpbb_root_path . $config['upload_path'] . '/thumb_' . basename($attachment['physical_filename']); - $upload_image = ''; - + $upload_icon = ''; if ($user->img('icon_attach', '') && !$extensions[$attachment['extension']]['upload_icon']) { - $upload_image = $user->img('icon_attach', ''); + $upload_icon = $user->img('icon_attach', ''); } else if ($extensions[$attachment['extension']]['upload_icon']) { - $upload_image = ''; + $upload_icon = ''; } $filesize = $attachment['filesize']; $size_lang = ($filesize >= 1048576) ? $user->lang['MB'] : ( ($filesize >= 1024) ? $user->lang['KB'] : $user->lang['BYTES'] ); - $filesize = ($filesize >= 1048576) ? round((round($filesize / 1048576 * 100) / 100), 2) : (($filesize >= 1024) ? round((round($filesize / 1024 * 100) / 100), 2) : $filesize); - $display_name = basename($attachment['real_filename']); $comment = str_replace("\n", '
', censor_text($attachment['comment'])); + $block_array += array( + 'UPLOAD_ICON' => $upload_icon, + 'FILESIZE' => $filesize, + 'SIZE_LANG' => $size_lang, + 'DOWNLOAD_NAME' => basename($attachment['real_filename']), + 'COMMENT' => $comment, + ); + $denied = false; if (!extension_allowed($forum_id, $attachment['extension'], $extensions)) { $denied = true; - $template_array['VAR'] = array('{L_DENIED}'); - $template_array['VAL'] = array(sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension'])); - - $tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl['DENIED']); - - // Replace {L_*} lang strings - $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); - - if (!$return) - { - $template->assign_block_vars($blockname, array( - 'DISPLAY_ATTACHMENT' => $tpl) - ); - } - else - { - $return_tpl[] = $tpl; - } + $block_array += array( + 'S_DENIED' => true, + 'DENIED_MESSAGE' => sprintf($user->lang['EXTENSION_DISABLED_AFTER_POSTING'], $attachment['extension']) + ); } if (!$denied) { - $l_downloaded_viewed = ''; - $download_link = ''; - $additional_array['VAR'] = $additional_array['VAL'] = array(); - + $l_downloaded_viewed = $download_link = ''; $display_cat = $extensions[$attachment['extension']]['display_cat']; if ($display_cat == ATTACHMENT_CATEGORY_IMAGE) @@ -800,102 +765,108 @@ function display_attachments($forum_id, $blockname, &$attachment_data, &$update_ { // Images case ATTACHMENT_CATEGORY_IMAGE: - $img_source = $filename; - $update_count[] = $attachment['attach_id']; - $l_downloaded_viewed = $user->lang['VIEWED']; - $download_link = $img_source; - break; + $download_link = $filename; + + $block_array += array( + 'S_IMAGE' => true, + ); + + $update_count[] = $attachment['attach_id']; + break; // Images, but display Thumbnail case ATTACHMENT_CATEGORY_THUMB: - $thumb_source = $thumbnail_filename; - $l_downloaded_viewed = $user->lang['VIEWED']; - $download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; - $additional_array['VAR'][] = '{THUMB_IMG}'; - $additional_array['VAL'][] = $thumb_source; - break; + $block_array += array( + 'S_THUMBNAIL' => true, + 'THUMB_IMAGE' => $thumbnail_filename, + ); + break; // Windows Media Streams case ATTACHMENT_CATEGORY_WM: $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; + $block_array += array( + 'S_WM_FILE' => true, + ); + // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; - break; + break; // Real Media Streams case ATTACHMENT_CATEGORY_RM: $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; - $additional_array['VAR'][] = '{U_FORUM}'; - $additional_array['VAL'][] = generate_board_url(); - $additional_array['VAR'][] = '{ATTACH_ID}'; - $additional_array['VAL'][] = $attachment['attach_id']; + $block_array += array( + 'S_RM_FILE' => true, + 'U_FORUM' => generate_board_url(), + 'ATTACH_ID' => $attachment['attach_id'], + ); // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; break; -/* - // Macromedia Flash Files + +/* // Macromedia Flash Files case SWF_CAT: list($width, $height) = swf_getdimension($filename); $l_downloaded_viewed = $user->lang['VIEWED']; $download_link = $filename; - $additional_array = array( - 'WIDTH' => $width, - 'HEIGHT' => $height + $block_array += array( + 'S_SWF_FILE' => true, + 'WIDTH' => $width, + 'HEIGHT' => $height, ); // Viewed/Heared File ... update the download count (download.php is not called here) $update_count[] = $attachment['attach_id']; - break; + break; */ default: $l_downloaded_viewed = $user->lang['DOWNLOADED']; - $download_link = (!$force_physical) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; - break; + $download_link = (!$force_physical && $attachment['attach_id']) ? $phpbb_root_path . "download.$phpEx$SID&id=" . $attachment['attach_id'] : $filename; + + $block_array += array( + 'S_FILE' => true, + ); + break; } $l_download_count = (!isset($attachment['download_count']) || $attachment['download_count'] == 0) ? $user->lang['DOWNLOAD_NONE'] : (($attachment['download_count'] == 1) ? sprintf($user->lang['DOWNLOAD_COUNT'], $attachment['download_count']) : sprintf($user->lang['DOWNLOAD_COUNTS'], $attachment['download_count'])); - $current_block = ($display_cat) ? $blocks[$display_cat] : 'FILE'; - - $template_array['VAR'] = array_merge($additional_array['VAR'], array( - '{DOWNLOAD_NAME}', '{FILESIZE}', '{SIZE_VAR}', '{COMMENT}', '{U_DOWNLOAD_LINK}', '{UPLOAD_IMG}', '{L_DOWNLOADED_VIEWED}', '{L_DOWNLOAD_COUNT}') + $block_array += array( + 'U_DOWNLOAD_LINK' => $download_link, + 'L_DOWNLOADED_VIEWED' => $l_downloaded_viewed, + 'L_DOWNLOAD_COUNT' => $l_download_count ); + } - $template_array['VAL'] = array_merge($additional_array['VAL'], array( - $display_name, $filesize, $size_lang, $comment, $download_link, $upload_image, $l_downloaded_viewed, $l_download_count) + $template->assign_block_vars('_file', $block_array); + + $tpl = $template->assign_display('attachment_tpl'); + + if (!$return) + { + $template->assign_block_vars($blockname, array( + 'DISPLAY_ATTACHMENT' => $tpl) ); - - $tpl = str_replace($template_array['VAR'], $template_array['VAL'], $attachment_tpl[$current_block]); - - // Replace {L_*} lang strings - $tpl = preg_replace('/{L_([A-Z_]+)}/e', "(!empty(\$user->lang['\$1'])) ? \$user->lang['\$1'] : ucwords(strtolower(str_replace('_', ' ', '\$1')))", $tpl); - - if (!$return) - { - $template->assign_block_vars($blockname, array( - 'DISPLAY_ATTACHMENT' => $tpl) - ); - } - else - { - $return_tpl[] = $tpl; - } + } + else + { + $return_tpl[] = $tpl; } } return $return_tpl; -// $mtime = explode(' ', microtime()); -// $totaltime = $mtime[0] + $mtime[1] - $starttime; } /** diff --git a/phpBB/includes/functions_template.php b/phpBB/includes/functions_template.php index bf70f174d3..ec573d229e 100644 --- a/phpBB/includes/functions_template.php +++ b/phpBB/includes/functions_template.php @@ -40,6 +40,10 @@ class template_compile { var $template; + // Various storage arrays + var $block_names = array(); + var $block_else_level = array(); + /** * constuctor */ @@ -120,57 +124,54 @@ class template_compile switch ($blocks[1][$curr_tb]) { case 'BEGIN': - $this->template->block_else_level[] = false; + $this->block_else_level[] = false; $compile_blocks[] = 'compile_tag_block($blocks[2][$curr_tb]) . ' ?>'; - break; + break; case 'BEGINELSE': - $this->template->block_else_level[sizeof($this->template->block_else_level) - 1] = true; + $this->block_else_level[sizeof($this->block_else_level) - 1] = true; $compile_blocks[] = ''; - break; + break; case 'END': - array_pop($this->template->block_names); - $compile_blocks[] = 'template->block_else_level)) ? '}' : '}}') . ' ?>'; - break; + array_pop($this->block_names); + $compile_blocks[] = 'block_else_level)) ? '}' : '}}') . ' ?>'; + break; case 'IF': $compile_blocks[] = 'compile_tag_if($blocks[2][$curr_tb], false) . ' ?>'; - break; + break; case 'ELSE': $compile_blocks[] = ''; - break; + break; case 'ELSEIF': $compile_blocks[] = 'compile_tag_if($blocks[2][$curr_tb], true) . ' ?>'; - break; + break; case 'ENDIF': $compile_blocks[] = ''; - break; + break; case 'DEFINE': $compile_blocks[] = 'compile_tag_define($blocks[2][$curr_tb], true) . ' ?>'; - break; + break; case 'UNDEFINE': $compile_blocks[] = 'compile_tag_define($blocks[2][$curr_tb], false) . ' ?>'; - break; + break; case 'INCLUDE': - $temp = ''; - list(, $temp) = each($include_blocks); + $temp = array_shift($include_blocks); $compile_blocks[] = 'compile_tag_include($temp) . ' ?>'; $this->template->_tpl_include($temp, false); - break; + break; case 'INCLUDEPHP': if ($config['tpl_php']) { - $temp = ''; - list(, $temp) = each($includephp_blocks); - $compile_blocks[] = 'compile_tag_include_php($temp) . ' ?>'; + $compile_blocks[] = 'compile_tag_include_php(array_shift($includephp_blocks)) . ' ?>'; } else { @@ -181,9 +182,7 @@ class template_compile case 'PHP': if ($config['tpl_php']) { - $temp = ''; - list(, $temp) = each($php_blocks); - $compile_blocks[] = ''; + $compile_blocks[] = ''; } else { @@ -306,9 +305,9 @@ class template_compile } $tag_template_php = ''; - array_push($this->template->block_names, $tag_args); + array_push($this->block_names, $tag_args); - if (sizeof($this->template->block_names) < 2) + if (sizeof($this->block_names) < 2) { // Block is not nested. $tag_template_php = '$_' . $tag_args . "_count = (isset(\$this->_tpldata['$tag_args'])) ? sizeof(\$this->_tpldata['$tag_args']) : 0;"; @@ -321,11 +320,11 @@ class template_compile if ($no_nesting !== false) { // We need to implode $no_nesting times from the end... - $namespace = implode('.', array_slice($this->template->block_names, -$no_nesting)); + $namespace = implode('.', array_slice($this->block_names, -$no_nesting)); } else { - $namespace = implode('.', $this->template->block_names); + $namespace = implode('.', $this->block_names); } // Get a reference to the data array for this block that depends on the diff --git a/phpBB/includes/functions_upload.php b/phpBB/includes/functions_upload.php index a9e08ec1e9..46449ff722 100644 --- a/phpBB/includes/functions_upload.php +++ b/phpBB/includes/functions_upload.php @@ -164,6 +164,39 @@ class filespec return array_pop($filename); } + /** + * Get mimetype + */ + function get_mimetype($filename) + { + if (function_exists('mime_content_type')) + { + $mimetype = mime_content_type($filename); + } + else + { + $mimetype = 'application/octetstream'; + } + + // Opera adds the name to the mime type + $mimetype = (strpos($mimetype, '; name') !== false) ? str_replace(strstr($mimetype, '; name'), '', $mimetype) : $mimetype; + + if (!$mimetype) + { + $mimetype = 'application/octetstream'; + } + + return $mimetype; + } + + /** + * Get filesize + */ + function get_filesize($filename) + { + return @filesize($filename); + } + /** * Move file to destination folder * diff --git a/phpBB/includes/mcp/mcp_warn.php b/phpBB/includes/mcp/mcp_warn.php index fd75a86d21..cc52baabf6 100755 --- a/phpBB/includes/mcp/mcp_warn.php +++ b/phpBB/includes/mcp/mcp_warn.php @@ -306,7 +306,12 @@ function mcp_warn_user_view($id, $mode, $action) $sql_where = ($user_id) ? "user_id = $user_id" : "username = '" . $db->sql_escape($username) . "'"; - $userrow = get_userdata($user_id); + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE ' . $sql_where; + $result = $db->sql_query($sql); + $userrow = $db->sql_fetchrow($result); + $db->sql_freeresult($result); $user_id = $userrow['user_id']; diff --git a/phpBB/includes/message_parser.php b/phpBB/includes/message_parser.php index 9e86678580..2c4f89bcec 100644 --- a/phpBB/includes/message_parser.php +++ b/phpBB/includes/message_parser.php @@ -977,9 +977,9 @@ class parse_message extends bbcode_firstpass $this->filename_data['filecomment'] = request_var('filecomment', '', true); $upload_file = (isset($_FILES[$form_name]) && $_FILES[$form_name]['name'] != 'none' && trim($_FILES[$form_name]['name'])) ? true : false; - $add_file = (isset($_POST['add_file'])); - $delete_file = (isset($_POST['delete_file'])); - $edit_comment = (isset($_POST['edit_comment'])); + $add_file = (isset($_POST['add_file'])) ? true : false; + $delete_file = (isset($_POST['delete_file'])) ? true : false; + $edit_comment = (isset($_POST['edit_comment'])) ? true : false; $cfg = array(); $cfg['max_attachments'] = ($is_message) ? $config['max_attachments_pm'] : $config['max_attachments']; @@ -1063,6 +1063,9 @@ class parse_message extends bbcode_firstpass if ($edit_comment) { $actual_comment_list = request_var('comment_list', array(''), true); + + $edit_comment = key(request_var('edit_comment', array(0 => ''))); + $this->attachment_data[$edit_comment]['comment'] = $actual_comment_list[$edit_comment]; } if (($add_file || $preview) && $upload_file) @@ -1105,26 +1108,102 @@ class parse_message extends bbcode_firstpass } } - // Get Attachment Data + /** + * Get Attachment Data + */ function get_submitted_attachment_data() { + global $user, $db, $phpbb_root_path, $phpEx, $config; + $this->filename_data['filecomment'] = request_var('filecomment', '', true); $this->attachment_data = (isset($_POST['attachment_data'])) ? $_POST['attachment_data'] : array(); - // - $data_prepare = array('physical_filename' => 's', 'real_filename' => 's', 'comment' => 's', 'extension' => 's', 'mimetype' => 's', - 'filesize' => 'i', 'filetime' => 'i', 'attach_id' => 'i', 'thumbnail' => 'i'); + // Regenerate data array... + $attach_ids = $filenames = array(); + foreach ($this->attachment_data as $pos => $var_ary) { - foreach ($data_prepare as $var => $type) + if ($var_ary['attach_id']) { - if ($type == 's') + $attach_ids[(int) $this->attachment_data[$pos]['attach_id']] = $pos; + } + else + { + $filenames[$pos] = ''; + set_var($filenames[$pos], $this->attachment_data[$pos]['physical_filename'], 'string'); + $filenames[$pos] = basename($filenames[$pos]); + } + } + + $this->attachment_data = array(); + + // Regenerate already posted attachments... + if (sizeof($attach_ids)) + { + // Get the data from the attachments + $sql = 'SELECT attach_id, physical_filename, real_filename, extension, mimetype, filesize, filetime, thumbnail + FROM ' . ATTACHMENTS_TABLE . ' + WHERE attach_id IN (' . implode(', ', array_keys($attach_ids)) . ') + AND poster_id = ' . $user->data['user_id']; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (isset($attach_ids[$row['attach_id']])) { - $this->attachment_data[$pos][$var] = trim(htmlspecialchars(str_replace(array("\r\n", "\r", '\xFF'), array("\n", "\n", ' '), stripslashes($this->attachment_data[$pos][$var])))); + $pos = $attach_ids[$row['attach_id']]; + $this->attachment_data[$pos] = $row; + set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + + unset($attach_ids[$row['attach_id']]); + } + } + $db->sql_freeresult($result); + + if (sizeof($attach_ids)) + { + trigger_error('NO_ACCESS_ATTACHMENT'); + } + } + + // Regenerate newly uploaded attachments + if (sizeof($filenames)) + { + include_once($phpbb_root_path . 'includes/functions_upload.' . $phpEx); + + $sql = 'SELECT attach_id + FROM ' . ATTACHMENTS_TABLE . " + WHERE LOWER(physical_filename) IN ('" . implode("', '", array_map('strtolower', $filenames)) . "')"; + $result = $db->sql_query_limit($sql, 1); + $row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if ($row) + { + trigger_error('NO_ACCESS_ATTACHMENT'); + } + + foreach ($filenames as $pos => $physical_filename) + { + $this->attachment_data[$pos] = array( + 'physical_filename' => $physical_filename, + 'extension' => strtolower(filespec::get_extension($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename)), + 'filesize' => filespec::get_filesize($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename), + 'attach_id' => 0, + 'thumbnail' => (file_exists($phpbb_root_path . $config['upload_path'] . '/thumb_' . $physical_filename)) ? 1 : 0, + ); + + set_var($this->attachment_data[$pos]['comment'], $_POST['attachment_data'][$pos]['comment'], 'string', true); + set_var($this->attachment_data[$pos]['real_filename'], $_POST['attachment_data'][$pos]['real_filename'], 'string', true); + set_var($this->attachment_data[$pos]['filetime'], $_POST['attachment_data'][$pos]['filetime'], 'int'); + + if (strpos($_POST['attachment_data'][$pos]['mimetype'], 'image/') !== false) + { + set_var($this->attachment_data[$pos]['mimetype'], $_POST['attachment_data'][$pos]['mimetype'], 'string'); } else { - $this->attachment_data[$pos][$var] = (int) $this->attachment_data[$pos][$var]; + $this->attachment_data[$pos]['mimetype'] = filespec::get_mimetype($phpbb_root_path . $config['upload_path'] . '/' . $physical_filename); } } } diff --git a/phpBB/includes/template.php b/phpBB/includes/template.php index 82cddda071..022ef4f68c 100644 --- a/phpBB/includes/template.php +++ b/phpBB/includes/template.php @@ -18,21 +18,7 @@ if (!defined('IN_PHPBB')) /** * @package phpBB3 * -* Template class. -* -* psoTFX - Completion of file caching, decompilation routines and implementation of -* conditionals/keywords and associated changes -* -* The interface was inspired by PHPLib templates, and the template file (formats are -* quite similar) -* -* The keyword/conditional implementation is currently based on sections of code from -* the Smarty templating engine (c) 2001 ispi of Lincoln, Inc. which is released -* (on its own and in whole) under the LGPL. Section 3 of the LGPL states that any code -* derived from an LGPL application may be relicenced under the GPL, this applies -* to this source -* -* DEFINE directive inspired by a request by Cyberalien +* Base Template class. */ class template { @@ -52,11 +38,6 @@ class template // this will hash handle names to the compiled/uncompiled code for that handle. var $compiled_code = array(); - // Various counters and storage arrays - var $block_names = array(); - var $block_else_level = array(); - var $block_nesting_level = 0; - var $static_lang; /** @@ -153,7 +134,7 @@ class template * Display the handle and assign the output to a template variable * @public */ - function assign_display($handle, $template_var, $return_content = false, $include_once = true) + function assign_display($handle, $template_var = '', $return_content = true, $include_once = false) { ob_start(); $this->display($handle, $include_once); @@ -357,6 +338,36 @@ class template return true; } + /** + * Reset/empty complete block + * @public + */ + function reset_block_vars($blockname) + { + if (strpos($blockname, '.') !== false) + { + // Nested block. + $blocks = explode('.', $blockname); + $blockcount = sizeof($blocks) - 1; + + $str = &$this->_tpldata; + for ($i = 0; $i < $blockcount; $i++) + { + $str = &$str[$blocks[$i]]; + $str = &$str[sizeof($str) - 1]; + } + + unset($str[$blocks[$blockcount]]); + } + else + { + // Top-level block. + unset($this->_tpldata[$blockname]); + } + + return true; + } + /** * Change already assigned key variable pair (one-dimensional - single loop entry) * diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 30e4c06f77..ffe668d056 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -73,8 +73,8 @@ function compose_pm($id, $mode, $action) { trigger_error('NO_AUTH_SEND_MESSAGE'); } + break; - break; case 'reply': case 'quote': case 'forward': @@ -112,7 +112,7 @@ function compose_pm($id, $mode, $action) AND t.msg_id = p.msg_id AND p.msg_id = $msg_id"; } - break; + break; case 'edit': if (!$msg_id) @@ -127,7 +127,7 @@ function compose_pm($id, $mode, $action) AND t.folder_id = ' . PRIVMSGS_OUTBOX . " AND t.msg_id = $msg_id AND t.msg_id = p.msg_id"; - break; + break; case 'delete': if (!$auth->acl_get('u_pm_delete')) @@ -144,11 +144,11 @@ function compose_pm($id, $mode, $action) FROM ' . PRIVMSGS_TO_TABLE . ' WHERE user_id = ' . $user->data['user_id'] . " AND msg_id = $msg_id"; - break; + break; case 'smilies': generate_smilies('window', 0); - break; + break; default: trigger_error('NO_ACTION_MODE'); @@ -175,42 +175,46 @@ function compose_pm($id, $mode, $action) $db->sql_freeresult($result); - $msg_id = (int) $post['msg_id']; - $enable_urls = $post['enable_magic_url']; - $enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0; - - $message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0; - $message_text = $post['message_text']; - $message_subject = $post['message_subject']; - $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; - - $message_time = $post['message_time']; - $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; - $folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0; - $bbcode_uid = $post['bbcode_uid']; + $msg_id = (int) $post['msg_id']; + $folder_id = (isset($post['folder_id'])) ? $post['folder_id'] : 0; + $message_text = (isset($post['message_text'])) ? $post['message_text'] : ''; if (!$post['author_id'] && $msg_id) { trigger_error('NO_AUTHOR'); } - if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) + if ($action != 'delete') { - $address_list = array('u' => array($post['author_id'] => 'to')); - } - else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) - { - // Rebuild TO and BCC Header - $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); - } + $enable_urls = $post['enable_magic_url']; + $enable_sig = (isset($post['enable_sig'])) ? $post['enable_sig'] : 0; - if ($action == 'quotepost') - { - $check_value = 0; - } - else - { - $check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1); + $message_attachment = (isset($post['message_attachement'])) ? $post['message_attachement'] : 0; + $message_subject = $post['message_subject']; + $message_time = $post['message_time']; + $bbcode_uid = $post['bbcode_uid']; + + $quote_username = (isset($post['quote_username'])) ? $post['quote_username'] : ''; + $icon_id = (isset($post['icon_id'])) ? $post['icon_id'] : 0; + + if (($action == 'reply' || $action == 'quote' || $action == 'quotepost') && !sizeof($address_list) && !$refresh && !$submit && !$preview) + { + $address_list = array('u' => array($post['author_id'] => 'to')); + } + else if ($action == 'edit' && !sizeof($address_list) && !$refresh && !$submit && !$preview) + { + // Rebuild TO and BCC Header + $address_list = rebuild_header(array('to' => $post['to_address'], 'bcc' => $post['bcc_address'])); + } + + if ($action == 'quotepost') + { + $check_value = 0; + } + else + { + $check_value = (($post['enable_bbcode']+1) << 8) + (($post['enable_smilies']+1) << 4) + (($enable_urls+1) << 2) + (($post['enable_sig']+1) << 1); + } } } else @@ -247,8 +251,6 @@ function compose_pm($id, $mode, $action) $icon_id = 0; } - - $message_parser = new parse_message(); $message_parser->message = ($action == 'reply') ? '' : $message_text; @@ -547,7 +549,7 @@ function compose_pm($id, $mode, $action) $extensions = $update_count = array(); $template->assign_var('S_HAS_ATTACHMENTS', true); - display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count, true); + display_attachments(0, 'attachment', $message_parser->attachment_data, $update_count); } $preview_subject = censor_text($subject); diff --git a/phpBB/includes/ucp/ucp_pm_viewmessage.php b/phpBB/includes/ucp/ucp_pm_viewmessage.php index d8bfcc3ec7..f09bd2d39c 100644 --- a/phpBB/includes/ucp/ucp_pm_viewmessage.php +++ b/phpBB/includes/ucp/ucp_pm_viewmessage.php @@ -381,7 +381,12 @@ function get_user_informations($user_id, $user_row) if (empty($user_row)) { - $user_row = get_userdata((int) $user_id); + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $user_id; + $result = $db->sql_query($sql); + $user_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); } // Grab ranks diff --git a/phpBB/install/schemas/firebird_schema.sql b/phpBB/install/schemas/firebird_schema.sql index d395704a62..7d604447bf 100644 --- a/phpBB/install/schemas/firebird_schema.sql +++ b/phpBB/install/schemas/firebird_schema.sql @@ -1318,6 +1318,7 @@ CREATE TABLE phpbb_users ( user_type INTEGER DEFAULT 0 NOT NULL, group_id INTEGER DEFAULT 3 NOT NULL, user_permissions BLOB SUB_TYPE TEXT, + user_perm_from INTEGER DEFAULT 0 NOT NULL, user_ip VARCHAR(40) NOT NULL, user_regdate INTEGER DEFAULT 0 NOT NULL, username VARCHAR(255) NOT NULL, diff --git a/phpBB/install/schemas/mssql_schema.sql b/phpBB/install/schemas/mssql_schema.sql index 4bad827c8e..bce22a6f89 100644 --- a/phpBB/install/schemas/mssql_schema.sql +++ b/phpBB/install/schemas/mssql_schema.sql @@ -1976,6 +1976,7 @@ CREATE TABLE [phpbb_users] ( [user_type] [int] NOT NULL , [group_id] [int] NOT NULL , [user_permissions] [text] , + [user_perm_from] [int] NOT NULL , [user_ip] [varchar] (40) NOT NULL , [user_regdate] [int] NOT NULL , [username] [varchar] (255) NOT NULL , @@ -2052,6 +2053,7 @@ GO ALTER TABLE [phpbb_users] WITH NOCHECK ADD CONSTRAINT [DF_users__user_type] DEFAULT (0) FOR [user_type], CONSTRAINT [DF_users__group_id] DEFAULT (3) FOR [group_id], + CONSTRAINT [DF_users__user_perm_from] DEFAULT (0) FOR [user_perm_from], CONSTRAINT [DF_users__user_regdate] DEFAULT (0) FOR [user_regdate], CONSTRAINT [DF_users__user_passchg] DEFAULT (0) FOR [user_passchg], CONSTRAINT [DF_users__user_email_hash] DEFAULT (0) FOR [user_email_hash], diff --git a/phpBB/install/schemas/mysql_schema.sql b/phpBB/install/schemas/mysql_schema.sql index db15d91645..562d5de95d 100644 --- a/phpBB/install/schemas/mysql_schema.sql +++ b/phpBB/install/schemas/mysql_schema.sql @@ -873,6 +873,7 @@ CREATE TABLE phpbb_users ( user_type tinyint(1) DEFAULT '0' NOT NULL, group_id mediumint(8) DEFAULT '3' NOT NULL, user_permissions text, + user_perm_from mediumint(8) DEFAULT '0' NOT NULL, user_ip varchar(40) DEFAULT '' NOT NULL, user_regdate int(11) DEFAULT '0' NOT NULL, username varchar(255) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/oracle_schema.sql b/phpBB/install/schemas/oracle_schema.sql index bf4fedf512..9d5a743dab 100644 --- a/phpBB/install/schemas/oracle_schema.sql +++ b/phpBB/install/schemas/oracle_schema.sql @@ -1713,6 +1713,7 @@ CREATE TABLE phpbb_users ( user_type number(1) DEFAULT '0' NOT NULL, group_id number(8) DEFAULT '3' NOT NULL, user_permissions clob, + user_perm_from number(8) DEFAULT '0' NOT NULL, user_ip varchar2(40) DEFAULT '', user_regdate number(11) DEFAULT '0' NOT NULL, username varchar2(255) DEFAULT '', diff --git a/phpBB/install/schemas/postgres_schema.sql b/phpBB/install/schemas/postgres_schema.sql index 0fdab06b7e..313c2864cf 100644 --- a/phpBB/install/schemas/postgres_schema.sql +++ b/phpBB/install/schemas/postgres_schema.sql @@ -1216,6 +1216,7 @@ CREATE TABLE phpbb_users ( user_type INT2 DEFAULT '0' NOT NULL, group_id INT4 DEFAULT '3' NOT NULL, user_permissions TEXT, + user_perm_from INT4 DEFAULT '0' NOT NULL, user_ip varchar(40) DEFAULT '' NOT NULL, user_regdate INT4 DEFAULT '0' NOT NULL, username varchar(255) DEFAULT '' NOT NULL, diff --git a/phpBB/install/schemas/schema_data.sql b/phpBB/install/schemas/schema_data.sql index d4b1cec306..4174c287f3 100644 --- a/phpBB/install/schemas/schema_data.sql +++ b/phpBB/install/schemas/schema_data.sql @@ -294,6 +294,7 @@ INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_roles', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_search', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_server', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_styles', 1); +INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_switchperm', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_uauth', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_user', 1); INSERT INTO phpbb_auth_options (auth_option, is_global) VALUES ('a_userdel', 1); @@ -515,15 +516,15 @@ INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (77, 1, 'attachments', 'acp', 1, 56, 351, 352, 'ACP_EXTENSION_GROUPS', 'ext_groups', 'acl_a_attach'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (78, 1, 'attachments', 'acp', 1, 56, 353, 354, 'ACP_MANAGE_EXTENSIONS', 'extensions', 'acl_a_attach'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (80, 1, 'attachments', 'acp', 1, 56, 355, 356, 'ACP_ORPHAN_ATTACHMENTS', 'orphan', 'acl_a_attach'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (81, 1, 'board', 'acp', 1, 42, 285, 286, 'ACP_MESSAGE_SETTINGS', 'message', 'acl_a_defaults'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (81, 1, 'board', 'acp', 1, 42, 285, 286, 'ACP_MESSAGE_SETTINGS', 'message', 'acl_a_board'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (82, 1, 'board', 'acp', 1, 43, 297, 298, 'ACP_AUTH_SETTINGS', 'auth', 'acl_a_server'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (83, 1, 'board', 'acp', 1, 43, 299, 300, 'ACP_EMAIL_SETTINGS', 'email', 'acl_a_server'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (84, 1, 'jabber', 'acp', 1, 43, 301, 302, 'ACP_JABBER_SETTINGS', 'settings', 'acl_a_jabber'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (85, 1, 'board', 'acp', 1, 44, 305, 306, 'ACP_COOKIE_SETTINGS', 'cookie', 'acl_a_cookies'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (85, 1, 'board', 'acp', 1, 44, 305, 306, 'ACP_COOKIE_SETTINGS', 'cookie', 'acl_a_server'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (86, 1, 'board', 'acp', 1, 44, 307, 308, 'ACP_SERVER_SETTINGS', 'server', 'acl_a_server'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (87, 1, 'board', 'acp', 1, 44, 311, 312, 'ACP_LOAD_SETTINGS', 'load', 'acl_a_server'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (92, 1, 'modules', 'acp', 1, 67, 511, 512, 'MCP', 'mcp', 'acl_a_modules'); -INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (93, 1, 'board', 'acp', 1, 75, 337, 338, 'ACP_MESSAGE_SETTINGS', 'message', 'acl_a_defaults'); +INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (93, 1, 'board', 'acp', 1, 75, 337, 338, 'ACP_MESSAGE_SETTINGS', 'message', 'acl_a_board'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (94, 1, 'bbcodes', 'acp', 1, 75, 339, 340, 'ACP_BBCODES', 'bbcodes', 'acl_a_bbcode'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (95, 1, 'icons', 'acp', 1, 75, 341, 342, 'ACP_ICONS', 'icons', 'acl_a_icons'); INSERT INTO phpbb_modules (module_id, module_enabled, module_name, module_class, module_display, parent_id, left_id, right_id, module_langname, module_mode, module_auth) VALUES (96, 1, 'icons', 'acp', 1, 75, 343, 344, 'ACP_SMILIES', 'smilies', 'acl_a_icons'); @@ -657,7 +658,7 @@ INSERT INTO phpbb_auth_users (user_id, forum_id, auth_option_id, auth_setting) S # ADMINISTRATOR group - admin and forum rights INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 7, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option LIKE 'u_%'; -INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 7, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option LIKE 'a_%'; +INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 7, 0, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option LIKE 'a_%' AND auth_option NOT IN ('a_switchperm'); INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 7, 1, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_poll', 'f_announce', 'f_sticky', 'f_attach'); INSERT INTO phpbb_auth_groups (group_id, forum_id, auth_option_id, auth_setting) SELECT 7, 2, auth_option_id, 1 FROM phpbb_auth_options WHERE auth_option IN ('f_poll', 'f_announce', 'f_sticky', 'f_attach'); diff --git a/phpBB/install/schemas/sqlite_schema.sql b/phpBB/install/schemas/sqlite_schema.sql index 0df2b54a35..482299e0ae 100644 --- a/phpBB/install/schemas/sqlite_schema.sql +++ b/phpBB/install/schemas/sqlite_schema.sql @@ -935,6 +935,7 @@ CREATE TABLE phpbb_users ( user_type tinyint(1) NOT NULL DEFAULT '0', group_id mediumint(8) NOT NULL DEFAULT '3', user_permissions text(65535), + user_perm_from mediumint(8) NOT NULL DEFAULT '0', user_ip varchar(40) NOT NULL DEFAULT '', user_regdate int(11) NOT NULL DEFAULT '0', username varchar(255) NOT NULL DEFAULT '', diff --git a/phpBB/language/en/acp/common.php b/phpBB/language/en/acp/common.php index d92d78c4d6..16139b60ac 100644 --- a/phpBB/language/en/acp/common.php +++ b/phpBB/language/en/acp/common.php @@ -345,6 +345,8 @@ $lang = array_merge($lang, array( 'LOG_ACL_DEL_MOD_LOCAL_M_' => 'Removed Moderators from %s
» %s', 'LOG_ACL_DEL_FORUM_LOCAL_F_' => 'Removed User/Group Forum Permissions from %s
» %s', + 'LOG_ACL_TRANSFER_PERMISSIONS' => 'Permissions transfered from
» %s', + 'LOG_ACL_RESTORE_PERMISSIONS' => 'Own permissions restored after using permissions from
» %s', 'LOG_ATTACH_EXT_ADD' => 'Added or edited attachment extension
» %s', 'LOG_ATTACH_EXT_DEL' => 'Removed attachment extension
» %s', diff --git a/phpBB/language/en/acp/permissions_phpbb.php b/phpBB/language/en/acp/permissions_phpbb.php index ff2f916355..25744bc0d5 100644 --- a/phpBB/language/en/acp/permissions_phpbb.php +++ b/phpBB/language/en/acp/permissions_phpbb.php @@ -204,6 +204,7 @@ $lang = array_merge($lang, array( 'acl_a_authgroups' => array('lang' => 'Can alter permissions for groups', 'cat' => 'permissions'), 'acl_a_authusers' => array('lang' => 'Can alter permissions for users', 'cat' => 'permissions'), 'acl_a_roles' => array('lang' => 'Can manage roles', 'cat' => 'permissions'), + 'acl_a_switchperm' => array('lang' => 'Can use others permissions', 'cat' => 'permissions'), 'acl_a_styles' => array('lang' => 'Can manage styles', 'cat' => 'misc'), 'acl_a_viewlogs' => array('lang' => 'Can view logs', 'cat' => 'misc'), diff --git a/phpBB/language/en/common.php b/phpBB/language/en/common.php index 72907c97cb..e2a2722a9f 100644 --- a/phpBB/language/en/common.php +++ b/phpBB/language/en/common.php @@ -286,6 +286,7 @@ $lang = array_merge($lang, array( 'NOT_AUTHORIZED' => 'You are not authorized to access this area.', 'NOT_WATCHING_FORUM' => 'You are no longer subscribed to updates on this forum.', 'NOT_WATCHING_TOPIC' => 'You are no longer subscribed to this topic.', + 'NO_ACCESS_ATTACHMENT' => 'You are not allowed to access this file.', 'NO_AUTH_ADMIN' => 'You do not have admin permissions and therefore not allowed to access the administration control panel.', 'NO_AUTH_ADMIN_USER_DIFFER' => 'You are not able to re-authenticate as a different user.', 'NO_AUTH_OPERATION' => 'You do not have the neccessary permissions to complete this operation.', @@ -482,6 +483,7 @@ $lang = array_merge($lang, array( 'USER_POST' => '%d Post', 'USER_POSTS' => '%d Posts', 'USERS' => 'Users', + 'USE_PERMISSIONS' => 'Test out users permissions', 'VIEWED' => 'Viewed', 'VIEWING_FAQ' => 'Viewing FAQ', diff --git a/phpBB/language/en/memberlist.php b/phpBB/language/en/memberlist.php index 13eb24ff38..204fb91adf 100644 --- a/phpBB/language/en/memberlist.php +++ b/phpBB/language/en/memberlist.php @@ -112,6 +112,7 @@ $lang = array_merge($lang, array( 'SORT_POST_COUNT' => 'Post count', 'USERNAME_BEGINS_WITH' => 'Username begins with', + 'USER_ADMIN' => 'Administrate User', 'USER_FORUM' => 'User statistics', 'USER_ONLINE' => 'Online', 'USER_PRESENCE' => 'Forum presence', diff --git a/phpBB/language/en/ucp.php b/phpBB/language/en/ucp.php index eb1ad6d45b..2c6e335f4a 100644 --- a/phpBB/language/en/ucp.php +++ b/phpBB/language/en/ucp.php @@ -279,6 +279,8 @@ $lang = array_merge($lang, array( 'PASSWORD_ACTIVATED' => 'Your new password has been activated', 'PASSWORD_UPDATED' => 'Your password has been sent successfully to your original email address.', + 'PERMISSIONS_RESTORED' => 'Successfully restored original permissions.', + 'PERMISSIONS_TRANSFERED' => 'Successfully transfered permissions from %s, you are now able to browse the forum with the users permissions.
Please note that admin permissions were not transfered. You are able to revert to your permission set at any time.', 'PM_DISABLED' => 'Private messaging has been disabled on this board', 'PM_FROM' => 'From', 'PM_ICON' => 'PM Icon', diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index b1d4b91d66..50ea8d789a 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -396,6 +396,9 @@ switch ($mode) 'S_CUSTOM_FIELDS' => (isset($profile_fields['row']) && sizeof($profile_fields['row'])) ? true : false, 'S_SHOW_ACTIVITY' => ($config['load_user_activity']) ? true : false, + 'U_USER_ADMIN' => ($auth->acl_get('a_user')) ? "{$phpbb_root_path}adm/index.$phpEx?sid={$user->session_id}&i=users&mode=overview&u={$user_id}" : '', + 'U_SWITCH_PERMISSIONS' => ($auth->acl_get('a_switchperm') && $user->data['user_id'] != $user_id) ? "{$phpbb_root_path}ucp.$phpEx$SID&mode=switch_perm&u={$user_id}" : '', + 'S_ZEBRA' => ($user->data['user_id'] != $user_id && $user->data['is_registered']) ? true : false, 'U_ADD_FRIEND' => "{$phpbb_root_path}ucp.$phpEx$SID&i=zebra&add=" . urlencode($member['username']), 'U_ADD_FOE' => "{$phpbb_root_path}ucp.$phpEx$SID&i=zebra&mode=foes&add=" . urlencode($member['username'])) diff --git a/phpBB/styles/subSilver/template/attachment.html b/phpBB/styles/subSilver/template/attachment.html index 9727602bbc..65d32a5932 100644 --- a/phpBB/styles/subSilver/template/attachment.html +++ b/phpBB/styles/subSilver/template/attachment.html @@ -1,73 +1,84 @@ - - [{L_DENIED}]

- - - {COMMENT}
- - - - - - - - - - - - -
{DOWNLOAD_NAME} - {L_DOWNLOADED_VIEWED} {L_DOWNLOAD_COUNT}

- + - - {COMMENT}
- - - - - - - - -
- - - - - + + [{_file.DENIED_MESSAGE}]
+ - -
{DOWNLOAD_NAME} - {L_DOWNLOADED_VIEWED} {L_DOWNLOAD_COUNT}

- + + {_file.DOWNLOAD_NAME}
+ {_file.DOWNLOAD_NAME} [ {_file.FILESIZE} {_file.SIZE_LANG} | {_file.L_DOWNLOADED_VIEWED} {_file.L_DOWNLOAD_COUNT} ] + - - {COMMENT}
- {DOWNLOAD_NAME} -
{DOWNLOAD_NAME} - {L_DOWNLOADED_VIEWED} {L_DOWNLOAD_COUNT}

- + + + {_file.UPLOAD_IMAGE} + {_file.DOWNLOAD_NAME} [{_file.FILESIZE} {_file.SIZE_LANG}] +
+ {_file.L_DOWNLOADED_VIEWED} {_file.L_DOWNLOAD_COUNT} + - - {L_FILE_COMMENT}: {COMMENT}
- {DOWNLOAD_NAME}
- {DOWNLOAD_NAME} - {L_DOWNLOADED_VIEWED} {L_DOWNLOAD_COUNT} - + + + + + + + + + + + + + +
+ {_file.DOWNLOAD_NAME} [ {_file.FILESIZE} {_file.SIZE_LANG} | {_file.L_DOWNLOADED_VIEWED} {_file.L_DOWNLOAD_COUNT} ] + - - {L_FILE_COMMENT}: {COMMENT}
- {UPLOAD_IMG} {DOWNLOAD_NAME} - {FILESIZE} {SIZE_VAR}
- {L_DOWNLOADED_VIEWED} {L_DOWNLOAD_COUNT} - - + + + + + + + + + +
+ + + + + + + +
+ {_file.DOWNLOAD_NAME} [ {_file.FILESIZE} {_file.SIZE_LANG} | {_file.L_DOWNLOADED_VIEWED} {_file.L_DOWNLOAD_COUNT} ] + + +
+ + + diff --git a/phpBB/styles/subSilver/template/mcp_forum.html b/phpBB/styles/subSilver/template/mcp_forum.html index a618df4ce7..9d15fc04d1 100644 --- a/phpBB/styles/subSilver/template/mcp_forum.html +++ b/phpBB/styles/subSilver/template/mcp_forum.html @@ -2,7 +2,7 @@ {L_VIEW_FORUM_LOGS} -
+
@@ -57,7 +57,7 @@
{L_DISPLAY_TOPICS}: {S_SELECT_SORT_DAYS} {L_SORT_BY} {S_SELECT_SORT_KEY} {S_SELECT_SORT_DIR} 
- +
{L_MARK_ALL} :: {L_UNMARK_ALL}{L_MARK_ALL} :: {L_UNMARK_ALL}
diff --git a/phpBB/styles/subSilver/template/mcp_header.html b/phpBB/styles/subSilver/template/mcp_header.html index d371b94872..0e26ebe0b9 100644 --- a/phpBB/styles/subSilver/template/mcp_header.html +++ b/phpBB/styles/subSilver/template/mcp_header.html @@ -1,17 +1,5 @@ - - diff --git a/phpBB/styles/subSilver/template/ucp_attachments.html b/phpBB/styles/subSilver/template/ucp_attachments.html index 144b3664f7..fba878b6b0 100644 --- a/phpBB/styles/subSilver/template/ucp_attachments.html +++ b/phpBB/styles/subSilver/template/ucp_attachments.html @@ -41,7 +41,7 @@ -
{L_MARK_ALL} :: {L_UNMARK_ALL}
+
{L_MARK_ALL} :: {L_UNMARK_ALL}
diff --git a/phpBB/styles/subSilver/template/ucp_groups_manage.html b/phpBB/styles/subSilver/template/ucp_groups_manage.html index e067db83ed..125ebad9df 100644 --- a/phpBB/styles/subSilver/template/ucp_groups_manage.html +++ b/phpBB/styles/subSilver/template/ucp_groups_manage.html @@ -135,19 +135,6 @@ - -

{L_GROUP_MEMBERS}

{L_GROUP_MEMBERS_EXPLAIN}

@@ -196,7 +183,7 @@ -
{L_MARK_ALL} :: {L_UNMARK_ALL}
+
{L_MARK_ALL} :: {L_UNMARK_ALL}
diff --git a/phpBB/styles/subSilver/template/ucp_header.html b/phpBB/styles/subSilver/template/ucp_header.html index 6ff1b3206f..b84aab9107 100644 --- a/phpBB/styles/subSilver/template/ucp_header.html +++ b/phpBB/styles/subSilver/template/ucp_header.html @@ -156,4 +156,4 @@ - + diff --git a/phpBB/styles/subSilver/template/ucp_main_bookmarks.html b/phpBB/styles/subSilver/template/ucp_main_bookmarks.html index 46185e1775..984c313f1f 100644 --- a/phpBB/styles/subSilver/template/ucp_main_bookmarks.html +++ b/phpBB/styles/subSilver/template/ucp_main_bookmarks.html @@ -53,6 +53,6 @@ -
{L_MARK_ALL} :: {L_UNMARK_ALL}
+
{L_MARK_ALL} :: {L_UNMARK_ALL}
\ No newline at end of file diff --git a/phpBB/styles/subSilver/template/ucp_main_subscribed.html b/phpBB/styles/subSilver/template/ucp_main_subscribed.html index 033df21c16..17d58bd132 100644 --- a/phpBB/styles/subSilver/template/ucp_main_subscribed.html +++ b/phpBB/styles/subSilver/template/ucp_main_subscribed.html @@ -81,6 +81,6 @@ -
{L_MARK_ALL} :: {L_UNMARK_ALL}
+
{L_MARK_ALL} :: {L_UNMARK_ALL}
\ No newline at end of file diff --git a/phpBB/styles/subSilver/template/ucp_pm_message_footer.html b/phpBB/styles/subSilver/template/ucp_pm_message_footer.html index d20c099894..777b93935e 100644 --- a/phpBB/styles/subSilver/template/ucp_pm_message_footer.html +++ b/phpBB/styles/subSilver/template/ucp_pm_message_footer.html @@ -37,5 +37,5 @@ -
{L_MARK_ALL} :: {L_UNMARK_ALL}
+
{L_MARK_ALL} :: {L_UNMARK_ALL}
diff --git a/phpBB/styles/subSilver/template/ucp_pm_message_header.html b/phpBB/styles/subSilver/template/ucp_pm_message_header.html index ece2389952..f499b82fd5 100644 --- a/phpBB/styles/subSilver/template/ucp_pm_message_header.html +++ b/phpBB/styles/subSilver/template/ucp_pm_message_header.html @@ -1,16 +1,4 @@ - - - +
diff --git a/phpBB/styles/subSilver/template/ucp_profile_signature.html b/phpBB/styles/subSilver/template/ucp_profile_signature.html index 8d28984840..316fb89266 100644 --- a/phpBB/styles/subSilver/template/ucp_profile_signature.html +++ b/phpBB/styles/subSilver/template/ucp_profile_signature.html @@ -26,14 +26,6 @@ s_help = "{L_BBCODE_S_HELP}"; f_help = "{L_BBCODE_F_HELP}"; e_help = "{L_BBCODE_E_HELP}"; -function marklist(form_name, status) -{ - for (i = 0; i < document.forms[form_name].length; i++) - { - document.forms[form_name].elements[i].checked = status; - } -} - //--> diff --git a/phpBB/styles/subSilver/template/viewtopic_body.html b/phpBB/styles/subSilver/template/viewtopic_body.html index e31392590c..14be0cf2c5 100644 --- a/phpBB/styles/subSilver/template/viewtopic_body.html +++ b/phpBB/styles/subSilver/template/viewtopic_body.html @@ -206,7 +206,7 @@
{postrow.attachment.DISPLAY_ATTACHMENT}{postrow.attachment.DISPLAY_ATTACHMENT}
diff --git a/phpBB/ucp.php b/phpBB/ucp.php index d9dfc9d1ba..9775e5fd81 100755 --- a/phpBB/ucp.php +++ b/phpBB/ucp.php @@ -39,8 +39,8 @@ switch ($mode) case 'activate': $module->load('ucp', 'activate'); $module->display($user->lang['UCP_ACTIVATE']); - redirect("index.$phpEx$SID"); + redirect("index.$phpEx$SID"); break; case 'resend_act': @@ -64,7 +64,6 @@ switch ($mode) break; case 'confirm': - $module->load('ucp', 'confirm'); exit; break; @@ -161,6 +160,72 @@ switch ($mode) redirect("index.$phpEx$SID"); break; + + case 'switch_perm': + + $user_id = request_var('u', 0); + + $sql = 'SELECT * + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . (int) $user_id; + $result = $db->sql_query($sql); + $user_row = $db->sql_fetchrow($result); + $db->sql_freeresult($result); + + if (!$auth->acl_get('a_switchperm') || !$user_row || $user_id == $user->data['user_id']) + { + redirect("index.$phpEx$SID"); + } + + include($phpbb_root_path . 'includes/acp/auth.' . $phpEx); + + $auth_admin = new auth_admin(); + if (!$auth_admin->ghost_permissions($user_id, $user->data['user_id'])) + { + redirect("index.$phpEx$SID"); + } + + $sql = 'SELECT username + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . $user_id; + $result = $db->sql_query($sql); + $username = $db->sql_fetchfield('username'); + $db->sql_freeresult($result); + + add_log('admin', 'LOG_ACL_TRANSFER_PERMISSIONS', $username); + + $message = sprintf($user->lang['PERMISSIONS_TRANSFERED'], $user_row['username']) . '

' . sprintf($user->lang['RETURN_INDEX'], "", ''); + trigger_error($message); + + break; + + case 'restore_perm': + + if (!$user->data['user_perm_from'] || !$auth->acl_get('a_switchperm')) + { + redirect("index.$phpEx$SID"); + } + + $auth->acl_cache($user->data); + + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_perm_from = 0 + WHERE user_id = " . $user->data['user_id']; + $db->sql_query($sql); + + $sql = 'SELECT username + FROM ' . USERS_TABLE . ' + WHERE user_id = ' . $user->data['user_perm_from']; + $result = $db->sql_query($sql); + $username = $db->sql_fetchfield('username'); + $db->sql_freeresult($result); + + add_log('admin', 'LOG_ACL_RESTORE_PERMISSIONS', $username); + + $message = $user->lang['PERMISSIONS_RESTORED'] . '

' . sprintf($user->lang['RETURN_INDEX'], "", ''); + trigger_error($message); + + break; } // Only registered users can go beyond this point