makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 22:28:51 +00:00
Code Issues Projects Releases Packages Wiki Activity

Rejiggle "board disabled" system to allow admin/mods access, eliminate duplication and "fudges" ... hopefully I've not overlooked something fundamental ...

Browse source 
git-svn-id: file:///svn/phpbb/trunk@4950 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2004-08-02 14:32:04 +00:00
parent 8b85a84d55
commit a5ac9bbb3a
4 changed files with 118 additions and 101 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
phpBB/adm/pagestart.php
View file

@ -7,8 +7,8 @@
// STARTED : Thu Aug 2, 2001 // STARTED : Thu Aug 2, 2001
// COPYRIGHT : © 2001, 2004 phpBB Group // COPYRIGHT : © 2001, 2004 phpBB Group
// WWW : http://www.phpbb.com/ // WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ] // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
// //
// ------------------------------------------------------------- // -------------------------------------------------------------
if (!defined('IN_PHPBB') || !isset($phpbb_root_path)) if (!defined('IN_PHPBB') || !isset($phpbb_root_path))
@ -16,14 +16,12 @@ if (!defined('IN_PHPBB') || !isset($phpbb_root_path))
die('Hacking attempt'); die('Hacking attempt');
} }
define('IN_ADMIN', true);
define('NEED_SID', true); define('NEED_SID', true);
require($phpbb_root_path . 'common.'.$phpEx); require($phpbb_root_path . 'common.'.$phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx); require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
// Start session management // Start session management
$user->start(); $user->start();
$user->setup('admin');
// Did user forget to login? Give 'em a chance to here ... // Did user forget to login? Give 'em a chance to here ...
if ($user->data['user_id'] == ANONYMOUS) if ($user->data['user_id'] == ANONYMOUS)
@ -32,11 +30,12 @@ if ($user->data['user_id'] == ANONYMOUS)
} }
$auth->acl($user->data); $auth->acl($user->data);
$user->setup('admin');
// End session management // End session management
// Some oft used variables // Some oft used variables
$safe_mode = (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false; $safe_mode = (@ini_get('safe_mode') || @strtolower(ini_get('safe_mode')) == 'on') ? true : false;
$file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false; $file_uploads = (@ini_get('file_uploads') || strtolower(@ini_get('file_uploads')) == 'on') ? true : false;
// ----------------------------- // -----------------------------
@ -192,7 +191,7 @@ function adm_page_confirm($title, $message)
{ {
global $phpEx, $SID, $user; global $phpEx, $SID, $user;
// Grab data from GET and POST arrays ... note this is _not_ // Grab data from GET and POST arrays ... note this is _not_
// validated! Everything is typed as string to ensure no // validated! Everything is typed as string to ensure no
// funny business on displayed hidden field data. Validation // funny business on displayed hidden field data. Validation
// will be carried out by whatever processes this form. // will be carried out by whatever processes this form.
@ -299,7 +298,7 @@ class module
// Get the localised lang string if available, or make up our own otherwise // Get the localised lang string if available, or make up our own otherwise
$template->assign_block_vars($module_type . '_section', array( $template->assign_block_vars($module_type . '_section', array(
'L_TITLE' => (isset($user->lang[strtoupper($module_type) . '_' . $row['module_title']])) ? $user->lang[strtoupper($module_type) . '_' . $row['module_title']] : ucfirst(str_replace('_', ' ', strtolower($row['module_title']))), 'L_TITLE' => (isset($user->lang[strtoupper($module_type) . '_' . $row['module_title']])) ? $user->lang[strtoupper($module_type) . '_' . $row['module_title']] : ucfirst(str_replace('_', ' ', strtolower($row['module_title']))),
'S_SELECTED' => $selected, 'S_SELECTED' => $selected,
'U_TITLE' => $module_url . '&i=' . $row['module_id']) 'U_TITLE' => $module_url . '&i=' . $row['module_id'])
); );
*/ */
@ -336,7 +335,7 @@ class module
// Get the localised lang string if available, or make up our own otherwise // Get the localised lang string if available, or make up our own otherwise
$template->assign_block_vars("{$module_type}_section.{$module_type}_subsection", array( $template->assign_block_vars("{$module_type}_section.{$module_type}_subsection", array(
'L_TITLE' => (isset($user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)])) ? $user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)] : ucfirst(str_replace('_', ' ', strtolower($submodule_title))), 'L_TITLE' => (isset($user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)])) ? $user->lang[strtoupper($module_type) . '_' . strtoupper($submodule_title)] : ucfirst(str_replace('_', ' ', strtolower($submodule_title))),
'S_SELECTED' => $selected, 'S_SELECTED' => $selected,
'U_TITLE' => $module_url . '&i=' . $module_id . '&mode=' . $submodule_title 'U_TITLE' => $module_url . '&i=' . $module_id . '&mode=' . $submodule_title
)); ));
*/ */

15
phpBB/common.php
View file

@ -7,8 +7,8 @@
// STARTED : Sat Feb 17, 2001 // STARTED : Sat Feb 17, 2001
// COPYRIGHT : © 2001, 2003 phpBB Group // COPYRIGHT : © 2001, 2003 phpBB Group
// WWW : http://www.phpbb.com/ // WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ] // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
// //
// ------------------------------------------------------------- // -------------------------------------------------------------
if (!defined('IN_PHPBB')) if (!defined('IN_PHPBB'))
@ -241,7 +241,7 @@ $db->sql_connect($dbhost, $dbuser, $dbpasswd, $dbname, $dbport, false);
// Grab global variables, re-cache if necessary // Grab global variables, re-cache if necessary
if ($config = $cache->get('config')) if ($config = $cache->get('config'))
{ {
$sql = 'SELECT * $sql = 'SELECT *
FROM ' . CONFIG_TABLE . ' FROM ' . CONFIG_TABLE . '
WHERE is_dynamic = 1'; WHERE is_dynamic = 1';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -255,7 +255,7 @@ else
{ {
$config = $cached_config = array(); $config = $cached_config = array();
$sql = 'SELECT * $sql = 'SELECT *
FROM ' . CONFIG_TABLE; FROM ' . CONFIG_TABLE;
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -301,11 +301,4 @@ if (file_exists('install'))
// trigger_error('REMOVE_INSTALL'); // trigger_error('REMOVE_INSTALL');
} }
// Show 'Board is disabled' message
if ($config['board_disable'] && !defined('IN_ADMIN') && !defined('IN_LOGIN'))
{
$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
trigger_error($message);
}
?> ?>

128
phpBB/includes/session.php
View file

@ -3,12 +3,12 @@
// //
// $Id$ // $Id$
// //
// FILENAME : session.php // FILENAME : session.php
// STARTED : Sat Dec 16, 2000 // STARTED : Sat Dec 16, 2000
// COPYRIGHT : © 2001, 2003 phpBB Group // COPYRIGHT : © 2001, 2003 phpBB Group
// WWW : http://www.phpbb.com/ // WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ] // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
// //
// ------------------------------------------------------------- // -------------------------------------------------------------
class session class session
@ -33,7 +33,7 @@ class session
$split_page = array(); $split_page = array();
preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER); preg_match_all('#^.*?([a-z]+?)\.' . $phpEx . '\?sid=[a-z0-9]*?(&.*)?$#i', $this->page, $split_page, PREG_SET_ORDER);
// Page for session_page value // Page for session_page value
$this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : ''); $this->page = $split_page[0][1] . ((isset($split_page[0][2])) ? $split_page[0][2] : '');
$this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : ''; $this->page .= (isset($_POST['f'])) ? 'f=' . intval($_POST['f']) : '';
@ -148,8 +148,8 @@ class session
$bot = false; $bot = false;
// Pull bot information from DB and loop through it // Pull bot information from DB and loop through it
$sql = 'SELECT user_id, bot_agent, bot_ip $sql = 'SELECT user_id, bot_agent, bot_ip
FROM ' . BOTS_TABLE . ' FROM ' . BOTS_TABLE . '
WHERE bot_active = 1'; WHERE bot_active = 1';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -193,12 +193,6 @@ class session
WHERE u.user_id = $user_id WHERE u.user_id = $user_id
AND u.group_id = g.group_id AND u.group_id = g.group_id
ORDER BY s.session_time DESC"; ORDER BY s.session_time DESC";
/* $sql = 'SELECT u.*, s.session_time, s.session_id
FROM (' . USERS_TABLE . ' u
LEFT JOIN ' . SESSIONS_TABLE . " s ON s.session_user_id = u.user_id)
WHERE u.user_id = $user_id
ORDER BY s.session_time DESC";*/
$result = $db->sql_query_limit($sql, 1); $result = $db->sql_query_limit($sql, 1);
$this->data = $db->sql_fetchrow($result); $this->data = $db->sql_fetchrow($result);
@ -239,7 +233,7 @@ class session
{ {
$banned = false; $banned = false;
$sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end $sql = 'SELECT ban_ip, ban_userid, ban_email, ban_exclude, ban_give_reason, ban_end
FROM ' . BANLIST_TABLE . ' FROM ' . BANLIST_TABLE . '
WHERE ban_end >= ' . time() . ' WHERE ban_end >= ' . time() . '
OR ban_end = 0'; OR ban_end = 0';
@ -249,8 +243,8 @@ class session
{ {
do do
{ {
if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $this->data['user_id']) || if ((!empty($row['ban_userid']) && intval($row['ban_userid']) == $this->data['user_id']) ||
(!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $this->ip)) || (!empty($row['ban_ip']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $this->ip)) ||
(!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $this->data['user_email']))) (!empty($row['ban_email']) && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $this->data['user_email'])))
{ {
if (!empty($row['ban_exclude'])) if (!empty($row['ban_exclude']))
@ -260,7 +254,7 @@ class session
} }
else else
{ {
$banned = true; $banned = true;
} }
} }
} }
@ -273,10 +267,10 @@ class session
// Initiate environment ... since it won't be set at this stage // Initiate environment ... since it won't be set at this stage
$this->setup(); $this->setup();
// Determine which message to output // Determine which message to output
$till_date = (!empty($row['ban_end'])) ? $this->format_date($row['ban_end']) : ''; $till_date = (!empty($row['ban_end'])) ? $this->format_date($row['ban_end']) : '';
$message = (!empty($row['ban_end'])) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM'; $message = (!empty($row['ban_end'])) ? 'BOARD_BAN_TIME' : 'BOARD_BAN_PERM';
$message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>'); $message = sprintf($this->lang[$message], $till_date, '<a href="mailto:' . $config['board_contact'] . '">', '</a>');
// More internal HTML ... :D // More internal HTML ... :D
$message .= (!empty($row['ban_show_reason'])) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $row['ban_show_reason']) : ''; $message .= (!empty($row['ban_show_reason'])) ? '<br /><br />' . sprintf($this->lang['BOARD_BAN_REASON'], $row['ban_show_reason']) : '';
@ -291,7 +285,7 @@ class session
$db->sql_return_on_error(true); $db->sql_return_on_error(true);
$sql = 'UPDATE ' . SESSIONS_TABLE . " $sql = 'UPDATE ' . SESSIONS_TABLE . "
SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '" . $db->sql_escape($this->browser) . "', session_page = '" . $db->sql_escape($this->page) . "', session_allow_viewonline = $viewonline
WHERE session_id = '" . $db->sql_escape($this->session_id) . "'"; WHERE session_id = '" . $db->sql_escape($this->session_id) . "'";
if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows()) if ($this->session_id == '' || !$db->sql_query($sql) || !$db->sql_affectedrows())
{ {
@ -301,9 +295,9 @@ class session
$sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', array( $sql = 'INSERT INTO ' . SESSIONS_TABLE . ' ' . $db->sql_build_array('INSERT', array(
'session_id' => (string) $this->session_id, 'session_id' => (string) $this->session_id,
'session_user_id' => (int) $user_id, 'session_user_id' => (int) $user_id,
'session_start' => (int) $current_time, 'session_start' => (int) $current_time,
'session_last_visit' => (int) $this->data['session_last_visit'], 'session_last_visit' => (int) $this->data['session_last_visit'],
'session_time' => (int) $current_time, 'session_time' => (int) $current_time,
'session_ip' => (string) $this->ip, 'session_ip' => (string) $this->ip,
'session_browser' => (string) $this->browser, 'session_browser' => (string) $this->browser,
'session_page' => (string) $this->page, 'session_page' => (string) $this->page,
@ -430,7 +424,7 @@ class session
if ($row['session_user_id'] != ANONYMOUS) if ($row['session_user_id'] != ANONYMOUS)
{ {
$sql = 'UPDATE ' . USERS_TABLE . ' $sql = 'UPDATE ' . USERS_TABLE . '
SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "' SET user_lastvisit = ' . $row['recent_time'] . ", user_lastpage = '" . $db->sql_escape($row['session_page']) . "'
WHERE user_id = " . $row['session_user_id']; WHERE user_id = " . $row['session_user_id'];
$db->sql_query($sql); $db->sql_query($sql);
} }
@ -441,7 +435,7 @@ class session
while ($row = $db->sql_fetchrow($result)); while ($row = $db->sql_fetchrow($result));
} }
if ($del_user_id != '') if ($del_user_id)
{ {
// Delete expired sessions // Delete expired sessions
$sql = 'DELETE FROM ' . SESSIONS_TABLE . " $sql = 'DELETE FROM ' . SESSIONS_TABLE . "
@ -555,7 +549,7 @@ class user extends session
$sql = 'SELECT DISTINCT s.style_id, t.*, c.*, i.* $sql = 'SELECT DISTINCT s.style_id, t.*, c.*, i.*
FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i FROM ' . STYLES_TABLE . ' s, ' . STYLES_TPL_TABLE . ' t, ' . STYLES_CSS_TABLE . ' c, ' . STYLES_IMAGE_TABLE . " i
WHERE s.style_id IN ($style, " . $config['default_style'] . ') WHERE s.style_id IN ($style, " . $config['default_style'] . ')
AND t.template_id = s.template_id AND t.template_id = s.template_id
AND c.theme_id = s.theme_id AND c.theme_id = s.theme_id
AND i.imageset_id = s.imageset_id'; AND i.imageset_id = s.imageset_id';
@ -567,19 +561,20 @@ class user extends session
} }
$this->theme = ($row2 = $db->sql_fetchrow($result)) ? array( $this->theme = ($row2 = $db->sql_fetchrow($result)) ? array(
($style == $row['style_id']) ? 'primary' : 'secondary' => $row, ($style == $row['style_id']) ? 'primary' : 'secondary' => $row,
($style == $row2['style_id']) ? 'primary' : 'secondary' => $row2) : array('primary' => $row); ($style == $row2['style_id']) ? 'primary' : 'secondary' => $row2) : array('primary' => $row);
$db->sql_freeresult($result); $db->sql_freeresult($result);
unset($row); unset($row);
unset($row2); unset($row2);
// Set theme info // Set theme info
$theme_info = array(); $theme_info = array();
$default_theme_info = array( $default_theme_info = array(
'pagination_sep' => ', ', 'pagination_sep' => ', ',
'pagination_goto_page' => true, 'pagination_goto_page' => true,
'avatar_img_class' => '' 'avatar_img_class' => ''
); );
foreach ($this->theme as $style_priority => $row) foreach ($this->theme as $style_priority => $row)
@ -588,6 +583,7 @@ class user extends session
{ {
$theme_info = array(); $theme_info = array();
include($phpbb_root_path . 'styles/' . $row['theme_path'] . '/theme/theme_info.' . $phpEx); include($phpbb_root_path . 'styles/' . $row['theme_path'] . '/theme/theme_info.' . $phpEx);
if (sizeof($theme_info)) if (sizeof($theme_info))
{ {
$this->theme[$style_priority] = array_merge($this->theme[$style_priority], $theme_info); $this->theme[$style_priority] = array_merge($this->theme[$style_priority], $theme_info);
@ -608,6 +604,15 @@ class user extends session
$this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['primary']['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang']; $this->img_lang = (file_exists($phpbb_root_path . 'styles/' . $this->theme['primary']['imageset_path'] . '/imageset/' . $this->lang_name)) ? $this->lang_name : $config['default_lang'];
// Is board disabled and user not an admin or moderator?
// TODO
// New ACL enabling board access while offline?
if ($config['board_disable'] && !defined('IN_LOGIN') && !$auth->acl_gets('a_', 'm_'))
{
$message = (!empty($config['board_disable_msg'])) ? $config['board_disable_msg'] : 'BOARD_DISABLE';
trigger_error($message);
}
// Does the user need to change their password? If so, redirect to the // Does the user need to change their password? If so, redirect to the
// ucp profile reg_details page ... of course do not redirect if we're // ucp profile reg_details page ... of course do not redirect if we're
// already in the ucp // already in the ucp
@ -643,7 +648,7 @@ class user extends session
{ {
foreach ($lang_set as $key => $lang_file) foreach ($lang_set as $key => $lang_file)
{ {
// Please do not delete this line. // Please do not delete this line.
// We have to force the type here, else [array] language inclusion will not work // We have to force the type here, else [array] language inclusion will not work
$key = (string) $key; $key = (string) $key;
@ -701,9 +706,9 @@ class user extends session
} }
} }
function format_date($gmepoch, $format = false) function format_date($gmepoch, $format = false, $forcedate = false)
{ {
static $lang_dates; static $lang_dates, $midnight;
if (empty($lang_dates)) if (empty($lang_dates))
{ {
@ -715,7 +720,24 @@ class user extends session
$format = (!$format) ? $this->date_format : $format; $format = (!$format) ? $this->date_format : $format;
return strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates); if (!$midnight)
{
list($d, $m, $y) = explode(' ', gmdate('j n Y', time() + $this->timezone + $this->dst));
$midnight = gmmktime(0, 0, 0, $m, $d, $y) - $this->timezone - $this->dst;
}
if ($gmepoch > $midnight && !$forcedate)
{
return preg_replace('#\|.*?\|#', $this->lang['datetime']['TODAY'], strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates));
}
else if ($gmepoch > $midnight - 86400 && !$forcedate)
{
return preg_replace('#\|.*?\|#', $this->lang['datetime']['YESTERDAY'], strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates));
}
else
{
return strtr(@gmdate(str_replace('|', '', $format), $gmepoch + $this->timezone + $this->dst), $lang_dates);
}
} }
function get_iso_lang_id() function get_iso_lang_id()
@ -731,8 +753,8 @@ class user extends session
{ {
$this->lang_name = $config['default_lang']; $this->lang_name = $config['default_lang'];
} }
$sql = 'SELECT lang_id $sql = 'SELECT lang_id
FROM ' . LANG_TABLE . " FROM ' . LANG_TABLE . "
WHERE lang_iso = '{$this->lang_name}'"; WHERE lang_iso = '{$this->lang_name}'";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -744,7 +766,7 @@ class user extends session
function get_profile_fields($user_id) function get_profile_fields($user_id)
{ {
global $user, $db; global $user, $db;
if (isset($user->profile_fields)) if (isset($user->profile_fields))
{ {
return; return;
@ -754,7 +776,7 @@ class user extends session
// Grabbing all user specific options (all without the need of special complicate adding to the sql query) might be useful... // Grabbing all user specific options (all without the need of special complicate adding to the sql query) might be useful...
$sql = 'SELECT * FROM ' . PROFILE_DATA_TABLE . " $sql = 'SELECT * FROM ' . PROFILE_DATA_TABLE . "
WHERE user_id = $user_id"; WHERE user_id = $user_id";
$result = $db->sql_query_limit($sql, 1); $result = $db->sql_query_limit($sql, 1);
$user->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row; $user->profile_fields = (!($row = $db->sql_fetchrow($result))) ? array() : $row;
$db->sql_freeresult($result); $db->sql_freeresult($result);
@ -772,7 +794,7 @@ class user extends session
$imgs[$img . $suffix] = ''; $imgs[$img . $suffix] = '';
return $imgs[$img . $suffix]; return $imgs[$img . $suffix];
} }
if (!$width) if (!$width)
{ {
list($imgsrc, $height, $width) = explode('*', $this->theme['primary'][$img]); list($imgsrc, $height, $width) = explode('*', $this->theme['primary'][$img]);
@ -829,7 +851,7 @@ class user extends session
if (!$data) if (!$data)
{ {
$this->data['user_options'] = $var; $this->data['user_options'] = $var;
return true; return true;
} }
else else
{ {
@ -853,8 +875,8 @@ class auth
if (!($this->acl_options = $cache->get('acl_options'))) if (!($this->acl_options = $cache->get('acl_options')))
{ {
$sql = 'SELECT auth_option, is_global, is_local $sql = 'SELECT auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . ' FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id'; ORDER BY auth_option_id';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -1007,7 +1029,7 @@ class auth
$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false); $hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
$hold_ary = $hold_ary[$userdata['user_id']]; $hold_ary = $hold_ary[$userdata['user_id']];
// If this user is founder we're going to force fill the admin options ... // If this user is founder we're going to force fill the admin options ...
if ($userdata['user_type'] == USER_FOUNDER) if ($userdata['user_type'] == USER_FOUNDER)
{ {
@ -1086,28 +1108,28 @@ class auth
// First grab user settings ... each user has only one setting for each // First grab user settings ... each user has only one setting for each
// option ... so we shouldn't need any ACL_NO checks ... he says ... // option ... so we shouldn't need any ACL_NO checks ... he says ...
$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting $sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id WHERE ao.auth_option_id = a.auth_option_id
' . (($sql_user) ? 'AND a.' . $sql_user : '') . " ' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum $sql_forum
$sql_opts $sql_opts
ORDER BY a.forum_id, ao.auth_option"; ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result)) while ($row = $db->sql_fetchrow($result))
{ {
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);
// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley // Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting $sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting
FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id WHERE ao.auth_option_id = a.auth_option_id
AND a.group_id = ug.group_id AND a.group_id = ug.group_id
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . " ' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum $sql_forum
$sql_opts $sql_opts
ORDER BY a.forum_id, ao.auth_option"; ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -1115,7 +1137,7 @@ class auth
{ {
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO)) if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
{ {
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
} }
} }
$db->sql_freeresult($result); $db->sql_freeresult($result);

61
phpBB/ucp.php
View file

@ -1,14 +1,14 @@
<?php <?php
// ------------------------------------------------------------- // -------------------------------------------------------------
// //
// $Id$ // $Id$
// //
// FILENAME : bbcode.php // FILENAME : bbcode.php
// STARTED : Thu Nov 21, 2002 // STARTED : Thu Nov 21, 2002
// COPYRIGHT : © 2001, 2003 phpBB Group // COPYRIGHT : © 2001, 2003 phpBB Group
// WWW : http://www.phpbb.com/ // WWW : http://www.phpbb.com/
// LICENCE : GPL vs2.0 [ see /docs/COPYING ] // LICENCE : GPL vs2.0 [ see /docs/COPYING ]
// //
// ------------------------------------------------------------- // -------------------------------------------------------------
// TODO for 2.2: // TODO for 2.2:
@ -34,13 +34,26 @@ define('IN_PHPBB', true);
$phpbb_root_path = './'; $phpbb_root_path = './';
$phpEx = substr(strrchr(__FILE__, '.'), 1); $phpEx = substr(strrchr(__FILE__, '.'), 1);
// This small snippet is required to let admins login if the board is disabled... include($phpbb_root_path . 'common.'.$phpEx);
if ($_REQUEST['mode'] == 'login') include($phpbb_root_path . '/includes/functions_user.'.$phpEx);
// Basic parameter data
$mode = request_var('mode', '');
$module = request_var('i', '');
if ($mode == 'login' || $mode == 'logout')
{ {
define('IN_LOGIN', true); define('IN_LOGIN', true);
} }
include($phpbb_root_path . 'common.'.$phpEx);
include($phpbb_root_path . '/includes/functions_user.'.$phpEx); // Start session management
$user->start();
$auth->acl($user->data);
$user->setup('ucp');
$ucp = new module();
// --------- // ---------
// FUNCTIONS // FUNCTIONS
@ -86,7 +99,7 @@ class module
$module_lang = strtoupper($module_type) . '_' . $row['module_title']; $module_lang = strtoupper($module_type) . '_' . $row['module_title'];
$template->assign_block_vars($module_type . '_section', array( $template->assign_block_vars($module_type . '_section', array(
'L_TITLE' => (isset($user->lang[$module_lang])) ? $user->lang[$module_lang] : ucfirst(str_replace('_', ' ', strtolower($row['module_title']))), 'L_TITLE' => (isset($user->lang[$module_lang])) ? $user->lang[$module_lang] : ucfirst(str_replace('_', ' ', strtolower($row['module_title']))),
'S_SELECTED' => $selected, 'S_SELECTED' => $selected,
'U_TITLE' => $module_url . '&amp;i=' . $row['module_id']) 'U_TITLE' => $module_url . '&amp;i=' . $row['module_id'])
); );
@ -132,7 +145,7 @@ class module
$template->assign_block_vars("{$module_type}_section.{$module_type}_subsection", array( $template->assign_block_vars("{$module_type}_section.{$module_type}_subsection", array(
'L_TITLE' => (isset($user->lang[$module_lang])) ? $user->lang[$module_lang] : ucfirst(str_replace('_', ' ', strtolower($module_lang))), 'L_TITLE' => (isset($user->lang[$module_lang])) ? $user->lang[$module_lang] : ucfirst(str_replace('_', ' ', strtolower($module_lang))),
'S_SELECTED' => $selected, 'S_SELECTED' => $selected,
'U_TITLE' => $module_url . '&amp;i=' . $module_id . '&amp;mode=' . $submodule_title 'U_TITLE' => $module_url . '&amp;i=' . $module_id . '&amp;mode=' . $submodule_title
)); ));
@ -240,16 +253,6 @@ class module
// --------- // ---------
// Start session management
$user->start();
$auth->acl($user->data);
$user->setup('ucp');
$ucp = new module();
// Basic parameter data
$mode = request_var('mode', '');
$module = request_var('i', '');
// Basic "global" modes // Basic "global" modes
switch ($mode) switch ($mode)
@ -349,7 +352,7 @@ if ($user->data['user_id'] == ANONYMOUS || $user->data['user_type'] == USER_INAC
{ {
redirect("index.$phpEx$SID"); redirect("index.$phpEx$SID");
} }
login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_UCP']); login_box($user->cur_page, '', $user->lang['LOGIN_EXPLAIN_UCP']);
} }
@ -357,12 +360,12 @@ if ($user->data['user_id'] == ANONYMOUS || $user->data['user_type'] == USER_INAC
// Output listing of friends online // Output listing of friends online
$update_time = $config['load_online_time'] * 60; $update_time = $config['load_online_time'] * 60;
$sql = 'SELECT DISTINCT u.user_id, u.username, MAX(s.session_time) as online_time, MIN(s.session_allow_viewonline) AS viewonline $sql = 'SELECT DISTINCT u.user_id, u.username, MAX(s.session_time) as online_time, MIN(s.session_allow_viewonline) AS viewonline
FROM ((' . ZEBRA_TABLE . ' z FROM ((' . ZEBRA_TABLE . ' z
LEFT JOIN ' . SESSIONS_TABLE . ' s ON s.session_user_id = z.zebra_id), ' . USERS_TABLE . ' u) LEFT JOIN ' . SESSIONS_TABLE . ' s ON s.session_user_id = z.zebra_id), ' . USERS_TABLE . ' u)
WHERE z.user_id = ' . $user->data['user_id'] . ' WHERE z.user_id = ' . $user->data['user_id'] . '
AND z.friend = 1 AND z.friend = 1
AND u.user_id = z.zebra_id AND u.user_id = z.zebra_id
GROUP BY z.zebra_id'; GROUP BY z.zebra_id';
$result = $db->sql_query($sql); $result = $db->sql_query($sql);
@ -372,7 +375,7 @@ while ($row = $db->sql_fetchrow($result))
$template->assign_block_vars("friends_{$which}", array( $template->assign_block_vars("friends_{$which}", array(
'U_PROFILE' => "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id'], 'U_PROFILE' => "memberlist.$phpEx$SID&amp;mode=viewprofile&amp;u=" . $row['user_id'],
'USER_ID' => $row['user_id'], 'USER_ID' => $row['user_id'],
'USERNAME' => $row['username']) 'USERNAME' => $row['username'])
); );
@ -384,8 +387,8 @@ if ($mode == 'compose' && request_var('action', '') != 'edit')
{ {
if ($config['allow_mass_pm']) if ($config['allow_mass_pm'])
{ {
$sql = 'SELECT group_id, group_name, group_type $sql = 'SELECT group_id, group_name, group_type
FROM ' . GROUPS_TABLE . ' FROM ' . GROUPS_TABLE . '
WHERE group_type NOT IN (' . GROUP_HIDDEN . ', ' . GROUP_CLOSED . ') WHERE group_type NOT IN (' . GROUP_HIDDEN . ', ' . GROUP_CLOSED . ')
AND group_receive_pm = 1 AND group_receive_pm = 1
ORDER BY group_type DESC'; ORDER BY group_type DESC';