diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 86a4b3bbcd..f7959d8f5d 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -125,6 +125,8 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
//
if(!$userdata['session_logged_in'])
{
+ $auth_user = array();
+
if($forum_id != AUTH_LIST_ALL)
{
for($i = 0; $i < count($f_access); $i++)
@@ -134,12 +136,11 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
}
else
{
- $auth_user_list = array();
for($i = 0; $i < count($f_access); $i++)
{
for($j = 0; $j < count($auth_fields); $j++)
{
- $auth_user_list[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0;
+ $auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0;
}
}
}
@@ -154,126 +155,183 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
AND aa.group_id = ug.group_id
$forum_match_sql";
$au_result = $db->sql_query($sql);
-
$u_access = $db->sql_fetchrowset($au_result);
+ $num_forums = (is_array($f_access[0])) ? count($f_access) : 1;
+
$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
$auth_user = array();
- for($i = 0; $i < count($auth_fields); $i++)
+ for($k = 0; $k < $num_forums; $k++)
{
- $key = $auth_fields[$i];
- $value = $f_access[$key];
+ for($i = 0; $i < count($auth_fields); $i++)
+ {
+ $key = $auth_fields[$i];
+ $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key];
+
+ //
+ // If the user is logged on and the forum
+ // type is either ALL or REG then the user
+ // has access
+ //
+ if($value == AUTH_ALL || $value == AUTH_REG)
+ {
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = 1;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']][$key] = 1;
+ }
+ }
+ else
+ {
+ //
+ // If the type if ACL, MOD or ADMIN
+ // then we need to see if the user has
+ // specific permissions to do whatever it
+ // is they want to do ... to do this
+ // we pull relevant information for the user
+ // (and any groups they belong to)
+ //
+
+ $single_user = 0;
+
+ //
+ // Now we compare the users access level
+ // against the forums We assume here that
+ // a moderator and admin automatically have
+ // access to an ACL forum, similarly we assume
+ // admins meet an auth requirement of MOD
+ //
+ // The access level assigned to a single user
+ // automatically takes precedence over any
+ // levels granted by that user being a member
+ // of a multi-user usergroup, eg. a user
+ // who is banned from a forum won't gain
+ // access to it even if they belong to a group
+ // which has access (and vice versa). This
+ // check is done via the single_user check
+ //
+ // PS : I appologise for the fantastically clear
+ // and hugely readable code here ;) Simple gist
+ // is, if this row of auth_access doesn't represent
+ // a single user then OR the contents of relevant auth_access
+ // levels against the current level (allows
+ // maximum group privileges to be assigned). If
+ // the row does represent a single user then forget
+ // any previous group results and instead set
+ // the auth to whatever the OR'd contents of the
+ // access levels are.
+ //
+ switch($value)
+ {
+ case AUTH_ACL:
+ for($j = 0; $j < count($u_access); $j++)
+ {
+ if(!$single_user)
+ {
+ $single_user = $u_access[$j]['single_user'];
+
+ $result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
+
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = $result;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']][$key] = $result;
+ }
+ }
+ }
+ break;
+
+ case AUTH_MOD:
+ for($j = 0; $j < count($u_access); $j++)
+ {
+ if(!$single_user)
+ {
+ $single_user = $u_access[$j]['single_user'];
+
+ $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
+
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = $result;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']][$key] = $result;
+ }
+ }
+ }
+ break;
+
+ case AUTH_ADMIN:
+ //
+ // Pretty redundant right now ...
+ //
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = $is_admin;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']][$key] = $is_admin;
+ }
+ break;
+
+ default:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = 0;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']][$key] = 0;
+ }
+ break;
+ }
+ }
+ }
+ //
+ // Is user a moderator?
+ //
+ $single_user = 0;
+ for($j = 0; $j < count($u_access); $j++)
+ {
+ if(!$single_user)
+ {
+ $single_user = $u_access[$j]['single_user'];
+
+ $result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
+
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user['auth_mod'] = $result;
+ }
+ else
+ {
+ $auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result;
+ }
+ }
+ }
//
- // If the user is logged on and the forum
- // type is either ALL or REG then the user
- // has access
+ // Is user an admin (this is
+ // really redundant at this time)
//
- if($value == AUTH_ALL || $value == AUTH_REG)
+ if($forum_id != AUTH_LIST_ALL)
{
- $auth_user[$key] = 1;
+ $auth_user['auth_admin'] = $is_admin;
}
else
{
- //
- // If the type if ACL, MOD or ADMIN
- // then we need to see if the user has
- // specific permissions to do whatever it
- // is they want to do ... to do this
- // we pull relevant information for the user
- // (and any groups they belong to)
- //
-
- $single_user = 0;
-
- //
- // Now we compare the users access level
- // against the forums We assume here that
- // a moderator and admin automatically have
- // access to an ACL forum, similarly we assume
- // admins meet an auth requirement of MOD
- //
- // The access level assigned to a single user
- // automatically takes precedence over any
- // levels granted by that user being a member
- // of a multi-user usergroup, eg. a user
- // who is banned from a forum won't gain
- // access to it even if they belong to a group
- // which has access (and vice versa). This
- // check is done via the single_user check
- //
- // PS : I appologise for the fantastically clear
- // and hugely readable code here ;) Simple gist
- // is, if this row of auth_access doesn't represent
- // a single user then OR the contents of relevant auth_access
- // levels against the current level (allows
- // maximum group privileges to be assigned). If
- // the row does represent a single user then forget
- // any previous group results and instead set
- // the auth to whatever the OR'd contents of the
- // access levels are.
- //
- switch($value)
- {
- case AUTH_ACL:
- for($j = 0; $j < count($u_access); $j++)
- {
- if(!$single_user)
- {
- $single_user = $u_access[$j]['single_user'];
-
- $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
- }
- }
- break;
-
- case AUTH_MOD:
- for($j = 0; $j < count($u_access); $j++)
- {
- if(!$single_user)
- {
- $single_user = $u_access[$j]['single_user'];
-
- $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
- }
- }
- break;
-
- case AUTH_ADMIN:
- //
- // Pretty redundant right now ...
- //
- $auth_user[$key] = ($userdata['user_level'] == ADMIN) ? 1 : 0;
- break;
-
- default:
- $auth_user[$key] = 0;
- break;
- }
+ $auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin;
}
}
-
- //
- // Is user a moderator?
- //
- $single_user = 0;
- for($j = 0; $j < count($u_access); $j++)
- {
- if(!$single_user)
- {
- $single_user = $u_access[$j]['single_user'];
-
- $auth_user['auth_mod'] = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
- }
- }
-
- //
- // Is user an admin (this is
- // really redundant at this time)
- //
- $auth_user['auth_admin'] = $is_admin;
-
}
//
@@ -281,7 +339,7 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// however it will also return an array if a listing
// of all forums to which a user has access was requested.
//
- return ( ($forum_id != AUTH_LIST_ALL) ? $auth_user : $auth_user_list );
+ return $auth_user;
}
?>
\ No newline at end of file
diff --git a/phpBB/index.php b/phpBB/index.php
index ee66b632e1..d1de5625b4 100644
--- a/phpBB/index.php
+++ b/phpBB/index.php
@@ -127,11 +127,12 @@ if($total_categories)
default:
// This works on: MySQL, MSSQL and ODBC (Access)
$limit_forums = ($viewcat != -1) ? "WHERE f.cat_id = $viewcat " : "";
- $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time
- FROM (( ".FORUMS_TABLE." f
+ $sql = "SELECT f.*, t.topic_id, t.topic_replies, t.topic_last_post_id, u.username, u.user_id, p.post_time, af.auth_view, af.auth_read, af.auth_post, af.auth_reply, af.auth_edit, af.auth_delete, af.auth_votecreate, af.auth_vote
+ FROM ((( ".FORUMS_TABLE." f
LEFT JOIN ".POSTS_TABLE." p ON f.forum_last_post_id = p.post_id )
LEFT JOIN ".TOPICS_TABLE." t ON p.post_id = t.topic_last_post_id )
- LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id
+ LEFT JOIN ".USERS_TABLE." u ON p.poster_id = u.user_id )
+ LEFT JOIN ".AUTH_FORUMS_TABLE." af ON af.forum_id = f.forum_id
$limit_forums
ORDER BY f.cat_id, f.forum_order";
break;
@@ -140,6 +141,8 @@ if($total_categories)
{
error_die(SQL_QUERY, "Could not query forums information.", __LINE__, __FILE__);
}
+ $total_forums = $db->sql_numrows($q_forums);
+ $forum_rows = $db->sql_fetchrowset($q_forums);
//
// Note that this doesn't resolve conflicts where a user
@@ -162,9 +165,6 @@ if($total_categories)
{
error_die(SQL_QUERY, "Could not query forum moderator information.", __LINE__, __FILE__);
}
-
- $total_forums = $db->sql_numrows($q_forums);
- $forum_rows = $db->sql_fetchrowset($q_forums);
$forum_mods_list = $db->sql_fetchrowset($q_forum_mods);
for($i = 0; $i < count($forum_mods_list); $i++)
@@ -173,23 +173,25 @@ if($total_categories)
$forum_mods['forum_'.$forum_mods_list[$i]['forum_id'].'_id'][] = $forum_mods_list[$i]['user_id'];
}
+ //
+ // Find which forums are visible for
+ // this user
+ //
+ $is_auth_ary = auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata, $forum_rows);
+
+ //
+ // Okay, let's build the index
+ //
+ $gen_cat = array();
+
for($i = 0; $i < $total_categories; $i++)
{
- $template->assign_block_vars("catrow",
- array(
- "CAT_ID" => $category_rows[$i]['cat_id'],
- "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']),
- "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id'])
- )
- );
-
for($j = 0; $j < $total_forums; $j++)
{
-
- if( ( $forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $viewcat == -1 ) ||
- ( $category_rows[$i]['cat_id'] == $viewcat) )
+ if( ( ($forum_rows[$j]['cat_id'] == $category_rows[$i]['cat_id'] && $viewcat == -1) ||
+ ($category_rows[$i]['cat_id'] == $viewcat) ) &&
+ $is_auth_ary[$forum_rows[$j]['forum_id']]['auth_view'])
{
-
$folder_image = "![](\"".$images['folder']."\")
";
$posts = $forum_rows[$j]['forum_posts'];
$topics = $forum_rows[$j]['forum_topics'];
@@ -231,6 +233,17 @@ if($total_categories)
$moderators_links .= "".$forum_mods['forum_'.$forum_rows[$j]['forum_id'].'_name'][$mods]."";
}
+ if(!$gen_cat[$category_rows[$i]['cat_id']])
+ {
+ $category_rows[$i]['cat_id']. " : " . $gen_cat[$category_rows[$i]['cat_id']]."
";
+ $template->assign_block_vars("catrow", array(
+ "CAT_ID" => $category_rows[$i]['cat_id'],
+ "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']),
+ "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id']))
+ );
+ $gen_cat[$category_rows[$i]['cat_id']] = 1;
+ }
+
$template->assign_block_vars("catrow.forumrow",
array(
"FOLDER" => $folder_image,
@@ -243,13 +256,21 @@ if($total_categories)
"MODERATORS" => $moderators_links,
"U_VIEWFORUM" => append_sid("viewforum." . $phpEx . "?" . POST_FORUM_URL . "=" . $forum_rows[$j]['forum_id'] . "&" . $forum_rows[$j]['forum_posts']))
+ );
+ }
+ else if($viewcat != -1)
+ {
+ if(!$gen_cat[$category_rows[$i]['cat_id']])
+ {
+ $template->assign_block_vars("catrow", array(
+ "CAT_ID" => $category_rows[$i]['cat_id'],
+ "CAT_DESC" => stripslashes($category_rows[$i]['cat_title']),
+ "U_VIEWCAT" => append_sid("index." . $phpEx . "?viewcat=" . $category_rows[$i]['cat_id']))
);
-// "LAST_POST_USER" => "$forum_rows[$j]['username']",
-// "U_LAST_POST_USER_PROFILE" => "profile.$phpEx?mode=viewprofile&".POST_USERS_URL."=".$forum_rows[$j]['user_id']",
-// "U_LAST_POST" => "viewtopic.".$phpEx."?t=".$forum_rows[$j]['topic_id'],
+ $gen_cat[$category_rows[$i]['cat_id']] = 1;
+ }
}
}
-
} // for ... categories
}// if ... total_categories
diff --git a/phpBB/viewforum.php b/phpBB/viewforum.php
index ca76f5f042..59f8c2ca74 100644
--- a/phpBB/viewforum.php
+++ b/phpBB/viewforum.php
@@ -92,7 +92,7 @@ if(!$forum_row)
//
$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
-if(!$is_auth['auth_read'])
+if(!$is_auth['auth_read'] || !$is_auth['auth_view'])
{
//
// Ooopss, user is not authed
diff --git a/phpBB/viewtopic.php b/phpBB/viewtopic.php
index 21e0cd9fd7..a12f94d0d8 100644
--- a/phpBB/viewtopic.php
+++ b/phpBB/viewtopic.php
@@ -214,9 +214,9 @@ init_userprefs($userdata);
//
// Start auth check
//
-$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
+$is_auth = auth(AUTH_ALL, $forum_id, $userdata, $forum_row[0]);
-if(!$is_auth)
+if(!$is_auth['auth_view'] || !$is_auth['auth_view'])
{
//
// Ooopss, user is not authed