From c220126bbd1bac33ca4bf1e13bf2d95a5b980124 Mon Sep 17 00:00:00 2001 From: "Paul S. Owen" Date: Fri, 4 Jul 2003 17:17:37 +0000 Subject: [PATCH] Altered method of storage of cached permissions ... primarily for easier sqlite/firebird support. Clear your user_permission fields before re-visiting your forum else you'll see very little! Changed way in which founder status is protected git-svn-id: file:///svn/phpbb/trunk@4202 89ea8834-ac86-4346-8a33-228a782c2dd0 --- phpBB/includes/functions_admin.php | 460 ++--------------------------- phpBB/includes/session.php | 168 +++++------ 2 files changed, 104 insertions(+), 524 deletions(-) diff --git a/phpBB/includes/functions_admin.php b/phpBB/includes/functions_admin.php index a8e62044cb..9cd9797d98 100644 --- a/phpBB/includes/functions_admin.php +++ b/phpBB/includes/functions_admin.php @@ -3,7 +3,7 @@ * functions_admin.php * ------------------- * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2001 The phpBB Group + * copyright : © 2001 The phpBB Group * email : support@phpbb.com * * $Id$ @@ -1358,18 +1358,19 @@ function cache_moderators() global $db; // Clear table - $db->sql_query('TRUNCATE ' . MODERATOR_TABLE); + $sql = (SQL_LAYER != 'sqlite') ? 'TRUNCATE ' . MODERATOR_TABLE : 'DELETE FROM ' . MODERATOR_TABLE; + $db->sql_query($sql); // Holding array $m_sql = array(); $user_id_sql = ''; - $sql = "SELECT a.forum_id, u.user_id, u.username - FROM " . ACL_OPTIONS_TABLE . " o, " . ACL_USERS_TABLE . " a, " . USERS_TABLE . " u + $sql = 'SELECT a.forum_id, u.user_id, u.username + FROM ' . ACL_OPTIONS_TABLE . ' o, ' . ACL_USERS_TABLE . ' a, ' . USERS_TABLE . " u WHERE o.auth_option = 'm_' AND a.auth_option_id = o.auth_option_id - AND a.auth_setting = " . ACL_YES . " - AND u.user_id = a.user_id"; + AND a.auth_setting = " . ACL_YES . ' + AND u.user_id = a.user_id'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1382,8 +1383,8 @@ function cache_moderators() // Remove users who have group memberships with DENY moderator permissions if ($user_id_sql) { - $sql = "SELECT a.forum_id, ug.user_id - FROM " . ACL_OPTIONS_TABLE . " o, " . ACL_GROUPS_TABLE . " a, " . USER_GROUP_TABLE . " ug + $sql = 'SELECT a.forum_id, ug.user_id + FROM ' . ACL_OPTIONS_TABLE . ' o, ' . ACL_GROUPS_TABLE . ' a, ' . USER_GROUP_TABLE . " ug WHERE o.auth_option = 'm_' AND a.auth_option_id = o.auth_option_id AND a.auth_setting = " . ACL_NO . " @@ -1398,13 +1399,13 @@ function cache_moderators() $db->sql_freeresult($result); } - $sql = "SELECT a.forum_id, g.group_name, g.group_id - FROM " . ACL_OPTIONS_TABLE . " o, " . ACL_GROUPS_TABLE . " a, " . GROUPS_TABLE . " g + $sql = 'SELECT a.forum_id, g.group_name, g.group_id + FROM ' . ACL_OPTIONS_TABLE . ' o, ' . ACL_GROUPS_TABLE . ' a, ' . GROUPS_TABLE . " g WHERE o.auth_option = 'm_' AND a.auth_option_id = o.auth_option_id - AND a.auth_setting = " . ACL_YES . " + AND a.auth_setting = " . ACL_YES . ' AND g.group_id = a.group_id - AND g.group_type NOT IN (" . GROUP_HIDDEN . ", " . GROUP_SPECIAL . ")"; + AND g.group_type NOT IN (' . GROUP_HIDDEN . ', ' . GROUP_SPECIAL . ')'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1421,23 +1422,21 @@ function cache_moderators() case 'mysql4': $sql = 'INSERT INTO ' . MODERATOR_TABLE . ' (forum_id, user_id, username, group_id, groupname) VALUES ' . implode(', ', preg_replace('#^(.*)$#', '(\1)', $m_sql)); - $result = $db->sql_query($sql); - $db->sql_freeresult($result); + $db->sql_query($sql); break; case 'mssql': $sql = 'INSERT INTO ' . MODERATOR_TABLE . ' (forum_id, user_id, username, group_id, groupname) VALUES ' . implode(' UNION ALL ', preg_replace('#^(.*)$#', 'SELECT \1', $m_sql)); - $result = $db->sql_query($sql); - $db->sql_freeresult($result); + $db->sql_query($sql); break; default: foreach ($m_sql as $k => $sql) { - $result = $db->sql_query('INSERT INTO ' . MODERATOR_TABLE . " (forum_id, user_id, username, group_id, groupname) - VALUES ($sql)"); - $db->sql_freeresult($result); + $sql = 'INSERT INTO ' . MODERATOR_TABLE . " (forum_id, user_id, username, group_id, groupname) + VALUES ($sql)"; + $db->sql_query($sql); } } } @@ -1589,284 +1588,6 @@ function view_log($mode, &$log, &$log_count, $limit = 0, $offset = 0, $forum_id return; } -// Event system -// Outputs standard event definition table, storing passed -// data in hidden fields -function event_define() -{ - global $phpEx, $db, $auth, $user; - - $arguments = func_get_args(); - - $form_action = array_shift($arguments); - - $s_hidden_fields = ''; - foreach ($arguments as $arg) - { - foreach ($arg as $name => $value) - { - if (is_array($value)) - { - foreach ($value as $sub_name => $sub_value) - { - $s_hidden_fields .= ''; - } - } - else - { - $s_hidden_fields .= ''; - } - } - } - unset($arguments); - - $on_select = ''; - - $andor_select = ''; - - $cond_select = ''; - - $forum_list = '' . make_forum_select(false, false, false); - - page_header($user->lang['EVT_DEFINE']); - -?> - -

lang['EVT_DEFINE']; ?>

- -

lang['EVT_DEFINE_EXPLAIN']; ?>

- -
- - - - - - - - - -
 
- - - - - - - - - - - - - - - - - - - - - - - - -
lang['EVT_IN']; ?>
lang['EVT_IN']; ?>
lang['EVT_IN']; ?>
 
- -
- - $value) - { - if (is_array($value)) - { - $evt_data .= "\$evt_$name = array();"; - foreach ($value as $sub_name => $sub_value) - { - $evt_data .= '$evt_' . '$name[\'' . $sub_name . '\'] = "' . $sub_value .'";'; // Don't alter this line! - } - } - else - { - $evt_data .= "\$evt_$name = \"$value\";"; - } - } - } - unset($arguments); - - $event_sql = $having_sql = ''; - $evt_andor = $evt_cond = $evt_on = $evt_value = ''; - for ($i = 0; $i < sizeof($_POST['evt_on']); $i++) - { - if (empty($_POST['evt_on'][$i]) || empty($_POST['evt_value'][$i])) - { - continue; - } - - switch ($_POST['evt_andor'][$i - 1]) - { - case 'or': - $event_sql .= ' OR '; - $evt_andor .= 'or,'; - break; - case 'and': - $event_sql .= ' AND '; - $evt_andor .= 'and,'; - break; - default: - $event_sql .= ' AND ('; - $evt_andor .= 'and,'; - } - - switch ($_POST['evt_cond'][$i]) - { - case 'lt': - $event_cond_sql = ($_POST['evt_on'][$i] == 'days') ? '>' : '<'; - break; - case 'eq': - $event_cond_sql = '='; - break; - case 'gt': - $event_cond_sql = ($_POST['evt_on'][$i] == 'days') ? '<' : '>'; - break; - } - $evt_cond .= $_POST['evt_cond'][$i] . ','; - - switch ($_POST['evt_on'][$i]) - { - case 'days': - $event_sql .= 'u.user_regdate ' . $event_cond_sql . ' \' . (time() - ' . (intval($_POST['evt_value'][$i]) * 3600 * 24) . ') . \' '; - break; - - case 'posts': - if (empty($_POST['evt_f'][$i])) - { - $event_sql .= 'u.post_count ' . $event_cond_sql . ' ' . intval($_POST['evt_value'][$i]) . ' '; - } - else - { - $event_sql .= '(p.poster_id = u.user_id AND p.forum_id = ' . intval($_POST['evt_f'][$i]) . ') '; - $having_sql = ' GROUP BY p.poster_id HAVING COUNT(p.post_id) > ' . intval($_POST['evt_value'][$i]); - $from_sql = ', \' . POSTS_TABLE . \' p'; - } - break; - - case 'karma': - $event_sql .= 'u.user_karma ' . $event_cond_sql . ' ' . intval($_POST['evt_value'][$i]) . ' '; - break; - - } - $evt_on .= $_POST['evt_on'][$i] . ','; - $evt_value .= $_POST['evt_value'][$i] . ','; - } - - $sql = 'SELECT u.user_id FROM \' . USERS_TABLE . \' u' . $from_sql; - switch ($type) - { - case 'user': - $sql .= ' WHERE u.user_id IN (' . implode(', ', preg_replace('#^[\s]*?([0-9])+[\s]*?$#', '\1', $type_ids)) . ')'; - break; - - case 'group': - $sql .= ', \' . USER_GROUP_TABLE . \' ug WHERE ug.group_id IN (' . implode(', ', preg_replace('#^[\s]*?([0-9]+)[\s]*?$#', '\1', $type_ids)) . ') AND u.user_id = ug.user_id'; - break; - } - - $evt_sql = "\$sql = '" . $sql . $event_sql . " ) " . $having_sql . "';"; - - $sql = "INSERT INTO phpbb_22x_events (event_type, event_trigger, event_cond, event_value, event_combine, event_sql, event_code, event_data) VALUES ('$type', '$evt_on', '$evt_cond', '$evt_value', '$evt_andor', '" . $db->sql_escape($evt_sql) . "', '" . $db->sql_escape($evt_code) . "', '" . $db->sql_escape($evt_data) . "')"; - $db->sql_query($sql); - - trigger_error($user->lang['EVT_CREATED']); -} - -function event_execute($mode) -{ - global $db; - - $sql = "SELECT event_sql, event_code, event_data - FROM phpbb_22x_events - WHERE event_trigger LIKE '%$mode%'"; - $result = $db->sql_query($sql); - - if ($row = $db->sql_fetchrow($result)) - { - $event_sql = $event_data = $event_code = array(); - do - { - $db->sql_return_on_error(true); - if (empty($row['event_sql']) || empty($row['event_data']) || empty($row['event_code'])) - { - continue; - } - - $sql = ''; - eval($row['event_sql']); - $evt_result = $db->sql_query($sql); - - if ($evt_row = $db->sql_fetchrow($evt_result)) - { - $user_id_ary = array(); - - do - { - $user_id_ary[] = $evt_row['user_id']; - } - while ($evt_row = $db->sql_fetchrow($evt_result)); - unset($evt_row); - -// eval($row['event_data']); -// eval($row['event_code']); - } - $db->sql_freeresult($evt_result); - $db->sql_return_on_error(false); - } - while ($row = $db->sql_fetchrow($result)); - - } - $db->sql_freeresult($result); - - return; -} - // Extension of auth class for changing permissions if (class_exists('auth')) { @@ -1893,8 +1614,8 @@ if (class_exists('auth')) } } - $sql = "SELECT auth_option_id, auth_option - FROM " . ACL_OPTIONS_TABLE; + $sql = 'SELECT auth_option_id, auth_option + FROM ' . ACL_OPTIONS_TABLE; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) @@ -1905,7 +1626,7 @@ if (class_exists('auth')) $sql_forum = 'AND a.forum_id IN (' . implode(', ', array_map('intval', $forum_id)) . ')'; - $sql = ($ug_type == 'user') ? "SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.user_id = $ug_id" :"SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.group_id = $ug_id"; + $sql = ($ug_type == 'user') ? 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_USERS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.user_id = $ug_id" : 'SELECT o.auth_option_id, o.auth_option, a.forum_id, a.auth_setting FROM ' . ACL_GROUPS_TABLE . ' a, ' . ACL_OPTIONS_TABLE . " o WHERE a.auth_option_id = o.auth_option_id $sql_forum AND a.group_id = $ug_id"; $result = $db->sql_query($sql); $cur_auth = array(); @@ -1965,10 +1686,11 @@ if (class_exists('auth')) { case 'mysql': case 'mysql4': - $sql = implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary)); + $sql = 'VALUES ' . implode(', ', preg_replace('#^(.*?)$#', '(\1)', $sql_subary)); break; case 'mssql': + case 'sqlite': $sql = implode(' UNION ALL ', preg_replace('#^(.*?)$#', 'SELECT \1', $sql_subary)); break; @@ -1983,7 +1705,7 @@ if (class_exists('auth')) if ($sql != '') { - $sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) VALUES $sql"; + $sql = "INSERT INTO $table ($id_field, forum_id, auth_option_id, auth_setting) $sql"; $db->sql_query($sql); } break; @@ -2116,9 +1838,9 @@ if (class_exists('auth')) $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT '$option', " . $type_sql[$type]; break; default: - $sql = "INSERT INTO " . ACL_OPTIONS_TABLE . " (auth_option, is_global, is_local) + $sql = 'INSERT INTO ' . ACL_OPTIONS_TABLE . " (auth_option, is_global, is_local) VALUES ($option, " . $type_sql[$type] . ")"; - $result = $db->sql_query($sql); + $db->sql_query($sql); $sql = ''; } } @@ -2126,9 +1848,9 @@ if (class_exists('auth')) if ($sql != '') { - $sql = "INSERT INTO " . ACL_OPTIONS_TABLE . " (auth_option, is_global, is_local) + $sql = 'INSERT INTO ' . ACL_OPTIONS_TABLE . " (auth_option, is_global, is_local) VALUES $sql"; - $result = $db->sql_query($sql); + $db->sql_query($sql); } $cache->destroy('acl_options'); @@ -2136,132 +1858,6 @@ if (class_exists('auth')) } } -if (class_exists('template')) -{ - class template_admin extends template - { - function compile_cache_clear($template = false) - { - global $phpbb_root_path; - $template_list = array(); - - if (!$template) - { - $dp = opendir($phpbb_root_path . $this->cache_root); - while ($dir = readdir($dp)) - { - $template_dir = $phpbb_root_path . $this->cache_root . $dir; - if (!is_file($template_dir) && !is_link($template_dir) && $dir != '.' && $dir != '..') - { - array_push($template_list, $dir); - } - } - closedir($dp); - } - else - { - array_push($template_list, $template); - } - - foreach ($template_list as $template) - { - $dp = opendir($phpbb_root_path . $this->cache_root . $template); - while ($file = readdir($dp)) - { - unlink($phpbb_root_path . $this->cache_root . $file); - } - closedir($dp); - } - - return; - } - - function compile_cache_show($template) - { - global $phpbb_root_path; - - $template_cache = array(); - - $template_dir = $phpbb_root_path . $this->cache_root . $template; - $dp = opendir($template_dir); - while ($file = readdir($dp)) - { - if (preg_match('#\.html$#i', $file) && is_file($template_dir . '/' . $file)) - { - array_push($template_cache, $file); - } - } - closedir($dp); - - return; - } - - function decompile(&$_str, $savefile = false) - { - $match_tags = array( - '#<\?php\nif \(\$this\->security\(\)\) \{(.*)[ \n]*?\n\}\n\?>$#s', - '#echo \'(.*?)\';#s', - - '#\/\/ (INCLUDEPHP .*?)\n.?this\->assign_from_include_php\(\'.*?\'\);\n#s', - '#\/\/ (INCLUDE .*?)\n.?include(\'.*?\');[\n]?#s', - - '#\/\/ (IF .*?)\nif \(.*?\) \{[ ]?\n#', - '#\/\/ (ELSEIF .*?)\n\} elseif \(.*?\) \{[ ]?\n#', - '#\/\/ (ELSE)\n\} else \{\n#', - '#[\n]?\/\/ (ENDIF)\n}#', - - '#\/\/ (BEGIN .*?)\n.?_.*? = \(.*?\) : 0;\nif \(.*?\) \{\nfor \(.*?\)\n\{\n#', - '#\}\}?\n\/\/ (END .*?)\n#', - '#\/\/ (BEGINELSE)[\n]+?\}\} else \{\n#', - - '#\' \. \(\(isset\(\$this\->_tpldata\[\'\.\'\]\[0\]\[\'(L_([A-Z0-9_])+?)\'\]\)\).*?\}\'\)\) \. \'#s', - - '#\' \. \(\(isset\(\$this\->_tpldata\[\'\.\'\]\[0\]\[\'([A-Z0-9_]+?)\'\]\)\).*?\'\'\) \. \'#s', - - '#\' \. \(\(isset\(\$this\->_tpldata\[\'([a-z0-9_\.]+?)\'\].*?[\'([a-z0-9_\.]+?)\'\].*?\[\'([A-Z0-9_]+?)\'\]\)\).*?\'\'\) \. \'#s', - ); - - $replace_tags = array( - '\1', - '\1', - '', - '', - '', - '', - '', - '', - '', - '', - '', - '{\1}', - '{\1}', - '{\1\2\3}', - ); - - preg_match_all('#\/\/ PHP START\n(.*?)\n\/\/ PHP END\n#s', $_str, $matches); - $php_blocks = $matches[1]; - $_str = preg_replace('#\/\/ PHP START\n(.*?)\/\/ PHP END\n#s', '', $_str); - - $_str = preg_replace($match_tags, $replace_tags, $_str); - $text_blocks = preg_split('##s', $_str); - - $_str = ''; - for ($i = 0; $i < count($text_blocks); $i++) - { - $_str .= $text_blocks[$i] . ((!empty($php_blocks[$i])) ? '' . $php_blocks[$i] . '' : ''); - } - - $tmpfile = ''; - if ($savefile) - { - $tmpfile = tmpfile(); - fwrite($tmpfile, $_str); - } - - return $_str; - } - } -} ?> \ No newline at end of file diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index c0a0ab7f53..843a21dff0 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -3,7 +3,7 @@ * session.php * ------------------- * begin : Saturday, Feb 13, 2001 - * copyright : (C) 2002 The phpBB Group + * copyright : © 2002 The phpBB Group * email : support@phpbb.com * * $Id$ @@ -265,14 +265,7 @@ class session if ($this->data['user_id'] != ANONYMOUS) { - // Events ... ? -// do_events('days'); - - // First page ... ? -// if (!empty($this->data['user_firstpage'])) -// { -// redirect($userdata['user_firstpage']); -// } + // Trigger EVENT_NEW_SESSION } return true; @@ -509,7 +502,7 @@ class user extends session class auth { var $founder = false; - var $acl = array('global' => '', 'local' => ''); + var $acl = array(); var $option = array(); var $acl_options = array(); @@ -517,13 +510,11 @@ class auth { global $db, $cache; - $this->founder = ($userdata['user_founder']) ? true : false; - if (!($this->acl_options = $cache->get('acl_options'))) { - $sql = "SELECT auth_option, is_global, is_local - FROM " . ACL_OPTIONS_TABLE . " - ORDER BY auth_option_id"; + $sql = 'SELECT auth_option, is_global, is_local + FROM ' . ACL_OPTIONS_TABLE . ' + ORDER BY auth_option_id'; $result = $db->sql_query($sql); $global = $local = 0; @@ -544,29 +535,23 @@ class auth $this->acl_clear_prefetch(); $this->acl_cache($userdata); } - else if (trim($userdata['user_permissions']) == '') + else if (!$userdata['user_permissions']) { $this->acl_cache($userdata); } - $global_chars = ceil(sizeof($this->acl_options['global']) / 8); - $local_chars = ceil(sizeof($this->acl_options['local']) / 8) + 2; - - for($i = 0; $i < $global_chars; $i++) + foreach (explode("\n", $userdata['user_permissions']) as $f => $seq) { - $this->acl['global'] .= str_pad(decbin(ord($userdata['user_permissions']{$i})), 8, 0, STR_PAD_LEFT); - } - - for ($i = $global_chars; $i < strlen($userdata['user_permissions']); $i += $local_chars) - { - $forum_id = (ord($userdata['user_permissions']{$i}) << 8) + ord($userdata['user_permissions']{$i + 1}); - $this->acl['local'][$forum_id] = ''; - for ($j = $i + 2; $j < $i + $local_chars; $j++) + if ($seq) { - $this->acl['local'][$forum_id] .= str_pad(decbin(ord($userdata['user_permissions']{$j})), 8, 0, STR_PAD_LEFT); + $i = 0; + while ($subseq = substr($seq, $i, 6)) + { + $this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT); + $i += 6; + } } } - unset($forums); return; } @@ -578,19 +563,19 @@ class auth if (!isset($cache[$f][$opt])) { - $cache[$f][$opt] = FALSE; + $cache[$f][$opt] = false; if (isset($this->acl_options['global'][$opt])) { - $cache[$f][$opt] = $this->acl['global']{$this->acl_options['global'][$opt]}; + $cache[$f][$opt] = $this->acl[0]{$this->acl_options['global'][$opt]}; } if (isset($this->acl_options['local'][$opt])) { - $cache[$f][$opt] |= $this->acl['local'][$f]{$this->acl_options['local'][$opt]}; + $cache[$f][$opt] |= $this->acl[$f]{$this->acl_options['local'][$opt]}; } } // Needs to change ... check founder status when updating cache? - return ($this->founder) ? true : $cache[$f][$opt]; + return $cache[$f][$opt]; } function acl_getf($opt) @@ -648,114 +633,104 @@ class auth { global $db; + $hold_ary = array(); // First grab user settings ... each user has only one setting for each // option ... so we shouldn't need any ACL_NO checks ... he says ... - $sql = "SELECT ao.auth_option, a.forum_id, a.auth_setting - FROM " . ACL_OPTIONS_TABLE . " ao, " . ACL_USERS_TABLE . " a - WHERE a.user_id = " . $userdata['user_id'] . " - AND ao.auth_option_id = a.auth_option_id"; + $sql = 'SELECT ao.auth_option, a.forum_id, a.auth_setting + FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a + WHERE a.user_id = ' . $userdata['user_id'] . ' + AND ao.auth_option_id = a.auth_option_id + ORDER BY a.forum_id, ao.auth_option'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { - $this->acl[$row['forum_id']][$row['auth_option']] = $row['auth_setting']; + $hold_ary[$row['forum_id']][$row['auth_option']] = $row['auth_setting']; } $db->sql_freeresult($result); // Now grab group settings ... users can belong to multiple groups so we grab // the minimum setting for all options. ACL_NO overrides ACL_YES so act appropriatley - $sql = "SELECT ao.auth_option, a.forum_id, MIN(a.auth_setting) as min_setting - FROM " . USER_GROUP_TABLE . " ug, " . ACL_OPTIONS_TABLE . " ao, " . ACL_GROUPS_TABLE . " a - WHERE ug.user_id = " . $userdata['user_id'] . " + $sql = 'SELECT ao.auth_option, a.forum_id, MIN(a.auth_setting) as min_setting + FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a + WHERE ug.user_id = ' . $userdata['user_id'] . ' AND a.group_id = ug.group_id AND ao.auth_option_id = a.auth_option_id - GROUP BY ao.auth_option, a.forum_id"; + GROUP BY ao.auth_option, a.forum_id + ORDER BY a.forum_id, ao.auth_option'; $result = $db->sql_query($sql); while ($row = $db->sql_fetchrow($result)) { - if (!isset($this->acl[$row['forum_id']][$row['auth_option']]) || (isset($this->acl[$row['forum_id']][$row['auth_option']]) && $this->acl[$row['forum_id']][$row['auth_option']] !== ACL_NO)) + if (!isset($hold_ary[$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['forum_id']][$row['auth_option']] !== ACL_NO)) { - $this->acl[$row['forum_id']][$row['auth_option']] = $row['min_setting']; + $hold_ary[$row['forum_id']][$row['auth_option']] = $row['min_setting']; } } $db->sql_freeresult($result); - if (is_array($this->acl)) + // If this user is founder we're going to force fill the admin options ... + if ($userdata['user_founder']) { - $global_bits = 8 * ceil(sizeof($this->acl_options['global']) / 8); - $local_bits = 8 * ceil(sizeof($this->acl_options['local']) / 8); - $local_hold = $global_hold = ''; - - foreach ($this->acl as $f => $auth_ary) + foreach ($this->acl_options['global'] as $opt => $id) { - if (!is_array($auth_ary)) + if (strstr($opt, 'a_')) { - continue; + $hold_ary[0][$opt] = 1; } + } + } - $holding = array(); - $option_set = array(); - - if (!$f) - { - $len = $global_bits; - $ary_key = 'global'; - $hold_str = 'global_hold'; - } - else - { - $len = $local_bits; - $ary_key = 'local'; - $hold_str = 'local_hold'; - } + $hold_str = &$userdata['user_permissions']; + if (is_array($hold_ary)) + { + ksort($hold_ary); + $last_f = 0; + foreach ($hold_ary as $f => $auth_ary) + { + $ary_key = (!$f) ? 'global' : 'local'; + $bitstring = array(); foreach ($this->acl_options[$ary_key] as $opt => $id) { if (!empty($auth_ary[$opt])) { - $holding[$id] = 1; + $bitstring[$id] = 1; $option_key = substr($opt, 0, strpos($opt, '_') + 1); if (empty($holding[$this->acl_options[$ary_key][$option_key]])) { - $holding[$this->acl_options[$ary_key][$option_key]] = 1; + $bitstring[$this->acl_options[$ary_key][$option_key]] = 1; } } else { - $holding[$id] = 0; + $bitstring[$id] = 0; } } - $$hold_str .= ($f) ? pack('C2', $f >> 8, $f) : ''; - $bitstring = str_pad(implode('', $holding), $len, 0, STR_PAD_RIGHT); + $bitstring = implode('', $bitstring); - for ($i = 0; $i < $len; $i += 8) + $hold_str .= str_repeat("\n", $f - $last_f); + + for ($i = 0; $i < strlen($bitstring); $i += 31) { - $$hold_str .= chr(bindec(substr($bitstring, $i, 8))); + $hold_str .= str_pad(base_convert(substr($bitstring, $i, 31), 2, 36), 6, 0, STR_PAD_LEFT); } + + $last_f = $f; } - unset($holding); + unset($bitstring); - if ($global_hold == '') - { - for($i = 0; $i < $global_bits; $i += 8) - { - $global_hold .= chr(0); - } - } + $hold_str = rtrim($hold_str); - $userdata['user_permissions'] .= $global_hold . $local_hold; - unset($global_hold); - unset($local_hold); - - $sql = "UPDATE " . USERS_TABLE . " - SET user_permissions = '" . addslashes($userdata['user_permissions']) . "' + $sql = 'UPDATE ' . USERS_TABLE . " + SET user_permissions = '" . $db->sql_escape($hold_str) . "' WHERE user_id = " . $userdata['user_id']; $db->sql_query($sql); } + unset($hold_ary); return; } @@ -765,9 +740,9 @@ class auth { global $db; - $where_sql = ($user_id) ? ' WHERE user_id = ' . intval($user_id) : ''; + $where_sql = ($user_id) ? ' WHERE user_id = ' . $user_id : ''; - $sql = "UPDATE " . USERS_TABLE . " + $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = '' $where_sql"; $db->sql_query($sql); @@ -798,7 +773,16 @@ class auth } $autologin = (!empty($autologin)) ? md5($password) : ''; - return ($login['user_active']) ? $user->create($login['user_id'], $autologin, true, $viewonline) : false; + + if ($login['user_active']) + { + // Trigger EVENT_LOGIN + return $user->create($login['user_id'], $autologin, true, $viewonline); + } + else + { + return false; + } } }