diff --git a/phpBB/admin/admin_groupauth.php b/phpBB/admin/admin_groupauth.php
index aeea3f4cb3..25bd4aa313 100644
--- a/phpBB/admin/admin_groupauth.php
+++ b/phpBB/admin/admin_groupauth.php
@@ -1,6 +1,6 @@
AUTH_VIEW,
- "auth_read" => AUTH_READ,
- "auth_post" => AUTH_POST,
- "auth_reply" => AUTH_REPLY,
- "auth_edit" => AUTH_EDIT,
- "auth_delete" => AUTH_DELETE,
+ "auth_view" => AUTH_VIEW,
+ "auth_read" => AUTH_READ,
+ "auth_post" => AUTH_POST,
+ "auth_reply" => AUTH_REPLY,
+ "auth_edit" => AUTH_EDIT,
+ "auth_delete" => AUTH_DELETE,
"auth_sticky" => AUTH_STICKY,
"auth_announce" => AUTH_ANNOUNCE);
$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");
+
$forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_reply");
//
@@ -82,11 +83,13 @@ $forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_repl
"auth_allow_smilies" => AUTH_ALLOW_SMILIES
);*/
-// ----------
+
+// ---------------
// Start Functions
//
function a_auth_check_user($type, $key, $u_auth, $is_admin)
{
+
$single_user = 0;
$auth_user = array();
@@ -120,8 +123,8 @@ function a_auth_check_user($type, $key, $u_auth, $is_admin)
return $auth_user;
}
//
-// Start Functions
-// ----------
+// End Functions
+// -------------
//
@@ -132,30 +135,53 @@ $adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1;
if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
{
$group_id = $HTTP_POST_VARS[POST_GROUPS_URL];
+ $adv = (isset($HTTP_POST_VARS['adv'])) ? TRUE : FALSE;
//
// This is where things become fun ...
//
+
+ //
+ // Get list of user id's for this group_id
+ //
+ $sql_groupid = "SELECT user_id
+ FROM " . USER_GROUP_TABLE . "
+ WHERE group_id = $group_id
+ AND user_id <> " . ANONYMOUS;
+ if(!$result = $db->sql_query($sql_groupid))
+ {
+ // Error no such user/group
+ }
+ $ug_info = $db->sql_fetchrow($result);
- $change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : 0;
- $change_prv_ary = (isset($HTTP_POST_VARS['private'])) ? $HTTP_POST_VARS['private'] : 0;
//
// Pull all the auth/group
- // for this group
+ // for this user
//
- $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_sticky, aa.auth_announce, aa.auth_mod, g.group_single_user
- FROM " . AUTH_ACCESS_TABLE . " aa, " . GROUPS_TABLE. " g
- WHERE g.group_id = $group_id
- AND aa.group_id = g.group_id";
- $au_result = $db->sql_query($sql);
- if($num_u_access = $db->sql_numrows($au_result))
+ $sql = "SELECT aa.*, g2.group_single_user, u.username, u.user_id, g.group_id, g.group_name
+ FROM " . AUTH_ACCESS_TABLE . " aa, " . AUTH_ACCESS_TABLE . " aa2, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g, " . GROUPS_TABLE . " g2, " . USERS_TABLE . " u
+ WHERE g.group_id = $group_id
+ AND aa.group_id = g.group_id
+ AND ug.group_id = g.group_id
+ AND ug2.user_id = ug.user_id
+ AND u.user_id = ug2.user_id
+ AND g2.group_id = ug2.group_id
+ AND aa2.group_id = g2.group_id";
+/*
+ $sql = "SELECT aa.*, g.group_single_user, g.group_id, g.group_name
+ FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
+ WHERE g.group_id = $group_id
+ AND aa.group_id = g.group_id";*/
+ $ag_result = $db->sql_query($sql);
+
+ if($num_g_access = $db->sql_numrows($ag_result))
{
- $u_access = $db->sql_fetchrowset($au_result);
+ $g_access = $db->sql_fetchrowset($ag_result);
}
- $sql = "SELECT f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce
+ $sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id
ORDER BY c.cat_order ASC, f.forum_order ASC";
@@ -163,6 +189,38 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
$forum_access = $db->sql_fetchrowset($fa_result);
+ $change_prv_list = array();
+
+ $change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : array();
+
+ for($i = 0; $i < count($forum_access); $i++)
+ {
+ $forum_id = $forum_access[$i]['forum_id'];
+
+ for($j = 0; $j < count($forum_auth_fields); $j++)
+ {
+ $field = $forum_auth_fields[$j];
+
+ if( isset($HTTP_POST_VARS['private']) )
+ {
+ if( $forum_access[$i][$field] == AUTH_ACL )
+ {
+ if( isset($HTTP_POST_VARS['private'][$forum_id]) )
+ {
+ $change_prv_list[$forum_id][$field] = $HTTP_POST_VARS['private'][$forum_id];
+ }
+ }
+ }
+ else
+ {
+ if( isset($HTTP_POST_VARS[$field][$forum_id]) )
+ {
+ $change_prv_list[$forum_id][$field] = $HTTP_POST_VARS[$field][$forum_id];
+ }
+ }
+ }
+ }
+
//
// The data above lists access and moderator permissions
// for this user given by all the groups they belong to.
@@ -176,215 +234,295 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
// the user access goes against the group permissions
// (although in this case we'll go ahead and add the user)
//
-
+
//
//
//
- $warning_mod = array();
- $valid_auth_mod = array();
+ $warning_mod_userid = array();
+ $warning_mod_username = array();
+ $warning_mod_frmname = array();
$valid_auth_mod_sql = array();
- @reset($change_mod_ary);
+ $warning_prv_userid = array();
+ $warning_prv_username = array();
+ $warning_prv_frmname = array();
+ $valid_auth_prv_sql = array();
- while(list($chg_forum_id, $value) = @each($change_mod_ary))
+ for($i = 0; $i < count($forum_access); $i++)
{
- $a_match = $value;
+ $this_forum_id = $forum_access[$i]['forum_id'];
- $auth_exists = FALSE;
+ $update_mod = FALSE;
+ $update_acl = FALSE;
- for($i = 0; $i < count($u_access); $i++)
+ $valid_auth_mod_sql_val = "";
+ $valid_auth_prv_sql_fld = "";
+ $valid_auth_prv_sql_val = "";
+
+ @reset($change_mod_ary);
+ @reset($change_prv_list);
+
+ //
+ // Moderator control
+ //
+ while(list($mod_forum_id, $new_mod_status) = @each($change_mod_ary))
{
- $forum_id = $u_access[$i]['forum_id'];
-
- if( $forum_id == $chg_forum_id )
+ if($mod_forum_id == $this_forum_id)
{
+ $warned = FALSE;
- if( $u_access[$i]['auth_mod'] == $value && !$u_access[$i]['group_single_user'] )
+ for($j = 0; $j < count($g_access); $j++)
{
- $a_match = -1;
- }
- else if( $u_access[$i]['auth_mod'] && !$value && $u_access[$i]['group_single_user'] )
- {
- //
- // User is being removed as a moderator but is a moderator
- // via a group, carry out the update but warn the moderator
- //
- $warning_mod[$chg_forum_id] = TRUE;
- }
- else
- {
- if(!$value)
+ if($g_access[$j]['forum_id'] == $this_forum_id)
{
- $sql = "DELETE FROM " . AUTH_ACCESS_TABLE;
+ $cur_mod_status = $g_access[$j]['auth_mod'];
+ $is_single_user = $g_access[$j]['group_single_user'];
+
+ if($cur_mod_status == $new_mod_status && !$is_single_user)
+ {
+ //
+ // No need to update so set update to true
+ //
+ $update_mod = TRUE;
+ }
+ else if($cur_mod_status && !$new_mod_status && $is_single_user && !$warned)
+ {
+ //
+ // users within group can mod via their own auth, we'll warn
+ // the admin but carry out the op anyway if reqd.
+ //
+ $warning_mod_userid[$this_forum_id][] = $g_access[$j]['user_id'];
+ $warning_mod_username[$this_forum_id][] = $g_access[$j]['username'];
+ $warning_mod_frmname[$this_forum_id][] = $forum_access[$i]['forum_name'];
+
+ $warned = TRUE;
+ }
+ else if($cur_mod_status != $new_mod_status && !$is_single_user)
+ {
+ if($new_mod_status)
+ {
+ $valid_auth_mod_sql[$this_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . "
+ SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_announce = 0, auth_sticky = 0, auth_mod = $new_mod_status
+ WHERE forum_id = $this_forum_id
+ AND group_id = $group_id";
+ }
+ else
+ {
+ $valid_auth_mod_sql[$this_forum_id] = "DELETE FROM " . AUTH_ACCESS_TABLE . "
+ WHERE forum_id = $this_forum_id
+ AND group_id = $group_id";
+ }
+ $update_mod = TRUE;
+ }
}
- else
- {
- $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
- SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0, auth_mod = " . TRUE;
- }
- $valid_auth_mod_sql[$chg_forum_id] = $sql . " WHERE forum_id = $chg_forum_id AND group_id = $group_id";
- $valid_auth_mod[$chg_forum_id] = 1;
}
- $auth_exists = TRUE;
+ if(!$update_mod && $new_mod_status)
+ {
+ $valid_auth_mod_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . "
+ (forum_id, group_id, auth_mod)
+ VALUES ($this_forum_id, $group_id, $new_mod_status)";
+ $update_mod = TRUE;
+ }
}
}
-
- if(!$auth_exists && $value)
+
+ //
+ // Private/ACL control
+ //
+ while(list($prv_forum_id, $new_prv_ary) = @each($change_prv_list))
{
- $valid_auth_mod_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, auth_mod) VALUES ($chg_forum_id, $group_id, 1)";
- $valid_auth_mod[$chg_forum_id] = 0;
- }
- }
-
-
- //
- // Check against priv access table ...
- //
- $warning_mod = array();
- $valid_auth_acl_sql = array();
-
- @reset($valid_auth_mod);
- @reset($change_prv_ary);
-
- while(list($chg_forum_id, $value) = @each($change_prv_ary))
- {
- $valid_auth_acl_sql[$chg_forum_id] = "";
- $auth_exists = FALSE;
-
- for($i = 0; $i < count($u_access); $i++)
- {
- if( $u_access[$i]['forum_id'] == $chg_forum_id )
+ if($prv_forum_id == $this_forum_id && empty($valid_auth_mod_sql[$this_forum_id]) )
{
-
- //
- // If we're updating/inserting a moderator access
- // control then we don't need to both with anything here,
- // adding (or updating) a user to mod status automatically
- // grants access to all forum functions (unless they
- // are set at admin status!). Removing moderator permissions
- // automatically removes all priviledges, it does mean the
- // admin has to re-enable ACL privs but it does prevent
- // them accidently leaving a user with access to a forum
- // they should be now denied.
- //
-// echo "
" . $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . "
";
-
-// echo $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . " : " . $u_access[$i]['auth_mod'] . "
";
-
- if( empty($valid_auth_mod[$chg_forum_id]) && !$u_access[$i]['auth_mod'])
+ for($j = 0; $j < count($g_access); $j++)
{
- //
- // User isn't a moderator so now we have to decide whether the
- // the access needs creating, updating or deleting ...
- //
-
- for($j = 0; $j < count($forum_access); $j++)
+ if($g_access[$j]['forum_id'] == $this_forum_id)
{
- if( $chg_forum_id == $forum_access[$j]['forum_id'] )
+ $is_single_user = $u_access[$j]['group_single_user'];
+
+ if(!$is_single_user)
{
- $update_acl_sql = "";
+ $valid_auth_prv_sql[$this_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . " SET ";
+ }
- for($k = 0; $k < count($forum_auth_fields); $k++)
+ $is_all_zeroed = FALSE;
+ $warned = FALSE;
+
+ //
+ // Step through all auth fields
+ //
+ @reset($new_prv_ary);
+ while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
+ {
+ //
+ // Is this field set to ACL?
+ //
+ $cur_prv_status = $g_access[$j][$this_prv_field];
+
+ if($cur_prv_status == $new_prv_status && !$is_single_user)
{
- $auth_field = $forum_auth_fields[$k];
-
- if( $forum_access[$j][$auth_field] == AUTH_ACL )
+ //
+ // No need to update so set update to true
+ //
+ $update_acl = TRUE;
+ }
+ else if( ( $cur_prv_status || $g_access[$j]['auth_mod'] ) && !$new_prv_status && $is_single_user && !$warned)
+ {
+ //
+ // user can mod via group auth, we'll warn
+ // the admin but carry out the op anyway if reqd.
+ //
+ $warning_prv_userid[$this_forum_id][] = $g_access[$j]['user_id'];
+ $warning_prv_username[$this_forum_id][] = $g_access[$j]['username'];
+ $warning_prv_frmname[$this_forum_id][] = $forum_access[$i]['forum_name'];
+ $warned = TRUE;
+ }
+ else if($cur_prv_status != $new_prv_status && !$is_single_user)
+ {
+ if( $valid_auth_prv_sql_val != "")
{
+ $valid_auth_prv_sql_val .= ", ";
+ }
+ $valid_auth_prv_sql_val .= "$this_prv_field = $new_prv_status";
- if( $u_access[$i][$auth_field] && !$value && $u_access[$i]['group_single_user'] )
- {
- //
- // User is having ACL access removed from this field
- // but retains access via a group they belong too,
- // carry out the update but warn the moderator
- //
+ $update_acl = TRUE;
- $warning_acl[$chg_forum_id][$auth_field] = TRUE;
- }
- else if( $u_access[$i][$auth_field] != $value && !$u_access[$i]['group_single_user'] )
- {
- $update_acl_sql .= ($update_acl_sql != "") ? ", $auth_field = $value" : "$auth_field = $value";
- }
+ if(!$new_prv_status)
+ {
+ $is_all_zeroed = TRUE;
}
}
+ }
- $valid_auth_acl_sql[$chg_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . " SET " . $update_acl_sql ." WHERE forum_id = $chg_forum_id AND group_id = $group_id";
-
- } // forum_id = forum_access
-
- } // for ... forum_access
-
- } // not_mod
-
- $auth_exists = TRUE;
-
- } // if forum ... chg_forum
-
- } // for ... u_access
-
- if($valid_auth_acl_sql[$chg_forum_id] == "" && !$auth_exists)
- {
- for($j = 0; $j < count($forum_access); $j++)
- {
- if( $chg_forum_id == $forum_access[$j]['forum_id'] && $value)
- {
- $valid_auth_acl_sql_val = "";
- $valid_auth_acl_sql_fld = "";
-
- for($k = 0; $k < count($forum_auth_fields); $k++)
- {
- $auth_field = $forum_auth_fields[$k];
-
- if( $forum_access[$j][$auth_field] == AUTH_ACL )
+ if(!$is_single_user)
{
- $valid_auth_acl_sql_fld .= ($valid_auth_acl_sql_fld != "") ? ", $auth_field" : "$auth_field";
- $valid_auth_acl_sql_val .= ($valid_auth_acl_sql_val != "") ? ", $value" : "$value";
+ if(!$is_all_zeroed)
+ {
+ $valid_auth_prv_sql[$this_forum_id] .= $valid_auth_prv_sql_val . " WHERE forum_id = $this_forum_id AND group_id = $group_id";
+ }
+ else
+ {
+ $valid_auth_prv_sql[$this_forum_id] = "DELETE FROM " . AUTH_ACCESS_TABLE . "
+ WHERE forum_id = $this_forum_id
+ AND group_id = $group_id";
+ }
+ }
+ $valid_auth_prv_sql_val = "";
+ }
+ }
+
+ if(!$update_acl)
+ {
+ //
+ // Step through all auth fields
+ //
+ $all_zeroed = TRUE;
+
+ @reset($new_prv_ary);
+ while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
+ {
+ //
+ // Is this field set to ACL?
+ //
+ if( $valid_auth_prv_sql_fld != "" )
+ {
+ $valid_auth_prv_sql_fld .= ", ";
+ }
+
+ if( $valid_auth_prv_sql_val != "" )
+ {
+ $valid_auth_prv_sql_val .= ", ";
+ }
+ $valid_auth_prv_sql_fld .= "$this_prv_field";
+ $valid_auth_prv_sql_val .= "$new_prv_status";
+
+ if($new_prv_status)
+ {
+ $all_zeroed = FALSE;
}
}
- $valid_auth_acl_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_acl_sql_fld) VALUES ($chg_forum_id, $group_id, $valid_auth_acl_sql_val)";
+ if(!$all_zeroed)
+ {
+ $valid_auth_prv_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_prv_sql_fld) VALUES ($this_forum_id, $group_id, $valid_auth_prv_sql_val)";
+ }
+
+ $update_acl = TRUE;
}
}
}
}
-// print_r($valid_auth_acl_sql);
-// echo "
";
-
//
- // The next part requires that we know whether we're
- // updating an existing entry, inserting a new one or
- // deleting an existing entry ... as well as what we're
- // updating and with what value ...
+ // Checks complete, make updates to DB
//
-
- //
- // Checks complete, make updates
- //
- while(list($chg_forum_id, $sql) = each($valid_auth_mod_sql))
+ while( list($chg_forum_id, $sql) = each($valid_auth_mod_sql) )
{
if( !empty($sql) )
{
- if(!$result = $db->sql_query($sql))
+ if( !$result = $db->sql_query($sql) )
{
// Error ...
}
}
}
- while(list($chg_forum_id, $sql) = each($valid_auth_acl_sql))
+ while( list($chg_forum_id, $sql) = each($valid_auth_prv_sql) )
{
if( !empty($sql) )
{
- if(!$result = $db->sql_query($sql))
+ if( !$result = $db->sql_query($sql) )
{
// Error ...
}
}
}
- header("Location: admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id");
+ //
+ // Any warnings?
+ //
+ $warning_list = "";
+ while( list($forum_id, $user_ary) = each($warning_mod_userid) )
+ {
+ for($i = 0; $i < count($user_ary); $i++)
+ {
+ if(!empty($valid_auth_mod_sql[$forum_id]))
+ {
+ $warning_list .= "" . $warning_mod_username[$forum_id][$i] . " has moderator status on " . $warning_mod_frmname[$forum_id][$i] . "
";
+ }
+ }
+ }
+
+ while( list($forum_id, $user_ary) = each($warning_prv_userid) )
+ {
+ for($i = 0; $i < count($user_ary); $i++)
+ {
+ if(!empty($valid_auth_prv_sql[$forum_id]))
+ {
+ $warning_list .= "" . $warning_prv_username[$forum_id][$i] . " has access status to " . $warning_prv_frmname[$forum_id][$i] . "
";
+ }
+ }
+ }
+
+ if($warning_list != "")
+ {
+ $warning_list = "
The following user/s still have access/moderator rights to this forum via their user auth settings. You may want to alter the user authorisation/s to fully prevent them having access/moderator rights. The users granted rights are noted below.
" . $warning_list . "
Click HERE to return to group auth admin
";
+
+ $template_header = "admin/page_header.tpl";
+ include('page_header_admin.'.$phpEx);
+
+ $template->set_filenames(array(
+ "body" => "admin/admin_message_body.tpl")
+ );
+ $template->assign_vars(array(
+ "MESSAGE_TITLE" => "Authorisation Conflict Warning",
+ "MESSAGE_TEXT" => $warning_list)
+ );
+ }
+ else
+ {
+ header("Location: admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id");
+ }
}
else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
@@ -397,15 +535,14 @@ else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
$sql = "SELECT group_id, group_name
FROM " . GROUPS_TABLE . "
- WHERE group_single_user <> 1";
- $u_result = $db->sql_query($sql);
-
- $user_list = $db->sql_fetchrowset($u_result);
+ WHERE group_single_user <> " . TRUE;
+ $g_result = $db->sql_query($sql);
+ $group_list = $db->sql_fetchrowset($g_result);
$select_list = "";
@@ -420,98 +557,105 @@ else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
"L_USER_OR_GROUP" => "Group",
"S_USERAUTH_ACTION" => append_sid("admin_groupauth.$phpEx"),
- "S_USERS_SELECT" => $select_list,
-
- "U_FORUMAUTH" => append_sid("admin_forumauth.$phpEx"))
+ "S_USERS_SELECT" => $select_list)
);
- $template->pparse("body");
-
- include('page_footer_admin.'.$phpEx);
-
}
-
-
-//
-// Front end
-//
-$template_header = "admin/page_header.tpl";
-include('page_header_admin.'.$phpEx);
-
-$template->set_filenames(array(
- "body" => "admin/ug_auth_body.tpl")
-);
-
-$group_id = $HTTP_GET_VARS[POST_GROUPS_URL];
-
-$sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_announce, f.auth_sticky
- FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
- WHERE c.cat_id = f.cat_id
- ORDER BY c.cat_order ASC, f.forum_order ASC";
-$fa_result = $db->sql_query($sql);
-
-$forum_access = $db->sql_fetchrowset($fa_result);
-
-if($adv == -1)
+else
{
- for($i = 0; $i < count($forum_access); $i++)
+ //
+ // Front end
+ //
+ $group_id = $HTTP_GET_VARS[POST_GROUPS_URL];
+ if( isset($HTTP_GET_VARS['adv']) )
{
- while(list($forum_id, $forum_row) = each($forum_access))
- {
- for($j = 0; $j < count($forum_auth_key_fields); $j++)
- {
- $basic_auth_level[$forum_row['forum_id']] = "public";
+ $adv = $HTTP_GET_VARS['adv'];
+ }
+ else
+ {
+ $adv = FALSE;
+ }
- if($forum_row[$forum_auth_key_fields[$j]] == AUTH_REG)
+ $template_header = "admin/page_header.tpl";
+ include('page_header_admin.'.$phpEx);
+
+ $template->set_filenames(array(
+ "body" => "admin/ug_auth_body.tpl")
+ );
+
+ //
+ //
+ //
+ $sql = "SELECT f.*
+ FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
+ WHERE c.cat_id = f.cat_id
+ ORDER BY c.cat_order ASC, f.forum_order ASC";
+ $fa_result = $db->sql_query($sql);
+
+ $forum_access = $db->sql_fetchrowset($fa_result);
+
+ if( empty($adv) )
+ {
+ for($i = 0; $i < count($forum_access); $i++)
+ {
+ while(list($forum_id, $forum_row) = each($forum_access))
+ {
+ for($j = 0; $j < count($forum_auth_key_fields); $j++)
{
- $basic_auth_level[$forum_row['forum_id']] = "registered";
- $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
- }
- else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ACL)
- {
- $basic_auth_level[$forum_row['forum_id']] = "private";
- $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
- }
- else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_MOD)
- {
- $basic_auth_level[$forum_row['forum_id']] = "moderator";
- $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
- }
- else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ADMIN)
- {
- $basic_auth_level[$forum_row['forum_id']] = "admin";
- $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ $basic_auth_level[$forum_row['forum_id']] = "public";
+
+ if($forum_row[$forum_auth_key_fields[$j]] == AUTH_REG)
+ {
+ $basic_auth_level[$forum_row['forum_id']] = "registered";
+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ }
+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ACL)
+ {
+ $basic_auth_level[$forum_row['forum_id']] = "private";
+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ }
+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_MOD)
+ {
+ $basic_auth_level[$forum_row['forum_id']] = "moderator";
+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ }
+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ADMIN)
+ {
+ $basic_auth_level[$forum_row['forum_id']] = "admin";
+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ }
}
}
}
}
- $sql = "SELECT u.user_id, u.username, g.group_id, g.group_name, g.group_single_user
+ $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE g.group_id = $group_id
- AND ug.group_id = g.group_id
+ AND ug.group_id = g.group_id
AND u.user_id = ug.user_id";
$g_result = $db->sql_query($sql);
-
$groupinf = $db->sql_fetchrowset($g_result);
- $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_mod
- FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
+ $sql = "SELECT aa.*
+ FROM " . AUTH_ACCESS_TABLE . " aa, " . GROUPS_TABLE. " g
WHERE g.group_id = $group_id
AND aa.group_id = g.group_id
- AND g.group_single_user <> " . TRUE;
- $au_result = $db->sql_query($sql);
+ AND g.group_single_user = 0";
+ $ag_result = $db->sql_query($sql);
- $num_u_access = $db->sql_numrows($au_result);
- if($num_u_access)
+ $num_g_access = $db->sql_numrows($ag_result);
+
+ if($num_g_access)
{
- while($u_row = $db->sql_fetchrow($au_result))
+ while($g_row = $db->sql_fetchrow($ag_result))
{
- $u_access[$u_row['forum_id']][] = $u_row;
- $num_forum_access[$u_row['forum_id']]++;
+ $g_access[$g_row['forum_id']][] = $g_row;
+ $num_forum_access[$g_row['forum_id']]++;
}
}
+ $auth_group = array();
for($i = 0; $i < count($forum_access); $i++)
{
$f_forum_id = $forum_access[$i]['forum_id'];
@@ -525,91 +669,84 @@ if($adv == -1)
switch($value)
{
case AUTH_ALL:
- $auth_user[$f_forum_id][$key] = 1;
+ $auth_group[$f_forum_id][$key] = 1;
break;
case AUTH_REG:
- $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? 1 : 0;
+ $auth_group[$f_forum_id][$key] = 1;
break;
case AUTH_ACL:
- if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id])
+ if($num_forum_access[$f_forum_id])
{
- $result = a_auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], 0);
- $auth_user[$f_forum_id][$key] = $result['auth'];
+ $result = a_auth_check_user(AUTH_ACL, $key, $g_access[$f_forum_id], 0);
+ $auth_group[$f_forum_id][$key] = $result['auth'];
+ $auth_field_acl[$f_forum_id][$key] = $result['auth'];
}
else
{
- $auth_user[$f_forum_id][$key] = 0;
- }
- break;
-
- case AUTH_MOD:
- if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id])
- {
- $result = a_auth_check_user(AUTH_MOD, $key, $u_access[$f_forum_id], 0);
- $auth_user[$f_forum_id][$key] = $result['auth'];
- }
- else
- {
- $auth_user[$f_forum_id][$key] = 0;
+ $auth_group[$f_forum_id][$key] = 0;
}
break;
+ case AUTH_MOD:
+ if($num_forum_access[$f_forum_id])
+ {
+ $result = a_auth_check_user(AUTH_MOD, $key, $g_access[$f_forum_id], 0);
+ $auth_group[$f_forum_id][$key] = $result['auth'];
+ }
+ else
+ {
+ $auth_group[$f_forum_id][$key] = 0;
+ }
+ break;
+
case AUTH_ADMIN:
- $auth_user[$f_forum_id][$key] = 0;
+ $auth_group[$f_forum_id][$key] = 0;
break;
default:
- $auth_user[$f_forum_id][$key] = 0;
+ $auth_group[$f_forum_id][$key] = 0;
break;
}
}
+
//
// Is user a moderator?
//
- if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id])
+ if($num_forum_access[$f_forum_id])
{
- $result = a_auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], 0);
- $auth_user[$f_forum_id]['auth_mod'] = $result['auth'];
+ $result = a_auth_check_user(AUTH_MOD, 'auth_mod', $g_access[$f_forum_id], 0);
+ $auth_group[$f_forum_id]['auth_mod'] = $result['auth'];
}
else
{
- $auth_user[$f_forum_id][$key] = 0;
+ $auth_group[$f_forum_id][$key] = 0;
}
}
- while(list($forumkey, $user_ary) = each($auth_user))
- {
- $simple_auth[$forumkey] = 1;
- while(list($fieldkey, $value) = each($user_ary))
- {
- $simple_auth[$forumkey] = $simple_auth[$forumkey] && $value;
- }
- }
- reset($auth_user);
-
$i = 0;
- if($adv == -1)
+ while(list($forumkey, $group_ary) = each($auth_group))
{
- while(list($forumkey, $user_ary) = each($auth_user))
+ if( empty($adv) )
{
if($basic_auth_level[$forumkey] == "private")
{
$allowed = 1;
+
for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++)
{
- if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]])
+ if(!$group_ary[$basic_auth_level_fields[$forumkey][$j]])
{
$allowed = 0;
}
}
$optionlist_acl = "