makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-28 14:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

And as if by magic group auth admin appeared

Browse source 
git-svn-id: file:///svn/phpbb/trunk@702 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Paul S. Owen 2001-07-19 23:52:10 +00:00
parent b69afe920c
commit c4506dbbc7
2 changed files with 542 additions and 320 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

684
phpBB/admin/admin_groupauth.php
View file

@ -1,6 +1,6 @@
<?php <?php
/*************************************************************************** /***************************************************************************
* admin_groupauth.php * admin_userauth.php
* ------------------- * -------------------
* begin : Saturday, Feb 13, 2001 * begin : Saturday, Feb 13, 2001
* copyright : (C) 2001 The phpBB Group * copyright : (C) 2001 The phpBB Group
@ -65,6 +65,7 @@ $auth_field_match = array(
"auth_announce" => AUTH_ANNOUNCE); "auth_announce" => AUTH_ANNOUNCE);
$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce"); $forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");
$forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_reply"); $forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_reply");
// //
@ -82,11 +83,13 @@ $forum_auth_key_fields = array("auth_view", "auth_read", "auth_post", "auth_repl
"auth_allow_smilies" => AUTH_ALLOW_SMILIES "auth_allow_smilies" => AUTH_ALLOW_SMILIES
);*/ );*/
// ----------
// ---------------
// Start Functions // Start Functions
// //
function a_auth_check_user($type, $key, $u_auth, $is_admin) function a_auth_check_user($type, $key, $u_auth, $is_admin)
{ {
$single_user = 0; $single_user = 0;
$auth_user = array(); $auth_user = array();
@ -120,8 +123,8 @@ function a_auth_check_user($type, $key, $u_auth, $is_admin)
return $auth_user; return $auth_user;
} }
// //
// Start Functions // End Functions
// ---------- // -------------
// //
@ -132,30 +135,53 @@ $adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1;
if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL])) if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
{ {
$group_id = $HTTP_POST_VARS[POST_GROUPS_URL]; $group_id = $HTTP_POST_VARS[POST_GROUPS_URL];
$adv = (isset($HTTP_POST_VARS['adv'])) ? TRUE : FALSE;
// //
// This is where things become fun ... // This is where things become fun ...
// //
$change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : 0; //
$change_prv_ary = (isset($HTTP_POST_VARS['private'])) ? $HTTP_POST_VARS['private'] : 0; // Get list of user id's for this group_id
//
$sql_groupid = "SELECT user_id
FROM " . USER_GROUP_TABLE . "
WHERE group_id = $group_id
AND user_id <> " . ANONYMOUS;
if(!$result = $db->sql_query($sql_groupid))
{
// Error no such user/group
}
$ug_info = $db->sql_fetchrow($result);
// //
// Pull all the auth/group // Pull all the auth/group
// for this group // for this user
// //
$sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_sticky, aa.auth_announce, aa.auth_mod, g.group_single_user
FROM " . AUTH_ACCESS_TABLE . " aa, " . GROUPS_TABLE. " g
WHERE g.group_id = $group_id
AND aa.group_id = g.group_id";
$au_result = $db->sql_query($sql);
if($num_u_access = $db->sql_numrows($au_result)) $sql = "SELECT aa.*, g2.group_single_user, u.username, u.user_id, g.group_id, g.group_name
FROM " . AUTH_ACCESS_TABLE . " aa, " . AUTH_ACCESS_TABLE . " aa2, " . USER_GROUP_TABLE . " ug, " . USER_GROUP_TABLE . " ug2, " . GROUPS_TABLE . " g, " . GROUPS_TABLE . " g2, " . USERS_TABLE . " u
WHERE g.group_id = $group_id
AND aa.group_id = g.group_id
AND ug.group_id = g.group_id
AND ug2.user_id = ug.user_id
AND u.user_id = ug2.user_id
AND g2.group_id = ug2.group_id
AND aa2.group_id = g2.group_id";
/*
$sql = "SELECT aa.*, g.group_single_user, g.group_id, g.group_name
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
WHERE g.group_id = $group_id
AND aa.group_id = g.group_id";*/
$ag_result = $db->sql_query($sql);
if($num_g_access = $db->sql_numrows($ag_result))
{ {
$u_access = $db->sql_fetchrowset($au_result); $g_access = $db->sql_fetchrowset($ag_result);
} }
$sql = "SELECT f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce $sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id WHERE c.cat_id = f.cat_id
ORDER BY c.cat_order ASC, f.forum_order ASC"; ORDER BY c.cat_order ASC, f.forum_order ASC";
@ -163,6 +189,38 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
$forum_access = $db->sql_fetchrowset($fa_result); $forum_access = $db->sql_fetchrowset($fa_result);
$change_prv_list = array();
$change_mod_ary = (isset($HTTP_POST_VARS['moderator'])) ? $HTTP_POST_VARS['moderator'] : array();
for($i = 0; $i < count($forum_access); $i++)
{
$forum_id = $forum_access[$i]['forum_id'];
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$field = $forum_auth_fields[$j];
if( isset($HTTP_POST_VARS['private']) )
{
if( $forum_access[$i][$field] == AUTH_ACL )
{
if( isset($HTTP_POST_VARS['private'][$forum_id]) )
{
$change_prv_list[$forum_id][$field] = $HTTP_POST_VARS['private'][$forum_id];
}
}
}
else
{
if( isset($HTTP_POST_VARS[$field][$forum_id]) )
{
$change_prv_list[$forum_id][$field] = $HTTP_POST_VARS[$field][$forum_id];
}
}
}
}
// //
// The data above lists access and moderator permissions // The data above lists access and moderator permissions
// for this user given by all the groups they belong to. // for this user given by all the groups they belong to.
@ -180,187 +238,223 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
// //
// //
// //
$warning_mod = array(); $warning_mod_userid = array();
$valid_auth_mod = array(); $warning_mod_username = array();
$warning_mod_frmname = array();
$valid_auth_mod_sql = array(); $valid_auth_mod_sql = array();
$warning_prv_userid = array();
$warning_prv_username = array();
$warning_prv_frmname = array();
$valid_auth_prv_sql = array();
for($i = 0; $i < count($forum_access); $i++)
{
$this_forum_id = $forum_access[$i]['forum_id'];
$update_mod = FALSE;
$update_acl = FALSE;
$valid_auth_mod_sql_val = "";
$valid_auth_prv_sql_fld = "";
$valid_auth_prv_sql_val = "";
@reset($change_mod_ary); @reset($change_mod_ary);
@reset($change_prv_list);
while(list($chg_forum_id, $value) = @each($change_mod_ary)) //
// Moderator control
//
while(list($mod_forum_id, $new_mod_status) = @each($change_mod_ary))
{ {
$a_match = $value; if($mod_forum_id == $this_forum_id)
$auth_exists = FALSE;
for($i = 0; $i < count($u_access); $i++)
{ {
$forum_id = $u_access[$i]['forum_id']; $warned = FALSE;
if( $forum_id == $chg_forum_id ) for($j = 0; $j < count($g_access); $j++)
{ {
if($g_access[$j]['forum_id'] == $this_forum_id)
{
$cur_mod_status = $g_access[$j]['auth_mod'];
$is_single_user = $g_access[$j]['group_single_user'];
if( $u_access[$i]['auth_mod'] == $value && !$u_access[$i]['group_single_user'] ) if($cur_mod_status == $new_mod_status && !$is_single_user)
{ {
$a_match = -1; //
// No need to update so set update to true
//
$update_mod = TRUE;
} }
else if( $u_access[$i]['auth_mod'] && !$value && $u_access[$i]['group_single_user'] ) else if($cur_mod_status && !$new_mod_status && $is_single_user && !$warned)
{ {
// //
// User is being removed as a moderator but is a moderator // users within group can mod via their own auth, we'll warn
// via a group, carry out the update but warn the moderator // the admin but carry out the op anyway if reqd.
// //
$warning_mod[$chg_forum_id] = TRUE; $warning_mod_userid[$this_forum_id][] = $g_access[$j]['user_id'];
$warning_mod_username[$this_forum_id][] = $g_access[$j]['username'];
$warning_mod_frmname[$this_forum_id][] = $forum_access[$i]['forum_name'];
$warned = TRUE;
}
else if($cur_mod_status != $new_mod_status && !$is_single_user)
{
if($new_mod_status)
{
$valid_auth_mod_sql[$this_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . "
SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_announce = 0, auth_sticky = 0, auth_mod = $new_mod_status
WHERE forum_id = $this_forum_id
AND group_id = $group_id";
} }
else else
{ {
if(!$value) $valid_auth_mod_sql[$this_forum_id] = "DELETE FROM " . AUTH_ACCESS_TABLE . "
WHERE forum_id = $this_forum_id
AND group_id = $group_id";
}
$update_mod = TRUE;
}
}
}
if(!$update_mod && $new_mod_status)
{ {
$sql = "DELETE FROM " . AUTH_ACCESS_TABLE; $valid_auth_mod_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . "
(forum_id, group_id, auth_mod)
VALUES ($this_forum_id, $group_id, $new_mod_status)";
$update_mod = TRUE;
}
}
}
//
// Private/ACL control
//
while(list($prv_forum_id, $new_prv_ary) = @each($change_prv_list))
{
if($prv_forum_id == $this_forum_id && empty($valid_auth_mod_sql[$this_forum_id]) )
{
for($j = 0; $j < count($g_access); $j++)
{
if($g_access[$j]['forum_id'] == $this_forum_id)
{
$is_single_user = $u_access[$j]['group_single_user'];
if(!$is_single_user)
{
$valid_auth_prv_sql[$this_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . " SET ";
}
$is_all_zeroed = FALSE;
$warned = FALSE;
//
// Step through all auth fields
//
@reset($new_prv_ary);
while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
{
//
// Is this field set to ACL?
//
$cur_prv_status = $g_access[$j][$this_prv_field];
if($cur_prv_status == $new_prv_status && !$is_single_user)
{
//
// No need to update so set update to true
//
$update_acl = TRUE;
}
else if( ( $cur_prv_status || $g_access[$j]['auth_mod'] ) && !$new_prv_status && $is_single_user && !$warned)
{
//
// user can mod via group auth, we'll warn
// the admin but carry out the op anyway if reqd.
//
$warning_prv_userid[$this_forum_id][] = $g_access[$j]['user_id'];
$warning_prv_username[$this_forum_id][] = $g_access[$j]['username'];
$warning_prv_frmname[$this_forum_id][] = $forum_access[$i]['forum_name'];
$warned = TRUE;
}
else if($cur_prv_status != $new_prv_status && !$is_single_user)
{
if( $valid_auth_prv_sql_val != "")
{
$valid_auth_prv_sql_val .= ", ";
}
$valid_auth_prv_sql_val .= "$this_prv_field = $new_prv_status";
$update_acl = TRUE;
if(!$new_prv_status)
{
$is_all_zeroed = TRUE;
}
}
}
if(!$is_single_user)
{
if(!$is_all_zeroed)
{
$valid_auth_prv_sql[$this_forum_id] .= $valid_auth_prv_sql_val . " WHERE forum_id = $this_forum_id AND group_id = $group_id";
} }
else else
{ {
$sql = "UPDATE " . AUTH_ACCESS_TABLE . " $valid_auth_prv_sql[$this_forum_id] = "DELETE FROM " . AUTH_ACCESS_TABLE . "
SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0, auth_mod = " . TRUE; WHERE forum_id = $this_forum_id
AND group_id = $group_id";
} }
$valid_auth_mod_sql[$chg_forum_id] = $sql . " WHERE forum_id = $chg_forum_id AND group_id = $group_id";
$valid_auth_mod[$chg_forum_id] = 1;
} }
$valid_auth_prv_sql_val = "";
$auth_exists = TRUE;
} }
} }
if(!$auth_exists && $value) if(!$update_acl)
{
$valid_auth_mod_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, auth_mod) VALUES ($chg_forum_id, $group_id, 1)";
$valid_auth_mod[$chg_forum_id] = 0;
}
}
//
// Check against priv access table ...
//
$warning_mod = array();
$valid_auth_acl_sql = array();
@reset($valid_auth_mod);
@reset($change_prv_ary);
while(list($chg_forum_id, $value) = @each($change_prv_ary))
{
$valid_auth_acl_sql[$chg_forum_id] = "";
$auth_exists = FALSE;
for($i = 0; $i < count($u_access); $i++)
{
if( $u_access[$i]['forum_id'] == $chg_forum_id )
{
//
// If we're updating/inserting a moderator access
// control then we don't need to both with anything here,
// adding (or updating) a user to mod status automatically
// grants access to all forum functions (unless they
// are set at admin status!). Removing moderator permissions
// automatically removes all priviledges, it does mean the
// admin has to re-enable ACL privs but it does prevent
// them accidently leaving a user with access to a forum
// they should be now denied.
//
// echo "<BR>" . $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . "<BR>";
// echo $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . " : " . $u_access[$i]['auth_mod'] . "<BR>";
if( empty($valid_auth_mod[$chg_forum_id]) && !$u_access[$i]['auth_mod'])
{ {
// //
// User isn't a moderator so now we have to decide whether the // Step through all auth fields
// the access needs creating, updating or deleting ...
// //
$all_zeroed = TRUE;
for($j = 0; $j < count($forum_access); $j++) @reset($new_prv_ary);
{ while( list($this_prv_field, $new_prv_status) = each($new_prv_ary) )
if( $chg_forum_id == $forum_access[$j]['forum_id'] )
{
$update_acl_sql = "";
for($k = 0; $k < count($forum_auth_fields); $k++)
{
$auth_field = $forum_auth_fields[$k];
if( $forum_access[$j][$auth_field] == AUTH_ACL )
{
if( $u_access[$i][$auth_field] && !$value && $u_access[$i]['group_single_user'] )
{ {
// //
// User is having ACL access removed from this field // Is this field set to ACL?
// but retains access via a group they belong too,
// carry out the update but warn the moderator
// //
if( $valid_auth_prv_sql_fld != "" )
$warning_acl[$chg_forum_id][$auth_field] = TRUE;
}
else if( $u_access[$i][$auth_field] != $value && !$u_access[$i]['group_single_user'] )
{ {
$update_acl_sql .= ($update_acl_sql != "") ? ", $auth_field = $value" : "$auth_field = $value"; $valid_auth_prv_sql_fld .= ", ";
}
}
} }
$valid_auth_acl_sql[$chg_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . " SET " . $update_acl_sql ." WHERE forum_id = $chg_forum_id AND group_id = $group_id"; if( $valid_auth_prv_sql_val != "" )
} // forum_id = forum_access
} // for ... forum_access
} // not_mod
$auth_exists = TRUE;
} // if forum ... chg_forum
} // for ... u_access
if($valid_auth_acl_sql[$chg_forum_id] == "" && !$auth_exists)
{ {
for($j = 0; $j < count($forum_access); $j++) $valid_auth_prv_sql_val .= ", ";
{ }
if( $chg_forum_id == $forum_access[$j]['forum_id'] && $value) $valid_auth_prv_sql_fld .= "$this_prv_field";
{ $valid_auth_prv_sql_val .= "$new_prv_status";
$valid_auth_acl_sql_val = "";
$valid_auth_acl_sql_fld = "";
for($k = 0; $k < count($forum_auth_fields); $k++) if($new_prv_status)
{ {
$auth_field = $forum_auth_fields[$k]; $all_zeroed = FALSE;
if( $forum_access[$j][$auth_field] == AUTH_ACL )
{
$valid_auth_acl_sql_fld .= ($valid_auth_acl_sql_fld != "") ? ", $auth_field" : "$auth_field";
$valid_auth_acl_sql_val .= ($valid_auth_acl_sql_val != "") ? ", $value" : "$value";
} }
} }
$valid_auth_acl_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_acl_sql_fld) VALUES ($chg_forum_id, $group_id, $valid_auth_acl_sql_val)"; if(!$all_zeroed)
} {
} $valid_auth_prv_sql[$this_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_prv_sql_fld) VALUES ($this_forum_id, $group_id, $valid_auth_prv_sql_val)";
}
} }
// print_r($valid_auth_acl_sql); $update_acl = TRUE;
// echo "<BR><BR>"; }
}
}
}
// //
// The next part requires that we know whether we're // Checks complete, make updates to DB
// updating an existing entry, inserting a new one or
// deleting an existing entry ... as well as what we're
// updating and with what value ...
//
//
// Checks complete, make updates
// //
while( list($chg_forum_id, $sql) = each($valid_auth_mod_sql) ) while( list($chg_forum_id, $sql) = each($valid_auth_mod_sql) )
{ {
@ -373,7 +467,7 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
} }
} }
while(list($chg_forum_id, $sql) = each($valid_auth_acl_sql)) while( list($chg_forum_id, $sql) = each($valid_auth_prv_sql) )
{ {
if( !empty($sql) ) if( !empty($sql) )
{ {
@ -384,7 +478,51 @@ if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_GROUPS_URL]))
} }
} }
//
// Any warnings?
//
$warning_list = "";
while( list($forum_id, $user_ary) = each($warning_mod_userid) )
{
for($i = 0; $i < count($user_ary); $i++)
{
if(!empty($valid_auth_mod_sql[$forum_id]))
{
$warning_list .= "<b><a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i] . "\">" . $warning_mod_username[$forum_id][$i] . "</a></b> has moderator status on <b>" . $warning_mod_frmname[$forum_id][$i] . "</b><br />";
}
}
}
while( list($forum_id, $user_ary) = each($warning_prv_userid) )
{
for($i = 0; $i < count($user_ary); $i++)
{
if(!empty($valid_auth_prv_sql[$forum_id]))
{
$warning_list .= "<b><a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_ary[$i] . "\">" . $warning_prv_username[$forum_id][$i] . "</a></b> has access status to <b>" . $warning_prv_frmname[$forum_id][$i] . "</b><br />";
}
}
}
if($warning_list != "")
{
$warning_list = "<br />The following user/s still have access/moderator rights to this forum via their user auth settings. You may want to alter the user authorisation/s to fully prevent them having access/moderator rights. The users granted rights are noted below.<br/><br/>" . $warning_list . "<br />Click <a href=\"admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id\">HERE</a> to return to group auth admin<br />";
$template_header = "admin/page_header.tpl";
include('page_header_admin.'.$phpEx);
$template->set_filenames(array(
"body" => "admin/admin_message_body.tpl")
);
$template->assign_vars(array(
"MESSAGE_TITLE" => "Authorisation Conflict Warning",
"MESSAGE_TEXT" => $warning_list)
);
}
else
{
header("Location: admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id"); header("Location: admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=$group_id");
}
} }
else if(empty($HTTP_GET_VARS[POST_GROUPS_URL])) else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
@ -397,15 +535,14 @@ else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
$sql = "SELECT group_id, group_name $sql = "SELECT group_id, group_name
FROM " . GROUPS_TABLE . " FROM " . GROUPS_TABLE . "
WHERE group_single_user <> 1"; WHERE group_single_user <> " . TRUE;
$u_result = $db->sql_query($sql); $g_result = $db->sql_query($sql);
$group_list = $db->sql_fetchrowset($g_result);
$user_list = $db->sql_fetchrowset($u_result);
$select_list = "<select name=\"" . POST_GROUPS_URL . "\">"; $select_list = "<select name=\"" . POST_GROUPS_URL . "\">";
for($i = 0; $i < count($user_list); $i++) for($i = 0; $i < count($group_list); $i++)
{ {
$select_list .= "<option value=\"" . $user_list[$i]['group_id'] . "\">" . $user_list[$i]['group_name'] . "</option>"; $select_list .= "<option value=\"" . $group_list[$i]['group_id'] . "\">" . $group_list[$i]['group_name'] . "</option>";
} }
$select_list .= "</select>"; $select_list .= "</select>";
@ -420,21 +557,25 @@ else if(empty($HTTP_GET_VARS[POST_GROUPS_URL]))
"L_USER_OR_GROUP" => "Group", "L_USER_OR_GROUP" => "Group",
"S_USERAUTH_ACTION" => append_sid("admin_groupauth.$phpEx"), "S_USERAUTH_ACTION" => append_sid("admin_groupauth.$phpEx"),
"S_USERS_SELECT" => $select_list, "S_USERS_SELECT" => $select_list)
"U_FORUMAUTH" => append_sid("admin_forumauth.$phpEx"))
); );
$template->pparse("body");
include('page_footer_admin.'.$phpEx);
} }
else
{
// //
// Front end // Front end
// //
$group_id = $HTTP_GET_VARS[POST_GROUPS_URL];
if( isset($HTTP_GET_VARS['adv']) )
{
$adv = $HTTP_GET_VARS['adv'];
}
else
{
$adv = FALSE;
}
$template_header = "admin/page_header.tpl"; $template_header = "admin/page_header.tpl";
include('page_header_admin.'.$phpEx); include('page_header_admin.'.$phpEx);
@ -442,9 +583,10 @@ $template->set_filenames(array(
"body" => "admin/ug_auth_body.tpl") "body" => "admin/ug_auth_body.tpl")
); );
$group_id = $HTTP_GET_VARS[POST_GROUPS_URL]; //
//
$sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_announce, f.auth_sticky //
$sql = "SELECT f.*
FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
WHERE c.cat_id = f.cat_id WHERE c.cat_id = f.cat_id
ORDER BY c.cat_order ASC, f.forum_order ASC"; ORDER BY c.cat_order ASC, f.forum_order ASC";
@ -452,7 +594,7 @@ $fa_result = $db->sql_query($sql);
$forum_access = $db->sql_fetchrowset($fa_result); $forum_access = $db->sql_fetchrowset($fa_result);
if($adv == -1) if( empty($adv) )
{ {
for($i = 0; $i < count($forum_access); $i++) for($i = 0; $i < count($forum_access); $i++)
{ {
@ -485,33 +627,35 @@ if($adv == -1)
} }
} }
} }
}
$sql = "SELECT u.user_id, u.username, g.group_id, g.group_name, g.group_single_user $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user
FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
WHERE g.group_id = $group_id WHERE g.group_id = $group_id
AND ug.group_id = g.group_id AND ug.group_id = g.group_id
AND u.user_id = ug.user_id"; AND u.user_id = ug.user_id";
$g_result = $db->sql_query($sql); $g_result = $db->sql_query($sql);
$groupinf = $db->sql_fetchrowset($g_result); $groupinf = $db->sql_fetchrowset($g_result);
$sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_mod $sql = "SELECT aa.*
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g FROM " . AUTH_ACCESS_TABLE . " aa, " . GROUPS_TABLE. " g
WHERE g.group_id = $group_id WHERE g.group_id = $group_id
AND aa.group_id = g.group_id AND aa.group_id = g.group_id
AND g.group_single_user <> " . TRUE; AND g.group_single_user = 0";
$au_result = $db->sql_query($sql); $ag_result = $db->sql_query($sql);
$num_u_access = $db->sql_numrows($au_result); $num_g_access = $db->sql_numrows($ag_result);
if($num_u_access)
if($num_g_access)
{ {
while($u_row = $db->sql_fetchrow($au_result)) while($g_row = $db->sql_fetchrow($ag_result))
{ {
$u_access[$u_row['forum_id']][] = $u_row; $g_access[$g_row['forum_id']][] = $g_row;
$num_forum_access[$u_row['forum_id']]++; $num_forum_access[$g_row['forum_id']]++;
} }
} }
$auth_group = array();
for($i = 0; $i < count($forum_access); $i++) for($i = 0; $i < count($forum_access); $i++)
{ {
$f_forum_id = $forum_access[$i]['forum_id']; $f_forum_id = $forum_access[$i]['forum_id'];
@ -525,87 +669,80 @@ if($adv == -1)
switch($value) switch($value)
{ {
case AUTH_ALL: case AUTH_ALL:
$auth_user[$f_forum_id][$key] = 1; $auth_group[$f_forum_id][$key] = 1;
break; break;
case AUTH_REG: case AUTH_REG:
$auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? 1 : 0; $auth_group[$f_forum_id][$key] = 1;
break; break;
case AUTH_ACL: case AUTH_ACL:
if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) if($num_forum_access[$f_forum_id])
{ {
$result = a_auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], 0); $result = a_auth_check_user(AUTH_ACL, $key, $g_access[$f_forum_id], 0);
$auth_user[$f_forum_id][$key] = $result['auth']; $auth_group[$f_forum_id][$key] = $result['auth'];
$auth_field_acl[$f_forum_id][$key] = $result['auth'];
} }
else else
{ {
$auth_user[$f_forum_id][$key] = 0; $auth_group[$f_forum_id][$key] = 0;
} }
break; break;
case AUTH_MOD: case AUTH_MOD:
if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) if($num_forum_access[$f_forum_id])
{ {
$result = a_auth_check_user(AUTH_MOD, $key, $u_access[$f_forum_id], 0); $result = a_auth_check_user(AUTH_MOD, $key, $g_access[$f_forum_id], 0);
$auth_user[$f_forum_id][$key] = $result['auth']; $auth_group[$f_forum_id][$key] = $result['auth'];
} }
else else
{ {
$auth_user[$f_forum_id][$key] = 0; $auth_group[$f_forum_id][$key] = 0;
} }
break; break;
case AUTH_ADMIN: case AUTH_ADMIN:
$auth_user[$f_forum_id][$key] = 0; $auth_group[$f_forum_id][$key] = 0;
break; break;
default: default:
$auth_user[$f_forum_id][$key] = 0; $auth_group[$f_forum_id][$key] = 0;
break; break;
} }
} }
// //
// Is user a moderator? // Is user a moderator?
// //
if($user_id != ANONYMOUS && $num_forum_access[$f_forum_id]) if($num_forum_access[$f_forum_id])
{ {
$result = a_auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], 0); $result = a_auth_check_user(AUTH_MOD, 'auth_mod', $g_access[$f_forum_id], 0);
$auth_user[$f_forum_id]['auth_mod'] = $result['auth']; $auth_group[$f_forum_id]['auth_mod'] = $result['auth'];
} }
else else
{ {
$auth_user[$f_forum_id][$key] = 0; $auth_group[$f_forum_id][$key] = 0;
} }
} }
while(list($forumkey, $user_ary) = each($auth_user))
{
$simple_auth[$forumkey] = 1;
while(list($fieldkey, $value) = each($user_ary))
{
$simple_auth[$forumkey] = $simple_auth[$forumkey] && $value;
}
}
reset($auth_user);
$i = 0; $i = 0;
if($adv == -1) while(list($forumkey, $group_ary) = each($auth_group))
{ {
while(list($forumkey, $user_ary) = each($auth_user)) if( empty($adv) )
{ {
if($basic_auth_level[$forumkey] == "private") if($basic_auth_level[$forumkey] == "private")
{ {
$allowed = 1; $allowed = 1;
for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++) for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++)
{ {
if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]]) if(!$group_ary[$basic_auth_level_fields[$forumkey][$j]])
{ {
$allowed = 0; $allowed = 0;
} }
} }
$optionlist_acl = "<select name=\"private[$forumkey]\">"; $optionlist_acl = "<select name=\"private[$forumkey]\">";
if($is_admin || $user_ary['auth_mod']) if( $auth_group['auth_mod'] )
{ {
$optionlist_acl .= "<option value=\"1\">Allowed Access</option>"; $optionlist_acl .= "<option value=\"1\">Allowed Access</option>";
} }
@ -623,15 +760,60 @@ if($adv == -1)
{ {
$optionlist_acl = "&nbsp;"; $optionlist_acl = "&nbsp;";
} }
$optionlist_mod = "<select name=\"moderator[$forumkey]\">";
if($user_ary['auth_mod'])
{
$optionlist_mod .= "<option value=\"1\" selected>Is a Moderator</option><option value=\"0\">Is not a Moderator</option>";
} }
else else
{ {
$optionlist_mod .= "<option value=\"1\">Is a Moderator</option><option value=\"0\" selected>Is not a Moderator</option>"; @reset($forum_access);
while(list($key, $forum_row) = each($forum_access))
{
$forum_id = $forum_row['forum_id'];
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$field_name = $forum_auth_fields[$j];
if( $forum_row[$field_name] == AUTH_ACL )
{
$optionlist_acl_adv[$forum_id][$j] = "<select name=\"" . $field_name . "[$forum_id]\">";
if( isset($auth_field_acl[$forum_id][$field_name]) && !$auth_group['auth_mod'] )
{
if(!$auth_field_acl[$forum_id][$field_name])
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option><option value=\"0\" selected>Off</option>";
}
else
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\" selected>On</option><option value=\"0\">Off</option>";
}
}
else
{
if( $auth_group['auth_mod'] )
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option>";
}
else
{
$optionlist_acl_adv[$forum_id][$j] .= "<option value=\"1\">On</option><option value=\"0\" selected>Off</option>";
}
}
$optionlist_acl_adv[$forum_id][$j] .= "</select>";
}
}
}
}
$optionlist_mod = "<select name=\"moderator[$forumkey]\">";
if($group_ary['auth_mod'])
{
$optionlist_mod .= "<option value=\"1\" selected>Moderator</option><option value=\"0\">Not Moderator</option>";
}
else
{
$optionlist_mod .= "<option value=\"1\">Moderator</option><option value=\"0\" selected>Not Moderator</option>";
} }
$optionlist_mod .= "</select>"; $optionlist_mod .= "</select>";
@ -643,15 +825,28 @@ if($adv == -1)
"U_FORUM_AUTH" => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']), "U_FORUM_AUTH" => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
"S_ACL_SELECT" => $optionlist_acl,
"S_MOD_SELECT" => $optionlist_mod) "S_MOD_SELECT" => $optionlist_mod)
); );
if(!$adv)
{
$template->assign_block_vars("forums.aclvalues", array(
"S_ACL_SELECT" => $optionlist_acl)
);
}
else
{
for($j = 0; $j < count($forum_auth_fields); $j++)
{
$template->assign_block_vars("forums.aclvalues", array(
"S_ACL_SELECT" => $optionlist_acl_adv[$forumkey][$j])
);
}
}
$i++; $i++;
} }
} @reset($auth_group);
reset($auth_user);
$t_groupname .= $groupinf[0]['group_name'];
for($i = 0; $i < count($groupinf); $i++) for($i = 0; $i < count($groupinf); $i++)
{ {
@ -659,41 +854,68 @@ if($adv == -1)
$user_id[] = $groupinf[$i]['user_id']; $user_id[] = $groupinf[$i]['user_id'];
} }
$t_groupname .= $groupinf[0]['group_name'];
if(count($username)) if(count($username))
{ {
$t_username_list = ""; $t_usergroup_list = "";
for($i = 0; $i < count($username); $i++)
for($i = 0; $i < count($groupinf); $i++)
{ {
$t_username_list .= "<a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id[$i] . "\">" . $username[$i] . "</a>"; $t_usergroup_list .= "<a href=\"admin_userauth.$phpEx?" . POST_USERS_URL . "=" . $user_id[$i] . "\">" . $username[$i] . "</a>";
if($i < count($username) - 1) if($i < count($username) - 1)
{ {
$t_username_list .= ", "; $t_usergroup_list .= ", ";
} }
} }
} }
else else
{ {
$t_username_list = "<b>Has no members</b>"; $t_usergroup_list = "None";
} }
$s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_GROUPS_URL . "\" value=\"$group_id\">"; $s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_GROUPS_URL . "\" value=\"$group_id\">";
$s_hidden_fields .= "<input type=\"hidden\" name=\"curadmin\" value=\"" . $is_admin ."\">";
$s_column_span = 2; // Two columns always present
if(!$adv)
{
$template->assign_block_vars("acltype", array(
"L_UG_ACL_TYPE" => "Simple Auth Setting")
);
$s_column_span++;
}
else
{
for($i = 0; $i < count($forum_auth_fields); $i++)
{
$template->assign_block_vars("acltype", array(
"L_UG_ACL_TYPE" => ucfirst(preg_replace("/auth_/", "", $forum_auth_fields[$i])))
);
$s_column_span++;
}
}
$switch_mode = "admin_groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id . "&adv=";
$switch_mode .= ( !$adv ) ? "1" : "0";
$switch_mode_text = ( !$adv ) ? "Advanced Mode" : "Simple Mode";
$u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
$template->assign_vars(array( $template->assign_vars(array(
"USERNAME" => $t_groupname, "USERNAME" => $t_groupname,
"USER_GROUP_MEMBERSHIPS" => "This group has the following members: $t_username_list", "USER_GROUP_MEMBERSHIPS" => "This group has the following members: $t_usergroup_list",
"L_USER_OR_GROUPNAME" => "Group name", "L_USER_OR_GROUPNAME" => "Group name",
"L_USER_OR_GROUP" => "Group", "L_USER_OR_GROUP" => "Group",
"U_USER_OR_GROUP" => append_sid("admin_groupauth.$phpEx"), "U_USER_OR_GROUP" => append_sid("admin_groupauth.$phpEx"),
"U_FORUMAUTH" => append_sid("admin_forumauth.$phpEx"), "U_SWITCH_MODE" => $u_switch_mode,
"S_COLUMN_SPAN" => $s_column_span,
"S_USER_AUTH_ACTION" => append_sid("admin_groupauth.$phpEx"), "S_USER_AUTH_ACTION" => append_sid("admin_groupauth.$phpEx"),
"S_HIDDEN_FIELDS" => $s_hidden_fields) "S_HIDDEN_FIELDS" => $s_hidden_fields)
); );
} // if adv == -1 }
$template->pparse("body"); $template->pparse("body");

2
phpBB/templates/PSO/admin/ug_auth_select_body.tpl
View file

@ -6,7 +6,7 @@
<th>Select a {L_USER_OR_GROUP}</th> <th>Select a {L_USER_OR_GROUP}</th>
</tr> </tr>
<tr><form method="get" action="{S_USERAUTH_ACTION}"> <tr><form method="get" action="{S_USERAUTH_ACTION}">
<td class="row1" align="center">{S_USERS_SELECT}&nbsp;&nbsp;<input type="submit" value="Look up User">&nbsp;</td> <td class="row1" align="center">{S_USERS_SELECT}&nbsp;&nbsp;<input type="submit" value="Look up {L_USER_OR_GROUP}">&nbsp;</td>
</form></tr> </form></tr>
</table></div> </table></div>