makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-07-25 19:38:53 +00:00
Code Issues Projects Releases Packages Wiki Activity

- sperate permissions from sessions

Browse source 
- added some comments to the auth class for better understanding
- revised some permission functions
- added option to negate permission check by prefixing option with a ! (for example checking for !f_read returns true if user is not able to read forum)
- used the new option for testing in ucp front


git-svn-id: file:///svn/phpbb/trunk@5423 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Meik Sievertsen 2006-01-04 07:51:04 +00:00
parent 17dc26e19b
commit d23a07dc7d
7 changed files with 496 additions and 383 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
phpBB/common.php
View file

@ -6,6 +6,7 @@
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
* Minimum Requirement: PHP 4.3.3
*/
// Remove the following line to enable this software, be sure you note what it
@ -77,6 +78,7 @@ require($phpbb_root_path . 'includes/acm/acm_main.' . $phpEx);
require($phpbb_root_path . 'includes/db/' . $dbms . '.' . $phpEx);
require($phpbb_root_path . 'includes/template.' . $phpEx);
require($phpbb_root_path . 'includes/session.' . $phpEx);
require($phpbb_root_path . 'includes/auth.' . $phpEx);
require($phpbb_root_path . 'includes/functions.' . $phpEx);
require($phpbb_root_path . 'includes/constants.' . $phpEx);

7
phpBB/includes/acp/acp_main.php
View file

@ -205,16 +205,17 @@ class acp_main
}
$post_count_ary = $auth->acl_getf('f_postcount');
$forum_read_ary = $auth->acl_getf('f_read');
$forum_ary = array();
foreach ($post_count_ary as $forum_id => $allowed)
{
if ($allowed['f_postcount'])
if ($allowed['f_postcount'] && $forum_read_ary[$forum_id]['f_read'])
{
$forum_ary[] = $forum_id;
}
}
if (!sizeof($forum_ary))
{
$db->sql_query('UPDATE ' . USERS_TABLE . ' SET user_posts = 0');

6
phpBB/includes/acp/acp_styles.php
View file

@ -1778,7 +1778,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
{
return false;
}
/*
if ($action != 'install')
{
@mkdir("{$phpbb_root_path}styles/$path", 0777);
@ -1789,7 +1789,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
$this->copy_files("$root_path$type", filelist("$root_path$type", '', '*'), "$path/$type");
}
}
*/
$sql_ary = array(
$mode . '_name' => $name,
$mode . '_copyright' => $copyright,
@ -1809,7 +1809,7 @@ pagination_sep = \'{PAGINATION_SEP}\'
case 'theme':
$sql_ary += array(
'theme_storedb' => (!is_writeable("{$phpbb_root_path}styles/$path/theme/stylesheet.css")) ? 1 : $store_db,
'theme_data' => ($store_db) ? (($root_path) ? str_replace('./', "styles/$path/theme/", implode('', file("$root_path/$type/stylesheet.css"))) : '') : '',
'theme_data' => ($store_db) ? (($root_path) ? str_replace('./', "styles/$path/theme/", implode('', file("$root_path/$mode/stylesheet.css"))) : '') : '',
'theme_mtime' => ($store_db) ? filemtime("{$phpbb_root_path}styles/$path/theme/stylesheet.css") : 0
);
break;

473
phpBB/includes/auth.php Normal file
View file

@ -0,0 +1,473 @@
<?php
/**
*
* @package phpBB3
* @version $Id$
* @copyright (c) 2005 phpBB Group
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
*
*/
/**
* @package phpBB3
* Permission/Auth class
*/
class auth
{
var $acl = array();
var $acl_options = array();
/**
* Init permissions
*/
function acl(&$userdata)
{
global $db, $cache;
$this->acl = array();
if (!($this->acl_options = $cache->get('acl_options')))
{
$sql = 'SELECT auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id';
$result = $db->sql_query($sql);
$global = $local = 0;
while ($row = $db->sql_fetchrow($result))
{
if ($row['is_global'])
{
$this->acl_options['global'][$row['auth_option']] = $global++;
}
if ($row['is_local'])
{
$this->acl_options['local'][$row['auth_option']] = $local++;
}
}
$db->sql_freeresult($result);
$cache->put('acl_options', $this->acl_options);
$this->acl_clear_prefetch();
$this->acl_cache($userdata);
}
else if (!trim($userdata['user_permissions']))
{
$this->acl_cache($userdata);
}
$user_permissions = explode("\n", $userdata['user_permissions']);
foreach ($user_permissions as $f => $seq)
{
if ($seq)
{
$i = 0;
while ($subseq = substr($seq, $i, 6))
{
if (!isset($this->acl[$f]))
{
$this->acl[$f] = '';
}
// We put the original bitstring into the acl array
$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
$i += 6;
}
}
}
return;
}
/**
* Look up an option
* if the option is prefixed with !, then the result becomes nagated
*/
function acl_get($opt, $f = 0)
{
static $cache;
if (!isset($cache))
{
$cache = array();
}
$negate = false;
if (strpos($opt, '!') === 0)
{
$negate = true;
$opt = substr($opt, 1);
}
if (!isset($cache[$f][$opt]))
{
// We combine the global/local option with an OR because some options are global and local.
// If the user has the global permission the local one is true too and vice versa
$cache[$f][$opt] = false;
// Is this option a global permission setting?
if (isset($this->acl_options['global'][$opt]))
{
if (isset($this->acl[0]))
{
$cache[$f][$opt] = $this->acl[0]{$this->acl_options['global'][$opt]};
}
}
// Is this option a local permission setting?
if (isset($this->acl_options['local'][$opt]))
{
if (isset($this->acl[$f]))
{
$cache[$f][$opt] |= $this->acl[$f]{$this->acl_options['local'][$opt]};
}
}
}
// Founder always has all global options set to true...
return ($negate) ? !$cache[$f][$opt] : $cache[$f][$opt];
}
/**
* Get forums with the specified permission setting
* if the option is prefixed with !, then the result becomes nagated
*
* @param clean true|false set to true if only values needs to be returned which are set/unset
*/
function acl_getf($opt, $clean = false)
{
static $cache;
$acl_f = array();
if (!isset($cache))
{
$cache = array();
}
$negate = false;
if (strpos($opt, '!') === 0)
{
$negate = true;
$opt = substr($opt, 1);
}
if (isset($this->acl_options['local'][$opt]))
{
foreach ($this->acl as $f => $bitstring)
{
// Skip global settings
if (!$f)
{
continue;
}
$allowed = (!isset($cache[$f][$opt])) ? $this->acl_get($opt, $f) : $cache[$f][$opt];
if (!$clean)
{
$acl_f[$f][$opt] = ($negate) ? !$allowed : $allowed;
}
else
{
if (($negate && !$allowed) || (!$negate && $allowed))
{
$acl_f[$f][$opt] = 1;
}
}
}
}
return $acl_f;
}
/**
* Get permission settings (more than one)
*/
function acl_gets()
{
$args = func_get_args();
$f = array_pop($args);
if (!is_numeric($f))
{
$args[] = $f;
$f = 0;
}
// alternate syntax: acl_gets(array('m_', 'a_'), $forum_id)
if (is_array($args[0]))
{
$args = $args[0];
}
$acl = 0;
foreach ($args as $opt)
{
$acl |= $this->acl_get($opt, $f);
}
return $acl;
}
/**
* Get permission listing based on user_id/options/forum_ids
*/
function acl_get_list($user_id = false, $opts = false, $forum_id = false)
{
$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
$auth_ary = array();
foreach ($hold_ary as $user_id => $forum_ary)
{
foreach ($forum_ary as $forum_id => $auth_option_ary)
{
foreach ($auth_option_ary as $auth_option => $auth_setting)
{
if ($auth_setting)
{
$auth_ary[$forum_id][$auth_option][] = $user_id;
}
}
}
}
return $auth_ary;
}
/**
* Get raw group based permission settings
function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)
{
global $db;
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_opts = ($opts !== false) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')') : '';
$hold_ary = array();
// Grab group settings...
$sql = 'SELECT a.group_id, ao.auth_option, a.forum_id, a.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
return $hold_ary;
}
*/
/**
* Cache data to user_permissions row
*/
function acl_cache(&$userdata)
{
global $db;
// Empty user_permissions
$userdata['user_permissions'] = '';
$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
if (isset($hold_ary[$userdata['user_id']]))
{
$hold_ary = $hold_ary[$userdata['user_id']];
}
// Key 0 in $hold_ary are global options, all others are forum_ids
// If this user is founder we're going to force fill the admin options ...
if ($userdata['user_type'] == USER_FOUNDER)
{
foreach ($this->acl_options['global'] as $opt => $id)
{
if (strpos($opt, 'a_') === 0)
{
$hold_ary[0][$opt] = 1;
}
}
}
$hold_str = '';
if (sizeof($hold_ary))
{
ksort($hold_ary);
$last_f = 0;
foreach ($hold_ary as $f => $auth_ary)
{
$ary_key = (!$f) ? 'global' : 'local';
$bitstring = array();
foreach ($this->acl_options[$ary_key] as $opt => $id)
{
if (isset($auth_ary[$opt]))
{
$bitstring[$id] = 1;
$option_key = substr($opt, 0, strpos($opt, '_') + 1);
// If one option is allowed, the global permission for this option has to be allowed too
// example: if the user has the a_ permission this means he has one or more a_* permissions
if (!isset($bitstring[$this->acl_options[$ary_key][$option_key]]) || !$bitstring[$this->acl_options[$ary_key][$option_key]])
{
$bitstring[$this->acl_options[$ary_key][$option_key]] = 1;
}
}
else
{
$bitstring[$id] = 0;
}
}
// Now this bitstring defines the permission setting for the current forum $f (or global setting)
$bitstring = implode('', $bitstring);
// The line number indicates the id, therefore we have to add empty lines for those ids not present
$hold_str .= str_repeat("\n", $f - $last_f);
// Convert bitstring for storage - we do not use binary/bytes because PHP's string functions are not fully binary safe
for ($i = 0; $i < strlen($bitstring); $i += 31)
{
$hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT);
}
$last_f = $f;
}
unset($bitstring);
$userdata['user_permissions'] = rtrim($hold_str);
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "'
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
}
unset($hold_ary);
return;
}
/**
* Clear one or all users cached permission settings
*/
function acl_clear_prefetch($user_id = false)
{
global $db;
$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = ''
$where_sql";
$db->sql_query($sql);
return;
}
/**
* Get raw acl data based on user/option/forum
*/
function acl_raw_data($user_id = false, $opts = false, $forum_id = false)
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_opts = ($opts !== false) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^\s*(.*)\s*$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')') : '';
$hold_ary = array();
// First grab user settings ... each user has only one setting for each
// option ... so we shouldn't need any ACL_NO checks ... he says ...
$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting
FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
AND a.group_id = ug.group_id
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
{
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
}
$db->sql_freeresult($result);
return $hold_ary;
}
/**
* Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
* @todo replace this with a new system
*/
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
global $config, $db, $user, $phpbb_root_path, $phpEx;
$method = trim($config['auth_method']);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'login_' . $method;
if (function_exists($method))
{
$login = $method($username, $password);
// If login returned anything other than an array there was an error
if (!is_array($login))
{
/**
* @todo Login Attempt++
*/
return $login;
}
return $user->session_create($login['user_id'], $admin, $autologin, $viewonline);
}
}
trigger_error('Authentication method not found', E_USER_ERROR);
}
}
?>

362
phpBB/includes/session.php
View file

@ -1094,364 +1094,4 @@ class user extends session
}
}
class auth
{
var $founder = false;
var $acl = array();
var $option = array();
var $acl_options = array();
function acl(&$userdata)
{
global $db, $cache;
if (!($this->acl_options = $cache->get('acl_options')))
{
$sql = 'SELECT auth_option, is_global, is_local
FROM ' . ACL_OPTIONS_TABLE . '
ORDER BY auth_option_id';
$result = $db->sql_query($sql);
$global = $local = 0;
while ($row = $db->sql_fetchrow($result))
{
if (!empty($row['is_global']))
{
$this->acl_options['global'][$row['auth_option']] = $global++;
}
if (!empty($row['is_local']))
{
$this->acl_options['local'][$row['auth_option']] = $local++;
}
}
$db->sql_freeresult($result);
$cache->put('acl_options', $this->acl_options);
$this->acl_clear_prefetch();
$this->acl_cache($userdata);
}
else if (!trim($userdata['user_permissions']))
{
$this->acl_cache($userdata);
}
foreach (explode("\n", $userdata['user_permissions']) as $f => $seq)
{
if ($seq)
{
$i = 0;
while ($subseq = substr($seq, $i, 6))
{
if (!isset($this->acl[$f]))
{
$this->acl[$f] = '';
}
$this->acl[$f] .= str_pad(base_convert($subseq, 36, 2), 31, 0, STR_PAD_LEFT);
$i += 6;
}
}
}
return;
}
// Look up an option
function acl_get($opt, $f = 0)
{
static $cache;
if (!isset($cache[$f][$opt]))
{
$cache[$f][$opt] = false;
if (isset($this->acl_options['global'][$opt]))
{
if (isset($this->acl[0]))
{
$cache[$f][$opt] = $this->acl[0]{$this->acl_options['global'][$opt]};
}
}
if (isset($this->acl_options['local'][$opt]))
{
if (isset($this->acl[$f]))
{
$cache[$f][$opt] |= $this->acl[$f]{$this->acl_options['local'][$opt]};
}
}
}
// Needs to change ... check founder status when updating cache?
return $cache[$f][$opt];
}
function acl_getf($opt)
{
static $cache;
if (isset($this->acl_options['local'][$opt]))
{
foreach ($this->acl as $f => $bitstring)
{
if (!isset($cache[$f][$opt]))
{
$cache[$f][$opt] = false;
$cache[$f][$opt] = $bitstring{$this->acl_options['local'][$opt]};
if (isset($this->acl_options['global'][$opt]))
{
$cache[$f][$opt] |= $this->acl[0]{$this->acl_options['global'][$opt]};
}
}
}
}
return $cache;
}
function acl_gets()
{
$args = func_get_args();
$f = array_pop($args);
if (!is_numeric($f))
{
$args[] = $f;
$f = 0;
}
// alternate syntax: acl_gets(array('m_', 'a_'), $forum_id)
if (is_array($args[0]))
{
$args = $args[0];
}
$acl = 0;
foreach ($args as $opt)
{
$acl |= $this->acl_get($opt, $f);
}
return $acl;
}
function acl_get_list($user_id = false, $opts = false, $forum_id = false)
{
$hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id);
$auth_ary = array();
foreach ($hold_ary as $user_id => $forum_ary)
{
foreach ($forum_ary as $forum_id => $auth_option_ary)
{
foreach ($auth_option_ary as $auth_option => $auth_setting)
{
if ($auth_setting == ACL_YES)
{
$auth_ary[$forum_id][$auth_option][] = $user_id;
}
}
}
}
return $auth_ary;
}
// Cache data
function acl_cache(&$userdata)
{
global $db;
$hold_ary = $this->acl_raw_data($userdata['user_id'], false, false);
$hold_ary = $hold_ary[$userdata['user_id']];
// If this user is founder we're going to force fill the admin options ...
if ($userdata['user_type'] == USER_FOUNDER)
{
foreach ($this->acl_options['global'] as $opt => $id)
{
if (strpos($opt, 'a_') !== false)
{
$hold_ary[0][$opt] = 1;
}
}
}
$hold_str = '';
if (is_array($hold_ary))
{
ksort($hold_ary);
$last_f = 0;
foreach ($hold_ary as $f => $auth_ary)
{
$ary_key = (!$f) ? 'global' : 'local';
$bitstring = array();
foreach ($this->acl_options[$ary_key] as $opt => $id)
{
if (!empty($auth_ary[$opt]))
{
$bitstring[$id] = 1;
$option_key = substr($opt, 0, strpos($opt, '_') + 1);
if (empty($holding[$this->acl_options[$ary_key][$option_key]]))
{
$bitstring[$this->acl_options[$ary_key][$option_key]] = 1;
}
}
else
{
$bitstring[$id] = 0;
}
}
$bitstring = implode('', $bitstring);
$hold_str .= str_repeat("\n", $f - $last_f);
for ($i = 0; $i < strlen($bitstring); $i += 31)
{
$hold_str .= str_pad(base_convert(str_pad(substr($bitstring, $i, 31), 31, 0, STR_PAD_RIGHT), 2, 36), 6, 0, STR_PAD_LEFT);
}
$last_f = $f;
}
unset($bitstring);
$userdata['user_permissions'] = rtrim($hold_str);
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "'
WHERE user_id = " . $userdata['user_id'];
$db->sql_query($sql);
}
unset($hold_ary);
return;
}
function acl_raw_data($user_id = false, $opts = false, $forum_id = false)
{
global $db;
$sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : 'user_id IN (' . implode(', ', $user_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_opts = ($opts !== false) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')') : '';
$hold_ary = array();
// First grab user settings ... each user has only one setting for each
// option ... so we shouldn't need any ACL_NO checks ... he says ...
$sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
' . (($sql_user) ? 'AND a.' . $sql_user : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
// Now grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
$sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, a.auth_setting
FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
AND a.group_id = ug.group_id
' . (($sql_user) ? 'AND ug.' . $sql_user : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] != ACL_NO))
{
$hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
}
$db->sql_freeresult($result);
return $hold_ary;
}
function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false)
{
global $db;
$sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : 'group_id IN (' . implode(', ', $group_id) . ')') : '';
$sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND a.forum_id IN (' . implode(', ', $forum_id) . ')') : '';
$sql_opts = ($opts !== false) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . \$db->sql_escape('\\1') . \"'\"", $opts)) . ')') : '';
$hold_ary = array();
// Grab group settings ... ACL_NO overrides ACL_YES so act appropriatley
$sql = 'SELECT a.group_id, ao.auth_option, a.forum_id, a.auth_setting
FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a
WHERE ao.auth_option_id = a.auth_option_id
' . (($sql_group) ? 'AND a.' . $sql_group : '') . "
$sql_forum
$sql_opts
ORDER BY a.forum_id, ao.auth_option";
$result = $db->sql_query($sql);
while ($row = $db->sql_fetchrow($result))
{
$hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting'];
}
$db->sql_freeresult($result);
return $hold_ary;
}
// Clear one or all users cached permission settings
function acl_clear_prefetch($user_id = false)
{
global $db;
$where_sql = ($user_id !== false) ? ' WHERE user_id ' . ((is_array($user_id)) ? ' IN (' . implode(', ', array_map('intval', $user_id)) . ')' : " = $user_id") : '';
$sql = 'UPDATE ' . USERS_TABLE . "
SET user_permissions = ''
$where_sql";
$db->sql_query($sql);
return;
}
// @todo replace this with a new system
// Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him.
function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0)
{
global $config, $db, $user, $phpbb_root_path, $phpEx;
$method = trim($config['auth_method']);
if (file_exists($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx))
{
include_once($phpbb_root_path . 'includes/auth/auth_' . $method . '.' . $phpEx);
$method = 'login_' . $method;
if (function_exists($method))
{
$login = $method($username, $password);
// If login returned anything other than an array there was an error
if (!is_array($login))
{
// TODO: Login Attempt++
return $login;
}
return $user->session_create($login['user_id'], $admin, $autologin, $viewonline);
}
}
trigger_error('Authentication method not found', E_USER_ERROR);
}
}
?>
?>

25
phpBB/includes/ucp/ucp_main.php
View file

@ -53,23 +53,15 @@ class ucp_main
$folder = 'folder_announce';
$folder_new = $folder . '_new';
// Determine first forum the user is able to read into - for global announcement link
$forum_ary = $auth->acl_getf('f_read');
$g_forum_id = 0;
foreach ($forum_ary as $forum_id => $allowed)
{
if (!$allowed['f_read'])
{
unset($forum_ary[$forum_id]);
}
}
// Get cleaned up list... return only those forums not having the f_read permission
$forum_ary = $auth->acl_getf('!f_read', true);
$forum_ary = array_unique(array_keys($forum_ary));
// Determine first forum the user is able to read into - for global announcement link
$sql = 'SELECT forum_id
FROM ' . FORUMS_TABLE . '
WHERE forum_type = ' . FORUM_POST . '
AND forum_id IN (' . implode(', ', $forum_ary) . ')';
AND forum_id NOT IN (' . implode(', ', $forum_ary) . ')';
$result = $db->sql_query_limit($sql, 1);
$g_forum_id = (int) $db->sql_fetchfield('forum_id', 0, $result);
$db->sql_freeresult($result);
@ -140,19 +132,20 @@ class ucp_main
);
}
$post_count_ary = $auth->acl_getf('f_postcount');
$post_count_ary = $auth->acl_getf('!f_postcount');
$forum_read_ary = $auth->acl_getf('!f_read');
$forum_ary = array();
foreach ($post_count_ary as $forum_id => $allowed)
{
if ($allowed['f_read'] && $allowed['f_postcount'])
if ($allowed['f_postcount'] || $forum_read_ary[$forum_id]['f_read'])
{
$forum_ary[] = $forum_id;
}
}
$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id IN (' . implode(', ', $forum_ary) . ')' : '';
unset($forum_ary, $post_count_ary);
$post_count_sql = (sizeof($forum_ary)) ? 'AND f.forum_id NOT IN (' . implode(', ', $forum_ary) . ')' : '';
unset($forum_ary, $post_count_ary, $forum_read_ary);
if ($post_count_sql)
{

4
phpBB/memberlist.php
View file

@ -320,6 +320,10 @@ switch ($mode)
$member['session_viewonline'] = (isset($row['session_viewonline'])) ? $row['session_viewonline'] : 0;
unset($row);
/**
* @todo check for f_read and check the reasoning why $auth2 is not used for determining the active topics
*/
// Obtain list of forums where this users post count is incremented
$auth2 = new auth();
$auth2->acl($member);