acl_get('a_auth')) ? $filename . $SID . '&mode=forum' : ''; $module['FORUM']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=mod' : ''; $module['FORUM']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=supermod' : ''; $module['FORUM']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? $filename . $SID . '&mode=admin' : ''; $module['USER']['PERMISSIONS'] = ($auth->acl_get('a_authusers')) ? $filename . $SID . '&mode=user' : ''; $module['GROUP']['PERMISSIONS'] = ($auth->acl_get('a_authgroups')) ? $filename . $SID . '&mode=group' : ''; return; } define('IN_PHPBB', 1); // Include files $phpbb_root_path = '../'; require($phpbb_root_path . 'extension.inc'); require('pagestart.' . $phpEx); // Grab and set some basic parameters // // 'mode' determines what we're altering; administrators, users, deps, etc. // 'type' is used primarily for deps and contains the original 'mode' // 'submit' is used to determine what we're doing ... special format $mode = (isset($_REQUEST['mode'])) ? htmlspecialchars($_REQUEST['mode']) : ''; $type = (isset($_REQUEST['type'])) ? htmlspecialchars($_REQUEST['type']) : ''; $submit = array_values(preg_grep('#^submit_(.*)$#i', array_keys($_POST))); $submit = (sizeof($submit)) ? substr($submit[0], strpos($submit[0], '_') + 1) : ''; // Submitted setting data // // 'auth_settings' contains the submitted option settings assigned to options, should be an // associative array with integer values // 'auth_setting' contains the value of the submitted 'auth_option', an integer value used // mainly by deps mode // 'auth_option' contains a single auth_option string, used mainly by deps mode $auth_settings = (isset($_POST['settings'])) ? array_map('intval', $_POST['settings']) : ''; $auth_option = (isset($_REQUEST['option'])) ? htmlspecialchars($_REQUEST['option']) : ''; $auth_setting = (isset($_REQUEST['setting'])) ? intval($_REQUEST['setting']) : ''; // Forum, User or Group information // // 'ug_type' is either user or groups used mainly for forum/admin/mod permissions // 'ug_data' contains the list of usernames, user_id's or group_ids for the 'ug_type' // 'forum_id' contains the list of forums, 0 is used for "All forums", can be array or scalar $ug_type = (isset($_REQUEST['ug_type'])) ? htmlspecialchars($_REQUEST['ug_type']) : ''; $ug_data = (isset($_POST['ug_data'])) ? $_POST['ug_data'] : ''; $forum_id = (isset($_REQUEST['f'])) ? ((is_array($_REQUEST['f'])) ? array_map('intval', $_REQUEST['f']) : intval($_REQUEST['f'])) : 0; // Instantiate a new auth admin object in readiness $auth_admin = new auth_admin(); // What mode are we running? So we can output the correct title, explanation // and set the sql_option_mode/acl check switch ($mode) { case 'forum': $l_title = $user->lang['PERMISSIONS']; $l_title_explain = $user->lang['PERMISSIONS_EXPLAIN']; $which_acl = 'a_auth'; $sql_option_mode = 'f'; break; case 'mod': $l_title = $user->lang['MODERATORS']; $l_title_explain = $user->lang['MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'supermod': $l_title = $user->lang['SUPER_MODERATORS']; $l_title_explain = $user->lang['SUPER_MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'admin': $l_title = $user->lang['ADMINISTRATORS']; $l_title_explain = $user->lang['ADMINISTRATORS_EXPLAIN']; $which_acl = 'a_authadmins'; $sql_option_mode = 'a'; break; case 'user': $l_title = $user->lang['USER_PERMISSIONS']; $l_title_explain = $user->lang['USER_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authusers'; $sql_option_mode = 'u'; break; case 'group': $l_title = $user->lang['GROUP_PERMISSIONS']; $l_title_explain = $user->lang['GROUP_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authgroups'; $sql_option_mode = 'u'; break; case 'deps': $l_title = $user->lang['DEPENDENCIES']; $l_title_explain = $user->lang['DEPENDENCIES_EXPLAIN']; $which_acl = 'a_authdeps'; break; } // Permission check if (!$auth->acl_get($which_acl)) { trigger_error($user->lang['NO_ADMIN']); } // Are we setting deps? If we are we need to re-run the mode match above for the // relevant 'new' mode if ($mode == 'deps') { switch ($type) { case 'mod': case 'supermod': $which_acl = 'a_authmods'; $sql_option_mode = 'm'; break; case 'admin': $which_acl = 'a_authadmins'; $sql_option_mode = 'a'; break; } // Permission check if (!$auth->acl_get($which_acl)) { trigger_error($user->lang['NO_ADMIN']); } } // Does user want to update anything? Check here to find out // and act appropriately switch ($submit) { case 'update': switch ($mode) { case 'deps': $forum_id = (!is_array($forum_id)) ? array($forum_id) : $forum_id; $auth_settings_ary = $db->sql_escape(serialize($auth_settings)); $sql = ''; foreach ($forum_id as $id) { switch (SQL_LAYER) { case 'mysql': case 'mysql4': $sql .= (($sql != '') ? ', ' : '') . "('$option', $auth_setting, $id, '$auth_settings_ary')"; break; case 'mssql': $sql .= (($sql != '') ? ' UNION ALL ' : '') . " SELECT '$option', $auth_setting, $id, '$auth_settings_ary'"; break; default: $sql = "INSERT INTO " . ACL_DEPS_TABLE . " (auth_option, auth_setting, forum_id, auth_deps) VALUES ('$option', $auth_setting, $id, '$auth_settings_ary')"; $result = $db->sql_query($sql); $sql = ''; } } if ($sql != '') { echo $sql = "INSERT INTO " . ACL_DEPS_TABLE . " (auth_option, auth_setting, forum_id, auth_deps) VALUES $sql"; $result = $db->sql_query($sql); } unset($auth_settings_ary); exit; break; default: // User wants to submit these changes ... before we allow this // we first check to see if any dependencies exist. If they do // we pull them, and give the user the option of applying them // or skipping them $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', $forum_id) . ')' : ' = ' . $forum_id; $sql_dep = $sql_global = array(); foreach ($auth_settings as $option => $setting) { $sql_dep[$setting] .= (($sql_dep[$setting] != '') ? ', ' : '') . "'$option'"; } $sql_options = ''; foreach ($sql_dep as $setting => $options) { $sql_options .= (($sql_options != '') ? ' OR ' : '') . " (auth_option IN ($options) AND auth_setting = $setting)"; } $sql = "SELECT auth_deps FROM " . ACL_DEPS_TABLE . " WHERE $sql_options"; // AND forum_id $sql_forum"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $temp = unserialize($row['auth_deps']); foreach ($temp as $option => $setting) { $auth_settings[$option] = (!isset($auth_settings[$option]) || $setting < $auth_settings[$option]) ? $setting : $auth_settings[$option]; } } while ($row = $db->sql_fetchrow($result)); unset($temp); unset($option); unset($setting); unset($sql_auth_option); $sql_option_mode = 'f'; } $db->sql_freeresult($result); //print_r($auth_settings); //echo "HERE :: UPDATE ACLS"; /* // Admin wants subforums to inherit permissions ... so handle this if (!empty($_POST['inherit'])) { array_push($_POST['inherit'], $forum_id); $forum_id = $_POST['inherit']; } foreach ($ug_data as $id) { $auth_admin->acl_set($ug_type, $forum_id, $id, $auth_settings); } cache_moderators(); trigger_error($user->lang['AUTH_UPDATED']); */ } break; case 'delete': echo "HERE :: DELETE"; exit; switch ($mode) { case 'deps': break; default: /* $option_ids = false; if (!empty($settings) { $sql = "SELECT auth_option_id FROM " . ACL_OPTIONS_TABLE . " WHERE auth_option LIKE '" . $settings['option'] . "_%'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $option_ids = array(); do { $option_ids[] = $row['auth_option_id']; } while($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); } foreach ($_POST['ug_id'] as $id) { $auth_admin->acl_delete($_POST['type'], $forum_id, $id, $option_ids); } cache_moderators(); trigger_error($user->lang['AUTH_UPDATED']);*/ break; } break; case 'presetsave': $holding_ary = array(); foreach ($auth_settings as $option => $setting) { switch ($setting) { case ACL_YES: $holding_ary['yes'][] = $option; break; case ACL_NO: $holding_ary['no'][] = $option; break; case ACL_UNSET: $holding_ary['unset'][] = $option; break; } } unset($option); unset($setting); $sql = array( 'preset_user_id'=> intval($user->data['user_id']), 'preset_type' => $sql_option_mode, 'preset_data' => $db->sql_escape(serialize($holding_ary)) ); if (!empty($_POST['presetname'])) { $sql['preset_name'] = $db->sql_escape($_POST['presetname']); } if (!empty($_POST['presetname']) || $_POST['presetoption'] != -1) { $sql = ($_POST['presetoption'] == -1) ? 'INSERT INTO ' . ACL_PRESETS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql) : 'UPDATE ' . ACL_PRESETS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql) . ' WHERE preset_id =' . intval($_POST['presetoption']); $db->sql_query($sql); } break; case 'presetdel': if (!empty($_POST['presetoption'])) { $sql = "DELETE FROM " . ACL_PRESETS_TABLE . " WHERE preset_id = " . intval($_POST['presetoption']); $db->sql_query($sql); } break; } // End update // Output page header page_header($l_title); // First potential form ... this is for selecting forums, users // or groups. if (($mode == 'user' || $mode == 'group' || $mode == 'forum' || $mode == 'mod') && empty($submit)) { ?>

">sql_query($sql); $group_options = ''; if ($row = $db->sql_fetchrow($result)) { do { $group_options .= (($group_options != '') ? ', ' : '') . ''; } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); ?>
lang['LOOK_UP_FORUM']; ?>
    
lang['LOOK_UP_USER']; ?>
', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" />
lang['LOOK_UP_GROUP']; ?>
    

lang['USERS']; ?>

lang['GROUPS']; ?>
">sql_query($sql); $users = ''; while ($row = $db->sql_fetchrow($result)) { $users .= ''; } $db->sql_freeresult($result); ?>
lang['MANAGE_USERS']; ?>
 
">sql_query($sql); $groups = ''; while ($row = $db->sql_fetchrow($result)) { $groups .= ''; } $db->sql_freeresult($result); $sql = "SELECT group_id, group_name FROM " . GROUPS_TABLE . " ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); $group_list = ''; while ($row = $db->sql_fetchrow($result)) { $group_list .= ''; } $db->sql_freeresult($result); ?>
lang['MANAGE_GROUPS']; ?>
 
">
lang['ADD_USERS']; ?>
    &mode=searchuser&form=2&field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" />
">
lang['ADD_GROUPS']; ?>
 
lang['NO_MODE']); } // Grab the forum details if non-zero forum_id if ($forum_id != 0) { $forum_data = array(); $sql = 'SELECT forum_id, forum_name, parent_id FROM ' . FORUMS_TABLE . ' WHERE forum_id'; $sql .= (is_array($forum_id)) ? ' IN (' . implode(', ', $forum_id) . ')' : ' = ' . $forum_id; $result = $db->sql_query($sql); if (!($forum_data = $db->sql_fetchrow($result))) { trigger_error($user->lang['NO_FORUM']); } $db->sql_freeresult($result); } // Grab relevant user or group information $ug_ids = $ug_names = $ug_hidden = ''; if ($mode != 'deps') { $l_no_error = ''; switch ($ug_type) { case 'user': $l_no_error = $user->lang['NO_USER']; $sql = 'SELECT user_id AS id, username AS name FROM ' . USERS_TABLE . ' WHERE user_id'; $sql .= (is_array($ug_data)) ? ' IN (' . implode(', ', $ug_data) . ')' : ' = ' . $ug_data; break; case 'username': $l_no_error = $user->lang['NO_USER']; $sql = 'SELECT user_id AS id, username AS name FROM ' . USERS_TABLE . ' WHERE username'; $sql .= (is_array($ug_data)) ? ' IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#', "'\\1'", $ug_data)) . ')' : ' = ' . "'" . trim($ug_data) . "'"; break; case 'group': $l_no_error = $user->lang['NO_GROUP']; $sql = 'SELECT group_id AS id, group_name AS name FROM ' . GROUPS_TABLE . ' WHERE group_id'; $sql .= (is_array($ug_data)) ? ' IN (' . implode(', ', $ug_data) . ')' : ' = ' . $ug_data; break; } $result = $db->sql_query($sql); if (!$row = $db->sql_fetchrow($result)) { trigger_error($l_no_error); } unset($l_no_error); unset($ug_data); // Store the user_ids and names for later use do { $ug_names .= (($ug_names != '') ? ', ' : '') . $row['name']; $ug_ids .= (($ug_ids != '') ? ', ' : '') . $row['id']; $ug_hidden .= ''; } while ($row = $db->sql_fetchrow($result)); $db->sql_freeresult($result); } // Grab the list of options ... if we're in deps mode we want all options, // else we skip the master options $sql_founder = ($user->data['user_founder']) ? ' AND founder_only <> 1' : ''; $sql_limit_option = ($mode == 'deps') ? '' : "AND auth_option <> '" . $sql_option_mode . "_'"; $sql = "SELECT auth_option_id, auth_option FROM " . ACL_OPTIONS_TABLE . " WHERE auth_option LIKE '" . $sql_option_mode . "_%' $sql_limit_option $sql_founder"; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[] = $row; } $db->sql_freeresult($result); unset($sql_limit_option); // Now we'll build a list of preset options ... $preset_options = $preset_js = $preset_update_options = ''; $holding = array(); // Do we have a parent forum? If so offer option to inherit from that if ($forum_data['parent_id'] != 0) { switch ($ug_type) { case 'group': $sql = "SELECT o.auth_option, a.auth_setting FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_option LIKE '" . $sql_option_mode . "_%' AND a.auth_option_id = o.auth_option_id AND a.forum_id = " . $forum_data['parent_id'] . " AND a.group_id IN ($ug_ids)"; break; case 'user': $sql = "SELECT o.auth_option, a.auth_setting FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_option LIKE '" . $sql_option_mode . "_%' AND a.auth_option_id = o.auth_option_id AND a.forum_id = " . $forum_data['parent_id'] . " AND a.user_id IN ($ug_ids)"; break; } $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { switch ($row['auth_setting']) { case ACL_YES: $holding['allow'] .= $row['auth_option'] . ', '; break; case ACL_NO: $holding['deny'] .= $row['auth_option'] . ', '; break; case ACL_UNSET: $holding['inherit'] .= $row['auth_option'] . ', '; break; } } while ($row = $db->sql_fetchrow($result)); $preset_options .= ''; $preset_js .= "\tpresets['preset_0'] = new Array();" . "\n"; $preset_js .= "\tpresets['preset_0'] = new preset_obj('" . $holding['allow'] . "', '" . $holding['deny'] . "', '" . $holding['inherit'] . "');\n"; } $db->sql_freeresult($result); } // Look for custom presets $sql = "SELECT preset_id, preset_name, preset_data FROM " . ACL_PRESETS_TABLE . " WHERE preset_type = '" . (($mode == 'deps') ? 'f' : $sql_option_mode) . "' ORDER BY preset_id ASC"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $preset_update_options .= ''; $preset_options .= ''; $preset_data = unserialize($row['preset_data']); foreach ($preset_data as $preset_type => $preset_type_ary) { $holding[$preset_type] = ''; foreach ($preset_type_ary as $preset_option) { $holding[$preset_type] .= "$preset_option, "; } } $preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new Array();" . "\n"; $preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new preset_obj('" . $holding['yes'] . "', '" . $holding['no'] . "', '" . $holding['unset'] . "');\n"; } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); unset($holding); // If we aren't looking @ deps then we try and grab existing sessions for // the given forum and user/group if ($mode != 'deps' && $auth_settings == '') { switch ($ug_type) { case 'group': $sql_table = ACL_GROUPS_TABLE . ' a '; $sql_join = 'a.group_id'; break; case 'user': $sql_table = ACL_USERS_TABLE . ' a, '; $sql_join = 'a.user_id';; break; } $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', $forum_id) . ')' : ' = ' . $forum_id; $sql = "SELECT o.auth_option, MIN(a.auth_setting) AS min_auth_setting FROM $sql_table, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_option LIKE '" . $sql_option_mode . "_%' AND a.auth_option_id = o.auth_option_id AND a.forum_id $sql_forum AND $sql_join IN ($ug_ids) GROUP BY o.auth_option"; $result = $db->sql_query($sql); $auth_settings = array(); while ($row = $db->sql_fetchrow($result)) { $auth_settings[$row['auth_option']] = $row['min_auth_setting']; } $db->sql_freeresult($result); } else if ($mode == 'deps') { $sql_forum = (is_array($forum_id)) ? ' IN (' . implode(', ', $forum_id) . ')' : ' = ' . $forum_id; $sql_auth_option = (preg_match('#^[a-z]_$#', $auth_option)) ? " LIKE '$auth_option%'" : " IN ('" . $auth_option . "', '$sql_option_mode')"; $sql = "SELECT auth_deps FROM " . ACL_DEPS_TABLE . " WHERE auth_option $sql_auth_option AND forum_id $sql_forum AND auth_setting = $auth_setting"; $result = $db->sql_query($sql); $auth_settings = (!isset($auth_settings)) ? array() : $auth_settings; while ($row = $db->sql_fetchrow($result)) { $temp = unserialize($row['auth_deps']); foreach ($temp as $option => $setting) { $auth_settings[$option] = (!isset($auth_settings[$option]) || $setting < $auth_settings[$option]) ? $setting : $auth_settings[$option]; } } $db->sql_freeresult($result); unset($temp); unset($option); unset($setting); unset($sql_auth_option); } ?>

Warning!

A number of dependencies have been set for the changes you have requested. You can skip setting these dependences if you wish by clicking the appropriate checkbox. You can also modify the dependencies as required. Clicking update will commit your previous setting changes and those listed below (unless you choose to skip them).

">
">' . ((!empty($user->lang['acl_' . $option['auth_option']])) ? $user->lang['acl_' . $option['auth_option']] : (($option['auth_option'] == $sql_option_mode . '_') ? 'Any option' : ucfirst(preg_replace('#.*?_#', '', $option['auth_option'])))) . ''; } unset($auth_options); unset($option); // Define the Yes, No, Unset selections $values = array(ACL_NO => $user->lang['NO'], ACL_YES => $user->lang['YES'], ACL_UNSET => $user->lang['UNSET']); foreach ($values as $value => $option) { $dep_auth_values .= ''; } unset($values); unset($option); // We've grabbed the list of options for this mode now we need to // grab the list of options we can set dependencies for $founder_sql = ($user->data['user_founder']) ? ' AND founder_only <> 1' : ''; $sql = "SELECT auth_option FROM " . ACL_OPTIONS_TABLE . " WHERE auth_option LIKE 'f_%' AND auth_option <> 'f_' $founder_sql"; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[] = $row; } $db->sql_freeresult($result); ?>
 
Changing option:
To value:
Will set options in:

lang['PRESETS']; ?>:
lang['acl_' . $auth_options[$i]['auth_option']])) ? $user->lang['acl_' . $auth_options[$i]['auth_option']] : ucfirst(preg_replace('#.*?_#', '', $auth_options[$i]['auth_option'])); // Which option should we select? $selected_yes = (isset($auth_settings[$auth_options[$i]['auth_option']]) && $auth_settings[$auth_options[$i]['auth_option']] == ACL_YES) ? ' checked="checked"' : ''; $selected_no = (isset($auth_settings[$auth_options[$i]['auth_option']]) && $auth_settings[$auth_options[$i]['auth_option']] == ACL_NO) ? ' checked="checked"' : ''; $selected_unset = (!isset($auth_settings[$auth_options[$i]['auth_option']]) || $auth_settings[$auth_options[$i]['auth_option']] == ACL_UNSET) ? ' checked="checked"' : ''; // Output dependency links? $dep_x_yes = $dep_x_no = $dep_x_unset = $dep_x_open = $dep_x_close = ''; if (in_array($mode, array('admin', 'supermod', 'mod')) && $auth->acl_get('a_deps') && $submit != 'update') { $dep_x_open = ' X'; $dep_x_yes = $dep_x_open . ACL_YES . $dep_x_close; $dep_x_no = $dep_x_open . ACL_NO . $dep_x_close; $dep_x_unset = $dep_x_open . ACL_UNSET . $dep_x_close; } ?> acl_gets('a_events', 'a_cron') && $mode != 'deps' && $submit != 'update') { $row_class = ($row_class == 'row1') ? 'row2' : 'row1'; ?>
 lang['OPTION']; ?>   lang['YES']; ?>   lang['NO']; ?>   lang['UNSET']; ?> 
  /> /> />
lang['ACL_SUBFORUMS']; ?>
lang['ACL_SUBFORUMS_EXPLAIN']; ?>
lang['MARK_ALL']; ?> :: lang['UNMARK_ALL']; ?>
  ' : ''; ?>

lang['PRESETS']; ?>
lang['PRESETS_EXPLAIN']; ?>
lang['SELECT_PRESET']; ?>:
lang['PRESET_NAME']; ?>: