From 05452b9ec0dab4fecfbca05fd5598af224d784de Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:25:51 -0500 Subject: [ticket/8323] Do not allow sending of Private Messages to users who do not have permission to read private messages PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 1b474457b3..c6a44f6196 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1245,6 +1245,26 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; } } + + // Check if users have permission to read PMs + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $can_read = $auth->acl_get_list(false, 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + + if (!empty($cannot_read_list)) + { + foreach ($cannot_read_list as $cannot_read) + { + unset($address_list['u'][$cannot_read]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + } } } -- cgit v1.2.1 From c53d7f0b62abf222b159623ccc2c6ef6262f3137 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:27:50 -0500 Subject: [ticket/8323] Remove code used for testing PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index c6a44f6196..fe5b3b7a74 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1248,7 +1248,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check if users have permission to read PMs // Only check if not a moderator or admin, since they are allowed to override this user setting - if (true)//!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { $can_read = $auth->acl_get_list(false, 'u_readpm'); $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; -- cgit v1.2.1 From c38bb4254abec403add35378da67092c8513a3c4 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:34:07 -0500 Subject: [ticket/8323] Do not allow sending of Private Messages to users who are banned PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index fe5b3b7a74..2ab6090533 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1265,6 +1265,23 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } + + // Check if users have permission to read PMs + // Only check if not a moderator or admin, since they are allowed to override this user setting + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + { + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u'])); + + if (!empty($banned_user_list)) + { + foreach ($banned_user_list as $banned_user) + { + unset($address_list['u'][$banned_user]); + } + + $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + } + } } } -- cgit v1.2.1 From e6d4e9bbb98feaee7a413967d6500163ebe7282c Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 3 Jul 2012 23:35:17 -0500 Subject: [ticket/8323] Correcting the comment PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 2ab6090533..2a2ad48063 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1266,7 +1266,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } } - // Check if users have permission to read PMs + // Check if users are banned // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { -- cgit v1.2.1 From 0f4956b280468e8890b1c84df41d7bb1eb2447c5 Mon Sep 17 00:00:00 2001 From: Nathan Date: Wed, 4 Jul 2012 20:52:07 -0500 Subject: [ticket/8323] Do not allow sending PMs to Inactive users PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 2a2ad48063..d7290070a5 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1194,7 +1194,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove if (sizeof($usernames)) { $user_id_ary = array(); - user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); + user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) -- cgit v1.2.1 From 362ba43f18c07c70855e72ebfaea222e04af1183 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 09:58:10 -0500 Subject: [ticket/8323] Allow sending PMs to temporarily banned users Added an argument to the phpbb_get_banned_user_ids() function to allow specifying a banned end time (default true for current functionality, false for only permanent bans, timestamp to find banned until a specified time) PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index d7290070a5..e65b523cfb 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1270,7 +1270,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Only check if not a moderator or admin, since they are allowed to override this user setting if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { - $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u'])); + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); if (!empty($banned_user_list)) { -- cgit v1.2.1 From 33852e6251cf9eea29efde4aebdd64500b7e7c2b Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 16:07:12 -0500 Subject: [ticket/8323] Correct PM notification settings (only notify those who can receive them) Also correcting the way it was setup for users to be able to receive PMs (do not allow administrators/moderators to send to banned, inactive, or non-standard users, that just doesn't make sense) PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 39 +++++++++++++---------------------- 1 file changed, 14 insertions(+), 25 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index e65b523cfb..8fc99818f4 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1247,40 +1247,29 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } // Check if users have permission to read PMs - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); + $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; + $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); + if (!empty($cannot_read_list)) { - $can_read = $auth->acl_get_list(false, 'u_readpm'); - $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; - - $cannot_read_list = array_diff(array_keys($address_list['u']), $can_read); - - if (!empty($cannot_read_list)) + foreach ($cannot_read_list as $cannot_read) { - foreach ($cannot_read_list as $cannot_read) - { - unset($address_list['u'][$cannot_read]); - } - - $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + unset($address_list['u'][$cannot_read]); } + + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } // Check if users are banned - // Only check if not a moderator or admin, since they are allowed to override this user setting - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); + if (!empty($banned_user_list)) { - $banned_user_list = phpbb_get_banned_user_ids(array_keys($address_list['u']), false); - - if (!empty($banned_user_list)) + foreach ($banned_user_list as $banned_user) { - foreach ($banned_user_list as $banned_user) - { - unset($address_list['u'][$banned_user]); - } - - $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + unset($address_list['u'][$banned_user]); } + + $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; } } } -- cgit v1.2.1 From b25efd744db56f7565453caccf26630404db07c7 Mon Sep 17 00:00:00 2001 From: Nathan Date: Tue, 10 Jul 2012 17:41:27 -0500 Subject: [ticket/8323] Only disable administrative deactivated accounts from receiving PMs Allow other types of inactive accounts to receive PMs. Remove the banned PM error message and use the string saying they do not have permission (less translation) PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 8fc99818f4..0084184c65 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1194,7 +1194,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove if (sizeof($usernames)) { $user_id_ary = array(); - user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER)); + user_get_id_name($user_id_ary, $usernames, array(USER_NORMAL, USER_FOUNDER, USER_INACTIVE)); // If there are users not existing, we will at least print a notice... if (!sizeof($user_id_ary)) @@ -1246,6 +1246,33 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } } + // Administrator deactivated users check + $sql = 'SELECT user_id + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL; + $result = $db->sql_query($sql); + + $removed = false; + while ($row = $db->sql_fetchrow($result)) + { + $removed = true; + unset($address_list['u'][$row['user_id']]); + } + $db->sql_freeresult($result); + + // print a notice about users not being added who do not want to receive pms + if ($removed) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; + } + + if (!sizeof(array_keys($address_list['u']))) + { + return; + } + // Check if users have permission to read PMs $can_read = $auth->acl_get_list(array_keys($address_list['u']), 'u_readpm'); $can_read = (empty($can_read) || !isset($can_read[0]['u_readpm'])) ? array() : $can_read[0]['u_readpm']; @@ -1269,7 +1296,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove unset($address_list['u'][$banned_user]); } - $error[] = $user->lang['PM_USERS_REMOVED_BANNED']; + $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } } } -- cgit v1.2.1 From 4ab07aa45ebdf568a252821edf0837e17f1d9f20 Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Fri, 7 Dec 2012 18:51:06 -0600 Subject: [ticket/8323] Comments PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index f6192a3588..3e7ed05fdc 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1263,7 +1263,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove } $db->sql_freeresult($result); - // print a notice about users not being added who do not want to receive pms + // print a notice about users not being added who do not have permission to receive PMs if ($removed) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; -- cgit v1.2.1 From abaa53b0b295358efcf591587485c01a027cd5cb Mon Sep 17 00:00:00 2001 From: Nathaniel Guse Date: Wed, 1 May 2013 12:28:31 -0500 Subject: [ticket/8323] Combine into a single query PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 58 +++++++++++++++++------------------ 1 file changed, 28 insertions(+), 30 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index 3e7ed05fdc..75b17a4a01 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1222,49 +1222,47 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove // Check for disallowed recipients if (!empty($address_list['u'])) { - // We need to check their PM status (do they want to receive PM's?) - // Only check if not a moderator or admin, since they are allowed to override this user setting + // Administrator deactivated users check and we need to check their + // PM status (do they want to receive PM's?) + // Only check PM status if not a moderator or admin, since they + // are allowed to override this user setting + $sql = 'SELECT user_id, user_allow_pm + FROM ' . USERS_TABLE . ' + WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' + AND (user_type = ' . USER_INACTIVE . ' + AND user_inactive_reason = ' . INACTIVE_MANUAL . ')'; + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) { - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_allow_pm = 0'; - $result = $db->sql_query($sql); - - $removed = false; - while ($row = $db->sql_fetchrow($result)) - { - $removed = true; - unset($address_list['u'][$row['user_id']]); - } - $db->sql_freeresult($result); - - // print a notice about users not being added who do not want to receive pms - if ($removed) - { - $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; - } + $sql .= ' OR user_allow_pm = 0'; } - // Administrator deactivated users check - $sql = 'SELECT user_id - FROM ' . USERS_TABLE . ' - WHERE ' . $db->sql_in_set('user_id', array_keys($address_list['u'])) . ' - AND user_type = ' . USER_INACTIVE . ' - AND user_inactive_reason = ' . INACTIVE_MANUAL; $result = $db->sql_query($sql); - $removed = false; + $removed_no_pm = $removed_no_permission = false; while ($row = $db->sql_fetchrow($result)) { - $removed = true; + if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_') && !$row['user_allow_pm']) + { + $removed_no_pm = true; + } + else + { + $removed_no_permission = true; + } + unset($address_list['u'][$row['user_id']]); } $db->sql_freeresult($result); + // print a notice about users not being added who do not want to receive pms + if ($removed_no_pm) + { + $error[] = $user->lang['PM_USERS_REMOVED_NO_PM']; + } + // print a notice about users not being added who do not have permission to receive PMs - if ($removed) + if ($removed_no_permission) { $error[] = $user->lang['PM_USERS_REMOVED_NO_PERMISSION']; } -- cgit v1.2.1 From d14aed0819f2314ab0da1787aa7228025a6a024c Mon Sep 17 00:00:00 2001 From: Nathan Guse Date: Thu, 5 Sep 2013 13:59:24 -0500 Subject: [ticket/8323] Cache auth request PHPBB3-8323 --- phpBB/includes/ucp/ucp_pm_compose.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'phpBB/includes/ucp') diff --git a/phpBB/includes/ucp/ucp_pm_compose.php b/phpBB/includes/ucp/ucp_pm_compose.php index a1b2bb61f9..9a6aa3f7a0 100644 --- a/phpBB/includes/ucp/ucp_pm_compose.php +++ b/phpBB/includes/ucp/ucp_pm_compose.php @@ -1229,7 +1229,8 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove AND (user_type = ' . USER_INACTIVE . ' AND user_inactive_reason = ' . INACTIVE_MANUAL . ')'; - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_')) + $can_ignore_allow_pm = ($auth->acl_gets('a_', 'm_') || $auth->acl_getf_global('m_')); + if (!$can_ignore_allow_pm) { $sql .= ' OR user_allow_pm = 0'; } @@ -1239,7 +1240,7 @@ function handle_message_list_actions(&$address_list, &$error, $remove_u, $remove $removed_no_pm = $removed_no_permission = false; while ($row = $db->sql_fetchrow($result)) { - if (!$auth->acl_gets('a_', 'm_') && !$auth->acl_getf_global('m_') && !$row['user_allow_pm']) + if (!$can_ignore_allow_pm && !$row['user_allow_pm']) { $removed_no_pm = true; } -- cgit v1.2.1