diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-02 16:48:22 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-06-02 16:48:22 +0000 |
| commit | 4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae (patch) | |
| tree | 6bb9a0ac669385e80e9ed45ada69a974a964133c | |
| parent | 2ee46df51c31ee697e2afa0cb7b5c154fe857844 (diff) | |
| download | forums-4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae.tar forums-4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae.tar.gz forums-4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae.tar.bz2 forums-4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae.tar.xz forums-4be30f3a82d7b10fe3f6189ec3c2a0d8a79ba5ae.zip | |
More internal changes
git-svn-id: file:///svn/phpbb/trunk@409 89ea8834-ac86-4346-8a33-228a782c2dd0
| -rw-r--r-- | phpBB/includes/auth.php | 393 |
1 files changed, 231 insertions, 162 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index ee9d452360..8e75eada67 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -24,7 +24,7 @@ /* $type's accepted (eventually!): - VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN + VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE Possible options to send to auth (not all are functional yet!): @@ -108,12 +108,30 @@ function auth($type, $forum_id, $userdata, $f_access = -1) if($f_access == -1) { $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : ""; - $sql = "SELECT $a_sql + $sql = "SELECT aa.forum_id, $a_sql FROM ".AUTH_FORUMS_TABLE." aa $forum_match_sql"; $af_result = $db->sql_query($sql); - $f_access = $db->sql_fetchrow($af_result); + if(!$af_result) + { + error_die(QUERY_ERROR, "Failed obtaining forum access control lists"); + } + else + { + if(!$db->sql_numrows($af_result)) + { + error_die(GENERAL_ERROR, "No forum access control lists exist!"); + } + else + { + $f_access = $db->sql_fetchrowset($af_result); + } + } + } + else + { + } // @@ -123,24 +141,24 @@ function auth($type, $forum_id, $userdata, $f_access = -1) // they're good to go, if not then they // are denied access // + $auth_user = array(); + if(!$userdata['session_logged_in']) { - $auth_user = array(); - - if($forum_id != AUTH_LIST_ALL) + for($j = 0; $j < count($auth_fields); $j++) { - for($i = 0; $i < count($f_access); $i++) + $key = $auth_fields[$j]; + + if($forum_id != AUTH_LIST_ALL) { - $auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? 1 : 0; + $auth_user[$key] = ($f_access[$key] == AUTH_ALL) ? 1 : 0; } - } - else - { - for($i = 0; $i < count($f_access); $i++) + else { - for($j = 0; $j < count($auth_fields); $j++) + for($i = 0; $i < count($f_access); $i++) { - $auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0; + $forum_id = $f_access[$i]['forum_id']; + $auth_user[$forum_id][$key] = ($f_access[$i][$key] == AUTH_ALL) ? 1 : 0; } } } @@ -155,190 +173,241 @@ function auth($type, $forum_id, $userdata, $f_access = -1) AND aa.group_id = ug.group_id $forum_match_sql"; $au_result = $db->sql_query($sql); - $u_access = $db->sql_fetchrowset($au_result); + if(!$au_result) + { + error_die(QUERY_ERROR, "Failed obtaining forum access control lists"); + } - $num_forums = (is_array($f_access[0])) ? count($f_access) : 1; + $num_u_access = $db->sql_numrows($au_result); + if($num_u_access) + { + $u_access = $db->sql_fetchrowset($au_result); + } $is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0; - $auth_user = array(); - for($k = 0; $k < $num_forums; $k++) + + for($i = 0; $i < count($auth_fields); $i++) { - for($i = 0; $i < count($auth_fields); $i++) - { - $key = $auth_fields[$i]; - $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key]; + $key = $auth_fields[$i]; + $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$k][$key]; + if(!$num_u_access) + { // - // If the user is logged on and the forum - // type is either ALL or REG then the user - // has access + // If no rows for this user where + // returned then auth is only true + // if the key has a value of ALL || REG // - if($value == AUTH_ALL || $value == AUTH_REG) + if($forum_id != AUTH_LIST_ALL) { - if($forum_id != AUTH_LIST_ALL) - { - $auth_user[$key] = 1; - } - else - { - $auth_user[$f_access[$k]['forum_id']][$key] = 1; - } + $auth_user[$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0; } else { - // - // If the type if ACL, MOD or ADMIN - // then we need to see if the user has - // specific permissions to do whatever it - // is they want to do ... to do this - // we pull relevant information for the user - // (and any groups they belong to) - // - - $single_user = 0; - - // - // Now we compare the users access level - // against the forums We assume here that - // a moderator and admin automatically have - // access to an ACL forum, similarly we assume - // admins meet an auth requirement of MOD - // - // The access level assigned to a single user - // automatically takes precedence over any - // levels granted by that user being a member - // of a multi-user usergroup, eg. a user - // who is banned from a forum won't gain - // access to it even if they belong to a group - // which has access (and vice versa). This - // check is done via the single_user check - // - // PS : I appologise for the fantastically clear - // and hugely readable code here ;) Simple gist - // is, if this row of auth_access doesn't represent - // a single user then OR the contents of relevant auth_access - // levels against the current level (allows - // maximum group privileges to be assigned). If - // the row does represent a single user then forget - // any previous group results and instead set - // the auth to whatever the OR'd contents of the - // access levels are. - // - switch($value) + for($k = 0; $k < count($f_access); $k++) { - case AUTH_ACL: - for($j = 0; $j < count($u_access); $j++) - { - if(!$single_user) - { - $single_user = $u_access[$j]['group_single_user']; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0; + } + } + } + else + { + // + // If the user is logged on and the forum type is either + // ALL or REG then the user has access + // + // If the type if ACL, MOD or ADMIN then we need to see + // if the user has specific permissions to do whatever it + // is they want to do ... to do this we pull relevant + // information for the user (and any groups they belong to) + // + // Now we compare the users access level against the forums + // We assume here that a moderator and admin automatically + // have access to an ACL forum, similarly we assume admins + // meet an auth requirement of MOD + // + // The access level assigned to a single user automatically + // takes precedence over any levels granted by that user being + // a member of a multi-user usergroup, eg. a user who is banned + // from a forum won't gain access to it even if they belong to + // a group which has access (and vice versa). This check is + // done via the single_user check + // + // PS : I appologise for the fantastically clear and hugely + // readable code here ;) Simple gist is, if this row of + // auth_access doesn't represent a single user then OR the + // contents of relevant auth_access levels against the current + // level (allows maximum group privileges to be assigned). If + // the row does represent a single user then forget any previous + // group results and instead set the auth to whatever the OR'd + // contents of the access levels are. + // - $result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin); - - if($forum_id != AUTH_LIST_ALL) - { - $auth_user[$key] = $result; - } - else - { - $auth_user[$f_access[$k]['forum_id']][$key] = $result; - } - } + switch($value) + { + case AUTH_ALL: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = 1; + } + else + { + for($k = 0; $k < count($f_access); $k++) + { + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = 1; } - break; - - case AUTH_MOD: - for($j = 0; $j < count($u_access); $j++) + } + break; + + case AUTH_REG: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = 1; + } + else + { + for($k = 0; $k < count($f_access); $k++) { - if(!$single_user) - { - $single_user = $u_access[$j]['group_single_user']; - - $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); - - if($forum_id != AUTH_LIST_ALL) - { - $auth_user[$key] = $result; - } - else - { - $auth_user[$f_access[$k]['forum_id']][$key] = $result; - } - } + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = 1; } - break; - - case AUTH_ADMIN: - // - // Pretty redundant right now ... - // - if($forum_id != AUTH_LIST_ALL) + } + break; + + case AUTH_ACL: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); + } + else + { + for($k = 0; $k < count($f_access); $k++) { - $auth_user[$key] = $is_admin; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); } - else + } + break; + + case AUTH_MOD: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); + } + else + { + for($k = 0; $k < count($f_access); $k++) { - $auth_user[$f_access[$k]['forum_id']][$key] = $is_admin; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); } - break; - - default: - if($forum_id != AUTH_LIST_ALL) + } + break; + + case AUTH_ADMIN: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = $is_admin; + } + else + { + for($k = 0; $k < count($f_access); $k++) { - $auth_user[$key] = 0; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = $is_admin; } - else + } + break; + + default: + if($forum_id != AUTH_LIST_ALL) + { + $auth_user[$key] = 0; + } + else + { + for($k = 0; $k < count($f_access); $k++) { - $auth_user[$f_access[$k]['forum_id']][$key] = 0; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id][$key] = 0; } - break; - } + } + break; } } - // - // Is user a moderator? - // - $single_user = 0; - for($j = 0; $j < count($u_access); $j++) + } + // + // Is user a moderator? + // + if($forum_id != AUTH_LIST_ALL) + { + $auth_user['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin); + } + else + { + for($k = 0; $k < count($f_access); $k++) { - if(!$single_user) - { - $single_user = $u_access[$j]['group_single_user']; - - $result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin); - - if($forum_id != AUTH_LIST_ALL) - { - $auth_user['auth_mod'] = $result; - } - else - { - $auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result; - } - } + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin); } + } - // - // Is user an admin (this is - // really redundant at this time) - // - if($forum_id != AUTH_LIST_ALL) + // + // Is user an admin (this is + // really redundant at this time) + // + if($forum_id != AUTH_LIST_ALL) + { + $auth_user['auth_admin'] = $is_admin; + } + else + { + for($k = 0; $k < count($f_access); $k++) { - $auth_user['auth_admin'] = $is_admin; + $f_forum_id = $f_access[$k]['forum_id']; + $auth_user[$f_forum_id]['auth_admin'] = $is_admin; } - else + } + } + + return $auth_user; + +} + +function auth_check_user($type, $key, $u_access, $is_admin) +{ + + $single_user = 0; + $auth_user = 0; + + for($j = 0; $j < count($u_access); $j++) + { + if(!$single_user) + { + $single_user = $u_access[$j]['group_single_user']; + + $result = 0; + switch($type) { - $auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin; + case AUTH_ACL: + $result = $u_access[$j][$key]; + + case AUTH_MOD: + $result = $result || $u_access[$j]['auth_mod']; + + case AUTH_ADMIN: + $result = $result || $is_admin; + break; } + + $auth_user = (!$single_user) ? ( $auth_user || $result ) : $result; + } } - - // - // This currently only returns 1 or 0 - // however it will also return an array if a listing - // of all forums to which a user has access was requested. - // + return $auth_user; } |