+ if ($auth->acl_get('f_list', $forum_id))

+ $folder_image = $theme['sub_forum'];

+function sql_quote($msg)

+{

+ return str_replace('\'', '\'\'', $msg);

+}

+

+ $sql .= ( ( is_int($user) ) ? "user_id = $user" : "username = '" . sql_quote($user) . "'" ) . " AND user_id <> " . ANONYMOUS;

+ WHERE ao.auth_value = 'm_global'

+ AND u.user_id = au.user_id";

+ while ( $row = $db->sql_fetchrow($result) )

+ WHERE ao.auth_value = 'm_global'

+ AND g.group_id = au.group_id";

+ while ( $row = $db->sql_fetchrow($result) )

+ $rules .= ( ( $auth->acl_get('f_post', $forum_id) ) ? $lang['Rules_post_can'] : $lang['Rules_post_cannot'] ) . '<br />';

+ $rules .= ( ( $auth->acl_get('f_reply', $forum_id) ) ? $lang['Rules_reply_can'] : $lang['Rules_reply_cannot'] ) . '<br />';

+ $rules .= ( ( $auth->acl_get('f_edit', $forum_id) ) ? $lang['Rules_edit_can'] : $lang['Rules_edit_cannot'] ) . '<br />';

+ $rules .= ( ( $auth->acl_get('f_delete', $forum_id) || $auth->acl_get('m_delete', $forum_id) ) ? $lang['Rules_delete_can'] : $lang['Rules_delete_cannot'] ) . '<br />';

+ $rules .= ( ( $auth->acl_get('f_attach', $forum_id) ) ? $lang['Rules_attach_can'] : $lang['Rules_attach_cannot'] ) . '<br />';

+ if ( $auth->acl_get('a_') || $auth->acl_get('m_', $forum_id) )

+function make_jumpbox($action, $forum_id = false)

+ global $auth, $template, $lang, $db, $nav_links, $phpEx;

+ $boxstring = '<select name="f" onChange="if(this.options[this.selectedIndex].value != -1){ forms[\'jumpbox\'].submit() }">';

+/*

+ $sql = "SELECT forum_id, forum_name, left_id, right_id

+ FROM " . FORUMS_TABLE . "

+ ORDER BY left_id ASC";

+ $result = $db->sql_query($sql);

+ $right = 0;

+ $subforum = '';

+ while ( $row = $db->sql_fetchrow($result) )

+ if ( $auth->acl_get('f_list', $forum_id) || $auth->acl_get('a_') )

+ if ( $row['left_id'] < $right )

+ $subforum .= '&nbsp; &nbsp;';

+ else if ( $row['left_id'] > $right + 1 )

+ $subforum = substr($subforum, 0, -13 * ( $row['left_id'] - $right + 1 ));

+ $right = $row['right_id'];

+ $selected = ( $row['forum_id'] == $forum_id ) ? 'selected="selected"' : '';

+ $boxstring .= '<option value="' . $row['forum_id'] . '"' . $selected . '>' . $subforum . $row['forum_name'] . '</option>';

+ $nav_links['chapter forum'][$row['forum_id']] = array (

+ 'url' => "viewforum.$phpEx$SID&f=" . $row['forum_id'],

+ 'title' => $row['forum_name']

+ );

+ }

+ }

+ $db->sql_freeresult($result);

+*/

+ global $template, $db, $lang, $phpEx, $SID, $start;

+ if ( isset($_GET['unwatch']) )

+ if ( $_GET['unwatch'] == $mode )

+ if ( isset($_GET['watch']) )

+ if ( $_GET['watch'] == $mode )

+ if ( isset($_GET['unwatch']) )

+ if ( $_GET['unwatch'] == $mode )

+ global $db, $session, $auth, $template, $board_config, $theme, $lang, $user;

+ global $userdata, $user_ip, $phpEx, $phpbb_root_path, $nav_links, $starttime;

+// Error and message handler, call with trigger_error if reqd

+function msg_handler($errno, $msg_text, $errfile, $errline)

+{

+ global $db, $session, $auth, $template, $board_config, $theme, $lang, $userdata, $user_ip;

+ global $phpEx, $phpbb_root_path, $nav_links, $starttime;

+

+ switch ( $errno )

+ {

+ case E_WARNING:

+ break;

+

+ case E_NOTICE:

+ break;

+

+ case E_ERROR:

+ case E_USER_ERROR:

+ echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>phpBB 2 :: General Error</title></html>' . "\n";

+ echo '<body><h1 style="font-family:Verdana,serif;font-size:18pt;font-weight:bold">phpBB2 :: General Error</h1><hr style="height:2px;border-style:dashed;color:black" /><p style="font-family:Verdana,serif;font-size:10pt">' . $msg_text . '</p><hr style="height:2px;border-style:dashed;color:black" /><p style="font-family:Verdana,serif;font-size:10pt">Contact the site administrator to report this failure</p></body></html>';

+ $db->sql_close();

+ break;

+

+ case E_USER_NOTICE:

+ if ( empty($lang) && !empty($board_config['default_lang']) )

+ {

+ if ( !file_exists($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx) )

+ {

+ $board_config['default_lang'] = 'english';

+ }

+

+ include($phpbb_root_path . 'language/lang_' . $board_config['default_lang'] . '/lang_main.' . $phpEx);

+ }

+

+ $msg_text = ( !empty($lang[$msg_text]) ) ? $lang[$msg_text] : $msg_text;

+

+ if ( !defined('HEADER_INC') )

+ {

+ if ( empty($userdata) )

+ {

+ echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="Content-Style-Type" content="text/css"><link rel="stylesheet" href="admin/subSilver.css" type="text/css"><style type="text/css">th { background-image: url(\'admin/images/cellpic3.gif\') } td.cat { background-image: url(\'admin/images/cellpic1.gif\') }</style><title>' . $lang['Information'] . '</title></html>' . "\n";

+ echo '<body><table width="100%" height="100%" border="0"><tr><td align="center" valign="middle"><table class="bg" width="80%" cellspacing="1" cellpadding="4" border="0"><tr><th>' . $lang['Information'] . '</th></tr><tr><td class="row1" align="center">' . $msg_text . '</td></tr></table></td></tr></table></body></html>';

+ $db->sql_close();

+ exit;

+ }

+ else if ( defined('IN_ADMIN') )

+ {

+ page_header('', '', false);

+ }

+ else

+ {

+ include($phpbb_root_path . 'includes/page_header.' . $phpEx);

+ }

+ }

+

+ if ( defined('IN_ADMIN') )

+ {

+ page_message($msg_title, $msg_text, $display_header);

+ page_footer();

+ }

+ else

+ {

+ $template->set_filenames(array(

+ 'body' => 'message_body.html')

+ );

+

+ $template->assign_vars(array(

+ 'MESSAGE_TITLE' => $msg_title,

+ 'MESSAGE_TEXT' => $msg_text)

+ );

+

+ include($phpbb_root_path . 'includes/page_tail.' . $phpEx);

+ }

+ break;

+ }

+}

+

+ global $db, $userdata, $auth, $lang;

+ $sql = "SELECT forum_id, forum_name, left_id, right_id

+ FROM " . FORUMS_TABLE . "

+ ORDER BY left_id ASC";

+ $right = 0;

+ $subforum = '';

+ while ( $row = $db->sql_fetchrow($result) )

+ if ( ( $auth->acl_get('f_list', $forum_id) || $auth->acl_get('a_') ) && $ignore_forum != $row['forum_id'] )

+ if ( $row['left_id'] < $right )

+ {

+ $subforum .= '&nbsp;&nbsp;&nbsp;';

+ }

+ else if ( $row['left_id'] > $right + 1 )

+ {

+ $subforum = substr($subforum, 0, -18 * ( $row['left_id'] - $right + 1 ));

+ }

+

+ $forum_list .= '<option value="' . $row['forum_id'] . '">' . $subforum . $row['forum_name'] . '</option>';

+

+ $right = $row['right_id'];

+

+ $db->sql_freeresult($result);

+ $sql = "SELECT MAX(p.post_id) AS last_post, COUNT(p.post_id) AS total

+ FROM " . POSTS_TABLE . " p, " . TOPICS_TABLE . " t

+ WHERE p.forum_id = $id

+ AND t.topic_id = p.topic_id

+ WHERE forum_id = $id

+ SET topic_replies = " . ( $row['total_posts'] - 1 ) . ", topic_first_post_id = " . $row['first_post'] . ", topic_last_post_id = " . $row['last_post'] . "

+

+ $sql = "SELECT t.topic_id

+ AND t.topic_vote = 0

+ AND t.topic_type <> " . POST_ANNOUNCE . "

+ AND ( p.post_id = t.topic_last_post_id

+

+ FROM " . POSTS_TABLE . "

+ WHERE forum_id = $forum_id

+ $sql = "DELETE FROM " . TOPICS_TABLE . "

+ $sql = "DELETE FROM " . POSTS_TABLE . "

+ $sql = "DELETE FROM " . POSTS_TEXT_TABLE . "

+ $sql = "DELETE FROM " . SEARCH_MATCH_TABLE . "

+ $sql = "SELECT prune_freq, prune_days

+ $sql = "UPDATE " . FORUMS_TABLE . "

+ SET prune_next = $next_prune

+

+

+

+

+

+

+ // Counts single quotes that are preceded by an odd number of backslashes,

+

+

+

+ // Do we have a complete statement yet?

+

+ // Counts single quotes that are preceded by an odd number of backslashes,

+

+

+

+ // even number of unescaped quotes. We still don't have a complete statement.

+

+// Extension of auth class for changing permissions

+class auth_admin extends auth

+{

+ function acl_set_user(&$forum_id, &$user_id, &$auth)

+ {

+ global $db;

+

+ $forum_sql = ( $forum_id ) ? "AND a.forum_id IN ($forum_id, 0)" : '';

+

+ $sql = "SELECT o.auth_option_id, o.auth_value, a.auth_allow_deny

+ FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o

+ WHERE a.auth_option_id = o.auth_option_id

+ $forum_sql

+ AND a.user_id = $user_id";

+ $result = $db->sql_query($sql);

+

+ $user_auth = array();

+ if ( $row = $db->sql_fetchrow($result) )

+ {

+ do

+ {

+ $user_auth[$user_id][$row['auth_option_id']] = $row['auth_allow_deny'];

+ }

+ while ( $row = $db->sql_fetchrow($result) );

+ }

+ $db->sql_freeresult($result);

+

+ foreach ( $auth as $auth_option_id => $allow )

+ {

+ if ( !empty($user_auth) )

+ {

+ foreach ( $user_auth as $user => $user_auth_ary )

+ {

+ $sql_ary[] = ( !isset($user_auth_ary[$auth_option_id]) ) ? "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option_id, $allow)" : ( ( $user_auth_ary[$auth_option_id] != $allow ) ? "UPDATE " . ACL_USERS_TABLE . " SET auth_allow_deny = $allow WHERE user_id = $user_id AND forum_id = $forum_id AND auth_option_id = $auth_option_id" : '' );

+ }

+ }

+ else

+ {

+ $sql_ary[] = "INSERT INTO " . ACL_USERS_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($user_id, $forum_id, $auth_option_id, $allow)";

+ }

+ }

+

+ foreach ( $sql_ary as $sql )

+ {

+ $db->sql_query($sql);

+ }

+

+ unset($user_auth);

+ unset($sql_ary);

+

+ $this->acl_clear_prefetch();

+ }

+

+ function acl_set_group(&$forum_id, &$group_id, &$auth)

+ {

+ global $db;

+

+ $forum_sql = "AND a.forum_id IN ($forum_id, 0)";

+

+ $sql = "SELECT o.auth_option_id, o.auth_value, a.auth_allow_deny

+ FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o

+ WHERE a.auth_option_id = o.auth_option_id

+ $forum_sql

+ AND a.group_id = $group_id";

+ $result = $db->sql_query($sql);

+

+ $group_auth = array();

+ if ( $row = $db->sql_fetchrow($result) )

+ {

+ do

+ {

+ $group_auth[$group_id][$row['auth_option_id']] = $row['auth_allow_deny'];

+ }

+ while ( $row = $db->sql_fetchrow($result) );

+ }

+ $db->sql_freeresult($result);

+

+ foreach ( $auth as $auth_option_id => $allow )

+ {

+ if ( !empty($group_auth) )

+ {

+ foreach ( $group_auth as $group => $group_auth_ary )

+ {

+ $sql_ary[] = ( !isset($group_auth_ary[$auth_option_id]) ) ? "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option_id, $allow)" : ( ( $group_auth_ary[$auth_option_id] != $allow ) ? "UPDATE " . ACL_GROUPS_TABLE . " SET auth_allow_deny = $allow WHERE group_id = $group_id AND forum_id = $forum_id and auth_option_id = $auth_option_id" : '' );

+ }

+ }

+ else

+ {

+ $sql_ary[] = "INSERT INTO " . ACL_GROUPS_TABLE . " (group_id, forum_id, auth_option_id, auth_allow_deny) VALUES ($group_id, $forum_id, $auth_option_id, $allow)";

+ }

+ }

+

+ foreach ( $sql_ary as $sql )

+ {

+ $db->sql_query($sql);

+ }

+

+ unset($group_auth);

+ unset($sql_ary);

+

+ $this->acl_clear_prefetch();

+ }

+

+ function acl_delete_user($forum_id, $user_id, $auth_ids = false)

+ {

+ global $db;

+

+ $auth_sql = '';

+ if ( $auth_ids )

+ {

+ for($i = 0; $i < count($auth_ids); $i++)

+ {

+ $auth_sql .= ( ( $auth_sql != '' ) ? ', ' : '' ) . $auth_ids[$i];

+ }

+ $auth_sql = " AND auth_option_id IN ($auth_sql)";

+ }

+

+ $sql = "DELETE FROM " . ACL_USERS_TABLE . "

+ WHERE user_id = $user_id

+ AND forum_id = $forum_id

+ $auth_sql";

+ $db->sql_query($sql);

+

+ $this->acl_clear_prefetch();

+ }

+

+ function acl_delete_group($forum_id, $group_id, $auth_type = false)

+ {

+ global $db;

+

+ $auth_sql = '';

+ if ( $auth_ids )

+ {

+ for($i = 0; $i < count($auth_ids); $i++)

+ {

+ $auth_sql .= ( ( $auth_sql != '' ) ? ', ' : '' ) . $auth_ids[$i];

+ }

+ $auth_sql = " AND auth_option_id IN ($auth_sql)";

+ }

+

+ $sql = "DELETE FROM " . ACL_GROUPS_TABLE . "

+ WHERE group_id = $group_id

+ AND forum_id = $forum_id

+ $auth_sql";

+ $db->sql_query($sql);

+

+ $this->acl_clear_prefetch();

+ }

+

+ function acl_clear_prefetch()

+ {

+ global $db;

+

+ $sql = "UPDATE " . USERS_TABLE . "

+ SET user_permissions = ''";

+ $db->sql_query($sql);

+

+ return;

+ }

+}

+

+$s_last_visit = ( $userdata['user_id'] ) ? $user->format_date($userdata['session_last_visit']) : '';

+// && $auth->acl_get('forum', 'read', $_GET['f'])

+ if ( $row['user_allow_viewonline'] || $auth->acl_get('a_') )

+ 'CURRENT_TIME' => sprintf($lang['Current_time'], $user->format_date(time())),

+ 'RECORD_USERS' => sprintf($lang['Record_online_users'], $board_config['record_online_users'], $user->format_date($$board_config['record_online_date'])),

+ 'ADMIN_LINK' => ( $auth->acl_get('a_') ) ? '<a href="' . "admin/index.$phpEx$SID" . '">' . $lang['Admin_panel'] . '</a><br /><br />' : '',

+ // Events ... ?

+// do_events('days');

+ $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';

+ $this->timezone = $userdata['user_timezone'] * 3600;

+ $this->lang_name = $board_config['default_lang'];

+ $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/';

+

+ $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';

+ $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/';

+ $this->timezone = $board_config['board_timezone'] * 3600;

+ include($this->lang_path . 'lang_main.' . $phpEx);

+ include($this->lang_path . 'lang_admin.' . $phpEx);

+ $img_lang = ( file_exists('imagesets/' . $theme['imageset_path'] . '/' . $this->lang_name) ) ? $this->lang_name : $board_config['default_lang'];

+ function format_date($gmepoch, $format = false)

+ $format = ( !$format ) ? $this->date_format : $format;

+ return strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates);

+ var $options = array();

+ function acl(&$userdata, $forum_id = false, $options = false)

+ $in_sql = '\'a_\', \'f_list\'';

+

+ if ( $options )

+ {

+ if ( is_array($options) )

+ {

+ foreach ( $options as $option )

+ {

+ $in_sql .= ', \'' . $option . '\'';

+ }

+ }

+ else

+ {

+ $or_sql = " OR auth_value LIKE '$option%'";

+ }

+ }

+

+// $in_sql = ( !$forum_id ) ? "ao.auth_value IN ($in_sql)" : "( a.forum_id = $forum_id OR ao.auth_value IN ('a_', 'f_list') )";

+

+// $mtime = explode(' ', microtime());

+// $starttime = $mtime[1] + $mtime[0];

+

+ // The possible alternative here is to store the options in a file

+ // (perhaps with the other config data) and do away with this query.

+ $sql = "SELECT auth_option_id, auth_value

+ FROM " . ACL_OPTIONS_TABLE . "

+ WHERE auth_value IN ($in_sql) $or_sql";

+ $result = $db->sql_query($sql);

+

+ while ( $row = $db->sql_fetchrow($result) )

+ {

+ $this->options[$row['auth_value']] = $row['auth_option_id'];

+ }

+ $db->sql_freeresult($result);

+ // This is preliminary and can no doubt be improved. The 12 in

+ // the chunk_split relates to the current 96bits (12 bytes) per forum

+ if ( !empty($userdata['user_permissions']) )

+ $permissions = explode("\r\n", chunk_split($userdata['user_permissions'], 12));

+

+ foreach ( $permissions as $data )

+ $temp = explode("\r\n", chunk_split($data, 1));

+

+ $forum_id = bindec(str_pad(decbin(ord(array_shift($temp))), 8, 0, STR_PAD_LEFT) . str_pad(decbin(ord(array_shift($temp))), 8, 0, STR_PAD_LEFT));

+

+ foreach ( $temp as $char )

+ {

+ $this->acl[$forum_id] .= str_pad(decbin(ord($char)), 8, 0, STR_PAD_LEFT);

+ }

+ else

+ {

+ $this->acl_cache($userdata);

+ }

+// $mtime = explode(' ', microtime());

+// echo $mtime[1] + $mtime[0] - $starttime . " :: ";

+/*

+ AND $in_sql

+ AND ao.auth_option_id = a.auth_option_id";

+ $this->acl[$row['forum_id']][$row['auth_value']] = $row['auth_allow_deny'];

+ $this->acl_cache($userdata);

+*/

+ function acl_get($option, $forum_id = 0)

+ return ( $this->founder ) ? true : substr($this->acl[$forum_id], $this->options[$option], 1);

+// return ( $this->founder ) ? true : $this->acl[$forum_id][$option];

+ function acl_cache(&$userdata)

+ $sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_option_id, ao.auth_value

+ switch ( $this->acl[$row['forum_id']][$row['auth_option_id']] )

+ $this->acl[$row['forum_id']][$row['auth_option_id']] = $row['auth_allow_deny'];

+ $sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_option_id, ao.auth_value

+ switch ( $this->acl[$row['forum_id']][$row['auth_option_id']] )

+ $this->acl[$row['forum_id']][$row['auth_option_id']] = $row['auth_allow_deny'];

+ foreach ( $auth_ary as $type => $value )

+ if ( $value == ACL_ALLOW || $value == ACL_PERMIT )

+ {

+ $this->acl[$forum_id][$type] = 1;

+ $insert_sql[$forum_id][1][] = $type;

+ }

+ else

+ $this->acl[$forum_id][$type] = 0;

+ $insert_sql[$forum_id][0][] = $type;

+ $userdata['user_permissions'] = '';

+ foreach ( $insert_sql as $forum_id => $insert_ary )

+ $temp = array();

+ for($i = 0; $i < 80; $i++)

+ $temp[] = ( isset($this->acl[$forum_id][$i]) ) ? $this->acl[$forum_id][$i] : 0;

+/*

+ foreach ( $insert_ary as $allow => $option_ary )

+ $sql = '';

+ foreach ( $option_ary as $option )

+ $sql .= ( ( $sql != '' ) ? ', ' : '' ) . '\'' . $option . '\'';

+ $sql = "INSERT INTO " . ACL_PREFETCH_TABLE . " (user_id, forum_id, auth_option_id, auth_allow_deny) SELECT " . $userdata['user_id'] . ", $forum_id, auth_option_id, $allow FROM " . ACL_OPTIONS_TABLE . " WHERE auth_value IN ($sql)";

+ $db->sql_query($sql);

+*/

+ $bitstring = explode("\r\n", chunk_split(str_pad(decbin($forum_id), 16, 0, STR_PAD_LEFT) . implode('', $temp), 8));

+ array_pop($bitstring);

+ foreach ( $bitstring as $byte )

+ $userdata['user_permissions'] .= chr(bindec($byte));

+ $sql = "UPDATE " . USERS_TABLE . "

+ SET user_permissions = '" . addslashes($userdata['user_permissions']) . "'

+ WHERE user_id = " . $userdata['user_id'];

+

+ return;

+ return ( $user['user_active'] ) ? $session->create($user['user_id'], $autologin) : false;

+ 'JOINED' => $user->format_date($profiledata['user_regdate'], $lang['DATE_FORMAT']),