diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-14 14:57:29 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2006-09-14 14:57:29 +0000 |
| commit | 79137c312c15638a380adacb18a2d7194f42f09d (patch) | |
| tree | a96cf32a8b8242484bee18db3e3a19ebfdfb3f25 /phpBB/includes/auth.php | |
| parent | 665adc1722385e134ef20f8e470d5593a8be284b (diff) | |
| download | forums-79137c312c15638a380adacb18a2d7194f42f09d.tar forums-79137c312c15638a380adacb18a2d7194f42f09d.tar.gz forums-79137c312c15638a380adacb18a2d7194f42f09d.tar.bz2 forums-79137c312c15638a380adacb18a2d7194f42f09d.tar.xz forums-79137c312c15638a380adacb18a2d7194f42f09d.zip | |
- Fix some bugs
- fixed retrieving of permissions if the LIKE statement is used as well as proper supporting (needs testing on mssql)
git-svn-id: file:///svn/phpbb/trunk@6366 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/auth.php')
| -rw-r--r-- | phpBB/includes/auth.php | 105 |
1 files changed, 76 insertions, 29 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 4e6a8af1d8..c578881c3f 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -478,18 +478,11 @@ class auth $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; - $sql_opts = ''; + $sql_opts = $sql_escape = ''; if ($opts !== false) { - if (!is_array($opts)) - { - $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'"; - } - else - { - $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); - } + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); } $hold_ary = array(); @@ -519,7 +512,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql); + $result = $db->sql_query($sql . $sql_escape); while ($row = $db->sql_fetchrow($result)) { @@ -595,18 +588,11 @@ class auth $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? "user_id = $user_id" : $db->sql_in_set('user_id', $user_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; - $sql_opts = ''; + $sql_opts = $sql_escape = ''; if ($opts !== false) { - if (!is_array($opts)) - { - $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'"; - } - else - { - $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); - } + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); } $hold_ary = array(); @@ -634,7 +620,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql); + $result = $db->sql_query($sql . $sql_escape); while ($row = $db->sql_fetchrow($result)) { @@ -656,16 +642,11 @@ class auth $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? "group_id = $group_id" : $db->sql_in_set('group_id', $group_id)) : ''; $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_opts = $sql_escape = ''; + if ($opts !== false) { - if (!is_array($opts)) - { - $sql_opts = (strpos($opts, '%') !== false) ? "AND ao.auth_option LIKE '" . $db->sql_escape($opts) . "'" : "AND ao.auth_option = '" . $db->sql_escape($opts) . "'"; - } - else - { - $sql_opts = 'AND ' . $db->sql_in_set('ao.auth_option', $opts); - } + $this->build_auth_option_statement('ao.auth_option', $opts, $sql_opts, $sql_escape); } $hold_ary = array(); @@ -693,7 +674,7 @@ class auth 'ORDER_BY' => 'a.forum_id, ao.auth_option' )); - $result = $db->sql_query($sql); + $result = $db->sql_query($sql . $sql_escape); while ($row = $db->sql_fetchrow($result)) { @@ -781,6 +762,72 @@ class auth trigger_error('Authentication method not found', E_USER_ERROR); } + + /** + * Fill auth_option statement for later querying based on the supplied options + */ + function build_auth_option_statement($key, $auth_options, &$sql_opts, &$sql_escape) + { + global $db; + + if (!is_array($auth_options)) + { + if (strpos($auth_options, '%') !== false) + { + if (strpos($auth_options, '_') !== false) + { + $sql_opts = "AND $key LIKE '" . $db->sql_escape(str_replace('_', "\_", $auth_options)) . "'"; + $sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : ''; + } + else + { + $sql_opts = "AND $key LIKE '" . $db->sql_escape($auth_options) . "'"; + } + } + else + { + $sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'"; + } + } + else + { + $is_like_expression = $is_underline = false; + + foreach ($auth_options as $option) + { + if (strpos($option, '%') !== false) + { + $is_like_expression = true; + } + + if (strpos($option, '_') !== false) + { + $is_underline = true; + } + } + + if (!$is_like_expression) + { + $sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options); + } + else + { + $sql = array(); + + foreach ($auth_options as $option) + { + $sql[] = $key . " LIKE '" . $db->sql_escape(str_replace('_', "\_", $option)) . "'"; + } + + $sql_opts = 'AND (' . implode(' OR ', $sql) . ')'; + + if ($is_underline) + { + $sql_escape = (SQL_LAYER == 'mssql' || SQL_LAYER == 'mssql_odbc') ? " ESCAPE '\\'" : ''; + } + } + } + } } ?>
\ No newline at end of file |