diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-12-28 13:27:58 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-12-28 13:27:58 +0000 |
| commit | 889fa871402814874d5d4f01b2f1c829d8206eb9 (patch) | |
| tree | ce3d6b9c23a6df118c1458cc7adeafa10ffde5a8 /phpBB/includes/classes/acl.php | |
| parent | fbaf2baa8d683a2afdd3cf98ea1e7c035369f1a3 (diff) | |
| download | forums-889fa871402814874d5d4f01b2f1c829d8206eb9.tar forums-889fa871402814874d5d4f01b2f1c829d8206eb9.tar.gz forums-889fa871402814874d5d4f01b2f1c829d8206eb9.tar.bz2 forums-889fa871402814874d5d4f01b2f1c829d8206eb9.tar.xz forums-889fa871402814874d5d4f01b2f1c829d8206eb9.zip | |
implement new phpbb::$acm object, replacing $cache global
git-svn-id: file:///svn/phpbb/trunk@9240 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/classes/acl.php')
| -rw-r--r-- | phpBB/includes/classes/acl.php | 309 |
1 files changed, 107 insertions, 202 deletions
diff --git a/phpBB/includes/classes/acl.php b/phpBB/includes/classes/acl.php index 226bb8be23..97a7b02d41 100644 --- a/phpBB/includes/classes/acl.php +++ b/phpBB/includes/classes/acl.php @@ -17,36 +17,38 @@ if (!defined('IN_PHPBB')) } /** -* Permission/Auth class +* Permission/ACL class * @package phpBB3 */ -class auth +class phpbb_acl { + public $phpbb_required = array('acm', 'db'); + public $phpbb_optional = array(); + + public $acl_raw; + private $acl = array(); private $cache = array(); public $acl_options = array(); - private $acl_forum_ids = false; + private $acl_element_ids = false; + private $recache = false; - /** - * Init permissions - */ - function acl(array &$userdata) + public function __construct() { - global $db, $cache; - $this->acl = $this->cache = $this->acl_options = array(); - $this->acl_forum_ids = false; + $this->acl_element_ids = false; - if (($this->acl_options = $cache->get('_acl_options')) === false) + if (($this->acl_options = phpbb::$acm->get('acl_options')) === false) { $sql = 'SELECT auth_option_id, auth_option, is_global, is_local FROM ' . ACL_OPTIONS_TABLE . ' ORDER BY auth_option_id'; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); $global = $local = 0; $this->acl_options = array(); - while ($row = $db->sql_fetchrow($result)) + + while ($row = phpbb::$db->sql_fetchrow($result)) { if ($row['is_global']) { @@ -61,12 +63,22 @@ class auth $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id']; $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); - $cache->put('_acl_options', $this->acl_options); - $this->acl_cache($userdata); + phpbb::$acm->put('acl_options', $this->acl_options); + $this->recache = true; } - else if (!trim($userdata['user_permissions'])) + + // Add raw data acl class + $this->acl_raw = new phpbb_acl_raw_data(); + } + + /** + * Init permissions + */ + public function init(array &$userdata) + { + if (!trim($userdata['user_permissions']) || $this->recache) { $this->acl_cache($userdata); } @@ -150,7 +162,6 @@ class auth $opt = substr($opt, 1); } - // @todo: use the ref technique to reduce opcode generation if (!isset($this->cache[$f][$opt])) { // We combine the global/local option with an OR because some options are global and local. @@ -203,23 +214,21 @@ class auth { if ($this->acl_forum_ids === false) { - global $db; - $sql = 'SELECT forum_id FROM ' . FORUMS_TABLE; if (sizeof($this->acl)) { - $sql .= ' WHERE ' . $db->sql_in_set('forum_id', array_keys($this->acl), true); + $sql .= ' WHERE ' . phpbb::$db->sql_in_set('forum_id', array_keys($this->acl), true); } - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); $this->acl_forum_ids = array(); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $this->acl_forum_ids[] = $row['forum_id']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); } } @@ -342,11 +351,11 @@ class auth { if ($user_id !== false && !is_array($user_id) && $opts === false && $forum_id === false) { - $hold_ary = array($user_id => $this->acl_raw_data_single_user($user_id)); + $hold_ary = array($user_id => $this->acl_raw->single_user($user_id)); } else { - $hold_ary = $this->acl_raw_data($user_id, $opts, $forum_id); + $hold_ary = $this->acl_raw->data($user_id, $opts, $forum_id); } $auth_ary = array(); @@ -372,17 +381,15 @@ class auth */ public function acl_cache(array &$userdata) { - global $db; - // Empty user_permissions $userdata['user_permissions'] = ''; - $hold_ary = $this->acl_raw_data_single_user($userdata['user_id']); + $hold_ary = $this->acl_raw->single_user($userdata['user_id']); // Key 0 in $hold_ary are global options, all others are forum_ids // If this user is founder we're going to force fill the admin options ... - if ($userdata['user_type'] == phpbb::USER_FOUNDER) + if ($userdata['user_type'] == USER_FOUNDER) { foreach ($this->acl_options['global'] as $opt => $id) { @@ -400,10 +407,10 @@ class auth $userdata['user_permissions'] = $hold_str; $sql = 'UPDATE ' . USERS_TABLE . " - SET user_permissions = '" . $db->sql_escape($userdata['user_permissions']) . "', + SET user_permissions = '" . phpbb::$db->sql_escape($userdata['user_permissions']) . "', user_perm_from = 0 WHERE user_id = " . $userdata['user_id']; - $db->sql_query($sql); + phpbb::$db->sql_query($sql); } return; @@ -475,29 +482,27 @@ class auth */ public function acl_clear_prefetch($user_id = false) { - global $db, $cache; - // Rebuild options cache - $cache->destroy('_role_cache'); + phpbb::$acm->destroy('role_cache'); $sql = 'SELECT * FROM ' . ACL_ROLES_DATA_TABLE . ' ORDER BY role_id ASC'; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); $this->role_cache = array(); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); foreach ($this->role_cache as $role_id => $role_options) { $this->role_cache[$role_id] = serialize($role_options); } - $cache->put('_role_cache', $this->role_cache); + phpbb::$acm->put('role_cache', $this->role_cache); // Now empty user permissions $where_sql = ''; @@ -505,62 +510,72 @@ class auth if ($user_id !== false) { $user_id = (!is_array($user_id)) ? $user_id = array((int) $user_id) : array_map('intval', $user_id); - $where_sql = ' WHERE ' . $db->sql_in_set('user_id', $user_id); + $where_sql = ' WHERE ' . phpbb::$db->sql_in_set('user_id', $user_id); } $sql = 'UPDATE ' . USERS_TABLE . " SET user_permissions = '', user_perm_from = 0 $where_sql"; - $db->sql_query($sql); + phpbb::$db->sql_query($sql); return; } +/** +} + + * Role-specific methods/definitionis used by phpbb_acl +class phpbb_acl_role +{ + */ + /** * Get assigned roles * @todo: protected or public? */ public function acl_role_data($user_type, $role_type, $ug_id = false, $forum_id = false) { - global $db; - $roles = array(); $sql_id = ($user_type == 'user') ? 'user_id' : 'group_id'; - $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . $db->sql_in_set("a.$sql_id", $ug_id)) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . $db->sql_in_set('a.forum_id', $forum_id)) : ''; + $sql_ug = ($ug_id !== false) ? ((!is_array($ug_id)) ? "AND a.$sql_id = $ug_id" : 'AND ' . phpbb::$db->sql_in_set("a.$sql_id", $ug_id)) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', $forum_id)) : ''; // Grab assigned roles... $sql = 'SELECT a.auth_role_id, a.' . $sql_id . ', a.forum_id FROM ' . (($user_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE) . ' a, ' . ACL_ROLES_TABLE . " r WHERE a.auth_role_id = r.role_id - AND r.role_type = '" . $db->sql_escape($role_type) . "' + AND r.role_type = '" . phpbb::$db->sql_escape($role_type) . "' $sql_ug $sql_forum ORDER BY r.role_order ASC"; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $roles[$row[$sql_id]][$row['forum_id']] = $row['auth_role_id']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); return $roles; } +} +/** +* data-specific methods/definitionis used by phpbb_acl +*/ +class phpbb_acl_raw_data +{ /** * Get raw acl data based on user/option/forum * @todo: protected or public? */ - public function acl_raw_data($user_id = false, $opts = false, $forum_id = false) + public function data($user_id = false, $opts = false, $forum_id = false) { - global $db; - - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : phpbb::$db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = $sql_opts_select = $sql_opts_from = ''; $hold_ary = array(); @@ -594,14 +609,14 @@ class auth foreach ($sql_ary as $sql) { - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); } $sql_ary = array(); @@ -630,9 +645,9 @@ class auth foreach ($sql_ary as $sql) { - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $option = ($sql_opts_select) ? $row['auth_option'] : $this->acl_options['option'][$row['auth_option_id']]; @@ -641,7 +656,7 @@ class auth { $hold_ary[$row['user_id']][$row['forum_id']][$option] = $row['auth_setting']; - // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) + // If we detect phpbb::ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) if ($row['auth_setting'] == phpbb::ACL_NEVER) { $flag = substr($option, 0, strpos($option, '_') + 1); @@ -659,7 +674,7 @@ class auth } } } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); } return $hold_ary; @@ -668,12 +683,10 @@ class auth /** * Get raw user based permission settings */ - public function acl_user_raw_data($user_id = false, $opts = false, $forum_id = false) + public function user($user_id = false, $opts = false, $forum_id = false) { - global $db; - - $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : $db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + $sql_user = ($user_id !== false) ? ((!is_array($user_id)) ? 'user_id = ' . (int) $user_id : phpbb::$db->sql_in_set('user_id', array_map('intval', $user_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); @@ -705,13 +718,13 @@ class auth foreach ($sql_ary as $sql) { - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); } return $hold_ary; @@ -720,12 +733,10 @@ class auth /** * Get raw group based permission settings */ - public function acl_group_raw_data($group_id = false, $opts = false, $forum_id = false) + public function group($group_id = false, $opts = false, $forum_id = false) { - global $db; - - $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : $db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; - $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . $db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; + $sql_group = ($group_id !== false) ? ((!is_array($group_id)) ? 'group_id = ' . (int) $group_id : phpbb::$db->sql_in_set('group_id', array_map('intval', $group_id))) : ''; + $sql_forum = ($forum_id !== false) ? ((!is_array($forum_id)) ? 'AND a.forum_id = ' . (int) $forum_id : 'AND ' . phpbb::$db->sql_in_set('a.forum_id', array_map('intval', $forum_id))) : ''; $sql_opts = ''; $hold_ary = $sql_ary = array(); @@ -757,13 +768,13 @@ class auth foreach ($sql_ary as $sql) { - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $hold_ary[$row['group_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); } return $hold_ary; @@ -771,14 +782,12 @@ class auth /** * Get raw acl data based on user for caching user_permissions - * This function returns the same data as acl_raw_data(), but without the user id as the first key within the array. + * This function returns the same data as data(), but without the user id as the first key within the array. */ - public function acl_raw_data_single_user($user_id) + public function single_user($user_id) { - global $db, $cache; - // Check if the role-cache is there - if (($this->role_cache = $cache->get('_role_cache')) === false) + if (($this->role_cache = phpbb::$acm->get('role_cache')) === false) { $this->role_cache = array(); @@ -786,20 +795,20 @@ class auth $sql = 'SELECT * FROM ' . ACL_ROLES_DATA_TABLE . ' ORDER BY role_id ASC'; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { $this->role_cache[$row['role_id']][$row['auth_option_id']] = (int) $row['auth_setting']; } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); foreach ($this->role_cache as $role_id => $role_options) { $this->role_cache[$role_id] = serialize($role_options); } - $cache->put('_role_cache', $this->role_cache); + phpbb::$acm->put('role_cache', $this->role_cache); } $hold_ary = array(); @@ -808,9 +817,9 @@ class auth $sql = 'SELECT forum_id, auth_option_id, auth_role_id, auth_setting FROM ' . ACL_USERS_TABLE . ' WHERE user_id = ' . $user_id; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { // If a role is assigned, assign all options included within this role. Else, only set this one option. if ($row['auth_role_id']) @@ -822,7 +831,7 @@ class auth $hold_ary[$row['forum_id']][$row['auth_option_id']] = $row['auth_setting']; } } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); // Now grab group-specific permission settings $sql = 'SELECT a.forum_id, a.auth_option_id, a.auth_role_id, a.auth_setting @@ -830,9 +839,9 @@ class auth WHERE a.group_id = ug.group_id AND ug.user_pending = 0 AND ug.user_id = ' . $user_id; - $result = $db->sql_query($sql); + $result = phpbb::$db->sql_query($sql); - while ($row = $db->sql_fetchrow($result)) + while ($row = phpbb::$db->sql_fetchrow($result)) { if (!$row['auth_role_id']) { @@ -846,7 +855,7 @@ class auth } } } - $db->sql_freeresult($result); + phpbb::$db->sql_freeresult($result); return $hold_ary; } @@ -860,7 +869,7 @@ class auth { $hold_ary[$option_id] = $setting; - // If we detect ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) + // If we detect phpbb::ACL_NEVER, we will unset the flag option (within building the bitstring it is correctly set again) if ($setting == phpbb::ACL_NEVER) { $flag = substr($this->acl_options['option'][$option_id], 0, strpos($this->acl_options['option'][$option_id], '_') + 1); @@ -881,123 +890,19 @@ class auth } /** - * Authentication plug-ins is largely down to Sergey Kanareykin, our thanks to him. - */ - public function login($username, $password, $autologin = false, $viewonline = 1, $admin = 0) - { - global $config, $db, $user; - - $method = trim(basename($config['auth_method'])); - include_once(PHPBB_ROOT_PATH . 'includes/auth/auth_' . $method . '.' . PHP_EXT); - - $method = 'login_' . $method; - if (function_exists($method)) - { - $login = $method($username, $password); - - // If the auth module wants us to create an empty profile do so and then treat the status as LOGIN_SUCCESS - if ($login['status'] == LOGIN_SUCCESS_CREATE_PROFILE) - { - // we are going to use the user_add function so include functions_user.php if it wasn't defined yet - if (!function_exists('user_add')) - { - include(PHPBB_ROOT_PATH . 'includes/functions_user.' . PHP_EXT); - } - - user_add($login['user_row'], (isset($login['cp_data'])) ? $login['cp_data'] : false); - - $sql = 'SELECT user_id, username, user_password, user_passchg, user_email, user_type - FROM ' . USERS_TABLE . " - WHERE username_clean = '" . $db->sql_escape(utf8_clean_string($username)) . "'"; - $result = $db->sql_query($sql); - $row = $db->sql_fetchrow($result); - $db->sql_freeresult($result); - - if (!$row) - { - return array( - 'status' => LOGIN_ERROR_EXTERNAL_AUTH, - 'error_msg' => 'AUTH_NO_PROFILE_CREATED', - 'user_row' => array('user_id' => ANONYMOUS), - ); - } - - $login = array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $row, - ); - } - - // If login succeeded, we will log the user in... else we pass the login array through... - if ($login['status'] == LOGIN_SUCCESS) - { - $old_session_id = $user->session_id; - - if ($admin) - { - global $SID, $_SID; - - $cookie_expire = time() - 31536000; - $user->set_cookie('u', '', $cookie_expire); - $user->set_cookie('sid', '', $cookie_expire); - unset($cookie_expire); - - $SID = '?sid='; - $user->session_id = $_SID = ''; - } - - $result = $user->session_create($login['user_row']['user_id'], $admin, $autologin, $viewonline); - - // Successful session creation - if ($result === true) - { - // If admin re-authentication we remove the old session entry because a new one has been created... - if ($admin) - { - // the login array is used because the user ids do not differ for re-authentication - $sql = 'DELETE FROM ' . SESSIONS_TABLE . " - WHERE session_id = '" . $db->sql_escape($old_session_id) . "' - AND session_user_id = {$login['user_row']['user_id']}"; - $db->sql_query($sql); - } - - return array( - 'status' => LOGIN_SUCCESS, - 'error_msg' => false, - 'user_row' => $login['user_row'], - ); - } - - return array( - 'status' => LOGIN_BREAK, - 'error_msg' => $result, - 'user_row' => $login['user_row'], - ); - } - - return $login; - } - - trigger_error('Authentication method not found', E_USER_ERROR); - } - - /** * Fill auth_option statement for later querying based on the supplied options */ private function build_auth_option_statement($key, $auth_options, &$sql_opts) { - global $db; - if (!is_array($auth_options)) { if (strpos($auth_options, '%') !== false) { - $sql_opts = "AND $key " . $db->sql_like_expression(str_replace('%', $db->any_char, $auth_options)); + $sql_opts = "AND $key " . phpbb::$db->sql_like_expression(str_replace('%', phpbb::$db->any_char, $auth_options)); } else { - $sql_opts = "AND $key = '" . $db->sql_escape($auth_options) . "'"; + $sql_opts = "AND $key = '" . phpbb::$db->sql_escape($auth_options) . "'"; } } else @@ -1014,7 +919,7 @@ class auth if (!$is_like_expression) { - $sql_opts = 'AND ' . $db->sql_in_set($key, $auth_options); + $sql_opts = 'AND ' . phpbb::$db->sql_in_set($key, $auth_options); } else { @@ -1024,11 +929,11 @@ class auth { if (strpos($option, '%') !== false) { - $sql[] = $key . ' ' . $db->sql_like_expression(str_replace('%', $db->any_char, $option)); + $sql[] = $key . ' ' . phpbb::$db->sql_like_expression(str_replace('%', phpbb::$db->any_char, $option)); } else { - $sql[] = $key . " = '" . $db->sql_escape($option) . "'"; + $sql[] = $key . " = '" . phpbb::$db->sql_escape($option) . "'"; } } |