diff options
| author | Andreas Fischer <bantu@phpbb.com> | 2009-12-31 16:31:57 +0000 |
|---|---|---|
| committer | Andreas Fischer <bantu@phpbb.com> | 2009-12-31 16:31:57 +0000 |
| commit | a096b3d981a67bf1316eca328e9819ed157f1e15 (patch) | |
| tree | a3c4abcb920a8b26eb9673bb5526d6a3b68a4cff /phpBB/memberlist.php | |
| parent | 267692ad5c9aa8e337b4450f95051571b5a761ad (diff) | |
| download | forums-a096b3d981a67bf1316eca328e9819ed157f1e15.tar forums-a096b3d981a67bf1316eca328e9819ed157f1e15.tar.gz forums-a096b3d981a67bf1316eca328e9819ed157f1e15.tar.bz2 forums-a096b3d981a67bf1316eca328e9819ed157f1e15.tar.xz forums-a096b3d981a67bf1316eca328e9819ed157f1e15.zip | |
Fix Bug #31845 - List hidden groups on viewprofile where the viewing user is also a member.
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@10392 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/memberlist.php')
| -rw-r--r-- | phpBB/memberlist.php | 41 |
1 files changed, 35 insertions, 6 deletions
diff --git a/phpBB/memberlist.php b/phpBB/memberlist.php index 7cffbfd854..06e0d7a4ed 100644 --- a/phpBB/memberlist.php +++ b/phpBB/memberlist.php @@ -430,22 +430,51 @@ switch ($mode) $user_id = (int) $member['user_id']; + // Get group memberships + // Also get visiting user's groups to determine hidden group memberships if necessary. + $auth_hidden_groups = ($user_id === (int) $user->data['user_id'] || $auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? true : false; + $sql_uid_ary = ($auth_hidden_groups) ? array($user_id) : array($user_id, (int) $user->data['user_id']); + // Do the SQL thang - $sql = 'SELECT g.group_id, g.group_name, g.group_type - FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . " ug - WHERE ug.user_id = $user_id - AND g.group_id = ug.group_id" . ((!$auth->acl_gets('a_group', 'a_groupadd', 'a_groupdel')) ? ' AND g.group_type <> ' . GROUP_HIDDEN : '') . ' + $sql = 'SELECT g.group_id, g.group_name, g.group_type, ug.user_id + FROM ' . GROUPS_TABLE . ' g, ' . USER_GROUP_TABLE . ' ug + WHERE ' . $db->sql_in_set('ug.user_id', $sql_uid_ary) . ' + AND g.group_id = ug.group_id AND ug.user_pending = 0 ORDER BY g.group_type, g.group_name'; $result = $db->sql_query($sql); - $group_options = ''; + $profile_groups = $user_groups = array(); while ($row = $db->sql_fetchrow($result)) { - $group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + $row['user_id'] = (int) $row['user_id']; + $row['group_id'] = (int) $row['group_id']; + + if ($row['user_id'] == $user_id) + { + $profile_groups[] = $row; + } + else + { + $user_groups[$row['group_id']] = $row['group_id']; + } } $db->sql_freeresult($result); + $group_options = ''; + foreach ($profile_groups as $row) + { + // Skip over hidden groups the user cannot see + if (!$auth_hidden_groups && $row['group_type'] == GROUP_HIDDEN && !isset($user_groups[$row['group_id']])) + { + continue; + } + + $group_options .= '<option value="' . $row['group_id'] . '"' . (($row['group_id'] == $member['group_id']) ? ' selected="selected"' : '') . '>' . (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>'; + } + unset($profile_groups); + unset($user_groups); + // What colour is the zebra $sql = 'SELECT friend, foe FROM ' . ZEBRA_TABLE . " |