diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-05-30 23:16:52 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2001-05-30 23:16:52 +0000 |
| commit | 18476eeae93b854f355e2650abc4bfdb371ec806 (patch) | |
| tree | 9f74b4a5bcefeeeeb85ff0fb192a20306c0dcabc /phpBB | |
| parent | 02cfff60460a4ed286a8a34a9e849bae7178d3e1 (diff) | |
| download | forums-18476eeae93b854f355e2650abc4bfdb371ec806.tar forums-18476eeae93b854f355e2650abc4bfdb371ec806.tar.gz forums-18476eeae93b854f355e2650abc4bfdb371ec806.tar.bz2 forums-18476eeae93b854f355e2650abc4bfdb371ec806.tar.xz forums-18476eeae93b854f355e2650abc4bfdb371ec806.zip | |
Small error correction that could be show stopping
git-svn-id: file:///svn/phpbb/trunk@380 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/includes/auth.php | 72 |
1 files changed, 51 insertions, 21 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php index 7034c809aa..68df6f53eb 100644 --- a/phpBB/includes/auth.php +++ b/phpBB/includes/auth.php @@ -31,17 +31,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1) { global $db; - // - // If not logged on all we - // need do is find out - // if $forum_id has ANY - // auth for $type - // - // If logged on we want to - // find out if $forum_id has - // ALL, REG, ACL, MOD or ADMIN - // for $type - // switch($type) { case VIEW: @@ -72,9 +61,15 @@ function auth($type, $forum_id, $userdata, $f_access = -1) break; } + // + // If f_access has been passed, or auth + // is needed to return an array of forums + // then we need to pull the auth information + // on the given forum (or all forums) + // if($f_access == -1 || $forum_id == LIST_ALL) { - $forum_match_sql = ($forum_id != LIST_ALL) ? "" : "WHERE forum_id = $forum_id"; + $forum_match_sql = ($forum_id != LIST_ALL) ? "WHERE forum_id = $forum_id" : ""; $sql = "SELECT $a_sql AS forum_auth FROM ".AUTH_FORUMS_TABLE." $forum_match_sql"; @@ -91,6 +86,13 @@ function auth($type, $forum_id, $userdata, $f_access = -1) } } + // + // If the user isn't logged on then + // all we need do is check if the forum + // has the type set to ALL, if yes then + // they're good to go, if not then they + // are denied access + // if(!$userdata['session_logged_in']) { if($forum_id != LIST_ALL) @@ -109,12 +111,25 @@ function auth($type, $forum_id, $userdata, $f_access = -1) } else { + // + // If the user is logged on and the forum + // type is either ALL or REG then the user + // has access + // if($f_access == ALL || $f_access == REG) { $auth_user = true; } else { + // + // If the type if ACL, MOD or ADMIN + // then we need to see if the user has + // specific permissions to do whatever it + // is they want to do ... to do this + // we pull relevant information for the user + // (and any groups they belong to) + // $forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : ""; $sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g @@ -127,10 +142,9 @@ function auth($type, $forum_id, $userdata, $f_access = -1) if(!$db->sql_numrows($au_result)) { // - // No entry was found - // for this forum and user - // thus they don't have - // access + // No entry was found for this user + // thus they don't have access, + // You are the Weakest Link, Goodbye! // $auth_user = false; } @@ -141,11 +155,25 @@ function auth($type, $forum_id, $userdata, $f_access = -1) $single_user = false; -// echo "<br><BR>".$f_access."<BR>".ADMIN."<BR>"; + // + // Now we compare the users access level + // against the forums We assume here that + // a moderator and admin automatically have + // access to an ACL forum, similarly we assume + // admins meet an auth requirement of MOD + // + // The access level assigned to a single user + // automatically takes precedence over any + // levels granted by that user being a member + // of a multi-user usergroup, eg. a user + // who is banned from a forum won't gain + // access to it even if they belong to a group + // which has access (and vice versa). This + // check is done via the single_user check + // switch($f_access) { case ACL: -// echo "HERE1"; for($i = 0; $i < count($u_access); $i++) { if(!$single_user) @@ -157,7 +185,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1) break; case MOD: -// echo "HERE2"; for($i = 0; $i < count($u_access); $i++) { if(!$single_user) @@ -169,7 +196,6 @@ function auth($type, $forum_id, $userdata, $f_access = -1) break; case ADMIN: -// echo "HERE3"; for($i = 0; $i < count($u_access); $i++) { if(!$single_user) @@ -181,13 +207,17 @@ function auth($type, $forum_id, $userdata, $f_access = -1) break; default: -// echo "HERE4"; $auth_user = false; break; } } } + // + // This currently only returns true or false + // however it will also return an array if a listing + // of all forums to which a user has access was requested. + // return ( ($forum_id != LIST_ALL) ? $auth_user : $auth_user_list ); } |