diff options
-rw-r--r-- | phpBB/includes/functions.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/phpBB/includes/functions.php b/phpBB/includes/functions.php index 8ca64d5a0e..9078e5063a 100644 --- a/phpBB/includes/functions.php +++ b/phpBB/includes/functions.php @@ -12,6 +12,46 @@ // ------------------------------------------------------------- +function request_var($var_name, $default) +{ + if (!isset($_REQUEST[$var_name])) + { + return $default; + } + else + { + $var = $_REQUEST[$var_name]; + $type = gettype($default); + + if (is_array($var)) + { + foreach ($var as $k => $v) + { + settype($v, $type); + $var[$k] = $v; + + if ($type == 'string') + { + $var[$k] = htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var[$k])))); + } + } + } + else + { + settype($var, $type); + + // Prevent use of , excess spaces or other html entity forms in profile strings, + // not generally applicable elsewhere + if ($type == 'string') + { + $var = htmlspecialchars(trim(stripslashes(preg_replace(array("#[ \xFF]{2,}#s", "#[\r\n]{2,}#s"), array(' ', "\n"), $var)))); + } + } + + return $var; + } +} + function set_config($config_name, $config_value, $is_dynamic = FALSE) { global $db, $cache, $config; @@ -156,6 +196,61 @@ function get_moderators(&$forum_moderators, $forum_id = false) return; } +function discover_auth($user_id_ary, $opts = false, $forum_id = false) +{ + global $db; + + if (!is_array($user_id_ary)) + { + $user_id_ary = array($user_id_ary); + } + + $sql_forum = ($forum_id) ? ((!is_array($forum_id)) ? "AND a.forum_id = $forum_id" : implode(', ', $forum_id)) : ''; + $sql_opts = ($opts) ? ((!is_array($opts)) ? "AND ao.auth_option = '$opts'" : 'AND ao.auth_option IN (' . implode(', ', preg_replace('#^[\s]*?(.*?)[\s]*?$#e', "\"'\" . $db->sql_escape('\\1') . \"'\"", $opts)) . ')') : ''; + + $hold_ary = array(); + // First grab user settings ... each user has only one setting for each + // option ... so we shouldn't need any ACL_NO checks ... he says ... + $sql = 'SELECT ao.auth_option, a.user_id, a.forum_id, a.auth_setting + FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_USERS_TABLE . ' a + WHERE a.user_id IN (' . implode(', ', $user_id_ary) . ") + AND ao.auth_option_id = a.auth_option_id + $sql_forum + $sql_opts + ORDER BY a.forum_id, ao.auth_option"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['auth_setting']; + } + $db->sql_freeresult($result); + + // Now grab group settings ... users can belong to multiple groups so we grab + // the minimum setting for all options. ACL_NO overrides ACL_YES so act appropriatley + $sql = 'SELECT ug.user_id, ao.auth_option, a.forum_id, MIN(a.auth_setting) as min_setting + FROM ' . USER_GROUP_TABLE . ' ug, ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_GROUPS_TABLE . ' a + WHERE ug.user_id IN (' . implode(', ', $user_id_ary) . ") + AND a.group_id = ug.group_id + AND ao.auth_option_id = a.auth_option_id + $sql_forum + $sql_opts + GROUP BY ao.auth_option, a.forum_id + ORDER BY a.forum_id, ao.auth_option"; + $result = $db->sql_query($sql); + + while ($row = $db->sql_fetchrow($result)) + { + if (!isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) || (isset($hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']]) && $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] !== ACL_NO)) + { + $hold_ary[$row['user_id']][$row['forum_id']][$row['auth_option']] = $row['min_setting']; + } + } + $db->sql_freeresult($result); + + return $hold_ary; +} + // User authorisation levels output function gen_forum_rules($mode, &$forum_id) { |