aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/admin/admin_permissions.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/admin/admin_permissions.php')
-rw-r--r--phpBB/admin/admin_permissions.php154
1 files changed, 71 insertions, 83 deletions
diff --git a/phpBB/admin/admin_permissions.php b/phpBB/admin/admin_permissions.php
index 7eec84da2e..048e8bf52b 100644
--- a/phpBB/admin/admin_permissions.php
+++ b/phpBB/admin/admin_permissions.php
@@ -19,18 +19,13 @@
*
***************************************************************************/
-if ( !empty($setmodules) )
+if (!empty($setmodules))
{
- if ( !$auth->acl_get('a_auth') )
- {
- return;
- }
-
$filename = basename(__FILE__);
- $module['Forums']['Permissions'] = $filename . $SID . '&mode=forums';
- $module['Forums']['Moderators'] = $filename . $SID . '&mode=moderators';
- $module['Forums']['Super_Moderators'] = $filename . $SID . '&mode=supermoderators';
- $module['General']['Administrators'] = $filename . $SID . '&mode=administrators';
+ $module['Forums']['PERMISSIONS'] = ($auth->acl_get('a_auth')) ? $filename . $SID . '&mode=forums' : '';
+ $module['Forums']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=moderators' : '';
+ $module['Forums']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=supermoderators' : '';
+ $module['General']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? $filename . $SID . '&mode=administrators' : '';
return;
}
@@ -43,16 +38,10 @@ require($phpbb_root_path . 'extension.inc');
require('pagestart.' . $phpEx);
require($phpbb_root_path . 'includes/functions_admin.'.$phpEx);
-// Do we have forum admin permissions?
-if ( !$auth->acl_get('a_auth') )
-{
- trigger_error($user->lang['No_admin']);
-}
-
// Define some vars
-if ( isset($_GET['f']) || isset($_POST['f']) )
+if (isset($_REQUEST['f']))
{
- $forum_id = ( isset($_POST['f']) ) ? intval($_POST['f']) : intval($_GET['f']);
+ $forum_id = intval($_REQUEST['f']);
$forum_sql = " WHERE forum_id = $forum_id";
}
else
@@ -61,88 +50,87 @@ else
$forum_sql = '';
}
-if ( isset($_GET['mode']) || isset($_POST['mode']) )
-{
- $mode = ( isset($_POST['mode']) ) ? $_POST['mode'] : $_GET['mode'];
-}
-else
-{
- $mode = '';
-}
+$mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : '';
// Start program proper
-switch ( $mode )
+switch ($mode)
{
case 'forums':
- $l_title = $user->lang['Permissions'];
- $l_title_explain = $user->lang['Permissions_explain'];
- $l_can = '_can';
+ $l_title = $user->lang['PERMISSIONS'];
+ $l_title_explain = $user->lang['PERMISSIONS_EXPLAIN'];
+ $which_acl = 'a_auth';
break;
case 'moderators':
- $l_title = $user->lang['Moderators'];
- $l_title_explain = $user->lang['Moderators_explain'];
- $l_can = '_can';
+ $l_title = $user->lang['MODERATORS'];
+ $l_title_explain = $user->lang['MODERATORS_EXPLAIN'];
+ $which_acl = 'a_authmods';
break;
case 'supermoderators':
- $l_title = $user->lang['Super_Moderators'];
- $l_title_explain = $user->lang['Super_Moderators_explain'];
- $l_can = '_can';
+ $l_title = $user->lang['SUPER_MODERATORS'];
+ $l_title_explain = $user->lang['SUPER_MODERATORS_EXPLAIN'];
+ $which_acl = 'a_authmods';
break;
case 'administrators':
- $l_title = $user->lang['Administrators'];
- $l_title_explain = $user->lang['Administrators_explain'];
- $l_can = '_can_admin';
+ $l_title = $user->lang['ADMINISTRATORS'];
+ $l_title_explain = $user->lang['ADMINISTRATORS_EXPLAIN'];
+ $which_acl = 'a_authadmins';
break;
}
+// Permission check
+if (!$auth->acl_get($which_acl))
+{
+ trigger_error($user->lang['NO_ADMIN']);
+}
+
// Call update or delete, both can take multiple user/group
// ids. Additionally inheritance is handled (by the auth API)
-if ( isset($_POST['update']) )
+if (isset($_POST['update']))
{
$auth_admin = new auth_admin();
// Admin wants subforums to inherit permissions ... so handle this
- if ( !empty($_POST['inherit']) )
+ if (!empty($_POST['inherit']))
{
array_push($_POST['inherit'], $forum_id);
$forum_id = $_POST['inherit'];
}
- foreach ( $_POST['entries'] as $id )
+ foreach ($_POST['entries'] as $id)
{
$auth_admin->acl_set($_POST['type'], $forum_id, $id, $_POST['option']);
}
trigger_error('Permissions updated successfully');
}
-else if ( isset($_POST['delete']) )
+else if (isset($_POST['delete']))
{
$auth_admin = new auth_admin();
$option_ids = false;
- if ( !empty($_POST['option']) )
+ if (!empty($_POST['option']))
{
$sql = "SELECT auth_option_id
FROM " . ACL_OPTIONS_TABLE . "
WHERE auth_value LIKE '" . $_POST['option'] . "_%'";
$result = $db->sql_query($sql);
- if ( $row = $db->sql_fetchrow($result) )
+ if ($row = $db->sql_fetchrow($result))
{
$option_ids = array();
do
{
$option_ids[] = $row['auth_option_id'];
}
- while( $row = $db->sql_fetchrow($result) );
+ while($row = $db->sql_fetchrow($result));
}
$db->sql_freeresult($result);
}
- foreach ( $_POST['entries'] as $id )
+ foreach ($_POST['entries'] as $id)
{
$auth_admin->acl_delete($_POST['type'], $forum_id, $id, $option_ids);
}
@@ -152,12 +140,12 @@ else if ( isset($_POST['delete']) )
// Get required information, either all forums if no id was
// specified or just the requsted if it was
-if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators' )
+if (!empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators')
{
// Clear some vars, grab some info if relevant ...
$s_hidden_fields = '';
- if ( !empty($forum_id) )
+ if (!empty($forum_id))
{
$sql = "SELECT forum_name
FROM " . FORUMS_TABLE . "
@@ -179,7 +167,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<?php
- switch ( $mode )
+ switch ($mode)
{
case 'forums':
$type_sql = 'f';
@@ -204,17 +192,17 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
$sql = "SELECT group_id, group_name
FROM " . GROUPS_TABLE . "
- ORDER BY group_name";
+ ORDER BY group_type DESC, group_name";
$result = $db->sql_query($sql);
$group_list = '';
- while ( $row = $db->sql_fetchrow($result) )
+ while ($row = $db->sql_fetchrow($result))
{
- $group_list .= '<option value="' . $row['group_id'] . '">' . ( ( !empty($user->lang[$row['group_name']]) ) ? $user->lang[$row['group_name']] : $row['group_name'] ) . '</option>';
+ $group_list .= '<option value="' . $row['group_id'] . '">' . ((!empty($user->lang['G_' . $row['group_name']])) ? '* ' . $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
}
$db->sql_freeresult($result);
- if ( empty($_POST['advanced']) || empty($_POST['entries']) )
+ if (empty($_POST['advanced']) || empty($_POST['entries']))
{
?>
@@ -241,7 +229,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
$result = $db->sql_query($sql);
$users = '';
- while ( $row = $db->sql_fetchrow($result) )
+ while ($row = $db->sql_fetchrow($result))
{
$users .= '<option value="' . $row['user_id'] . '">' . $row['username'] . '</option>';
}
@@ -268,13 +256,13 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
$forum_sql
AND a.auth_option_id = o.auth_option_id
AND g.group_id = a.group_id
- ORDER BY g.group_name ASC";
+ ORDER BY g.group_type DESC, g.group_name ASC";
$result = $db->sql_query($sql);
$groups = '';
- while ( $row = $db->sql_fetchrow($result) )
+ while ($row = $db->sql_fetchrow($result))
{
- $groups .= '<option value="' . $row['group_id'] . '">' . ( ( !empty($user->lang[$row['group_name']]) ) ? $user->lang[$row['group_name']] : $row['group_name'] ) . '</option>';
+ $groups .= '<option value="' . $row['group_id'] . '">' . ((!empty($user->lang['G_' . $row['group_name']])) ? '* ' . $user->lang['G_' . $row['group_name']] : $row['group_name']) . '</option>';
}
$db->sql_freeresult($result);
@@ -301,7 +289,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<td class="row1" align="center"><textarea cols="40" rows="4" name="entries"></textarea></td>
</tr>
<tr>
- <td class="cat" align="center"> <input type="submit" name="add" value="<?php echo $user->lang['Submit']; ?>" class="mainoption" />&nbsp; <input type="reset" value="<?php echo $user->lang['Reset']; ?>" class="liteoption" />&nbsp; <input type="submit" name="usersubmit" value="<?php echo $user->lang['Find_username']; ?>" class="liteoption" onclick="window.open('<?php echo "../search.$phpEx$SID"; ?>&amp;mode=searchuser&amp;form=2&amp;field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=650');return false;" /><input type="hidden" name="type" value="user" /><input type="hidden" name="advanced" value="1" /><input type="hidden" name="new" value="1" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /></td>
+ <td class="cat" align="center"> <input type="submit" name="add" value="<?php echo $user->lang['SUBMIT']; ?>" class="mainoption" />&nbsp; <input type="reset" value="<?php echo $user->lang['Reset']; ?>" class="liteoption" />&nbsp; <input type="submit" name="usersubmit" value="<?php echo $user->lang['Find_username']; ?>" class="liteoption" onclick="window.open('<?php echo "../search.$phpEx$SID"; ?>&amp;mode=searchuser&amp;form=2&amp;field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=650');return false;" /><input type="hidden" name="type" value="user" /><input type="hidden" name="advanced" value="1" /><input type="hidden" name="new" value="1" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /></td>
</tr>
</table></form></td>
@@ -313,7 +301,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<td class="row1" align="center"><select name="entries[]" multiple="multiple" size="4"><?php echo $group_list; ?></select></td>
</tr>
<tr>
- <td class="cat" align="center"> <input type="submit" name="add" value="<?php echo $user->lang['Submit']; ?>" class="mainoption" />&nbsp; <input type="reset" value="<?php echo $user->lang['Reset']; ?>" class="liteoption" /><input type="hidden" name="type" value="group" /><input type="hidden" name="advanced" value="1" /><input type="hidden" name="new" value="1" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /></td>
+ <td class="cat" align="center"> <input type="submit" name="add" value="<?php echo $user->lang['SUBMIT']; ?>" class="mainoption" />&nbsp; <input type="reset" value="<?php echo $user->lang['Reset']; ?>" class="liteoption" /><input type="hidden" name="type" value="group" /><input type="hidden" name="advanced" value="1" /><input type="hidden" name="new" value="1" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /></td>
</tr>
</table></form></td>
@@ -328,7 +316,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
// Founder only operations ... these operations can
// only be altered by someone with founder status
- $founder_sql = ( !$userdata['user_founder'] ) ? ' AND founder_only <> 1' : '';
+ $founder_sql = (!$userdata['user_founder']) ? ' AND founder_only <> 1' : '';
$sql = "SELECT auth_option_id, auth_value
FROM " . ACL_OPTIONS_TABLE . "
@@ -338,35 +326,35 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
$result = $db->sql_query($sql);
$auth_options = array();
- while ( $row = $db->sql_fetchrow($result) )
+ while ($row = $db->sql_fetchrow($result))
{
$auth_options[] = $row;
}
$db->sql_freeresult($result);
- if ( $_POST['type'] == 'user' && !empty($_POST['new']) )
+ if ($_POST['type'] == 'user' && !empty($_POST['new']))
{
$_POST['entries'] = explode("\n", $_POST['entries']);
}
$where_sql = '';
- foreach ( $_POST['entries'] as $value )
+ foreach ($_POST['entries'] as $value)
{
- $where_sql .= ( ( $where_sql != '' ) ? ', ' : '' ) . ( ( $_POST['type'] == 'user' && !empty($_POST['new']) ) ? '\'' . $value . '\'' : intval($value) );
+ $where_sql .= (($where_sql != '') ? ', ' : '') . (($_POST['type'] == 'user' && !empty($_POST['new'])) ? '\'' . $value . '\'' : intval($value));
}
- switch ( $_POST['type'] )
+ switch ($_POST['type'])
{
case 'group':
$l_type = 'Group';
- $sql = ( empty($_POST['new']) ) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
+ $sql = (empty($_POST['new'])) ? "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC" : "SELECT group_id AS id, group_name AS name FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC";
break;
case 'user':
$l_type = 'User';
- $sql = ( empty($_POST['new']) ) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
+ $sql = (empty($_POST['new'])) ? "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC";
break;
}
@@ -375,15 +363,15 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
$ug = '';;
$ug_hidden = '';
$auth = array();
- while ( $row = $db->sql_fetchrow($result) )
+ while ($row = $db->sql_fetchrow($result))
{
- $ug_test = ( !empty($user->lang[$row['name']]) ) ? $user->lang[$row['name']] : $row['name'];
- $ug .= ( !strstr($ug, $ug_test) ) ? $ug_test . "\n" : '';
+ $ug_test = (!empty($user->lang[$row['name']])) ? $user->lang[$row['name']] : $row['name'];
+ $ug .= (!strstr($ug, $ug_test)) ? $ug_test . "\n" : '';
$ug_test = '<input type="hidden" name="entries[]" value="' . $row['id'] . '" />';
- $ug_hidden .= ( !strstr($ug_hidden, $ug_test) ) ? $ug_test : '';
+ $ug_hidden .= (!strstr($ug_hidden, $ug_test)) ? $ug_test : '';
- $auth[$row['auth_value']] = ( isset($auth_group[$row['auth_value']]) ) ? min($auth_group[$row['auth_value']], $row['auth_allow_deny']) : $row['auth_allow_deny'];
+ $auth[$row['auth_value']] = (isset($auth_group[$row['auth_value']])) ? min($auth_group[$row['auth_value']], $row['auth_allow_deny']) : $row['auth_allow_deny'];
}
$db->sql_freeresult($result);
@@ -451,7 +439,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
//-->
</script>
-<p><?php echo $user->lang['ACL_explain']; ?></p>
+<p><?php echo $user->lang['ACL_EXPLAIN']; ?></p>
<form method="post" name="acl" action="<?php echo "admin_permissions.$phpEx$SID&amp;mode=$mode"; ?>"><table cellspacing="1" cellpadding="0" border="0" align="center">
<tr>
@@ -469,13 +457,13 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
for($i = 0; $i < sizeof($auth_options); $i++)
{
- $row_class = ( $row_class == 'row1' ) ? 'row2' : 'row1';
+ $row_class = ($row_class == 'row1') ? 'row2' : 'row1';
- $l_can_cell = ( !empty($user->lang['acl_' . $auth_options[$i]['auth_value']]) ) ? $user->lang['acl_' . $auth_options[$i]['auth_value']] : ucfirst(preg_replace('#.*?_#', '', $auth_options[$i]['auth_value']));
+ $l_can_cell = (!empty($user->lang['acl_' . $auth_options[$i]['auth_value']])) ? $user->lang['acl_' . $auth_options[$i]['auth_value']] : ucfirst(preg_replace('#.*?_#', '', $auth_options[$i]['auth_value']));
- $allow_type = ( $auth[$auth_options[$i]['auth_value']] == ACL_ALLOW ) ? ' checked="checked"' : '';
- $deny_type = ( $auth[$auth_options[$i]['auth_value']] == ACL_DENY ) ? ' checked="checked"' : '';
- $inherit_type = ( $auth[$auth_options[$i]['auth_value']] == ACL_INHERIT ) ? ' checked="checked"' : '';
+ $allow_type = ($auth[$auth_options[$i]['auth_value']] == ACL_ALLOW) ? ' checked="checked"' : '';
+ $deny_type = ($auth[$auth_options[$i]['auth_value']] == ACL_DENY) ? ' checked="checked"' : '';
+ $inherit_type = ($auth[$auth_options[$i]['auth_value']] == ACL_INHERIT) ? ' checked="checked"' : '';
?>
<tr>
@@ -488,11 +476,11 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
}
- if ( $type_sql == 'f' || $type_sql == 'm' )
+ if ($type_sql == 'f' || $type_sql == 'm')
{
$children = get_forum_branch($forum_id, 'children', 'descending', false);
- if ( !empty($children) )
+ if (!empty($children))
{
?>
<tr>
@@ -504,7 +492,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
<td colspan="4" height="16"><span class="gensmall"><?php echo $user->lang['Inheritance_explain']; ?></span></td>
</tr>
<?php
- foreach ( $children as $row )
+ foreach ($children as $row)
{
?>
@@ -528,7 +516,7 @@ if ( !empty($forum_id) || $mode == 'administrators' || $mode == 'supermoderators
?>
<tr>
- <td class="cat" colspan="4" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $user->lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="cancel" value="<?php echo $user->lang['Cancel']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $_POST['type']; ?>" /><?php echo $ug_hidden; ?></td>
+ <td class="cat" colspan="4" align="center"><input class="mainoption" type="submit" name="update" value="<?php echo $user->lang['Update']; ?>" />&nbsp;&nbsp;<input class="liteoption" type="submit" name="CANCEL" value="<?php echo $user->lang['CANCEL']; ?>" /><input type="hidden" name="f" value="<?php echo $forum_id; ?>" /><input type="hidden" name="type" value="<?php echo $_POST['type']; ?>" /><?php echo $ug_hidden; ?></td>
</tr>
</table></td>
</tr>
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-22 12:01:19 +0000