+$adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1;

+

+if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))

+ $user_id = $HTTP_POST_VARS[POST_USERS_URL];

+

+ //

+ // This is where things become fun ...

+ //

+ // We have to do a pile of cross-checking

+ // to ensure what the admin has requested

+ // for a user doesn't conflict with

+ // permissions already assigned. If they

+ // do we warn the admin and give them

+ // options ... where possible

+ //

+

+ //

+ // Get group_id for this user_id

+ //

+ $sql_groupid = "SELECT group_id

+ FROM " . USER_GROUP_TABLE . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_groupid))

+ {

+ // Error no such user/group

+ }

+ list($group_id) = $db->sql_fetchrow($result);

+

+ //

+ // Carry out requests

+ //

+ if( !$HTTP_POST_VARS['makeadmin'] && $HTTP_POST_VARS['curadmin'] )

+ {

+ //

+ // Delete any entries granting moderator

+ // status in auth_access

+ //

+ $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . "

+ WHERE group_id = $group_id";

+ if(!$result = $db->sql_query($sql_unmod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ $sql_userlevel = "UPDATE " . USERS_TABLE . "

+ SET user_level = " . USER . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_userlevel))

+ {

+ // Error, couldn't set user level

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+ else if( $HTTP_POST_VARS['makeadmin'] && !$HTTP_POST_VARS['curadmin'] )

+ {

+ //

+ // Need to switch on admin

+ // level, this also requires

+ // we remove this user from all

+ // auth fields(?)

+ //

+ $sql_userlevel = "UPDATE " . USERS_TABLE . "

+ SET user_level = " . ADMIN . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_userlevel))

+ {

+ // Error, couldn't set user level

+ }

+

+ //

+ // Delete any entries in auth_access, they

+ // are unrequired if user is becoming an

+ // admin

+ //

+ $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . "

+ WHERE aa.group_id = $group_id";

+ if(!$result = $db->sql_query($sql_unmod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ //

+ // Remove user from any groups

+ //

+ $sql_rmgrp = "DELETE FROM " . USER_GROUP_TABLE . "

+ WHERE user_id = $user_id

+ AND group_id <> $group_id";

+ if(!$result = $db->sql_query($sql_rmgrp))

+ {

+ // Error, couldn't delete entries

+ }

+

+

+ $sql_mod = "INSERT INTO " . AUTH_ACCESS_TABLE . " (group_id, forum_id, auth_mod)

+ VALUES ($group_id, 0, 1)";

+ if(!$result = $db->sql_query($sql_mod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+ else

+ {

+ //

+ // Pull all the group info

+ // for this user

+ //

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user

+ FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g

+ WHERE ug.user_id = $user_id

+ AND g.group_id = ug.group_id

+ AND aa.group_id = ug.group_id

+ AND g.group_single_user <> 1";

+ $au_result = $db->sql_query($sql);

+

+ $num_u_access = $db->sql_numrows($au_result);

+ if($num_u_access)

+ {

+ $u_access = $db->sql_fetchrowset($au_result);

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+

+else if(empty($HTTP_GET_VARS[POST_USERS_URL]))

+ //

+ // Default user selection box

+ // This should be altered on the final

+ // system to list users via an alphabetical

+ // selection system ... otherwise this

+ // could get 'cumbersome' for boards

+ // with several thousand users!

+ //

+ $sql = "SELECT user_id, username

+ FROM ".USERS_TABLE;

+ $u_result = $db->sql_query($sql);

+ $user_list = $db->sql_fetchrowset($u_result);

+ $select_list = "<select name=\"" . POST_USERS_URL . "\">";

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ $select_list .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";

+ }

+ $select_list .= "</select>";

+ "body" => "admin/userauth_select_body.tpl"));

+

+ $template->assign_vars(array(

+ "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"),

+ "S_USERS_SELECT" => $select_list,

+

+ "U_FORUMAUTH" => append_sid("forumauth.$phpEx"))

+ );

+

+ $template->pparse("body");

+

+ exit;

+

+}

+

+ $template->set_filenames(array(

+ "body" => "admin/userauth_body.tpl")

+ );

+ $sql = "SELECT forum_id, forum_name, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_votecreate, auth_vote, auth_attachments

+ FROM " . FORUMS_TABLE;

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, aa.auth_admin, g.group_single_user

+ $is_admin = ($userinf[0]['user_level'] == ADMIN && $userinf[0]['user_id'] != ANONYMOUS) ? 1 : 0;

+ $value = $forum_access[$i][$key];

+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;

+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0;

+ $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;

+ $optionlist_grant .= "<option value=\"1\" selected>Allowed Access</option>";

+ $optionlist_grant .= "<option value=\"1\">Allowed Access</option><option value=\"0\" selected>Disallowed Access</option>";

+ $optionlist_mod = "<option value=\"1\" selected>Is a Moderator</option>";

+ $optionlist_mod = "<option value=\"1\">Is a Moderator</option><option value=\"0\" selected>Is not a Moderator</option>";

+ $template->assign_block_vars("forums", array(

+ echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.$phpEx?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">" . $f_access[$i]['forum_name'] . "</a></td>\n";

+ $t_username .= $userinf[0]['username'];

+ $t_usertype = ($is_admin) ? "an <b>Administrator</b>" : "a <b>User</b>";

+ for($i = 0; $i < count($userinf); $i++)

+ if(!$userinf[$i]['group_single_user'])

+ {

+ $group_name[] = $userinf[$i]['group_name'];

+ $group_id[] = $userinf[$i]['group_id'];

+ }

+ }

+

+ if(count($group_name))

+ {

+ $t_usergroup_list = "belongs to the following groups; ";

+ for($i = 0; $i < count($userinf); $i++)

+ {

+ $t_usergroup_list .= "<a href=\"groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id[$i] . "\">" . $group_name[$i] . "</a>";

+ if($i < count($group_name) - 1)

+ {

+ $t_usergroup_list .= ", ";

+ }

+ }

+ }

+ else

+ {

+ $t_usergroup_list = "belongs to no usergroups.";

+ $s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_USERS_URL . "\" value=\"$user_id\">";

+ $s_hidden_fields .= "<input type=\"hidden\" name=\"curadmin\" value=\"" . $is_admin ."\">";

+ $s_hidden_fields .= "<input type=\"hidden\" name=\"" . POST_GROUPS_URL . "\" value=\"" . "\">";

+ "USERNAME" => $t_username,

+ "USERTYPE" => $t_usertype,

+ "S_ADMIN_CHECK_SELECTED" => (($is_admin) ? " checked" : ""),

+

+ "S_USER_AUTH_ACTION" => append_sid("userauth.$phpEx"),

+ "S_HIDDEN_FIELDS" => $s_hidden_fields,

+

+ "USER_GROUP_LIST" => $t_usergroup_list)

+ exit;