aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB/admin/userauth.php
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB/admin/userauth.php')
-rw-r--r--phpBB/admin/userauth.php477
1 files changed, 200 insertions, 277 deletions
diff --git a/phpBB/admin/userauth.php b/phpBB/admin/userauth.php
index ffd92d7e42..529e49e7d7 100644
--- a/phpBB/admin/userauth.php
+++ b/phpBB/admin/userauth.php
@@ -8,8 +8,8 @@ include('common.'.$phpEx);
//
// Start session management
//
-//$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
-//init_userprefs($userdata);
+$userdata = session_pagestart($user_ip, PAGE_INDEX, $session_length);
+init_userprefs($userdata);
//
// End session management
//
@@ -21,178 +21,80 @@ $auth_field_match = array(
"auth_reply" => AUTH_REPLY,
"auth_edit" => AUTH_EDIT,
"auth_delete" => AUTH_DELETE,
+ "auth_sticky" => AUTH_STICKY,
+ "auth_announce" => AUTH_ANNOUNCE,
"auth_vote" => AUTH_VOTE,
"auth_votecreate" => AUTH_VOTECREATE,
"auth_attachments" => AUTH_ATTACH
);
-$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote", "auth_attachments");
+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce", "auth_votecreate", "auth_vote", "auth_attachments");
-
-?>
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
- "http://www.w3.org/TR/html4/loose.dtd">
-<html>
-<head>
-<title>phpBB - auth testing</title>
-<style type="text/css">
-<!--
- P {font-family:Verdana,serif;font-size:8pt}
-
- H1 {font-family:Arial,Helvetica,sans-serif;font-size:14pt;}
- H2 {font-family:Arial,Helvetica,sans-serif;font-size:12pt;}
- H3 {font-family:Arial,Helvetica,sans-serif;font-size:10pt;}
-
- TH {font-family:Verdana,serif;font-size:8pt}
- TD {font-family:Verdana,serif;font-size:8pt}
-
- SELECT.small {width:140px;font-family:"Courier New",courier;font-size:8pt;}
- INPUT.text {font-family:"Courier New",courier;font-size:8pt;}
-//-->
-</style>
-</head>
-<body bgcolor="#FFFFFF" text="#000000">
-
-<h1>User Authorisation Control</h1>
-
-<?php
-
-if(!empty($HTTP_GET_VARS[POST_FORUM_URL]))
+//
+//
+//
+if(isset($HTTP_GET_VARS['adv']))
{
+ $adv = $HTTP_GET_VARS['adv'];
+}
+else
+{
+ $adv = -1;
+}
- $forum_id = $HTTP_GET_VARS[POST_FORUM_URL];
-
- if(!empty($HTTP_GET_VARS['auth']))
- {
-// $fields = $HTTP_GET_VARS['auth'] . ", ";
- $fields = "af.".$HTTP_GET_VARS['auth'] . ", ";
- $forum_field_name[0] = $HTTP_GET_VARS['auth'];
- }
- else
- {
- $fields = "";
- $i = 0;
- while(list($key, $value) = each($auth_field_match))
- {
-// $fields .= $key . ", ";
- $fields .= "af.".$key . ", ";
- $forum_field_name[$i] = $key;
- $i++;
- }
- }
-
-/* $sql = "SELECT " . $fields . "forum_id, forum_name
- FROM ".FORUMS_TABLE."
- WHERE forum_id = $forum_id";*/
- $sql = "SELECT " . $fields. "f.forum_id, f.forum_name
- FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." af
- WHERE af.forum_id = f.forum_id
- AND f.forum_id = $forum_id";
- $f_result = $db->sql_query($sql);
- $forum_fields = $db->sql_fetchrow($f_result);
-
- $sql = "SELECT aa.*, g.group_name, u.user_id, u.username, u.user_level, f.forum_name
- FROM ".AUTH_ACCESS_TABLE." aa, ".GROUPS_TABLE." g, ".USER_GROUP_TABLE." ug, ".USERS_TABLE." u, ".FORUMS_TABLE." f
- WHERE f.forum_id = $forum_id
- AND aa.forum_id = f.forum_id
- AND ug.group_id = aa.group_id
- AND g.group_id = ug.group_id
- AND u.user_id = ug.user_id
- ORDER BY u.user_id, aa.group_id";
- $aa_result = $db->sql_query($sql);
- $user_list = $db->sql_fetchrowset($aa_result);
-
-
- for($i = 0; $i < count($user_list); $i++)
- {
- $user_id = $user_list[$i]['user_id'];
- $userinfo[$user_id]['username'] = $user_list[$i]['username'];
- $is_admin = ($user_list[$i]['user_level'] == ADMIN) ? 1 : 0;
+if(isset($HTTP_GET_VARS[POST_USERS_URL]))
+{
- for($j = 0; $j < count($forum_field_name); $j++)
- {
- $this_field = $forum_field_name[$j];
- $is_auth[$this_field][$user_id] = auth_check_user($forum_fields[$this_field], $this_field, $user_list[$i], $is_admin);
- }
- }
-
+ $template->set_filenames(array(
+ "body" => "admin/userauth_body.tpl"));
- echo "<h2>Forum: ".$forum_fields['forum_name']."</h2>\n";
+ $user_id = $HTTP_GET_VARS[POST_USERS_URL];
-?>
-<div align="center"><table cellspacing="1" cellpadding="4" border="0">
- <tr>
- <th bgcolor="#CCCCCC">Forum Auth Field</th>
- <th bgcolor="#CCCCCC">Users with Access</th>
- </tr>
-<?php
+ $sql = "SELECT f.forum_id, f.forum_name, fa.auth_view, fa.auth_read, fa.auth_post, fa.auth_reply, fa.auth_edit, fa.auth_delete, fa.auth_announce, fa.auth_sticky, fa.auth_votecreate, fa.auth_vote, fa.auth_attachments
+ FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa
+ WHERE fa.forum_id = f.forum_id";
+ $fa_result = $db->sql_query($sql);
+ $forum_access = $db->sql_fetchrowset($fa_result);
- for($i = 0; $i < count($forum_field_name); $i++)
+ for($i = 0; $i < count($forum_access); $i++)
{
- echo "\t<tr><form method=\"get\" action=\"userauth.php\">\n";
-
- echo "\t\t<td bgcolor=\"#DDDDDD\">" . $forum_field_name[$i] . "</td>\n";
-
- reset($is_auth);
- $user_auth_ary = $is_auth[$forum_field_name[$i]];
-
- if($forum_fields[$forum_field_name[$i]] == AUTH_ALL || $forum_fields[$forum_field_name[$i]] == AUTH_REG)
+ while(list($forum_id, $forum_row) = each($forum_access))
{
- if($forum_fields[$forum_field_name[$i]] == AUTH_ALL)
+ for($j = 0; $j < count($forum_auth_fields); $j++)
{
- echo "\t\t<td align=\"center\" bgcolor=\"#EEEEEE\">&nbsp;All Users&nbsp;</td>";
+ $basic_auth_level[$forum_row['forum_id']] = "public";
+ if($forum_row[$forum_auth_fields[$j]] == AUTH_ACL)
+ {
+ $basic_auth_level[$forum_row['forum_id']] = "private";
+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];
+ }
}
- else
+ if($forum_row['auth_view'] == AUTH_MOD || $forum_row['auth_read'] == AUTH_MOD || $forum_row['auth_post'] == AUTH_MOD || $forum_row['auth_reply'] == AUTH_MOD)
{
- echo "\t\t<td align=\"center\" bgcolor=\"#EEEEEE\">&nbsp;Registered Users&nbsp;</td>";
+ $basic_auth_level[$forum_row['forum_id']] = "moderate";
}
- }
- else
- {
- echo "\t\t<td bgcolor=\"#EEEEEE\">&nbsp;<select name=\"u\">";
- while(list($userkey, $auth_value) = each($user_auth_ary))
+ if($forum_row['auth_view'] == AUTH_ADMIN || $forum_row['auth_read'] == AUTH_ADMIN || $forum_row['auth_post'] == AUTH_ADMIN || $forum_row['auth_reply'] == AUTH_ADMIN)
{
- if($auth_value)
- {
- echo "<option value=\"$userkey\">" . $userinfo[$userkey]['username'] . "</option>";
- }
+ $basic_auth_level[$forum_row['forum_id']] = "admin";
}
- echo "</select>&nbsp;&nbsp;&nbsp;<input type=\"submit\" value=\"Look up User\">&nbsp;</td>\n";
}
-
- echo "\t</form></tr>\n";
-
}
-?>
-</table></div>
-<?php
-
-}
-else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
-{
- $user_id = $HTTP_GET_VARS[POST_USERS_URL];
-
-/* $sql = "SELECT *
- FROM " . FORUMS_TABLE;*/
- $sql = "SELECT f.forum_id, f.forum_name, fa.*
- FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa
- WHERE fa.forum_id = f.forum_id";
- $af_result = $db->sql_query($sql);
- $f_access = $db->sql_fetchrowset($af_result);
-
- $sql = "SELECT user_id, username, user_level
- FROM " . USERS_TABLE . "
- WHERE user_id = $user_id";
+ $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user
+ FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug
+ WHERE u.user_id = $user_id
+ AND ug.user_id = u.user_id
+ AND g.group_id = ug.group_id";
$u_result = $db->sql_query($sql);
- $userinf = $db->sql_fetchrow($u_result);
+ $userinf = $db->sql_fetchrowset($u_result);
$sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user
FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g
WHERE ug.user_id = $user_id
AND g.group_id = ug.group_id
- AND aa.group_id = ug.group_id";
+ AND aa.group_id = ug.group_id
+ AND g.group_single_user = 1";
$au_result = $db->sql_query($sql);
$num_u_access = $db->sql_numrows($au_result);
@@ -201,11 +103,11 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
$u_access = $db->sql_fetchrowset($au_result);
}
- $is_admin = ($userinf['user_level'] == ADMIN) ? 1 : 0;
+ $is_admin = ($userinf[0]['user_level'] == ADMIN) ? 1 : 0;
- for($i = 0; $i < count($f_access); $i++)
+ for($i = 0; $i < count($forum_access); $i++)
{
- $f_forum_id = $f_access[$i]['forum_id'];
+ $f_forum_id = $forum_access[$i]['forum_id'];
$is_forum_restricted[$f_forum_id] = 0;
for($j = 0; $j < count($forum_auth_fields); $j++)
@@ -213,192 +115,213 @@ else if(isset($HTTP_GET_VARS[POST_USERS_URL]))
$key = $forum_auth_fields[$j];
$value = $f_access[$i][$key];
- if($user_id == ANONYMOUS)
- {
- $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL) ? 1 : 0;
- if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN)
- {
- $is_forum_restricted[$f_forum_id] = 1;
- }
- }
- else if(!$num_u_access)
+ switch($value)
{
- $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
- if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN)
- {
- $is_forum_restricted[$f_forum_id] = 1;
- }
- }
- else
- {
- switch($value)
- {
- case AUTH_ALL:
- $auth_user[$f_forum_id][$key] = 1;
- break;
-
- case AUTH_REG:
- $auth_user[$f_forum_id][$key] = 1;
- break;
-
- case AUTH_ACL:
- $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
- $is_forum_restricted[$f_forum_id] = 1;
- break;
+ case AUTH_ALL:
+ $auth_user[$f_forum_id][$key] = 1;
+ break;
+
+ case AUTH_REG:
+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? 1 : 0;
+ break;
+
+ case AUTH_ACL:
+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
+ break;
- case AUTH_MOD:
- $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_MOD, $key, $u_access, $is_admin);
- $is_forum_restricted[$f_forum_id] = 1;
- break;
+ case AUTH_MOD:
+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0;
+ break;
- case AUTH_ADMIN:
- $auth_user[$f_forum_id][$key] = $is_admin;
- $is_forum_restricted[$f_forum_id] = 1;
- break;
-
- default:
- $auth_user[$f_forum_id][$key] = 0;
- break;
- }
+ case AUTH_ADMIN:
+ $auth_user[$f_forum_id][$key] = $is_admin;
+ break;
+
+ default:
+ $auth_user[$f_forum_id][$key] = 0;
+ break;
}
}
//
// Is user a moderator?
//
- $auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
+ $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
}
-?>
-
-<h2><?php
-
- echo $userinf['username'] . " is ";
- if($userinf['user_level'] == ADMIN)
- {
- echo "an Administrator";
- }
- else
+ while(list($forumkey, $user_ary) = each($auth_user))
{
- echo "a User";
- }
-
-
-?></h2>
+ $simple_auth[$forumkey] = 1;
+ while(list($fieldkey, $value) = each($user_ary))
+ {
+ $simple_auth[$forumkey] = $simple_auth[$forumkey] && $value;
-<h3>Restricted forums</h3>
+ }
+ }
+ reset($auth_user);
-<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0">
- <tr>
- <th width="25%" bgcolor="#CCCCCC">Forum Name</th>
-<?php
+ $t_username .= $userinf[0]['username'];
+ $t_usertype = ($userinf[0]['user_level'] == ADMIN) ? "an <b>Administrator</b>" : "a <b>User</b>";
- for($j = 0; $j < count($forum_auth_fields); $j++)
+ for($i = 0; $i < count($userinf); $i++)
{
- echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n";
+ if(!$userinf[$i]['group_single_user'])
+ {
+ $group_name[] = $userinf[$i]['group_name'];
+ $group_id[] = $userinf[$i]['group_name'];
+ }
}
- echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n";
-
- echo "</tr>\n";
-
- $i = 0;
- while(list($forumkey, $user_ary) = each($auth_user))
+
+ if(count($group_name))
{
- if($is_forum_restricted[$forumkey])
+ $t_usergroup_list = "belongs to the following groups; ";
+ for($i = 0; $i < count($userinf); $i++)
{
- echo "<tr>\n";
- echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.php?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">".$f_access[$i]['forum_name']."</a></td>\n";
- while(list($fieldkey, $value) = each($user_ary))
+ $t_usergroup_list .= $group_name[$i];
+ if($i < count($group_name) - 1)
{
- $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No";
- echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n";
+ $t_usergroup_list .= ", ";
}
- echo "</tr>\n";
}
- $i++;
}
- reset($auth_user);
-
-?>
-</table></div>
-
-<h3>Forums with general (public or registered) access</h3>
-
-<p>The following forums are set to be generally accessible to most users, either everyone or just registered users. To limit these forums (or certain fields) to specific users you need to change the forum authorisation type via the <a href="forumauth.php">Forum Authorisation Admin</a> panel.</p>
-
-<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0">
- <tr>
- <th width="25%" bgcolor="#CCCCCC">Forum Name</th>
-<?php
-
- for($j = 0; $j < count($forum_auth_fields); $j++)
+ else
{
- echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n";
+ $t_usergroup_list = "belongs to no usergroups.";
}
- echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n";
- echo "</tr>\n";
$i = 0;
- while(list($forumkey, $user_ary) = each($auth_user))
+ if($adv == -1)
{
- if(!$is_forum_restricted[$forumkey])
+ while(list($forumkey, $user_ary) = each($auth_user))
+ {
+ if($basic_auth_level[$forumkey] == "private")
+ {
+ $allowed = 1;
+ for($j = 0; $j < count($basic_auth_level_fields[$forumkey]); $j++)
+ {
+ if(!$auth_user[$forumkey][$basic_auth_level_fields[$forumkey][$j]])
+ {
+ $allowed = 0;
+ }
+ }
+ $optionlist_grant = "<select name=\"simple[$forumkey]\">";
+ if($allowed)
+ {
+ $optionlist_grant .= "<option value=\"1\" selected>Allow Access</option><option value=\"0\">Disallow Access</option>";
+ }
+ else
+ {
+ $optionlist_grant .= "<option value=\"1\">Allow Access</option><option value=\"0\" selected>Disallow Access</option>";
+ }
+ $optionlist_grant .= "</select>";
+ }
+ else
+ {
+ $optionlist_grant = "";
+ }
+ if($user_ary['auth_mod'])
+ {
+ $optionlist_mod = "<option value=\"1\">Remove Moderator</option><option value=\"0\" selected>Make Moderator</option>";
+ }
+ else
+ {
+ $optionlist_mod = "<option value=\"1\" selected>Remove Moderator</option><option value=\"0\">Make Moderator</option>";
+ }
+ switch($basic_auth_level[$forumkey])
+ {
+ case 'public':
+ $row_class = "authall";
+ break;
+ case 'private':
+ $row_class = "authacl";
+ break;
+ case 'moderate':
+ $row_class = "authmod";
+ break;
+ case 'admin':
+ $row_class = "authadmin";
+ break;
+ default:
+ $row_class = "authall";
+ break;
+ }
+
+ $template->assign_block_vars("restrictedforums", array(
+ "ROW_CLASS" => $row_class,
+ "FORUM_NAME" => $forum_access[$i]['forum_name'],
+
+ "SELECT_GRANT_LIST" => "$optionlist_grant",
+ "SELECT_MOD_LIST" => "<select name=\"moderator[$forumkey]\">$optionlist_mod</select>")
+ );
+ $i++;
+ }
+ }
+ else
+ {
+ while(list($forumkey, $user_ary) = each($auth_user))
{
echo "<tr>\n";
- echo "\t<td bgcolor=\"#DDDDDD\">".$f_access[$i]['forum_name']."</td>\n";
+ echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.php?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">" . $f_access[$i]['forum_name'] . "</a></td>\n";
while(list($fieldkey, $value) = each($user_ary))
{
$can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No";
echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n";
}
echo "</tr>\n";
+ $i++;
}
- $i++;
}
reset($auth_user);
-?>
-</table></div>
-<?php
+ $template->assign_vars(array(
+ "USERNAME" => $t_username,
+ "USERTYPE" => $t_usertype,
+
+ "USER_GROUP_LIST" => $t_usergroup_list)
+ );
+
+ $template->pparse("body");
+
}
else
{
+ //
+ // Default user selection box
+ // This should be altered on the final
+ // system to list users via an alphabetical
+ // selection system ... otherwise this
+ // could get 'cumbersome' for boards
+ // with several thousand users!
+ //
+
$sql = "SELECT user_id, username
FROM ".USERS_TABLE;
$u_result = $db->sql_query($sql);
$user_list = $db->sql_fetchrowset($u_result);
-?>
-<div align="center"><table cellspacing="1" cellpadding="4" border="0">
- <tr>
- <th bgcolor="#CCCCCC">Select a User</th>
- </tr>
- <tr><form method="get" action="userauth.php">
- <td bgcolor="#DDDDDD" align="center"><select name="<?php echo POST_USERS_URL; ?>"><?php
-
+ $select_list = "<select name=\"" . POST_USERS_URL . "\">";
for($i = 0; $i < count($user_list); $i++)
{
- echo "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";
+ $select_list .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";
}
+ $select_list .= "</select>";
-?></select>&nbsp;&nbsp;<input type="submit" value="Look up User">&nbsp;</td>
- </form></tr>
-</table></div>
-<?php
+ $template->set_filenames(array(
+ "body" => "admin/userauth_select_body.tpl"));
-}
+ $template->assign_vars(array(
+ "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"),
+ "S_USERS_SELECT" => $select_list,
+
+ "U_FORUMAUTH" => append_sid("forumauth.$phpEx"))
+ );
-?>
-<center>
-<p><a href="forumauth.php">Forum Authorisation Admin</a></p>
+ $template->pparse("body");
+
+}
-<font face="Verdana,serif" size="1">Powered By <a href="http://www.phpbb.com/" target="_phpbb">phpBB 2.0</a></font>
-<br clear="all">
-<font face="Verdana,serif" size="1">
-Copyright &copy; 2001 phpBB Group, All Rights Reserved</font>
-<br>
-</body>
-</html> \ No newline at end of file
+?> \ No newline at end of file
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-20 01:13:27 +0000