diff options
Diffstat (limited to 'phpBB/admin')
| -rw-r--r-- | phpBB/admin/forumauth.php | 9 | ||||
| -rw-r--r-- | phpBB/admin/userauth.php | 291 |
2 files changed, 208 insertions, 92 deletions
diff --git a/phpBB/admin/forumauth.php b/phpBB/admin/forumauth.php index 3b1a571213..bfbd71c2d8 100644 --- a/phpBB/admin/forumauth.php +++ b/phpBB/admin/forumauth.php @@ -15,7 +15,7 @@ include('common.'.$phpEx); // $simple_auth_ary = array( - 0 => array(0, 0, 0, 0, 0, 0, 0, 0, 0), + 0 => array(0, 0, 0, 0, 1, 0, 0, 0, 0), 1 => array(0, 0, 1, 1, 1, 1, 1, 1, 1), 2 => array(1, 1, 1, 1, 1, 1, 1, 1, 1), 3 => array(0, 2, 2, 2, 2, 2, 2, 2, 2), @@ -37,8 +37,8 @@ $forum_auth_const = array(AUTH_ALL, AUTH_REG, AUTH_ACL, AUTH_MOD, AUTH_ADMIN); if(isset($HTTP_GET_VARS[POST_FORUM_URL]) || isset($HTTP_POST_VARS[POST_FORUM_URL])) { $forum_id = (isset($HTTP_POST_VARS[POST_FORUM_URL])) ? $HTTP_POST_VARS[POST_FORUM_URL] : $HTTP_GET_VARS[POST_FORUM_URL]; -// $forum_sql = "WHERE forum_id = $forum_id"; - $forum_sql = "AND f.forum_id = $forum_id"; + $forum_sql = "WHERE forum_id = $forum_id"; +// $forum_sql = "AND f.forum_id = $forum_id"; } else { @@ -419,7 +419,8 @@ for($i = 0; $i < count($forum_mods_list); $i++) ?> <center> -<br clear="all"> +<p><a href="userauth.php">User Authorisation Admin</a></p> + <font face="Verdana,serif" size="1">Powered By <a href="http://www.phpbb.com/" target="_phpbb">phpBB 2.0</a></font> <br clear="all"> <font face="Verdana,serif" size="1"> diff --git a/phpBB/admin/userauth.php b/phpBB/admin/userauth.php index 17dcbf8776..ffd92d7e42 100644 --- a/phpBB/admin/userauth.php +++ b/phpBB/admin/userauth.php @@ -14,9 +14,6 @@ include('common.'.$phpEx); // End session management // - - - $auth_field_match = array( "auth_view" => AUTH_VIEW, "auth_read" => AUTH_READ, @@ -28,6 +25,9 @@ $auth_field_match = array( "auth_votecreate" => AUTH_VOTECREATE, "auth_attachments" => AUTH_ATTACH ); +$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_votecreate", "auth_vote", "auth_attachments"); + + ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" @@ -41,6 +41,7 @@ $auth_field_match = array( H1 {font-family:Arial,Helvetica,sans-serif;font-size:14pt;} H2 {font-family:Arial,Helvetica,sans-serif;font-size:12pt;} + H3 {font-family:Arial,Helvetica,sans-serif;font-size:10pt;} TH {font-family:Verdana,serif;font-size:8pt} TD {font-family:Verdana,serif;font-size:8pt} @@ -127,17 +128,16 @@ if(!empty($HTTP_GET_VARS[POST_FORUM_URL])) </tr> <?php - for($i = 0; $i < count($forum_field_name); $i++) { - echo "\t<tr><form method=\"post\" action=\"userauth.php\">\n"; + echo "\t<tr><form method=\"get\" action=\"userauth.php\">\n"; echo "\t\t<td bgcolor=\"#DDDDDD\">" . $forum_field_name[$i] . "</td>\n"; reset($is_auth); $user_auth_ary = $is_auth[$forum_field_name[$i]]; - if($forum_fields[$forum_field_name[$i]] == AUTH_ALL || $forum_fields[$forum_field_name[$i]] == AUTH_ALL) + if($forum_fields[$forum_field_name[$i]] == AUTH_ALL || $forum_fields[$forum_field_name[$i]] == AUTH_REG) { if($forum_fields[$forum_field_name[$i]] == AUTH_ALL) { @@ -158,7 +158,7 @@ if(!empty($HTTP_GET_VARS[POST_FORUM_URL])) echo "<option value=\"$userkey\">" . $userinfo[$userkey]['username'] . "</option>"; } } - echo "</select> <input type=\"submit\" name=\"moduser\" value=\"Look up User\"> </td>\n"; + echo "</select> <input type=\"submit\" value=\"Look up User\"> </td>\n"; } echo "\t</form></tr>\n"; @@ -170,115 +170,230 @@ if(!empty($HTTP_GET_VARS[POST_FORUM_URL])) <?php } -else if(!empty($HTTP_GET_VARS['u']) || !empty($HTTP_POST_VARS['u'])) +else if(isset($HTTP_GET_VARS[POST_USERS_URL])) { - $userid = (!empty($HTTP_GET_VARS['u'])) ? $HTTP_GET_VARS['u'] : $HTTP_POST_VARS['u']; - - $sql = "SELECT username, user_level - FROM ".USERS_TABLE." - WHERE user_id = $userid"; + $user_id = $HTTP_GET_VARS[POST_USERS_URL]; + +/* $sql = "SELECT * + FROM " . FORUMS_TABLE;*/ + $sql = "SELECT f.forum_id, f.forum_name, fa.* + FROM " . FORUMS_TABLE . " f, ".AUTH_FORUMS_TABLE." fa + WHERE fa.forum_id = f.forum_id"; + $af_result = $db->sql_query($sql); + $f_access = $db->sql_fetchrowset($af_result); + + $sql = "SELECT user_id, username, user_level + FROM " . USERS_TABLE . " + WHERE user_id = $user_id"; $u_result = $db->sql_query($sql); + $userinf = $db->sql_fetchrow($u_result); - $sql = "SELECT af.*, g.*, f.forum_name - FROM ".AUTH_ACCESS_TABLE." af, ".GROUPS_TABLE." g, ".USER_GROUP_TABLE." ug, ".FORUMS_TABLE." f - WHERE ug.user_id = $userid + $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user + FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g + WHERE ug.user_id = $user_id AND g.group_id = ug.group_id - AND af.forum_id = f.forum_id - ORDER BY g.group_id"; - $aa_result = $db->sql_query($sql); - - $user_inf = $db->sql_fetchrow($u_result); - $access_inf = $db->sql_fetchrowset($aa_result); + AND aa.group_id = ug.group_id"; + $au_result = $db->sql_query($sql); - // - // Show data - // - $userdata['user_id'] = $userid; - $userdata['username'] = $user_inf['username']; - $userdata['user_level'] = $user_inf['user_level']; - $userdata['session_logged_in'] = 1; + $num_u_access = $db->sql_numrows($au_result); + if($num_u_access) + { + $u_access = $db->sql_fetchrowset($au_result); + } - $is_auth = auth(AUTH_ALL, AUTH_LIST_ALL, $userdata); + $is_admin = ($userinf['user_level'] == ADMIN) ? 1 : 0; -?> -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" - "http://www.w3.org/TR/html4/loose.dtd"> -<html> -<head> -<title>phpBB - auth testing</title> -<style type="text/css"> -<!-- - P {font-family:Verdana,serif;font-size:10pt} + for($i = 0; $i < count($f_access); $i++) + { + $f_forum_id = $f_access[$i]['forum_id']; + $is_forum_restricted[$f_forum_id] = 0; - H1 {font-family:Arial,Helvetica,sans-serif;font-size:14pt;} + for($j = 0; $j < count($forum_auth_fields); $j++) + { + $key = $forum_auth_fields[$j]; + $value = $f_access[$i][$key]; - TH {font-family:Verdana,serif;font-size:10pt} - TD {font-family:Verdana,serif;font-size:10pt} + if($user_id == ANONYMOUS) + { + $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL) ? 1 : 0; + if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN) + { + $is_forum_restricted[$f_forum_id] = 1; + } + } + else if(!$num_u_access) + { + $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0; + if($value == AUTH_ACL || $value == AUTH_MOD || $value == AUTH_ADMIN) + { + $is_forum_restricted[$f_forum_id] = 1; + } + } + else + { + switch($value) + { + case AUTH_ALL: + $auth_user[$f_forum_id][$key] = 1; + break; + + case AUTH_REG: + $auth_user[$f_forum_id][$key] = 1; + break; + + case AUTH_ACL: + $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin); + $is_forum_restricted[$f_forum_id] = 1; + break; + + case AUTH_MOD: + $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_MOD, $key, $u_access, $is_admin); + $is_forum_restricted[$f_forum_id] = 1; + break; + + case AUTH_ADMIN: + $auth_user[$f_forum_id][$key] = $is_admin; + $is_forum_restricted[$f_forum_id] = 1; + break; + + default: + $auth_user[$f_forum_id][$key] = 0; + break; + } + } + } + // + // Is user a moderator? + // + $auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin); + } - SELECT.small {width:140px;font-family:"Courier New",courier;font-size:8pt;} - INPUT.text {font-family:"Courier New",courier;font-size:8pt;} -//--> -</style> -</head> -<body bgcolor="#FFFFFF" text="#000000"> +?> -<h1><?php +<h2><?php - echo $userdata['username']; - echo (($userdata['user_level'] == ADMIN) ? " is an Admin" : " is a User"); + echo $userinf['username'] . " is "; + if($userinf['user_level'] == ADMIN) + { + echo "an Administrator"; + } + else + { + echo "a User"; + } + -?></h1> +?></h2> -<div align="center"><table width="98%" cellspacing="1" cellpadding="3" border="1"> +<h3>Restricted forums</h3> + +<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0"> <tr> - <th>Group</th> - <th>Group Name</th> - <th>Forum Title</th> - <th>Can View?</th> - <th>Can Read?</th> - <th>Can Post?</th> - <th>Can Reply?</th> - <th>Can Edit?</th> - <th>Can Delete?</th> - <th>Is Moderator?</th> - </tr> + <th width="25%" bgcolor="#CCCCCC">Forum Name</th> <?php - for($i = 0; $i < count($is_auth); $i++) + for($j = 0; $j < count($forum_auth_fields); $j++) { - $auth_view = ($is_auth[$i]['auth_view'] == 1) ? "Yes" : "No"; - $auth_read = ($is_auth[$i]['auth_read'] == 1) ? "Yes" : "No"; - $auth_post = ($is_auth[$i]['auth_post'] == 1) ? "Yes" : "No"; - $auth_reply = ($is_auth[$i]['auth_reply'] == 1) ? "Yes" : "No"; - $auth_edit = ($is_auth[$i]['auth_edit'] == 1) ? "Yes" : "No"; - $auth_delete = ($is_auth[$i]['auth_delete'] == 1) ? "Yes" : "No"; - $auth_mod = ($is_auth[$i]['auth_mod'] == 1) ? "Yes" : "No"; - - - echo "<tr>\n"; - echo "<td>".$access_inf[$i]['group_id']."</td>\n"; - echo "<td>".$access_inf[$i]['group_name']."</td>\n"; - echo "<td>".$access_inf[$i]['forum_name']."</td>\n"; - echo "<td>".$auth_view."</td>\n"; - echo "<td>".$auth_read."</td>\n"; - echo "<td>".$auth_post."</td>\n"; - echo "<td>".$auth_reply."</td>\n"; - echo "<td>".$auth_edit."</td>\n"; - echo "<td>".$auth_delete."</td>\n"; - echo "<td>".$auth_mod."</td>\n"; - echo "</tr>\n"; + echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n"; } + echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n"; + + echo "</tr>\n"; + + $i = 0; + while(list($forumkey, $user_ary) = each($auth_user)) + { + if($is_forum_restricted[$forumkey]) + { + echo "<tr>\n"; + echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.php?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">".$f_access[$i]['forum_name']."</a></td>\n"; + while(list($fieldkey, $value) = each($user_ary)) + { + $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No"; + echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n"; + } + echo "</tr>\n"; + } + $i++; + } + reset($auth_user); + +?> +</table></div> + +<h3>Forums with general (public or registered) access</h3> + +<p>The following forums are set to be generally accessible to most users, either everyone or just registered users. To limit these forums (or certain fields) to specific users you need to change the forum authorisation type via the <a href="forumauth.php">Forum Authorisation Admin</a> panel.</p> + +<div align="center"><table width="80%" cellspacing="1" cellpadding="4" border="0"> + <tr> + <th width="25%" bgcolor="#CCCCCC">Forum Name</th> +<?php + + for($j = 0; $j < count($forum_auth_fields); $j++) + { + echo "\t<th bgcolor=\"#CCCCCC\">".preg_replace("/auth_/", "", $forum_auth_fields[$j])."</th>\n"; + } + echo "\t<th bgcolor=\"#CCCCCC\">Moderator</th>\n"; + + echo "</tr>\n"; + + $i = 0; + while(list($forumkey, $user_ary) = each($auth_user)) + { + if(!$is_forum_restricted[$forumkey]) + { + echo "<tr>\n"; + echo "\t<td bgcolor=\"#DDDDDD\">".$f_access[$i]['forum_name']."</td>\n"; + while(list($fieldkey, $value) = each($user_ary)) + { + $can_they = ($auth_user[$forumkey][$fieldkey]) ? "Yes" : "No"; + echo "\t<td bgcolor=\"#DDDDDD\">$can_they</td>\n"; + } + echo "</tr>\n"; + } + $i++; + } + reset($auth_user); + ?> - </tr> </table></div> <?php } +else +{ + + $sql = "SELECT user_id, username + FROM ".USERS_TABLE; + $u_result = $db->sql_query($sql); + $user_list = $db->sql_fetchrowset($u_result); + +?> +<div align="center"><table cellspacing="1" cellpadding="4" border="0"> + <tr> + <th bgcolor="#CCCCCC">Select a User</th> + </tr> + <tr><form method="get" action="userauth.php"> + <td bgcolor="#DDDDDD" align="center"><select name="<?php echo POST_USERS_URL; ?>"><?php + + for($i = 0; $i < count($user_list); $i++) + { + echo "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>"; + } + +?></select> <input type="submit" value="Look up User"> </td> + </form></tr> +</table></div> +<?php + +} ?> <center> -<br clear="all"> +<p><a href="forumauth.php">Forum Authorisation Admin</a></p> + <font face="Verdana,serif" size="1">Powered By <a href="http://www.phpbb.com/" target="_phpbb">phpBB 2.0</a></font> <br clear="all"> <font face="Verdana,serif" size="1"> |