+/*$simple_auth_ary = array(

+);*/

+

+

+$simple_auth_ary = array(

+ 0 => array(0, 0, 0, 0, 1, 0, 3, 3),

+ 1 => array(0, 0, 0, 0, 3, 3, 3, 3),

+ 2 => array(0, 0, 1, 1, 1, 1, 3, 3),

+ 3 => array(1, 1, 1, 1, 1, 1, 3, 3),

+ 4 => array(0, 2, 2, 2, 2, 2, 2, 3),

+ 5 => array(2, 2, 2, 2, 2, 2, 2, 3),

+ 6 => array(0, 3, 3, 3, 3, 3, 3, 3),

+ 7 => array(3, 3, 3, 3, 3, 3, 3, 3),

+ 8 => array(0, 0, 3, 0, 0, 0, 3, 3),

+ 9 => array(0, 0, 3, 1, 0, 0, 3, 3)

+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");

+//, "auth_votecreate", "auth_vote", "auth_attachments"

+ $forum_sql = "AND forum_id = $forum_id";

+$sql = "SELECT f.*

+ FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c

+ WHERE c.cat_id = f.cat_id

+ ORDER BY c.cat_order ASC, f.forum_order ASC";

+ $forum_name[$i] = "<a href=\"" . append_sid("admin_forumauth.php?" . POST_FORUM_URL . "=" . $forum_rows[$i]['forum_id']) . "\">" . $forum_rows[$i]['forum_name'] . "</a>";

+ <tr><form method="post" action="admin_forumauth.php">

+ $switch_mode = "admin_forumauth.php?" . POST_FORUM_URL . "=" . $forum_id . "&adv=";

+ <td align="center"><a href="admin_forumauth.php">Return to Forum Auth Index</a></td>

+ "auth_announce" => AUTH_ANNOUNCE);

+/* ,

+ "auth_attachments" => AUTH_ATTACH,

+

+ "auth_allow_html" => AUTH_ALLOW_HTML

+ "auth_allow_bbcode" => AUTH_ALLOW_BBCODE

+ "auth_allow_smilies" => AUTH_ALLOW_SMILIES

+);*/

+$forum_auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_sticky", "auth_announce");

+//, "auth_votecreate", "auth_vote", "auth_attachments", "auth_allow_html", "auth_allow_bbcode", "auth_allow_smilies"

+ $sql_groupid = "SELECT ug.group_id, u.user_level

+ FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u

+ WHERE u.user_id = $user_id

+ AND ug.user_id = u.user_id";

+ $ug_info = $db->sql_fetchrow($result);

+ if( $HTTP_POST_VARS['userlevel'] == "user" && $ug_info['user_level'] == ADMIN)

+ // Make admin a user (if already admin)

+ //

+

+ //

+ $sql = "UPDATE " . AUTH_ACCESS_TABLE . "

+ SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0

+ WHERE group_id = " . $ug_info['group_id'];

+ if(!$result = $db->sql_query($sql))

+ // Error ...

+ $sql = "UPDATE " . USERS_TABLE . "

+ if(!$result = $db->sql_query($sql))

+ // Error ...

+ header("Location: admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+ else if( $HTTP_POST_VARS['userlevel'] == "admin" && $ug_info['user_level'] != ADMIN )

+

+ // Make user an admin (if already user)

+ // Error ...

+ $sql_unmod = "UPDATE " . AUTH_ACCESS_TABLE . "

+ SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0

+ WHERE group_id = " . $ug_info['group_id'];

+ if(!$result = $db->sql_query($sql_unmod))

+ {

+ // Error ...

+ }

+

+ WHERE group_id = $group_id

+ AND auth_mod = 0";

+ // Error ...

+ header("Location: admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+ // Pull all the auth/group

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_sticky, aa.auth_announce, aa.auth_mod, g.group_single_user

+ AND aa.group_id = ug.group_id";

+ if($num_u_access = $db->sql_numrows($au_result))

+ $sql = "SELECT f.forum_id, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_sticky, f.auth_announce

+ FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c

+ WHERE c.cat_id = f.cat_id

+ ORDER BY c.cat_order ASC, f.forum_order ASC";

+ $fa_result = $db->sql_query($sql);

+

+ $forum_access = $db->sql_fetchrowset($fa_result);

+

+ //

+ $warning_mod = array();

+ $valid_auth_mod = array();

+ $valid_auth_mod_sql = array();

+

+

+

+ $auth_exists = FALSE;

+

+ if( $forum_id == $chg_forum_id )

+

+ if( $u_access[$i]['auth_mod'] == $value && $u_access[$i]['group_single_user'] )

+ {

+ $a_match = -1;

+ }

+ else if( $u_access[$i]['auth_mod'] && !$value && !$u_access[$i]['group_single_user'] )

+ {

+ //

+ // User is being removed as a moderator but is a moderator

+ // via a group, carry out the update but warn the moderator

+ //

+ $warning_mod[$chg_forum_id] = TRUE;

+ }

+ else

+ {

+ if(!$value)

+ {

+ $sql = "DELETE FROM " . AUTH_ACCESS_TABLE;

+ }

+ else

+ {

+ $sql = "UPDATE " . AUTH_ACCESS_TABLE . "

+ SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0, auth_mod = " . TRUE;

+ }

+ $valid_auth_mod_sql[$chg_forum_id] = $sql . " WHERE forum_id = $chg_forum_id AND group_id = " . $ug_info['group_id'];

+ $valid_auth_mod[$chg_forum_id] = 1;

+ }

+

+ $auth_exists = TRUE;

+

+ if(!$auth_exists && $value)

+ {

+ $valid_auth_mod_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, auth_mod) VALUES ($chg_forum_id, " . $ug_info['group_id'] . ", 1)";

+ $valid_auth_mod[$chg_forum_id] = 0;

+ }

+ // Check against priv access table ...

+ $warning_mod = array();

+ $valid_auth_acl_sql = array();

+

+ reset($valid_auth_mod);

+

+ $valid_auth_acl_sql[$chg_forum_id] = "";

+ $auth_exists = FALSE;

+

+ if( $u_access[$i]['forum_id'] == $chg_forum_id )

+ {

+

+ //

+ // If we're updating/inserting a moderator access

+ // control then we don't need to both with anything here,

+ // adding (or updating) a user to mod status automatically

+ // grants access to all forum functions (unless they

+ // are set at admin status!). Removing moderator permissions

+ // automatically removes all priviledges, it does mean the

+ // admin has to re-enable ACL privs but it does prevent

+ // them accidently leaving a user with access to a forum

+ // they should be now denied.

+ //

+// echo "<BR>" . $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . "<BR>";

+

+// echo $chg_forum_id . " : " . $valid_auth_mod[$chg_forum_id] . " : " . $u_access[$i]['auth_mod'] . "<BR>";

+

+ if( empty($valid_auth_mod[$chg_forum_id]) && !$u_access[$i]['auth_mod'])

+ {

+ //

+ // User isn't a moderator so now we have to decide whether the

+ // the access needs creating, updating or deleting ...

+ //

+

+ for($j = 0; $j < count($forum_access); $j++)

+ {

+ if( $chg_forum_id == $forum_access[$j]['forum_id'] )

+ {

+ $update_acl_sql = "";

+

+ for($k = 0; $k < count($forum_auth_fields); $k++)

+ {

+ $auth_field = $forum_auth_fields[$k];

+

+ if( $forum_access[$j][$auth_field] == AUTH_ACL )

+ {

+

+ if( $u_access[$i][$auth_field] && !$value && !$u_access[$i]['group_single_user'] )

+ {

+

+ //

+ // User is having ACL access removed from this field

+ // but retains access via a group they belong too,

+ // carry out the update but warn the moderator

+ //

+

+ $warning_acl[$chg_forum_id][$auth_field] = TRUE;

+ }

+ else if( $u_access[$i][$auth_field] != $value && $u_access[$i]['group_single_user'] )

+ {

+ $update_acl_sql .= ($update_acl_sql != "") ? ", $auth_field = $value" : "$auth_field = $value";

+ }

+ }

+ }

+

+ $valid_auth_acl_sql[$chg_forum_id] = "UPDATE " . AUTH_ACCESS_TABLE . " SET " . $update_acl_sql ." WHERE forum_id = $chg_forum_id AND group_id = " . $ug_info['group_id'];

+ } // forum_id = forum_access

+

+ } // for ... forum_access

+

+ } // not_mod

+

+ $auth_exists = TRUE;

+

+ } // if forum ... chg_forum

+

+ } // for ... u_access

+

+ if($valid_auth_acl_sql[$chg_forum_id] == "" && !$auth_exists)

+ {

+ for($j = 0; $j < count($forum_access); $j++)

+ if( $chg_forum_id == $forum_access[$j]['forum_id'] && $value)

+ $valid_auth_acl_sql_val = "";

+ $valid_auth_acl_sql_fld = "";

+

+ for($k = 0; $k < count($forum_auth_fields); $k++)

+ {

+ $auth_field = $forum_auth_fields[$k];

+

+ if( $forum_access[$j][$auth_field] == AUTH_ACL )

+ {

+ $valid_auth_acl_sql_fld .= ($valid_auth_acl_sql_fld != "") ? ", $auth_field" : "$auth_field";

+ $valid_auth_acl_sql_val .= ($valid_auth_acl_sql_val != "") ? ", $value" : "$value";

+ }

+ }

+

+ $valid_auth_acl_sql[$chg_forum_id] = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $valid_auth_acl_sql_fld) VALUES ($chg_forum_id, " . $ug_info['group_id'] . ", $valid_auth_acl_sql_val)";

+

+// print_r($valid_auth_acl_sql);

+// echo "<BR><BR>";

+

+ // The next part requires that we know whether we're

+ // updating an existing entry, inserting a new one or

+ // deleting an existing entry ... as well as what we're

+ // updating and with what value ...

+

+ //

+ // Checks complete, make updates

+ //

+ while(list($chg_forum_id, $sql) = each($valid_auth_mod_sql))

+ {

+ if( !empty($sql) )

+ {

+ if(!$result = $db->sql_query($sql))

+ {

+ // Error ...

+ }

+ }

+ }

+ while(list($chg_forum_id, $sql) = each($valid_auth_acl_sql))

+ {

+ if( !empty($sql) )

+ {

+ if(!$result = $db->sql_query($sql))

+ {

+ // Error ...

+ }

+ }

+ }

+ header("Location: admin_userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+ //

+ // This should be altered on the final system

+ FROM ".USERS_TABLE . "

+ WHERE user_id != " . ANONYMOUS;

+ "S_USERAUTH_ACTION" => append_sid("admin_userauth.$phpEx"),

+ "U_FORUMAUTH" => append_sid("admin_forumauth.$phpEx"))

+//

+// Front end

+//

+

+$template->set_filenames(array(

+ "body" => "admin/userauth_body.tpl")

+);

+$user_id = $HTTP_GET_VARS[POST_USERS_URL];

+$sql = "SELECT f.forum_id, f.forum_name, f.auth_view, f.auth_read, f.auth_post, f.auth_reply, f.auth_edit, f.auth_delete, f.auth_announce, f.auth_sticky

+ FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c

+ WHERE c.cat_id = f.cat_id

+ ORDER BY c.cat_order ASC, f.forum_order ASC";

+$fa_result = $db->sql_query($sql);

+

+$forum_access = $db->sql_fetchrowset($fa_result);

+

+if($adv == -1)

+{

+ for($j = 0; $j < count($forum_auth_key_fields); $j++)

+ if($forum_row[$forum_auth_key_fields[$j]] == AUTH_REG)

+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ACL)

+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_MOD)

+ {

+ $basic_auth_level[$forum_row['forum_id']] = "moderator";

+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];

+ }

+ else if($forum_row[$forum_auth_key_fields[$j]] == AUTH_ADMIN)

+ {

+ $basic_auth_level[$forum_row['forum_id']] = "admin";

+ $basic_auth_level_fields[$forum_row['forum_id']][] = $forum_auth_fields[$j];

+ }

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_mod

+ AND aa.group_id = ug.group_id

+ AND g.group_single_user = " . TRUE;

+ $result = a_auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], 0);

+ $optionlist_acl = "<select name=\"private[$forumkey]\">";

+ $optionlist_acl .= "<option value=\"1\">Allowed Access</option>";

+ $optionlist_acl .= "<option value=\"1\" selected>Allowed Access</option><option value=\"0\">Disallowed Access</option>";

+ $optionlist_acl .= "<option value=\"1\">Allowed Access</option><option value=\"0\" selected>Disallowed Access</option>";

+ $optionlist_acl .= "</select>";

+ $optionlist_acl = "&nbsp;";

+ $optionlist_mod = "<select name=\"moderator[$forumkey]\">";

+ $optionlist_mod .= "<option value=\"1\" selected>Is a Moderator</option><option value=\"0\">Is not a Moderator</option>";

+ $optionlist_mod .= "<option value=\"1\">Is a Moderator</option><option value=\"0\" selected>Is not a Moderator</option>";

+ $optionlist_mod .= "</select>";

+ "U_FORUM_AUTH" => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),

+

+ "S_ACL_SELECT" => $optionlist_acl,

+ "S_MOD_SELECT" => $optionlist_mod)

+ $s_user_type = ($is_admin) ? '<select name="userlevel"><option value="admin" selected>Administrator</option><option value="user">User</option></select>' : '<select name="userlevel"><option value="admin">Administrator</option><option value="user" selected>User</option></select>';

+ $t_usergroup_list = "";

+ "USER_GROUP_LIST" => $t_usergroup_list,

+ "S_USER_AUTH_ACTION" => append_sid("admin_userauth.$phpEx"),

+ "S_USER_TYPE_SELECT" => $s_user_type,

+ "S_HIDDEN_FIELDS" => $s_hidden_fields)

+} // if adv == -1

+$template->pparse("body");

+

+exit;