1 files changed, 148 insertions, 47 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index 79ec6f04f2..7034c809aa 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -23,71 +23,172 @@
  ***************************************************************************/ 
 
 /* Notes:
- * auth() is going to become a very complex function and can take in a LARGE number of arguments. 
- * The currently included argements should be enough to handle any situation, however, if you need access to another
- * the best option would be to create a global variable and access it that way if you can.
- * 
  * auth() returns: 
  * TRUE if the user authorized
  * FALSE if the user is not
  */
-function auth($type, $id = "", $user_ip = "")
+function auth($type, $forum_id, $userdata, $f_access = -1)
 {
-	global $db, $userdata;
+	global $db;
 
-	switch($type) 
+	//
+	// If not logged on all we
+	// need do is find out
+	// if $forum_id has ANY 
+	// auth for $type
+	//
+	// If logged on we want to
+	// find out if $forum_id has
+	// ALL, REG, ACL, MOD or ADMIN
+	// for $type
+	//
+	switch($type)
 	{
-	// Empty for the moment.
-	}	
-}
-
+		case VIEW:
+			$a_sql = "auth_view";
+			break;
+		case READ:
+			$a_sql = "auth_read";
+			break;
+		case POST:
+			$a_sql = "auth_post";
+			break;
+		case REPLY:
+			$a_sql = "auth_reply";
+			break;
+		case EDIT:
+			$a_sql = "auth_edit";
+			break;
+		case DELETE:
+			$a_sql = "auth_delete";
+			break;
+		case VOTECREATE:
+			$a_sql = "auth_votecreate";
+			break;
+		case VOTE:
+			$a_sql = "auth_vote";
+			break;
+		default:
+			break;
+	}
 
-/*
- * The following functions are used for getting user information. They are not related directly to auth()
- */
+	if($f_access == -1 || $forum_id == LIST_ALL)
+	{
+		$forum_match_sql = ($forum_id != LIST_ALL) ? "" : "WHERE forum_id = $forum_id";
+		$sql = "SELECT $a_sql AS forum_auth 
+			FROM ".AUTH_FORUMS_TABLE." 
+			$forum_match_sql";
+		$af_result = $db->sql_query($sql);
 
-function get_userdata_from_id($userid) 
-{
-	global $db;
+		if($forum_id != LIST_ALL)
+		{
+			$f_access = $db->sql_fetchfield("forum_auth", -1, $af_result);
+		}
+		else
+		{
+			$f_access_rows = $db->sql_fetchrowset($af_result);
 
-	$sql = "SELECT * FROM ".USERS_TABLE." WHERE user_id = $userid";
-	if(!$result = $db->sql_query($sql)) 
-	{
-		$userdata = array("error" => "1");
-		return ($userdata);
+		}
 	}
-	if($db->sql_numrows($result))
+
+	if(!$userdata['session_logged_in'])
 	{
-		$myrow = $db->sql_fetchrowset($result);
-		return($myrow[0]);
+		if($forum_id != LIST_ALL)
+		{
+			$auth_user = ($f_access == ALL) ? true : false;
+		}
+		else
+		{
+			$auth_user_list = array();
+			for($i = 0; $i < count($auth_forum_rows); $i++)
+			{
+				$auth_user_list[] = ($f_access_rows['0']['forum_auth'] == ALL) ? true : false;
+			}
+		}
+
 	}
-	else
+	else 
 	{
-		$userdata = array("error" => "1");
-		return ($userdata);
-	}
-}
+		if($f_access == ALL || $f_access == REG)
+		{
+			$auth_user = true;
+		}
+		else
+		{
+			$forum_match_sql = ($forum_id != LIST_ALL) ? "AND ( aa.forum_id = $forum_id OR aa.forum_id = " . ALL . ")" : "";
+			$sql = "SELECT aa.$a_sql AS user_auth, aa.auth_mod, aa.auth_admin, g.single_user 
+				FROM ".AUTH_ACCESS_TABLE." aa, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g 
+				WHERE ug.user_id = ".$userdata['user_id']. " 
+					AND g.group_id = ug.group_id 
+					AND aa.group_id = ug.group_id 
+					$forum_match_sql";
+			$au_result = $db->sql_query($sql);
 
-function get_userdata($username) {
+			if(!$db->sql_numrows($au_result))
+			{
+				//
+				// No entry was found
+				// for this forum and user
+				// thus they don't have
+				// access
+				//
+				$auth_user = false;
+			}
+			else
+			{
+				$u_access = $db->sql_fetchrowset($au_result);
+			}
 
-	global $db;
+			$single_user = false;
 
-	$sql = "SELECT * FROM ".USERS_TABLE." WHERE username = '$username' AND user_level != ".DELETED;
-	if(!$result = $db->sql_query($sql))
-	{
-		$userdata = array("error" => "1");
-	}
+//			echo "<br><BR>".$f_access."<BR>".ADMIN."<BR>";
+			switch($f_access)
+			{
+				case ACL:
+//					echo "HERE1";
+					for($i = 0; $i < count($u_access); $i++)
+					{
+						if(!$single_user)
+						{
+							$auth_user = $auth_user || $u_access[$i]['user_auth'] || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
+							$single_user = $u_access[$i]['single_user'];
+						}
+					}
+					break;
+		
+				case MOD:
+//					echo "HERE2";
+					for($i = 0; $i < count($u_access); $i++)
+					{
+						if(!$single_user)
+						{
+							$auth_user = $auth_user || $u_access[$i]['auth_mod'] || $u_access[$i]['auth_admin'];
+							$single_user = $u_access[$i]['single_user'];
+						}
+					}
+					break;
+	
+				case ADMIN:
+//					echo "HERE3";
+					for($i = 0; $i < count($u_access); $i++)
+					{
+						if(!$single_user)
+						{
+							$auth_user = $auth_user || $u_access[$i]['auth_admin'];
+							$single_user = $u_access[$i]['single_user'];
+						}
+					}
+					break;
 
-	if($db->sql_numrows($result))
-	{
-		$myrow = $db->sql_fetchrowset($result);
-		return($myrow[0]);
-	}
-	else
-	{
-		$userdata = array("error" => "1");
-		return ($userdata);
+				default:
+//					echo "HERE4";
+					$auth_user = false;
+					break;
+			}
+		}
 	}
+
+	return ( ($forum_id != LIST_ALL) ? $auth_user : $auth_user_list );
 }
 
-?>
+?>
+\ No newline at end of file