diff options
Diffstat (limited to 'phpBB/includes/session.php')
| -rw-r--r-- | phpBB/includes/session.php | 424 |
1 files changed, 290 insertions, 134 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php index 9e8ea85e4c..3b4f5df354 100644 --- a/phpBB/includes/session.php +++ b/phpBB/includes/session.php @@ -19,17 +19,19 @@ * ***************************************************************************/ -class session { - +class session +{ var $session_id = ''; + var $data = array(); var $browser = ''; + var $user_ip = ''; var $page = ''; var $load; // Called at each page start ... checks for, updates and/or creates a session function start($update = true) { - global $SID, $db, $board_config, $user_ip; + global $SID, $db, $board_config; $current_time = time(); $this->browser = ( !empty($_SERVER['HTTP_USER_AGENT']) ) ? $_SERVER['HTTP_USER_AGENT'] : $_ENV['HTTP_USER_AGENT']; @@ -49,16 +51,28 @@ class session { $SID = '?sid=' . $this->session_id; } + // Obtain users IP + $this->ip = ( !empty($_SERVER['REMOTE_ADDR']) ) ? $_SERVER['REMOTE_ADDR'] : $REMOTE_ADDR; + + if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) + { + if ( preg_match('/^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)/', $_SERVER['HTTP_X_FORWARDED_FOR'], $ip_list) ) + { + $private_ip = array('/^0\./', '/^127\.0\.0\.1/', '/^192\.168\..*/', '/^172\.16\..*/', '/^10\..*/', '/^224\..*/', '/^240\..*/'); + $this->ip = preg_replace($private_ip, $this->ip, $ip_list[1]); + } + } + // Load limit check (if applicable) - if ( $board_config['limit_load'] && file_exists('/proc/loadavg') ) + if ( intval($board_config['limit_load']) && file_exists('/proc/loadavg') ) { if ( $load = @file('/proc/loadavg') ) { list($this->load) = explode(' ', $load[0]); - if ( $this->load > $board_config['limit_load'] ) + if ( $this->load > intval($board_config['limit_load']) ) { - message_die(MESSAGE, 'Board_unavailable'); + trigger_error('Board_unavailable'); } } } @@ -72,20 +86,20 @@ class session { AND u.user_id = s.session_user_id"; $result = $db->sql_query($sql); - $userdata = $db->sql_fetchrow($result); + $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Did the session exist in the DB? - if ( isset($userdata['user_id']) ) + if ( isset($this->data['user_id']) ) { // Validate IP length according to admin ... has no effect on IPv6 - $s_ip = implode('.', array_slice(explode('.', $userdata['session_ip']), 0, $board_config['ip_check'])); - $u_ip = implode('.', array_slice(explode('.', $user_ip), 0, $board_config['ip_check'])); + $s_ip = implode('.', array_slice(explode('.', $this->data['session_ip']), 0, $board_config['ip_check'])); + $u_ip = implode('.', array_slice(explode('.', $this->ip), 0, $board_config['ip_check'])); if ( $u_ip == $s_ip ) { // Only update session DB a minute or so after last update or if page changes - if ( ( $current_time - $userdata['session_time'] > 60 || $userdata['session_page'] != $user_page ) && $update ) + if ( ( $current_time - $this->data['session_time'] > 60 || $this->data['session_page'] != $user_page ) && $update ) { $sql = "UPDATE " . SESSIONS_TABLE . " SET session_time = $current_time, session_page = '$this->page' @@ -93,7 +107,7 @@ class session { $db->sql_query($sql); } - return $userdata; + return true; } } } @@ -109,7 +123,7 @@ class session { // Create a new session function create(&$user_id, &$autologin) { - global $SID, $db, $board_config, $user_ip; + global $SID, $db, $board_config; $sessiondata = array(); $current_time = time(); @@ -127,7 +141,7 @@ class session { if ( intval($row['sessions']) > intval($board_config['active_sessions']) ) { - message_die(MESSAGE, 'Board_unavailable'); + trigger_error('Board_unavailable'); } } @@ -146,14 +160,14 @@ class session { ORDER BY s.session_time DESC"; $result = $db->sql_query($sql); - $userdata = $db->sql_fetchrow($result); + $this->data = $db->sql_fetchrow($result); $db->sql_freeresult($result); // Check autologin request, is it valid? - if ( $userdata['user_password'] != $autologin || !$userdata['user_active'] || !$user_id ) + if ( $this->data['user_password'] != $autologin || !$this->data['user_active'] || !$user_id ) { $autologin = ''; - $userdata['user_id'] = $user_id = ANONYMOUS; + $this->data['user_id'] = $user_id = ANONYMOUS; } $sql = "SELECT ban_ip, ban_userid, ban_email @@ -162,30 +176,26 @@ class session { OR ban_end = 0"; $result = $db->sql_query($sql); - if ( $row = $db->sql_fetchrow($result) ) + while ( $row = $db->sql_fetchrow($result) ) { - do + if ( ( $row['user_id'] == $this->data['user_id'] || + ( $row['ban_ip'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $this->ip) ) || + ( $row['ban_email'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $this->data['user_email']) ) ) + && !$this->data['user_founder'] ) { - if ( ( $row['user_id'] == $userdata['user_id'] || - ( $row['ban_ip'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_ip']) . '$#i', $user_ip) ) || - ( $row['ban_email'] && preg_match('#^' . str_replace('*', '.*?', $row['ban_email']) . '$#i', $userdata['user_email']) ) ) - && !$userdata['user_founder'] ) - { - message_die(MESSAGE, 'You_been_banned'); - } + trigger_error('You_been_banned'); } - while ( $row = $db->sql_fetchrow($result) ); } $db->sql_freeresult($result); // Is there an existing session? If so, grab last visit time from that - $userdata['session_last_visit'] = ( $userdata['session_time'] ) ? $userdata['session_time'] : ( ( $userdata['user_lastvisit'] ) ? $userdata['user_lastvisit'] : time() ); + $this->data['session_last_visit'] = ( $this->data['session_time'] ) ? $this->data['session_time'] : ( ( $this->data['user_lastvisit'] ) ? $this->data['user_lastvisit'] : time() ); // Create or update the session $db->sql_return_on_error(true); $sql = "UPDATE " . SESSIONS_TABLE . " - SET session_user_id = $user_id, session_last_visit = " . $userdata['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$this->browser', session_page = '$this->page' + SET session_user_id = $user_id, session_last_visit = " . $this->data['session_last_visit'] . ", session_start = $current_time, session_time = $current_time, session_browser = '$this->browser', session_page = '$this->page' WHERE session_id = '" . $this->session_id . "'"; if ( !$db->sql_query($sql) || !$db->sql_affectedrows() ) { @@ -194,12 +204,12 @@ class session { $sql = "INSERT INTO " . SESSIONS_TABLE . " (session_id, session_user_id, session_last_visit, session_start, session_time, session_ip, session_browser, session_page) - VALUES ('" . $this->session_id . "', $user_id, " . $userdata['session_last_visit'] . ", $current_time, $current_time, '$user_ip', '$this->browser', '$this->page')"; + VALUES ('" . $this->session_id . "', $user_id, " . $this->data['session_last_visit'] . ", $current_time, $current_time, '$this->ip', '$this->browser', '$this->page')"; $db->sql_query($sql); } $db->sql_return_on_error(false); - $userdata['session_id'] = $this->session_id; + $this->data['session_id'] = $this->session_id; $sessiondata['autologinid'] = ( $autologin && $user_id ) ? $autologin : ''; $sessiondata['userid'] = $user_id; @@ -208,17 +218,23 @@ class session { $this->set_cookie('sid', $this->session_id, 0); $SID = '?sid=' . $this->session_id; - // Events ... ? - if ( $userdata['user_id'] ) + if ( $this->data['user_id'] ) { + // Events ... ? // do_events('days'); + + // First page ... ? +// if (!empty($this->data['user_firstpage'])) +// { +// redirect($userdata['user_firstpage']); +// } } - return $userdata; + return true; } // Destroy a session - function destroy(&$userdata) + function destroy() { global $SID, $db, $board_config; @@ -230,13 +246,13 @@ class session { // Delete existing session, update last visit info first! $sql = "UPDATE " . USERS_TABLE . " - SET user_lastvisit = " . intval($userdata['session_time']) . " - WHERE user_id = " . $userdata['user_id']; + SET user_lastvisit = " . intval($this->data['session_time']) . " + WHERE user_id = " . $this->data['user_id']; $db->sql_query($sql); $sql = "DELETE FROM " . SESSIONS_TABLE . " WHERE session_id = '" . $this->session_id . "' - AND session_user_id = " . $userdata['user_id']; + AND session_user_id = " . $this->data['user_id']; $db->sql_query($sql); $this->session_id = ''; @@ -247,14 +263,14 @@ class session { // Garbage collection function gc(&$current_time) { - global $db, $board_config, $user_ip; + global $db, $board_config; // Get expired sessions, only most recent for each user $sql = "SELECT session_user_id, MAX(session_time) AS recent_time FROM " . SESSIONS_TABLE . " WHERE session_time < " . ( $current_time - $board_config['session_length'] ) . " GROUP BY session_user_id - LIMIT 10"; + LIMIT 5"; $result = $db->sql_query($sql); $del_user_id = ''; @@ -282,9 +298,9 @@ class session { $db->sql_query($sql); } - if ( $del_sessions < 10 ) + if ( $del_sessions < 5 ) { - // Less than 10 sessions, update gc timer ... else we want gc + // Less than 5 sessions, update gc timer ... else we want gc // called again to delete other sessions $sql = "UPDATE " . CONFIG_TABLE . " SET config_value = '$current_time' @@ -306,60 +322,65 @@ class session { // Contains (at present) basic user methods such as configuration // creating date/time ... keep this? -class user +class user extends session { - var $lang_name; - var $lang_path; + var $lang = array(); + var $theme = array(); var $date_format; var $timezone; var $dst; - function user(&$userdata, $lang_set = false, $style = false) + var $lang_name; + var $lang_path; + var $img_lang; + + function setup($lang_set = false, $style = false) { - global $db, $template, $lang, $board_config, $theme, $images; - global $phpEx, $phpbb_root_path; + global $db, $template, $board_config, $phpEx, $phpbb_root_path; - if ( $userdata['user_id'] ) + if ( $this->data['user_id'] != ANONYMOUS ) { - $this->lang_name = ( file_exists($phpbb_root_path . 'language/' . $userdata['user_lang']) ) ? $userdata['user_lang'] : $board_config['default_lang']; + $this->lang_name = ( file_exists($phpbb_root_path . 'language/' . $this->data['user_lang']) ) ? $this->data['user_lang'] : $board_config['default_lang']; $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; - $this->date_format = $userdata['user_dateformat']; - $this->timezone = $userdata['user_timezone'] * 3600; - $this->dst = $userdata['user_dst'] * 3600; + $this->date_format = $this->data['user_dateformat']; + $this->timezone = $this->data['user_timezone'] * 3600; + $this->dst = $this->data['user_dst'] * 3600; } - else if ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) + else { $this->lang_name = $board_config['default_lang']; $this->lang_path = $phpbb_root_path . 'language/' . $this->lang_name . '/'; + $this->date_format = $board_config['default_dateformat']; + $this->timezone = $board_config['board_timezone'] * 3600; + $this->dst = 0; - $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); - foreach ( $accept_lang_ary as $accept_lang ) + if ( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ) { - // Set correct format ... guess full xx_YY form - $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); - if ( file_exists($phpbb_root_path . 'language/' . $accept_lang) ) - { - $this->lang_name = $accept_lang; - $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/'; - break; - } - else + $accept_lang_ary = explode(',', $_SERVER['HTTP_ACCEPT_LANGUAGE']); + foreach ( $accept_lang_ary as $accept_lang ) { - // No match on xx_YY so try xx - $accept_lang = substr($accept_lang, 0, 2); + // Set correct format ... guess full xx_YY form + $accept_lang = substr($accept_lang, 0, 2) . '_' . strtoupper(substr($accept_lang, 3, 2)); if ( file_exists($phpbb_root_path . 'language/' . $accept_lang) ) { $this->lang_name = $accept_lang; $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/'; break; } + else + { + // No match on xx_YY so try xx + $accept_lang = substr($accept_lang, 0, 2); + if ( file_exists($phpbb_root_path . 'language/' . $accept_lang) ) + { + $this->lang_name = $accept_lang; + $this->lang_path = $phpbb_root_path . 'language/' . $accept_lang . '/'; + break; + } + } } } - - $this->date_format = $board_config['default_dateformat']; - $this->timezone = $board_config['board_timezone'] * 3600; - $this->dst = 0; } include($this->lang_path . 'lang_main.' . $phpEx); @@ -367,6 +388,7 @@ class user { include($this->lang_path . 'lang_admin.' . $phpEx); } + /* if ( is_array($lang_set) ) { @@ -375,18 +397,18 @@ class user $lang_set = explode(',', $lang_set); foreach ( $lang_set as $lang_file ) { - include($this->lang_path . '/' . trim($lang_file) . '.' . $phpEx); + include($this->lang_path . '/' . $lang_file . '.' . $phpEx); } unset($lang_set); } else { include($this->lang_path . '/common.' . $phpEx); - include($this->lang_path . '/' . trim($lang_set) . '.' . $phpEx); + include($this->lang_path . '/' . $lang_set . '.' . $phpEx); } */ // Set up style - $style = ( $style ) ? $style : ( ( !$board_config['override_user_style'] && $userdata['user_id'] ) ? $userdata['user_style'] : $board_config['default_style'] ); + $style = ( $style ) ? $style : ( ( !$board_config['override_user_style'] && $this->data['user_id'] ) ? $this->data['user_style'] : $board_config['default_style'] ); $sql = "SELECT t.template_path, t.poll_length, t.pm_box_length, c.css_data, c.css_external, i.* FROM " . STYLES_TABLE . " s, " . STYLES_TPL_TABLE . " t, " . STYLES_CSS_TABLE . " c, " . STYLES_IMAGE_TABLE . " i @@ -396,33 +418,25 @@ class user AND i.imageset_id = s.imageset_id"; $result = $db->sql_query($sql); - if ( !($theme = $db->sql_fetchrow($result)) ) + if ( !($this->theme = $db->sql_fetchrow($result)) ) { message_die(ERROR, 'Could not get style data'); } - $template->set_template($theme['template_path']); - - $img_lang = ( file_exists('imagesets/' . $theme['imageset_path'] . '/' . $this->lang_name) ) ? $this->lang_name : $board_config['default_lang']; + $template->set_template($this->theme['template_path']); - $i10n = array('post_new', 'post_locked', 'post_pm', 'reply_new', 'reply_pm', 'reply_locked', 'icon_quote', 'icon_edit', 'icon_search', 'icon_profile', 'icon_pm', 'icon_email', 'icon_www', 'icon_icq', 'icon_aim', 'icon_yim', 'icon_msnm', 'icon_delete', 'icon_ip', 'icon_no_email', 'icon_no_www', 'icon_no_icq', 'icon_no_aim', 'icon_no_yim', 'icon_no_msnm'); - - foreach ( $i10n as $icon ) - { - $theme[$icon] = str_replace('{LANG}', $img_lang, $theme[$icon]); - } + $this->img_lang = ( file_exists($phpbb_root_path . 'imagesets/' . $this->theme['imageset_path'] . '/' . $this->lang_name) ) ? $this->lang_name : $board_config['default_lang']; return; } function format_date($gmepoch, $format = false) { - global $lang; static $lang_dates; if ( empty($lang_dates) ) { - foreach ( $lang['datetime'] as $match => $replace ) + foreach ( $this->lang['datetime'] as $match => $replace ) { $lang_dates[$match] = $replace; } @@ -431,6 +445,18 @@ class user $format = ( !$format ) ? $this->date_format : $format; return strtr(@gmdate($format, $gmepoch + $this->timezone + $this->dst), $lang_dates); } + + function img($img, $alt = '', $tag = false) + { + static $imgs; + + if (empty($imgs[$img])) + { + $imgs[$img] = '<img src=' . str_replace('{LANG}', $this->img_lang, $this->theme[$img]) . '" alt="' . $this->lang[$alt] . '" title="' . $this->lang[$alt] . '" />'; + } + + return $imgs[$img]; + } } // Will be keeping my eye of 'other products' to ensure these things don't @@ -438,29 +464,36 @@ class user class auth { var $founder = false; - var $acl = false; - var $options = array(); + var $acl = array(); + var $acl_options = array(); - function acl(&$userdata, $forum_id = false, $options = false) + function acl(&$userdata, $forum_id = false, $options_in = false, $options_or = false) { - global $db; + global $db, $acl_options; + + $this->acl_options = &$acl_options; if (!$this->founder = $userdata['user_founder']) { +// $mtime = explode(' ', microtime()); +// $starttime = $mtime[1] + $mtime[0]; +/* $in_sql = "'a_', 'f_list'"; + $or_sql = ''; - if ( $options ) + if ( is_array($options_in) ) { - if ( is_array($options) ) + foreach ( $options_in as $option ) { - foreach ( $options as $option ) - { - $in_sql .= ", '$option'"; - } + $in_sql .= ", '$option'"; } - else + } + + if ( is_array($options_or) ) + { + foreach ( $options_or as $option ) { - $or_sql = " OR auth_value LIKE '$option%'"; + $or_sql .= " OR auth_value LIKE '$option%'"; } } @@ -480,6 +513,9 @@ class auth } $db->sql_freeresult($result); +// $mtime = explode(' ', microtime()); +// echo $mtime[1] + $mtime[0] - $starttime . " :: "; + // This is preliminary and can no doubt be improved. The 12 in // the chunk_split relates to the current 96bits (12 bytes) per forum if ( !empty($userdata['user_permissions']) ) @@ -503,18 +539,84 @@ class auth $this->acl_cache($userdata); } -// $mtime = explode(' ', microtime()); -// echo $mtime[1] + $mtime[0] - $starttime . " :: "; +/* + $sql = "SELECT auth_value, global_id, local_id + FROM " . ACL_OPTIONS_TABLE . " + WHERE auth_value IN ($in_sql) $or_sql"; + $result = $db->sql_query($sql); + + while ( $row = $db->sql_fetchrow($result) ) + { + if ( isset($row['global_id']) ) + { + $this->options['global'][$row['auth_value']] = $row['global_id']; + } + if ( isset($row['local_id']) ) + { + $this->options['local'][$row['auth_value']] = $row['local_id']; + } + } + $db->sql_freeresult($result); +*/ + if ( empty($userdata['user_permissions']) ) + { + $this->acl_cache($userdata); + } + + // This is preliminary and can no doubt be improved + $global_chars = ceil(sizeof($this->acl_options['global']) / 8); + $local_chars = ceil(sizeof($this->acl_options['local']) / 8) + 2; + $globals = substr($userdata['user_permissions'], 0, $global_chars); + $locals = substr($userdata['user_permissions'], $global_chars); + + for($i = 0; $i < $global_chars; $i++) + { + $this->acl['global'] .= str_pad(decbin(ord(substr($globals, $i, 1))), 8, 0, STR_LEFT_PAD); + } + + $forums = explode("\r\n", chunk_split($locals, $local_chars)); + array_pop($forums); + foreach ( $forums as $forum ) + { + $forum_id = bindec(str_pad(decbin(ord(substr($forum, 0, 1))), 8, 0, STR_PAD_LEFT) . str_pad(decbin(ord(substr($forum, 1, 1))), 8, 0, STR_PAD_LEFT)); + + for($i = 2; $i < $local_chars; $i++) + { + $this->acl['local'][$forum_id] .= str_pad(decbin(ord(substr($forum, $i, 1))), 8, 0, STR_PAD_LEFT); + } + } + unset($forums); } +// $mtime = explode(' ', microtime()); +// echo $mtime[1] + $mtime[0] - $starttime . " :: "; + return; } // Look up an option function acl_get($option, $forum_id = 0) { - return ( $this->founder ) ? true : substr($this->acl[$forum_id], $this->options[$option], 1); -// return ( $this->founder ) ? true : $this->acl[$forum_id][$option]; + static $acl_cache; +/* + if ( !isset($acl_cache[$forum_id][$option]) && !$this->founder ) + { + $acl_cache[$forum_id][$option] = substr($this->acl[$forum_id], $this->options[$option], 1); + } +*/ + if ( !isset($acl_cache[$forum_id][$option]) && !$this->founder ) + { + if ( isset($this->acl_options['global'][$option]) ) + { + $acl_cache[$forum_id][$option] = substr($this->acl['global'], $this->acl_options['global'][$option], 1); + } + if ( isset($this->acl_options['local'][$option]) ) + { + $acl_cache[$forum_id][$option] |= substr($this->acl['local'][$forum_id], $this->acl_options['local'][$option], 1); + } + } + + return ( $this->founder ) ? true : $acl_cache[$forum_id][$option]; } // Cache data @@ -522,28 +624,18 @@ class auth { global $db; - $sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_option_id, ao.auth_value + $acl_db = array(); + + $sql = "SELECT a.forum_id, a.auth_allow_deny, ao.auth_value FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " ao, " . USER_GROUP_TABLE . " ug WHERE ug.user_id = " . $userdata['user_id'] . " AND a.group_id = ug.group_id AND ao.auth_option_id = a.auth_option_id"; $result = $db->sql_query($sql); - if ( $row = $db->sql_fetchrow($result) ) + while ( $row = $db->sql_fetchrow($result) ) { - do - { - switch ( $this->acl[$row['forum_id']][$row['auth_option_id']] ) - { - case ACL_PERMIT: - case ACL_DENY: - case ACL_PREVENT: - break; - default: - $this->acl[$row['forum_id']][$row['auth_option_id']] = $row['auth_allow_deny']; - } - } - while ( $row = $db->sql_fetchrow($result) ); + $acl_db[] = $row; } $db->sql_freeresult($result); @@ -553,33 +645,30 @@ class auth AND ao.auth_option_id = a.auth_option_id"; $result = $db->sql_query($sql); - if ( $row = $db->sql_fetchrow($result) ) + while ( $row = $db->sql_fetchrow($result) ) + { + $acl_db[] = $row; + } + $db->sql_freeresult($result); + + if ( is_array($acl_db) ) { - do + sort($acl_db); +/* foreach ( $acl_db as $row ) { - switch ( $this->acl[$row['forum_id']][$row['auth_option_id']] ) + if ( $row['auth_allow_deny'] != ACL_INHERIT && $this->acl[$row['forum_id']][$row['auth_value']] !== ACL_DENY ) { - case ACL_PERMIT: - case ACL_PREVENT: - break; - default: - $this->acl[$row['forum_id']][$row['auth_option_id']] = $row['auth_allow_deny']; - break; + $this->acl[$row['forum_id']][$row['auth_option_id']] = intval($row['auth_allow_deny']); } } - while ( $row = $db->sql_fetchrow($result) ); - } - $db->sql_freeresult($result); + unset($acl_db); - if ( is_array($this->acl) ) - { foreach ( $this->acl as $forum_id => $auth_ary ) { $holding = array(); for($i = 0; $i < 80; $i++) { - $allow = ( isset($this->acl[$forum_id][$i]) ) ? $this->acl[$forum_id][$i] : 0; - $holding[] = ( $allow == ACL_ALLOW || $allow == ACL_PERMIT ) ? 1 : 0; + $holding[] = ( isset($this->acl[$forum_id][$i]) ) ? $this->acl[$forum_id][$i] : 0; } $bitstring = explode("\r\n", chunk_split(str_pad(decbin($forum_id), 16, 0, STR_PAD_LEFT) . implode('', $holding), 8)); @@ -589,8 +678,75 @@ class auth $userdata['user_permissions'] .= chr(bindec($byte)); } } + unset($holding);*/ + + foreach ( $acl_db as $row ) + { + if ( $row['auth_allow_deny'] != ACL_INHERIT && $this->acl[$row['forum_id']][$row['auth_value']] !== ACL_DENY ) + { + $this->acl[$row['forum_id']][$row['auth_value']] = intval($row['auth_allow_deny']); + } + } + unset($acl_db); + + $global_bits = 8 * ceil(sizeof($this->acl_options['global']) / 8); + $local_bits = 8 * ceil(sizeof($this->acl_options['local']) / 8 ); + $local_hold = ''; + $global_hold = ''; + + foreach ( $this->acl as $forum_id => $auth_ary ) + { + $holding = array(); + + if ( !$forum_id ) + { + $fill = $global_bits; + $ary_key = 'global'; + $hold_str = 'global_hold'; + } + else + { + $fill = $local_bits; + $ary_key = 'local'; + $hold_str = 'local_hold'; + } + + for($i = 0; $i < $fill; $i++) + { + $holding[$i] = 0; + } + + foreach ( $auth_ary as $option => $allow ) + { + if ( $allow ) + { + $holding[$this->acl_options[$ary_key][$option]] = 1; + } + } + + $forum_id = ( $forum_id ) ? str_pad(decbin($forum_id), 16, 0, STR_PAD_LEFT) : ''; + $bitstring = explode("\r\n", chunk_split($forum_id . implode('', $holding), 8)); + array_pop($bitstring); + + foreach ( $bitstring as $byte ) + { + $$hold_str .= chr(bindec($byte)); + } + } unset($holding); + if ( $global_hold == '' ) + { + for($i = 0; $i < $global_bits; $i++) + { + $global_hold .= '0'; + } + } + + $userdata['user_permissions'] .= $global_hold . $local_hold; + unset($global_hold); + unset($local_hold); + $sql = "UPDATE " . USERS_TABLE . " SET user_permissions = '" . addslashes($userdata['user_permissions']) . "' WHERE user_id = " . $userdata['user_id']; @@ -625,7 +781,7 @@ class auth } } - message_die(ERROR, 'Authentication method not found'); + trigger_error('Authentication method not found', E_USER_ERROR); } } |