+ $forum_sql = "WHERE forum_id = $forum_id";

+ $sql = "UPDATE " . FORUMS_TABLE . " SET ";

+ $sql = "UPDATE " . FORUMS_TABLE . " SET ";

+$sql = "SELECT *

+ ORDER BY forum_id ASC";

+$adv = (isset($HTTP_GET_VARS['adv'])) ? $HTTP_GET_VARS['adv'] : -1;

+

+if(isset($HTTP_POST_VARS['submit']) && !empty($HTTP_POST_VARS[POST_USERS_URL]))

+ $user_id = $HTTP_POST_VARS[POST_USERS_URL];

+

+ //

+ // This is where things become fun ...

+ //

+ // We have to do a pile of cross-checking

+ // to ensure what the admin has requested

+ // for a user doesn't conflict with

+ // permissions already assigned. If they

+ // do we warn the admin and give them

+ // options ... where possible

+ //

+

+ //

+ // Get group_id for this user_id

+ //

+ $sql_groupid = "SELECT group_id

+ FROM " . USER_GROUP_TABLE . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_groupid))

+ {

+ // Error no such user/group

+ }

+ list($group_id) = $db->sql_fetchrow($result);

+

+ //

+ // Carry out requests

+ //

+ if( !$HTTP_POST_VARS['makeadmin'] && $HTTP_POST_VARS['curadmin'] )

+ {

+ //

+ // Delete any entries granting moderator

+ // status in auth_access

+ //

+ $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . "

+ WHERE group_id = $group_id";

+ if(!$result = $db->sql_query($sql_unmod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ $sql_userlevel = "UPDATE " . USERS_TABLE . "

+ SET user_level = " . USER . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_userlevel))

+ {

+ // Error, couldn't set user level

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+ else if( $HTTP_POST_VARS['makeadmin'] && !$HTTP_POST_VARS['curadmin'] )

+ {

+ //

+ // Need to switch on admin

+ // level, this also requires

+ // we remove this user from all

+ // auth fields(?)

+ //

+ $sql_userlevel = "UPDATE " . USERS_TABLE . "

+ SET user_level = " . ADMIN . "

+ WHERE user_id = $user_id";

+ if(!$result = $db->sql_query($sql_userlevel))

+ {

+ // Error, couldn't set user level

+ }

+

+ //

+ // Delete any entries in auth_access, they

+ // are unrequired if user is becoming an

+ // admin

+ //

+ $sql_unmod = "DELETE FROM " . AUTH_ACCESS_TABLE . "

+ WHERE aa.group_id = $group_id";

+ if(!$result = $db->sql_query($sql_unmod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ //

+ // Remove user from any groups

+ //

+ $sql_rmgrp = "DELETE FROM " . USER_GROUP_TABLE . "

+ WHERE user_id = $user_id

+ AND group_id <> $group_id";

+ if(!$result = $db->sql_query($sql_rmgrp))

+ {

+ // Error, couldn't delete entries

+ }

+

+

+ $sql_mod = "INSERT INTO " . AUTH_ACCESS_TABLE . " (group_id, forum_id, auth_mod)

+ VALUES ($group_id, 0, 1)";

+ if(!$result = $db->sql_query($sql_mod))

+ {

+ // Error, couldn't delete entries

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+ else

+ {

+ //

+ // Pull all the group info

+ // for this user

+ //

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, g.group_single_user

+ FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g

+ WHERE ug.user_id = $user_id

+ AND g.group_id = ug.group_id

+ AND aa.group_id = ug.group_id

+ AND g.group_single_user <> 1";

+ $au_result = $db->sql_query($sql);

+

+ $num_u_access = $db->sql_numrows($au_result);

+ if($num_u_access)

+ {

+ $u_access = $db->sql_fetchrowset($au_result);

+ }

+

+ header("Location: userauth.$phpEx?" . POST_USERS_URL . "=$user_id");

+

+ }

+

+else if(empty($HTTP_GET_VARS[POST_USERS_URL]))

+ //

+ // Default user selection box

+ // This should be altered on the final

+ // system to list users via an alphabetical

+ // selection system ... otherwise this

+ // could get 'cumbersome' for boards

+ // with several thousand users!

+ //

+ $sql = "SELECT user_id, username

+ FROM ".USERS_TABLE;

+ $u_result = $db->sql_query($sql);

+ $user_list = $db->sql_fetchrowset($u_result);

+ $select_list = "<select name=\"" . POST_USERS_URL . "\">";

+ for($i = 0; $i < count($user_list); $i++)

+ {

+ $select_list .= "<option value=\"" . $user_list[$i]['user_id'] . "\">" . $user_list[$i]['username'] . "</option>";

+ }

+ $select_list .= "</select>";

+ "body" => "admin/userauth_select_body.tpl"));

+

+ $template->assign_vars(array(

+ "S_USERAUTH_ACTION" => append_sid("userauth.$phpEx"),

+ "S_USERS_SELECT" => $select_list,

+

+ "U_FORUMAUTH" => append_sid("forumauth.$phpEx"))

+ );

+

+ $template->pparse("body");

+

+ exit;

+

+}

+

+ $template->set_filenames(array(

+ "body" => "admin/userauth_body.tpl")

+ );

+ $sql = "SELECT forum_id, forum_name, auth_view, auth_read, auth_post, auth_reply, auth_edit, auth_delete, auth_announce, auth_sticky, auth_votecreate, auth_vote, auth_attachments

+ FROM " . FORUMS_TABLE;

+ $sql = "SELECT aa.forum_id, aa.auth_view, aa.auth_read, aa.auth_post, aa.auth_reply, aa.auth_edit, aa.auth_delete, aa.auth_votecreate, aa.auth_vote, aa.auth_attachments, aa.auth_mod, aa.auth_admin, g.group_single_user

+ $is_admin = ($userinf[0]['user_level'] == ADMIN && $userinf[0]['user_id'] != ANONYMOUS) ? 1 : 0;

+ $value = $forum_access[$i][$key];

+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;

+ $auth_user[$f_forum_id][$key] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0;

+ $auth_user[$f_forum_id]['auth_mod'] = ($user_id != ANONYMOUS) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;

+ $optionlist_grant .= "<option value=\"1\" selected>Allowed Access</option>";

+ $optionlist_grant .= "<option value=\"1\">Allowed Access</option><option value=\"0\" selected>Disallowed Access</option>";

+ $optionlist_mod = "<option value=\"1\" selected>Is a Moderator</option>";

+ $optionlist_mod = "<option value=\"1\">Is a Moderator</option><option value=\"0\" selected>Is not a Moderator</option>";

+ $template->assign_block_vars("forums", array(

+ echo "\t<td bgcolor=\"#DDDDDD\"><a href=\"userauth.$phpEx?" . POST_FORUM_URL . "=$forumkey&" . POST_USERS_URL . "=$user_id\">" . $f_access[$i]['forum_name'] . "</a></td>\n";

+ $t_username .= $userinf[0]['username'];

+ $t_usertype = ($is_admin) ? "an <b>Administrator</b>" : "a <b>User</b>";

+ for($i = 0; $i < count($userinf); $i++)

+ if(!$userinf[$i]['group_single_user'])

+ {

+ $group_name[] = $userinf[$i]['group_name'];

+ $group_id[] = $userinf[$i]['group_id'];

+ }

+ }

+

+ if(count($group_name))

+ {

+ $t_usergroup_list = "belongs to the following groups; ";

+ for($i = 0; $i < count($userinf); $i++)

+ {

+ $t_usergroup_list .= "<a href=\"groupauth.$phpEx?" . POST_GROUPS_URL . "=" . $group_id[$i] . "\">" . $group_name[$i] . "</a>";

+ if($i < count($group_name) - 1)

+ {

+ $t_usergroup_list .= ", ";

+ }

+ }

+ }

+ else

+ {

+ $t_usergroup_list = "belongs to no usergroups.";

+ $s_hidden_fields = "<input type=\"hidden\" name=\"" . POST_USERS_URL . "\" value=\"$user_id\">";

+ $s_hidden_fields .= "<input type=\"hidden\" name=\"curadmin\" value=\"" . $is_admin ."\">";

+ $s_hidden_fields .= "<input type=\"hidden\" name=\"" . POST_GROUPS_URL . "\" value=\"" . "\">";

+ "USERNAME" => $t_username,

+ "USERTYPE" => $t_usertype,

+ "S_ADMIN_CHECK_SELECTED" => (($is_admin) ? " checked" : ""),

+

+ "S_USER_AUTH_ACTION" => append_sid("userauth.$phpEx"),

+ "S_HIDDEN_FIELDS" => $s_hidden_fields,

+

+ "USER_GROUP_LIST" => $t_usergroup_list)

+ exit;

+ FROM ".FORUMS_TABLE." au

+ $forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND ( au.forum_id = $forum_id OR au.forum_id = 0 )" : "";

+

+ WHERE ( aa.forum_id = f.forum_id OR aa.forum_id = 0 )

+ $is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata);

+ $sql .= ($is_auth_ary[$searchforum]['auth_read']) ? " AND (f.forum_id = '$searchforum')" : "";

+$is_auth_ary = auth(AUTH_READ, AUTH_LIST_ALL, $userdata);

+

+ if($is_auth_ary[$row['forum_id']]['auth_read'])

+<p>This user is {USERTYPE} and {USER_GROUP_LIST}

+<form method="post" action="{S_USER_AUTH_ACTION}">

+<input type="checkbox" name="makeadmin" value="1"{S_ADMIN_CHECK_SELECTED}> Checked if user should be an Administrator<br>

+<input type="checkbox" name="makesupermod" value="1"{S_SUPERMOD_CHECK_SELECTED}> Checked if user should be a Super Moderator</p>

+<h3>Access to Forums</h3>

+<p>The following table lists all forums on you board. Different colour rows indicate different levels of authorisation required for a user to do one or more basic function, eg. view, read, post, reply. By design Administrators have access to and are moderators of every forum (you cannot alter individual settings for Administrators, you must first set them as users by unchecking the box above)</p>

+ <!-- BEGIN forums -->

+ <tr>

+ <td class="{forums.ROW_CLASS}">{forums.FORUM_NAME}</td>

+ <td class="{forums.ROW_CLASS}">{forums.SELECT_GRANT_LIST}</td>

+ <td class="{forums.ROW_CLASS}">{forums.SELECT_MOD_LIST}</td>

+ </tr>

+ <!-- END forums -->

+ <td colspan="3" align="center">{S_HIDDEN_FIELDS}<input type="submit" name="submit" value="Request Update">&nbsp;&nbsp;&nbsp;<input type="reset" value="Reset Changes"></td>

+</form>

+ WHERE f.forum_id = $forum_id

+ AND ( aa.forum_id = f.forum_id OR aa.forum_id = 0 )

+

+ $pm_img = "<a href=\"" . append_sid("privmsg.$phpEx?mode=post&" . POST_USERS_URL. "=$poster_id") . "\"><img src=\"". $images['privmsg'] . "\" alt=\"" . $lang['Private_messaging'] . "\" border=\"0\"></a>";

+

+ "PM_IMG" => $pm_img,