aboutsummaryrefslogtreecommitdiffstats
path: root/phpBB
diff options
context:
space:
mode:
Diffstat (limited to 'phpBB')
-rw-r--r--phpBB/includes/auth.php393
1 files changed, 231 insertions, 162 deletions
diff --git a/phpBB/includes/auth.php b/phpBB/includes/auth.php
index ee9d452360..8e75eada67 100644
--- a/phpBB/includes/auth.php
+++ b/phpBB/includes/auth.php
@@ -24,7 +24,7 @@
/*
$type's accepted (eventually!):
- VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE, MOD, ADMIN
+ VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE
Possible options to send to auth (not all are functional yet!):
@@ -108,12 +108,30 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
if($f_access == -1)
{
$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE aa.forum_id = $forum_id" : "";
- $sql = "SELECT $a_sql
+ $sql = "SELECT aa.forum_id, $a_sql
FROM ".AUTH_FORUMS_TABLE." aa
$forum_match_sql";
$af_result = $db->sql_query($sql);
- $f_access = $db->sql_fetchrow($af_result);
+ if(!$af_result)
+ {
+ error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
+ }
+ else
+ {
+ if(!$db->sql_numrows($af_result))
+ {
+ error_die(GENERAL_ERROR, "No forum access control lists exist!");
+ }
+ else
+ {
+ $f_access = $db->sql_fetchrowset($af_result);
+ }
+ }
+ }
+ else
+ {
+
}
//
@@ -123,24 +141,24 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
// they're good to go, if not then they
// are denied access
//
+ $auth_user = array();
+
if(!$userdata['session_logged_in'])
{
- $auth_user = array();
-
- if($forum_id != AUTH_LIST_ALL)
+ for($j = 0; $j < count($auth_fields); $j++)
{
- for($i = 0; $i < count($f_access); $i++)
+ $key = $auth_fields[$j];
+
+ if($forum_id != AUTH_LIST_ALL)
{
- $auth_user[$auth_fields[$i]] = ($f_access[$auth_fields[$i]] == AUTH_ALL) ? 1 : 0;
+ $auth_user[$key] = ($f_access[$key] == AUTH_ALL) ? 1 : 0;
}
- }
- else
- {
- for($i = 0; $i < count($f_access); $i++)
+ else
{
- for($j = 0; $j < count($auth_fields); $j++)
+ for($i = 0; $i < count($f_access); $i++)
{
- $auth_user[$f_access[$i]['forum_id']][$auth_fields[$j]] = ($f_access[$i][$auth_fields[$j]] == AUTH_ALL) ? 1 : 0;
+ $forum_id = $f_access[$i]['forum_id'];
+ $auth_user[$forum_id][$key] = ($f_access[$i][$key] == AUTH_ALL) ? 1 : 0;
}
}
}
@@ -155,190 +173,241 @@ function auth($type, $forum_id, $userdata, $f_access = -1)
AND aa.group_id = ug.group_id
$forum_match_sql";
$au_result = $db->sql_query($sql);
- $u_access = $db->sql_fetchrowset($au_result);
+ if(!$au_result)
+ {
+ error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
+ }
- $num_forums = (is_array($f_access[0])) ? count($f_access) : 1;
+ $num_u_access = $db->sql_numrows($au_result);
+ if($num_u_access)
+ {
+ $u_access = $db->sql_fetchrowset($au_result);
+ }
$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
-
$auth_user = array();
- for($k = 0; $k < $num_forums; $k++)
+
+ for($i = 0; $i < count($auth_fields); $i++)
{
- for($i = 0; $i < count($auth_fields); $i++)
- {
- $key = $auth_fields[$i];
- $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$f_access[$k]['forum_id']][$key];
+ $key = $auth_fields[$i];
+ $value = ($forum_id != AUTH_LIST_ALL) ? $f_access[$key] : $f_access[$k][$key];
+ if(!$num_u_access)
+ {
//
- // If the user is logged on and the forum
- // type is either ALL or REG then the user
- // has access
+ // If no rows for this user where
+ // returned then auth is only true
+ // if the key has a value of ALL || REG
//
- if($value == AUTH_ALL || $value == AUTH_REG)
+ if($forum_id != AUTH_LIST_ALL)
{
- if($forum_id != AUTH_LIST_ALL)
- {
- $auth_user[$key] = 1;
- }
- else
- {
- $auth_user[$f_access[$k]['forum_id']][$key] = 1;
- }
+ $auth_user[$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
}
else
{
- //
- // If the type if ACL, MOD or ADMIN
- // then we need to see if the user has
- // specific permissions to do whatever it
- // is they want to do ... to do this
- // we pull relevant information for the user
- // (and any groups they belong to)
- //
-
- $single_user = 0;
-
- //
- // Now we compare the users access level
- // against the forums We assume here that
- // a moderator and admin automatically have
- // access to an ACL forum, similarly we assume
- // admins meet an auth requirement of MOD
- //
- // The access level assigned to a single user
- // automatically takes precedence over any
- // levels granted by that user being a member
- // of a multi-user usergroup, eg. a user
- // who is banned from a forum won't gain
- // access to it even if they belong to a group
- // which has access (and vice versa). This
- // check is done via the single_user check
- //
- // PS : I appologise for the fantastically clear
- // and hugely readable code here ;) Simple gist
- // is, if this row of auth_access doesn't represent
- // a single user then OR the contents of relevant auth_access
- // levels against the current level (allows
- // maximum group privileges to be assigned). If
- // the row does represent a single user then forget
- // any previous group results and instead set
- // the auth to whatever the OR'd contents of the
- // access levels are.
- //
- switch($value)
+ for($k = 0; $k < count($f_access); $k++)
{
- case AUTH_ACL:
- for($j = 0; $j < count($u_access); $j++)
- {
- if(!$single_user)
- {
- $single_user = $u_access[$j]['group_single_user'];
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = ($value == AUTH_ALL || $value == AUTH_REG) ? 1 : 0;
+ }
+ }
+ }
+ else
+ {
+ //
+ // If the user is logged on and the forum type is either
+ // ALL or REG then the user has access
+ //
+ // If the type if ACL, MOD or ADMIN then we need to see
+ // if the user has specific permissions to do whatever it
+ // is they want to do ... to do this we pull relevant
+ // information for the user (and any groups they belong to)
+ //
+ // Now we compare the users access level against the forums
+ // We assume here that a moderator and admin automatically
+ // have access to an ACL forum, similarly we assume admins
+ // meet an auth requirement of MOD
+ //
+ // The access level assigned to a single user automatically
+ // takes precedence over any levels granted by that user being
+ // a member of a multi-user usergroup, eg. a user who is banned
+ // from a forum won't gain access to it even if they belong to
+ // a group which has access (and vice versa). This check is
+ // done via the single_user check
+ //
+ // PS : I appologise for the fantastically clear and hugely
+ // readable code here ;) Simple gist is, if this row of
+ // auth_access doesn't represent a single user then OR the
+ // contents of relevant auth_access levels against the current
+ // level (allows maximum group privileges to be assigned). If
+ // the row does represent a single user then forget any previous
+ // group results and instead set the auth to whatever the OR'd
+ // contents of the access levels are.
+ //
- $result = (!$single_user) ? ($auth_user[$key] || $u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin) : ($u_access[$j][$key] || $u_access[$i]['auth_mod'] || $is_admin);
-
- if($forum_id != AUTH_LIST_ALL)
- {
- $auth_user[$key] = $result;
- }
- else
- {
- $auth_user[$f_access[$k]['forum_id']][$key] = $result;
- }
- }
+ switch($value)
+ {
+ case AUTH_ALL:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = 1;
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
+ {
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = 1;
}
- break;
-
- case AUTH_MOD:
- for($j = 0; $j < count($u_access); $j++)
+ }
+ break;
+
+ case AUTH_REG:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = 1;
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- if(!$single_user)
- {
- $single_user = $u_access[$j]['group_single_user'];
-
- $auth_user[$key] = (!$single_user) ? ($auth_user[$key] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
-
- if($forum_id != AUTH_LIST_ALL)
- {
- $auth_user[$key] = $result;
- }
- else
- {
- $auth_user[$f_access[$k]['forum_id']][$key] = $result;
- }
- }
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = 1;
}
- break;
-
- case AUTH_ADMIN:
- //
- // Pretty redundant right now ...
- //
- if($forum_id != AUTH_LIST_ALL)
+ }
+ break;
+
+ case AUTH_ACL:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- $auth_user[$key] = $is_admin;
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
}
- else
+ }
+ break;
+
+ case AUTH_MOD:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- $auth_user[$f_access[$k]['forum_id']][$key] = $is_admin;
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = auth_check_user(AUTH_ACL, $key, $u_access, $is_admin);
}
- break;
-
- default:
- if($forum_id != AUTH_LIST_ALL)
+ }
+ break;
+
+ case AUTH_ADMIN:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = $is_admin;
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- $auth_user[$key] = 0;
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = $is_admin;
}
- else
+ }
+ break;
+
+ default:
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user[$key] = 0;
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- $auth_user[$f_access[$k]['forum_id']][$key] = 0;
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id][$key] = 0;
}
- break;
- }
+ }
+ break;
}
}
- //
- // Is user a moderator?
- //
- $single_user = 0;
- for($j = 0; $j < count($u_access); $j++)
+ }
+ //
+ // Is user a moderator?
+ //
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- if(!$single_user)
- {
- $single_user = $u_access[$j]['group_single_user'];
-
- $result = (!$single_user) ? ($auth_user['auth_mod'] || $u_access[$j]['auth_mod'] || $is_admin) : ($u_access[$j]['auth_mod'] || $is_admin);
-
- if($forum_id != AUTH_LIST_ALL)
- {
- $auth_user['auth_mod'] = $result;
- }
- else
- {
- $auth_user[$f_access[$k]['forum_id']]['auth_mod'] = $result;
- }
- }
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id]['auth_mod'] = auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin);
}
+ }
- //
- // Is user an admin (this is
- // really redundant at this time)
- //
- if($forum_id != AUTH_LIST_ALL)
+ //
+ // Is user an admin (this is
+ // really redundant at this time)
+ //
+ if($forum_id != AUTH_LIST_ALL)
+ {
+ $auth_user['auth_admin'] = $is_admin;
+ }
+ else
+ {
+ for($k = 0; $k < count($f_access); $k++)
{
- $auth_user['auth_admin'] = $is_admin;
+ $f_forum_id = $f_access[$k]['forum_id'];
+ $auth_user[$f_forum_id]['auth_admin'] = $is_admin;
}
- else
+ }
+ }
+
+ return $auth_user;
+
+}
+
+function auth_check_user($type, $key, $u_access, $is_admin)
+{
+
+ $single_user = 0;
+ $auth_user = 0;
+
+ for($j = 0; $j < count($u_access); $j++)
+ {
+ if(!$single_user)
+ {
+ $single_user = $u_access[$j]['group_single_user'];
+
+ $result = 0;
+ switch($type)
{
- $auth_user[$f_access[$k]['forum_id']]['auth_admin'] = $is_admin;
+ case AUTH_ACL:
+ $result = $u_access[$j][$key];
+
+ case AUTH_MOD:
+ $result = $result || $u_access[$j]['auth_mod'];
+
+ case AUTH_ADMIN:
+ $result = $result || $is_admin;
+ break;
}
+
+ $auth_user = (!$single_user) ? ( $auth_user || $result ) : $result;
+
}
}
-
- //
- // This currently only returns 1 or 0
- // however it will also return an array if a listing
- // of all forums to which a user has access was requested.
- //
+
return $auth_user;
}
generated by cgit v1.2.1 (git 2.21.0) at 2025-03-18 05:17:57 +0000