acl_get('a_auth')) ? $filename . $SID . '&mode=forums' : ''; $module['FORUM']['MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=moderators' : ''; $module['FORUM']['SUPER_MODERATORS'] = ($auth->acl_get('a_authmods')) ? $filename . $SID . '&mode=supermoderators' : ''; $module['GENERAL']['ADMINISTRATORS'] = ($auth->acl_get('a_authadmins')) ? $filename . $SID . '&mode=administrators' : ''; $module['USER']['PERMISSIONS'] = ($auth->acl_get('a_authusers')) ? $filename . $SID . '&mode=users' : ''; $module['GROUP']['PERMISSIONS'] = ($auth->acl_get('a_authgroups')) ? $filename . $SID . '&mode=groups' : ''; return; } define('IN_PHPBB', 1); // Include files $phpbb_root_path = '../'; require($phpbb_root_path . 'extension.inc'); require('pagestart.' . $phpEx); // Define some vars $forum_id = 0; $forum_sql = ''; if (isset($_REQUEST['f'])) { $forum_id = intval($_REQUEST['f']); $forum_sql = " WHERE forum_id = $forum_id"; } $mode = (isset($_REQUEST['mode'])) ? $_REQUEST['mode'] : ''; $username = (isset($_REQUEST['username'])) ? $_REQUEST['username'] : ''; $group_id = (isset($_REQUEST['g'])) ? intval($_REQUEST['g']) : ''; $entries = (isset($_POST['entries'])) ? $_POST['entries'] : ''; // Start program proper switch ($mode) { case 'forums': $l_title = $user->lang['PERMISSIONS']; $l_title_explain = $user->lang['PERMISSIONS_EXPLAIN']; $which_acl = 'a_auth'; $type_sql = 'f'; break; case 'moderators': $l_title = $user->lang['MODERATORS']; $l_title_explain = $user->lang['MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $type_sql = 'm'; break; case 'supermoderators': $l_title = $user->lang['SUPER_MODERATORS']; $l_title_explain = $user->lang['SUPER_MODERATORS_EXPLAIN']; $which_acl = 'a_authmods'; $type_sql = 'm'; break; case 'administrators': $l_title = $user->lang['ADMINISTRATORS']; $l_title_explain = $user->lang['ADMINISTRATORS_EXPLAIN']; $which_acl = 'a_authadmins'; $type_sql = 'a'; break; case 'users': $l_title = $user->lang['USER_PERMISSIONS']; $l_title_explain = $user->lang['USER_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authusers'; $type_sql = 'u'; break; case 'groups': $l_title = $user->lang['GROUP_PERMISSIONS']; $l_title_explain = $user->lang['GROUP_PERMISSIONS_EXPLAIN']; $which_acl = 'a_authgroups'; $type_sql = 'u'; break; } // Permission check if (!$auth->acl_get($which_acl)) { trigger_error($user->lang['NO_ADMIN']); } // Call update or delete, both can take multiple user/group // ids. Additionally inheritance is handled (by the auth API) switch ($_POST['runas']) { case 'now': if (isset($_POST['update'])) { $auth_admin = new auth_admin(); // Admin wants subforums to inherit permissions ... so handle this if (!empty($_POST['inherit'])) { array_push($_POST['inherit'], $forum_id); $forum_id = $_POST['inherit']; } foreach ($_POST['entries'] as $id) { $auth_admin->acl_set($_POST['type'], $forum_id, $id, $_POST['option']); } cache_moderators(); trigger_error('Permissions updated successfully'); } else if (isset($_POST['delete'])) { $auth_admin = new auth_admin(); $option_ids = false; if (!empty($_POST['option'])) { $sql = "SELECT auth_option_id FROM " . ACL_OPTIONS_TABLE . " WHERE auth_value LIKE '" . $_POST['option'] . "_%'"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { $option_ids = array(); do { $option_ids[] = $row['auth_option_id']; } while($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); } foreach ($_POST['entries'] as $id) { $auth_admin->acl_delete($_POST['type'], $forum_id, $id, $option_ids); } cache_moderators(); trigger_error('Permissions updated successfully'); } else if (isset($_POST['presetsave'])) { $holding_ary = array(); foreach ($_POST['option'] as $acl_option => $allow_deny) { switch ($allow_deny) { case ACL_ALLOW: $holding_ary['allow'][] = $acl_option; break; case ACL_DENY: $holding_ary['deny'][] = $acl_option; break; case ACL_INHERIT: $holding_ary['inherit'][] = $acl_option; break; } } $sql = array( 'preset_user_id' => $user->data['user_id'], 'preset_type' => $type_sql, 'preset_data' => $db->sql_escape(serialize($holding_ary)) ); if (!empty($_POST['presetname'])) { $sql['preset_name'] = $db->sql_escape($_POST['presetname']); } if (!empty($_POST['presetname']) || $_POST['presetoption'] != -1) { $sql = ($_POST['presetoption'] == -1) ? 'INSERT INTO ' . ACL_PRESETS_TABLE . ' ' . $db->sql_build_array('INSERT', $sql) : 'UPDATE ' . ACL_PRESETS_TABLE . ' SET ' . $db->sql_build_array('UPDATE', $sql) . ' WHERE preset_id =' . $_POST['presetoption']; $db->sql_query($sql); } } else if (isset($_POST['presetdel'])) { if (!empty($_POST['presetoption'])) { $sql = "DELETE FROM " . ACL_PRESETS_TABLE . " WHERE preset_id = " . intval($_POST['presetoption']); $db->sql_query($sql); } } break; case 'evt': if (isset($_POST['submit'])) { // user_ids are returned in user_id_ary, a simple array $evt_code = "\$auth_admin = new auth_admin(); if (!empty(\$evt_inherit)){ array_push(\$evt_inherit, intval(\$evt_f)); } foreach (\$user_id_ary as \$id) { \$auth_admin->acl_set('user', \$evt_inherit, intval(\$id), \$evt_option); } cache_moderators();"; // event_code, type (user or group), id's (of users/groups), ... other data ... event_create($evt_code, $_POST['type'], $_POST['entries'], array('mode' => $_POST['mode']), array('f' => $_POST['forum_id']), array('entries' => $_POST['entries']), array('inherit' => $_POST['inherit']), array('type' => $_POST['type']), array('option' => $_POST['option'])); } // form submit page, ... associative data ... event_define('admin_permissions', array('mode' => $mode), array('forum_id' => $forum_id), array('inherit' => $_POST['inherit']), array('entries' => $_POST['entries']), array('type' => $_POST['type']), array('option' => $_POST['option'])); break; case 'crn': break; } // Get required information, either all forums if no id was // specified or just the requsted if it was if (!empty($forum_id) || !empty($group_id) || !empty($username) || $mode == 'administrators' || $mode == 'supermoderators') { // Clear some vars, grab some info if relevant ... $s_hidden_fields = ''; if (!empty($forum_id)) { $sql = "SELECT forum_name, parent_id FROM " . FORUMS_TABLE . " WHERE forum_id = $forum_id"; $result = $db->sql_query($sql); $forum_info = $db->sql_fetchrow($result); $db->sql_freeresult($result); $l_title .= ' : ' . $forum_info['forum_name'] . ''; } else if (!empty($username)) { $sql = "SELECT user_id FROM " . USERS_TABLE . " WHERE username IN ('$username')"; $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { trigger_error($user->lang['No_such_user']); } $db->sql_freeresult($result); $entries = array($row['user_id']); $l_title .= ' : ' . $username . ''; } else if (!empty($group_id)) { $sql = "SELECT group_name FROM " . GROUPS_TABLE . " WHERE group_id IN ($group_id)"; $result = $db->sql_query($sql); if (!($row = $db->sql_fetchrow($result))) { trigger_error($user->lang['No_such_group']); } $db->sql_freeresult($result); $entries = array($group_id); $l_title .= ' : ' . $row['group_name'] . ''; } // Generate header page_header($l_title); ?>

1' : ''; $sql = "SELECT auth_option_id, auth_value FROM " . ACL_OPTIONS_TABLE . " WHERE auth_value LIKE '" . $type_sql . "_%' AND auth_value <> '" . $type_sql . "_' $founder_sql"; $result = $db->sql_query($sql); $auth_options = array(); while ($row = $db->sql_fetchrow($result)) { $auth_options[] = $row; } $db->sql_freeresult($result); if ($_POST['type'] == 'user' && !empty($_POST['new'])) { $entries = explode("\n", $entries); } $where_sql = ''; foreach ($entries as $value) { $where_sql .= (($where_sql != '') ? ', ' : '') . (($_POST['type'] == 'user' && !empty($_POST['new'])) ? '\'' . $value . '\'' : intval($value)); } $ug = '';; $ug_hidden = ''; $auth_values = array(); switch ($_POST['type']) { case 'group': $l_type = 'Group'; $sql = "SELECT g.group_id AS id, g.group_name AS name, o.auth_value, a.auth_allow_deny FROM " . GROUPS_TABLE . " g, " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND g.group_id = a.group_id AND g.group_id IN ($where_sql) ORDER BY g.group_name ASC"; break; case 'user': $l_type = 'User'; $sql = "SELECT u.user_id AS id, u.username AS name, u.user_founder, o.auth_value, a.auth_allow_deny FROM " . USERS_TABLE . " u, " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id $forum_sql AND u.user_id = a.user_id AND u.user_id IN ($where_sql) ORDER BY u.username, u.user_regdate ASC"; break; } $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $ug_test = (!empty($user->lang[$row['name']])) ? $user->lang[$row['name']] : $row['name']; $ug .= (!strstr($ug, $ug_test)) ? $ug_test . "\n" : ''; $ug_test = ''; $ug_hidden .= (!strstr($ug_hidden, $ug_test)) ? $ug_test : ''; $auth_values[$row['auth_value']] = (isset($auth_group[$row['auth_value']])) ? min($auth_group[$row['auth_value']], $row['auth_allow_deny']) : $row['auth_allow_deny']; } while ($row = $db->sql_fetchrow($result)); } else { $db->sql_freeresult($result); echo "2 >> " . $sql = ($_POST['type'] == 'group') ? "SELECT group_id AS id, group_name AS name, group_type FROM " . GROUPS_TABLE . " WHERE group_id IN ($where_sql) ORDER BY group_name ASC" : "SELECT user_id AS id, username AS name, user_founder FROM " . USERS_TABLE . " WHERE username IN ($where_sql) ORDER BY username, user_regdate ASC"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $ug_test = ($row['group_type'] == GROUP_SPECIAL) ? $user->lang[$row['name']] : $row['name']; $ug .= (!strstr($ug, $ug_test)) ? $ug_test . "\n" : ''; $ug_test = ''; $ug_hidden .= (!strstr($ug_hidden, $ug_test)) ? $ug_test : ''; $auth_values[$row['auth_value']] = (isset($auth_group[$row['auth_value']])) ? min($auth_group[$row['auth_value']], $row['auth_allow_deny']) : $row['auth_allow_deny']; } while ($row = $db->sql_fetchrow($result)); } else { } } $db->sql_freeresult($result); echo htmlspecialchars($ug_hidden); // Now we'll build a list of preset options ... $preset_options = $preset_js = $preset_update_options = ''; $holding = array(); // Do we have a parent forum? If so offer option // to inherit from that if ($forum_info['parent_id'] != 0) { switch ($_POST['type']) { case 'group': $sql = "SELECT o.auth_value, a.auth_allow_deny FROM " . ACL_GROUPS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id AND a.forum_id = " . $forum_info['parent_id'] . " AND a.group_id IN ($where_sql)"; break; case 'user': $sql = "SELECT o.auth_value, a.auth_allow_deny FROM " . ACL_USERS_TABLE . " a, " . ACL_OPTIONS_TABLE . " o WHERE o.auth_value LIKE '" . $type_sql . "_%' AND a.auth_option_id = o.auth_option_id AND a.forum_id = " . $forum_info['parent_id'] . " AND a.user_id IN ($where_sql)"; break; } $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { switch ($row['auth_allow_deny']) { case ACL_ALLOW: $holding['allow'] .= $row['auth_value'] . ', '; break; case ACL_DENY: $holding['deny'] .= $row['auth_value'] . ', '; break; case ACL_INHERIT: $holding['inherit'] .= $row['auth_value'] . ', '; break; } } while ($row = $db->sql_fetchrow($result)); $preset_options .= ''; $preset_js .= "\tpresets['preset_0'] = new Array();" . "\n"; $preset_js .= "\tpresets['preset_0'] = new preset_obj('" . $holding['allow'] . "', '" . $holding['deny'] . "', '" . $holding['inherit'] . "');\n"; } $db->sql_freeresult($result); } // Look for custom presets $sql = "SELECT preset_id, preset_name, preset_data FROM " . ACL_PRESETS_TABLE . " WHERE preset_type = '$type_sql' ORDER BY preset_id ASC"; $result = $db->sql_query($sql); if ($row = $db->sql_fetchrow($result)) { do { $preset_update_options .= ''; $preset_options .= ''; $preset_data = unserialize($row['preset_data']); foreach ($preset_data as $preset_type => $preset_type_ary) { $holding[$preset_type] = ''; foreach ($preset_type_ary as $preset_option) { $holding[$preset_type] .= "$preset_option, "; } } $preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new Array();" . "\n"; $preset_js .= "\tpresets['preset_" . $row['preset_id'] . "'] = new preset_obj('" . $holding['allow'] . "', '" . $holding['deny'] . "', '" . $holding['inherit'] . "');\n"; } while ($row = $db->sql_fetchrow($result)); } unset($holding); ?>

lang['ACL_EXPLAIN']; ?>

">
lang['PRESETS']; ?>:
lang['acl_' . $auth_options[$i]['auth_value']])) ? $user->lang['acl_' . $auth_options[$i]['auth_value']] : ucfirst(preg_replace('#.*?_#', '', $auth_options[$i]['auth_value'])); if (!empty($_POST['presetsave']) || !empty($_POST['presetdel'])) { $allow_type = ($_POST['option'][$auth_options[$i]['auth_value']] == ACL_ALLOW) ? ' checked="checked"' : ''; $deny_type = ($_POST['option'][$auth_options[$i]['auth_value']] == ACL_DENY) ? ' checked="checked"' : ''; $inherit_type = ($_POST['option'][$auth_options[$i]['auth_value']] == ACL_INHERIT) ? ' checked="checked"' : ''; } else { $allow_type = ($auth_values[$auth_options[$i]['auth_value']] == ACL_ALLOW) ? ' checked="checked"' : ''; $deny_type = ($auth_values[$auth_options[$i]['auth_value']] == ACL_DENY) ? ' checked="checked"' : ''; $inherit_type = ($auth_values[$auth_options[$i]['auth_value']] == ACL_INHERIT) ? ' checked="checked"' : ''; } ?> acl_gets('a_events', 'a_cron')) { $row_class = ($row_class == 'row1') ? 'row2' : 'row1'; ?>
 lang['Option']; ?>   lang['Allow']; ?>   lang['Deny']; ?>   lang['Inherit']; ?> 
/> /> />
lang['Inheritance']; ?>
lang['Inheritance_explain']; ?>
lang['MARK_ALL']; ?> :: lang['UNMARK_ALL']; ?>
lang['RUN_HOW']; ?>
lang['RUN_AS_NOW']; ?>acl_get('a_events')) { ?>   lang['RUN_AS_EVT']; } if ($auth->acl_get('a_cron')) { ?>   lang['RUN_AS_CRN']; } ?>
  

lang['PRESETS']; ?>
lang['PRESETS_EXPLAIN']; ?>
lang['SELECT_PRESET']; ?>:
lang['PRESET_NAME']; ?>:
 

lang['Users']; ?>

lang['Groups']; ?>
">sql_query($sql); $users = ''; while ($row = $db->sql_fetchrow($result)) { $users .= ''; } $db->sql_freeresult($result); ?>
lang['Manage_users']; ?>
 
">sql_query($sql); $groups = ''; while ($row = $db->sql_fetchrow($result)) { $groups .= ''; } $db->sql_freeresult($result); $sql = "SELECT group_id, group_name FROM " . GROUPS_TABLE . " ORDER BY group_type DESC, group_name"; $result = $db->sql_query($sql); $group_list = ''; while ($row = $db->sql_fetchrow($result)) { $group_list .= ''; } $db->sql_freeresult($result); ?>
lang['Manage_groups']; ?>
 
">
lang['Add_users']; ?>
    &mode=searchuser&form=2&field=entries', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" />
">
lang['Add_groups']; ?>
 

">sql_query($sql); $group_options = ''; if ($row = $db->sql_fetchrow($result)) { do { $group_options .= (($group_options != '') ? ', ' : '') . ''; } while ($row = $db->sql_fetchrow($result)); } $db->sql_freeresult($result); ?>
lang['LOOK_UP_FORUM']; ?>
    
lang['Select_a_User']; ?>
', '_phpbbsearch', 'HEIGHT=500,resizable=yes,scrollbars=yes,WIDTH=740');return false;" />
lang['SELECT_A_GROUP']; ?>