<?php
/***************************************************************************  
 *                                 auth.php
 *                            -------------------                         
 *   begin                : Saturday, Feb 13, 2001 
 *   copyright            : (C) 2001 The phpBB Group        
 *   email                : support@phpbb.com                           
 *                                                          
 *   $Id$                                                           
 *                                                            
 * 
 ***************************************************************************/ 


/***************************************************************************  
 *                                                     
 *   This program is free software; you can redistribute it and/or modify    
 *   it under the terms of the GNU General Public License as published by   
 *   the Free Software Foundation; either version 2 of the License, or  
 *   (at your option) any later version.                      
 *                                                          
 * 
 ***************************************************************************/ 

/*
	$type's accepted (eventually!):
	VIEW, READ, POST, REPLY, EDIT, DELETE, VOTE, VOTECREATE

	Possible options to send to auth (not all are functional yet!):

	* If you include a type then a specific lookup will
	be done and the single result returned

	* If you set type to ALL an array of all auth types
	will be returned

	* If you provide a forum_id a specific lookup on that
	forum will be done

	* If you set forum_id to LIST_ALL an array of all
	forums to which the user has access of type will be returned
	<- used for index and search? (type VIEW and READ respectively)
	
	* If you set forum_id to LIST_ALL and type to ALL a 
	multidimensional array containing the auth permissions
	for all types and all forums for that user is returned

	* If you set $userdata to ALL, then the permissions of all
	users listed in the auth_access table will be returned for 
	the given type and forum_id <- use to check for moderators?

	All results are returned as associative arrays, even
	when a single auth type is specified

*/
function auth($type, $forum_id, $userdata, $f_access = -1)
{
	global $db, $lang;

	switch($type)
	{
		case AUTH_ALL:
			$a_sql = "au.auth_view, au.auth_read, au.auth_post, au.auth_reply, au.auth_edit, au.auth_delete, au.auth_announce, au.auth_sticky, au.auth_votecreate, au.auth_vote, au.auth_attachments";
			$auth_fields = array("auth_view", "auth_read", "auth_post", "auth_reply", "auth_edit", "auth_delete", "auth_announce",  "auth_sticky", "auth_votecreate", "auth_vote", "auth_attachments");
			break;

		case AUTH_VIEW:
			$a_sql = "au.auth_view";
			$auth_fields = array("auth_view");
			break;

		case AUTH_READ:
			$a_sql = "au.auth_read";
			$auth_fields = array("auth_read");
			break;
		case AUTH_POST:
			$a_sql = "au.auth_post";
			$auth_fields = array("auth_post");
			break;
		case AUTH_REPLY:
			$a_sql = "au.auth_reply";
			$auth_fields = array("auth_reply");
			break;
		case AUTH_EDIT:
			$a_sql = "au.auth_edit";
			$auth_fields = array("auth_edit");
			break;
		case AUTH_DELETE:
			$a_sql = "au.auth_delete";
			$auth_fields = array("auth_delete");
			break;

		case AUTH_ANNOUNCE:
			$a_sql = "au.auth_announce";
			$auth_fields = array("auth_announce");
			break;
		case AUTH_STICKY:
			$a_sql = "au.auth_sticky";
			$auth_fields = array("auth_sticky");
			break;
		case AUTH_VOTECREATE:
			$a_sql = "au.auth_votecreate";
			$auth_fields = array("auth_votecreate");
			break;
		case AUTH_VOTE:
			$a_sql = "au.auth_vote";
			$auth_fields = array("auth_vote");
			break;
		case AUTH_ATTACH:
			$a_sql = "au.auth_attachments";
			$auth_fields = array("auth_attachments");
			break;

		case AUTH_ALLOW_HTML:
			break;
		case AUTH_ALLOW_BBCODE:
			break;
		case AUTH_ALLOW_SMILIES:
			break;

		default:
			break;
	}

	//
	// If f_access has been passed, or auth
	// is needed to return an array of forums
	// then we need to pull the auth information
	// on the given forum (or all forums)
	//
	if($f_access == -1)
	{
		$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "WHERE au.forum_id = $forum_id" : "";
		$sql = "SELECT au.forum_id, $a_sql 
			FROM ".FORUMS_TABLE." au 
			$forum_match_sql";
		$af_result = $db->sql_query($sql);

		if(!$af_result)
		{
			error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
		}
		else
		{
			if(!$db->sql_numrows($af_result))
			{
				error_die(GENERAL_ERROR, "No forum access control lists exist!");
			}
			else
			{
				$f_access = ($forum_id != AUTH_LIST_ALL) ? $db->sql_fetchrow($af_result) : $db->sql_fetchrowset($af_result);
			}
		}
	}

	//
	// If the user isn't logged on then
	// all we need do is check if the forum
	// has the type set to ALL, if yes then
	// they're good to go, if not then they
	// are denied access
	//
	$auth_user = array();

	if($userdata['session_logged_in'])
	{
		$forum_match_sql = ($forum_id != AUTH_LIST_ALL) ? "AND au.forum_id = $forum_id" : "";
		$sql = "SELECT au.forum_id, $a_sql, au.auth_mod, g.group_single_user  
			FROM ".AUTH_ACCESS_TABLE." au, " . USER_GROUP_TABLE. " ug, " . GROUPS_TABLE. " g 
			WHERE ug.user_id = ".$userdata['user_id']. " 
				AND g.group_id = ug.group_id 
				AND au.group_id = ug.group_id 
				$forum_match_sql";
		$au_result = $db->sql_query($sql);
		if(!$au_result)
		{
			error_die(QUERY_ERROR, "Failed obtaining forum access control lists");
		}

		$num_u_access = $db->sql_numrows($au_result);
		if($num_u_access)
		{
			if($forum_id != AUTH_LIST_ALL)
			{
				$u_access = $db->sql_fetchrowset($au_result);
			}
			else
			{
				while($u_row = $db->sql_fetchrow($au_result))
				{
					$u_access[$u_row['forum_id']] = $u_row;
				}
			}
		}
	}

	$is_admin = ($userdata['user_level'] == ADMIN) ? 1 : 0;
	$auth_user = array();

	for($i = 0; $i < count($auth_fields); $i++)
	{
		$key = $auth_fields[$i];

		//
		// If the user is logged on and the forum type is either
		// ALL or REG then the user has access
		//
		// If the type if ACL, MOD or ADMIN then we need to see
		// if the user has specific permissions to do whatever it
		// is they want to do ... to do this we pull relevant
		// information for the user (and any groups they belong to)
		//
		// Now we compare the users access level against the forums
		// We assume here that a moderator and admin automatically
		// have access to an ACL forum, similarly we assume admins
		// meet an auth requirement of MOD
		//
		// The access level assigned to a single user automatically 
		// takes precedence over any levels granted by that user being
		// a member of a multi-user usergroup, eg. a user who is banned
		// from a forum won't gain access to it even if they belong to
		// a group which has access (and vice versa). This check is
		// done via the single_user check
		//
		// PS : I appologise for the fantastically clear and hugely
		// readable code here ;) Simple gist is, if this row of
		// auth_access doesn't represent a single user then OR the
		// contents of relevant auth_access levels against the current
		// level (allows maximum group privileges to be assigned). If
		// the row does represent a single user then forget any previous
		// group results and instead set the auth to whatever the OR'd
		// contents of the access levels are.
		//

		if($forum_id != AUTH_LIST_ALL)
		{
			$value = $f_access[$key];

			switch($value)
			{
				case AUTH_ALL:
					$auth_user[$key] = 1;
					$auth_user[$key . '_type'] = $lang['Anonymous_users'];
					break;

				case AUTH_REG:
					$auth_user[$key] = ($userdata['session_logged_in']) ? 1 : 0;
					$auth_user[$key . '_type'] = $lang['Registered_Users'];
					break;

				case AUTH_ACL:
					$auth_user[$key] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
					$auth_user[$key . '_type'] = $lang['Users_granted_access'];
					break;
		
				case AUTH_MOD:
					$auth_user[$key] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access, $is_admin) : 0;
					$auth_user[$key . '_type'] = $lang['Moderators'];
					break;
	
				case AUTH_ADMIN:
					$auth_user[$key] = $is_admin;
					$auth_user[$key . '_type'] = $lang['Administrators'];
					break;

				default:
					$auth_user[$key] = 0;
					break;
			}
		}
		else
		{
			for($k = 0; $k < count($f_access); $k++)
			{
				$value = $f_access[$k][$key];
				$f_forum_id = $f_access[$k]['forum_id'];

				switch($value)
				{
					case AUTH_ALL:
						$auth_user[$f_forum_id][$key] = 1;
						$auth_user[$f_forum_id][$key . '_type'] = $lang['Anonymous_users'];
						break;

					case AUTH_REG:
						$auth_user[$f_forum_id][$key] = ($userdata['session_logged_in']) ? 1 : 0;
						$auth_user[$f_forum_id][$key . '_type'] = $lang['Registered_Users'];
						break;

					case AUTH_ACL:
						$auth_user[$f_forum_id][$key] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0;
						$auth_user[$f_forum_id][$key . '_type'] = $lang['Users_granted_access'];
						break;
		
					case AUTH_MOD:
						$auth_user[$f_forum_id][$key] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_MOD, $key, $u_access[$f_forum_id], $is_admin) : 0;
						$auth_user[$f_forum_id][$key . '_type'] = $lang['Moderators'];
						break;
	
					case AUTH_ADMIN:
						$auth_user[$f_forum_id][$key] = $is_admin;
						$auth_user[$f_forum_id][$key . '_type'] = $lang['Administrators'];
						break;

					default:
						$auth_user[$f_forum_id][$key] = 0;
						break;
				}
			}
		}
	}

	//
	// Is user a moderator?
	//
	if($forum_id != AUTH_LIST_ALL)
	{
		$auth_user['auth_mod'] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
	}
	else
	{
		for($k = 0; $k < count($f_access); $k++)
		{
			$f_forum_id = $f_access[$k]['forum_id'];
			$auth_user[$f_forum_id]['auth_mod'] = ($userdata['session_logged_in'] && $num_u_access) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
		}
	}

	//
	// Is user an admin (this is
	// really redundant at this time)
	//
	if($forum_id != AUTH_LIST_ALL)
	{
		$auth_user['auth_admin'] = $is_admin;
	}
	else
	{
		for($k = 0; $k < count($f_access); $k++)
		{
			$f_forum_id = $f_access[$k]['forum_id'];
			$auth_user[$f_forum_id]['auth_admin'] = $is_admin;
		}
	}

	return $auth_user;

}

function auth_check_user($type, $key, $u_access, $is_admin)
{

	$single_user = 0;
	$auth_user = 0;

	for($j = 0; $j < count($u_access); $j++)
	{
		if(!$single_user)
		{
			$single_user = $u_access[$j]['group_single_user'];
			
			$result = 0;
			switch($type)
			{
				case AUTH_ACL:
					$result = $u_access[$j][$key];

				case AUTH_MOD:
					$result = $result || $u_access[$j]['auth_mod'];

				case AUTH_ADMIN:
					$result = $result || $is_admin;
					break;
			}

			$auth_user = (!$single_user) ? ( $auth_user || $result ) : $result;

		}
	}
	
	return $auth_user;
}

?>