| [ Index ] |
|
Code source de Phorum 5.1.25 |
1 <?php 2 3 //////////////////////////////////////////////////////////////////////////////// 4 // // 5 // Copyright (C) 2006 Phorum Development Team // 6 // http://www.phorum.org // 7 // // 8 // This program is free software. You can redistribute it and/or modify // 9 // it under the terms of either the current Phorum License (viewable at // 10 // phorum.org) or the Phorum License that was distributed with this file // 11 // // 12 // This program is distributed in the hope that it will be useful, // 13 // but WITHOUT ANY WARRANTY, without even the implied warranty of // 14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // 15 // // 16 // You should have received a copy of the Phorum License // 17 // along with this program. // 18 //////////////////////////////////////////////////////////////////////////////// 19 20 if ( !defined( "PHORUM" ) ) return; 21 22 /** 23 * These functions are Phorum's interface to the user data. If you want 24 * to use your own user data, just replace these functions. 25 * 26 * The functions do use Phorum's database layer. Of course, it is not 27 * required. 28 */ 29 // if you write your own user layer, set this to false 30 define( "PHORUM_ORIGINAL_USER_CODE", true ); 31 32 define( "PHORUM_SESSION_LONG_TERM" , "phorum_session_v5" ); 33 define( "PHORUM_SESSION_SHORT_TERM", "phorum_session_st" ); 34 define( "PHORUM_SESSION_ADMIN", "phorum_admin_session" ); 35 36 function phorum_user_check_session( $cookie = PHORUM_SESSION_LONG_TERM ) 37 { 38 $PHORUM = $GLOBALS["PHORUM"]; 39 40 // If we do URI based authentication, we will only look at the 41 // PHORUM_SESSION_LONG_TERM session (which is the session key that is 42 // stored in the URI). Here we rewrite requests for 43 // PHORUM_SESSION_SHORT_TERM so we will handle tighter security correctly. 44 if ( isset($PHORUM["use_cookies"]) && ! $PHORUM["use_cookies"] && 45 $cookie == PHORUM_SESSION_SHORT_TERM) { 46 $cookie = PHORUM_SESSION_LONG_TERM; 47 } 48 49 if ( ( $cookie != PHORUM_SESSION_LONG_TERM || ( isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"] ) ) && isset( $_COOKIE[$cookie] ) ) { // REAL cookies ;) 50 $sessid = $_COOKIE[$cookie]; 51 $GLOBALS["PHORUM"]["use_cookies"]=true; 52 } elseif ( isset( $PHORUM["args"][$cookie] ) ) { // in the p5-urls 53 $sessid = $PHORUM["args"][$cookie]; 54 $GLOBALS["PHORUM"]["use_cookies"]=false; 55 } elseif ( isset( $_POST[$cookie] ) ) { // from post-forms 56 $sessid = $_POST[$cookie]; 57 $GLOBALS["PHORUM"]["use_cookies"]=false; 58 } elseif ( isset( $_GET[$cookie] ) ) { // should rarely happen but helps in some cases 59 $sessid = $_GET[$cookie]; 60 $GLOBALS["PHORUM"]["use_cookies"]=false; 61 } 62 63 $success = false; 64 65 if ( !empty( $sessid ) && $GLOBALS["PHORUM"]["use_cookies"]) { 66 // this part is for cookie-authentication where we have username and password 67 list( $userid, $md5session ) = explode( ":", $sessid, 2 ); 68 69 if(!is_numeric($userid)) { 70 phorum_user_clear_session( $cookie ); 71 return false; 72 } 73 74 $user=phorum_user_get($userid, true, true); 75 if (empty($user)) { 76 phorum_user_clear_session( $cookie ); 77 return false; 78 } 79 80 if ( ($cookie==PHORUM_SESSION_LONG_TERM && !empty($user['cookie_sessid_lt']) && $user['cookie_sessid_lt'] == $md5session) || 81 ($cookie==PHORUM_SESSION_SHORT_TERM && !empty($user['sessid_st']) && $user['sessid_st'] == $md5session) || 82 ($cookie==PHORUM_SESSION_ADMIN && !empty($user['cookie_sessid_lt']) && md5($user['cookie_sessid_lt'].$PHORUM["admin_session_salt"]) == $md5session) ) { 83 if ( $user["active"] ) { 84 // write access is false by default, need to check the st-cookie too 85 $user['write_access']=false; 86 87 $GLOBALS["PHORUM"]["user"] = $user; 88 $success = true; 89 90 phorum_user_create_session( $cookie ); 91 } else { 92 phorum_user_clear_session( $cookie ); 93 } 94 } 95 } elseif( !empty( $sessid ) && !$GLOBALS["PHORUM"]["use_cookies"]) { 96 // this part is for uri-authentication where we only have a session-id 97 $uri_session_id = urldecode( $sessid ); 98 if ( $user_id = phorum_db_user_check_field('sessid_st',$uri_session_id,'=')) { 99 $user = phorum_user_get( $user_id, true, true ); 100 if ( $user["active"] ) { 101 102 // write access is enabled for uri-authentication as thats requiring login at every visit 103 $user['write_access']=true; 104 105 $GLOBALS["PHORUM"]["user"] = $user; 106 $success = true; 107 phorum_user_create_session( $cookie, false, $user['sessid_st'] ); 108 } else { 109 phorum_user_clear_session( $cookie ); 110 } 111 } 112 } 113 114 // track user activity 115 if($success && $PHORUM["track_user_activity"] && $GLOBALS["PHORUM"]["user"]["date_last_active"] < time() - $PHORUM["track_user_activity"] ) { 116 $tmp_user["user_id"] = $GLOBALS["PHORUM"]["user"]["user_id"]; 117 $tmp_user["date_last_active"] = time(); 118 if(isset($PHORUM['forum_id'])) { 119 $tmp_user["last_active_forum"]= $PHORUM['forum_id']; 120 } else { 121 $tmp_user["last_active_forum"]= 0; 122 } 123 phorum_user_save_simple( $tmp_user); 124 $GLOBALS["PHORUM"]["user"]["date_last_active"] = $tmp_user["date_last_active"]; 125 } 126 127 return $success; 128 } 129 130 function phorum_user_create_session( $cookie = PHORUM_SESSION_LONG_TERM, $refresh = false, $uri_session_id = '' ) 131 { 132 $PHORUM = $GLOBALS["PHORUM"]; 133 134 // require that the global user exists 135 if ( !empty( $PHORUM["user"] ) ) { 136 $user = $PHORUM["user"]; 137 138 if ( (isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"]) || $cookie == PHORUM_SESSION_ADMIN ) { 139 140 switch($cookie){ 141 case PHORUM_SESSION_SHORT_TERM: 142 143 // creating a new shortterm-session-id if none exists yet or it has timed out 144 if($refresh || empty($user['sessid_st']) || $user["sessid_st_timeout"]<time()) { 145 $sessid=md5($user['username'].microtime().$user['password']); 146 $timeout = time() + $PHORUM["short_session_timeout"]*60; 147 $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout); 148 phorum_user_save_simple($simple_user); 149 150 // if the cookie is half expired, reset it. 151 } elseif($user["sessid_st_timeout"] - time() < $PHORUM["short_session_timeout"]*60/2){ 152 $sessid=$user['sessid_st']; 153 $timeout = time() + $PHORUM["short_session_timeout"]*60; 154 $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout); 155 phorum_user_save_simple($simple_user); 156 } 157 158 // if a timeout was set, we need to set a new cookie 159 if($timeout){ 160 setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] ); 161 } 162 break; 163 164 case PHORUM_SESSION_LONG_TERM: 165 // creating a new longterm-session-id if none exists yet 166 if($refresh || empty($user['cookie_sessid_lt'])) { 167 $sessid=md5($user['username'].microtime().$user['password']); 168 $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid); 169 phorum_user_save_simple($simple_user); 170 } else { 171 $sessid=$user['cookie_sessid_lt']; 172 } 173 174 if($PHORUM["session_timeout"]==0){ 175 $timeout = 0; 176 } else { 177 $timeout = time() + 86400 * $PHORUM["session_timeout"]; 178 } 179 180 setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] ); 181 182 break; 183 184 case PHORUM_SESSION_ADMIN: 185 // creating a new longterm-session-id if none exists yet 186 if(empty($user['cookie_sessid_lt'])) { 187 $sessid=md5($user['username'].microtime().$user['password']); 188 $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid); 189 phorum_user_save_simple($simple_user); 190 } else { 191 $sessid=$user['cookie_sessid_lt']; 192 } 193 194 setcookie( $cookie, $user['user_id'].':'.md5($sessid.$PHORUM["admin_session_salt"]), 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); 195 196 break; 197 198 } 199 200 } else { 201 $sessid = $uri_session_id; 202 $GLOBALS["PHORUM"]["DATA"]["GET_VARS"][$cookie] = "$cookie=" . urlencode( $sessid ); 203 $GLOBALS["PHORUM"]["DATA"]["POST_VARS"] .= "<input type=\"hidden\" name=\"$cookie\" value=\"$sessid\" />"; 204 } 205 } 206 } 207 208 209 210 211 212 function phorum_user_clear_session( $cookie = PHORUM_SESSION_LONG_TERM ) 213 { 214 $PHORUM = $GLOBALS["PHORUM"]; 215 setcookie( $cookie, "", time()-86400, $GLOBALS["PHORUM"]["session_path"], $GLOBALS["PHORUM"]["session_domain"] ); 216 if($cookie==PHORUM_SESSION_SHORT_TERM){ 217 $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>""); 218 } else { 219 $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>""); 220 } 221 phorum_user_save_simple($simple_user); 222 } 223 224 /** 225 * This function retrieves a user from the database, given the user id. 226 * If $user_id is an array of user ids, it will retrieve all of the users 227 * in the array. If $detailed is set to true, the function gets the users 228 * full information. Setting this to false omits permission data, pm counts, 229 * and group membership. $detailed is true by default and may be omitted. 230 * @param user_id - can be a single user id, or an array of user ids. 231 * @param detailed - get detailed user information (defaults to true). 232 * @param checknewpm - check for new private messages for the user (defaults to false). 233 * @return array - either an array representing a single user's information, 234 * or an array of users 235 */ 236 function phorum_user_get( $user_id, $detailed = true, $checkpm = false ) 237 { 238 $PHORUM = $GLOBALS["PHORUM"]; 239 240 if ( !is_array( $user_id ) ) { 241 $user_ids = array( $user_id ); 242 } else { 243 $user_ids = $user_id; 244 } 245 246 if ( count( $user_ids ) ) { 247 $cache_users=array(); 248 $tmp_users=array(); 249 $cachecnt=0; 250 251 // get users from cache if enabled 252 if(isset($PHORUM['cache_users']) && $PHORUM['cache_users']) { 253 foreach($user_ids as $id => $cur_user_id) { 254 $data=phorum_cache_get('user',$cur_user_id); 255 if($data != null) { // null if no key found 256 $cache_users[$cur_user_id]=$data; 257 258 unset($user_ids[$id]); 259 $cachecnt++; 260 } 261 } 262 unset($data); 263 // we need to get the dynamic data too! 264 // only selecting date_last_active, forum_last_active, 265 // posts ... any more? 266 if($cachecnt > 0) { 267 $dynamic_data=phorum_db_user_get_fields(array_keys($cache_users),array('date_last_active','last_active_forum','posts')); 268 foreach($dynamic_data as $d_uid => $d_data) { 269 $cache_users[$d_uid]=array_merge($cache_users[$d_uid],$d_data); 270 } 271 272 } 273 } 274 275 if(count($user_ids)) { 276 $tmp_users = phorum_db_user_get( $user_ids, $detailed ); 277 278 foreach( $tmp_users as $uid => $user ) { 279 280 if ( !$user["admin"] ) { 281 if ( isset( $user["group_permissions"] ) ) { 282 foreach( $user["group_permissions"] as $forum_id => $perm ) { 283 if(!isset($user["permissions"][$forum_id])) 284 $user["permissions"][$forum_id]=0; 285 286 $user["permissions"][$forum_id] = $user["permissions"][$forum_id] | $perm; 287 } 288 } 289 290 if ( isset( $user["forum_permissions"] ) ) { 291 foreach( $user["forum_permissions"] as $forum_id => $perm ) { 292 $user["permissions"][$forum_id] = $perm; 293 } 294 } 295 } 296 297 // check if the user has new private messages 298 if ( ($checkpm || (isset($PHORUM['cache_users']) && $PHORUM['cache_users'])) && $PHORUM["enable_pm"] && $PHORUM["enable_new_pm_count"] ) { 299 $user["new_private_messages"] = phorum_db_pm_checknew( $uid ); 300 } 301 302 // store users in cache if enabled 303 if( $detailed && isset($PHORUM['cache_users']) && $PHORUM['cache_users']) { 304 phorum_cache_put('user',$uid,$user); 305 } 306 $tmp_users[$uid] = $user; 307 } 308 } 309 } 310 311 // merging cached and retrieved users 312 $ret = $tmp_users + $cache_users; 313 314 if ( !is_array( $user_id ) ) { 315 if (isset($ret[$user_id])) 316 $ret = $ret[$user_id]; 317 else 318 $ret = NULL; 319 } 320 321 return $ret; 322 } 323 324 /** 325 * This function gets a list of all the active users. 326 * @return array of users (same format as phorum_user_get) 327 */ 328 function phorum_user_get_list($type = 0) 329 { 330 return phorum_hook("user_list", phorum_db_user_get_list($type)); 331 } 332 333 function phorum_user_save( $user ) 334 { 335 if ( empty( $user["user_id"] ) ) return false; 336 337 $old_user = phorum_user_get( $user['user_id'] ); 338 $db_user = phorum_user_prepare_data( $user, $old_user ); 339 340 $ret = phorum_db_user_save( $db_user ); 341 342 // remove that user from the cache 343 if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) { 344 phorum_cache_remove('user',$user['user_id']); 345 } 346 347 // Is this the currently logged in user? 348 // If so, re-get his stuff from the system. 349 if ( isset($GLOBALS["PHORUM"]["user"]) && $GLOBALS["PHORUM"]["user"]["user_id"] == $user["user_id"] ) { 350 $GLOBALS["PHORUM"]["user"] = phorum_user_get( $user["user_id"] ); 351 } 352 353 354 return $ret; 355 } 356 /** 357 * This function quickly updates real columns without any further checks 358 * it just stores the data as fast as possible 359 * 360 */ 361 function phorum_user_save_simple($user) 362 { 363 if ( empty( $user["user_id"] ) ) return false; 364 365 // clear the cache only if we are not just updating the activity 366 if(isset($GLOBALS['PHORUM']['cache_users']) && $GLOBALS['PHORUM']['cache_users']) { 367 if(!(count($user) == 3 && isset($user['date_last_active']))) 368 phorum_cache_remove('user',$user['user_id']); 369 } 370 371 $ret = phorum_db_user_save( $user ); 372 373 return $ret; 374 } 375 376 function phorum_user_check_login( $username, $password ) 377 { 378 $ret = false; 379 $temp_check = false; 380 381 // Give modules a chance to handle the user authentication (for example 382 // to authenticate against an external source). The module can return a 383 // user_id if a user is considered to be authenticated. 384 $user_id = NULL; 385 $temp_user = phorum_hook("user_check_login", array( 386 "user_id" => FALSE, 387 "username" => $username, 388 "password" => $password) 389 ); 390 if( is_array($temp_user) && $temp_user["user_id"] !== FALSE ) { 391 $user_id = $temp_user["user_id"]; 392 } 393 394 // If no module handled the authentication, then let Phorum handle it. 395 if( $user_id === NULL ) 396 { 397 $user_id = phorum_db_user_check_pass( $username, md5( $password ) ); 398 // regular password failed, try the temp password 399 if ( $user_id == 0 ) { 400 $user_id = phorum_db_user_check_pass( $username, md5( $password ), true ); 401 $temp_check = true; 402 } 403 404 } 405 406 if ( $user_id > 0 ) { 407 // if this was a temp password, set the normal pass to the temp password 408 // do this before we get the user so the data is up to date. 409 // leave the temp password alone as setting to empty is bad. 410 if ( $temp_check ) { 411 $tmp_user["user_id"] = $user_id; 412 $tmp_user["password"] = $password; 413 phorum_user_save( $tmp_user ); 414 } 415 416 $ret = phorum_user_set_current_user( $user_id ); 417 } 418 419 420 return $ret; 421 } 422 function phorum_user_verify( $user_id, $tmp_pass ) 423 { 424 $user_id = phorum_db_user_check_field( array( "user_id", "password_temp" ), array( $user_id, md5( $tmp_pass ) ), array( "=", "=" ) ); 425 return $user_id; 426 } 427 428 function phorum_user_set_current_user( $user_id ) 429 { 430 $ret = false; 431 432 $user = phorum_user_get( $user_id ); 433 if ( $user["active"] == PHORUM_USER_ACTIVE ) { 434 $GLOBALS["PHORUM"]["user"] = $user; 435 $ret = true; 436 } 437 438 return $ret; 439 } 440 441 function phorum_user_check_username( $username ) 442 { 443 return phorum_db_user_check_field( "username", $username ); 444 } 445 446 function phorum_user_check_email( $email ) 447 { 448 return phorum_db_user_check_field( "email", $email ); 449 } 450 451 /** 452 * (generic) function for checking a user-field in the database 453 */ 454 function phorum_user_check_field( $field_name, $field_value) 455 { 456 return phorum_db_user_check_field( $field_name , $field_value ); 457 } 458 459 /** 460 * function for adding a user to the database (using the db-layer) 461 */ 462 function phorum_user_add( $user, $use_raw_password = false ) 463 { 464 if ( empty( $user["password_temp"] ) ) $user["password_temp"] = $user["password"]; 465 $db_user = phorum_user_prepare_data( $user, array(), $use_raw_password ); 466 if(empty($db_user["date_added"])) $db_user["date_added"]=time(); 467 if(empty($db_user["date_last_active"])) $db_user["date_last_active"]=time(); 468 return phorum_db_user_add( $db_user ); 469 } 470 471 function phorum_user_prepare_data( $new_user, $old_user, $use_raw_password = false ) 472 { 473 $PHORUM = $GLOBALS["PHORUM"]; 474 // how the user appears to the app and how it is stored in the db are different. 475 // This function prepares the data for storage in the database. 476 // While this may seem like a crossing of database vs. front end, it is better that 477 // this is here as it is not directly related to database interaction. 478 // we need to preserve some data, therefore we use the old user 479 unset( $old_user['password'] ); 480 unset( $old_user['password_temp'] ); 481 if ( is_array( $old_user ) ) { 482 $user = $old_user; 483 } else { 484 $user = array(); 485 } 486 foreach( $new_user as $key => $val ) { 487 $user[$key] = $val; 488 } 489 490 foreach( $user as $key => $val ) { 491 switch ( $key ) { 492 // these are all the actual fields in the user 493 // table. We don't need to do anything to them. 494 case "user_id": 495 case "username": 496 case "email": 497 case "email_temp": 498 case "hide_email": 499 case "active": 500 case "user_data": 501 case "signature": 502 case "threaded_list": 503 case "posts": 504 case "admin": 505 case "threaded_read": 506 case "hide_activity": 507 case "permissions": 508 case "forum_permissions": 509 case "date_added": 510 case "date_last_active": 511 case "group_permissions": 512 case "groups": 513 case "show_signature": 514 case "email_notify": 515 case "pm_email_notify": 516 case "tz_offset": 517 case "is_dst": 518 case "user_language": 519 case "user_template": 520 case "moderation_email": 521 break; 522 // the phorum built in user module stores md5 passwords. 523 case "password": 524 case "password_temp": 525 case "password_temp": 526 // If $use_raw_password is true, then the input data 527 // contains a password that is already MD5 encrypted. 528 // This can be used by conversion scripts to use 529 // already MD5 encrypted passwords from another system. 530 if ( $use_raw_password ) { 531 $user[$key] = $val; 532 } 533 // If the new password matches the MD5 encrypted password, 534 // then the old password was sent along with the user data 535 // in phorum_user_save(). Allthough this is not the way in 536 // which it should be (the password fields should only 537 // contain new clear text passwords), we prevent updates here. 538 else if (isset($old_user[$key]) && $old_user[$key] == $new_user[$key]) { 539 $user[$key] = $val; 540 } 541 // Set the password field to the MD5 hash of the new password. 542 else { 543 $user[$key] = md5( $val ); 544 } 545 break; 546 // everything that is not one of the above fields is stored in a 547 // serialized text field for dynamic profile variables. 548 // If the field is not in the PROFILE_FIELDS array, we don't add it. 549 default: 550 $type=-1; 551 // find out which ID that custom-field has 552 foreach($PHORUM['PROFILE_FIELDS'] as $ctype => $cdata) { 553 if($ctype !== 'num_fields' && $cdata['name'] == $key) { 554 $type=$ctype; 555 break; 556 } 557 } 558 if($type != -1) { // store it only if we found it 559 if( $val!=="") { 560 if(!is_array($val)) { 561 $user_data[$type] = substr($val,0,$PHORUM['PROFILE_FIELDS'][$type]['length']); 562 } else { 563 $user_data[$type] = $val; 564 } 565 } elseif(!isset($user_data)){ 566 $user_data=array(); 567 } 568 } 569 unset( $user[$key] ); 570 } 571 // create the serialized var 572 if ( isset( $user_data ) ) { 573 $user["user_data"] = $user_data; 574 } 575 } 576 577 return $user; 578 } 579 580 function phorum_user_subscribe( $user_id, $forum_id, $thread, $type ) 581 { 582 $list=phorum_user_access_list( PHORUM_USER_ALLOW_READ ); 583 if(!in_array($forum_id, $list)) return; 584 return phorum_db_user_subscribe( $user_id, $forum_id, $thread, $type ); 585 } 586 587 function phorum_user_unsubscribe( $user_id, $thread, $forum_id=0 ) 588 { 589 if($forum_id){ 590 return phorum_db_user_unsubscribe( $user_id, $thread, $forum_id ); 591 } else { 592 return phorum_db_user_unsubscribe( $user_id, $thread ); 593 } 594 } 595 596 /** 597 * This function returns true if the current user is allowed to moderate $forum_id or the user given through user_data 598 */ 599 600 function phorum_user_moderate_allowed( $forum_id = 0, $user_data = 0 ) 601 { 602 $PHORUM = $GLOBALS["PHORUM"]; 603 604 if ( $user_data == 0 ) { 605 $user_data = $PHORUM["user"]; 606 } 607 // if this is an admin, stop now 608 if ( $user_data["admin"] ) return true; 609 610 // they have no special permissions, return 611 if(!isset($user_data["permissions"])){ 612 return false; 613 } 614 615 // this sets up a check for moderation at any level 616 if ( $forum_id==PHORUM_MODERATE_ALLOWED_ANYWHERE ){ 617 $perms = $user_data["permissions"]; 618 } else { 619 // else we check only one forum 620 // if no forum_id passed, check current forum 621 if ( $forum_id==0 ){ 622 $forum_id = $PHORUM["forum_id"]; 623 } 624 if(isset($user_data["permissions"][$forum_id])){ 625 $perms[$forum_id] = $user_data["permissions"][$forum_id]; 626 } else { 627 return false; 628 } 629 } 630 631 // check the users permission array 632 foreach($perms as $forum_id => $perm) { 633 if ( $perm & PHORUM_USER_ALLOW_MODERATE_MESSAGES ) { 634 return true; 635 } 636 } 637 638 return false; 639 } 640 641 /** 642 * calls the db-function for listing all the moderators for a forum 643 * This returns an array of moderators, key as their userid, value as their email address. 644 */ 645 function phorum_user_get_moderators( $forum_id , $ignore_user_perms = false, $for_email = false) 646 { 647 $gotmods=false; 648 if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) { 649 $mods=phorum_cache_get('user','moderators-'.$forum_id.'-'.$ignore_user_perms); 650 if($mods != null) { 651 $gotmods=true; 652 } 653 } 654 if(!$gotmods) { 655 $mods=phorum_db_user_get_moderators( $forum_id , $ignore_user_perms, $for_email); 656 } 657 return $mods; 658 } 659 660 /** 661 * phorum_user_access_allowed() 662 * 663 * @param $permission Use the PHORUM_ALLOW_* constants 664 * @return bool 665 */ 666 function phorum_user_access_allowed( $permission, $forum_id = 0 ) 667 { 668 $PHORUM = $GLOBALS["PHORUM"]; 669 670 if ( empty( $forum_id ) ) $forum_id = $PHORUM["forum_id"]; 671 672 $ret = false; 673 // user is an admin, he gets it all 674 if ( !empty( $PHORUM["user"]["admin"] ) ) { 675 $ret = true; 676 } else { 677 // user is logged in. 678 if ( $PHORUM["user"]["user_id"] > 0 ) { 679 // if the user has perms for this forum, use them. 680 if ( isset( $PHORUM["user"]["permissions"][$forum_id] ) ) { 681 $perms = $PHORUM["user"]["permissions"][$forum_id]; 682 // else we use the forum's default perms 683 // for registered users 684 } elseif ( $forum_id ) { 685 if ( $forum_id != $PHORUM["forum_id"] ) { 686 $forums = phorum_db_get_forums( $forum_id ); 687 $forum = array_shift( $forums ); 688 } else { 689 $forum = $PHORUM; 690 } 691 $perms = $forum["reg_perms"]; 692 } 693 // user is not logged in 694 // use the forum default perms for public users 695 } elseif ( $forum_id ) { 696 if ( $forum_id != $PHORUM["forum_id"] ) { 697 $forums = phorum_db_get_forums( $forum_id ); 698 $forum = array_shift( $forums ); 699 } else { 700 $forum = $PHORUM; 701 } 702 if(isset($forum['pub_perms'])) 703 $perms = $forum["pub_perms"]; 704 } 705 706 if ( !empty( $perms ) && ( $ret || ( $perms &$permission ) ) ) { 707 $ret = true; 708 } else { 709 $ret = false; 710 } 711 } 712 713 return $ret; 714 } 715 716 /** 717 * phorum_user_access_list() 718 * 719 * This function will return a list of forum ids in which 720 * the current user has $permission 721 * 722 * @param $permission Use the PHORUM_ALLOW_* constants 723 * @return bool 724 */ 725 726 function phorum_user_access_list( $permission ) 727 { 728 $PHORUM = $GLOBALS["PHORUM"]; 729 730 $forums = phorum_db_get_forums(0,-1,$PHORUM['vroot']); 731 $forum_list = array(); 732 733 $field = ( $PHORUM["user"]["user_id"] > 0 ) ? "reg_perms" : "pub_perms"; 734 735 foreach( $forums as $forum_id => $forum ) { 736 if ( $PHORUM["user"]["admin"] || $forum[$field] &$permission ) { 737 $forum_list[$forum_id] = $forum_id; 738 } 739 // if its a folder, they have read but nothing else 740 elseif ($forum["folder_flag"] && $permission == PHORUM_USER_ALLOW_READ){ 741 $forum_list[$forum_id] = $forum_id; 742 } 743 } 744 745 if ( !$PHORUM["user"]["admin"] && !empty( $PHORUM["user"]["permissions"] ) ) { 746 foreach( $PHORUM["user"]["permissions"] as $forum_id => $perms ) { 747 if ( isset( $forum_list[$forum_id] ) ) unset( $forum_list[$forum_id] ); 748 if ( $perms & $permission ) { 749 $forum_list[$forum_id] = $forum_id; 750 } 751 } 752 } 753 754 // Admins also have rights for forum_id 0 (announcements) 755 if ($PHORUM["user"]["admin"]) { 756 $forum_list[0] = 0; 757 } 758 759 return $forum_list; 760 } 761 762 /** 763 * phorum_user_allow_moderate_group() 764 * 765 * Return true if the current user is allowed to moderate 766 * a given group, or any group if no group is given. 767 * 768 * @param int - a group id to check (default, all) 769 * @return bool 770 */ 771 function phorum_user_allow_moderate_group($group_id = 0) 772 { 773 $groups = phorum_user_get_moderator_groups(); 774 if ($group_id == 0 && count($groups) > 0){ 775 return true; 776 } 777 elseif (isset($groups[$group_id])){ 778 return true; 779 } 780 else{ 781 return false; 782 } 783 } 784 785 /** 786 * phorum_user_get_moderator_groups() 787 * 788 * This function will return a list of the groups the current user 789 * is allowed to moderate. For admins, this will return all the groups. 790 * 791 * The array is of the form array[group_id] = groupname. 792 * @return array 793 */ 794 function phorum_user_get_moderator_groups() 795 { 796 $PHORUM=$GLOBALS["PHORUM"]; 797 $groups = array(); 798 799 // if its an admin, return all groups as a moderator 800 if ($PHORUM["user"]["admin"]){ 801 $fullgrouplist = phorum_db_get_groups(); 802 // the permission here is for a forum, we don't care about that 803 foreach ($fullgrouplist as $groupid => $groupperm){ 804 $groups[$groupid] = $fullgrouplist[$groupid]["name"]; 805 } 806 } else { 807 $grouplist = phorum_user_get_groups($PHORUM["user"]["user_id"]); 808 809 if(count($grouplist)) { 810 $fullgrouplist = phorum_db_get_groups(array_keys($grouplist)); 811 812 foreach ($grouplist as $groupid => $perm){ 813 if ($perm == PHORUM_USER_GROUP_MODERATOR){ 814 $groups[$groupid] = $fullgrouplist[$groupid]["name"]; 815 } 816 } 817 } 818 } 819 return $groups; 820 } 821 822 /** 823 * phorum_user_get_groups() 824 * 825 * This function will return a list of groups the user 826 * is a member of, as well as the users permissions. 827 * 828 * The returned list has the group id as the key, and 829 * the permission as the value. Permissions are the 830 * PHORUM_USER_GROUP constants. 831 * @param int - the users user_id 832 * @return array 833 */ 834 function phorum_user_get_groups($user_id) 835 { 836 return phorum_db_user_get_groups($user_id); 837 } 838 839 /** 840 * phorum_user_save_groups() 841 * 842 * This function saves a users group permissions. The data 843 * to save should be an array of the form array[group_id] = permission 844 * @param int - the users user_id 845 * @param array - group permissions to save 846 * @return bool - true if successful 847 */ 848 function phorum_user_save_groups($user_id, $groups) 849 { 850 if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) { 851 phorum_cache_remove('user',$user_id); 852 } 853 return phorum_db_user_save_groups($user_id, $groups); 854 } 855 856 function phorum_user_addpost() 857 { 858 return phorum_db_user_addpost(); 859 } 860 861 function phorum_user_delete($user_id) 862 { 863 if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) { 864 phorum_cache_remove('user',$user_id); 865 } 866 return phorum_db_user_delete($user_id); 867 } 868 869 /** 870 * phorum_user_check_custom_field() 871 * 872 * This function takes a custom-fields name and content 873 * as arguments and returns an array of the user_ids found 874 * or NULL if no users are found 875 * 876 * optional match-parameter 877 * 0 - exact match 878 * 1 - like-clause 879 */ 880 function phorum_user_check_custom_field($field_name,$field_content,$match=0) { 881 882 $type=-1; 883 foreach($GLOBALS['PHORUM']['PROFILE_FIELDS'] as $ctype => $cdata) { 884 if($ctype !== 'num_fields' && $cdata['name'] == $field_name) { 885 $type=$ctype; 886 break; 887 } 888 } 889 if($type > -1) { 890 $retval=phorum_db_get_custom_field_users($type,$field_content,$match); 891 } else { 892 $retval=NULL; 893 } 894 895 return $retval; 896 } 897 898 899 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 12:22:27 2007 | par Balluche grâce à PHPXref 0.7 |
|
|