| [ Index ] |
|
Code source de PHP NUKE 7.9 |
1 <?php 2 /*************************************************************************** 3 * auth.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp 10 * 11 * 12 ***************************************************************************/ 13 /*************************************************************************** 14 * phpbb2 forums port version 2.0.5 (c) 2003 - Nuke Cops (http://nukecops.com) 15 * 16 * Ported by Nuke Cops to phpbb2 standalone 2.0.5 Test 17 * and debugging completed by the Elite Nukers and site members. 18 * 19 * You run this package at your sole risk. Nuke Cops and affiliates cannot 20 * be held liable if anything goes wrong. You are advised to test this 21 * package on a development system. Backup everything before implementing 22 * in a production environment. If something goes wrong, you can always 23 * backout and restore your backups. 24 * 25 * Installing and running this also means you agree to the terms of the AUP 26 * found at Nuke Cops. 27 * 28 * This is version 2.0.5 of the phpbb2 forum port for PHP-Nuke. Work is based 29 * on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based 30 * on the phpbb2 standalone version 2.0.3. Our version 2.0.5 from Nuke Cops is 31 * now reflecting phpbb2 standalone 2.0.5 that fixes some bugs and the 32 * invalid_session error message. 33 ***************************************************************************/ 34 /*************************************************************************** 35 * This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002 36 * by Tom Nitzschner (tom@toms-home.com) 37 * http://bbtonuke.sourceforge.net (or http://www.toms-home.com) 38 * 39 * As always, make a backup before messing with anything. All code 40 * release by me is considered sample code only. It may be fully 41 * functual, but you use it at your own risk, if you break it, 42 * you get to fix it too. No waranty is given or implied. 43 * 44 * Please post all questions/request about this port on http://bbtonuke.sourceforge.net first, 45 * then on my site. All original header code and copyright messages will be maintained 46 * to give credit where credit is due. If you modify this, the only requirement is 47 * that you also maintain all original copyright messages. All my work is released 48 * under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information. 49 * 50 ***************************************************************************/ 51 52 /*************************************************************************** 53 * 54 * This program is free software; you can redistribute it and/or modify 55 * it under the terms of the GNU General Public License as published by 56 * the Free Software Foundation; either version 2 of the License, or 57 * (at your option) any later version. 58 * 59 ***************************************************************************/ 60 if ( !defined('IN_PHPBB') ) 61 { 62 die("Hacking attempt"); 63 exit; 64 } 65 66 /* 67 $type's accepted (pre-pend with AUTH_): 68 VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE 69 70 Possible options ($type/forum_id combinations): 71 72 * If you include a type and forum_id then a specific lookup will be done and 73 the single result returned 74 75 * If you set type to AUTH_ALL and specify a forum_id an array of all auth types 76 will be returned 77 78 * If you provide a forum_id a specific lookup on that forum will be done 79 80 * If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the 81 results for all forums will be returned 82 83 * If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional 84 array containing the auth permissions for all types and all forums for that 85 user is returned 86 87 All results are returned as associative arrays, even when a single auth type is 88 specified. 89 90 If available you can send an array (either one or two dimensional) containing the 91 forum auth levels, this will prevent the auth function having to do its own 92 lookup 93 */ 94 function auth($type, $forum_id, $userdata, $f_access = '') 95 { 96 global $db, $lang; 97 98 switch( $type ) 99 { 100 case AUTH_ALL: 101 $a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate'; 102 $auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); 103 break; 104 105 case AUTH_VIEW: 106 $a_sql = 'a.auth_view'; 107 $auth_fields = array('auth_view'); 108 break; 109 110 case AUTH_READ: 111 $a_sql = 'a.auth_read'; 112 $auth_fields = array('auth_read'); 113 break; 114 case AUTH_POST: 115 $a_sql = 'a.auth_post'; 116 $auth_fields = array('auth_post'); 117 break; 118 case AUTH_REPLY: 119 $a_sql = 'a.auth_reply'; 120 $auth_fields = array('auth_reply'); 121 break; 122 case AUTH_EDIT: 123 $a_sql = 'a.auth_edit'; 124 $auth_fields = array('auth_edit'); 125 break; 126 case AUTH_DELETE: 127 $a_sql = 'a.auth_delete'; 128 $auth_fields = array('auth_delete'); 129 break; 130 131 case AUTH_ANNOUNCE: 132 $a_sql = 'a.auth_announce'; 133 $auth_fields = array('auth_announce'); 134 break; 135 case AUTH_STICKY: 136 $a_sql = 'a.auth_sticky'; 137 $auth_fields = array('auth_sticky'); 138 break; 139 140 case AUTH_POLLCREATE: 141 $a_sql = 'a.auth_pollcreate'; 142 $auth_fields = array('auth_pollcreate'); 143 break; 144 case AUTH_VOTE: 145 $a_sql = 'a.auth_vote'; 146 $auth_fields = array('auth_vote'); 147 break; 148 case AUTH_ATTACH: 149 break; 150 151 default: 152 break; 153 } 154 155 // 156 // If f_access has been passed, or auth is needed to return an array of forums 157 // then we need to pull the auth information on the given forum (or all forums) 158 // 159 if ( empty($f_access) ) 160 { 161 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = '$forum_id'" : ''; 162 163 $sql = "SELECT a.forum_id, $a_sql 164 FROM " . FORUMS_TABLE . " a 165 $forum_match_sql"; 166 if ( !($result = $db->sql_query($sql)) ) 167 { 168 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); 169 } 170 171 $sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset'; 172 173 if ( !($f_access = $db->$sql_fetchrow($result)) ) 174 { 175 $db->sql_freeresult($result); 176 return array(); 177 } 178 179 $db->sql_freeresult($result); 180 } 181 182 // 183 // If the user isn't logged on then all we need do is check if the forum 184 // has the type set to ALL, if yes they are good to go, if not then they 185 // are denied access 186 // 187 $u_access = array(); 188 if ( $userdata['session_logged_in'] ) 189 { 190 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = '$forum_id'" : ''; 191 192 $sql = "SELECT a.forum_id, $a_sql, a.auth_mod 193 FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 194 WHERE ug.user_id = ".$userdata['user_id']. " 195 AND ug.user_pending = '0' 196 AND a.group_id = ug.group_id 197 $forum_match_sql"; 198 if ( !($result = $db->sql_query($sql)) ) 199 { 200 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); 201 } 202 203 if ( $row = $db->sql_fetchrow($result) ) 204 { 205 do 206 { 207 if ( $forum_id != AUTH_LIST_ALL) 208 { 209 $u_access[] = $row; 210 } 211 else 212 { 213 $u_access[$row['forum_id']][] = $row; 214 } 215 } 216 while( $row = $db->sql_fetchrow($result) ); 217 } 218 $db->sql_freeresult($result); 219 } 220 221 $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; 222 223 $auth_user = array(); 224 for($i = 0; $i < count($auth_fields); $i++) 225 { 226 $key = $auth_fields[$i]; 227 228 // 229 // If the user is logged on and the forum type is either ALL or REG then the user has access 230 // 231 // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions 232 // to do whatever it is they want to do ... to do this we pull relevant information for the 233 // user (and any groups they belong to) 234 // 235 // Now we compare the users access level against the forums. We assume here that a moderator 236 // and admin automatically have access to an ACL forum, similarly we assume admins meet an 237 // auth requirement of MOD 238 // 239 if ( $forum_id != AUTH_LIST_ALL ) 240 { 241 $value = $f_access[$key]; 242 243 switch( $value ) 244 { 245 case AUTH_ALL: 246 $auth_user[$key] = TRUE; 247 $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; 248 break; 249 250 case AUTH_REG: 251 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; 252 $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; 253 break; 254 255 case AUTH_ACL: 256 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; 257 $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; 258 break; 259 260 case AUTH_MOD: 261 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; 262 $auth_user[$key . '_type'] = $lang['Auth_Moderators']; 263 break; 264 265 case AUTH_ADMIN: 266 $auth_user[$key] = $is_admin; 267 $auth_user[$key . '_type'] = $lang['Auth_Administrators']; 268 break; 269 270 default: 271 $auth_user[$key] = 0; 272 break; 273 } 274 } 275 else 276 { 277 for($k = 0; $k < count($f_access); $k++) 278 { 279 $value = $f_access[$k][$key]; 280 $f_forum_id = $f_access[$k]['forum_id']; 281 282 switch( $value ) 283 { 284 case AUTH_ALL: 285 $auth_user[$f_forum_id][$key] = TRUE; 286 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; 287 break; 288 289 case AUTH_REG: 290 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; 291 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users']; 292 break; 293 294 case AUTH_ACL: 295 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0; 296 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access']; 297 break; 298 299 case AUTH_MOD: 300 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; 301 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators']; 302 break; 303 304 case AUTH_ADMIN: 305 $auth_user[$f_forum_id][$key] = $is_admin; 306 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators']; 307 break; 308 309 default: 310 $auth_user[$f_forum_id][$key] = 0; 311 break; 312 } 313 } 314 } 315 } 316 317 // 318 // Is user a moderator? 319 // 320 if ( $forum_id != AUTH_LIST_ALL ) 321 { 322 $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; 323 } 324 else 325 { 326 for($k = 0; $k < count($f_access); $k++) 327 { 328 $f_forum_id = $f_access[$k]['forum_id']; 329 330 $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; 331 } 332 } 333 334 return $auth_user; 335 } 336 337 function auth_check_user($type, $key, $u_access, $is_admin) 338 { 339 $auth_user = 0; 340 341 if ( count($u_access) ) 342 { 343 for($j = 0; $j < count($u_access); $j++) 344 { 345 $result = 0; 346 switch($type) 347 { 348 case AUTH_ACL: 349 $result = $u_access[$j][$key]; 350 351 case AUTH_MOD: 352 $result = $result || $u_access[$j]['auth_mod']; 353 354 case AUTH_ADMIN: 355 $result = $result || $is_admin; 356 break; 357 } 358 359 $auth_user = $auth_user || $result; 360 } 361 } 362 else 363 { 364 $auth_user = $is_admin; 365 } 366 367 return $auth_user; 368 } 369 370 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 11:11:59 2007 | par Balluche grâce à PHPXref 0.7 |