| [ Index ] |
|
Code source de PHP NUKE 7.9 |
1 <?php 2 /*************************************************************************** 3 * admin_ug_auth.php 4 * ------------------- 5 * begin : Saturday, Feb 13, 2001 6 * copyright : (C) 2001 The phpBB Group 7 * email : support@phpbb.com 8 * 9 * Id: admin_ug_auth.php,v 1.13.2.9 2005/07/19 20:01:05 acydburn Exp 10 * 11 * 12 ***************************************************************************/ 13 14 /*************************************************************************** 15 * 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation; either version 2 of the License, or 19 * (at your option) any later version. 20 * 21 ***************************************************************************/ 22 23 define('IN_PHPBB', 1); 24 25 if( !empty($setmodules) ) 26 { 27 $filename = basename(__FILE__); 28 $module['Users']['Permissions'] = $filename . "?mode=user"; 29 $module['Groups']['Permissions'] = $filename . "?mode=group"; 30 31 return; 32 } 33 34 // 35 // Load default header 36 // 37 $no_page_header = TRUE; 38 39 $phpbb_root_path = "./../"; 40 require ($phpbb_root_path . 'extension.inc'); 41 require('./pagestart.' . $phpEx); 42 43 $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv'); 44 45 while( list($var, $param) = @each($params) ) 46 { 47 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) ) 48 { 49 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param]; 50 } 51 else 52 { 53 $$var = ""; 54 } 55 } 56 57 $user_id = intval($user_id); 58 $group_id = intval($group_id); 59 $adv = intval($adv); 60 $mode = htmlspecialchars($mode); 61 // 62 // Start program - define vars 63 // 64 $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); 65 66 $auth_field_match = array( 67 'auth_view' => AUTH_VIEW, 68 'auth_read' => AUTH_READ, 69 'auth_post' => AUTH_POST, 70 'auth_reply' => AUTH_REPLY, 71 'auth_edit' => AUTH_EDIT, 72 'auth_delete' => AUTH_DELETE, 73 'auth_sticky' => AUTH_STICKY, 74 'auth_announce' => AUTH_ANNOUNCE, 75 'auth_vote' => AUTH_VOTE, 76 'auth_pollcreate' => AUTH_POLLCREATE); 77 78 $field_names = array( 79 'auth_view' => $lang['View'], 80 'auth_read' => $lang['Read'], 81 'auth_post' => $lang['Post'], 82 'auth_reply' => $lang['Reply'], 83 'auth_edit' => $lang['Edit'], 84 'auth_delete' => $lang['Delete'], 85 'auth_sticky' => $lang['Sticky'], 86 'auth_announce' => $lang['Announce'], 87 'auth_vote' => $lang['Vote'], 88 'auth_pollcreate' => $lang['Pollcreate']); 89 90 // --------------- 91 // Start Functions 92 // 93 function check_auth($type, $key, $u_access, $is_admin) 94 { 95 $auth_user = 0; 96 97 if( count($u_access) ) 98 { 99 for($j = 0; $j < count($u_access); $j++) 100 { 101 $result = 0; 102 switch($type) 103 { 104 case AUTH_ACL: 105 $result = $u_access[$j][$key]; 106 107 case AUTH_MOD: 108 $result = $result || $u_access[$j]['auth_mod']; 109 110 case AUTH_ADMIN: 111 $result = $result || $is_admin; 112 break; 113 } 114 115 $auth_user = $auth_user || $result; 116 } 117 } 118 else 119 { 120 $auth_user = $is_admin; 121 } 122 123 return $auth_user; 124 } 125 // 126 // End Functions 127 // ------------- 128 129 if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) ) 130 { 131 $user_level = ''; 132 if ( $mode == 'user' ) 133 { 134 // 135 // Get group_id for this user_id 136 // 137 $sql = "SELECT g.group_id, u.user_level 138 FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g 139 WHERE u.user_id = '$user_id' 140 AND ug.user_id = u.user_id 141 AND g.group_id = ug.group_id 142 AND g.group_single_user = " . TRUE; 143 if ( !($result = $db->sql_query($sql)) ) 144 { 145 message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql); 146 } 147 148 $row = $db->sql_fetchrow($result); 149 150 $group_id = intval($row['group_id']); 151 $user_level = intval($row['user_level']); 152 153 $db->sql_freeresult($result); 154 } 155 156 // 157 // Carry out requests 158 // 159 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN ) 160 { 161 // 162 // Make user an admin (if already user) 163 // 164 if ( $userdata['user_id'] != $user_id ) 165 { 166 $sql = "UPDATE " . USERS_TABLE . " 167 SET user_level = " . ADMIN . " 168 WHERE user_id = '$user_id'"; 169 if ( !($result = $db->sql_query($sql)) ) 170 { 171 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 172 } 173 174 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 175 WHERE group_id = '$group_id' 176 AND auth_mod = '0'"; 177 if ( !($result = $db->sql_query($sql)) ) 178 { 179 message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql); 180 } 181 182 // 183 // Delete any entries in auth_access, they are not required if user is becoming an 184 // admin 185 // 186 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 187 SET auth_view = '0', auth_read = '0', auth_post = '0', auth_reply = '0', auth_edit = '0', auth_delete = '0', auth_sticky = '0', auth_announce = '0' 188 WHERE group_id = '$group_id'"; 189 if ( !($result = $db->sql_query($sql)) ) 190 { 191 message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql); 192 } 193 } 194 195 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 196 message_die(GENERAL_MESSAGE, $message); 197 } 198 else 199 { 200 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN ) 201 { 202 // 203 // Make admin a user (if already admin) ... ignore if you're trying 204 // to change yourself from an admin to user! 205 // 206 if ( $userdata['user_id'] != $user_id ) 207 { 208 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 209 SET auth_view = '0', auth_read = '0', auth_post = '0', auth_reply = '0', auth_edit = '0', auth_delete = '0', auth_sticky = '0', auth_announce = '0' 210 WHERE group_id = '$group_id'"; 211 if ( !($result = $db->sql_query($sql)) ) 212 { 213 message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql); 214 } 215 216 // 217 // Update users level, reset to USER 218 // 219 $sql = "UPDATE " . USERS_TABLE . " 220 SET user_level = " . USER . " 221 WHERE user_id = '$user_id'"; 222 if ( !($result = $db->sql_query($sql)) ) 223 { 224 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 225 } 226 } 227 228 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 229 } 230 else 231 { 232 233 $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false; 234 235 if ( empty($adv) ) 236 { 237 $change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false; 238 } 239 else 240 { 241 $change_acl_list = array(); 242 for($j = 0; $j < count($forum_auth_fields); $j++) 243 { 244 $auth_field = $forum_auth_fields[$j]; 245 246 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) ) 247 { 248 $change_acl_list[$forum_id][$auth_field] = $value; 249 } 250 } 251 } 252 253 $sql = "SELECT * 254 FROM " . FORUMS_TABLE . " f 255 ORDER BY forum_order"; 256 if ( !($result = $db->sql_query($sql)) ) 257 { 258 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 259 } 260 261 $forum_access = array(); 262 while( $row = $db->sql_fetchrow($result) ) 263 { 264 $forum_access[] = $row; 265 } 266 $db->sql_freeresult($result); 267 268 $sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = '$group_id'"; 269 if ( !($result = $db->sql_query($sql)) ) 270 { 271 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 272 } 273 274 $auth_access = array(); 275 while( $row = $db->sql_fetchrow($result) ) 276 { 277 $auth_access[$row['forum_id']] = $row; 278 } 279 $db->sql_freeresult($result); 280 281 $forum_auth_action = array(); 282 $update_acl_status = array(); 283 $update_mod_status = array(); 284 285 for($i = 0; $i < count($forum_access); $i++) 286 { 287 $forum_id = $forum_access[$i]['forum_id']; 288 289 if ( 290 ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) || 291 ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) ) 292 ) 293 { 294 $update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod']; 295 296 if ( !$update_mod_status[$forum_id] ) 297 { 298 $forum_auth_action[$forum_id] = 'delete'; 299 } 300 else if ( !isset($auth_access[$forum_id]['auth_mod']) ) 301 { 302 $forum_auth_action[$forum_id] = 'insert'; 303 } 304 else 305 { 306 $forum_auth_action[$forum_id] = 'update'; 307 } 308 } 309 310 for($j = 0; $j < count($forum_auth_fields); $j++) 311 { 312 $auth_field = $forum_auth_fields[$j]; 313 314 if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) ) 315 { 316 if ( ( empty($auth_access[$forum_id]['auth_mod']) && 317 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) || 318 ( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) || 319 !empty($update_mod_status[$forum_id]) 320 ) 321 { 322 $update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field]; 323 324 if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' ) 325 { 326 $forum_auth_action[$forum_id] = 'delete'; 327 } 328 else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) ) 329 { 330 $forum_auth_action[$forum_id] = 'insert'; 331 } 332 else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) ) 333 { 334 $forum_auth_action[$forum_id] = 'update'; 335 } 336 } 337 else if ( ( empty($auth_access[$forum_id]['auth_mod']) && 338 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' ) 339 { 340 $forum_auth_action[$forum_id] = 'update'; 341 } 342 } 343 } 344 } 345 346 // 347 // Checks complete, make updates to DB 348 // 349 $delete_sql = ''; 350 while( list($forum_id, $action) = @each($forum_auth_action) ) 351 { 352 if ( $action == 'delete' ) 353 { 354 $delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id; 355 } 356 else 357 { 358 if ( $action == 'insert' ) 359 { 360 $sql_field = ''; 361 $sql_value = ''; 362 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 363 { 364 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type; 365 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value; 366 } 367 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod'; 368 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 369 370 $sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field) 371 VALUES ($forum_id, $group_id, $sql_value)"; 372 } 373 else 374 { 375 $sql_values = ''; 376 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) ) 377 { 378 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value; 379 } 380 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]); 381 382 $sql = "UPDATE " . AUTH_ACCESS_TABLE . " 383 SET $sql_values 384 WHERE group_id = '$group_id' 385 AND forum_id = '$forum_id'"; 386 } 387 if( !($result = $db->sql_query($sql)) ) 388 { 389 message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql); 390 } 391 } 392 } 393 394 if ( $delete_sql != '' ) 395 { 396 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 397 WHERE group_id = '$group_id' 398 AND forum_id IN ($delete_sql)"; 399 if( !($result = $db->sql_query($sql)) ) 400 { 401 message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql); 402 } 403 } 404 405 $l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth']; 406 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>'); 407 } 408 409 // 410 // Update user level to mod for appropriate users 411 // 412 $sql = "SELECT u.user_id 413 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u 414 WHERE ug.group_id = aa.group_id 415 AND u.user_id = ug.user_id 416 AND ug.user_pending = 0 417 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") 418 GROUP BY u.user_id 419 HAVING SUM(aa.auth_mod) > 0"; 420 if ( !($result = $db->sql_query($sql)) ) 421 { 422 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 423 } 424 425 $set_mod = ''; 426 while( $row = $db->sql_fetchrow($result) ) 427 { 428 $set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id']; 429 } 430 $db->sql_freeresult($result); 431 432 // 433 // Update user level to user for appropriate users 434 // 435 switch ( SQL_LAYER ) 436 { 437 case 'postgresql': 438 $sql = "SELECT u.user_id 439 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 440 WHERE ug.user_id = u.user_id 441 AND aa.group_id = ug.group_id 442 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 443 GROUP BY u.user_id 444 HAVING SUM(aa.auth_mod) = 0 445 UNION ( 446 SELECT u.user_id 447 FROM " . USERS_TABLE . " u 448 WHERE NOT EXISTS ( 449 SELECT aa.auth_mod 450 FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 451 WHERE ug.user_id = u.user_id 452 AND aa.group_id = ug.group_id 453 ) 454 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 455 GROUP BY u.user_id 456 )"; 457 break; 458 case 'oracle': 459 $sql = "SELECT u.user_id 460 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa 461 WHERE ug.user_id = u.user_id(+) 462 AND aa.group_id = ug.group_id(+) 463 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ") 464 GROUP BY u.user_id 465 HAVING SUM(aa.auth_mod) = 0"; 466 break; 467 default: 468 $sql = "SELECT u.user_id 469 FROM ( ( " . USERS_TABLE . " u 470 LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id ) 471 LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id ) 472 WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ") 473 GROUP BY u.user_id 474 HAVING SUM(aa.auth_mod) = 0"; 475 break; 476 } 477 if ( !($result = $db->sql_query($sql)) ) 478 { 479 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 480 } 481 482 $unset_mod = ""; 483 while( $row = $db->sql_fetchrow($result) ) 484 { 485 $unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id']; 486 } 487 $db->sql_freeresult($result); 488 489 if ( $set_mod != '' ) 490 { 491 $sql = "UPDATE " . USERS_TABLE . " 492 SET user_level = " . MOD . " 493 WHERE user_id IN ($set_mod)"; 494 if( !($result = $db->sql_query($sql)) ) 495 { 496 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 497 } 498 } 499 500 if ( $unset_mod != '' ) 501 { 502 $sql = "UPDATE " . USERS_TABLE . " 503 SET user_level = " . USER . " 504 WHERE user_id IN ($unset_mod)"; 505 if( !($result = $db->sql_query($sql)) ) 506 { 507 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql); 508 } 509 } 510 $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . " 511 WHERE group_id = $group_id"; 512 $result = $db->sql_query($sql); 513 514 $group_user = array(); 515 while ($row = $db->sql_fetchrow($result)) 516 { 517 $group_user[$row['user_id']] = $row['user_id']; 518 } 519 $db->sql_freeresult($result); 520 521 $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 522 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 523 WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 524 AND aa.group_id = ug.group_id 525 AND aa.auth_mod = 1 526 GROUP BY ug.user_id"; 527 if ( !($result = $db->sql_query($sql)) ) 528 { 529 message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql); 530 } 531 532 while ($row = $db->sql_fetchrow($result)) 533 { 534 if ($row['is_auth_mod']) 535 { 536 unset($group_user[$row['user_id']]); 537 } 538 } 539 $db->sql_freeresult($result); 540 541 if (sizeof($group_user)) 542 { 543 $sql = "UPDATE " . USERS_TABLE . " 544 SET user_level = " . USER . " 545 WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; 546 if ( !($result = $db->sql_query($sql)) ) 547 { 548 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql); 549 } 550 } 551 552 message_die(GENERAL_MESSAGE, $message); 553 } 554 } 555 else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) ) 556 { 557 if ( isset($HTTP_POST_VARS['username']) ) 558 { 559 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true); 560 if ( !is_array($this_userdata) ) 561 { 562 message_die(GENERAL_MESSAGE, $lang['No_such_user']); 563 } 564 $user_id = $this_userdata['user_id']; 565 } 566 567 // 568 // Front end 569 // 570 $sql = "SELECT f.* 571 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c 572 WHERE f.cat_id = c.cat_id 573 ORDER BY c.cat_order, f.forum_order ASC"; 574 if ( !($result = $db->sql_query($sql)) ) 575 { 576 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql); 577 } 578 579 $forum_access = array(); 580 while( $row = $db->sql_fetchrow($result) ) 581 { 582 $forum_access[] = $row; 583 } 584 $db->sql_freeresult($result); 585 586 if( empty($adv) ) 587 { 588 for($i = 0; $i < count($forum_access); $i++) 589 { 590 $forum_id = $forum_access[$i]['forum_id']; 591 592 $forum_auth_level[$forum_id] = AUTH_ALL; 593 594 for($j = 0; $j < count($forum_auth_fields); $j++) 595 { 596 $forum_access[$i][$forum_auth_fields[$j]] . ' :: '; 597 if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL ) 598 { 599 $forum_auth_level[$forum_id] = AUTH_ACL; 600 $forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j]; 601 } 602 } 603 } 604 } 605 606 // 607 // Check if a private user group existis for this user and if not, create one. 608 // 609 $sql = "SELECT user_id FROM " . USER_GROUP_TABLE . " WHERE user_id = '$user_id'"; 610 $result = $db->sql_query($sql); 611 $row = $db->sql_fetchrow($result); 612 $user_check = $row['user_id']; 613 if ( $user_check != $user_id ) 614 { 615 $sql = "SELECT MAX(group_id) AS total 616 FROM " . GROUPS_TABLE; 617 if ( !($result = $db->sql_query($sql)) ) 618 { 619 message_die(GENERAL_ERROR, 'Could not select last group_id information', '', __LINE__, __FILE__, $sql); 620 } 621 if ( !($row = $db->sql_fetchrow($result)) ) 622 { 623 message_die(GENERAL_ERROR, 'Could not obtain next group_id information', '', __LINE__, __FILE__, $sql); 624 } 625 $group_id = $row['total'] + 1; 626 $sql = "INSERT INTO " . GROUPS_TABLE . " (group_id, group_name, group_description, group_single_user, group_moderator) 627 VALUES ('$group_id', '', 'Personal User', '1', '0')"; 628 if ( !($result = $db->sql_query($sql)) ) 629 { 630 message_die(GENERAL_ERROR, 'Could not create private group', '', __LINE__, __FILE__, $sql); 631 } 632 $sql = "INSERT INTO " . USER_GROUP_TABLE . " (group_id, user_id, user_pending) 633 VALUES ('$group_id', '$user_id', '0')"; 634 if ( !($result = $db->sql_query($sql)) ) 635 { 636 message_die(GENERAL_ERROR, 'Could not create private group', '', __LINE__, __FILE__, $sql); 637 } 638 } 639 // 640 // End Private group check. 641 // 642 $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE "; 643 $sql .= ( $mode == 'user' ) ? "u.user_id = '$user_id' AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = '$group_id' AND ug.group_id = g.group_id AND u.user_id = ug.user_id"; 644 if ( !($result = $db->sql_query($sql)) ) 645 { 646 message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql); 647 } 648 $ug_info = array(); 649 while( $row = $db->sql_fetchrow($result) ) 650 { 651 $ug_info[] = $row; 652 } 653 $db->sql_freeresult($result); 654 655 $sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = '$group_id'"; 656 if ( !($result = $db->sql_query($sql)) ) 657 { 658 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql); 659 } 660 661 $auth_access = array(); 662 $auth_access_count = array(); 663 while( $row = $db->sql_fetchrow($result) ) 664 { 665 $auth_access[$row['forum_id']][] = $row; 666 $auth_access_count[$row['forum_id']]++; 667 } 668 $db->sql_freeresult($result); 669 670 $is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0; 671 672 for($i = 0; $i < count($forum_access); $i++) 673 { 674 $forum_id = $forum_access[$i]['forum_id']; 675 676 unset($prev_acl_setting); 677 for($j = 0; $j < count($forum_auth_fields); $j++) 678 { 679 $key = $forum_auth_fields[$j]; 680 $value = $forum_access[$i][$key]; 681 682 switch( $value ) 683 { 684 case AUTH_ALL: 685 case AUTH_REG: 686 $auth_ug[$forum_id][$key] = 1; 687 break; 688 689 case AUTH_ACL: 690 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0; 691 $auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key]; 692 693 if ( isset($prev_acl_setting) ) 694 { 695 if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) ) 696 { 697 $adv = 1; 698 } 699 } 700 701 $prev_acl_setting = $auth_ug[$forum_id][$key]; 702 703 break; 704 705 case AUTH_MOD: 706 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0; 707 break; 708 709 case AUTH_ADMIN: 710 $auth_ug[$forum_id][$key] = $is_admin; 711 break; 712 713 default: 714 $auth_ug[$forum_id][$key] = 0; 715 break; 716 } 717 } 718 719 // 720 // Is user a moderator? 721 // 722 $auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0; 723 } 724 725 $i = 0; 726 @reset($auth_ug); 727 while( list($forum_id, $user_ary) = @each($auth_ug) ) 728 { 729 if ( empty($adv) ) 730 { 731 if ( $forum_auth_level[$forum_id] == AUTH_ACL ) 732 { 733 $allowed = 1; 734 735 for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++) 736 { 737 if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] ) 738 { 739 $allowed = 0; 740 } 741 } 742 743 $optionlist_acl = '<select name="private[' . $forum_id . ']">'; 744 745 if ( $is_admin || $user_ary['auth_mod'] ) 746 { 747 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>'; 748 } 749 else if ( $allowed ) 750 { 751 $optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>'; 752 } 753 else 754 { 755 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>'; 756 } 757 758 $optionlist_acl .= '</select>'; 759 } 760 else 761 { 762 $optionlist_acl = ' '; 763 } 764 } 765 else 766 { 767 for($j = 0; $j < count($forum_access); $j++) 768 { 769 if ( $forum_access[$j]['forum_id'] == $forum_id ) 770 { 771 for($k = 0; $k < count($forum_auth_fields); $k++) 772 { 773 $field_name = $forum_auth_fields[$k]; 774 775 if( $forum_access[$j][$field_name] == AUTH_ACL ) 776 { 777 $optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">'; 778 779 if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) ) 780 { 781 if( !$auth_field_acl[$forum_id][$field_name] ) 782 { 783 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 784 } 785 else 786 { 787 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>'; 788 } 789 } 790 else 791 { 792 if( $is_admin || $user_ary['auth_mod'] ) 793 { 794 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>'; 795 } 796 else 797 { 798 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>'; 799 } 800 } 801 802 $optionlist_acl_adv[$forum_id][$k] .= '</select>'; 803 804 } 805 } 806 } 807 } 808 } 809 810 $optionlist_mod = '<select name="moderator[' . $forum_id . ']">'; 811 $optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>'; 812 $optionlist_mod .= '</select>'; 813 814 $row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1'; 815 $row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2']; 816 817 $template->assign_block_vars('forums', array( 818 'ROW_COLOR' => '#' . $row_color, 819 'ROW_CLASS' => $row_class, 820 'FORUM_NAME' => $forum_access[$i]['forum_name'], 821 822 'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']), 823 824 'S_MOD_SELECT' => $optionlist_mod) 825 ); 826 827 if( !$adv ) 828 { 829 $template->assign_block_vars('forums.aclvalues', array( 830 'S_ACL_SELECT' => $optionlist_acl) 831 ); 832 } 833 else 834 { 835 for($j = 0; $j < count($forum_auth_fields); $j++) 836 { 837 $template->assign_block_vars('forums.aclvalues', array( 838 'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j]) 839 ); 840 } 841 } 842 843 $i++; 844 } 845 846 if ( $mode == 'user' ) 847 { 848 $t_username = $ug_info[0]['username']; 849 $s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>'; 850 } 851 else 852 { 853 $t_groupname = $ug_info[0]['group_name']; 854 } 855 856 $name = array(); 857 $id = array(); 858 for($i = 0; $i < count($ug_info); $i++) 859 { 860 if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' ) 861 { 862 $name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username']; 863 $id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']); 864 } 865 } 866 867 if( count($name) ) 868 { 869 $t_usergroup_list = $t_pending_list = ''; 870 for($i = 0; $i < count($ug_info); $i++) 871 { 872 $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL; 873 874 if (!$ug_info[$i]['user_pending']) 875 { 876 $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 877 } 878 else 879 { 880 $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>'; 881 } 882 } 883 } 884 else 885 { 886 $t_usergroup_list = $lang['None']; 887 } 888 889 $s_column_span = 2; // Two columns always present 890 if( !$adv ) 891 { 892 $template->assign_block_vars('acltype', array( 893 'L_UG_ACL_TYPE' => $lang['Simple_Permission']) 894 ); 895 $s_column_span++; 896 } 897 else 898 { 899 for($i = 0; $i < count($forum_auth_fields); $i++) 900 { 901 $cell_title = $field_names[$forum_auth_fields[$i]]; 902 903 $template->assign_block_vars('acltype', array( 904 'L_UG_ACL_TYPE' => $cell_title) 905 ); 906 $s_column_span++; 907 } 908 } 909 910 // 911 // Dump in the page header ... 912 // 913 include('./page_header_admin.'.$phpEx); 914 915 $template->set_filenames(array( 916 "body" => 'admin/auth_ug_body.tpl') 917 ); 918 919 $adv_switch = ( empty($adv) ) ? 1 : 0; 920 $u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id; 921 $switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch"); 922 $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode']; 923 $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>'; 924 925 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />'; 926 $s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />'; 927 928 if ( $mode == 'user' ) 929 { 930 $template->assign_block_vars('switch_user_auth', array()); 931 932 $template->assign_vars(array( 933 'USERNAME' => $t_username, 934 'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type, 935 'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list) 936 ); 937 } 938 else 939 { 940 $template->assign_block_vars("switch_group_auth", array()); 941 942 $template->assign_vars(array( 943 'USERNAME' => $t_groupname, 944 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list) 945 ); 946 } 947 948 $template->assign_vars(array( 949 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'], 950 951 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 952 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 953 'L_MODERATOR_STATUS' => $lang['Moderator_status'], 954 'L_PERMISSIONS' => $lang['Permissions'], 955 'L_SUBMIT' => $lang['Submit'], 956 'L_RESET' => $lang['Reset'], 957 'L_FORUM' => $lang['Forum'], 958 959 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"), 960 'U_SWITCH_MODE' => $u_switch_mode, 961 962 'S_COLUMN_SPAN' => $s_column_span, 963 'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"), 964 'S_HIDDEN_FIELDS' => $s_hidden_fields) 965 ); 966 } 967 else 968 { 969 // 970 // Select a user/group 971 // 972 include('./page_header_admin.'.$phpEx); 973 974 $template->set_filenames(array( 975 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl') 976 ); 977 978 if ( $mode == 'user' ) 979 { 980 $template->assign_vars(array( 981 'L_FIND_USERNAME' => $lang['Find_username'], 982 983 'U_SEARCH_USER' => append_sid("search.$phpEx?mode=searchuser&popup=1&menu=1")) 984 ); 985 } 986 else 987 { 988 $sql = "SELECT group_id, group_name 989 FROM " . GROUPS_TABLE . " 990 WHERE group_single_user <> " . TRUE; 991 if ( !($result = $db->sql_query($sql)) ) 992 { 993 message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql); 994 } 995 996 if ( $row = $db->sql_fetchrow($result) ) 997 { 998 $select_list = '<select name="' . POST_GROUPS_URL . '">'; 999 do 1000 { 1001 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>'; 1002 } 1003 while ( $row = $db->sql_fetchrow($result) ); 1004 $select_list .= '</select>'; 1005 } 1006 1007 $template->assign_vars(array( 1008 'S_AUTH_SELECT' => $select_list) 1009 ); 1010 } 1011 1012 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; 1013 1014 $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH'; 1015 1016 $template->assign_vars(array( 1017 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'], 1018 'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'], 1019 'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'], 1020 'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'], 1021 1022 'S_HIDDEN_FIELDS' => $s_hidden_fields, 1023 'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx")) 1024 ); 1025 1026 } 1027 1028 $template->pparse('body'); 1029 1030 include('./page_footer_admin.'.$phpEx); 1031 1032 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Apr 1 11:11:59 2007 | par Balluche grâce à PHPXref 0.7 |