1 rizwank 1.1 <?php
2 /***************************************************************************
3 * admin_ug_auth.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: admin_ug_auth.php,v 1.13.2.2 2002/05/12 15:57:44 psotfx Exp $
10 *
11 *
12 ***************************************************************************/
13
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22 rizwank 1.1
23 define('IN_PHPBB', 1);
24
25 if( !empty($setmodules) )
26 {
27 $filename = basename(__FILE__);
28 $module['Users']['Permissions'] = $filename . "?mode=user";
29 $module['Groups']['Permissions'] = $filename . "?mode=group";
30
31 return;
32 }
33
34 //
35 // Load default header
36 //
37 $no_page_header = TRUE;
38
39 $phpbb_root_path = "./../";
40 require($phpbb_root_path . 'extension.inc');
41 require('./pagestart.' . $phpEx);
42
43 rizwank 1.1 $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
44
45 while( list($var, $param) = @each($params) )
46 {
47 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
48 {
49 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
50 }
51 else
52 {
53 $$var = "";
54 }
55 }
56
57 //
58 // Start program - define vars
59 //
60 $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
61
62 $auth_field_match = array(
63 'auth_view' => AUTH_VIEW,
64 rizwank 1.1 'auth_read' => AUTH_READ,
65 'auth_post' => AUTH_POST,
66 'auth_reply' => AUTH_REPLY,
67 'auth_edit' => AUTH_EDIT,
68 'auth_delete' => AUTH_DELETE,
69 'auth_sticky' => AUTH_STICKY,
70 'auth_announce' => AUTH_ANNOUNCE,
71 'auth_vote' => AUTH_VOTE,
72 'auth_pollcreate' => AUTH_POLLCREATE);
73
74 $field_names = array(
75 'auth_view' => $lang['View'],
76 'auth_read' => $lang['Read'],
77 'auth_post' => $lang['Post'],
78 'auth_reply' => $lang['Reply'],
79 'auth_edit' => $lang['Edit'],
80 'auth_delete' => $lang['Delete'],
81 'auth_sticky' => $lang['Sticky'],
82 'auth_announce' => $lang['Announce'],
83 'auth_vote' => $lang['Vote'],
84 'auth_pollcreate' => $lang['Pollcreate']);
85 rizwank 1.1
86 // ---------------
87 // Start Functions
88 //
89 function check_auth($type, $key, $u_access, $is_admin)
90 {
91 $auth_user = 0;
92
93 if( count($u_access) )
94 {
95 for($j = 0; $j < count($u_access); $j++)
96 {
97 $result = 0;
98 switch($type)
99 {
100 case AUTH_ACL:
101 $result = $u_access[$j][$key];
102
103 case AUTH_MOD:
104 $result = $result || $u_access[$j]['auth_mod'];
105
106 rizwank 1.1 case AUTH_ADMIN:
107 $result = $result || $is_admin;
108 break;
109 }
110
111 $auth_user = $auth_user || $result;
112 }
113 }
114 else
115 {
116 $auth_user = $is_admin;
117 }
118
119 return $auth_user;
120 }
121 //
122 // End Functions
123 // -------------
124
125 if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) )
126 {
127 rizwank 1.1 $user_level = '';
128 if ( $mode == 'user' )
129 {
130 //
131 // Get group_id for this user_id
132 //
133 $sql = "SELECT g.group_id, u.user_level
134 FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
135 WHERE u.user_id = $user_id
136 AND ug.user_id = u.user_id
137 AND g.group_id = ug.group_id
138 AND g.group_single_user = " . TRUE;
139 if ( !($result = $db->sql_query($sql)) )
140 {
141 message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql);
142 }
143
144 $row = $db->sql_fetchrow($result);
145
146 $group_id = $row['group_id'];
147 $user_level = $row['user_level'];
148 rizwank 1.1
149 $db->sql_freeresult($result);
150 }
151
152 //
153 // Carry out requests
154 //
155 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN )
156 {
157 //
158 // Make user an admin (if already user)
159 //
160 if ( $userdata['user_id'] != $user_id )
161 {
162 $sql = "UPDATE " . USERS_TABLE . "
163 SET user_level = " . ADMIN . "
164 WHERE user_id = $user_id";
165 if ( !($result = $db->sql_query($sql)) )
166 {
167 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
168 }
169 rizwank 1.1
170 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
171 WHERE group_id = $group_id
172 AND auth_mod = 0";
173 if ( !($result = $db->sql_query($sql)) )
174 {
175 message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql);
176 }
177
178 //
179 // Delete any entries in auth_access, they are not required if user is becoming an
180 // admin
181 //
182 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
183 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
184 WHERE group_id = $group_id";
185 if ( !($result = $db->sql_query($sql)) )
186 {
187 message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql);
188 }
189 }
190 rizwank 1.1
191 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
192 message_die(GENERAL_MESSAGE, $message);
193 }
194 else
195 {
196 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN )
197 {
198 //
199 // Make admin a user (if already admin) ... ignore if you're trying
200 // to change yourself from an admin to user!
201 //
202 if ( $userdata['user_id'] != $user_id )
203 {
204 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
205 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
206 WHERE group_id = $group_id";
207 if ( !($result = $db->sql_query($sql)) )
208 {
209 message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql);
210 }
211 rizwank 1.1
212 //
213 // Update users level, reset to USER
214 //
215 $sql = "UPDATE " . USERS_TABLE . "
216 SET user_level = " . USER . "
217 WHERE user_id = $user_id";
218 if ( !($result = $db->sql_query($sql)) )
219 {
220 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
221 }
222 }
223
224 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
225 }
226 else
227 {
228
229 $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : false;
230
231 if ( empty($adv) )
232 rizwank 1.1 {
233 $change_acl_list = ( isset($HTTP_POST_VARS['private']) ) ? $HTTP_POST_VARS['private'] : false;
234 }
235 else
236 {
237 $change_acl_list = array();
238 for($j = 0; $j < count($forum_auth_fields); $j++)
239 {
240 $auth_field = $forum_auth_fields[$j];
241
242 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) )
243 {
244 $change_acl_list[$forum_id][$auth_field] = $value;
245 }
246 }
247 }
248
249 $sql = "SELECT *
250 FROM " . FORUMS_TABLE . " f
251 ORDER BY forum_order";
252 if ( !($result = $db->sql_query($sql)) )
253 rizwank 1.1 {
254 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
255 }
256
257 $forum_access = array();
258 while( $row = $db->sql_fetchrow($result) )
259 {
260 $forum_access[] = $row;
261 }
262 $db->sql_freeresult($result);
263
264 $sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
265 if ( !($result = $db->sql_query($sql)) )
266 {
267 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
268 }
269
270 $auth_access = array();
271 while( $row = $db->sql_fetchrow($result) )
272 {
273 $auth_access[$row['forum_id']] = $row;
274 rizwank 1.1 }
275 $db->sql_freeresult($result);
276
277 $forum_auth_action = array();
278 $update_acl_status = array();
279 $update_mod_status = array();
280
281 for($i = 0; $i < count($forum_access); $i++)
282 {
283 $forum_id = $forum_access[$i]['forum_id'];
284
285 if (
286 ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id]['auth_mod'] != $auth_access[$forum_id]['auth_mod'] ) ||
287 ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]['auth_mod']) )
288 )
289 {
290 $update_mod_status[$forum_id] = $change_mod_list[$forum_id]['auth_mod'];
291
292 if ( !$update_mod_status[$forum_id] )
293 {
294 $forum_auth_action[$forum_id] = 'delete';
295 rizwank 1.1 }
296 else if ( !isset($auth_access[$forum_id]['auth_mod']) )
297 {
298 $forum_auth_action[$forum_id] = 'insert';
299 }
300 else
301 {
302 $forum_auth_action[$forum_id] = 'update';
303 }
304 }
305
306 for($j = 0; $j < count($forum_auth_fields); $j++)
307 {
308 $auth_field = $forum_auth_fields[$j];
309
310 if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
311 {
312 if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
313 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) ||
314 ( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) ||
315 !empty($update_mod_status[$forum_id])
316 rizwank 1.1 )
317 {
318 $update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field];
319
320 if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
321 {
322 $forum_auth_action[$forum_id] = 'delete';
323 }
324 else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
325 {
326 $forum_auth_action[$forum_id] = 'insert';
327 }
328 else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) )
329 {
330 $forum_auth_action[$forum_id] = 'update';
331 }
332 }
333 else if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
334 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' )
335 {
336 $forum_auth_action[$forum_id] = 'update';
337 rizwank 1.1 }
338 }
339 }
340 }
341
342 //
343 // Checks complete, make updates to DB
344 //
345 $delete_sql = '';
346 while( list($forum_id, $action) = @each($forum_auth_action) )
347 {
348 if ( $action == 'delete' )
349 {
350 $delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
351 }
352 else
353 {
354 if ( $action == 'insert' )
355 {
356 $sql_field = '';
357 $sql_value = '';
358 rizwank 1.1 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
359 {
360 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
361 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
362 }
363 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
364 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
365
366 $sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field)
367 VALUES ($forum_id, $group_id, $sql_value)";
368 }
369 else
370 {
371 $sql_values = '';
372 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
373 {
374 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
375 }
376 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
377
378 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
379 rizwank 1.1 SET $sql_values
380 WHERE group_id = $group_id
381 AND forum_id = $forum_id";
382 }
383 if( !($result = $db->sql_query($sql)) )
384 {
385 message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql);
386 }
387 }
388 }
389
390 if ( $delete_sql != '' )
391 {
392 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
393 WHERE group_id = $group_id
394 AND forum_id IN ($delete_sql)";
395 if( !($result = $db->sql_query($sql)) )
396 {
397 message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql);
398 }
399 }
400 rizwank 1.1
401 $l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth'];
402 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
403 }
404
405 //
406 // Update user level to mod for appropriate users
407 //
408 $sql = "SELECT u.user_id
409 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
410 WHERE ug.group_id = aa.group_id
411 AND u.user_id = ug.user_id
412 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
413 GROUP BY u.user_id
414 HAVING SUM(aa.auth_mod) > 0";
415 if ( !($result = $db->sql_query($sql)) )
416 {
417 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
418 }
419
420 $set_mod = '';
421 rizwank 1.1 while( $row = $db->sql_fetchrow($result) )
422 {
423 $set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id'];
424 }
425 $db->sql_freeresult($result);
426
427 //
428 // Update user level to user for appropriate users
429 //
430 switch ( SQL_LAYER )
431 {
432 case 'postgresql':
433 $sql = "SELECT u.user_id
434 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
435 WHERE ug.user_id = u.user_id
436 AND aa.group_id = ug.group_id
437 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
438 GROUP BY u.user_id
439 HAVING SUM(aa.auth_mod) = 0
440 UNION (
441 SELECT u.user_id
442 rizwank 1.1 FROM " . USERS_TABLE . " u
443 WHERE NOT EXISTS (
444 SELECT aa.auth_mod
445 FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
446 WHERE ug.user_id = u.user_id
447 AND aa.group_id = ug.group_id
448 )
449 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
450 GROUP BY u.user_id
451 )";
452 break;
453 case 'oracle':
454 $sql = "SELECT u.user_id
455 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
456 WHERE ug.user_id = u.user_id(+)
457 AND aa.group_id = ug.group_id(+)
458 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
459 GROUP BY u.user_id
460 HAVING SUM(aa.auth_mod) = 0";
461 break;
462 default:
463 rizwank 1.1 $sql = "SELECT u.user_id
464 FROM ( ( " . USERS_TABLE . " u
465 LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id )
466 LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id )
467 WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
468 GROUP BY u.user_id
469 HAVING SUM(aa.auth_mod) = 0";
470 break;
471 }
472 if ( !($result = $db->sql_query($sql)) )
473 {
474 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
475 }
476
477 $unset_mod = "";
478 while( $row = $db->sql_fetchrow($result) )
479 {
480 $unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id'];
481 }
482 $db->sql_freeresult($result);
483
484 rizwank 1.1 if ( $set_mod != '' )
485 {
486 $sql = "UPDATE " . USERS_TABLE . "
487 SET user_level = " . MOD . "
488 WHERE user_id IN ($set_mod)";
489 if( !($result = $db->sql_query($sql)) )
490 {
491 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
492 }
493 }
494
495 if ( $unset_mod != '' )
496 {
497 $sql = "UPDATE " . USERS_TABLE . "
498 SET user_level = " . USER . "
499 WHERE user_id IN ($unset_mod)";
500 if( !($result = $db->sql_query($sql)) )
501 {
502 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
503 }
504 }
505 rizwank 1.1
506 message_die(GENERAL_MESSAGE, $message);
507 }
508 }
509 else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) )
510 {
511 if ( isset($HTTP_POST_VARS['username']) )
512 {
513 $this_userdata = get_userdata($HTTP_POST_VARS['username']);
514 if ( !is_array($this_userdata) )
515 {
516 message_die(GENERAL_MESSAGE, $lang['No_such_user']);
517 }
518 $user_id = $this_userdata['user_id'];
519 }
520
521 //
522 // Front end
523 //
524 $sql = "SELECT *
525 FROM " . FORUMS_TABLE . " f
526 rizwank 1.1 ORDER BY forum_order";
527 if ( !($result = $db->sql_query($sql)) )
528 {
529 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
530 }
531
532 $forum_access = array();
533 while( $row = $db->sql_fetchrow($result) )
534 {
535 $forum_access[] = $row;
536 }
537 $db->sql_freeresult($result);
538
539 if( empty($adv) )
540 {
541 for($i = 0; $i < count($forum_access); $i++)
542 {
543 $forum_id = $forum_access[$i]['forum_id'];
544
545 $forum_auth_level[$forum_id] = AUTH_ALL;
546
547 rizwank 1.1 for($j = 0; $j < count($forum_auth_fields); $j++)
548 {
549 $forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
550 if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
551 {
552 $forum_auth_level[$forum_id] = AUTH_ACL;
553 $forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
554 }
555 }
556 }
557 }
558
559 $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
560 $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
561 if ( !($result = $db->sql_query($sql)) )
562 {
563 message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql);
564 }
565 $ug_info = array();
566 while( $row = $db->sql_fetchrow($result) )
567 {
568 rizwank 1.1 $ug_info[] = $row;
569 }
570 $db->sql_freeresult($result);
571
572 $sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
573 if ( !($result = $db->sql_query($sql)) )
574 {
575 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
576 }
577
578 $auth_access = array();
579 $auth_access_count = array();
580 while( $row = $db->sql_fetchrow($result) )
581 {
582 $auth_access[$row['forum_id']][] = $row;
583 $auth_access_count[$row['forum_id']]++;
584 }
585 $db->sql_freeresult($result);
586
587 $is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0;
588
589 rizwank 1.1 for($i = 0; $i < count($forum_access); $i++)
590 {
591 $forum_id = $forum_access[$i]['forum_id'];
592
593 unset($prev_acl_setting);
594 for($j = 0; $j < count($forum_auth_fields); $j++)
595 {
596 $key = $forum_auth_fields[$j];
597 $value = $forum_access[$i][$key];
598
599 switch( $value )
600 {
601 case AUTH_ALL:
602 case AUTH_REG:
603 $auth_ug[$forum_id][$key] = 1;
604 break;
605
606 case AUTH_ACL:
607 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
608 $auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
609
610 rizwank 1.1 if ( isset($prev_acl_setting) )
611 {
612 if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
613 {
614 $adv = 1;
615 }
616 }
617
618 $prev_acl_setting = $auth_ug[$forum_id][$key];
619
620 break;
621
622 case AUTH_MOD:
623 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
624 break;
625
626 case AUTH_ADMIN:
627 $auth_ug[$forum_id][$key] = $is_admin;
628 break;
629
630 default:
631 rizwank 1.1 $auth_ug[$forum_id][$key] = 0;
632 break;
633 }
634 }
635
636 //
637 // Is user a moderator?
638 //
639 $auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
640 }
641
642 $i = 0;
643 @reset($auth_ug);
644 while( list($forum_id, $user_ary) = @each($auth_ug) )
645 {
646 if ( empty($adv) )
647 {
648 if ( $forum_auth_level[$forum_id] == AUTH_ACL )
649 {
650 $allowed = 1;
651
652 rizwank 1.1 for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
653 {
654 if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
655 {
656 $allowed = 0;
657 }
658 }
659
660 $optionlist_acl = '<select name="private[' . $forum_id . ']">';
661
662 if ( $is_admin || $user_ary['auth_mod'] )
663 {
664 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>';
665 }
666 else if ( $allowed )
667 {
668 $optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>';
669 }
670 else
671 {
672 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>';
673 rizwank 1.1 }
674
675 $optionlist_acl .= '</select>';
676 }
677 else
678 {
679 $optionlist_acl = ' ';
680 }
681 }
682 else
683 {
684 for($j = 0; $j < count($forum_access); $j++)
685 {
686 if ( $forum_access[$j]['forum_id'] == $forum_id )
687 {
688 for($k = 0; $k < count($forum_auth_fields); $k++)
689 {
690 $field_name = $forum_auth_fields[$k];
691
692 if( $forum_access[$j][$field_name] == AUTH_ACL )
693 {
694 rizwank 1.1 $optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
695
696 if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) )
697 {
698 if( !$auth_field_acl[$forum_id][$field_name] )
699 {
700 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
701 }
702 else
703 {
704 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>';
705 }
706 }
707 else
708 {
709 if( $is_admin || $user_ary['auth_mod'] )
710 {
711 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>';
712 }
713 else
714 {
715 rizwank 1.1 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
716 }
717 }
718
719 $optionlist_acl_adv[$forum_id][$k] .= '</select>';
720
721 }
722 }
723 }
724 }
725 }
726
727 $optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
728 $optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>';
729 $optionlist_mod .= '</select>';
730
731 $row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1';
732 $row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2'];
733
734 $template->assign_block_vars('forums', array(
735 'ROW_COLOR' => '#' . $row_color,
736 rizwank 1.1 'ROW_CLASS' => $row_class,
737 'FORUM_NAME' => $forum_access[$i]['forum_name'],
738
739 'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
740
741 'S_MOD_SELECT' => $optionlist_mod)
742 );
743
744 if( !$adv )
745 {
746 $template->assign_block_vars('forums.aclvalues', array(
747 'S_ACL_SELECT' => $optionlist_acl)
748 );
749 }
750 else
751 {
752 for($j = 0; $j < count($forum_auth_fields); $j++)
753 {
754 $template->assign_block_vars('forums.aclvalues', array(
755 'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j])
756 );
757 rizwank 1.1 }
758 }
759
760 $i++;
761 }
762 @reset($auth_user);
763
764 if ( $mode == 'user' )
765 {
766 $t_username = $ug_info[0]['username'];
767 $s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>';
768 }
769 else
770 {
771 $t_groupname = $ug_info[0]['group_name'];
772 }
773
774 $name = array();
775 $id = array();
776 for($i = 0; $i < count($ug_info); $i++)
777 {
778 rizwank 1.1 if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' )
779 {
780 $name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username'];
781 $id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']);
782 }
783 }
784
785 if( count($name) )
786 {
787 $t_usergroup_list = '';
788 for($i = 0; $i < count($ug_info); $i++)
789 {
790 $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
791
792 $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
793 }
794 }
795 else
796 {
797 $t_usergroup_list = $lang['None'];
798 }
799 rizwank 1.1
800 $s_column_span = 2; // Two columns always present
801 if( !$adv )
802 {
803 $template->assign_block_vars('acltype', array(
804 'L_UG_ACL_TYPE' => $lang['Simple_Permission'])
805 );
806 $s_column_span++;
807 }
808 else
809 {
810 for($i = 0; $i < count($forum_auth_fields); $i++)
811 {
812 $cell_title = $field_names[$forum_auth_fields[$i]];
813
814 $template->assign_block_vars('acltype', array(
815 'L_UG_ACL_TYPE' => $cell_title)
816 );
817 $s_column_span++;
818 }
819 }
820 rizwank 1.1
821 //
822 // Dump in the page header ...
823 //
824 include('./page_header_admin.'.$phpEx);
825
826 $template->set_filenames(array(
827 "body" => 'admin/auth_ug_body.tpl')
828 );
829
830 $adv_switch = ( empty($adv) ) ? 1 : 0;
831 $u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
832 $switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch");
833 $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
834 $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
835
836 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
837 $s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
838
839 if ( $mode == 'user' )
840 {
841 rizwank 1.1 $template->assign_block_vars('switch_user_auth', array());
842
843 $template->assign_vars(array(
844 'USERNAME' => $t_username,
845 'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type,
846 'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list)
847 );
848 }
849 else
850 {
851 $template->assign_block_vars("switch_group_auth", array());
852
853 $template->assign_vars(array(
854 'USERNAME' => $t_groupname,
855 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list)
856 );
857 }
858
859 $template->assign_vars(array(
860 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
861
862 rizwank 1.1 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
863 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
864 'L_MODERATOR_STATUS' => $lang['Moderator_status'],
865 'L_PERMISSIONS' => $lang['Permissions'],
866 'L_SUBMIT' => $lang['Submit'],
867 'L_RESET' => $lang['Reset'],
868 'L_FORUM' => $lang['Forum'],
869
870 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
871 'U_SWITCH_MODE' => $u_switch_mode,
872
873 'S_COLUMN_SPAN' => $s_column_span,
874 'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"),
875 'S_HIDDEN_FIELDS' => $s_hidden_fields)
876 );
877 }
878 else
879 {
880 //
881 // Select a user/group
882 //
883 rizwank 1.1 include('./page_header_admin.'.$phpEx);
884
885 $template->set_filenames(array(
886 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
887 );
888
889 if ( $mode == 'user' )
890 {
891 $template->assign_vars(array(
892 'L_FIND_USERNAME' => $lang['Find_username'],
893
894 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
895 );
896 }
897 else
898 {
899 $sql = "SELECT group_id, group_name
900 FROM " . GROUPS_TABLE . "
901 WHERE group_single_user <> " . TRUE;
902 if ( !($result = $db->sql_query($sql)) )
903 {
904 rizwank 1.1 message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql);
905 }
906
907 if ( $row = $db->sql_fetchrow($result) )
908 {
909 $select_list = '<select name="' . POST_GROUPS_URL . '">';
910 do
911 {
912 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
913 }
914 while ( $row = $db->sql_fetchrow($result) );
915 $select_list .= '</select>';
916 }
917
918 $template->assign_vars(array(
919 'S_AUTH_SELECT' => $select_list)
920 );
921 }
922
923 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
924
925 rizwank 1.1 $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
926
927 $template->assign_vars(array(
928 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
929 'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
930 'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'],
931 'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'],
932
933 'S_HIDDEN_FIELDS' => $s_hidden_fields,
934 'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
935 );
936
937 }
938
939 $template->pparse('body');
940
941 include('./page_footer_admin.'.$phpEx);
942
943 ?>
|
Return to
admin_ug_auth.php
CVS log
Up to [RizwankCVS] / geekymedia_web / phpBB2 / admin