Verzeichnisstruktur phpBB-2.0.0
- Veröffentlicht
- 03.04.2002
So funktioniert es
|
Auf das letzte Element klicken. Dies geht jeweils ein Schritt zurück |
Auf das Icon klicken, dies öffnet das Verzeichnis. Nochmal klicken schließt das Verzeichnis. |
|
(Beispiel Datei-Icons)
|
Auf das Icon klicken um den Quellcode anzuzeigen |
admin_ug_auth.php
0001 <?php
0002 /***************************************************************************
0003 * admin_ug_auth.php
0004 * -------------------
0005 * begin : Saturday, Feb 13, 2001
0006 * copyright : (C) 2001 The phpBB Group
0007 * email : support@phpbb.com
0008 *
0009 * $Id$
0010 *
0011 *
0012 ***************************************************************************/
0013
0014 /***************************************************************************
0015 *
0016 * This program is free software; you can redistribute it and/or modify
0017 * it under the terms of the GNU General Public License as published by
0018 * the Free Software Foundation; either version 2 of the License, or
0019 * (at your option) any later version.
0020 *
0021 ***************************************************************************/
0022
0023 define('IN_PHPBB', 1);
0024
0025 if( !empty($setmodules) )
0026 {
0027 $filename = basename(__FILE__);
0028 $module['Users']['Permissions'] = $filename . "?mode=user";
0029 $module['Groups']['Permissions'] = $filename . "?mode=group";
0030
0031 return;
0032 }
0033
0034 //
0035 // Load default header
0036 //
0037 $no_page_header = TRUE;
0038
0039 $phpbb_root_path = "./../";
0040 require($phpbb_root_path . 'extension.inc');
0041 require('./pagestart.' . $phpEx);
0042
0043 $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
0044
0045 while( list($var, $param) = @each($params) )
0046 {
0047 if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
0048 {
0049 $$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
0050 }
0051 else
0052 {
0053 $$var = "";
0054 }
0055 }
0056
0057 $user_id = intval($user_id);
0058 $group_id = intval($group_id);
0059 $adv = intval($adv);
0060 $mode = htmlspecialchars($mode);
0061
0062 //
0063 // Start program - define vars
0064 //
0065 $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
0066
0067 $auth_field_match = array(
0068 'auth_view' => AUTH_VIEW,
0069 'auth_read' => AUTH_READ,
0070 'auth_post' => AUTH_POST,
0071 'auth_reply' => AUTH_REPLY,
0072 'auth_edit' => AUTH_EDIT,
0073 'auth_delete' => AUTH_DELETE,
0074 'auth_sticky' => AUTH_STICKY,
0075 'auth_announce' => AUTH_ANNOUNCE,
0076 'auth_vote' => AUTH_VOTE,
0077 'auth_pollcreate' => AUTH_POLLCREATE);
0078
0079 $field_names = array(
0080 'auth_view' => $lang['View'],
0081 'auth_read' => $lang['Read'],
0082 'auth_post' => $lang['Post'],
0083 'auth_reply' => $lang['Reply'],
0084 'auth_edit' => $lang['Edit'],
0085 'auth_delete' => $lang['Delete'],
0086 'auth_sticky' => $lang['Sticky'],
0087 'auth_announce' => $lang['Announce'],
0088 'auth_vote' => $lang['Vote'],
0089 'auth_pollcreate' => $lang['Pollcreate']);
0090
0091 // ---------------
0092 // Start Functions
0093 //
0094 function check_auth($type, $key, $u_access, $is_admin)
0095 {
0096 $auth_user = 0;
0097
0098 if( count($u_access) )
0099 {
0100 for($j = 0; $j < count($u_access); $j++)
0101 {
0102 $result = 0;
0103 switch($type)
0104 {
0105 case AUTH_ACL:
0106 $result = $u_access[$j][$key];
0107
0108 case AUTH_MOD:
0109 $result = $result || $u_access[$j]['auth_mod'];
0110
0111 case AUTH_ADMIN:
0112 $result = $result || $is_admin;
0113 break;
0114 }
0115
0116 $auth_user = $auth_user || $result;
0117 }
0118 }
0119 else
0120 {
0121 $auth_user = $is_admin;
0122 }
0123
0124 return $auth_user;
0125 }
0126 //
0127 // End Functions
0128 // -------------
0129
0130 if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) )
0131 {
0132 $user_level = '';
0133 if ( $mode == 'user' )
0134 {
0135 //
0136 // Get group_id for this user_id
0137 //
0138 $sql = "SELECT g.group_id, u.user_level
0139 FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
0140 WHERE u.user_id = $user_id
0141 AND ug.user_id = u.user_id
0142 AND g.group_id = ug.group_id
0143 AND g.group_single_user = " . TRUE;
0144 if ( !($result = $db->sql_query($sql)) )
0145 {
0146 message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql);
0147 }
0148
0149 $row = $db->sql_fetchrow($result);
0150
0151 $group_id = $row['group_id'];
0152 $user_level = $row['user_level'];
0153
0154 $db->sql_freeresult($result);
0155 }
0156
0157 //
0158 // Carry out requests
0159 //
0160 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN )
0161 {
0162 //
0163 // Make user an admin (if already user)
0164 //
0165 if ( $userdata['user_id'] != $user_id )
0166 {
0167 $sql = "UPDATE " . USERS_TABLE . "
0168 SET user_level = " . ADMIN . "
0169 WHERE user_id = $user_id";
0170 if ( !($result = $db->sql_query($sql)) )
0171 {
0172 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
0173 }
0174
0175 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
0176 WHERE group_id = $group_id
0177 AND auth_mod = 0";
0178 if ( !($result = $db->sql_query($sql)) )
0179 {
0180 message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql);
0181 }
0182
0183 //
0184 // Delete any entries in auth_access, they are not required if user is becoming an
0185 // admin
0186 //
0187 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
0188 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
0189 WHERE group_id = $group_id";
0190 if ( !($result = $db->sql_query($sql)) )
0191 {
0192 message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql);
0193 }
0194 }
0195
0196 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
0197 message_die(GENERAL_MESSAGE, $message);
0198 }
0199 else
0200 {
0201 if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN )
0202 {
0203 //
0204 // Make admin a user (if already admin) ... ignore if you're trying
0205 // to change yourself from an admin to user!
0206 //
0207 if ( $userdata['user_id'] != $user_id )
0208 {
0209 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
0210 SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
0211 WHERE group_id = $group_id";
0212 if ( !($result = $db->sql_query($sql)) )
0213 {
0214 message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql);
0215 }
0216
0217 //
0218 // Update users level, reset to USER
0219 //
0220 $sql = "UPDATE " . USERS_TABLE . "
0221 SET user_level = " . USER . "
0222 WHERE user_id = $user_id";
0223 if ( !($result = $db->sql_query($sql)) )
0224 {
0225 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
0226 }
0227 }
0228
0229 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
0230 }
0231 else
0232 {
0233
0234 $change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : array();
0235
0236 if ( empty($adv) )
0237 {
0238 $sql = "SELECT f.*
0239 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
0240 WHERE f.cat_id = c.cat_id
0241 ORDER BY c.cat_order, f.forum_order ASC";
0242 if ( !($result = $db->sql_query($sql)) )
0243 {
0244 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
0245 }
0246
0247 $forum_access = $forum_auth_level_fields = array();
0248 while( $row = $db->sql_fetchrow($result) )
0249 {
0250 $forum_access[] = $row;
0251 }
0252 $db->sql_freeresult($result);
0253
0254 for($i = 0; $i < count($forum_access); $i++)
0255 {
0256 $forum_id = $forum_access[$i]['forum_id'];
0257
0258 for($j = 0; $j < count($forum_auth_fields); $j++)
0259 {
0260 $forum_auth_level_fields[$forum_id][$forum_auth_fields[$j]] = $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL;
0261 }
0262 }
0263
0264 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private']) )
0265 {
0266 while( list($auth_field, $exists) = @each($forum_auth_level_fields[$forum_id]) )
0267 {
0268 if ($exists)
0269 {
0270 $change_acl_list[$forum_id][$auth_field] = $value;
0271 }
0272 }
0273 }
0274 }
0275 else
0276 {
0277 $change_acl_list = array();
0278 for($j = 0; $j < count($forum_auth_fields); $j++)
0279 {
0280 $auth_field = $forum_auth_fields[$j];
0281
0282 while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) )
0283 {
0284 $change_acl_list[$forum_id][$auth_field] = $value;
0285 }
0286 }
0287 }
0288
0289 $sql = 'SELECT f.*
0290 FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c
0291 WHERE f.cat_id = c.cat_id
0292 ORDER BY c.cat_order, f.forum_order';
0293 if ( !($result = $db->sql_query($sql)) )
0294 {
0295 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
0296 }
0297
0298 $forum_access = array();
0299 while( $row = $db->sql_fetchrow($result) )
0300 {
0301 $forum_access[] = $row;
0302 }
0303 $db->sql_freeresult($result);
0304
0305 $sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
0306 if ( !($result = $db->sql_query($sql)) )
0307 {
0308 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
0309 }
0310
0311 $auth_access = array();
0312 while( $row = $db->sql_fetchrow($result) )
0313 {
0314 $auth_access[$row['forum_id']] = $row;
0315 }
0316 $db->sql_freeresult($result);
0317
0318 $forum_auth_action = array();
0319 $update_acl_status = array();
0320 $update_mod_status = array();
0321
0322 for($i = 0; $i < count($forum_access); $i++)
0323 {
0324 $forum_id = $forum_access[$i]['forum_id'];
0325
0326 if (
0327 ( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id] != $auth_access[$forum_id]['auth_mod'] ) ||
0328 ( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]) )
0329 )
0330 {
0331 $update_mod_status[$forum_id] = $change_mod_list[$forum_id];
0332
0333 if ( !$update_mod_status[$forum_id] )
0334 {
0335 $forum_auth_action[$forum_id] = 'delete';
0336 }
0337 else if ( !isset($auth_access[$forum_id]['auth_mod']) )
0338 {
0339 $forum_auth_action[$forum_id] = 'insert';
0340 }
0341 else
0342 {
0343 $forum_auth_action[$forum_id] = 'update';
0344 }
0345 }
0346
0347 for($j = 0; $j < count($forum_auth_fields); $j++)
0348 {
0349 $auth_field = $forum_auth_fields[$j];
0350
0351 if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
0352 {
0353 if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
0354 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) ||
0355 ( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) ||
0356 !empty($update_mod_status[$forum_id])
0357 )
0358 {
0359 $update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 : $change_acl_list[$forum_id][$auth_field];
0360
0361 if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
0362 {
0363 $forum_auth_action[$forum_id] = 'delete';
0364 }
0365 else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
0366 {
0367 $forum_auth_action[$forum_id] = 'insert';
0368 }
0369 else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) )
0370 {
0371 $forum_auth_action[$forum_id] = 'update';
0372 }
0373 }
0374 else if ( ( empty($auth_access[$forum_id]['auth_mod']) &&
0375 ( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' )
0376 {
0377 $forum_auth_action[$forum_id] = 'update';
0378 }
0379 }
0380 }
0381 }
0382
0383 //
0384 // Checks complete, make updates to DB
0385 //
0386 $delete_sql = '';
0387 while( list($forum_id, $action) = @each($forum_auth_action) )
0388 {
0389 if ( $action == 'delete' )
0390 {
0391 $delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
0392 }
0393 else
0394 {
0395 if ( $action == 'insert' )
0396 {
0397 $sql_field = '';
0398 $sql_value = '';
0399 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
0400 {
0401 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
0402 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
0403 }
0404 $sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
0405 $sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
0406
0407 $sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field)
0408 VALUES ($forum_id, $group_id, $sql_value)";
0409 }
0410 else
0411 {
0412 $sql_values = '';
0413 while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
0414 {
0415 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
0416 }
0417 $sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
0418
0419 $sql = "UPDATE " . AUTH_ACCESS_TABLE . "
0420 SET $sql_values
0421 WHERE group_id = $group_id
0422 AND forum_id = $forum_id";
0423 }
0424 if( !($result = $db->sql_query($sql)) )
0425 {
0426 message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql);
0427 }
0428 }
0429 }
0430
0431 if ( $delete_sql != '' )
0432 {
0433 $sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
0434 WHERE group_id = $group_id
0435 AND forum_id IN ($delete_sql)";
0436 if( !($result = $db->sql_query($sql)) )
0437 {
0438 message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql);
0439 }
0440 }
0441
0442 $l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth'];
0443 $message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
0444 }
0445
0446 //
0447 // Update user level to mod for appropriate users
0448 //
0449 $sql = "SELECT u.user_id
0450 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u
0451 WHERE ug.group_id = aa.group_id
0452 AND u.user_id = ug.user_id
0453 AND ug.user_pending = 0
0454 AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ")
0455 GROUP BY u.user_id
0456 HAVING SUM(aa.auth_mod) > 0";
0457 if ( !($result = $db->sql_query($sql)) )
0458 {
0459 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
0460 }
0461
0462 $set_mod = '';
0463 while( $row = $db->sql_fetchrow($result) )
0464 {
0465 $set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id'];
0466 }
0467 $db->sql_freeresult($result);
0468
0469 //
0470 // Update user level to user for appropriate users
0471 //
0472 switch ( SQL_LAYER )
0473 {
0474 case 'postgresql':
0475 $sql = "SELECT u.user_id
0476 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
0477 WHERE ug.user_id = u.user_id
0478 AND aa.group_id = ug.group_id
0479 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
0480 GROUP BY u.user_id
0481 HAVING SUM(aa.auth_mod) = 0
0482 UNION (
0483 SELECT u.user_id
0484 FROM " . USERS_TABLE . " u
0485 WHERE NOT EXISTS (
0486 SELECT aa.auth_mod
0487 FROM " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
0488 WHERE ug.user_id = u.user_id
0489 AND aa.group_id = ug.group_id
0490 )
0491 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
0492 GROUP BY u.user_id
0493 )";
0494 break;
0495 case 'oracle':
0496 $sql = "SELECT u.user_id
0497 FROM " . USERS_TABLE . " u, " . USER_GROUP_TABLE . " ug, " . AUTH_ACCESS_TABLE . " aa
0498 WHERE ug.user_id = u.user_id(+)
0499 AND aa.group_id = ug.group_id(+)
0500 AND u.user_level NOT IN (" . USER . ", " . ADMIN . ")
0501 GROUP BY u.user_id
0502 HAVING SUM(aa.auth_mod) = 0";
0503 break;
0504 default:
0505 $sql = "SELECT u.user_id
0506 FROM ( ( " . USERS_TABLE . " u
0507 LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id )
0508 LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id )
0509 WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
0510 GROUP BY u.user_id
0511 HAVING SUM(aa.auth_mod) = 0";
0512 break;
0513 }
0514 if ( !($result = $db->sql_query($sql)) )
0515 {
0516 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
0517 }
0518
0519 $unset_mod = "";
0520 while( $row = $db->sql_fetchrow($result) )
0521 {
0522 $unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id'];
0523 }
0524 $db->sql_freeresult($result);
0525
0526 if ( $set_mod != '' )
0527 {
0528 $sql = "UPDATE " . USERS_TABLE . "
0529 SET user_level = " . MOD . "
0530 WHERE user_id IN ($set_mod)";
0531 if( !($result = $db->sql_query($sql)) )
0532 {
0533 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
0534 }
0535 }
0536
0537 if ( $unset_mod != '' )
0538 {
0539 $sql = "UPDATE " . USERS_TABLE . "
0540 SET user_level = " . USER . "
0541 WHERE user_id IN ($unset_mod)";
0542 if( !($result = $db->sql_query($sql)) )
0543 {
0544 message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
0545 }
0546 }
0547
0548 $sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
0549 WHERE group_id = $group_id";
0550 $result = $db->sql_query($sql);
0551
0552 $group_user = array();
0553 while ($row = $db->sql_fetchrow($result))
0554 {
0555 $group_user[$row['user_id']] = $row['user_id'];
0556 }
0557 $db->sql_freeresult($result);
0558
0559 $sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod
0560 FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug
0561 WHERE ug.user_id IN (" . implode(', ', $group_user) . ")
0562 AND aa.group_id = ug.group_id
0563 AND aa.auth_mod = 1
0564 GROUP BY ug.user_id";
0565 if ( !($result = $db->sql_query($sql)) )
0566 {
0567 message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
0568 }
0569
0570 while ($row = $db->sql_fetchrow($result))
0571 {
0572 if ($row['is_auth_mod'])
0573 {
0574 unset($group_user[$row['user_id']]);
0575 }
0576 }
0577 $db->sql_freeresult($result);
0578
0579 if (sizeof($group_user))
0580 {
0581 $sql = "UPDATE " . USERS_TABLE . "
0582 SET user_level = " . USER . "
0583 WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
0584 if ( !($result = $db->sql_query($sql)) )
0585 {
0586 message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
0587 }
0588 }
0589
0590 message_die(GENERAL_MESSAGE, $message);
0591 }
0592 }
0593 else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) )
0594 {
0595 if ( isset($HTTP_POST_VARS['username']) )
0596 {
0597 $this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
0598 if ( !is_array($this_userdata) )
0599 {
0600 message_die(GENERAL_MESSAGE, $lang['No_such_user']);
0601 }
0602 $user_id = $this_userdata['user_id'];
0603 }
0604
0605 //
0606 // Front end
0607 //
0608 $sql = "SELECT f.*
0609 FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
0610 WHERE f.cat_id = c.cat_id
0611 ORDER BY c.cat_order, f.forum_order ASC";
0612 if ( !($result = $db->sql_query($sql)) )
0613 {
0614 message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
0615 }
0616
0617 $forum_access = array();
0618 while( $row = $db->sql_fetchrow($result) )
0619 {
0620 $forum_access[] = $row;
0621 }
0622 $db->sql_freeresult($result);
0623
0624 if( empty($adv) )
0625 {
0626 for($i = 0; $i < count($forum_access); $i++)
0627 {
0628 $forum_id = $forum_access[$i]['forum_id'];
0629
0630 $forum_auth_level[$forum_id] = AUTH_ALL;
0631
0632 for($j = 0; $j < count($forum_auth_fields); $j++)
0633 {
0634 $forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
0635 if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
0636 {
0637 $forum_auth_level[$forum_id] = AUTH_ACL;
0638 $forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
0639 }
0640 }
0641 }
0642 }
0643
0644 $sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
0645 $sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
0646 if ( !($result = $db->sql_query($sql)) )
0647 {
0648 message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql);
0649 }
0650 $ug_info = array();
0651 while( $row = $db->sql_fetchrow($result) )
0652 {
0653 $ug_info[] = $row;
0654 }
0655 $db->sql_freeresult($result);
0656
0657 $sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
0658 if ( !($result = $db->sql_query($sql)) )
0659 {
0660 message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
0661 }
0662
0663 $auth_access = array();
0664 $auth_access_count = array();
0665 while( $row = $db->sql_fetchrow($result) )
0666 {
0667 $auth_access[$row['forum_id']][] = $row;
0668 $auth_access_count[$row['forum_id']]++;
0669 }
0670 $db->sql_freeresult($result);
0671
0672 $is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0;
0673
0674 for($i = 0; $i < count($forum_access); $i++)
0675 {
0676 $forum_id = $forum_access[$i]['forum_id'];
0677
0678 unset($prev_acl_setting);
0679 for($j = 0; $j < count($forum_auth_fields); $j++)
0680 {
0681 $key = $forum_auth_fields[$j];
0682 $value = $forum_access[$i][$key];
0683
0684 switch( $value )
0685 {
0686 case AUTH_ALL:
0687 case AUTH_REG:
0688 $auth_ug[$forum_id][$key] = 1;
0689 break;
0690
0691 case AUTH_ACL:
0692 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
0693 $auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
0694
0695 if ( isset($prev_acl_setting) )
0696 {
0697 if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
0698 {
0699 $adv = 1;
0700 }
0701 }
0702
0703 $prev_acl_setting = $auth_ug[$forum_id][$key];
0704
0705 break;
0706
0707 case AUTH_MOD:
0708 $auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
0709 break;
0710
0711 case AUTH_ADMIN:
0712 $auth_ug[$forum_id][$key] = $is_admin;
0713 break;
0714
0715 default:
0716 $auth_ug[$forum_id][$key] = 0;
0717 break;
0718 }
0719 }
0720
0721 //
0722 // Is user a moderator?
0723 //
0724 $auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
0725 }
0726
0727 $i = 0;
0728 @reset($auth_ug);
0729 while( list($forum_id, $user_ary) = @each($auth_ug) )
0730 {
0731 if ( empty($adv) )
0732 {
0733 if ( $forum_auth_level[$forum_id] == AUTH_ACL )
0734 {
0735 $allowed = 1;
0736
0737 for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
0738 {
0739 if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
0740 {
0741 $allowed = 0;
0742 }
0743 }
0744
0745 $optionlist_acl = '<select name="private[' . $forum_id . ']">';
0746
0747 if ( $is_admin || $user_ary['auth_mod'] )
0748 {
0749 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>';
0750 }
0751 else if ( $allowed )
0752 {
0753 $optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>';
0754 }
0755 else
0756 {
0757 $optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>';
0758 }
0759
0760 $optionlist_acl .= '</select>';
0761 }
0762 else
0763 {
0764 $optionlist_acl = ' ';
0765 }
0766 }
0767 else
0768 {
0769 for($j = 0; $j < count($forum_access); $j++)
0770 {
0771 if ( $forum_access[$j]['forum_id'] == $forum_id )
0772 {
0773 for($k = 0; $k < count($forum_auth_fields); $k++)
0774 {
0775 $field_name = $forum_auth_fields[$k];
0776
0777 if( $forum_access[$j][$field_name] == AUTH_ACL )
0778 {
0779 $optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
0780
0781 if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) )
0782 {
0783 if( !$auth_field_acl[$forum_id][$field_name] )
0784 {
0785 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
0786 }
0787 else
0788 {
0789 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>';
0790 }
0791 }
0792 else
0793 {
0794 if( $is_admin || $user_ary['auth_mod'] )
0795 {
0796 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>';
0797 }
0798 else
0799 {
0800 $optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
0801 }
0802 }
0803
0804 $optionlist_acl_adv[$forum_id][$k] .= '</select>';
0805
0806 }
0807 }
0808 }
0809 }
0810 }
0811
0812 $optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
0813 $optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>';
0814 $optionlist_mod .= '</select>';
0815
0816 $row_class = ( !( $i % 2 ) ) ? 'row2' : 'row1';
0817 $row_color = ( !( $i % 2 ) ) ? $theme['td_color1'] : $theme['td_color2'];
0818
0819 $template->assign_block_vars('forums', array(
0820 'ROW_COLOR' => '#' . $row_color,
0821 'ROW_CLASS' => $row_class,
0822 'FORUM_NAME' => $forum_access[$i]['forum_name'],
0823
0824 'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
0825
0826 'S_MOD_SELECT' => $optionlist_mod)
0827 );
0828
0829 if( !$adv )
0830 {
0831 $template->assign_block_vars('forums.aclvalues', array(
0832 'S_ACL_SELECT' => $optionlist_acl)
0833 );
0834 }
0835 else
0836 {
0837 for($j = 0; $j < count($forum_auth_fields); $j++)
0838 {
0839 $template->assign_block_vars('forums.aclvalues', array(
0840 'S_ACL_SELECT' => $optionlist_acl_adv[$forum_id][$j])
0841 );
0842 }
0843 }
0844
0845 $i++;
0846 }
0847 // @reset($auth_user);
0848
0849 if ( $mode == 'user' )
0850 {
0851 $t_username = $ug_info[0]['username'];
0852 $s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>';
0853 }
0854 else
0855 {
0856 $t_groupname = $ug_info[0]['group_name'];
0857 }
0858
0859 $name = array();
0860 $id = array();
0861 for($i = 0; $i < count($ug_info); $i++)
0862 {
0863 if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' )
0864 {
0865 $name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] : $ug_info[$i]['username'];
0866 $id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']);
0867 }
0868 }
0869
0870 $t_usergroup_list = $t_pending_list = '';
0871 if( count($name) )
0872 {
0873 for($i = 0; $i < count($ug_info); $i++)
0874 {
0875 $ug = ( $mode == 'user' ) ? 'group&' . POST_GROUPS_URL : 'user&' . POST_USERS_URL;
0876
0877 if (!$ug_info[$i]['user_pending'])
0878 {
0879 $t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
0880 }
0881 else
0882 {
0883 $t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
0884 }
0885 }
0886 }
0887
0888 $t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list;
0889 $t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list;
0890
0891 $s_column_span = 2; // Two columns always present
0892 if( !$adv )
0893 {
0894 $template->assign_block_vars('acltype', array(
0895 'L_UG_ACL_TYPE' => $lang['Simple_Permission'])
0896 );
0897 $s_column_span++;
0898 }
0899 else
0900 {
0901 for($i = 0; $i < count($forum_auth_fields); $i++)
0902 {
0903 $cell_title = $field_names[$forum_auth_fields[$i]];
0904
0905 $template->assign_block_vars('acltype', array(
0906 'L_UG_ACL_TYPE' => $cell_title)
0907 );
0908 $s_column_span++;
0909 }
0910 }
0911
0912 //
0913 // Dump in the page header ...
0914 //
0915 include('./page_header_admin.'.$phpEx);
0916
0917 $template->set_filenames(array(
0918 "body" => 'admin/auth_ug_body.tpl')
0919 );
0920
0921 $adv_switch = ( empty($adv) ) ? 1 : 0;
0922 $u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
0923 $switch_mode = append_sid("admin_ug_auth.$phpEx?mode=$mode&" . $u_ug_switch . "&adv=$adv_switch");
0924 $switch_mode_text = ( empty($adv) ) ? $lang['Advanced_mode'] : $lang['Simple_mode'];
0925 $u_switch_mode = '<a href="' . $switch_mode . '">' . $switch_mode_text . '</a>';
0926
0927 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
0928 $s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
0929
0930 if ( $mode == 'user' )
0931 {
0932 $template->assign_block_vars('switch_user_auth', array());
0933
0934 $template->assign_vars(array(
0935 'USERNAME' => $t_username,
0936 'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type,
0937 'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list)
0938 );
0939 }
0940 else
0941 {
0942 $template->assign_block_vars("switch_group_auth", array());
0943
0944 $template->assign_vars(array(
0945 'USERNAME' => $t_groupname,
0946 'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list)
0947 );
0948 }
0949
0950 $template->assign_vars(array(
0951 'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
0952
0953 'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
0954 'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
0955 'L_MODERATOR_STATUS' => $lang['Moderator_status'],
0956 'L_PERMISSIONS' => $lang['Permissions'],
0957 'L_SUBMIT' => $lang['Submit'],
0958 'L_RESET' => $lang['Reset'],
0959 'L_FORUM' => $lang['Forum'],
0960
0961 'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
0962 'U_SWITCH_MODE' => $u_switch_mode,
0963
0964 'S_COLUMN_SPAN' => $s_column_span,
0965 'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"),
0966 'S_HIDDEN_FIELDS' => $s_hidden_fields)
0967 );
0968 }
0969 else
0970 {
0971 //
0972 // Select a user/group
0973 //
0974 include('./page_header_admin.'.$phpEx);
0975
0976 $template->set_filenames(array(
0977 'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
0978 );
0979
0980 if ( $mode == 'user' )
0981 {
0982 $template->assign_vars(array(
0983 'L_FIND_USERNAME' => $lang['Find_username'],
0984
0985 'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
0986 );
0987 }
0988 else
0989 {
0990 $sql = "SELECT group_id, group_name
0991 FROM " . GROUPS_TABLE . "
0992 WHERE group_single_user <> " . TRUE;
0993 if ( !($result = $db->sql_query($sql)) )
0994 {
0995 message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql);
0996 }
0997
0998 if ( $row = $db->sql_fetchrow($result) )
0999 {
1000 $select_list = '<select name="' . POST_GROUPS_URL . '">';
1001 do
1002 {
1003 $select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
1004 }
1005 while ( $row = $db->sql_fetchrow($result) );
1006 $select_list .= '</select>';
1007 }
1008
1009 $template->assign_vars(array(
1010 'S_AUTH_SELECT' => $select_list)
1011 );
1012 }
1013
1014 $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
1015
1016 $l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
1017
1018 $template->assign_vars(array(
1019 'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
1020 'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
1021 'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'],
1022 'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'],
1023
1024 'S_HIDDEN_FIELDS' => $s_hidden_fields,
1025 'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
1026 );
1027
1028 }
1029
1030 $template->pparse('body');
1031
1032 include('./page_footer_admin.'.$phpEx);
1033
1034 ?>