Rev Author Line No. Line
130 kaklik 1 <?php
2 /***************************************************************************
3 * auth.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: auth.php,v 1.37.2.7 2006/03/06 17:28:51 grahamje Exp $
10 *
11 *
12 ***************************************************************************/
13  
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22  
23 /*
24 $type's accepted (pre-pend with AUTH_):
25 VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE
26  
27 Possible options ($type/forum_id combinations):
28  
29 * If you include a type and forum_id then a specific lookup will be done and
30 the single result returned
31  
32 * If you set type to AUTH_ALL and specify a forum_id an array of all auth types
33 will be returned
34  
35 * If you provide a forum_id a specific lookup on that forum will be done
36  
37 * If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the
38 results for all forums will be returned
39  
40 * If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional
41 array containing the auth permissions for all types and all forums for that
42 user is returned
43  
44 All results are returned as associative arrays, even when a single auth type is
45 specified.
46  
47 If available you can send an array (either one or two dimensional) containing the
48 forum auth levels, this will prevent the auth function having to do its own
49 lookup
50 */
51 function auth($type, $forum_id, $userdata, $f_access = '')
52 {
53 global $db, $lang;
54  
55 switch( $type )
56 {
57 case AUTH_ALL:
58 $a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate';
59 $auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
60 break;
61  
62 case AUTH_VIEW:
63 $a_sql = 'a.auth_view';
64 $auth_fields = array('auth_view');
65 break;
66  
67 case AUTH_READ:
68 $a_sql = 'a.auth_read';
69 $auth_fields = array('auth_read');
70 break;
71 case AUTH_POST:
72 $a_sql = 'a.auth_post';
73 $auth_fields = array('auth_post');
74 break;
75 case AUTH_REPLY:
76 $a_sql = 'a.auth_reply';
77 $auth_fields = array('auth_reply');
78 break;
79 case AUTH_EDIT:
80 $a_sql = 'a.auth_edit';
81 $auth_fields = array('auth_edit');
82 break;
83 case AUTH_DELETE:
84 $a_sql = 'a.auth_delete';
85 $auth_fields = array('auth_delete');
86 break;
87  
88 case AUTH_ANNOUNCE:
89 $a_sql = 'a.auth_announce';
90 $auth_fields = array('auth_announce');
91 break;
92 case AUTH_STICKY:
93 $a_sql = 'a.auth_sticky';
94 $auth_fields = array('auth_sticky');
95 break;
96  
97 case AUTH_POLLCREATE:
98 $a_sql = 'a.auth_pollcreate';
99 $auth_fields = array('auth_pollcreate');
100 break;
101 case AUTH_VOTE:
102 $a_sql = 'a.auth_vote';
103 $auth_fields = array('auth_vote');
104 break;
105 case AUTH_ATTACH:
106 break;
107  
108 default:
109 break;
110 }
111  
112 //
113 // If f_access has been passed, or auth is needed to return an array of forums
114 // then we need to pull the auth information on the given forum (or all forums)
115 //
116 if ( empty($f_access) )
117 {
118 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : '';
119  
120 $sql = "SELECT a.forum_id, $a_sql
121 FROM " . FORUMS_TABLE . " a
122 $forum_match_sql";
123 if ( !($result = $db->sql_query($sql)) )
124 {
125 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
126 }
127  
128 $sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset';
129  
130 if ( !($f_access = $db->$sql_fetchrow($result)) )
131 {
132 $db->sql_freeresult($result);
133 return array();
134 }
135 $db->sql_freeresult($result);
136 }
137  
138 //
139 // If the user isn't logged on then all we need do is check if the forum
140 // has the type set to ALL, if yes they are good to go, if not then they
141 // are denied access
142 //
143 $u_access = array();
144 if ( $userdata['session_logged_in'] )
145 {
146 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : '';
147  
148 $sql = "SELECT a.forum_id, $a_sql, a.auth_mod
149 FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug
150 WHERE ug.user_id = ".$userdata['user_id']. "
151 AND ug.user_pending = 0
152 AND a.group_id = ug.group_id
153 $forum_match_sql";
154 if ( !($result = $db->sql_query($sql)) )
155 {
156 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql);
157 }
158  
159 if ( $row = $db->sql_fetchrow($result) )
160 {
161 do
162 {
163 if ( $forum_id != AUTH_LIST_ALL)
164 {
165 $u_access[] = $row;
166 }
167 else
168 {
169 $u_access[$row['forum_id']][] = $row;
170 }
171 }
172 while( $row = $db->sql_fetchrow($result) );
173 }
174 $db->sql_freeresult($result);
175 }
176  
177 $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0;
178  
179 $auth_user = array();
180 for($i = 0; $i < count($auth_fields); $i++)
181 {
182 $key = $auth_fields[$i];
183  
184 //
185 // If the user is logged on and the forum type is either ALL or REG then the user has access
186 //
187 // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions
188 // to do whatever it is they want to do ... to do this we pull relevant information for the
189 // user (and any groups they belong to)
190 //
191 // Now we compare the users access level against the forums. We assume here that a moderator
192 // and admin automatically have access to an ACL forum, similarly we assume admins meet an
193 // auth requirement of MOD
194 //
195 if ( $forum_id != AUTH_LIST_ALL )
196 {
197 $value = $f_access[$key];
198  
199 switch( $value )
200 {
201 case AUTH_ALL:
202 $auth_user[$key] = TRUE;
203 $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users'];
204 break;
205  
206 case AUTH_REG:
207 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
208 $auth_user[$key . '_type'] = $lang['Auth_Registered_Users'];
209 break;
210  
211 case AUTH_ACL:
212 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0;
213 $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access'];
214 break;
215  
216 case AUTH_MOD:
217 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
218 $auth_user[$key . '_type'] = $lang['Auth_Moderators'];
219 break;
220  
221 case AUTH_ADMIN:
222 $auth_user[$key] = $is_admin;
223 $auth_user[$key . '_type'] = $lang['Auth_Administrators'];
224 break;
225  
226 default:
227 $auth_user[$key] = 0;
228 break;
229 }
230 }
231 else
232 {
233 for($k = 0; $k < count($f_access); $k++)
234 {
235 $value = $f_access[$k][$key];
236 $f_forum_id = $f_access[$k]['forum_id'];
237 $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
238  
239 switch( $value )
240 {
241 case AUTH_ALL:
242 $auth_user[$f_forum_id][$key] = TRUE;
243 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users'];
244 break;
245  
246 case AUTH_REG:
247 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0;
248 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users'];
249 break;
250  
251 case AUTH_ACL:
252 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0;
253 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access'];
254 break;
255  
256 case AUTH_MOD:
257 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
258 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators'];
259 break;
260  
261 case AUTH_ADMIN:
262 $auth_user[$f_forum_id][$key] = $is_admin;
263 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators'];
264 break;
265  
266 default:
267 $auth_user[$f_forum_id][$key] = 0;
268 break;
269 }
270 }
271 }
272 }
273  
274 //
275 // Is user a moderator?
276 //
277 if ( $forum_id != AUTH_LIST_ALL )
278 {
279 $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0;
280 }
281 else
282 {
283 for($k = 0; $k < count($f_access); $k++)
284 {
285 $f_forum_id = $f_access[$k]['forum_id'];
286 $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array();
287  
288 $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0;
289 }
290 }
291  
292 return $auth_user;
293 }
294  
295 function auth_check_user($type, $key, $u_access, $is_admin)
296 {
297 $auth_user = 0;
298  
299 if ( count($u_access) )
300 {
301 for($j = 0; $j < count($u_access); $j++)
302 {
303 $result = 0;
304 switch($type)
305 {
306 case AUTH_ACL:
307 $result = $u_access[$j][$key];
308  
309 case AUTH_MOD:
310 $result = $result || $u_access[$j]['auth_mod'];
311  
312 case AUTH_ADMIN:
313 $result = $result || $is_admin;
314 break;
315 }
316  
317 $auth_user = $auth_user || $result;
318 }
319 }
320 else
321 {
322 $auth_user = $is_admin;
323 }
324  
325 return $auth_user;
326 }
327  
328 ?>