| [ Index ] |
PHP Cross Reference of Nuke-Evolution v2.0.5 |
[Summary view] [Print] [Text view]
1 <?php 2 /*======================================================================= 3 Nuke-Evolution Basic: Enhanced PHP-Nuke Web Portal System 4 =======================================================================*/ 5 6 /*************************************************************************** 7 * auth.php 8 * ------------------- 9 * begin : Saturday, Feb 13, 2001 10 * copyright : (C) 2001 The phpBB Group 11 * email : support@phpbb.com 12 * 13 * Id: auth.php,v 1.37.2.5 2004/03/01 16:49:03 psotfx Exp 14 * 15 ***************************************************************************/ 16 17 /*************************************************************************** 18 * phpbb2 forums port version 2.0.5 (c) 2003 - Nuke Cops (http://nukecops.com) 19 * 20 * Ported by Nuke Cops to phpbb2 standalone 2.0.5 Test 21 * and debugging completed by the Elite Nukers and site members. 22 * 23 * You run this package at your sole risk. Nuke Cops and affiliates cannot 24 * be held liable if anything goes wrong. You are advised to test this 25 * package on a development system. Backup everything before implementing 26 * in a production environment. If something goes wrong, you can always 27 * backout and restore your backups. 28 * 29 * Installing and running this also means you agree to the terms of the AUP 30 * found at Nuke Cops. 31 * 32 * This is version 2.0.5 of the phpbb2 forum port for PHP-Nuke. Work is based 33 * on Tom Nitzschner's forum port version 2.0.6. Tom's 2.0.6 port was based 34 * on the phpbb2 standalone version 2.0.3. Our version 2.0.5 from Nuke Cops is 35 * now reflecting phpbb2 standalone 2.0.5 that fixes some bugs and the 36 * invalid_session error message. 37 ***************************************************************************/ 38 39 /*************************************************************************** 40 * This file is part of the phpBB2 port to Nuke 6.0 (c) copyright 2002 41 * by Tom Nitzschner (tom@toms-home.com) 42 * http://bbtonuke.sourceforge.net (or http://www.toms-home.com) 43 * 44 * As always, make a backup before messing with anything. All code 45 * release by me is considered sample code only. It may be fully 46 * functual, but you use it at your own risk, if you break it, 47 * you get to fix it too. No waranty is given or implied. 48 * 49 * Please post all questions/request about this port on http://bbtonuke.sourceforge.net first, 50 * then on my site. All original header code and copyright messages will be maintained 51 * to give credit where credit is due. If you modify this, the only requirement is 52 * that you also maintain all original copyright messages. All my work is released 53 * under the GNU GENERAL PUBLIC LICENSE. Please see the README for more information. 54 * 55 ***************************************************************************/ 56 57 /*************************************************************************** 58 * 59 * This program is free software; you can redistribute it and/or modify 60 * it under the terms of the GNU General Public License as published by 61 * the Free Software Foundation; either version 2 of the License, or 62 * (at your option) any later version. 63 * 64 ***************************************************************************/ 65 66 /*****[CHANGES]********************************************************** 67 -=[Base]=- 68 Nuke Patched v3.1.0 06/26/2005 69 -=[Mod]=- 70 Attachment Mod v2.4.1 07/20/2005 71 Global Announcements v1.2.8 06/13/2005 72 ************************************************************************/ 73 74 if (!defined('IN_PHPBB')) 75 { 76 die('Hacking attempt'); 77 } 78 79 /* 80 $type's accepted (pre-pend with AUTH_): 81 VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE 82 83 Possible options ($type/forum_id combinations): 84 85 * If you include a type and forum_id then a specific lookup will be done and 86 the single result returned 87 88 * If you set type to AUTH_ALL and specify a forum_id an array of all auth types 89 will be returned 90 91 * If you provide a forum_id a specific lookup on that forum will be done 92 93 * If you set forum_id to AUTH_LIST_ALL and specify a type an array listing the 94 results for all forums will be returned 95 96 * If you set forum_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional 97 array containing the auth permissions for all types and all forums for that 98 user is returned 99 100 All results are returned as associative arrays, even when a single auth type is 101 specified. 102 103 If available you can send an array (either one or two dimensional) containing the 104 forum auth levels, this will prevent the auth function having to do its own 105 lookup 106 */ 107 function auth($type, $forum_id, $userdata, $f_access = '') 108 { 109 global $db, $lang; 110 111 switch( $type ) 112 { 113 case AUTH_ALL: 114 /*****[BEGIN]****************************************** 115 [ Mod: Global Announcements v1.2.8 ] 116 ******************************************************/ 117 $a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate, a.auth_globalannounce'; 118 $auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate', 'auth_globalannounce'); 119 /*****[END]******************************************** 120 [ Mod: Global Announcements v1.2.8 ] 121 ******************************************************/ 122 break; 123 124 case AUTH_VIEW: 125 $a_sql = 'a.auth_view'; 126 $auth_fields = array('auth_view'); 127 break; 128 129 case AUTH_READ: 130 $a_sql = 'a.auth_read'; 131 $auth_fields = array('auth_read'); 132 break; 133 case AUTH_POST: 134 $a_sql = 'a.auth_post'; 135 $auth_fields = array('auth_post'); 136 break; 137 case AUTH_REPLY: 138 $a_sql = 'a.auth_reply'; 139 $auth_fields = array('auth_reply'); 140 break; 141 case AUTH_EDIT: 142 $a_sql = 'a.auth_edit'; 143 $auth_fields = array('auth_edit'); 144 break; 145 case AUTH_DELETE: 146 $a_sql = 'a.auth_delete'; 147 $auth_fields = array('auth_delete'); 148 break; 149 150 case AUTH_ANNOUNCE: 151 $a_sql = 'a.auth_announce'; 152 $auth_fields = array('auth_announce'); 153 break; 154 case AUTH_STICKY: 155 $a_sql = 'a.auth_sticky'; 156 $auth_fields = array('auth_sticky'); 157 break; 158 159 case AUTH_POLLCREATE: 160 $a_sql = 'a.auth_pollcreate'; 161 $auth_fields = array('auth_pollcreate'); 162 break; 163 case AUTH_VOTE: 164 $a_sql = 'a.auth_vote'; 165 $auth_fields = array('auth_vote'); 166 break; 167 case AUTH_ATTACH: 168 break; 169 /*****[BEGIN]****************************************** 170 [ Mod: Global Announcements v1.2.8 ] 171 ******************************************************/ 172 case AUTH_GLOBALANNOUNCE: 173 $a_sql = 'a.auth_globalannounce'; 174 $auth_fields = array('auth_globalannounce'); 175 break; 176 /*****[END]******************************************** 177 [ Mod: Global Announcements v1.2.8 ] 178 ******************************************************/ 179 default: 180 break; 181 } 182 183 /*****[BEGIN]****************************************** 184 [ Mod: Attachment Mod v2.4.1 ] 185 ******************************************************/ 186 attach_setup_basic_auth($type, $auth_fields, $a_sql); 187 /*****[END]******************************************** 188 [ Mod: Attachment Mod v2.4.1 ] 189 ******************************************************/ 190 191 // 192 // If f_access has been passed, or auth is needed to return an array of forums 193 // then we need to pull the auth information on the given forum (or all forums) 194 // 195 if ( empty($f_access) ) 196 { 197 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = '$forum_id'" : ''; 198 199 $sql = "SELECT a.forum_id, $a_sql 200 FROM " . FORUMS_TABLE . " a 201 $forum_match_sql"; 202 if ( !($result = $db->sql_query($sql)) ) 203 { 204 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); 205 } 206 207 $sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset'; 208 209 if ( !($f_access = $db->$sql_fetchrow($result)) ) 210 { 211 $db->sql_freeresult($result); 212 return array(); 213 } 214 215 $db->sql_freeresult($result); 216 } 217 218 // 219 // If the user isn't logged on then all we need do is check if the forum 220 // has the type set to ALL, if yes they are good to go, if not then they 221 // are denied access 222 // 223 $u_access = array(); 224 if ( $userdata['session_logged_in'] ) 225 { 226 $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = '$forum_id'" : ''; 227 228 $sql = "SELECT a.forum_id, $a_sql, a.auth_mod 229 FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug 230 WHERE ug.user_id = ".$userdata['user_id']. " 231 AND ug.user_pending = '0' 232 AND a.group_id = ug.group_id 233 $forum_match_sql"; 234 if ( !($result = $db->sql_query($sql)) ) 235 { 236 message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); 237 } 238 239 if ( $row = $db->sql_fetchrow($result) ) 240 { 241 do 242 { 243 if ( $forum_id != AUTH_LIST_ALL) 244 { 245 $u_access[] = $row; 246 } 247 else 248 { 249 $u_access[$row['forum_id']][] = $row; 250 } 251 } 252 while( $row = $db->sql_fetchrow($result) ); 253 } 254 $db->sql_freeresult($result); 255 } 256 257 $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; 258 259 $auth_user = array(); 260 for($i = 0; $i < count($auth_fields); $i++) 261 { 262 $key = $auth_fields[$i]; 263 264 // 265 // If the user is logged on and the forum type is either ALL or REG then the user has access 266 // 267 // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions 268 // to do whatever it is they want to do ... to do this we pull relevant information for the 269 // user (and any groups they belong to) 270 // 271 // Now we compare the users access level against the forums. We assume here that a moderator 272 // and admin automatically have access to an ACL forum, similarly we assume admins meet an 273 // auth requirement of MOD 274 // 275 if ( $forum_id != AUTH_LIST_ALL ) 276 { 277 $value = (isset($f_access[$key])) ? $f_access[$key] : null; 278 279 switch( $value ) 280 { 281 case AUTH_ALL: 282 $auth_user[$key] = TRUE; 283 $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; 284 break; 285 286 case AUTH_REG: 287 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; 288 $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; 289 break; 290 291 case AUTH_ACL: 292 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; 293 $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; 294 break; 295 296 case AUTH_MOD: 297 $auth_user[$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; 298 $auth_user[$key . '_type'] = $lang['Auth_Moderators']; 299 break; 300 301 case AUTH_ADMIN: 302 $auth_user[$key] = $is_admin; 303 $auth_user[$key . '_type'] = $lang['Auth_Administrators']; 304 break; 305 306 default: 307 $auth_user[$key] = 0; 308 break; 309 } 310 } 311 else 312 { 313 for($k = 0; $k < count($f_access); $k++) 314 { 315 $value = $f_access[$k][$key]; 316 $f_forum_id = $f_access[$k]['forum_id']; 317 $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); 318 319 switch( $value ) 320 { 321 case AUTH_ALL: 322 $auth_user[$f_forum_id][$key] = TRUE; 323 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; 324 break; 325 326 case AUTH_REG: 327 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; 328 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users']; 329 break; 330 331 case AUTH_ACL: 332 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0; 333 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access']; 334 break; 335 336 case AUTH_MOD: 337 $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; 338 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators']; 339 break; 340 341 case AUTH_ADMIN: 342 $auth_user[$f_forum_id][$key] = $is_admin; 343 $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators']; 344 break; 345 346 default: 347 $auth_user[$f_forum_id][$key] = 0; 348 break; 349 } 350 } 351 } 352 } 353 354 // 355 // Is user a moderator? 356 // 357 if ( $forum_id != AUTH_LIST_ALL ) 358 { 359 $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; 360 } 361 else 362 { 363 for($k = 0; $k < count($f_access); $k++) 364 { 365 $f_forum_id = $f_access[$k]['forum_id']; 366 $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); 367 368 $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; 369 } 370 } 371 372 return $auth_user; 373 } 374 375 function auth_check_user($type, $key, $u_access, $is_admin) 376 { 377 $auth_user = 0; 378 379 if ( count($u_access) ) 380 { 381 for($j = 0; $j < count($u_access); $j++) 382 { 383 $result = 0; 384 switch($type) 385 { 386 case AUTH_ACL: 387 $result = $u_access[$j][$key]; 388 389 case AUTH_MOD: 390 $result = $result || $u_access[$j]['auth_mod']; 391 392 case AUTH_ADMIN: 393 $result = $result || $is_admin; 394 break; 395 } 396 397 $auth_user = $auth_user || $result; 398 } 399 } 400 else 401 { 402 $auth_user = $is_admin; 403 } 404 405 return $auth_user; 406 } 407 408 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jun 6 11:38:01 2007 | Cross-referenced by PHPXref 0.7 |