Menu
▾
▴
[mxbb-commits] core/includes/sessions/phpbb2 auth.php, NONE, 1.3.2.2 core.php, NONE, 1.14.2.2 index.htm, NONE, 1.1.2.2
|
From: FlorinCB <ory...@us...> - 2008-08-16 01:45:58
|
Update of /cvsroot/mxbb/core/includes/sessions/phpbb2 In directory sc8-pr-cvs16.sourceforge.net:/tmp/cvs-serv29865/includes/sessions/phpbb2 Added Files: Tag: core28x auth.php core.php index.htm Log Message: Added phpbb_auth class, not added mx_backend stuff yet --- NEW FILE: auth.php --- <?php /** * * @package Auth * @version $Id: auth.php,v 1.3.2.2 2008/08/16 01:45:51 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://www.mx-publisher.com * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } /** * Permission/Auth class for phpBB2 forums * @package MX-Publisher */ class phpbb_auth_base { function auth($type, $forum_id, $userdata, $f_access = '') { global $db, $lang; switch( $type ) { case AUTH_ALL: $a_sql = 'a.auth_view, a.auth_read, a.auth_post, a.auth_reply, a.auth_edit, a.auth_delete, a.auth_sticky, a.auth_announce, a.auth_vote, a.auth_pollcreate'; $auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate'); break; case AUTH_VIEW: $a_sql = 'a.auth_view'; $auth_fields = array('auth_view'); break; case AUTH_READ: $a_sql = 'a.auth_read'; $auth_fields = array('auth_read'); break; case AUTH_POST: $a_sql = 'a.auth_post'; $auth_fields = array('auth_post'); break; case AUTH_REPLY: $a_sql = 'a.auth_reply'; $auth_fields = array('auth_reply'); break; case AUTH_EDIT: $a_sql = 'a.auth_edit'; $auth_fields = array('auth_edit'); break; case AUTH_DELETE: $a_sql = 'a.auth_delete'; $auth_fields = array('auth_delete'); break; case AUTH_ANNOUNCE: $a_sql = 'a.auth_announce'; $auth_fields = array('auth_announce'); break; case AUTH_STICKY: $a_sql = 'a.auth_sticky'; $auth_fields = array('auth_sticky'); break; case AUTH_POLLCREATE: $a_sql = 'a.auth_pollcreate'; $auth_fields = array('auth_pollcreate'); break; case AUTH_VOTE: $a_sql = 'a.auth_vote'; $auth_fields = array('auth_vote'); break; case AUTH_ATTACH: break; default: break; } // // If f_access has been passed, or auth is needed to return an array of forums // then we need to pull the auth information on the given forum (or all forums) // if ( empty($f_access) ) { $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "WHERE a.forum_id = $forum_id" : ''; $sql = "SELECT a.forum_id, $a_sql FROM " . FORUMS_TABLE . " a $forum_match_sql"; if ( !($result = $db->sql_query($sql)) ) { //mx_message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); } $sql_fetchrow = ( $forum_id != AUTH_LIST_ALL ) ? 'sql_fetchrow' : 'sql_fetchrowset'; if ( !($f_access = $db->$sql_fetchrow($result)) ) { $db->sql_freeresult($result); return array(); } $db->sql_freeresult($result); } // // If the user isn't logged on then all we need do is check if the forum // has the type set to ALL, if yes they are good to go, if not then they // are denied access // $u_access = array(); if ( $userdata['session_logged_in'] ) { $forum_match_sql = ( $forum_id != AUTH_LIST_ALL ) ? "AND a.forum_id = $forum_id" : ''; $sql = "SELECT a.forum_id, $a_sql, a.auth_mod FROM " . AUTH_ACCESS_TABLE . " a, " . USER_GROUP_TABLE . " ug WHERE ug.user_id = ".$userdata['user_id']. " AND ug.user_pending = 0 AND a.group_id = ug.group_id $forum_match_sql"; if ( !($result = $db->sql_query($sql)) ) { mx_message_die(GENERAL_ERROR, 'Failed obtaining forum access control lists', '', __LINE__, __FILE__, $sql); } if ( $row = $db->sql_fetchrow($result) ) { do { if ( $forum_id != AUTH_LIST_ALL) { $u_access[] = $row; } else { $u_access[$row['forum_id']][] = $row; } } while( $row = $db->sql_fetchrow($result) ); } $db->sql_freeresult($result); } $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user = array(); for($i = 0; $i < count($auth_fields); $i++) { $key = $auth_fields[$i]; // // If the user is logged on and the forum type is either ALL or REG then the user has access // // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions // to do whatever it is they want to do ... to do this we pull relevant information for the // user (and any groups they belong to) // // Now we compare the users access level against the forums. We assume here that a moderator // and admin automatically have access to an ACL forum, similarly we assume admins meet an // auth requirement of MOD // if ( $forum_id != AUTH_LIST_ALL ) { $value = $f_access[$key]; switch( $value ) { case AUTH_ALL: $auth_user[$key] = TRUE; $auth_user[$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; break; case AUTH_ACL: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_ACL, $key, $u_access, $is_admin) : 0; $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; break; case AUTH_MOD: $auth_user[$key] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; $auth_user[$key . '_type'] = $lang['Auth_Moderators']; break; case AUTH_ADMIN: $auth_user[$key] = $is_admin; $auth_user[$key . '_type'] = $lang['Auth_Administrators']; break; default: $auth_user[$key] = 0; break; } } else { for($k = 0; $k < count($f_access); $k++) { $value = $f_access[$k][$key]; $f_forum_id = $f_access[$k]['forum_id']; $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); switch( $value ) { case AUTH_ALL: $auth_user[$f_forum_id][$key] = TRUE; $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Anonymous_Users']; break; case AUTH_REG: $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? TRUE : 0; $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Registered_Users']; break; case AUTH_ACL: $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_ACL, $key, $u_access[$f_forum_id], $is_admin) : 0; $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Users_granted_access']; break; case AUTH_MOD: $auth_user[$f_forum_id][$key] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Moderators']; break; case AUTH_ADMIN: $auth_user[$f_forum_id][$key] = $is_admin; $auth_user[$f_forum_id][$key . '_type'] = $lang['Auth_Administrators']; break; default: $auth_user[$f_forum_id][$key] = 0; break; } } } } // // Is user a moderator? // if ( $forum_id != AUTH_LIST_ALL ) { $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_MOD, 'auth_mod', $u_access, $is_admin) : 0; } else { for($k = 0; $k < count($f_access); $k++) { $f_forum_id = $f_access[$k]['forum_id']; $u_access[$f_forum_id] = isset($u_access[$f_forum_id]) ? $u_access[$f_forum_id] : array(); $auth_user[$f_forum_id]['auth_mod'] = ( $userdata['session_logged_in'] ) ? $this->auth_check_user(AUTH_MOD, 'auth_mod', $u_access[$f_forum_id], $is_admin) : 0; } } return $auth_user; } function auth_check_user($type, $key, $u_access, $is_admin) { $auth_user = 0; if ( count($u_access) ) { for($j = 0; $j < count($u_access); $j++) { $result = 0; switch($type) { case AUTH_ACL: $result = $u_access[$j][$key]; case AUTH_MOD: $result = $result || $u_access[$j]['auth_mod']; case AUTH_ADMIN: $result = $result || $is_admin; break; } $auth_user = $auth_user || $result; } } else { $auth_user = $is_admin; } return $auth_user; } } ?> --- NEW FILE: core.php --- <?php /** * * @package Auth * @version $Id: core.php,v 1.14.2.2 2008/08/16 01:45:52 orynider Exp $ * @copyright (c) 2002-2008 MX-Publisher Project Team * @license http://opensource.org/licenses/gpl-license.php GNU General Public License v2 * @link http://www.mx-publisher.com * */ if ( !defined( 'IN_PORTAL' ) ) { die( "Hacking attempt" ); } // // First off, include common vanilla phpBB functions, from our shared dir // Note: These functions will later be accessible wrapped as phpBBX::orig_functionname() // //include_once($mx_root_path . 'includes/shared/phpbb2/includes/functions.' . $phpEx); //include_once($mx_root_path . 'includes/shared/phpbb3/includes/functions.' . $phpEx); // // Now load some bbcodes, to be extended for this backend (see below) // //include_once($mx_root_path . 'includes/mx_functions_bbcode.' . $phpEx); // BBCode associated functions // // Finally, load some backend specific functions // //include_once($mx_root_path . 'includes/sessions/phpbb2/functions.' . $phpEx); // // phpBB Permissions // include_once($mx_root_path . 'includes/sessions/phpbb2/auth.' . $phpEx); /** * Permission/Auth class * * @package MX-Publisher * */ class phpbb_auth extends phpbb_auth_base { /** * get_auth_forum * * @param unknown_type $mode * @return unknown */ function get_auth_forum($mode = 'phpbb') { global $userdata, $mx_root_path, $phpEx; // // Try to reuse auth_view query result. // $userdata_key = 'mx_get_auth_' . $mode . $userdata['user_id']; if( !empty($userdata[$userdata_key]) ) { $auth_data_sql = $userdata[$userdata_key]; return $auth_data_sql; } // // Now, this tries to optimize DB access involved in auth(), // passing AUTH_LIST_ALL will load info for all forums at once. // $is_auth_ary = $this->auth(AUTH_VIEW, AUTH_LIST_ALL, $userdata); // // Loop through the list of forums to retrieve the ids for // those with AUTH_VIEW allowed. // $auth_data_sql = ''; foreach( $is_auth_ary as $fid => $is_auth_row ) { if( ($is_auth_row['auth_view']) ) { $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; } } if( empty($auth_data_sql) ) { $auth_data_sql = -1; } $userdata[$userdata_key] = $auth_data_sql; return $auth_data_sql; } /** * function acl_getfignore() * $auth_level_read can be a value or array; * $ignore_forum_ids can have this sintax: forum_id(1), forum_id(2), ..., forum_is(n); * 1st test 25.06.2008 by FlorinCB */ function acl_getfignore($auth_level_read, $ignore_forum_ids) { global $phpbb_root_path, $mx_user; $ignore_forum_ids = ($ignore_forum_ids) ? $ignore_forum_ids : -1; $auth_user = array(); if (is_array($auth_level_read)) { foreach ($auth_level_read as $auth_level) { $auth_user = $this->auth($auth_level, AUTH_LIST_ALL, $mx_user->data); if ($num_forums = count($auth_user)) { while ( list($forum_id, $auth_mod) = each($auth_user) ) { $unauthed = false; if (!$auth_mod[$auth_level] && (strstr($ignore_forum_ids,$auth_mod['forum_id']) === FALSE)) { $unauthed = true; } if (!$auth_level && !$auth_mod['auth_read'] && (strstr($ignore_forum_ids,$auth_mod['forum_id']) === FALSE)) { $unauthed = true; } if ($unauthed) { $ignore_forum_ids .= ($ignore_forum_ids) ? ',' . $forum_id : $forum_id; } } } unset($auth_level_read); } } else { $auth_user = $this->auth($auth_level_read, AUTH_LIST_ALL, $mx_user->data); foreach($auth_user as $forum_id => $is_auth_row) { $unauthed = true; if($auth_level_read && ($is_auth_row[$auth_level_read])) { $unauthed = false; } if(strstr($ignore_forum_ids, $forum_id)) { $unauthed = false; } if ($unauthed) { $ignore_forum_ids .= ($ignore_forum_ids) ? ',' . $forum_id : $forum_id; } } } $ignore_forum_ids = ($ignore_forum_ids) ? $ignore_forum_ids : -1; return $ignore_forum_ids; } } // // Init the phpbb_auth class // $phpbb_auth = new phpbb_auth(); //mx_backend here when needed ?> --- NEW FILE: index.htm --- <html> <head> <title></title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> </body> </html> |
