Menu
▾
▴
[mxbb-commits] core/includes mx_auth.php,1.5,1.6 mx_functions.php,1.34,1.35 mx_functions_phpbb.php,1.4,1.5
|
From: Markus P. <mar...@us...> - 2005-04-13 21:24:07
|
Update of /cvsroot/mxbb/core/includes In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv3079/includes Modified Files: mx_auth.php mx_functions.php mx_functions_phpbb.php Log Message: ok, second step on fixing double line breaks. I think this is all. Index: mx_functions_phpbb.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions_phpbb.php,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** mx_functions_phpbb.php 10 Apr 2005 20:40:42 -0000 1.4 --- mx_functions_phpbb.php 13 Apr 2005 21:23:25 -0000 1.5 *************** *** 1,603 **** ! <?php ! /** ------------------------------------------------------------------------ ! * subject : mx-portal, CMS & portal ! * begin : june, 2002 ! * copyright : (C) 2002-2005 MX-System ! * email : jon...@ho... ! * project site : www.mx-system.com ! * ! * description : ! * ------------------------------------------------------------------------- [...1179 lines suppressed...] ! { ! if ( $on_page > 1 ) ! { ! $page_string = ' <a href="' . append_sid($base_url . "&".$name_id."=" . ( ( $on_page - 2 ) * $per_page ) ) . '">' . $previous_string . '</a> ' . $page_string; ! } ! ! if ( $on_page < $total_pages ) ! { ! $page_string .= ' <a href="' . append_sid($base_url . "&".$name_id."=" . ( $on_page * $per_page ) ) . '">' . $next_string . '</a>'; ! } ! ! } ! $pre_text = $add_preinfo_text ? $lang['Goto_page'] : ''; ! $page_string = $pre_text . ' ' . $page_string; ! ! return $page_string; ! } ! ?> \ No newline at end of file Index: mx_auth.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_auth.php,v retrieving revision 1.5 retrieving revision 1.6 diff -C2 -d -r1.5 -r1.6 *** mx_auth.php 12 Apr 2005 21:10:33 -0000 1.5 --- mx_auth.php 13 Apr 2005 21:23:25 -0000 1.6 *************** *** 1,464 **** ! <?php ! /** ------------------------------------------------------------------------ ! * subject : mx-portal, CMS & portal ! * begin : june, 2002 ! * copyright : (C) 2002-2005 MX-System ! * email : jon...@ho... ! * project site : www.mx-system.com ! * ! * description : ! * ------------------------------------------------------------------------- ! * ! * $Id$ ! */ ! ! /** ! * This program is free software; you can redistribute it and/or modify ! * it under the terms of the GNU General Public License as published by ! * the Free Software Foundation; either version 2 of the License', or ! * ('at your option) any later version. ! */ ! ! /** ! * Included functions in this file: ! * - block_auth ! * - page_auth ! * - menu_auth ! * - mx_auth_check_user (from auth.php - validated for phpbb 2.0.10) ! * - get_auth_forum ! * - mx_auth_group_cache ! */ ! ! /* ! $type's accepted (pre-pend with AUTH_): ! VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE ! ! Possible options ($type/module_id combinations): ! ! * If you include a type and module_id then a specific lookup will be done and ! the single result returned ! ! * If you set type to AUTH_ALL and specify a module_id an array of all auth types ! will be returned ! ! * If you provide a module_id a specific lookup on that module will be done ! ! * If you set module_id to AUTH_LIST_ALL and specify a type an array listing the ! results for all modules will be returned ! ! * If you set module_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional ! array containing the auth permissions for all types and all modules for that ! user is returned ! ! All results are returned as associative arrays, even when a single auth type is ! specified. ! ! If available you can send an array (either one or two dimensional) containing the ! module auth levels, this will prevent the auth function having to do its own ! lookup ! */ ! function block_auth( $type, $module_id, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! switch ( $type ) ! { ! // case AUTH_ALL: ! // $a_sql = 'a.auth_view, a.auth_edit, a.auth_delete'; ! // $a_sql_groups = 'a.auth_view_group, a.auth_edit_group, a.auth_delete_group'; ! // $auth_fields = array( 'auth_view', 'auth_edit', 'auth_delete' ); ! // $auth_fields_groups = array( 'auth_view_group', 'auth_edit_group', 'auth_delete_group' ); ! // break; ! ! case AUTH_VIEW: ! $a_sql = 'a.auth_view'; ! $a_sql_groups = 'a.auth_view_group'; ! $auth_fields = array( 'auth_view' ); ! $auth_fields_groups = array( 'auth_view_group' ); ! break; ! ! case AUTH_EDIT: ! $a_sql = 'a.auth_edit'; ! $a_sql_groups = 'a.auth_edit_group'; ! $auth_fields = array( 'auth_edit' ); ! $auth_fields_groups = array( 'auth_edit_group' ); ! break; ! ! case AUTH_DELETE: ! $a_sql = 'a.auth_delete'; ! $a_sql_groups = 'a.auth_delete_group'; ! $auth_fields = array( 'auth_delete' ); ! $auth_fields_groups = array( 'auth_delete_group' ); ! break; ! ! default: ! break; ! } ! ! if ( $module_id == 0 ) ! { ! if ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ! { ! $auth_user[$auth_fields[0]] = 1; ! $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; ! } ! else ! { ! $auth_user[$auth_fields[0]] = 0; ! $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; ! } ! return $auth_user; ! } ! ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! $key_groups = $auth_fields_groups[$i]; ! // If the user is logged on and the module type is either ALL or REG then the user has access ! // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions ! // to do whatever it is they want to do ... to do this we pull relevant information for the ! // user (and any groups they belong to) ! // Now we compare the users access level against the modules. We assume here that a moderator ! // and admin automatically have access to an ACL module, similarly we assume admins meet an ! // auth requirement of MOD ! $value = $f_access[$key]; ! // $value_groups = $f_access_group[$key_groups]; ! $value_groups = $f_access_group; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: // PRIVATE ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $value_groups ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! ! return $auth_user; ! } ! ! function page_auth( $type, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! $a_sql = 'a.auth_view'; ! $a_sql_groups = 'a.auth_view_group'; ! $auth_fields = array( 'auth_view' ); ! $auth_fields_groups = array( 'auth_view_group' ); ! ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! $key_groups = $auth_fields_groups[$i]; ! ! $value = $f_access[$key]; ! // $value_groups = $f_access_group[$key_groups]; ! $value_groups = $f_access_group; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: // PRIVATE ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $value_groups ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! ! return $auth_user; ! } ! // ************************************************************************** ! function menu_auth( $type, $menu_id, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! switch ( $type ) ! { ! case AUTH_ALL: ! $a_sql = 'a.auth_view'; ! $auth_fields = array( 'auth_view' ); ! break; ! ! case AUTH_VIEW: ! $a_sql = 'a.auth_view'; ! $auth_fields = array( 'auth_view' ); ! break; ! ! default: ! break; ! } ! // If f_access has been passed, or auth is needed to return an array of menus ! // then we need to pull the auth information on the given menu (or all menus) ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! // If the user is logged on and the menu type is either ALL or REG then the user has access ! // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions ! // to do whatever it is they want to do ... to do this we pull relevant information for the ! // user (and any groups they belong to) ! // Now we compare the users access level against the menus. We assume here that a moderator ! // and admin automatically have access to an ACL menu, similarly we assume admins meet an ! // auth requirement of MOD ! $value = $f_access[$key]; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! // $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! ! return $auth_user; ! } ! ! // New optimized get_auth_forum ! // Credits to Markus_Petrux :-) ! function get_auth_forum( $mode = 'phpbb' ) ! { ! global $userdata, $mx_root_path, $phpEx; ! ! switch ( $mode ) ! { ! case 'phpbb': ! ! // Try to reuse auth_view query result. ! $userdata_key = 'mx_get_auth_forum' . $userdata['user_id']; ! if ( !empty( $userdata[$userdata_key] ) ) ! { ! $auth_data_sql = $userdata[$userdata_key]; ! return $auth_data_sql; ! } ! // Now, this tries to optimize DB access involved in auth(), ! // passing AUTH_LIST_ALL will load info for all forums at once. ! $is_auth_ary = auth( AUTH_VIEW, AUTH_LIST_ALL, $userdata ); ! // Loop through the list of forums to retrieve the ids for ! // those with AUTH_VIEW allowed. ! $auth_data_sql = ''; ! foreach( $is_auth_ary as $fid => $is_auth_row ) ! { ! if ( $is_auth_row['auth_view'] ) ! { ! $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; ! } ! } ! ! if ( empty( $auth_data_sql ) ) ! { ! $auth_data_sql = -1; ! } ! $userdata[$userdata_key] = $auth_data_sql; ! return $auth_data_sql; ! break; ! ! case 'kb': ! ! // Try to reuse auth_view query result. ! $userdata_key = 'mx_get_auth_kb' . $userdata['user_id']; ! if ( !empty( $userdata[$userdata_key] ) ) ! { ! $auth_data_sql = $userdata[$userdata_key]; ! return $auth_data_sql; ! } ! // Now, this tries to optimize DB access involved in auth(), ! // passing AUTH_LIST_ALL will load info for all forums at once. ! ! include_once( $mx_root_path . 'modules/mx_kb/includes/functions_kb_auth.' . $phpEx ); ! $is_auth_ary = kb_auth( AUTH_VIEW, AUTH_LIST_ALL, $userdata ); ! // Loop through the list of forums to retrieve the ids for ! // those with AUTH_VIEW allowed. ! $auth_data_sql = ''; ! foreach( $is_auth_ary as $fid => $is_auth_row ) ! { ! if ( $is_auth_row['auth_view'] ) ! { ! $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; ! } ! } ! ! if ( empty( $auth_data_sql ) ) ! { ! $auth_data_sql = -1; ! } ! $userdata[$userdata_key] = $auth_data_sql; ! return $auth_data_sql; ! break; ! default: ! //nothing ! break; ! } ! ! } ! ! // Validates if user belongs to group included in group_ids list ! // Also, adds all usergroups to userdata array ! function mx_auth_group( $group_ids = '', $group_mod_mode = false ) ! { ! global $userdata, $db; ! ! if ( $group_ids == '' ) ! { ! return false; ! } ! ! $group_ids_array = explode(",", $group_ids); ! ! // Try to reuse usergroups result. ! if ( $group_mod_mode ) ! { ! $userdata_key = 'mx_usergroups_mod' . $userdata['user_id']; ! ! if ( empty( $userdata[$userdata_key] ) ) ! { ! // Check if user is group moderator.. ! $sql = "SELECT gr.group_id ! FROM " . GROUPS_TABLE . " gr, ! " . USER_GROUP_TABLE . " ugr ! WHERE gr.group_id = ugr.group_id ! AND gr.group_moderator = '" . $userdata['user_id'] . "' ! AND ugr.user_pending = '0' "; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! message_die( GENERAL_ERROR, "Could not query group rights information", '', '', '', '' ); ! } ! ! $group_row = $db->sql_fetchrowset( $result ); ! ! $userdata[$userdata_key_mod] = $group_row; ! } ! } ! else ! { ! $userdata_key = 'mx_usergroups' . $userdata['user_id']; ! ! if ( empty( $userdata[$userdata_key] ) ) ! { ! // Check if user is member of the proper group.. ! $sql = "SELECT group_id FROM " . USER_GROUP_TABLE . " WHERE user_id='" . $userdata['user_id'] . "' AND user_pending = 0"; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! message_die( GENERAL_ERROR, "Could not query group rights information", '', '', '', '' ); ! } ! ! $group_row = $db->sql_fetchrowset( $result ); ! ! $userdata[$userdata_key] = $group_row; ! } ! } ! ! for ( $i = 0; $i < count( $userdata[$userdata_key] ); $i++ ) ! { ! if ( in_array( $userdata[$userdata_key][$i]['group_id'], $group_ids_array ) ) ! { ! $is_member = true; ! return $is_member; ! } ! } ! ! return false; ! } ?> \ No newline at end of file --- 1,464 ---- ! <?php ! /** ------------------------------------------------------------------------ ! * subject : mx-portal, CMS & portal ! * begin : june, 2002 ! * copyright : (C) 2002-2005 MX-System ! * email : jon...@ho... ! * project site : www.mx-system.com ! * ! * description : ! * ------------------------------------------------------------------------- ! * ! * $Id$ ! */ ! ! /** ! * This program is free software; you can redistribute it and/or modify ! * it under the terms of the GNU General Public License as published by ! * the Free Software Foundation; either version 2 of the License', or ! * ('at your option) any later version. ! */ ! ! /** ! * Included functions in this file: ! * - block_auth ! * - page_auth ! * - menu_auth ! * - mx_auth_check_user (from auth.php - validated for phpbb 2.0.10) ! * - get_auth_forum ! * - mx_auth_group_cache ! */ ! ! /* ! $type's accepted (pre-pend with AUTH_): ! VIEW, READ, POST, REPLY, EDIT, DELETE, STICKY, ANNOUNCE, VOTE, POLLCREATE ! ! Possible options ($type/module_id combinations): ! ! * If you include a type and module_id then a specific lookup will be done and ! the single result returned ! ! * If you set type to AUTH_ALL and specify a module_id an array of all auth types ! will be returned ! ! * If you provide a module_id a specific lookup on that module will be done ! ! * If you set module_id to AUTH_LIST_ALL and specify a type an array listing the ! results for all modules will be returned ! ! * If you set module_id to AUTH_LIST_ALL and type to AUTH_ALL a multidimensional ! array containing the auth permissions for all types and all modules for that ! user is returned ! ! All results are returned as associative arrays, even when a single auth type is ! specified. ! ! If available you can send an array (either one or two dimensional) containing the ! module auth levels, this will prevent the auth function having to do its own ! lookup ! */ ! function block_auth( $type, $module_id, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! switch ( $type ) ! { ! // case AUTH_ALL: ! // $a_sql = 'a.auth_view, a.auth_edit, a.auth_delete'; ! // $a_sql_groups = 'a.auth_view_group, a.auth_edit_group, a.auth_delete_group'; ! // $auth_fields = array( 'auth_view', 'auth_edit', 'auth_delete' ); ! // $auth_fields_groups = array( 'auth_view_group', 'auth_edit_group', 'auth_delete_group' ); ! // break; ! ! case AUTH_VIEW: ! $a_sql = 'a.auth_view'; ! $a_sql_groups = 'a.auth_view_group'; ! $auth_fields = array( 'auth_view' ); ! $auth_fields_groups = array( 'auth_view_group' ); ! break; ! ! case AUTH_EDIT: ! $a_sql = 'a.auth_edit'; ! $a_sql_groups = 'a.auth_edit_group'; ! $auth_fields = array( 'auth_edit' ); ! $auth_fields_groups = array( 'auth_edit_group' ); ! break; ! ! case AUTH_DELETE: ! $a_sql = 'a.auth_delete'; ! $a_sql_groups = 'a.auth_delete_group'; ! $auth_fields = array( 'auth_delete' ); ! $auth_fields_groups = array( 'auth_delete_group' ); ! break; ! ! default: ! break; ! } ! ! if ( $module_id == 0 ) ! { ! if ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ! { ! $auth_user[$auth_fields[0]] = 1; ! $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; ! } ! else ! { ! $auth_user[$auth_fields[0]] = 0; ! $auth_user[$auth_fields[0] . '_type'] = $lang['Auth_Moderators']; ! } ! return $auth_user; ! } ! ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! $key_groups = $auth_fields_groups[$i]; ! // If the user is logged on and the module type is either ALL or REG then the user has access ! // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions ! // to do whatever it is they want to do ... to do this we pull relevant information for the ! // user (and any groups they belong to) ! // Now we compare the users access level against the modules. We assume here that a moderator ! // and admin automatically have access to an ACL module, similarly we assume admins meet an ! // auth requirement of MOD ! $value = $f_access[$key]; ! // $value_groups = $f_access_group[$key_groups]; ! $value_groups = $f_access_group; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: // PRIVATE ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $value_groups ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! ! return $auth_user; ! } ! ! function page_auth( $type, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! $a_sql = 'a.auth_view'; ! $a_sql_groups = 'a.auth_view_group'; ! $auth_fields = array( 'auth_view' ); ! $auth_fields_groups = array( 'auth_view_group' ); ! ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! $key_groups = $auth_fields_groups[$i]; ! ! $value = $f_access[$key]; ! // $value_groups = $f_access_group[$key_groups]; ! $value_groups = $f_access_group; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: // PRIVATE ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $value_groups ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group['auth_moderator_group'] ) || $is_admin : 0; ! ! return $auth_user; ! } ! // ************************************************************************** ! function menu_auth( $type, $menu_id, $userdata, $f_access = '', $f_access_group = '' ) ! { ! global $db, $lang; ! ! switch ( $type ) ! { ! case AUTH_ALL: ! $a_sql = 'a.auth_view'; ! $auth_fields = array( 'auth_view' ); ! break; ! ! case AUTH_VIEW: ! $a_sql = 'a.auth_view'; ! $auth_fields = array( 'auth_view' ); ! break; ! ! default: ! break; ! } ! // If f_access has been passed, or auth is needed to return an array of menus ! // then we need to pull the auth information on the given menu (or all menus) ! $is_admin = ( $userdata['user_level'] == ADMIN && $userdata['session_logged_in'] ) ? true : 0; ! ! $auth_user = array(); ! for( $i = 0; $i < count( $auth_fields ); $i++ ) ! { ! $key = $auth_fields[$i]; ! // If the user is logged on and the menu type is either ALL or REG then the user has access ! // If the type if ACL, MOD or ADMIN then we need to see if the user has specific permissions ! // to do whatever it is they want to do ... to do this we pull relevant information for the ! // user (and any groups they belong to) ! // Now we compare the users access level against the menus. We assume here that a moderator ! // and admin automatically have access to an ACL menu, similarly we assume admins meet an ! // auth requirement of MOD ! $value = $f_access[$key]; ! ! switch ( $value ) ! { ! case AUTH_ALL: ! $auth_user[$key] = true; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_REG: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Registered_Users']; ! break; ! ! case AUTH_ANONYMOUS: ! $auth_user[$key] = ( ! $userdata['session_logged_in'] ) ? true : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Anonymous_users']; ! break; ! ! case AUTH_ACL: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Users_granted_access']; ! break; ! ! case AUTH_MOD: ! $auth_user[$key] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! $auth_user[$key . '_type'] = $lang['Auth_Moderators']; ! break; ! ! case AUTH_ADMIN: ! $auth_user[$key] = $is_admin; ! $auth_user[$key . '_type'] = $lang['Auth_Administrators']; ! break; ! ! default: ! $auth_user[$key] = 0; ! break; ! } ! } ! // Is user a moderator? ! // $auth_user['auth_mod'] = ( $userdata['session_logged_in'] ) ? mx_auth_group( $f_access_group ) || $is_admin : 0; ! ! return $auth_user; ! } ! ! // New optimized get_auth_forum ! // Credits to Markus_Petrux :-) ! function get_auth_forum( $mode = 'phpbb' ) ! { ! global $userdata, $mx_root_path, $phpEx; ! ! switch ( $mode ) ! { ! case 'phpbb': ! ! // Try to reuse auth_view query result. ! $userdata_key = 'mx_get_auth_forum' . $userdata['user_id']; ! if ( !empty( $userdata[$userdata_key] ) ) ! { ! $auth_data_sql = $userdata[$userdata_key]; ! return $auth_data_sql; ! } ! // Now, this tries to optimize DB access involved in auth(), ! // passing AUTH_LIST_ALL will load info for all forums at once. ! $is_auth_ary = auth( AUTH_VIEW, AUTH_LIST_ALL, $userdata ); ! // Loop through the list of forums to retrieve the ids for ! // those with AUTH_VIEW allowed. ! $auth_data_sql = ''; ! foreach( $is_auth_ary as $fid => $is_auth_row ) ! { ! if ( $is_auth_row['auth_view'] ) ! { ! $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; ! } ! } ! ! if ( empty( $auth_data_sql ) ) ! { ! $auth_data_sql = -1; ! } ! $userdata[$userdata_key] = $auth_data_sql; ! return $auth_data_sql; ! break; ! ! case 'kb': ! ! // Try to reuse auth_view query result. ! $userdata_key = 'mx_get_auth_kb' . $userdata['user_id']; ! if ( !empty( $userdata[$userdata_key] ) ) ! { ! $auth_data_sql = $userdata[$userdata_key]; ! return $auth_data_sql; ! } ! // Now, this tries to optimize DB access involved in auth(), ! // passing AUTH_LIST_ALL will load info for all forums at once. ! ! include_once( $mx_root_path . 'modules/mx_kb/includes/functions_kb_auth.' . $phpEx ); ! $is_auth_ary = kb_auth( AUTH_VIEW, AUTH_LIST_ALL, $userdata ); ! // Loop through the list of forums to retrieve the ids for ! // those with AUTH_VIEW allowed. ! $auth_data_sql = ''; ! foreach( $is_auth_ary as $fid => $is_auth_row ) ! { ! if ( $is_auth_row['auth_view'] ) ! { ! $auth_data_sql .= ( $auth_data_sql != '' ) ? ', ' . $fid : $fid; ! } ! } ! ! if ( empty( $auth_data_sql ) ) ! { ! $auth_data_sql = -1; ! } ! $userdata[$userdata_key] = $auth_data_sql; ! return $auth_data_sql; ! break; ! default: ! //nothing ! break; ! } ! ! } ! ! // Validates if user belongs to group included in group_ids list ! // Also, adds all usergroups to userdata array ! function mx_auth_group( $group_ids = '', $group_mod_mode = false ) ! { ! global $userdata, $db; ! ! if ( $group_ids == '' ) ! { ! return false; ! } ! ! $group_ids_array = explode(",", $group_ids); ! ! // Try to reuse usergroups result. ! if ( $group_mod_mode ) ! { ! $userdata_key = 'mx_usergroups_mod' . $userdata['user_id']; ! ! if ( empty( $userdata[$userdata_key] ) ) ! { ! // Check if user is group moderator.. ! $sql = "SELECT gr.group_id ! FROM " . GROUPS_TABLE . " gr, ! " . USER_GROUP_TABLE . " ugr ! WHERE gr.group_id = ugr.group_id ! AND gr.group_moderator = '" . $userdata['user_id'] . "' ! AND ugr.user_pending = '0' "; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! message_die( GENERAL_ERROR, "Could not query group rights information", '', '', '', '' ); ! } ! ! $group_row = $db->sql_fetchrowset( $result ); ! ! $userdata[$userdata_key_mod] = $group_row; ! } ! } ! else ! { ! $userdata_key = 'mx_usergroups' . $userdata['user_id']; ! ! if ( empty( $userdata[$userdata_key] ) ) ! { ! // Check if user is member of the proper group.. ! $sql = "SELECT group_id FROM " . USER_GROUP_TABLE . " WHERE user_id='" . $userdata['user_id'] . "' AND user_pending = 0"; ! ! if ( !( $result = $db->sql_query( $sql ) ) ) ! { ! message_die( GENERAL_ERROR, "Could not query group rights information", '', '', '', '' ); ! } ! ! $group_row = $db->sql_fetchrowset( $result ); ! ! $userdata[$userdata_key] = $group_row; ! } ! } ! ! for ( $i = 0; $i < count( $userdata[$userdata_key] ); $i++ ) ! { ! if ( in_array( $userdata[$userdata_key][$i]['group_id'], $group_ids_array ) ) ! { ! $is_member = true; ! return $is_member; ! } ! } ! ! return false; ! } ?> \ No newline at end of file Index: mx_functions.php =================================================================== RCS file: /cvsroot/mxbb/core/includes/mx_functions.php,v retrieving revision 1.34 retrieving revision 1.35 diff -C2 -d -r1.34 -r1.35 *** mx_functions.php 12 Apr 2005 19:02:30 -0000 1.34 --- mx_functions.php 13 Apr 2005 21:23:25 -0000 1.35 *************** *** 1,1288 **** ! <?php ! /** ------------------------------------------------------------------------ ! * subject : mx-portal, CMS & portal ! * begin : june, 2002 ! * copyright : (C) 2002-2005 MX-System ! * email : jon...@ho... ! * project site : www.mx-system.com ! * ! * description : ! * ------------------------------------------------------------------------- [...2549 lines suppressed...] ! function is_post($var) ! { ! global $HTTP_POST_VARS; ! // Note: _x and _y are used by (at least IE) to return the mouse position at onclick of INPUT TYPE="img" elements. ! return ( isset($HTTP_POST_VARS[$var]) || ( isset($HTTP_POST_VARS[$var.'_x']) && isset($HTTP_POST_VARS[$var.'_y']) ) ); ! } ! function is_get($var) ! { ! global $HTTP_GET_VARS; ! return ( isset($HTTP_GET_VARS[$var]) ); ! } ! function is_request($var) ! { ! return ( $this->is_get($var) || $this->is_post($var) ); ! } ! ! } // class mx_request_vars ! ?> \ No newline at end of file |
