PageRenderTime 51ms CodeModel.GetById 16ms RepoModel.GetById 0ms app.codeStats 1ms

/phpBB/includes/acp/auth.php

https://github.com/Jipem/phpbb
PHP | 1281 lines | 924 code | 199 blank | 158 comment | 179 complexity | 78c08716a7690719f0cea58225768d87 MD5 | raw file
Possible License(s): AGPL-1.0
  1. <?php
  2. /**
  3. *
  4. * This file is part of the phpBB Forum Software package.
  5. *
  6. * @copyright (c) phpBB Limited <https://www.phpbb.com>
  7. * @license GNU General Public License, version 2 (GPL-2.0)
  8. *
  9. * For full copyright and license information, please see
  10. * the docs/CREDITS.txt file.
  11. *
  12. */
  13. /**
  14. * @ignore
  15. */
  16. if (!defined('IN_PHPBB'))
  17. {
  18. exit;
  19. }
  20. /**
  21. * ACP Permission/Auth class
  22. */
  23. class auth_admin extends \phpbb\auth\auth
  24. {
  25. /**
  26. * Init auth settings
  27. */
  28. function auth_admin()
  29. {
  30. global $db, $cache;
  31. if (($this->acl_options = $cache->get('_acl_options')) === false)
  32. {
  33. $sql = 'SELECT auth_option_id, auth_option, is_global, is_local
  34. FROM ' . ACL_OPTIONS_TABLE . '
  35. ORDER BY auth_option_id';
  36. $result = $db->sql_query($sql);
  37. $global = $local = 0;
  38. $this->acl_options = array();
  39. while ($row = $db->sql_fetchrow($result))
  40. {
  41. if ($row['is_global'])
  42. {
  43. $this->acl_options['global'][$row['auth_option']] = $global++;
  44. }
  45. if ($row['is_local'])
  46. {
  47. $this->acl_options['local'][$row['auth_option']] = $local++;
  48. }
  49. $this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
  50. $this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
  51. }
  52. $db->sql_freeresult($result);
  53. $cache->put('_acl_options', $this->acl_options);
  54. }
  55. }
  56. /**
  57. * Get permission mask
  58. * This function only supports getting permissions of one type (for example a_)
  59. *
  60. * @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
  61. * @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
  62. * @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
  63. * @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
  64. * @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
  65. * @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
  66. * @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
  67. */
  68. function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
  69. {
  70. global $db, $user;
  71. $hold_ary = array();
  72. $view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
  73. if ($auth_option === false || $scope === false)
  74. {
  75. return array();
  76. }
  77. $acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
  78. if (!$view_user_mask)
  79. {
  80. if ($forum_id !== false)
  81. {
  82. $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
  83. }
  84. else
  85. {
  86. $hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
  87. }
  88. }
  89. // Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
  90. $ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
  91. $forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
  92. // Only those options we need
  93. $compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
  94. // If forum_ids is false and the scope is local we actually want to have all forums within the array
  95. if ($scope == 'local' && !sizeof($forum_ids))
  96. {
  97. $sql = 'SELECT forum_id
  98. FROM ' . FORUMS_TABLE;
  99. $result = $db->sql_query($sql, 120);
  100. while ($row = $db->sql_fetchrow($result))
  101. {
  102. $forum_ids[] = (int) $row['forum_id'];
  103. }
  104. $db->sql_freeresult($result);
  105. }
  106. if ($view_user_mask)
  107. {
  108. $auth2 = null;
  109. $sql = 'SELECT user_id, user_permissions, user_type
  110. FROM ' . USERS_TABLE . '
  111. WHERE ' . $db->sql_in_set('user_id', $ug_id);
  112. $result = $db->sql_query($sql);
  113. while ($userdata = $db->sql_fetchrow($result))
  114. {
  115. if ($user->data['user_id'] != $userdata['user_id'])
  116. {
  117. $auth2 = new \phpbb\auth\auth();
  118. $auth2->acl($userdata);
  119. }
  120. else
  121. {
  122. global $auth;
  123. $auth2 = &$auth;
  124. }
  125. $hold_ary[$userdata['user_id']] = array();
  126. foreach ($forum_ids as $f_id)
  127. {
  128. $hold_ary[$userdata['user_id']][$f_id] = array();
  129. foreach ($compare_options as $option)
  130. {
  131. $hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
  132. }
  133. }
  134. }
  135. $db->sql_freeresult($result);
  136. unset($userdata);
  137. unset($auth2);
  138. }
  139. foreach ($ug_id as $_id)
  140. {
  141. if (!isset($hold_ary[$_id]))
  142. {
  143. $hold_ary[$_id] = array();
  144. }
  145. foreach ($forum_ids as $f_id)
  146. {
  147. if (!isset($hold_ary[$_id][$f_id]))
  148. {
  149. $hold_ary[$_id][$f_id] = array();
  150. }
  151. }
  152. }
  153. // Now, we need to fill the gaps with $acl_fill. ;)
  154. // Now switch back to keys
  155. if (sizeof($compare_options))
  156. {
  157. $compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill));
  158. }
  159. // Defining the user-function here to save some memory
  160. $return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';');
  161. // Actually fill the gaps
  162. if (sizeof($hold_ary))
  163. {
  164. foreach ($hold_ary as $ug_id => $row)
  165. {
  166. foreach ($row as $id => $options)
  167. {
  168. // Do not include the global auth_option
  169. unset($options[$auth_option]);
  170. // Not a "fine" solution, but at all it's a 1-dimensional
  171. // array_diff_key function filling the resulting array values with zeros
  172. // The differences get merged into $hold_ary (all permissions having $acl_fill set)
  173. $hold_ary[$ug_id][$id] = array_merge($options,
  174. array_map($return_acl_fill,
  175. array_flip(
  176. array_diff(
  177. array_keys($compare_options), array_keys($options)
  178. )
  179. )
  180. )
  181. );
  182. }
  183. }
  184. }
  185. else
  186. {
  187. $hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
  188. }
  189. return $hold_ary;
  190. }
  191. /**
  192. * Get permission mask for roles
  193. * This function only supports getting masks for one role
  194. */
  195. function get_role_mask($role_id)
  196. {
  197. global $db;
  198. $hold_ary = array();
  199. // Get users having this role set...
  200. $sql = 'SELECT user_id, forum_id
  201. FROM ' . ACL_USERS_TABLE . '
  202. WHERE auth_role_id = ' . $role_id . '
  203. ORDER BY forum_id';
  204. $result = $db->sql_query($sql);
  205. while ($row = $db->sql_fetchrow($result))
  206. {
  207. $hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
  208. }
  209. $db->sql_freeresult($result);
  210. // Now grab groups...
  211. $sql = 'SELECT group_id, forum_id
  212. FROM ' . ACL_GROUPS_TABLE . '
  213. WHERE auth_role_id = ' . $role_id . '
  214. ORDER BY forum_id';
  215. $result = $db->sql_query($sql);
  216. while ($row = $db->sql_fetchrow($result))
  217. {
  218. $hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
  219. }
  220. $db->sql_freeresult($result);
  221. return $hold_ary;
  222. }
  223. /**
  224. * Display permission mask (assign to template)
  225. */
  226. function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
  227. {
  228. global $template, $user, $db, $phpbb_root_path, $phpEx, $phpbb_container;
  229. $phpbb_permissions = $phpbb_container->get('acl.permissions');
  230. // Define names for template loops, might be able to be set
  231. $tpl_pmask = 'p_mask';
  232. $tpl_fmask = 'f_mask';
  233. $tpl_category = 'category';
  234. $tpl_mask = 'mask';
  235. $l_acl_type = $phpbb_permissions->get_type_lang($permission_type, (($local) ? 'local' : 'global'));
  236. // Allow trace for viewing permissions and in user mode
  237. $show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
  238. // Get names
  239. if ($user_mode == 'user')
  240. {
  241. $sql = 'SELECT user_id as ug_id, username as ug_name
  242. FROM ' . USERS_TABLE . '
  243. WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
  244. ORDER BY username_clean ASC';
  245. }
  246. else
  247. {
  248. $sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
  249. FROM ' . GROUPS_TABLE . '
  250. WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
  251. ORDER BY group_type DESC, group_name ASC';
  252. }
  253. $result = $db->sql_query($sql);
  254. $ug_names_ary = array();
  255. while ($row = $db->sql_fetchrow($result))
  256. {
  257. $ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']);
  258. }
  259. $db->sql_freeresult($result);
  260. // Get used forums
  261. $forum_ids = array();
  262. foreach ($hold_ary as $ug_id => $row)
  263. {
  264. $forum_ids = array_merge($forum_ids, array_keys($row));
  265. }
  266. $forum_ids = array_unique($forum_ids);
  267. $forum_names_ary = array();
  268. if ($local)
  269. {
  270. $forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
  271. // Remove the disabled ones, since we do not create an option field here...
  272. foreach ($forum_names_ary as $key => $value)
  273. {
  274. if (!$value['disabled'])
  275. {
  276. continue;
  277. }
  278. unset($forum_names_ary[$key]);
  279. }
  280. }
  281. else
  282. {
  283. $forum_names_ary[0] = $l_acl_type;
  284. }
  285. // Get available roles
  286. $sql = 'SELECT *
  287. FROM ' . ACL_ROLES_TABLE . "
  288. WHERE role_type = '" . $db->sql_escape($permission_type) . "'
  289. ORDER BY role_order ASC";
  290. $result = $db->sql_query($sql);
  291. $roles = array();
  292. while ($row = $db->sql_fetchrow($result))
  293. {
  294. $roles[$row['role_id']] = $row;
  295. }
  296. $db->sql_freeresult($result);
  297. $cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
  298. // Build js roles array (role data assignments)
  299. $s_role_js_array = '';
  300. if (sizeof($roles))
  301. {
  302. $s_role_js_array = array();
  303. // Make sure every role (even if empty) has its array defined
  304. foreach ($roles as $_role_id => $null)
  305. {
  306. $s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
  307. }
  308. $sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
  309. FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
  310. WHERE o.auth_option_id = r.auth_option_id
  311. AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
  312. $result = $db->sql_query($sql);
  313. while ($row = $db->sql_fetchrow($result))
  314. {
  315. $flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
  316. if ($flag == $row['auth_option'])
  317. {
  318. continue;
  319. }
  320. $s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
  321. }
  322. $db->sql_freeresult($result);
  323. $s_role_js_array = implode('', $s_role_js_array);
  324. }
  325. $template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
  326. unset($s_role_js_array);
  327. // Now obtain memberships
  328. $user_groups_default = $user_groups_custom = array();
  329. if ($user_mode == 'user' && $group_display)
  330. {
  331. $sql = 'SELECT group_id, group_name, group_type
  332. FROM ' . GROUPS_TABLE . '
  333. ORDER BY group_type DESC, group_name ASC';
  334. $result = $db->sql_query($sql);
  335. $groups = array();
  336. while ($row = $db->sql_fetchrow($result))
  337. {
  338. $groups[$row['group_id']] = $row;
  339. }
  340. $db->sql_freeresult($result);
  341. $memberships = group_memberships(false, array_keys($hold_ary), false);
  342. // User is not a member of any group? Bad admin, bad bad admin...
  343. if ($memberships)
  344. {
  345. foreach ($memberships as $row)
  346. {
  347. if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL)
  348. {
  349. $user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']];
  350. }
  351. else
  352. {
  353. $user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name'];
  354. }
  355. }
  356. }
  357. unset($memberships, $groups);
  358. }
  359. // If we only have one forum id to display or being in local mode and more than one user/group to display,
  360. // we switch the complete interface to group by user/usergroup instead of grouping by forum
  361. // To achieve this, we need to switch the array a bit
  362. if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
  363. {
  364. $hold_ary_temp = $hold_ary;
  365. $hold_ary = array();
  366. foreach ($hold_ary_temp as $ug_id => $row)
  367. {
  368. foreach ($forum_names_ary as $forum_id => $forum_row)
  369. {
  370. if (isset($row[$forum_id]))
  371. {
  372. $hold_ary[$forum_id][$ug_id] = $row[$forum_id];
  373. }
  374. }
  375. }
  376. unset($hold_ary_temp);
  377. foreach ($hold_ary as $forum_id => $forum_array)
  378. {
  379. $content_array = $categories = array();
  380. $this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
  381. $template->assign_block_vars($tpl_pmask, array(
  382. 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
  383. 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
  384. 'CATEGORIES' => implode('</th><th>', $categories),
  385. 'L_ACL_TYPE' => $l_acl_type,
  386. 'S_LOCAL' => ($local) ? true : false,
  387. 'S_GLOBAL' => (!$local) ? true : false,
  388. 'S_NUM_CATS' => sizeof($categories),
  389. 'S_VIEW' => ($mode == 'view') ? true : false,
  390. 'S_NUM_OBJECTS' => sizeof($content_array),
  391. 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
  392. 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
  393. );
  394. @reset($content_array);
  395. while (list($ug_id, $ug_array) = each($content_array))
  396. {
  397. // Build role dropdown options
  398. $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
  399. $s_role_options = '';
  400. @reset($roles);
  401. while (list($role_id, $role_row) = each($roles))
  402. {
  403. $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
  404. $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
  405. $title = ($role_description) ? ' title="' . $role_description . '"' : '';
  406. $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
  407. }
  408. if ($s_role_options)
  409. {
  410. $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
  411. }
  412. if (!$current_role_id && $mode != 'view')
  413. {
  414. $s_custom_permissions = false;
  415. foreach ($ug_array as $key => $value)
  416. {
  417. if ($value['S_NEVER'] || $value['S_YES'])
  418. {
  419. $s_custom_permissions = true;
  420. break;
  421. }
  422. }
  423. }
  424. else
  425. {
  426. $s_custom_permissions = false;
  427. }
  428. $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
  429. 'NAME' => $ug_names_ary[$ug_id],
  430. 'S_ROLE_OPTIONS' => $s_role_options,
  431. 'UG_ID' => $ug_id,
  432. 'S_CUSTOM' => $s_custom_permissions,
  433. 'FORUM_ID' => $forum_id)
  434. );
  435. $this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace);
  436. unset($content_array[$ug_id]);
  437. }
  438. unset($hold_ary[$forum_id]);
  439. }
  440. }
  441. else
  442. {
  443. foreach ($ug_names_ary as $ug_id => $ug_name)
  444. {
  445. if (!isset($hold_ary[$ug_id]))
  446. {
  447. continue;
  448. }
  449. $content_array = $categories = array();
  450. $this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
  451. $template->assign_block_vars($tpl_pmask, array(
  452. 'NAME' => $ug_name,
  453. 'CATEGORIES' => implode('</th><th>', $categories),
  454. 'USER_GROUPS_DEFAULT' => ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_default[$ug_id]) : '',
  455. 'USER_GROUPS_CUSTOM' => ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode($user->lang['COMMA_SEPARATOR'], $user_groups_custom[$ug_id]) : '',
  456. 'L_ACL_TYPE' => $l_acl_type,
  457. 'S_LOCAL' => ($local) ? true : false,
  458. 'S_GLOBAL' => (!$local) ? true : false,
  459. 'S_NUM_CATS' => sizeof($categories),
  460. 'S_VIEW' => ($mode == 'view') ? true : false,
  461. 'S_NUM_OBJECTS' => sizeof($content_array),
  462. 'S_USER_MODE' => ($user_mode == 'user') ? true : false,
  463. 'S_GROUP_MODE' => ($user_mode == 'group') ? true : false)
  464. );
  465. @reset($content_array);
  466. while (list($forum_id, $forum_array) = each($content_array))
  467. {
  468. // Build role dropdown options
  469. $current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
  470. $s_role_options = '';
  471. @reset($roles);
  472. while (list($role_id, $role_row) = each($roles))
  473. {
  474. $role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
  475. $role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
  476. $title = ($role_description) ? ' title="' . $role_description . '"' : '';
  477. $s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
  478. }
  479. if ($s_role_options)
  480. {
  481. $s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
  482. }
  483. if (!$current_role_id && $mode != 'view')
  484. {
  485. $s_custom_permissions = false;
  486. foreach ($forum_array as $key => $value)
  487. {
  488. if ($value['S_NEVER'] || $value['S_YES'])
  489. {
  490. $s_custom_permissions = true;
  491. break;
  492. }
  493. }
  494. }
  495. else
  496. {
  497. $s_custom_permissions = false;
  498. }
  499. $template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
  500. 'NAME' => ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
  501. 'PADDING' => ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
  502. 'S_ROLE_OPTIONS' => $s_role_options,
  503. 'S_CUSTOM' => $s_custom_permissions,
  504. 'UG_ID' => $ug_id,
  505. 'FORUM_ID' => $forum_id)
  506. );
  507. $this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, ($mode == 'view'), $show_trace);
  508. }
  509. unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
  510. }
  511. }
  512. }
  513. /**
  514. * Display permission mask for roles
  515. */
  516. function display_role_mask(&$hold_ary)
  517. {
  518. global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx;
  519. if (!sizeof($hold_ary))
  520. {
  521. return;
  522. }
  523. // Get forum names
  524. $sql = 'SELECT forum_id, forum_name
  525. FROM ' . FORUMS_TABLE . '
  526. WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . '
  527. ORDER BY left_id';
  528. $result = $db->sql_query($sql);
  529. // If the role is used globally, then reflect that
  530. $forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
  531. while ($row = $db->sql_fetchrow($result))
  532. {
  533. $forum_names[$row['forum_id']] = $row['forum_name'];
  534. }
  535. $db->sql_freeresult($result);
  536. foreach ($forum_names as $forum_id => $forum_name)
  537. {
  538. $auth_ary = $hold_ary[$forum_id];
  539. $template->assign_block_vars('role_mask', array(
  540. 'NAME' => ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name,
  541. 'FORUM_ID' => $forum_id)
  542. );
  543. if (isset($auth_ary['users']) && sizeof($auth_ary['users']))
  544. {
  545. $sql = 'SELECT user_id, username
  546. FROM ' . USERS_TABLE . '
  547. WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
  548. ORDER BY username_clean ASC';
  549. $result = $db->sql_query($sql);
  550. while ($row = $db->sql_fetchrow($result))
  551. {
  552. $template->assign_block_vars('role_mask.users', array(
  553. 'USER_ID' => $row['user_id'],
  554. 'USERNAME' => get_username_string('username', $row['user_id'], $row['username']),
  555. 'U_PROFILE' => get_username_string('profile', $row['user_id'], $row['username']),
  556. ));
  557. }
  558. $db->sql_freeresult($result);
  559. }
  560. if (isset($auth_ary['groups']) && sizeof($auth_ary['groups']))
  561. {
  562. $sql = 'SELECT group_id, group_name, group_type
  563. FROM ' . GROUPS_TABLE . '
  564. WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
  565. ORDER BY group_type ASC, group_name';
  566. $result = $db->sql_query($sql);
  567. while ($row = $db->sql_fetchrow($result))
  568. {
  569. $template->assign_block_vars('role_mask.groups', array(
  570. 'GROUP_ID' => $row['group_id'],
  571. 'GROUP_NAME' => ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
  572. 'U_PROFILE' => append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&amp;g={$row['group_id']}"))
  573. );
  574. }
  575. $db->sql_freeresult($result);
  576. }
  577. }
  578. }
  579. /**
  580. * NOTE: this function is not in use atm
  581. * Add a new option to the list ... $options is a hash of form ->
  582. * $options = array(
  583. * 'local' => array('option1', 'option2', ...),
  584. * 'global' => array('optionA', 'optionB', ...)
  585. * );
  586. */
  587. function acl_add_option($options)
  588. {
  589. global $db, $cache;
  590. if (!is_array($options))
  591. {
  592. return false;
  593. }
  594. $cur_options = array();
  595. // Determine current options
  596. $sql = 'SELECT auth_option, is_global, is_local
  597. FROM ' . ACL_OPTIONS_TABLE . '
  598. ORDER BY auth_option_id';
  599. $result = $db->sql_query($sql);
  600. while ($row = $db->sql_fetchrow($result))
  601. {
  602. $cur_options[$row['auth_option']] = ($row['is_global'] && $row['is_local']) ? 'both' : (($row['is_global']) ? 'global' : 'local');
  603. }
  604. $db->sql_freeresult($result);
  605. // Here we need to insert new options ... this requires discovering whether
  606. // an options is global, local or both and whether we need to add an permission
  607. // set flag (x_)
  608. $new_options = array('local' => array(), 'global' => array());
  609. foreach ($options as $type => $option_ary)
  610. {
  611. $option_ary = array_unique($option_ary);
  612. foreach ($option_ary as $option_value)
  613. {
  614. $new_options[$type][] = $option_value;
  615. $flag = substr($option_value, 0, strpos($option_value, '_') + 1);
  616. if (!in_array($flag, $new_options[$type]))
  617. {
  618. $new_options[$type][] = $flag;
  619. }
  620. }
  621. }
  622. unset($options);
  623. $options = array();
  624. $options['local'] = array_diff($new_options['local'], $new_options['global']);
  625. $options['global'] = array_diff($new_options['global'], $new_options['local']);
  626. $options['both'] = array_intersect($new_options['local'], $new_options['global']);
  627. // Now check which options to add/update
  628. $add_options = $update_options = array();
  629. // First local ones...
  630. foreach ($options as $type => $option_ary)
  631. {
  632. foreach ($option_ary as $option)
  633. {
  634. if (!isset($cur_options[$option]))
  635. {
  636. $add_options[] = array(
  637. 'auth_option' => (string) $option,
  638. 'is_global' => ($type == 'global' || $type == 'both') ? 1 : 0,
  639. 'is_local' => ($type == 'local' || $type == 'both') ? 1 : 0
  640. );
  641. continue;
  642. }
  643. // Else, update existing entry if it is changed...
  644. if ($type === $cur_options[$option])
  645. {
  646. continue;
  647. }
  648. // New type is always both:
  649. // If is now both, we set both.
  650. // If it was global the new one is local and we need to set it to both
  651. // If it was local the new one is global and we need to set it to both
  652. $update_options[] = $option;
  653. }
  654. }
  655. if (!empty($add_options))
  656. {
  657. $db->sql_multi_insert(ACL_OPTIONS_TABLE, $add_options);
  658. }
  659. if (!empty($update_options))
  660. {
  661. $sql = 'UPDATE ' . ACL_OPTIONS_TABLE . '
  662. SET is_global = 1, is_local = 1
  663. WHERE ' . $db->sql_in_set('auth_option', $update_options);
  664. $db->sql_query($sql);
  665. }
  666. $cache->destroy('_acl_options');
  667. $this->acl_clear_prefetch();
  668. // Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
  669. $this->acl_options = array();
  670. $this->auth_admin();
  671. return true;
  672. }
  673. /**
  674. * Set a user or group ACL record
  675. */
  676. function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
  677. {
  678. global $db;
  679. // One or more forums
  680. if (!is_array($forum_id))
  681. {
  682. $forum_id = array($forum_id);
  683. }
  684. // One or more users
  685. if (!is_array($ug_id))
  686. {
  687. $ug_id = array($ug_id);
  688. }
  689. $ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
  690. $forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
  691. // Instead of updating, inserting, removing we just remove all current settings and re-set everything...
  692. $table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
  693. $id_field = $ug_type . '_id';
  694. // Get any flags as required
  695. reset($auth);
  696. $flag = key($auth);
  697. $flag = substr($flag, 0, strpos($flag, '_') + 1);
  698. // This ID (the any-flag) is set if one or more permissions are true...
  699. $any_option_id = (int) $this->acl_options['id'][$flag];
  700. // Remove any-flag from auth ary
  701. if (isset($auth[$flag]))
  702. {
  703. unset($auth[$flag]);
  704. }
  705. // Remove current auth options...
  706. $auth_option_ids = array((int) $any_option_id);
  707. foreach ($auth as $auth_option => $auth_setting)
  708. {
  709. $auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
  710. }
  711. $sql = "DELETE FROM $table
  712. WHERE $forum_sql
  713. AND $ug_id_sql
  714. AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
  715. $db->sql_query($sql);
  716. // Remove those having a role assigned... the correct type of course...
  717. $sql = 'SELECT role_id
  718. FROM ' . ACL_ROLES_TABLE . "
  719. WHERE role_type = '" . $db->sql_escape($flag) . "'";
  720. $result = $db->sql_query($sql);
  721. $role_ids = array();
  722. while ($row = $db->sql_fetchrow($result))
  723. {
  724. $role_ids[] = $row['role_id'];
  725. }
  726. $db->sql_freeresult($result);
  727. if (sizeof($role_ids))
  728. {
  729. $sql = "DELETE FROM $table
  730. WHERE $forum_sql
  731. AND $ug_id_sql
  732. AND auth_option_id = 0
  733. AND " . $db->sql_in_set('auth_role_id', $role_ids);
  734. $db->sql_query($sql);
  735. }
  736. // Ok, include the any-flag if one or more auth options are set to yes...
  737. foreach ($auth as $auth_option => $setting)
  738. {
  739. if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
  740. {
  741. $auth[$flag] = ACL_YES;
  742. }
  743. }
  744. $sql_ary = array();
  745. foreach ($forum_id as $forum)
  746. {
  747. $forum = (int) $forum;
  748. if ($role_id)
  749. {
  750. foreach ($ug_id as $id)
  751. {
  752. $sql_ary[] = array(
  753. $id_field => (int) $id,
  754. 'forum_id' => (int) $forum,
  755. 'auth_option_id' => 0,
  756. 'auth_setting' => 0,
  757. 'auth_role_id' => (int) $role_id,
  758. );
  759. }
  760. }
  761. else
  762. {
  763. foreach ($auth as $auth_option => $setting)
  764. {
  765. $auth_option_id = (int) $this->acl_options['id'][$auth_option];
  766. if ($setting != ACL_NO)
  767. {
  768. foreach ($ug_id as $id)
  769. {
  770. $sql_ary[] = array(
  771. $id_field => (int) $id,
  772. 'forum_id' => (int) $forum,
  773. 'auth_option_id' => (int) $auth_option_id,
  774. 'auth_setting' => (int) $setting
  775. );
  776. }
  777. }
  778. }
  779. }
  780. }
  781. $db->sql_multi_insert($table, $sql_ary);
  782. if ($clear_prefetch)
  783. {
  784. $this->acl_clear_prefetch();
  785. }
  786. }
  787. /**
  788. * Set a role-specific ACL record
  789. */
  790. function acl_set_role($role_id, $auth)
  791. {
  792. global $db;
  793. // Get any-flag as required
  794. reset($auth);
  795. $flag = key($auth);
  796. $flag = substr($flag, 0, strpos($flag, '_') + 1);
  797. // Remove any-flag from auth ary
  798. if (isset($auth[$flag]))
  799. {
  800. unset($auth[$flag]);
  801. }
  802. // Re-set any flag...
  803. foreach ($auth as $auth_option => $setting)
  804. {
  805. if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
  806. {
  807. $auth[$flag] = ACL_YES;
  808. }
  809. }
  810. $sql_ary = array();
  811. foreach ($auth as $auth_option => $setting)
  812. {
  813. $auth_option_id = (int) $this->acl_options['id'][$auth_option];
  814. if ($setting != ACL_NO)
  815. {
  816. $sql_ary[] = array(
  817. 'role_id' => (int) $role_id,
  818. 'auth_option_id' => (int) $auth_option_id,
  819. 'auth_setting' => (int) $setting
  820. );
  821. }
  822. }
  823. // If no data is there, we set the any-flag to ACL_NEVER...
  824. if (!sizeof($sql_ary))
  825. {
  826. $sql_ary[] = array(
  827. 'role_id' => (int) $role_id,
  828. 'auth_option_id' => (int) $this->acl_options['id'][$flag],
  829. 'auth_setting' => ACL_NEVER
  830. );
  831. }
  832. // Remove current auth options...
  833. $sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
  834. WHERE role_id = ' . $role_id;
  835. $db->sql_query($sql);
  836. // Now insert the new values
  837. $db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
  838. $this->acl_clear_prefetch();
  839. }
  840. /**
  841. * Remove local permission
  842. */
  843. function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
  844. {
  845. global $db;
  846. if ($ug_id === false && $forum_id === false)
  847. {
  848. return;
  849. }
  850. $option_id_ary = array();
  851. $table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
  852. $id_field = $mode . '_id';
  853. $where_sql = array();
  854. if ($forum_id !== false)
  855. {
  856. $where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
  857. }
  858. if ($ug_id !== false)
  859. {
  860. $where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
  861. }
  862. // There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
  863. if ($permission_type !== false)
  864. {
  865. // Get permission type
  866. $sql = 'SELECT auth_option, auth_option_id
  867. FROM ' . ACL_OPTIONS_TABLE . "
  868. WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
  869. $result = $db->sql_query($sql);
  870. $auth_id_ary = array();
  871. while ($row = $db->sql_fetchrow($result))
  872. {
  873. $option_id_ary[] = $row['auth_option_id'];
  874. $auth_id_ary[$row['auth_option']] = ACL_NO;
  875. }
  876. $db->sql_freeresult($result);
  877. // First of all, lets grab the items having roles with the specified auth options assigned
  878. $sql = "SELECT auth_role_id, $id_field, forum_id
  879. FROM $table, " . ACL_ROLES_TABLE . " r
  880. WHERE auth_role_id <> 0
  881. AND auth_role_id = r.role_id
  882. AND r.role_type = '{$permission_type}'
  883. AND " . implode(' AND ', $where_sql) . '
  884. ORDER BY auth_role_id';
  885. $result = $db->sql_query($sql);
  886. $cur_role_auth = array();
  887. while ($row = $db->sql_fetchrow($result))
  888. {
  889. $cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
  890. }
  891. $db->sql_freeresult($result);
  892. // Get role data for resetting data
  893. if (sizeof($cur_role_auth))
  894. {
  895. $sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
  896. FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
  897. WHERE ao.auth_option_id = rd.auth_option_id
  898. AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
  899. $result = $db->sql_query($sql);
  900. $auth_settings = array();
  901. while ($row = $db->sql_fetchrow($result))
  902. {
  903. // We need to fill all auth_options, else setting it will fail...
  904. if (!isset($auth_settings[$row['role_id']]))
  905. {
  906. $auth_settings[$row['role_id']] = $auth_id_ary;
  907. }
  908. $auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
  909. }
  910. $db->sql_freeresult($result);
  911. // Set the options
  912. foreach ($cur_role_auth as $role_id => $auth_row)
  913. {
  914. foreach ($auth_row as $f_id => $ug_row)
  915. {
  916. $this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
  917. }
  918. }
  919. }
  920. }
  921. // Now, normally remove permissions...
  922. if ($permission_type !== false)
  923. {
  924. $where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
  925. }
  926. $sql = "DELETE FROM $table
  927. WHERE " . implode(' AND ', $where_sql);
  928. $db->sql_query($sql);
  929. $this->acl_clear_prefetch();
  930. }
  931. /**
  932. * Assign category to template
  933. * used by display_mask()
  934. */
  935. function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $s_view, $show_trace = false)
  936. {
  937. global $template, $user, $phpbb_admin_path, $phpEx, $phpbb_container;
  938. $phpbb_permissions = $phpbb_container->get('acl.permissions');
  939. @reset($category_array);
  940. while (list($cat, $cat_array) = each($category_array))
  941. {
  942. $template->assign_block_vars($tpl_cat, array(
  943. 'S_YES' => ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
  944. 'S_NEVER' => ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
  945. 'S_NO' => ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
  946. 'CAT_NAME' => $phpbb_permissions->get_category_lang($cat),
  947. ));
  948. /* Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
  949. * Commented out due to it's memory consumption and time needed
  950. *
  951. $key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
  952. $values_array = $cat_array['permissions'];
  953. $cat_array['permissions'] = array();
  954. foreach ($key_array as $key)
  955. {
  956. $key = str_replace('acl_', '', $key);
  957. $cat_array['permissions'][$key] = $values_array[$key];
  958. }
  959. unset($key_array, $values_array);
  960. */
  961. @reset($cat_array['permissions']);
  962. while (list($permission, $allowed) = each($cat_array['permissions']))
  963. {
  964. if ($s_view)
  965. {
  966. $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
  967. 'S_YES' => ($allowed == ACL_YES) ? true : false,
  968. 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
  969. 'UG_ID' => $ug_id,
  970. 'FORUM_ID' => $forum_id,
  971. 'FIELD_NAME' => $permission,
  972. 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
  973. 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
  974. 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
  975. 'PERMISSION' => $phpbb_permissions->get_permission_lang($permission),
  976. ));
  977. }
  978. else
  979. {
  980. $template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
  981. 'S_YES' => ($allowed == ACL_YES) ? true : false,
  982. 'S_NEVER' => ($allowed == ACL_NEVER) ? true : false,
  983. 'S_NO' => ($allowed == ACL_NO) ? true : false,
  984. 'UG_ID' => $ug_id,
  985. 'FORUM_ID' => $forum_id,
  986. 'FIELD_NAME' => $permission,
  987. 'S_FIELD_NAME' => 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
  988. 'U_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&amp;mode=trace&amp;u=$ug_id&amp;f=$forum_id&amp;auth=$permission") : '',
  989. 'UA_TRACE' => ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
  990. 'PERMISSION' => $phpbb_permissions->get_permission_lang($permission),
  991. ));
  992. }
  993. }
  994. }
  995. }
  996. /**
  997. * Building content array from permission rows with explicit key ordering
  998. * used by display_mask()
  999. */
  1000. function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array)
  1001. {
  1002. global $user, $phpbb_container;
  1003. $phpbb_permissions = $phpbb_container->get('acl.permissions');
  1004. foreach ($key_sort_array as $forum_id)
  1005. {
  1006. if (!isset($permission_row[$forum_id]))
  1007. {
  1008. continue;
  1009. }
  1010. $permissions = $permission_row[$forum_id];
  1011. ksort($permissions);
  1012. @reset($permissions);
  1013. while (list($permission, $auth_setting) = each($permissions))
  1014. {
  1015. $cat = $phpbb_permissions->get_permission_category($permission);
  1016. // Build our categories array
  1017. if (!isset($categories[$cat]))
  1018. {
  1019. $categories[$cat] = $phpbb_permissions->get_category_lang($cat);
  1020. }
  1021. // Build our content array
  1022. if (!isset($content_array[$forum_id]))
  1023. {
  1024. $content_array[$forum_id] = array();
  1025. }
  1026. if (!isset($content_array[$forum_id][$cat]))
  1027. {
  1028. $content_array[$forum_id][$cat] = array(
  1029. 'S_YES' => false,
  1030. 'S_NEVER' => false,
  1031. 'S_NO' => false,
  1032. 'permissions' => array(),
  1033. );
  1034. }
  1035. $content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
  1036. $content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
  1037. $content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
  1038. $content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
  1039. }
  1040. }
  1041. }
  1042. /**
  1043. * Use permissions from another user. This transferes a permission set from one user to another.
  1044. * The other user is always able to revert back to his permission set.
  1045. * This function does not check for lower/higher permissions, it is possible for the user to gain
  1046. * "more" permissions by this.
  1047. * Admin permissions will not be copied.
  1048. */
  1049. function ghost_permissions($from_user_id, $to_user_id)
  1050. {
  1051. global $db;
  1052. if ($to_user_id == ANONYMOUS)
  1053. {
  1054. return false;
  1055. }
  1056. $hold_ary = $this->acl_raw_data_single_user($from_user_id);
  1057. // Key 0 in $hold_ary are global options, all others are forum_ids
  1058. // We disallow copying admin permissions
  1059. foreach ($this->acl_options['global'] as $opt => $id)
  1060. {
  1061. if (strpos($opt, 'a_') === 0)
  1062. {
  1063. $hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
  1064. }
  1065. }
  1066. // Force a_switchperm to be allowed
  1067. $hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
  1068. $user_permissions = $this->build_bitstring($hold_ary);
  1069. if (!$user_permissions)
  1070. {
  1071. return false;
  1072. }
  1073. $sql = 'UPDATE ' . USERS_TABLE . "
  1074. SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
  1075. user_perm_from = $from_user_id
  1076. WHERE user_id = " . $to_user_id;
  1077. $db->sql_query($sql);
  1078. return true;
  1079. }
  1080. }