Просмотр файла admin/admin_ug_auth.php

Конкурс дизайнеров на 15000 рублей
Сервис интернет рекламы
Размер файла: 29.65Kb 
  1. <?php
  2. /***************************************************************************
  3.  *                                mides.ru
  4.  *                            -------------------
  5.  ***************************************************************************/
  6. define('IN_PHPBB', 1);
  7.  
  8. if( !empty($setmodules) )
  9. {
  10. 	$filename = basename(__FILE__);
  11. 	$module['Users']['Permissions'] = $filename . "?mode=user";
  12. 	$module['Groups']['Permissions'] = $filename . "?mode=group";
  13. 	return;
  14. }
  15.  
  16. $no_page_header = TRUE;
  17.  
  18. $phpbb_root_path = "./../";
  19. require($phpbb_root_path . 'extension.inc');
  20. require('./pagestart.' . $phpEx);
  21.  
  22. $params = array('mode' => 'mode', 'user_id' => POST_USERS_URL, 'group_id' => POST_GROUPS_URL, 'adv' => 'adv');
  23.  
  24. while( list($var, $param) = @each($params) )
  25. {
  26. 	if ( !empty($HTTP_POST_VARS[$param]) || !empty($HTTP_GET_VARS[$param]) )
  27. 	{
  28. 		$$var = ( !empty($HTTP_POST_VARS[$param]) ) ? $HTTP_POST_VARS[$param] : $HTTP_GET_VARS[$param];
  29. 	}
  30. 	else
  31. 	{
  32. 		$$var = "";
  33. 	}
  34. }
  35.  
  36. $user_id = intval($user_id);
  37. $group_id = intval($group_id);
  38. $adv = intval($adv);
  39. $mode = htmlspecialchars($mode);
  40.  
  41. $forum_auth_fields = array('auth_view', 'auth_read', 'auth_post', 'auth_reply', 'auth_edit', 'auth_delete', 'auth_sticky', 'auth_announce', 'auth_vote', 'auth_pollcreate');
  42.  
  43. $auth_field_match = array(
  44. 	'auth_view' => AUTH_VIEW,
  45. 	'auth_read' => AUTH_READ,
  46. 	'auth_post' => AUTH_POST,
  47. 	'auth_reply' => AUTH_REPLY,
  48. 	'auth_edit' => AUTH_EDIT,
  49. 	'auth_delete' => AUTH_DELETE,
  50. 	'auth_sticky' => AUTH_STICKY,
  51. 	'auth_announce' => AUTH_ANNOUNCE, 
  52. 	'auth_vote' => AUTH_VOTE, 
  53. 	'auth_pollcreate' => AUTH_POLLCREATE);
  54.  
  55. $field_names = array(
  56. 	'auth_view' => $lang['View'],
  57. 	'auth_read' => $lang['Read'],
  58. 	'auth_post' => $lang['Post'],
  59. 	'auth_reply' => $lang['Reply'],
  60. 	'auth_edit' => $lang['Edit'],
  61. 	'auth_delete' => $lang['Delete'],
  62. 	'auth_sticky' => $lang['Sticky'],
  63. 	'auth_announce' => $lang['Announce'], 
  64. 	'auth_vote' => $lang['Vote'], 
  65. 	'auth_pollcreate' => $lang['Pollcreate']);
  66.  
  67. attach_setup_usergroup_auth($forum_auth_fields, $auth_field_match, $field_names);
  68.  
  69. function check_auth($type, $key, $u_access, $is_admin)
  70. {
  71. 	$auth_user = 0;
  72.  
  73. 	if( count($u_access) )
  74. 	{
  75. 		for($j = 0; $j < count($u_access); $j++)
  76. 		{
  77. 			$result = 0;
  78. 			switch($type)
  79. 			{
  80. 				case AUTH_ACL:
  81. 					$result = $u_access[$j][$key];
  82.  
  83. 				case AUTH_MOD:
  84. 					$result = $result || $u_access[$j]['auth_mod'];
  85.  
  86. 				case AUTH_ADMIN:
  87. 					$result = $result || $is_admin;
  88. 					break;
  89. 			}
  90.  
  91. 			$auth_user = $auth_user || $result;
  92. 		}
  93. 	}
  94. 	else
  95. 	{
  96. 		$auth_user = $is_admin;
  97. 	}
  98.  
  99. 	return $auth_user;
  100. }
  101.  
  102. if ( isset($HTTP_POST_VARS['submit']) && ( ( $mode == 'user' && $user_id ) || ( $mode == 'group' && $group_id ) ) )
  103. {
  104. 	$user_level = '';
  105. 	if ( $mode == 'user' )
  106. 	{
  107.  
  108. 		$sql = "SELECT g.group_id, u.user_level
  109. 			FROM " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u, " . GROUPS_TABLE . " g
  110. 			WHERE u.user_id = $user_id 
  111. 				AND ug.user_id = u.user_id 
  112. 				AND g.group_id = ug.group_id 
  113. 				AND g.group_single_user = " . TRUE;
  114. 		if ( !($result = $db->sql_query($sql)) )
  115. 		{
  116. 			message_die(GENERAL_ERROR, 'Could not select info from user/user_group table', '', __LINE__, __FILE__, $sql);
  117. 		}
  118.  
  119. 		$row = $db->sql_fetchrow($result);
  120.  
  121. 		$group_id = $row['group_id'];
  122. 		$user_level = $row['user_level'];
  123.  
  124. 		$db->sql_freeresult($result);
  125. 	}
  126.  
  127. 	if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'admin' && $user_level != ADMIN )
  128. 	{
  129.  
  130. 		if ( $userdata['user_id'] != $user_id )
  131. 		{
  132. 			$sql = "UPDATE " . USERS_TABLE . "
  133. 				SET user_level = " . ADMIN . "
  134. 				WHERE user_id = $user_id";
  135. 			if ( !($result = $db->sql_query($sql)) )
  136. 			{
  137. 				message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
  138. 			}
  139.  
  140. 			$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . "
  141. 				WHERE group_id = $group_id 
  142. 					AND auth_mod = 0";
  143. 			if ( !($result = $db->sql_query($sql)) )
  144. 			{
  145. 				message_die(GENERAL_ERROR, "Couldn't delete auth access info", "", __LINE__, __FILE__, $sql);
  146. 			}
  147.  
  148. 			$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
  149. 				SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
  150. 				WHERE group_id = $group_id"; 
  151. 			if ( !($result = $db->sql_query($sql)) )
  152. 			{
  153. 				message_die(GENERAL_ERROR, "Couldn't update auth access", "", __LINE__, __FILE__, $sql);
  154. 			}
  155. 		}
  156.  
  157. 		$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
  158. 		message_die(GENERAL_MESSAGE, $message);
  159. 	}
  160. 	else
  161. 	{
  162. 		if ( $mode == 'user' && $HTTP_POST_VARS['userlevel'] == 'user' && $user_level == ADMIN )
  163. 		{
  164.  
  165. 			if ( $userdata['user_id'] != $user_id )
  166. 			{
  167. 				$sql = "UPDATE " . AUTH_ACCESS_TABLE . "
  168. 					SET auth_view = 0, auth_read = 0, auth_post = 0, auth_reply = 0, auth_edit = 0, auth_delete = 0, auth_sticky = 0, auth_announce = 0
  169. 					WHERE group_id = $group_id";
  170. 				if ( !($result = $db->sql_query($sql)) )
  171. 				{
  172. 					message_die(GENERAL_ERROR, 'Could not update auth access', '', __LINE__, __FILE__, $sql);
  173. 				}
  174.  
  175. 				$sql = "UPDATE " . USERS_TABLE . "
  176. 					SET user_level = " . USER . "
  177. 					WHERE user_id = $user_id";
  178. 				if ( !($result = $db->sql_query($sql)) )
  179. 				{
  180. 					message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
  181. 				}
  182. 			}
  183.  
  184. 			$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($lang['Click_return_userauth'], '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
  185. 		}
  186. 		else
  187. 		{
  188. 	
  189. 			$change_mod_list = ( isset($HTTP_POST_VARS['moderator']) ) ? $HTTP_POST_VARS['moderator'] : array();
  190.  
  191. 			if ( empty($adv) )
  192. 			{
  193. 				$sql = "SELECT f.* 
  194. 					FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
  195. 					WHERE f.cat_id = c.cat_id
  196. 					ORDER BY c.cat_order, f.forum_order ASC";
  197. 				if ( !($result = $db->sql_query($sql)) )
  198. 				{
  199. 					message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
  200. 				}
  201.  
  202. 				$forum_access = $forum_auth_level_fields = array();
  203. 				while( $row = $db->sql_fetchrow($result) )
  204. 				{
  205. 					$forum_access[] = $row;
  206. 				}
  207. 				$db->sql_freeresult($result);
  208.  
  209. 				for($i = 0; $i < count($forum_access); $i++)
  210. 				{
  211. 					$forum_id = $forum_access[$i]['forum_id'];
  212.  
  213. 					for($j = 0; $j < count($forum_auth_fields); $j++)
  214. 					{
  215. 						$forum_auth_level_fields[$forum_id][$forum_auth_fields[$j]] = $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL;
  216. 					}
  217. 				}
  218.  
  219. 				while( list($forum_id, $value) = @each($HTTP_POST_VARS['private']) )
  220. 				{
  221. 					while( list($auth_field, $exists) = @each($forum_auth_level_fields[$forum_id]) )
  222. 					{
  223. 						if ($exists)
  224. 						{
  225. 							$change_acl_list[$forum_id][$auth_field] = $value;
  226. 						}
  227. 					}
  228. 				}
  229. 			}
  230. 			else
  231. 			{
  232. 				$change_acl_list = array();
  233. 				for($j = 0; $j < count($forum_auth_fields); $j++)
  234. 				{
  235. 					$auth_field = $forum_auth_fields[$j];
  236.  
  237. 					while( list($forum_id, $value) = @each($HTTP_POST_VARS['private_' . $auth_field]) )
  238. 					{
  239. 						$change_acl_list[$forum_id][$auth_field] = $value;
  240. 					}
  241. 				}
  242. 			}
  243.  
  244. 			$sql = 'SELECT f.* 
  245. 				FROM ' . FORUMS_TABLE . ' f, ' . CATEGORIES_TABLE . ' c
  246. 				WHERE f.cat_id = c.cat_id
  247. 				ORDER BY c.cat_order, f.forum_order';
  248. 			if ( !($result = $db->sql_query($sql)) )
  249. 			{
  250. 				message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
  251. 			}
  252.  
  253. 			$forum_access = array();
  254. 			while( $row = $db->sql_fetchrow($result) )
  255. 			{
  256. 				$forum_access[] = $row;
  257. 			}
  258. 			$db->sql_freeresult($result);
  259.  
  260. 			$sql = ( $mode == 'user' ) ? "SELECT aa.* FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = " . TRUE : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
  261. 			if ( !($result = $db->sql_query($sql)) )
  262. 			{
  263. 				message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
  264. 			}
  265.  
  266. 			$auth_access = array();
  267. 			while( $row = $db->sql_fetchrow($result) )
  268. 			{
  269. 				$auth_access[$row['forum_id']] = $row;
  270. 			}
  271. 			$db->sql_freeresult($result);
  272.  
  273. 			$forum_auth_action = array();
  274. 			$update_acl_status = array();
  275. 			$update_mod_status = array();
  276.  
  277. 			for($i = 0; $i < count($forum_access); $i++)
  278. 			{
  279. 				$forum_id = $forum_access[$i]['forum_id'];
  280.  
  281. 				if ( 
  282. 					( isset($auth_access[$forum_id]['auth_mod']) && $change_mod_list[$forum_id] != $auth_access[$forum_id]['auth_mod'] ) || 
  283. 					( !isset($auth_access[$forum_id]['auth_mod']) && !empty($change_mod_list[$forum_id]) ) 
  284. 				)
  285. 				{
  286. 					$update_mod_status[$forum_id] = $change_mod_list[$forum_id];
  287.  
  288. 					if ( !$update_mod_status[$forum_id] )
  289. 					{
  290. 						$forum_auth_action[$forum_id] = 'delete';
  291. 					}
  292. 					else if ( !isset($auth_access[$forum_id]['auth_mod']) )
  293. 					{
  294. 						$forum_auth_action[$forum_id] = 'insert';
  295. 					}
  296. 					else
  297. 					{
  298. 						$forum_auth_action[$forum_id] = 'update';
  299. 					}
  300. 				}
  301.  
  302. 				for($j = 0; $j < count($forum_auth_fields); $j++)
  303. 				{
  304. 					$auth_field = $forum_auth_fields[$j];
  305.  
  306. 					if( $forum_access[$i][$auth_field] == AUTH_ACL && isset($change_acl_list[$forum_id][$auth_field]) )
  307. 					{
  308. 						if ( ( empty($auth_access[$forum_id]['auth_mod']) && 
  309. 							( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] != $auth_access[$forum_id][$auth_field] ) || 
  310. 							( !isset($auth_access[$forum_id][$auth_field]) && !empty($change_acl_list[$forum_id][$auth_field]) ) ) ||
  311. 							!empty($update_mod_status[$forum_id])
  312. 						)
  313. 						{
  314. 							$update_acl_status[$forum_id][$auth_field] = ( !empty($update_mod_status[$forum_id]) ) ? 0 :  $change_acl_list[$forum_id][$auth_field];
  315.  
  316. 							if ( isset($auth_access[$forum_id][$auth_field]) && empty($update_acl_status[$forum_id][$auth_field]) && $forum_auth_action[$forum_id] != 'insert' && $forum_auth_action[$forum_id] != 'update' )
  317. 							{
  318. 								$forum_auth_action[$forum_id] = 'delete';
  319. 							}
  320. 							else if ( !isset($auth_access[$forum_id][$auth_field]) && !( $forum_auth_action[$forum_id] == 'delete' && empty($update_acl_status[$forum_id][$auth_field]) ) )
  321. 							{
  322. 								$forum_auth_action[$forum_id] = 'insert';
  323. 							}
  324. 							else if ( isset($auth_access[$forum_id][$auth_field]) && !empty($update_acl_status[$forum_id][$auth_field]) ) 
  325. 							{
  326. 								$forum_auth_action[$forum_id] = 'update';
  327. 							}
  328. 						}
  329. 						else if ( ( empty($auth_access[$forum_id]['auth_mod']) && 
  330. 							( isset($auth_access[$forum_id][$auth_field]) && $change_acl_list[$forum_id][$auth_field] == $auth_access[$forum_id][$auth_field] ) ) && $forum_auth_action[$forum_id] == 'delete' )
  331. 						{
  332. 							$forum_auth_action[$forum_id] = 'update';
  333. 						}
  334. 					}
  335. 				}
  336. 			}
  337.  
  338. 			$delete_sql = '';
  339. 			while( list($forum_id, $action) = @each($forum_auth_action) )
  340. 			{
  341. 				if ( $action == 'delete' )
  342. 				{
  343. 					$delete_sql .= ( ( $delete_sql != '' ) ? ', ' : '' ) . $forum_id;
  344. 				}
  345. 				else
  346. 				{
  347. 					if ( $action == 'insert' )
  348. 					{
  349. 						$sql_field = '';
  350. 						$sql_value = '';
  351. 						while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
  352. 						{
  353. 							$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . $auth_type;
  354. 							$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . $value;
  355. 						}
  356. 						$sql_field .= ( ( $sql_field != '' ) ? ', ' : '' ) . 'auth_mod';
  357. 						$sql_value .= ( ( $sql_value != '' ) ? ', ' : '' ) . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
  358.  
  359. 						$sql = "INSERT INTO " . AUTH_ACCESS_TABLE . " (forum_id, group_id, $sql_field) 
  360. 							VALUES ($forum_id, $group_id, $sql_value)";
  361. 					}
  362. 					else
  363. 					{
  364. 						$sql_values = '';
  365. 						while ( list($auth_type, $value) = @each($update_acl_status[$forum_id]) )
  366. 						{
  367. 							$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . $auth_type . ' = ' . $value;
  368. 						}
  369. 						$sql_values .= ( ( $sql_values != '' ) ? ', ' : '' ) . 'auth_mod = ' . ( ( !isset($update_mod_status[$forum_id]) ) ? 0 : $update_mod_status[$forum_id]);
  370.  
  371. 						$sql = "UPDATE " . AUTH_ACCESS_TABLE . " 
  372. 							SET $sql_values 
  373. 							WHERE group_id = $group_id 
  374. 								AND forum_id = $forum_id";
  375. 					}
  376. 					if( !($result = $db->sql_query($sql)) )
  377. 					{
  378. 						message_die(GENERAL_ERROR, "Couldn't update private forum permissions", "", __LINE__, __FILE__, $sql);
  379. 					}
  380. 				}
  381. 			}
  382.  
  383. 			if ( $delete_sql != '' )
  384. 			{
  385. 				$sql = "DELETE FROM " . AUTH_ACCESS_TABLE . " 
  386. 					WHERE group_id = $group_id 
  387. 						AND forum_id IN ($delete_sql)";
  388. 				if( !($result = $db->sql_query($sql)) )
  389. 				{
  390. 					message_die(GENERAL_ERROR, "Couldn't delete permission entries", "", __LINE__, __FILE__, $sql);
  391. 				}
  392. 			}
  393.  
  394. 			$l_auth_return = ( $mode == 'user' ) ? $lang['Click_return_userauth'] : $lang['Click_return_groupauth'];
  395. 			$message = $lang['Auth_updated'] . '<br /><br />' . sprintf($l_auth_return, '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$mode") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . append_sid("index.$phpEx?pane=right") . '">', '</a>');
  396. 		}
  397.  
  398. 		$sql = "SELECT u.user_id 
  399. 			FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . USERS_TABLE . " u  
  400. 			WHERE ug.group_id = aa.group_id 
  401. 				AND u.user_id = ug.user_id 
  402. 				AND ug.user_pending = 0
  403. 				AND u.user_level NOT IN (" . MOD . ", " . ADMIN . ") 
  404. 			GROUP BY u.user_id 
  405. 			HAVING SUM(aa.auth_mod) > 0";
  406. 		if ( !($result = $db->sql_query($sql)) )
  407. 		{
  408. 			message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
  409. 		}
  410.  
  411. 		$set_mod = '';
  412. 		while( $row = $db->sql_fetchrow($result) )
  413. 		{
  414. 			$set_mod .= ( ( $set_mod != '' ) ? ', ' : '' ) . $row['user_id'];
  415. 		}
  416. 		$db->sql_freeresult($result);
  417.  
  418. 				$sql = "SELECT u.user_id 
  419. 					FROM ( ( " . USERS_TABLE . " u  
  420. 					LEFT JOIN " . USER_GROUP_TABLE . " ug ON ug.user_id = u.user_id ) 
  421. 					LEFT JOIN " . AUTH_ACCESS_TABLE . " aa ON aa.group_id = ug.group_id ) 
  422. 					WHERE u.user_level NOT IN (" . USER . ", " . ADMIN . ")
  423. 					GROUP BY u.user_id 
  424. 					HAVING SUM(aa.auth_mod) = 0";
  425.  
  426. 		if ( !($result = $db->sql_query($sql)) )
  427. 		{
  428. 			message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
  429. 		}
  430.  
  431. 		$unset_mod = "";
  432. 		while( $row = $db->sql_fetchrow($result) )
  433. 		{
  434. 			$unset_mod .= ( ( $unset_mod != '' ) ? ', ' : '' ) . $row['user_id'];
  435. 		}
  436. 		$db->sql_freeresult($result);
  437.  
  438. 		if ( $set_mod != '' )
  439. 		{
  440. 			$sql = "UPDATE " . USERS_TABLE . " 
  441. 				SET user_level = " . MOD . " 
  442. 				WHERE user_id IN ($set_mod)";
  443. 			if( !($result = $db->sql_query($sql)) )
  444. 			{
  445. 				message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
  446. 			}
  447. 		}
  448.  
  449. 		if ( $unset_mod != '' )
  450. 		{
  451. 			$sql = "UPDATE " . USERS_TABLE . " 
  452. 				SET user_level = " . USER . " 
  453. 				WHERE user_id IN ($unset_mod)";
  454. 			if( !($result = $db->sql_query($sql)) )
  455. 			{
  456. 				message_die(GENERAL_ERROR, "Couldn't update user level", "", __LINE__, __FILE__, $sql);
  457. 			}
  458. 		}
  459.  
  460. 		$sql = 'SELECT user_id FROM ' . USER_GROUP_TABLE . "
  461. 			WHERE group_id = $group_id";
  462. 		$result = $db->sql_query($sql);
  463.  
  464. 		$group_user = array();
  465. 		while ($row = $db->sql_fetchrow($result))
  466. 		{
  467. 			$group_user[$row['user_id']] = $row['user_id'];
  468. 		}
  469. 		$db->sql_freeresult($result);
  470.  
  471. 		$sql = "SELECT ug.user_id, COUNT(auth_mod) AS is_auth_mod 
  472. 			FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug 
  473. 			WHERE ug.user_id IN (" . implode(', ', $group_user) . ") 
  474. 				AND aa.group_id = ug.group_id 
  475. 				AND aa.auth_mod = 1
  476. 			GROUP BY ug.user_id";
  477. 		if ( !($result = $db->sql_query($sql)) )
  478. 		{
  479. 			message_die(GENERAL_ERROR, 'Could not obtain moderator status', '', __LINE__, __FILE__, $sql);
  480. 		}
  481.  
  482. 		while ($row = $db->sql_fetchrow($result))
  483. 		{
  484. 			if ($row['is_auth_mod'])
  485. 			{
  486. 				unset($group_user[$row['user_id']]);
  487. 			}
  488. 		}
  489. 		$db->sql_freeresult($result);
  490.  
  491. 		if (sizeof($group_user))
  492. 		{
  493. 			$sql = "UPDATE " . USERS_TABLE . " 
  494. 				SET user_level = " . USER . " 
  495. 				WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD;
  496. 			if ( !($result = $db->sql_query($sql)) )
  497. 			{
  498. 				message_die(GENERAL_ERROR, 'Could not update user level', '', __LINE__, __FILE__, $sql);
  499. 			}
  500. 		}
  501.  
  502. 		message_die(GENERAL_MESSAGE, $message);
  503. 	}
  504. }
  505. else if ( ( $mode == 'user' && ( isset($HTTP_POST_VARS['username']) || $user_id ) ) || ( $mode == 'group' && $group_id ) )
  506. {
  507. 	if ( isset($HTTP_POST_VARS['username']) )
  508. 	{
  509. 		$this_userdata = get_userdata($HTTP_POST_VARS['username'], true);
  510. 		if ( !is_array($this_userdata) )
  511. 		{
  512. 			message_die(GENERAL_MESSAGE, $lang['No_such_user']);
  513. 		}
  514. 		$user_id = $this_userdata['user_id'];
  515. 	}
  516.  
  517. 	$sql = "SELECT f.* 
  518. 		FROM " . FORUMS_TABLE . " f, " . CATEGORIES_TABLE . " c
  519. 		WHERE f.cat_id = c.cat_id
  520. 		ORDER BY c.cat_order, f.forum_order ASC";
  521. 	if ( !($result = $db->sql_query($sql)) )
  522. 	{
  523. 		message_die(GENERAL_ERROR, "Couldn't obtain forum information", "", __LINE__, __FILE__, $sql);
  524. 	}
  525.  
  526. 	$forum_access = array();
  527. 	while( $row = $db->sql_fetchrow($result) )
  528. 	{
  529. 		$forum_access[] = $row;
  530. 	}
  531. 	$db->sql_freeresult($result);
  532.  
  533. 	if( empty($adv) )
  534. 	{
  535. 		for($i = 0; $i < count($forum_access); $i++)
  536. 		{
  537. 			$forum_id = $forum_access[$i]['forum_id'];
  538.  
  539. 			$forum_auth_level[$forum_id] = AUTH_ALL;
  540.  
  541. 			for($j = 0; $j < count($forum_auth_fields); $j++)
  542. 			{
  543. 				$forum_access[$i][$forum_auth_fields[$j]] . ' :: ';
  544. 				if ( $forum_access[$i][$forum_auth_fields[$j]] == AUTH_ACL )
  545. 				{
  546. 					$forum_auth_level[$forum_id] = AUTH_ACL;
  547. 					$forum_auth_level_fields[$forum_id][] = $forum_auth_fields[$j];
  548. 				}
  549. 			}
  550. 		}
  551. 	}
  552.  
  553. 	$sql = "SELECT u.user_id, u.username, u.user_level, g.group_id, g.group_name, g.group_single_user, ug.user_pending FROM " . USERS_TABLE . " u, " . GROUPS_TABLE . " g, " . USER_GROUP_TABLE . " ug WHERE ";
  554. 	$sql .= ( $mode == 'user' ) ? "u.user_id = $user_id AND ug.user_id = u.user_id AND g.group_id = ug.group_id" : "g.group_id = $group_id AND ug.group_id = g.group_id AND u.user_id = ug.user_id";
  555. 	if ( !($result = $db->sql_query($sql)) )
  556. 	{
  557. 		message_die(GENERAL_ERROR, "Couldn't obtain user/group information", "", __LINE__, __FILE__, $sql);
  558. 	}
  559. 	$ug_info = array();
  560. 	while( $row = $db->sql_fetchrow($result) )
  561. 	{
  562. 		$ug_info[] = $row;
  563. 	}
  564. 	$db->sql_freeresult($result);
  565.  
  566. 	$sql = ( $mode == 'user' ) ? "SELECT aa.*, g.group_single_user FROM " . AUTH_ACCESS_TABLE . " aa, " . USER_GROUP_TABLE . " ug, " . GROUPS_TABLE. " g WHERE ug.user_id = $user_id AND g.group_id = ug.group_id AND aa.group_id = ug.group_id AND g.group_single_user = 1" : "SELECT * FROM " . AUTH_ACCESS_TABLE . " WHERE group_id = $group_id";
  567. 	if ( !($result = $db->sql_query($sql)) )
  568. 	{
  569. 		message_die(GENERAL_ERROR, "Couldn't obtain user/group permissions", "", __LINE__, __FILE__, $sql);
  570. 	}
  571.  
  572. 	$auth_access = array();
  573. 	$auth_access_count = array();
  574. 	while( $row = $db->sql_fetchrow($result) )
  575. 	{
  576. 		$auth_access[$row['forum_id']][] = $row; 
  577. 		$auth_access_count[$row['forum_id']]++;
  578. 	}
  579. 	$db->sql_freeresult($result);
  580.  
  581. 	$is_admin = ( $mode == 'user' ) ? ( ( $ug_info[0]['user_level'] == ADMIN && $ug_info[0]['user_id'] != ANONYMOUS ) ? 1 : 0 ) : 0;
  582.  
  583. 	for($i = 0; $i < count($forum_access); $i++)
  584. 	{
  585. 		$forum_id = $forum_access[$i]['forum_id'];
  586.  
  587. 		unset($prev_acl_setting);
  588. 		for($j = 0; $j < count($forum_auth_fields); $j++)
  589. 		{
  590. 			$key = $forum_auth_fields[$j];
  591. 			$value = $forum_access[$i][$key];
  592.  
  593. 			switch( $value )
  594. 			{
  595. 				case AUTH_ALL:
  596. 				case AUTH_REG:
  597. 					$auth_ug[$forum_id][$key] = 1;
  598. 					break;
  599.  
  600. 				case AUTH_ACL:
  601. 					$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_ACL, $key, $auth_access[$forum_id], $is_admin) : 0;
  602. 					$auth_field_acl[$forum_id][$key] = $auth_ug[$forum_id][$key];
  603.  
  604. 					if ( isset($prev_acl_setting) )
  605. 					{
  606. 						if ( $prev_acl_setting != $auth_ug[$forum_id][$key] && empty($adv) )
  607. 						{
  608. 							$adv = 1;
  609. 						}
  610. 					}
  611.  
  612. 					$prev_acl_setting = $auth_ug[$forum_id][$key];
  613.  
  614. 					break;
  615.  
  616. 				case AUTH_MOD:
  617. 					$auth_ug[$forum_id][$key] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, $key, $auth_access[$forum_id], $is_admin) : 0;
  618. 					break;
  619.  
  620. 				case AUTH_ADMIN:
  621. 					$auth_ug[$forum_id][$key] = $is_admin;
  622. 					break;
  623.  
  624. 				default:
  625. 					$auth_ug[$forum_id][$key] = 0;
  626. 					break;
  627. 			}
  628. 		}
  629.  
  630. 		$auth_ug[$forum_id]['auth_mod'] = ( !empty($auth_access_count[$forum_id]) ) ? check_auth(AUTH_MOD, 'auth_mod', $auth_access[$forum_id], 0) : 0;
  631. 	}
  632. 	
  633. 	$i = 0;
  634. 	@reset($auth_ug);
  635. 	while( list($forum_id, $user_ary) = @each($auth_ug) )
  636. 	{
  637. 		if ( empty($adv) )
  638. 		{
  639. 			if ( $forum_auth_level[$forum_id] == AUTH_ACL )
  640. 			{
  641. 				$allowed = 1;
  642.  
  643. 				for($j = 0; $j < count($forum_auth_level_fields[$forum_id]); $j++)
  644. 				{
  645. 					if ( !$auth_ug[$forum_id][$forum_auth_level_fields[$forum_id][$j]] )
  646. 					{
  647. 						$allowed = 0;
  648. 					}
  649. 				}
  650.  
  651. 				$optionlist_acl = '<select name="private[' . $forum_id . ']">';
  652.  
  653. 				if ( $is_admin || $user_ary['auth_mod'] )
  654. 				{
  655. 					$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option>';
  656. 				}
  657. 				else if ( $allowed )
  658. 				{
  659. 					$optionlist_acl .= '<option value="1" selected="selected">' . $lang['Allowed_Access'] . '</option><option value="0">'. $lang['Disallowed_Access'] . '</option>';
  660. 				}
  661. 				else
  662. 				{
  663. 					$optionlist_acl .= '<option value="1">' . $lang['Allowed_Access'] . '</option><option value="0" selected="selected">' . $lang['Disallowed_Access'] . '</option>';
  664. 				}
  665.  
  666. 				$optionlist_acl .= '</select>';
  667. 			}
  668. 			else
  669. 			{
  670. 				$optionlist_acl = 'не доступно';
  671. 			}
  672. 		}
  673. 		else
  674. 		{
  675. 			for($j = 0; $j < count($forum_access); $j++)
  676. 			{
  677. 				if ( $forum_access[$j]['forum_id'] == $forum_id )
  678. 				{
  679. 					for($k = 0; $k < count($forum_auth_fields); $k++)
  680. 					{
  681. 						$field_name = $forum_auth_fields[$k];
  682.  
  683. 						if( $forum_access[$j][$field_name] == AUTH_ACL )
  684. 						{
  685. 							$optionlist_acl_adv[$forum_id][$k] = '<select name="private_' . $field_name . '[' . $forum_id . ']">';
  686.  
  687. 							if( isset($auth_field_acl[$forum_id][$field_name]) && !($is_admin || $user_ary['auth_mod']) )
  688. 							{
  689. 								if( !$auth_field_acl[$forum_id][$field_name] )
  690. 								{
  691. 									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
  692. 								}
  693. 								else
  694. 								{
  695. 									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1" selected="selected">' . $lang['ON'] . '</option><option value="0">' . $lang['OFF'] . '</option>';
  696. 								}
  697. 							}
  698. 							else
  699. 							{
  700. 								if( $is_admin || $user_ary['auth_mod'] )
  701. 								{
  702. 									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option>';
  703. 								}
  704. 								else
  705. 								{
  706. 									$optionlist_acl_adv[$forum_id][$k] .= '<option value="1">' . $lang['ON'] . '</option><option value="0" selected="selected">' . $lang['OFF'] . '</option>';
  707. 								}
  708. 							}
  709.  
  710. 							$optionlist_acl_adv[$forum_id][$k] .= '</select>';
  711.  
  712. 						}
  713. 						else
  714. 						{
  715. 							$optionlist_acl_adv[$forum_id][$k] = 'не доступно';
  716. 						}
  717. 					}
  718. 				}
  719. 			}
  720. 		}
  721.  
  722. 		$optionlist_mod = '<select name="moderator[' . $forum_id . ']">';
  723. 		$optionlist_mod .= ( $user_ary['auth_mod'] ) ? '<option value="1" selected="selected">' . $lang['Is_Moderator'] . '</option><option value="0">' . $lang['Not_Moderator'] . '</option>' : '<option value="1">' . $lang['Is_Moderator'] . '</option><option value="0" selected="selected">' . $lang['Not_Moderator'] . '</option>';
  724. 		$optionlist_mod .= '</select>';
  725.  
  726. 		$row_class = ( !( $i % 2 ) ) ? 'row_easy' : 'row_hard';
  727.  
  728. 		$template->assign_block_vars('forums', array(
  729. 			'ROW_CLASS' => $row_class,
  730. 			'FORUM_NAME' => $forum_access[$i]['forum_name'],
  731.  
  732. 			'U_FORUM_AUTH' => append_sid("admin_forumauth.$phpEx?f=" . $forum_access[$i]['forum_id']),
  733.  
  734. 			'S_MOD_SELECT' => $optionlist_mod)
  735. 		);
  736.  
  737. 		$s_column_span = 2;
  738.  
  739. 	
  740. 			
  741. 		
  742.  
  743. 		$i++;
  744. 	}
  745. //	@reset($auth_user);
  746. 	
  747. 	if ( $mode == 'user' )
  748. 	{
  749. 		$t_username = $ug_info[0]['username'];
  750. 		$s_user_type = ( $is_admin ) ? '<select name="userlevel"><option value="admin" selected="selected">' . $lang['Auth_Admin'] . '</option><option value="user">' . $lang['Auth_User'] . '</option></select>' : '<select name="userlevel"><option value="admin">' . $lang['Auth_Admin'] . '</option><option value="user" selected="selected">' . $lang['Auth_User'] . '</option></select>';
  751. 	}
  752. 	else
  753. 	{
  754. 		$t_groupname = $ug_info[0]['group_name'];
  755. 	}
  756.  
  757. 	$name = array();
  758. 	$id = array();
  759. 	for($i = 0; $i < count($ug_info); $i++)
  760. 	{
  761. 		if( ( $mode == 'user' && !$ug_info[$i]['group_single_user'] ) || $mode == 'group' )
  762. 		{
  763. 			$name[] = ( $mode == 'user' ) ? $ug_info[$i]['group_name'] :  $ug_info[$i]['username'];
  764. 			$id[] = ( $mode == 'user' ) ? intval($ug_info[$i]['group_id']) : intval($ug_info[$i]['user_id']);
  765. 		}
  766. 	}
  767.  
  768. 	$t_usergroup_list = $t_pending_list = '';
  769. 	if( count($name) )
  770. 	{
  771. 		for($i = 0; $i < count($ug_info); $i++)
  772. 		{
  773. 			$ug = ( $mode == 'user' ) ? 'group&amp;' . POST_GROUPS_URL : 'user&amp;' . POST_USERS_URL;
  774.  
  775. 			if (!$ug_info[$i]['user_pending'])
  776. 			{
  777. 				$t_usergroup_list .= ( ( $t_usergroup_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
  778. 			}
  779. 			else
  780. 			{
  781. 				$t_pending_list .= ( ( $t_pending_list != '' ) ? ', ' : '' ) . '<a href="' . append_sid("admin_ug_auth.$phpEx?mode=$ug=" . $id[$i]) . '">' . $name[$i] . '</a>';
  782. 			}
  783. 		}
  784. 	}
  785.  
  786. 	$t_usergroup_list = ($t_usergroup_list == '') ? $lang['None'] : $t_usergroup_list;
  787. 	$t_pending_list = ($t_pending_list == '') ? $lang['None'] : $t_pending_list;
  788.  
  789. 	include('./page_header_admin.'.$phpEx);
  790.  
  791. 	$template->set_filenames(array(
  792. 		"body" => 'admin/auth_ug_body.tpl')
  793. 	);
  794.  
  795. 	$u_ug_switch = ( $mode == 'user' ) ? POST_USERS_URL . "=" . $user_id : POST_GROUPS_URL . "=" . $group_id;
  796.  
  797. 	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" /><input type="hidden" name="adv" value="' . $adv . '" />';
  798. 	$s_hidden_fields .= ( $mode == 'user' ) ? '<input type="hidden" name="' . POST_USERS_URL . '" value="' . $user_id . '" />' : '<input type="hidden" name="' . POST_GROUPS_URL . '" value="' . $group_id . '" />';
  799.  
  800. 	if ( $mode == 'user' )
  801. 	{
  802. 		$template->assign_block_vars('switch_user_auth', array());
  803.  
  804. 		$template->assign_vars(array(
  805. 			'USERNAME' => $t_username,
  806. 			'USER_LEVEL' => $lang['User_Level'] . " : " . $s_user_type,
  807. 			'USER_GROUP_MEMBERSHIPS' => $lang['Group_memberships'] . ' : ' . $t_usergroup_list)
  808. 		);
  809. 	}
  810. 	else
  811. 	{
  812. 		$template->assign_block_vars("switch_group_auth", array());
  813.  
  814. 		$template->assign_vars(array(
  815. 			'USERNAME' => $t_groupname,
  816. 			'GROUP_MEMBERSHIP' => $lang['Usergroup_members'] . ' : ' . $t_usergroup_list . '<br />' . $lang['Pending_members'] . ' : ' . $t_pending_list)
  817. 		);
  818. 	}
  819.  
  820. 	$template->assign_vars(array(
  821. 		'L_USER_OR_GROUPNAME' => ( $mode == 'user' ) ? $lang['Username'] : $lang['Group_name'],
  822.  
  823. 		'L_AUTH_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
  824. 		'L_AUTH_EXPLAIN' => ( $mode == 'user' ) ? 'Здесь вы можете изменить права доступа и статус модератора для отдельных пользователей. Не забывайте, что при изменении прав пользователя, права доступа для сообщества могут давать пользователю возможность входа в разделы форума и т.п. Вы будете предупреждены в этом случае' : 'Здесь вы можете изменить права доступа и статус модератора для каждого сообщества пользователей. Не забывайте, что при изменении прав доступа сообществ,  права доступа для отдельных пользователей могут давать пользователю воможность входа в разделы форума и т.п. Вы будете предупреждены в этом случае',
  825. 		'L_MODERATOR_STATUS' => $lang['Moderator_status'],
  826. 		'L_PERMISSIONS' => $lang['Permissions'],
  827. 		'L_SUBMIT' => $lang['Submit'],
  828. 		'L_RESET' => $lang['Reset'], 
  829. 		'L_FORUM' => $lang['Forum'], 
  830.  
  831. 		'U_USER_OR_GROUP' => append_sid("admin_ug_auth.$phpEx"),
  832.  
  833. 		'S_COLUMN_SPAN' => $s_column_span,
  834. 		'S_AUTH_ACTION' => append_sid("admin_ug_auth.$phpEx"), 
  835. 		'S_HIDDEN_FIELDS' => $s_hidden_fields)
  836. 	);
  837. }
  838. else
  839. {
  840.  
  841. 	include('./page_header_admin.'.$phpEx);
  842.  
  843. 	$template->set_filenames(array(
  844. 		'body' => ( $mode == 'user' ) ? 'admin/user_select_body.tpl' : 'admin/auth_select_body.tpl')
  845. 	);
  846.  
  847. 	if ( $mode == 'user' )
  848. 	{
  849. 		$template->assign_vars(array(
  850. 			'L_FIND_USERNAME' => $lang['Find_username'],
  851.  
  852. 			'U_SEARCH_USER' => append_sid("../search.$phpEx?mode=searchuser"))
  853. 		);
  854. 	}
  855. 	else
  856. 	{
  857. 		$sql = "SELECT group_id, group_name
  858. 			FROM " . GROUPS_TABLE . "
  859. 			WHERE group_single_user <> " . TRUE;
  860. 		if ( !($result = $db->sql_query($sql)) )
  861. 		{
  862. 			message_die(GENERAL_ERROR, "Couldn't get group list", "", __LINE__, __FILE__, $sql);
  863. 		}
  864.  
  865. 		if ( $row = $db->sql_fetchrow($result) )
  866. 		{
  867. 			$select_list = '<select name="' . POST_GROUPS_URL . '">';
  868. 			do
  869. 			{
  870. 				$select_list .= '<option value="' . $row['group_id'] . '">' . $row['group_name'] . '</option>';
  871. 			}
  872. 			while ( $row = $db->sql_fetchrow($result) );
  873. 			$select_list .= '</select>';
  874. 		}
  875.  
  876. 		$template->assign_vars(array(
  877. 			'S_AUTH_SELECT' => $select_list)
  878. 		);
  879. 	}
  880.  
  881. 	$s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />';
  882.  
  883. 	$l_type = ( $mode == 'user' ) ? 'USER' : 'AUTH';
  884.  
  885. 	$template->assign_vars(array(
  886. 		'L_' . $l_type . '_TITLE' => ( $mode == 'user' ) ? $lang['Auth_Control_User'] : $lang['Auth_Control_Group'],
  887. 		'L_' . $l_type . '_EXPLAIN' => ( $mode == 'user' ) ? $lang['User_auth_explain'] : $lang['Group_auth_explain'],
  888. 		'L_' . $l_type . '_SELECT' => ( $mode == 'user' ) ? $lang['Select_a_User'] : $lang['Select_a_Group'],
  889. 		'L_LOOK_UP' => ( $mode == 'user' ) ? $lang['Look_up_User'] : $lang['Look_up_Group'],
  890.  
  891. 		'S_HIDDEN_FIELDS' => $s_hidden_fields, 
  892. 		'S_' . $l_type . '_ACTION' => append_sid("admin_ug_auth.$phpEx"))
  893. 	);
  894.  
  895. }
  896.  
  897. $template->pparse('body');
  898.  
  899. include('./page_footer_admin.'.$phpEx);
  900.  
  901. ?>