Blame Identity/Models/Html/phpBB/3.0.4/includes/acp/auth.php

d6e8d8
d6e8d8
/**
d6e8d8
*
d6e8d8
* @package phpBB3
d6e8d8
* @version $Id: auth.php 8479 2008-03-29 00:22:48Z naderman $
d6e8d8
* @copyright (c) 2005 phpBB Group
d6e8d8
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
d6e8d8
*
d6e8d8
*/
d6e8d8
d6e8d8
/**
d6e8d8
* @ignore
d6e8d8
*/
d6e8d8
if (!defined('IN_PHPBB'))
d6e8d8
{
d6e8d8
	exit;
d6e8d8
}
d6e8d8
d6e8d8
/**
d6e8d8
* ACP Permission/Auth class
d6e8d8
* @package phpBB3
d6e8d8
*/
d6e8d8
class auth_admin extends auth
d6e8d8
{
d6e8d8
	/**
d6e8d8
	* Init auth settings
d6e8d8
	*/
d6e8d8
	function auth_admin()
d6e8d8
	{
d6e8d8
		global $db, $cache;
d6e8d8
d6e8d8
		if (($this->acl_options = $cache->get('_acl_options')) === false)
d6e8d8
		{
d6e8d8
			$sql = 'SELECT auth_option_id, auth_option, is_global, is_local
d6e8d8
				FROM ' . ACL_OPTIONS_TABLE . '
d6e8d8
				ORDER BY auth_option_id';
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$global = $local = 0;
d6e8d8
			$this->acl_options = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				if ($row['is_global'])
d6e8d8
				{
d6e8d8
					$this->acl_options['global'][$row['auth_option']] = $global++;
d6e8d8
				}
d6e8d8
d6e8d8
				if ($row['is_local'])
d6e8d8
				{
d6e8d8
					$this->acl_options['local'][$row['auth_option']] = $local++;
d6e8d8
				}
d6e8d8
d6e8d8
				$this->acl_options['id'][$row['auth_option']] = (int) $row['auth_option_id'];
d6e8d8
				$this->acl_options['option'][(int) $row['auth_option_id']] = $row['auth_option'];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			$cache->put('_acl_options', $this->acl_options);
d6e8d8
		}
d6e8d8
	}
d6e8d8
	
d6e8d8
	/**
d6e8d8
	* Get permission mask
d6e8d8
	* This function only supports getting permissions of one type (for example a_)
d6e8d8
	*
d6e8d8
	* @param set|view $mode defines the permissions we get, view gets effective permissions (checking user AND group permissions), set only gets the user or group permission set alone
d6e8d8
	* @param mixed $user_id user ids to search for (a user_id or a group_id has to be specified at least)
d6e8d8
	* @param mixed $group_id group ids to search for, return group related settings (a user_id or a group_id has to be specified at least)
d6e8d8
	* @param mixed $forum_id forum_ids to search for. Defining a forum id also means getting local settings
d6e8d8
	* @param string $auth_option the auth_option defines the permission setting to look for (a_ for example)
d6e8d8
	* @param local|global $scope the scope defines the permission scope. If local, a forum_id is additionally required
d6e8d8
	* @param ACL_NEVER|ACL_NO|ACL_YES $acl_fill defines the mode those permissions not set are getting filled with
d6e8d8
	*/
d6e8d8
	function get_mask($mode, $user_id = false, $group_id = false, $forum_id = false, $auth_option = false, $scope = false, $acl_fill = ACL_NEVER)
d6e8d8
	{
d6e8d8
		global $db, $user;
d6e8d8
d6e8d8
		$hold_ary = array();
d6e8d8
		$view_user_mask = ($mode == 'view' && $group_id === false) ? true : false;
d6e8d8
d6e8d8
		if ($auth_option === false || $scope === false)
d6e8d8
		{
d6e8d8
			return array();
d6e8d8
		}
d6e8d8
d6e8d8
		$acl_user_function = ($mode == 'set') ? 'acl_user_raw_data' : 'acl_raw_data';
d6e8d8
d6e8d8
		if (!$view_user_mask)
d6e8d8
		{
d6e8d8
			if ($forum_id !== false)
d6e8d8
			{
d6e8d8
				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', $forum_id) : $this->$acl_user_function($user_id, $auth_option . '%', $forum_id);
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				$hold_ary = ($group_id !== false) ? $this->acl_group_raw_data($group_id, $auth_option . '%', ($scope == 'global') ? 0 : false) : $this->$acl_user_function($user_id, $auth_option . '%', ($scope == 'global') ? 0 : false);
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Make sure hold_ary is filled with every setting (prevents missing forums/users/groups)
d6e8d8
		$ug_id = ($group_id !== false) ? ((!is_array($group_id)) ? array($group_id) : $group_id) : ((!is_array($user_id)) ? array($user_id) : $user_id);
d6e8d8
		$forum_ids = ($forum_id !== false) ? ((!is_array($forum_id)) ? array($forum_id) : $forum_id) : (($scope == 'global') ? array(0) : array());
d6e8d8
d6e8d8
		// Only those options we need
d6e8d8
		$compare_options = array_diff(preg_replace('/^((?!' . $auth_option . ').+)|(' . $auth_option . ')$/', '', array_keys($this->acl_options[$scope])), array(''));
d6e8d8
d6e8d8
		// If forum_ids is false and the scope is local we actually want to have all forums within the array
d6e8d8
		if ($scope == 'local' && !sizeof($forum_ids))
d6e8d8
		{
d6e8d8
			$sql = 'SELECT forum_id
d6e8d8
				FROM ' . FORUMS_TABLE;
d6e8d8
			$result = $db->sql_query($sql, 120);
d6e8d8
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$forum_ids[] = (int) $row['forum_id'];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
		}
d6e8d8
d6e8d8
		if ($view_user_mask)
d6e8d8
		{
d6e8d8
			$auth2 = null;
d6e8d8
d6e8d8
			$sql = 'SELECT user_id, user_permissions, user_type
d6e8d8
				FROM ' . USERS_TABLE . '
d6e8d8
				WHERE ' . $db->sql_in_set('user_id', $ug_id);
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			while ($userdata = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				if ($user->data['user_id'] != $userdata['user_id'])
d6e8d8
				{
d6e8d8
					$auth2 = new auth();
d6e8d8
					$auth2->acl($userdata);
d6e8d8
				}
d6e8d8
				else
d6e8d8
				{
d6e8d8
					global $auth;
d6e8d8
					$auth2 = &$auth;
d6e8d8
				}
d6e8d8
d6e8d8
				
d6e8d8
				$hold_ary[$userdata['user_id']] = array();
d6e8d8
				foreach ($forum_ids as $f_id)
d6e8d8
				{
d6e8d8
					$hold_ary[$userdata['user_id']][$f_id] = array();
d6e8d8
					foreach ($compare_options as $option)
d6e8d8
					{
d6e8d8
						$hold_ary[$userdata['user_id']][$f_id][$option] = $auth2->acl_get($option, $f_id);
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			unset($userdata);
d6e8d8
			unset($auth2);
d6e8d8
		}
d6e8d8
d6e8d8
		foreach ($ug_id as $_id)
d6e8d8
		{
d6e8d8
			if (!isset($hold_ary[$_id]))
d6e8d8
			{
d6e8d8
				$hold_ary[$_id] = array();
d6e8d8
			}
d6e8d8
d6e8d8
			foreach ($forum_ids as $f_id)
d6e8d8
			{
d6e8d8
				if (!isset($hold_ary[$_id][$f_id]))
d6e8d8
				{
d6e8d8
					$hold_ary[$_id][$f_id] = array();
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Now, we need to fill the gaps with $acl_fill. ;)
d6e8d8
d6e8d8
		// Now switch back to keys
d6e8d8
		if (sizeof($compare_options))
d6e8d8
		{
d6e8d8
			$compare_options = array_combine($compare_options, array_fill(1, sizeof($compare_options), $acl_fill));
d6e8d8
		}
d6e8d8
d6e8d8
		// Defining the user-function here to save some memory
d6e8d8
		$return_acl_fill = create_function('$value', 'return ' . $acl_fill . ';');
d6e8d8
d6e8d8
		// Actually fill the gaps
d6e8d8
		if (sizeof($hold_ary))
d6e8d8
		{
d6e8d8
			foreach ($hold_ary as $ug_id => $row)
d6e8d8
			{
d6e8d8
				foreach ($row as $id => $options)
d6e8d8
				{
d6e8d8
					// Do not include the global auth_option
d6e8d8
					unset($options[$auth_option]);
d6e8d8
d6e8d8
					// Not a "fine" solution, but at all it's a 1-dimensional
d6e8d8
					// array_diff_key function filling the resulting array values with zeros
d6e8d8
					// The differences get merged into $hold_ary (all permissions having $acl_fill set)
d6e8d8
					$hold_ary[$ug_id][$id] = array_merge($options,
d6e8d8
d6e8d8
						array_map($return_acl_fill,
d6e8d8
							array_flip(
d6e8d8
								array_diff(
d6e8d8
									array_keys($compare_options), array_keys($options)
d6e8d8
								)
d6e8d8
							)
d6e8d8
						)
d6e8d8
					);
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$hold_ary[($group_id !== false) ? $group_id : $user_id][(int) $forum_id] = $compare_options;
d6e8d8
		}
d6e8d8
d6e8d8
		return $hold_ary;
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Get permission mask for roles
d6e8d8
	* This function only supports getting masks for one role
d6e8d8
	*/
d6e8d8
	function get_role_mask($role_id)
d6e8d8
	{
d6e8d8
		global $db;
d6e8d8
d6e8d8
		$hold_ary = array();
d6e8d8
d6e8d8
		// Get users having this role set...
d6e8d8
		$sql = 'SELECT user_id, forum_id
d6e8d8
			FROM ' . ACL_USERS_TABLE . '
d6e8d8
			WHERE auth_role_id = ' . $role_id . '
d6e8d8
			ORDER BY forum_id';
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$hold_ary[$row['forum_id']]['users'][] = $row['user_id'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		// Now grab groups...
d6e8d8
		$sql = 'SELECT group_id, forum_id
d6e8d8
			FROM ' . ACL_GROUPS_TABLE . '
d6e8d8
			WHERE auth_role_id = ' . $role_id . '
d6e8d8
			ORDER BY forum_id';
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$hold_ary[$row['forum_id']]['groups'][] = $row['group_id'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		return $hold_ary;
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Display permission mask (assign to template)
d6e8d8
	*/
d6e8d8
	function display_mask($mode, $permission_type, &$hold_ary, $user_mode = 'user', $local = false, $group_display = true)
d6e8d8
	{
d6e8d8
		global $template, $user, $db, $phpbb_root_path, $phpEx;
d6e8d8
d6e8d8
		// Define names for template loops, might be able to be set
d6e8d8
		$tpl_pmask = 'p_mask';
d6e8d8
		$tpl_fmask = 'f_mask';
d6e8d8
		$tpl_category = 'category';
d6e8d8
		$tpl_mask = 'mask';
d6e8d8
d6e8d8
		$l_acl_type = (isset($user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)])) ? $user->lang['ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type)] : 'ACL_TYPE_' . (($local) ? 'LOCAL' : 'GLOBAL') . '_' . strtoupper($permission_type);
d6e8d8
d6e8d8
		// Allow trace for viewing permissions and in user mode
d6e8d8
		$show_trace = ($mode == 'view' && $user_mode == 'user') ? true : false;
d6e8d8
d6e8d8
		// Get names
d6e8d8
		if ($user_mode == 'user')
d6e8d8
		{
d6e8d8
			$sql = 'SELECT user_id as ug_id, username as ug_name
d6e8d8
				FROM ' . USERS_TABLE . '
d6e8d8
				WHERE ' . $db->sql_in_set('user_id', array_keys($hold_ary)) . '
d6e8d8
				ORDER BY username_clean ASC';
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$sql = 'SELECT group_id as ug_id, group_name as ug_name, group_type
d6e8d8
				FROM ' . GROUPS_TABLE . '
d6e8d8
				WHERE ' . $db->sql_in_set('group_id', array_keys($hold_ary)) . '
d6e8d8
				ORDER BY group_type DESC, group_name ASC';
d6e8d8
		}
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		$ug_names_ary = array();
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$ug_names_ary[$row['ug_id']] = ($user_mode == 'user') ? $row['ug_name'] : (($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['ug_name']] : $row['ug_name']);
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		// Get used forums
d6e8d8
		$forum_ids = array();
d6e8d8
		foreach ($hold_ary as $ug_id => $row)
d6e8d8
		{
d6e8d8
			$forum_ids = array_merge($forum_ids, array_keys($row));
d6e8d8
		}
d6e8d8
		$forum_ids = array_unique($forum_ids);
d6e8d8
d6e8d8
		$forum_names_ary = array();
d6e8d8
		if ($local)
d6e8d8
		{
d6e8d8
			$forum_names_ary = make_forum_select(false, false, true, false, false, false, true);
d6e8d8
d6e8d8
			// Remove the disabled ones, since we do not create an option field here...
d6e8d8
			foreach ($forum_names_ary as $key => $value)
d6e8d8
			{
d6e8d8
				if (!$value['disabled'])
d6e8d8
				{
d6e8d8
					continue;
d6e8d8
				}
d6e8d8
				unset($forum_names_ary[$key]);
d6e8d8
			}
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			$forum_names_ary[0] = $l_acl_type;
d6e8d8
		}
d6e8d8
d6e8d8
		// Get available roles
d6e8d8
		$sql = 'SELECT *
d6e8d8
			FROM ' . ACL_ROLES_TABLE . "
d6e8d8
			WHERE role_type = '" . $db->sql_escape($permission_type) . "'
d6e8d8
			ORDER BY role_order ASC";
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		$roles = array();
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$roles[$row['role_id']] = $row;
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		$cur_roles = $this->acl_role_data($user_mode, $permission_type, array_keys($hold_ary));
d6e8d8
d6e8d8
		// Build js roles array (role data assignments)
d6e8d8
		$s_role_js_array = '';
d6e8d8
		
d6e8d8
		if (sizeof($roles))
d6e8d8
		{
d6e8d8
			$s_role_js_array = array();
d6e8d8
d6e8d8
			// Make sure every role (even if empty) has its array defined
d6e8d8
			foreach ($roles as $_role_id => $null)
d6e8d8
			{
d6e8d8
				$s_role_js_array[$_role_id] = "\n" . 'role_options[' . $_role_id . '] = new Array();' . "\n";
d6e8d8
			}
d6e8d8
d6e8d8
			$sql = 'SELECT r.role_id, o.auth_option, r.auth_setting
d6e8d8
				FROM ' . ACL_ROLES_DATA_TABLE . ' r, ' . ACL_OPTIONS_TABLE . ' o
d6e8d8
				WHERE o.auth_option_id = r.auth_option_id
d6e8d8
					AND ' . $db->sql_in_set('r.role_id', array_keys($roles));
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$flag = substr($row['auth_option'], 0, strpos($row['auth_option'], '_') + 1);
d6e8d8
				if ($flag == $row['auth_option'])
d6e8d8
				{
d6e8d8
					continue;
d6e8d8
				}
d6e8d8
d6e8d8
				$s_role_js_array[$row['role_id']] .= 'role_options[' . $row['role_id'] . '][\'' . addslashes($row['auth_option']) . '\'] = ' . $row['auth_setting'] . '; ';
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			$s_role_js_array = implode('', $s_role_js_array);
d6e8d8
		}
d6e8d8
d6e8d8
		$template->assign_var('S_ROLE_JS_ARRAY', $s_role_js_array);
d6e8d8
		unset($s_role_js_array);
d6e8d8
d6e8d8
		// Now obtain memberships
d6e8d8
		$user_groups_default = $user_groups_custom = array();
d6e8d8
		if ($user_mode == 'user' && $group_display)
d6e8d8
		{
d6e8d8
			$sql = 'SELECT group_id, group_name, group_type
d6e8d8
				FROM ' . GROUPS_TABLE . '
d6e8d8
				ORDER BY group_type DESC, group_name ASC';
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$groups = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$groups[$row['group_id']] = $row;
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			$memberships = group_memberships(false, array_keys($hold_ary), false);
d6e8d8
d6e8d8
			// User is not a member of any group? Bad admin, bad bad admin...
d6e8d8
			if ($memberships)
d6e8d8
			{
d6e8d8
				foreach ($memberships as $row)
d6e8d8
				{
d6e8d8
					if ($groups[$row['group_id']]['group_type'] == GROUP_SPECIAL)
d6e8d8
					{
d6e8d8
						$user_groups_default[$row['user_id']][] = $user->lang['G_' . $groups[$row['group_id']]['group_name']];
d6e8d8
					}
d6e8d8
					else
d6e8d8
					{
d6e8d8
						$user_groups_custom[$row['user_id']][] = $groups[$row['group_id']]['group_name'];
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
			unset($memberships, $groups);
d6e8d8
		}
d6e8d8
d6e8d8
		// If we only have one forum id to display or being in local mode and more than one user/group to display,
d6e8d8
		// we switch the complete interface to group by user/usergroup instead of grouping by forum
d6e8d8
		// To achieve this, we need to switch the array a bit
d6e8d8
		if (sizeof($forum_ids) == 1 || ($local && sizeof($ug_names_ary) > 1))
d6e8d8
		{
d6e8d8
			$hold_ary_temp = $hold_ary;
d6e8d8
			$hold_ary = array();
d6e8d8
			foreach ($hold_ary_temp as $ug_id => $row)
d6e8d8
			{
d6e8d8
				foreach ($forum_names_ary as $forum_id => $forum_row)
d6e8d8
				{
d6e8d8
					if (isset($row[$forum_id]))
d6e8d8
					{
d6e8d8
						$hold_ary[$forum_id][$ug_id] = $row[$forum_id];
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
			unset($hold_ary_temp);
d6e8d8
d6e8d8
			foreach ($hold_ary as $forum_id => $forum_array)
d6e8d8
			{
d6e8d8
				$content_array = $categories = array();
d6e8d8
				$this->build_permission_array($hold_ary[$forum_id], $content_array, $categories, array_keys($ug_names_ary));
d6e8d8
d6e8d8
				$template->assign_block_vars($tpl_pmask, array(
d6e8d8
					'NAME'			=> ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
d6e8d8
					'PADDING'		=> ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
d6e8d8
d6e8d8
					'CATEGORIES'	=> implode('', $categories),
d6e8d8
d6e8d8
					'L_ACL_TYPE'	=> $l_acl_type,
d6e8d8
d6e8d8
					'S_LOCAL'		=> ($local) ? true : false,
d6e8d8
					'S_GLOBAL'		=> (!$local) ? true : false,
d6e8d8
					'S_NUM_CATS'	=> sizeof($categories),
d6e8d8
					'S_VIEW'		=> ($mode == 'view') ? true : false,
d6e8d8
					'S_NUM_OBJECTS'	=> sizeof($content_array),
d6e8d8
					'S_USER_MODE'	=> ($user_mode == 'user') ? true : false,
d6e8d8
					'S_GROUP_MODE'	=> ($user_mode == 'group') ? true : false)
d6e8d8
				);
d6e8d8
d6e8d8
				@reset($content_array);
d6e8d8
				while (list($ug_id, $ug_array) = each($content_array))
d6e8d8
				{
d6e8d8
					// Build role dropdown options
d6e8d8
					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
d6e8d8
d6e8d8
					$s_role_options = '';
d6e8d8
d6e8d8
					@reset($roles);
d6e8d8
					while (list($role_id, $role_row) = each($roles))
d6e8d8
					{
d6e8d8
						$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
d6e8d8
						$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
d6e8d8
d6e8d8
						$title = ($role_description) ? ' title="' . $role_description . '"' : '';
d6e8d8
						$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
d6e8d8
					}
d6e8d8
d6e8d8
					if ($s_role_options)
d6e8d8
					{
d6e8d8
						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
d6e8d8
					}
d6e8d8
d6e8d8
					if (!$current_role_id && $mode != 'view')
d6e8d8
					{
d6e8d8
						$s_custom_permissions = false;
d6e8d8
d6e8d8
						foreach ($ug_array as $key => $value)
d6e8d8
						{
d6e8d8
							if ($value['S_NEVER'] || $value['S_YES'])
d6e8d8
							{
d6e8d8
								$s_custom_permissions = true;
d6e8d8
								break;
d6e8d8
							}
d6e8d8
						}
d6e8d8
					}
d6e8d8
					else
d6e8d8
					{
d6e8d8
						$s_custom_permissions = false;
d6e8d8
					}
d6e8d8
d6e8d8
					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
d6e8d8
						'NAME'				=> $ug_names_ary[$ug_id],
d6e8d8
						'S_ROLE_OPTIONS'	=> $s_role_options,
d6e8d8
						'UG_ID'				=> $ug_id,
d6e8d8
						'S_CUSTOM'			=> $s_custom_permissions,
d6e8d8
						'FORUM_ID'			=> $forum_id)
d6e8d8
					);
d6e8d8
d6e8d8
					$this->assign_cat_array($ug_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
d6e8d8
d6e8d8
					unset($content_array[$ug_id]);
d6e8d8
				}
d6e8d8
d6e8d8
				unset($hold_ary[$forum_id]);
d6e8d8
			}
d6e8d8
		}
d6e8d8
		else
d6e8d8
		{
d6e8d8
			foreach ($ug_names_ary as $ug_id => $ug_name)
d6e8d8
			{
d6e8d8
				if (!isset($hold_ary[$ug_id]))
d6e8d8
				{
d6e8d8
					continue;
d6e8d8
				}
d6e8d8
d6e8d8
				$content_array = $categories = array();
d6e8d8
				$this->build_permission_array($hold_ary[$ug_id], $content_array, $categories, array_keys($forum_names_ary));
d6e8d8
d6e8d8
				$template->assign_block_vars($tpl_pmask, array(
d6e8d8
					'NAME'			=> $ug_name,
d6e8d8
					'CATEGORIES'	=> implode('', $categories),
d6e8d8
d6e8d8
					'USER_GROUPS_DEFAULT'	=> ($user_mode == 'user' && isset($user_groups_default[$ug_id]) && sizeof($user_groups_default[$ug_id])) ? implode(', ', $user_groups_default[$ug_id]) : '',
d6e8d8
					'USER_GROUPS_CUSTOM'	=> ($user_mode == 'user' && isset($user_groups_custom[$ug_id]) && sizeof($user_groups_custom[$ug_id])) ? implode(', ', $user_groups_custom[$ug_id]) : '',
d6e8d8
					'L_ACL_TYPE'			=> $l_acl_type,
d6e8d8
d6e8d8
					'S_LOCAL'		=> ($local) ? true : false,
d6e8d8
					'S_GLOBAL'		=> (!$local) ? true : false,
d6e8d8
					'S_NUM_CATS'	=> sizeof($categories),
d6e8d8
					'S_VIEW'		=> ($mode == 'view') ? true : false,
d6e8d8
					'S_NUM_OBJECTS'	=> sizeof($content_array),
d6e8d8
					'S_USER_MODE'	=> ($user_mode == 'user') ? true : false,
d6e8d8
					'S_GROUP_MODE'	=> ($user_mode == 'group') ? true : false)
d6e8d8
				);
d6e8d8
d6e8d8
				@reset($content_array);
d6e8d8
				while (list($forum_id, $forum_array) = each($content_array))
d6e8d8
				{
d6e8d8
					// Build role dropdown options
d6e8d8
					$current_role_id = (isset($cur_roles[$ug_id][$forum_id])) ? $cur_roles[$ug_id][$forum_id] : 0;
d6e8d8
d6e8d8
					$s_role_options = '';
d6e8d8
d6e8d8
					@reset($roles);
d6e8d8
					while (list($role_id, $role_row) = each($roles))
d6e8d8
					{
d6e8d8
						$role_description = (!empty($user->lang[$role_row['role_description']])) ? $user->lang[$role_row['role_description']] : nl2br($role_row['role_description']);
d6e8d8
						$role_name = (!empty($user->lang[$role_row['role_name']])) ? $user->lang[$role_row['role_name']] : $role_row['role_name'];
d6e8d8
d6e8d8
						$title = ($role_description) ? ' title="' . $role_description . '"' : '';
d6e8d8
						$s_role_options .= '<option value="' . $role_id . '"' . (($role_id == $current_role_id) ? ' selected="selected"' : '') . $title . '>' . $role_name . '</option>';
d6e8d8
					}
d6e8d8
d6e8d8
					if ($s_role_options)
d6e8d8
					{
d6e8d8
						$s_role_options = '<option value="0"' . ((!$current_role_id) ? ' selected="selected"' : '') . ' title="' . htmlspecialchars($user->lang['NO_ROLE_ASSIGNED_EXPLAIN']) . '">' . $user->lang['NO_ROLE_ASSIGNED'] . '</option>' . $s_role_options;
d6e8d8
					}
d6e8d8
d6e8d8
					if (!$current_role_id && $mode != 'view')
d6e8d8
					{
d6e8d8
						$s_custom_permissions = false;
d6e8d8
d6e8d8
						foreach ($forum_array as $key => $value)
d6e8d8
						{
d6e8d8
							if ($value['S_NEVER'] || $value['S_YES'])
d6e8d8
							{
d6e8d8
								$s_custom_permissions = true;
d6e8d8
								break;
d6e8d8
							}
d6e8d8
						}
d6e8d8
					}
d6e8d8
					else
d6e8d8
					{
d6e8d8
						$s_custom_permissions = false;
d6e8d8
					}
d6e8d8
d6e8d8
					$template->assign_block_vars($tpl_pmask . '.' . $tpl_fmask, array(
d6e8d8
						'NAME'				=> ($forum_id == 0) ? $forum_names_ary[0] : $forum_names_ary[$forum_id]['forum_name'],
d6e8d8
						'PADDING'			=> ($forum_id == 0) ? '' : $forum_names_ary[$forum_id]['padding'],
d6e8d8
						'S_ROLE_OPTIONS'	=> $s_role_options,
d6e8d8
						'S_CUSTOM'			=> $s_custom_permissions,
d6e8d8
						'UG_ID'				=> $ug_id,
d6e8d8
						'FORUM_ID'			=> $forum_id)
d6e8d8
					);
d6e8d8
d6e8d8
					$this->assign_cat_array($forum_array, $tpl_pmask . '.' . $tpl_fmask . '.' . $tpl_category, $tpl_mask, $ug_id, $forum_id, $show_trace, ($mode == 'view'));
d6e8d8
				}
d6e8d8
d6e8d8
				unset($hold_ary[$ug_id], $ug_names_ary[$ug_id]);
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Display permission mask for roles
d6e8d8
	*/
d6e8d8
	function display_role_mask(&$hold_ary)
d6e8d8
	{
d6e8d8
		global $db, $template, $user, $phpbb_root_path, $phpbb_admin_path, $phpEx;
d6e8d8
d6e8d8
		if (!sizeof($hold_ary))
d6e8d8
		{
d6e8d8
			return;
d6e8d8
		}
d6e8d8
d6e8d8
		// Get forum names
d6e8d8
		$sql = 'SELECT forum_id, forum_name
d6e8d8
			FROM ' . FORUMS_TABLE . '
d6e8d8
			WHERE ' . $db->sql_in_set('forum_id', array_keys($hold_ary)) . '
d6e8d8
			ORDER BY left_id';
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		// If the role is used globally, then reflect that
d6e8d8
		$forum_names = (isset($hold_ary[0])) ? array(0 => '') : array();
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$forum_names[$row['forum_id']] = $row['forum_name'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		foreach ($forum_names as $forum_id => $forum_name)
d6e8d8
		{
d6e8d8
			$auth_ary = $hold_ary[$forum_id];
d6e8d8
d6e8d8
			$template->assign_block_vars('role_mask', array(
d6e8d8
				'NAME'				=> ($forum_id == 0) ? $user->lang['GLOBAL_MASK'] : $forum_name,
d6e8d8
				'FORUM_ID'			=> $forum_id)
d6e8d8
			);
d6e8d8
d6e8d8
			if (isset($auth_ary['users']) && sizeof($auth_ary['users']))
d6e8d8
			{
d6e8d8
				$sql = 'SELECT user_id, username
d6e8d8
					FROM ' . USERS_TABLE . '
d6e8d8
					WHERE ' . $db->sql_in_set('user_id', $auth_ary['users']) . '
d6e8d8
					ORDER BY username_clean ASC';
d6e8d8
				$result = $db->sql_query($sql);
d6e8d8
d6e8d8
				while ($row = $db->sql_fetchrow($result))
d6e8d8
				{
d6e8d8
					$template->assign_block_vars('role_mask.users', array(
d6e8d8
						'USER_ID'		=> $row['user_id'],
d6e8d8
						'USERNAME'		=> $row['username'],
d6e8d8
						'U_PROFILE'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=viewprofile&u={$row['user_id']}"))
d6e8d8
					);
d6e8d8
				}
d6e8d8
				$db->sql_freeresult($result);
d6e8d8
			}
d6e8d8
d6e8d8
			if (isset($auth_ary['groups']) && sizeof($auth_ary['groups']))
d6e8d8
			{
d6e8d8
				$sql = 'SELECT group_id, group_name, group_type
d6e8d8
					FROM ' . GROUPS_TABLE . '
d6e8d8
					WHERE ' . $db->sql_in_set('group_id', $auth_ary['groups']) . '
d6e8d8
					ORDER BY group_type ASC, group_name';
d6e8d8
				$result = $db->sql_query($sql);
d6e8d8
d6e8d8
				while ($row = $db->sql_fetchrow($result))
d6e8d8
				{
d6e8d8
					$template->assign_block_vars('role_mask.groups', array(
d6e8d8
						'GROUP_ID'		=> $row['group_id'],
d6e8d8
						'GROUP_NAME'	=> ($row['group_type'] == GROUP_SPECIAL) ? $user->lang['G_' . $row['group_name']] : $row['group_name'],
d6e8d8
						'U_PROFILE'		=> append_sid("{$phpbb_root_path}memberlist.$phpEx", "mode=group&g={$row['group_id']}"))
d6e8d8
					);
d6e8d8
				}
d6e8d8
				$db->sql_freeresult($result);
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* NOTE: this function is not in use atm
d6e8d8
	* Add a new option to the list ... $options is a hash of form ->
d6e8d8
	* $options = array(
d6e8d8
	*	'local'		=> array('option1', 'option2', ...),
d6e8d8
	*	'global'	=> array('optionA', 'optionB', ...)
d6e8d8
	* );
d6e8d8
	*/
d6e8d8
	function acl_add_option($options)
d6e8d8
	{
d6e8d8
		global $db, $cache;
d6e8d8
d6e8d8
		if (!is_array($options))
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
d6e8d8
		$cur_options = array();
d6e8d8
d6e8d8
		$sql = 'SELECT auth_option, is_global, is_local
d6e8d8
			FROM ' . ACL_OPTIONS_TABLE . '
d6e8d8
			ORDER BY auth_option_id';
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			if ($row['is_global'])
d6e8d8
			{
d6e8d8
				$cur_options['global'][] = $row['auth_option'];
d6e8d8
			}
d6e8d8
d6e8d8
			if ($row['is_local'])
d6e8d8
			{
d6e8d8
				$cur_options['local'][] = $row['auth_option'];
d6e8d8
			}
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		// Here we need to insert new options ... this requires discovering whether
d6e8d8
		// an options is global, local or both and whether we need to add an permission
d6e8d8
		// set flag (x_)
d6e8d8
		$new_options = array('local' => array(), 'global' => array());
d6e8d8
d6e8d8
		foreach ($options as $type => $option_ary)
d6e8d8
		{
d6e8d8
			$option_ary = array_unique($option_ary);
d6e8d8
d6e8d8
			foreach ($option_ary as $option_value)
d6e8d8
			{
d6e8d8
				if (!in_array($option_value, $cur_options[$type]))
d6e8d8
				{
d6e8d8
					$new_options[$type][] = $option_value;
d6e8d8
				}
d6e8d8
d6e8d8
				$flag = substr($option_value, 0, strpos($option_value, '_') + 1);
d6e8d8
d6e8d8
				if (!in_array($flag, $cur_options[$type]) && !in_array($flag, $new_options[$type]))
d6e8d8
				{
d6e8d8
					$new_options[$type][] = $flag;
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
		unset($options);
d6e8d8
d6e8d8
		$options = array();
d6e8d8
		$options['local'] = array_diff($new_options['local'], $new_options['global']);
d6e8d8
		$options['global'] = array_diff($new_options['global'], $new_options['local']);
d6e8d8
		$options['local_global'] = array_intersect($new_options['local'], $new_options['global']);
d6e8d8
d6e8d8
		$sql_ary = array();
d6e8d8
d6e8d8
		foreach ($options as $type => $option_ary)
d6e8d8
		{
d6e8d8
			foreach ($option_ary as $option)
d6e8d8
			{
d6e8d8
				$sql_ary[] = array(
d6e8d8
					'auth_option'	=> (string) $option,
d6e8d8
					'is_global'		=> ($type == 'global' || $type == 'local_global') ? 1 : 0,
d6e8d8
					'is_local'		=> ($type == 'local' || $type == 'local_global') ? 1 : 0
d6e8d8
				);
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		$db->sql_multi_insert(ACL_OPTIONS_TABLE, $sql_ary);
d6e8d8
d6e8d8
		$cache->destroy('_acl_options');
d6e8d8
		$this->acl_clear_prefetch();
d6e8d8
d6e8d8
		// Because we just changed the options and also purged the options cache, we instantly update/regenerate it for later calls to succeed.
d6e8d8
		$this->acl_options = array();
d6e8d8
		$this->auth_admin();
d6e8d8
d6e8d8
		return true;
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Set a user or group ACL record
d6e8d8
	*/
d6e8d8
	function acl_set($ug_type, $forum_id, $ug_id, $auth, $role_id = 0, $clear_prefetch = true)
d6e8d8
	{
d6e8d8
		global $db;
d6e8d8
d6e8d8
		// One or more forums
d6e8d8
		if (!is_array($forum_id))
d6e8d8
		{
d6e8d8
			$forum_id = array($forum_id);
d6e8d8
		}
d6e8d8
d6e8d8
		// One or more users
d6e8d8
		if (!is_array($ug_id))
d6e8d8
		{
d6e8d8
			$ug_id = array($ug_id);
d6e8d8
		}
d6e8d8
d6e8d8
		$ug_id_sql = $db->sql_in_set($ug_type . '_id', array_map('intval', $ug_id));
d6e8d8
		$forum_sql = $db->sql_in_set('forum_id', array_map('intval', $forum_id));
d6e8d8
d6e8d8
		// Instead of updating, inserting, removing we just remove all current settings and re-set everything...
d6e8d8
		$table = ($ug_type == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
d6e8d8
		$id_field = $ug_type . '_id';
d6e8d8
d6e8d8
		// Get any flags as required
d6e8d8
		reset($auth);
d6e8d8
		$flag = key($auth);
d6e8d8
		$flag = substr($flag, 0, strpos($flag, '_') + 1);
d6e8d8
		
d6e8d8
		// This ID (the any-flag) is set if one or more permissions are true...
d6e8d8
		$any_option_id = (int) $this->acl_options['id'][$flag];
d6e8d8
d6e8d8
		// Remove any-flag from auth ary
d6e8d8
		if (isset($auth[$flag]))
d6e8d8
		{
d6e8d8
			unset($auth[$flag]);
d6e8d8
		}
d6e8d8
d6e8d8
		// Remove current auth options...
d6e8d8
		$auth_option_ids = array((int)$any_option_id);
d6e8d8
		foreach ($auth as $auth_option => $auth_setting)
d6e8d8
		{
d6e8d8
			$auth_option_ids[] = (int) $this->acl_options['id'][$auth_option];
d6e8d8
		}
d6e8d8
d6e8d8
		$sql = "DELETE FROM $table
d6e8d8
			WHERE $forum_sql
d6e8d8
				AND $ug_id_sql
d6e8d8
				AND " . $db->sql_in_set('auth_option_id', $auth_option_ids);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		// Remove those having a role assigned... the correct type of course...
d6e8d8
		$sql = 'SELECT role_id
d6e8d8
			FROM ' . ACL_ROLES_TABLE . "
d6e8d8
			WHERE role_type = '" . $db->sql_escape($flag) . "'";
d6e8d8
		$result = $db->sql_query($sql);
d6e8d8
d6e8d8
		$role_ids = array();
d6e8d8
		while ($row = $db->sql_fetchrow($result))
d6e8d8
		{
d6e8d8
			$role_ids[] = $row['role_id'];
d6e8d8
		}
d6e8d8
		$db->sql_freeresult($result);
d6e8d8
d6e8d8
		if (sizeof($role_ids))
d6e8d8
		{
d6e8d8
			$sql = "DELETE FROM $table
d6e8d8
				WHERE $forum_sql
d6e8d8
					AND $ug_id_sql
d6e8d8
					AND auth_option_id = 0
d6e8d8
					AND " . $db->sql_in_set('auth_role_id', $role_ids);
d6e8d8
			$db->sql_query($sql);
d6e8d8
		}
d6e8d8
d6e8d8
		// Ok, include the any-flag if one or more auth options are set to yes...
d6e8d8
		foreach ($auth as $auth_option => $setting)
d6e8d8
		{
d6e8d8
			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
d6e8d8
			{
d6e8d8
				$auth[$flag] = ACL_YES;
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		$sql_ary = array();
d6e8d8
		foreach ($forum_id as $forum)
d6e8d8
		{
d6e8d8
			$forum = (int) $forum;
d6e8d8
d6e8d8
			if ($role_id)
d6e8d8
			{
d6e8d8
				foreach ($ug_id as $id)
d6e8d8
				{
d6e8d8
					$sql_ary[] = array(
d6e8d8
						$id_field			=> (int) $id,
d6e8d8
						'forum_id'			=> (int) $forum,
d6e8d8
						'auth_option_id'	=> 0,
d6e8d8
						'auth_setting'		=> 0,
d6e8d8
						'auth_role_id'		=> (int) $role_id,
d6e8d8
					);
d6e8d8
				}
d6e8d8
			}
d6e8d8
			else
d6e8d8
			{
d6e8d8
				foreach ($auth as $auth_option => $setting)
d6e8d8
				{
d6e8d8
					$auth_option_id = (int) $this->acl_options['id'][$auth_option];
d6e8d8
d6e8d8
					if ($setting != ACL_NO)
d6e8d8
					{
d6e8d8
						foreach ($ug_id as $id)
d6e8d8
						{
d6e8d8
							$sql_ary[] = array(
d6e8d8
								$id_field			=> (int) $id,
d6e8d8
								'forum_id'			=> (int) $forum,
d6e8d8
								'auth_option_id'	=> (int) $auth_option_id,
d6e8d8
								'auth_setting'		=> (int) $setting
d6e8d8
							);
d6e8d8
						}
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		$db->sql_multi_insert($table, $sql_ary);
d6e8d8
d6e8d8
		if ($clear_prefetch)
d6e8d8
		{
d6e8d8
			$this->acl_clear_prefetch();
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Set a role-specific ACL record
d6e8d8
	*/
d6e8d8
	function acl_set_role($role_id, $auth)
d6e8d8
	{
d6e8d8
		global $db;
d6e8d8
d6e8d8
		// Get any-flag as required
d6e8d8
		reset($auth);
d6e8d8
		$flag = key($auth);
d6e8d8
		$flag = substr($flag, 0, strpos($flag, '_') + 1);
d6e8d8
		
d6e8d8
		// Remove any-flag from auth ary
d6e8d8
		if (isset($auth[$flag]))
d6e8d8
		{
d6e8d8
			unset($auth[$flag]);
d6e8d8
		}
d6e8d8
d6e8d8
		// Re-set any flag...
d6e8d8
		foreach ($auth as $auth_option => $setting)
d6e8d8
		{
d6e8d8
			if ($setting == ACL_YES && (!isset($auth[$flag]) || $auth[$flag] == ACL_NEVER))
d6e8d8
			{
d6e8d8
				$auth[$flag] = ACL_YES;
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		$sql_ary = array();
d6e8d8
		foreach ($auth as $auth_option => $setting)
d6e8d8
		{
d6e8d8
			$auth_option_id = (int) $this->acl_options['id'][$auth_option];
d6e8d8
d6e8d8
			if ($setting != ACL_NO)
d6e8d8
			{
d6e8d8
				$sql_ary[] = array(
d6e8d8
					'role_id'			=> (int) $role_id,
d6e8d8
					'auth_option_id'	=> (int) $auth_option_id,
d6e8d8
					'auth_setting'		=> (int) $setting
d6e8d8
				);
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// If no data is there, we set the any-flag to ACL_NEVER...
d6e8d8
		if (!sizeof($sql_ary))
d6e8d8
		{
d6e8d8
			$sql_ary[] = array(
d6e8d8
				'role_id'			=> (int) $role_id,
d6e8d8
				'auth_option_id'	=> (int) $this->acl_options['id'][$flag],
d6e8d8
				'auth_setting'		=> ACL_NEVER
d6e8d8
			);
d6e8d8
		}
d6e8d8
d6e8d8
		// Remove current auth options...
d6e8d8
		$sql = 'DELETE FROM ' . ACL_ROLES_DATA_TABLE . '
d6e8d8
			WHERE role_id = ' . $role_id;
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		// Now insert the new values
d6e8d8
		$db->sql_multi_insert(ACL_ROLES_DATA_TABLE, $sql_ary);
d6e8d8
d6e8d8
		$this->acl_clear_prefetch();
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Remove local permission
d6e8d8
	*/
d6e8d8
	function acl_delete($mode, $ug_id = false, $forum_id = false, $permission_type = false)
d6e8d8
	{
d6e8d8
		global $db;
d6e8d8
d6e8d8
		if ($ug_id === false && $forum_id === false)
d6e8d8
		{
d6e8d8
			return;
d6e8d8
		}
d6e8d8
d6e8d8
		$option_id_ary = array();
d6e8d8
		$table = ($mode == 'user') ? ACL_USERS_TABLE : ACL_GROUPS_TABLE;
d6e8d8
		$id_field = $mode . '_id';
d6e8d8
d6e8d8
		$where_sql = array();
d6e8d8
d6e8d8
		if ($forum_id !== false)
d6e8d8
		{
d6e8d8
			$where_sql[] = (!is_array($forum_id)) ? 'forum_id = ' . (int) $forum_id : $db->sql_in_set('forum_id', array_map('intval', $forum_id));
d6e8d8
		}
d6e8d8
d6e8d8
		if ($ug_id !== false)
d6e8d8
		{
d6e8d8
			$where_sql[] = (!is_array($ug_id)) ? $id_field . ' = ' . (int) $ug_id : $db->sql_in_set($id_field, array_map('intval', $ug_id));
d6e8d8
		}
d6e8d8
d6e8d8
		// There seem to be auth options involved, therefore we need to go through the list and make sure we capture roles correctly
d6e8d8
		if ($permission_type !== false)
d6e8d8
		{
d6e8d8
			// Get permission type
d6e8d8
			$sql = 'SELECT auth_option, auth_option_id
d6e8d8
				FROM ' . ACL_OPTIONS_TABLE . "
d6e8d8
				WHERE auth_option " . $db->sql_like_expression($permission_type . $db->any_char);
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$auth_id_ary = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$option_id_ary[] = $row['auth_option_id'];
d6e8d8
				$auth_id_ary[$row['auth_option']] = ACL_NO;
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			// First of all, lets grab the items having roles with the specified auth options assigned
d6e8d8
			$sql = "SELECT auth_role_id, $id_field, forum_id
d6e8d8
				FROM $table, " . ACL_ROLES_TABLE . " r
d6e8d8
				WHERE auth_role_id <> 0
d6e8d8
					AND auth_role_id = r.role_id
d6e8d8
					AND r.role_type = '{$permission_type}'
d6e8d8
					AND " . implode(' AND ', $where_sql) . '
d6e8d8
				ORDER BY auth_role_id';
d6e8d8
			$result = $db->sql_query($sql);
d6e8d8
d6e8d8
			$cur_role_auth = array();
d6e8d8
			while ($row = $db->sql_fetchrow($result))
d6e8d8
			{
d6e8d8
				$cur_role_auth[$row['auth_role_id']][$row['forum_id']][] = $row[$id_field];
d6e8d8
			}
d6e8d8
			$db->sql_freeresult($result);
d6e8d8
d6e8d8
			// Get role data for resetting data
d6e8d8
			if (sizeof($cur_role_auth))
d6e8d8
			{
d6e8d8
				$sql = 'SELECT ao.auth_option, rd.role_id, rd.auth_setting
d6e8d8
					FROM ' . ACL_OPTIONS_TABLE . ' ao, ' . ACL_ROLES_DATA_TABLE . ' rd
d6e8d8
					WHERE ao.auth_option_id = rd.auth_option_id
d6e8d8
						AND ' . $db->sql_in_set('rd.role_id', array_keys($cur_role_auth));
d6e8d8
				$result = $db->sql_query($sql);
d6e8d8
d6e8d8
				$auth_settings = array();
d6e8d8
				while ($row = $db->sql_fetchrow($result))
d6e8d8
				{
d6e8d8
					// We need to fill all auth_options, else setting it will fail...
d6e8d8
					if (!isset($auth_settings[$row['role_id']]))
d6e8d8
					{
d6e8d8
						$auth_settings[$row['role_id']] = $auth_id_ary;
d6e8d8
					}
d6e8d8
					$auth_settings[$row['role_id']][$row['auth_option']] = $row['auth_setting'];
d6e8d8
				}
d6e8d8
				$db->sql_freeresult($result);
d6e8d8
d6e8d8
				// Set the options
d6e8d8
				foreach ($cur_role_auth as $role_id => $auth_row)
d6e8d8
				{
d6e8d8
					foreach ($auth_row as $f_id => $ug_row)
d6e8d8
					{
d6e8d8
						$this->acl_set($mode, $f_id, $ug_row, $auth_settings[$role_id], 0, false);
d6e8d8
					}
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Now, normally remove permissions...
d6e8d8
		if ($permission_type !== false)
d6e8d8
		{
d6e8d8
			$where_sql[] = $db->sql_in_set('auth_option_id', array_map('intval', $option_id_ary));
d6e8d8
		}
d6e8d8
		
d6e8d8
		$sql = "DELETE FROM $table
d6e8d8
			WHERE " . implode(' AND ', $where_sql);
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		$this->acl_clear_prefetch();
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Assign category to template
d6e8d8
	* used by display_mask()
d6e8d8
	*/
d6e8d8
	function assign_cat_array(&$category_array, $tpl_cat, $tpl_mask, $ug_id, $forum_id, $show_trace = false, $s_view)
d6e8d8
	{
d6e8d8
		global $template, $user, $phpbb_admin_path, $phpEx;
d6e8d8
d6e8d8
		@reset($category_array);
d6e8d8
		while (list($cat, $cat_array) = each($category_array))
d6e8d8
		{
d6e8d8
			$template->assign_block_vars($tpl_cat, array(
d6e8d8
				'S_YES'		=> ($cat_array['S_YES'] && !$cat_array['S_NEVER'] && !$cat_array['S_NO']) ? true : false,
d6e8d8
				'S_NEVER'	=> ($cat_array['S_NEVER'] && !$cat_array['S_YES'] && !$cat_array['S_NO']) ? true : false,
d6e8d8
				'S_NO'		=> ($cat_array['S_NO'] && !$cat_array['S_NEVER'] && !$cat_array['S_YES']) ? true : false,
d6e8d8
							
d6e8d8
				'CAT_NAME'	=> $user->lang['permission_cat'][$cat])
d6e8d8
			);
d6e8d8
d6e8d8
			/*	Sort permissions by name (more naturaly and user friendly than sorting by a primary key)
d6e8d8
			*	Commented out due to it's memory consumption and time needed
d6e8d8
			*
d6e8d8
			$key_array = array_intersect(array_keys($user->lang), array_map(create_function('$a', 'return "acl_" . $a;'), array_keys($cat_array['permissions'])));
d6e8d8
			$values_array = $cat_array['permissions'];
d6e8d8
d6e8d8
			$cat_array['permissions'] = array();
d6e8d8
d6e8d8
			foreach ($key_array as $key)
d6e8d8
			{
d6e8d8
				$key = str_replace('acl_', '', $key);
d6e8d8
				$cat_array['permissions'][$key] = $values_array[$key];
d6e8d8
			}
d6e8d8
			unset($key_array, $values_array);
d6e8d8
*/
d6e8d8
			@reset($cat_array['permissions']);
d6e8d8
			while (list($permission, $allowed) = each($cat_array['permissions']))
d6e8d8
			{
d6e8d8
				if ($s_view)
d6e8d8
				{
d6e8d8
					$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
d6e8d8
						'S_YES'		=> ($allowed == ACL_YES) ? true : false,
d6e8d8
						'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
d6e8d8
d6e8d8
						'UG_ID'			=> $ug_id,
d6e8d8
						'FORUM_ID'		=> $forum_id,
d6e8d8
						'FIELD_NAME'	=> $permission,
d6e8d8
						'S_FIELD_NAME'	=> 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
d6e8d8
d6e8d8
						'U_TRACE'		=> ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
d6e8d8
						'UA_TRACE'		=> ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
d6e8d8
d6e8d8
						'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
d6e8d8
					);
d6e8d8
				}
d6e8d8
				else
d6e8d8
				{
d6e8d8
					$template->assign_block_vars($tpl_cat . '.' . $tpl_mask, array(
d6e8d8
						'S_YES'		=> ($allowed == ACL_YES) ? true : false,
d6e8d8
						'S_NEVER'	=> ($allowed == ACL_NEVER) ? true : false,
d6e8d8
						'S_NO'		=> ($allowed == ACL_NO) ? true : false,
d6e8d8
d6e8d8
						'UG_ID'			=> $ug_id,
d6e8d8
						'FORUM_ID'		=> $forum_id,
d6e8d8
						'FIELD_NAME'	=> $permission,
d6e8d8
						'S_FIELD_NAME'	=> 'setting[' . $ug_id . '][' . $forum_id . '][' . $permission . ']',
d6e8d8
d6e8d8
						'U_TRACE'		=> ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission") : '',
d6e8d8
						'UA_TRACE'		=> ($show_trace) ? append_sid("{$phpbb_admin_path}index.$phpEx", "i=permissions&mode=trace&u=$ug_id&f=$forum_id&auth=$permission", false) : '',
d6e8d8
d6e8d8
						'PERMISSION'	=> $user->lang['acl_' . $permission]['lang'])
d6e8d8
					);
d6e8d8
				}
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Building content array from permission rows with explicit key ordering
d6e8d8
	* used by display_mask()
d6e8d8
	*/
d6e8d8
	function build_permission_array(&$permission_row, &$content_array, &$categories, $key_sort_array)
d6e8d8
	{
d6e8d8
		global $user;
d6e8d8
d6e8d8
		foreach ($key_sort_array as $forum_id)
d6e8d8
		{
d6e8d8
			if (!isset($permission_row[$forum_id]))
d6e8d8
			{
d6e8d8
				continue;
d6e8d8
			}
d6e8d8
d6e8d8
			$permissions = $permission_row[$forum_id];
d6e8d8
			ksort($permissions);
d6e8d8
d6e8d8
			@reset($permissions);
d6e8d8
			while (list($permission, $auth_setting) = each($permissions))
d6e8d8
			{
d6e8d8
				if (!isset($user->lang['acl_' . $permission]))
d6e8d8
				{
d6e8d8
					$user->lang['acl_' . $permission] = array(
d6e8d8
						'cat'	=> 'misc',
d6e8d8
						'lang'	=> '{ acl_' . $permission . ' }'
d6e8d8
					);
d6e8d8
				}
d6e8d8
			
d6e8d8
				$cat = $user->lang['acl_' . $permission]['cat'];
d6e8d8
			
d6e8d8
				// Build our categories array
d6e8d8
				if (!isset($categories[$cat]))
d6e8d8
				{
d6e8d8
					$categories[$cat] = $user->lang['permission_cat'][$cat];
d6e8d8
				}
d6e8d8
d6e8d8
				// Build our content array
d6e8d8
				if (!isset($content_array[$forum_id]))
d6e8d8
				{
d6e8d8
					$content_array[$forum_id] = array();
d6e8d8
				}
d6e8d8
d6e8d8
				if (!isset($content_array[$forum_id][$cat]))
d6e8d8
				{
d6e8d8
					$content_array[$forum_id][$cat] = array(
d6e8d8
						'S_YES'			=> false,
d6e8d8
						'S_NEVER'		=> false,
d6e8d8
						'S_NO'			=> false,
d6e8d8
						'permissions'	=> array(),
d6e8d8
					);
d6e8d8
				}
d6e8d8
d6e8d8
				$content_array[$forum_id][$cat]['S_YES'] |= ($auth_setting == ACL_YES) ? true : false;
d6e8d8
				$content_array[$forum_id][$cat]['S_NEVER'] |= ($auth_setting == ACL_NEVER) ? true : false;
d6e8d8
				$content_array[$forum_id][$cat]['S_NO'] |= ($auth_setting == ACL_NO) ? true : false;
d6e8d8
d6e8d8
				$content_array[$forum_id][$cat]['permissions'][$permission] = $auth_setting;
d6e8d8
			}
d6e8d8
		}
d6e8d8
	}
d6e8d8
d6e8d8
	/**
d6e8d8
	* Use permissions from another user. This transferes a permission set from one user to another.
d6e8d8
	* The other user is always able to revert back to his permission set.
d6e8d8
	* This function does not check for lower/higher permissions, it is possible for the user to gain
d6e8d8
	* "more" permissions by this.
d6e8d8
	* Admin permissions will not be copied.
d6e8d8
	*/
d6e8d8
	function ghost_permissions($from_user_id, $to_user_id)
d6e8d8
	{
d6e8d8
		global $db;
d6e8d8
d6e8d8
		if ($to_user_id == ANONYMOUS)
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
d6e8d8
		$hold_ary = $this->acl_raw_data_single_user($from_user_id);
d6e8d8
d6e8d8
		// Key 0 in $hold_ary are global options, all others are forum_ids
d6e8d8
d6e8d8
		// We disallow copying admin permissions
d6e8d8
		foreach ($this->acl_options['global'] as $opt => $id)
d6e8d8
		{
d6e8d8
			if (strpos($opt, 'a_') === 0)
d6e8d8
			{
d6e8d8
				$hold_ary[0][$this->acl_options['id'][$opt]] = ACL_NEVER;
d6e8d8
			}
d6e8d8
		}
d6e8d8
d6e8d8
		// Force a_switchperm to be allowed
d6e8d8
		$hold_ary[0][$this->acl_options['id']['a_switchperm']] = ACL_YES;
d6e8d8
d6e8d8
		$user_permissions = $this->build_bitstring($hold_ary);
d6e8d8
d6e8d8
		if (!$user_permissions)
d6e8d8
		{
d6e8d8
			return false;
d6e8d8
		}
d6e8d8
d6e8d8
		$sql = 'UPDATE ' . USERS_TABLE . "
d6e8d8
			SET user_permissions = '" . $db->sql_escape($user_permissions) . "',
d6e8d8
				user_perm_from = $from_user_id
d6e8d8
			WHERE user_id = " . $to_user_id;
d6e8d8
		$db->sql_query($sql);
d6e8d8
d6e8d8
		return true;
d6e8d8
	}
d6e8d8
}
d6e8d8
d6e8d8
?>