Location: PHPKode > projects > QuickSilver Forum > admincp/sources/perms.php
<?php
/**
 * Quicksilver Forums
 * Copyright (c) 2005-2008 The Quicksilver Forums Development Team
 *  http://www.quicksilverforums.com/
 * 
 * Based on MercuryBoard
 * Copyright (c) 2001-2005 The Mercury Development Team
 *  http://www.mercuryboard.com/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 **/

if (!defined('QUICKSILVERFORUMS') || !defined('QSF_ADMIN')) {
	header('HTTP/1.0 403 Forbidden');
	die;
}

require_once $set['include_path'] . '/admincp/admin.php';

class perms extends admin
{
	function execute()
	{
		$perms_obj = new $this->modules['permissions']($this);

		if (isset($this->get['s']) && ($this->get['s'] == 'user')) {
			if (!isset($this->get['id'])) {
				header("Location: $this->self?a=member&amp;s=perms");
			}

			$this->post['group'] = intval($this->get['id']);

			$mode  = 'user';
			$title = 'User Control';
			$link  = '&amp;s=user&amp;id=' . $this->post['group'];

			$perms_obj->get_perms(-1, $this->post['group']);
		} else {
			if (!isset($this->post['group'])) {
				return $this->message('User Groups', "
				<form action='$this->self?a=perms' method='post'><div>
					{$this->lang->perms_edit_for}
					<select name='group'>
					" . $this->htmlwidgets->select_groups(-1) . "
					</select>
					<input type='submit' value='{$this->lang->submit}' /></div>
				</form>");
			}

			$this->post['group'] = intval($this->post['group']);

			$mode  = 'group';
			$title = $this->lang->perms_title;
			$link  = null;

			$perms_obj->get_perms($this->post['group'], -1);
		}

		$this->set_title($title);
		$this->tree($title);

		$forums_only = $this->db->query('SELECT forum_id, forum_name FROM %pforums ORDER BY forum_name');

		$forums_list = array();
		while ($forum = $this->db->nqfetch($forums_only))
		{
			$forums_list[] = $forum;
		}

		$perms = array(
				'board_view'		=> $this->lang->perms_board_view,
				'board_view_closed'	=> $this->lang->perms_board_view_closed,
				'do_anything'		=> $this->lang->perms_do_anything,
				'is_admin'		=> $this->lang->perms_is_admin,
				'edit_avatar'		=> $this->lang->perms_edit_avatar,
				'edit_profile'		=> $this->lang->perms_edit_profile,
				'edit_sig'		=> $this->lang->perms_edit_sig,
				'email_use'		=> $this->lang->perms_email_use,
				'topic_global'		=> $this->lang->perms_topic_global,
				'pm_noflood'		=> $this->lang->perms_pm_noflood,
				'search_noflood'	=> $this->lang->perms_search_noflood,
				'forum_view'		=> $this->lang->perms_forum_view,
				'post_viewip'		=> $this->lang->perms_post_viewip,
				'topic_view'		=> $this->lang->perms_topic_view,
				'topic_view_unpublished' => $this->lang->perms_topic_view_unpublished,
				'poll_create'		=> $this->lang->perms_poll_create,
				'poll_vote'		=> $this->lang->perms_poll_vote,
				'post_create'		=> $this->lang->perms_post_create,
				'topic_create'		=> $this->lang->perms_topic_create,
				'post_inc_userposts'	=> $this->lang->perms_post_inc_userposts,
				'post_noflood'		=> $this->lang->perms_post_noflood,
				'post_delete'		=> $this->lang->perms_post_delete,
				'post_delete_own'	=> $this->lang->perms_post_delete_own,
				'topic_delete'		=> $this->lang->perms_topic_delete,
				'topic_delete_own'	=> $this->lang->perms_topic_delete_own,
				'post_edit'		=> $this->lang->perms_post_edit,
				'post_edit_own'		=> $this->lang->perms_post_edit_own,
				'topic_edit'		=> $this->lang->perms_topic_edit,
				'topic_edit_own'	=> $this->lang->perms_topic_edit_own,
				'topic_lock'		=> $this->lang->perms_topic_lock,
				'topic_lock_own'	=> $this->lang->perms_topic_lock_own,
				'topic_unlock'		=> $this->lang->perms_topic_unlock,
				'topic_unlock_mod'	=> $this->lang->perms_topic_unlock_mod,
				'topic_unlock_own'	=> $this->lang->perms_topic_unlock_own,
				'topic_pin'		=> $this->lang->perms_topic_pin,
				'topic_pin_own'		=> $this->lang->perms_topic_pin_own,
				'topic_publish'		=> $this->lang->perms_topic_publish,
				'topic_publish_auto'	=> $this->lang->perms_topic_publish_auto,
				'topic_split'		=> $this->lang->perms_topic_split,
				'topic_split_own'	=> $this->lang->perms_topic_split_own,
				'topic_unpin'		=> $this->lang->perms_topic_unpin,
				'topic_unpin_own'	=> $this->lang->perms_topic_unpin_own,
				'topic_move'		=> $this->lang->perms_topic_move,
				'topic_move_own'	=> $this->lang->perms_topic_move_own,
				'post_attach'		=> $this->lang->perms_post_attach,
				'post_attach_download'	=> $this->lang->perms_post_attach_download
		);

		if (!isset($this->post['submit'])) {
			$count = count($forums_list) + 1;

			if ($mode == 'user') {
				$query = $this->db->fetch("SELECT user_name, user_perms FROM %pusers WHERE user_id=%d", $this->post['group']);
				$label = "User '{$query['user_name']}'";
			} else {
				$query = $this->db->fetch("SELECT group_name FROM %pgroups WHERE group_id=%d", $this->post['group']);
				$label = "Group '{$query['group_name']}'";
			}

			$out = "
			<script type='text/javascript'>
			<!--
			function checkrow(element, check)
			{
				var elements = document.forms['form'].elements;
				var count    = elements.length;

				for (var i=0; i<count; i++) {
					var current = elements[i];
					var temp = current.name.split('[');

					if (!temp[1]) continue;
					temp2 = temp[1].split(']');

					if (temp2[0] == element) {
						current.checked = check;
					}
				}
			}

			function changeall(element, check)
			{
				if (!check) {
					checkallbox(element, false);
				} else if (areallchecked(element)) {
					checkallbox(element, true);
				}
			}

			function checkallbox(element, check)
			{
				var elements = document.forms['form'].elements;
				var count    = elements.length;

				var allchecked = true;

				for (var i=0; i<count; i++) {
					var current = elements[i];

					if (current.name == ('perms[' + element + '][-1]')) {
						current.checked = check;
					}
				}
			}

			function areallchecked(element)
			{
				var elements = document.forms['form'].elements;
				var count    = elements.length;

				var allchecked = true;

				for (var i=0; i<count; i++) {
					var current = elements[i];

					if (current.name == ('perms[' + element + '][-1]')) {
						continue;
					}

					var temp = current.name.split('[');

					if (!temp[1]) continue;
					temp2 = temp[1].split(']');

					if (temp2[0] == element) {
						if (!current.checked) {
							allchecked = false;
							break;
						}
					}
				}

				return allchecked;
			}
			//-->
			</script>

			<form id='form' action='$this->self?a=perms$link' method='post'>
			<div align='center'><span style='font-size:14px;'><b>Permissions For $label</b></span>";

			if ($mode == 'user') {
				$out .= "<br />{$this->lang->perms_override_user}<br /><br />
				<div style='border:1px dashed #ff0000; width:25%; padding:5px'><input type='checkbox' name='usegroup' id='usegroup' style='vertical-align:middle'" . (!$query['user_perms'] ? ' checked' : '') . " /> <label for='usegroup' style='vertical-align:middle'>{$this->lang->perms_only_user}</label></div>";
			}

			$out .= "</div>" .
			$this->table . "
			<tr>
				<td colspan='" . ($count + 1) . "' class='header'>$label</td>
			</tr>";

			$out .= $this->show_headers($forums_list);

			$this->iterator_init('tablelight', 'tabledark');

			$i = 0;
			foreach ($perms as $perm => $label)
			{
				$out .= "
				<tr>
					<td class='" . $this->iterate() . "'>$label</td>
					<td class='" . $this->lastValue() . "' align='center'>
						<input type='checkbox' name='perms[$perm][-1]' id='perms_{$perm}' onclick='checkrow(\"$perm\", this.checked)'" . ($perms_obj->auth($perm) ? ' checked=\'checked\'' : '') . " />All
					</td>";

				if (!isset($perms_obj->globals[$perm])) {
					foreach ($forums_list as $forum)
					{
						if ($perms_obj->auth($perm, $forum['forum_id'])) {
							$checked = " checked='checked'";
						} else {
							$checked = '';
						}

						$out .= "\n<td class='" . $this->lastValue() . "' align='center'><input type='checkbox' name='perms[$perm][{$forum['forum_id']}]' onclick='changeall(\"$perm\", this.checked)'$checked /></td>";
					}
				} elseif ($forums_list) {
					$out .= "\n<td class='" . $this->lastValue() . "' colspan='$count' align='center'>N/A</td>";
				}

				$out .= "
				</tr>";

				$i++;
				if (($i % 12) == 0) {
					$out .= $this->show_headers($forums_list);
				}
			}

			return $out . "
			<tr>
				<td colspan='" . ($count + 1) . "' class='footer' align='center'><input type='hidden' name='group' value='{$this->post['group']}' /><input type='submit' name='submit' value='Update Permissions' /></td>
			</tr>" . $this->etable . "</form>";
		} else {
			if (($mode == 'user') && isset($this->post['usegroup'])) {
				$perms_obj->cube = '';
				$perms_obj->update();
				return $this->message($this->lang->perms, $this->lang->perms_user_inherit);
			}

			$perms_obj->reset_cube(false);

			if (!isset($this->post['perms'])) {
				$this->post['perms'] = array();
			}

			if ($mode == 'user') {
				if ((!isset($this->post['perms']['do_anything'])) && ($this->post['group'] == USER_GUEST_UID)) {
					return $this->message($this->lang->perms, $this->lang->perms_guest1);
				}
			} else {
				if ((!isset($this->post['perms']['do_anything'])) && ($this->post['group'] == USER_GUEST)) {
					return $this->message($this->lang->perms, $this->lang->perms_guest2);
				}
			}

			foreach ($this->post['perms'] as $name => $data)
			{
				if (isset($data[-1]) || isset($data['-1']) || (count($data) == count($forums_list))) {
					$perms_obj->set_xy($name, true);
				} else {
					foreach ($data as $forum => $on)
					{
						$perms_obj->set_xyz($name, intval($forum), true);
					}
				}
			}

			$perms_obj->update();

			$this->check_subscriptions($mode, $this->post['group']);

			return $this->message($this->lang->perms, $this->lang->perms_updated);
		}
	}

	function show_headers($forums_list)
	{
		$out = "<tr>
		<td class='subheader' colspan='2' valign='bottom'>{$this->lang->perm}</td>";

		foreach ($forums_list as $forum)
		{
			$out .= "\n<td class='subheader' align='center' valign='middle'>{$forum['forum_name']}</td>";
		}

		return $out . '</tr>';
	}

	/**
	 * Delete subscriptions that have now been made
	 * illegal due to permissions change
	 *
	 * @param string $mode contains group or user
	 * @param integer $group group or user id
	 * @author Jonathan West <hide@address.com>
	 * @since 1.3.2
	 **/
	function check_subscriptions($mode, $group)
	{
		if ($mode == 'user') {
			$query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, u.user_perms
				FROM %psubscriptions s, %pusers u
				WHERE s.subscription_user=%d
				AND s.subscription_user=u.user_id", $group);

			while ($sub = $this->db->nqfetch($query))//if the user has subscriptions
			{ 
				$perms = new permissions;
				$perms->db = &$this->db;
				$perms->pre = &$this->pre;
				$perms->get_perms($sub['user_group'], $sub['user_id'], $sub['user_perms']);

				if ($sub['subscription_type'] == 'forum') {
					if (!$perms->auth('forum_view', $sub['subscription_item'])) { //if user can no longer view forum
						$this->db->query("DELETE FROM %psubscriptions WHERE subscription_user=%d AND subscription_item=%d",
						$sub['user_id'], $sub['subscription_item']);
					}
				} else {
					$check = $this->db->fetch("SELECT topic_forum FROM %ptopics WHERE topic_id=%d", $sub['subscription_item']);

					if (!$perms->auth('forum_view', $check['topic_forum'])) { //if user can no longer view forum
						$this->db->query("DELETE FROM %psubscriptions WHERE subscription_user=%d AND subscription_item=%d",
						$sub['user_id'], $sub['subscription_item']);
					}
				}
			}
		} else { //if a member of the group has subscriptions
			$query = $this->db->query("SELECT s.subscription_user, s.subscription_item, s.subscription_type, u.user_id, u.user_group, g.group_perms
				FROM %psubscriptions s, %pusers u, %pgroups g
				WHERE g.group_id=%d
                                    AND u.user_group=g.group_id
                                    AND s.subscription_user=u.user_id", $group);

			while ($sub = $this->db->nqfetch($query))
			{
				$perms = new permissions;
				$perms->db = &$this->db;
				$perms->pre = &$this->pre;
				$perms->get_perms($sub['user_group'], $sub['user_id'], $sub['group_perms']);

				if ($sub['subscription_type'] == 'forum') {
					if (!$perms->auth('forum_view', $sub['subscription_item'])) { //if user can no longer view forum
						$this->db->query("DELETE FROM %psubscriptions WHERE subscription_user=%d AND subscription_item=%d",
						$sub['user_id'], $sub['subscription_item']);
					}
				} else {
					$check = $this->db->fetch("SELECT topic_forum FROM %ptopics WHERE topic_id=%d", $sub['subscription_item']);

					if (!$perms->auth('forum_view', $check['topic_forum'])) { //if user can no longer view forum
						$this->db->query("DELETE FROM %psubscriptions WHERE subscription_user=%d AND subscription_item=%d",
						$sub['user_id'], $sub['subscription_item']);
					}
				}
			}
		}
	}
}
?>
Return current item: QuickSilver Forum