| [ Index ] |
PHP Cross Reference of MyBB 1.8.37 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * MyBB 1.8 4 * Copyright 2014 MyBB Group, All Rights Reserved 5 * 6 * Website: http://www.mybb.com 7 * License: http://www.mybb.com/about/license 8 * 9 */ 10 11 // Disallow direct access to this file for security reasons 12 if(!defined("IN_MYBB")) 13 { 14 die("Direct initialization of this file is not allowed.<br /><br />Please make sure IN_MYBB is defined."); 15 } 16 17 $page->add_breadcrumb_item($lang->admin_permissions, "index.php?module=user-admin_permissions"); 18 19 if(($mybb->input['action'] == "edit" && $mybb->input['uid'] == 0) || $mybb->input['action'] == "group" || !$mybb->input['action']) 20 { 21 $sub_tabs['user_permissions'] = array( 22 'title' => $lang->user_permissions, 23 'link' => "index.php?module=user-admin_permissions", 24 'description' => $lang->user_permissions_desc 25 ); 26 27 $sub_tabs['group_permissions'] = array( 28 'title' => $lang->group_permissions, 29 'link' => "index.php?module=user-admin_permissions&action=group", 30 'description' => $lang->group_permissions_desc 31 ); 32 33 $sub_tabs['default_permissions'] = array( 34 'title' => $lang->default_permissions, 35 'link' => "index.php?module=user-admin_permissions&action=edit&uid=0", 36 'description' => $lang->default_permissions_desc 37 ); 38 } 39 40 $uid = $mybb->get_input('uid', MyBB::INPUT_INT); 41 42 $plugins->run_hooks("admin_user_admin_permissions_begin"); 43 44 if($mybb->input['action'] == "delete") 45 { 46 if(is_super_admin($uid)) 47 { 48 flash_message($lang->error_super_admin, 'error'); 49 admin_redirect("index.php?module=user-admin_permissions"); 50 } 51 52 if($mybb->get_input('no')) 53 { 54 admin_redirect("index.php?module=user-admin_permissions"); 55 } 56 57 if(!trim($mybb->input['uid'])) 58 { 59 flash_message($lang->error_delete_no_uid, 'error'); 60 admin_redirect("index.php?module=user-admin_permissions"); 61 } 62 63 $query = $db->simple_select("adminoptions", "COUNT(uid) as adminoptions", "uid = '{$mybb->input['uid']}'"); 64 if($db->fetch_field($query, 'adminoptions') == 0) 65 { 66 flash_message($lang->error_delete_invalid_uid, 'error'); 67 admin_redirect("index.php?module=user-admin_permissions"); 68 } 69 70 $plugins->run_hooks("admin_user_admin_permissions_delete"); 71 72 if($mybb->request_method == "post") 73 { 74 $newperms = array( 75 "permissions" => '' 76 ); 77 78 $plugins->run_hooks("admin_user_admin_permissions_delete_commit"); 79 80 $db->update_query("adminoptions", $newperms, "uid = '{$uid}'"); 81 82 // Log admin action 83 if($uid < 0) 84 { 85 $gid = abs($uid); 86 $query = $db->simple_select("usergroups", "title", "gid='{$gid}'"); 87 $group = $db->fetch_array($query); 88 log_admin_action($uid, $group['title']); 89 90 } 91 elseif($uid == 0) 92 { 93 // Default 94 log_admin_action(0, $lang->default); 95 } 96 else 97 { 98 $user = get_user($uid); 99 log_admin_action($uid, $user['username']); 100 } 101 102 flash_message($lang->success_perms_deleted, 'success'); 103 admin_redirect("index.php?module=user-admin_permissions"); 104 } 105 else 106 { 107 $page->output_confirm_action("index.php?module=user-admin_permissions&action=delete&uid={$mybb->input['uid']}", $lang->confirm_perms_deletion); 108 } 109 } 110 111 if($mybb->input['action'] == "edit") 112 { 113 if(is_super_admin($uid)) 114 { 115 flash_message($lang->error_super_admin, 'error'); 116 admin_redirect("index.php?module=user-admin_permissions"); 117 } 118 119 $plugins->run_hooks("admin_user_admin_permissions_edit"); 120 121 if($mybb->request_method == "post") 122 { 123 foreach($mybb->input['permissions'] as $module => $actions) 124 { 125 if(is_array($actions)) 126 { 127 $no_access = 0; 128 foreach($actions as $action => $access) 129 { 130 if($access == 0) 131 { 132 ++$no_access; 133 } 134 } 135 // User can't access any actions in this module - just disallow it completely 136 if($no_access == count($actions)) 137 { 138 unset($mybb->input['permissions'][$module]); 139 } 140 } 141 } 142 143 // Does an options row exist for this admin already? 144 $query = $db->simple_select("adminoptions", "COUNT(uid) AS existing_options", "uid='".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 145 $existing_options = $db->fetch_field($query, "existing_options"); 146 if($existing_options > 0) 147 { 148 $db->update_query("adminoptions", array('permissions' => $db->escape_string(my_serialize($mybb->input['permissions']))), "uid = '".$mybb->get_input('uid', MyBB::INPUT_INT)."'"); 149 } 150 else 151 { 152 $insert_array = array( 153 "uid" => $mybb->get_input('uid', MyBB::INPUT_INT), 154 "permissions" => $db->escape_string(my_serialize($mybb->input['permissions'])), 155 "notes" => '', 156 "defaultviews" => '' 157 ); 158 $db->insert_query("adminoptions", $insert_array); 159 } 160 161 $plugins->run_hooks("admin_user_admin_permissions_edit_commit"); 162 163 // Log admin action 164 if($uid > 0) 165 { 166 // Users 167 $user = get_user($uid); 168 log_admin_action($uid, $user['username']); 169 } 170 elseif($uid < 0) 171 { 172 // Groups 173 $gid = abs($uid); 174 $query = $db->simple_select("usergroups", "title", "gid='{$gid}'"); 175 $group = $db->fetch_array($query); 176 log_admin_action($uid, $group['title']); 177 } 178 else 179 { 180 // Default 181 log_admin_action(0); 182 } 183 184 flash_message($lang->admin_permissions_updated, 'success'); 185 admin_redirect("index.php?module=user-admin_permissions"); 186 } 187 188 if($uid > 0) 189 { 190 switch($db->type) 191 { 192 case "pgsql": 193 case "sqlite": 194 $query = $db->query(" 195 SELECT u.uid, u.username, g.cancp, g.gid 196 FROM ".TABLE_PREFIX."users u 197 LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((','|| u.additionalgroups|| ',' LIKE '%,'|| g.gid|| ',%') OR u.usergroup = g.gid)) 198 WHERE u.uid='$uid' 199 AND g.cancp=1 200 LIMIT 1 201 "); 202 break; 203 default: 204 $query = $db->query(" 205 SELECT u.uid, u.username, g.cancp, g.gid 206 FROM ".TABLE_PREFIX."users u 207 LEFT JOIN ".TABLE_PREFIX."usergroups g ON (((CONCAT(',', u.additionalgroups, ',') LIKE CONCAT('%,', g.gid, ',%')) OR u.usergroup = g.gid)) 208 WHERE u.uid='$uid' 209 AND g.cancp=1 210 LIMIT 1 211 "); 212 } 213 214 $admin = $db->fetch_array($query); 215 $permission_data = get_admin_permissions($uid, $admin['gid']); 216 $title = htmlspecialchars_uni($admin['username']); 217 $page->add_breadcrumb_item($lang->user_permissions, "index.php?module=user-admin_permissions"); 218 } 219 elseif($uid < 0) 220 { 221 $gid = abs($uid); 222 $query = $db->simple_select("usergroups", "title", "gid='$gid'"); 223 $group = $db->fetch_array($query); 224 $permission_data = get_admin_permissions("", $gid); 225 $title = $group['title']; 226 $page->add_breadcrumb_item($lang->group_permissions, "index.php?module=user-admin_permissions&action=group"); 227 } 228 else 229 { 230 $query = $db->simple_select("adminoptions", "permissions", "uid='0'"); 231 $permission_data = my_unserialize($db->fetch_field($query, "permissions")); 232 $page->add_breadcrumb_item($lang->default_permissions); 233 $title = $lang->default; 234 } 235 236 if($uid != 0) 237 { 238 $page->add_breadcrumb_item($lang->edit_permissions.": {$title}"); 239 } 240 241 $page->output_header($lang->edit_permissions); 242 243 if($uid != 0) 244 { 245 $sub_tabs['edit_permissions'] = array( 246 'title' => $lang->edit_permissions, 247 'link' => "index.php?module=user-admin_permissions&action=edit&uid={$uid}", 248 'description' => $lang->edit_permissions_desc 249 ); 250 251 $page->output_nav_tabs($sub_tabs, 'edit_permissions'); 252 } 253 254 $form = new Form("index.php?module=user-admin_permissions&action=edit", "post", "edit"); 255 256 echo $form->generate_hidden_field("uid", $uid); 257 258 // Fetch all of the modules we have 259 $modules_dir = MYBB_ADMIN_DIR."modules"; 260 $dir = opendir($modules_dir); 261 $modules = array(); 262 while(($module = readdir($dir)) !== false) 263 { 264 if(is_dir($modules_dir."/".$module) && !in_array($module, array(".", "..")) && file_exists($modules_dir."/".$module."/module_meta.php")) 265 { 266 require_once $modules_dir."/".$module."/module_meta.php"; 267 $meta_function = $module."_admin_permissions"; 268 269 // Module has no permissions, skip it 270 if(function_exists($meta_function) && is_array($meta_function())) 271 { 272 $permission_modules[$module] = $meta_function(); 273 $modules[$permission_modules[$module]['disporder']][] = $module; 274 } 275 } 276 } 277 closedir($dir); 278 279 ksort($modules); 280 foreach($modules as $disp_order => $mod) 281 { 282 if(!is_array($mod)) 283 { 284 continue; 285 } 286 287 foreach($mod as $module) 288 { 289 $module_tabs[$module] = $permission_modules[$module]['name']; 290 } 291 } 292 $page->output_tab_control($module_tabs); 293 294 foreach($permission_modules as $key => $module) 295 { 296 echo "<div id=\"tab_{$key}\">\n"; 297 $form_container = new FormContainer("{$module['name']}"); 298 foreach($module['permissions'] as $action => $title) 299 { 300 if(!isset($permission_data[$key][$action])) 301 { 302 $permission_data[$key][$action] = 0; 303 } 304 305 $form_container->output_row($title, "", $form->generate_yes_no_radio('permissions['.$key.']['.$action.']', (int)$permission_data[$key][$action], array('yes' => 1, 'no' => 0)), 'permissions['.$key.']['.$action.']'); 306 } 307 $form_container->end(); 308 echo "</div>\n"; 309 } 310 311 $buttons[] = $form->generate_submit_button($lang->update_permissions); 312 $form->output_submit_wrapper($buttons); 313 $form->end(); 314 315 $page->output_footer(); 316 } 317 318 if($mybb->input['action'] == "group") 319 { 320 $plugins->run_hooks("admin_user_admin_permissions_group"); 321 322 $page->add_breadcrumb_item($lang->group_permissions); 323 $page->output_header($lang->group_permissions); 324 325 $page->output_nav_tabs($sub_tabs, 'group_permissions'); 326 327 $table = new Table; 328 $table->construct_header($lang->group); 329 $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); 330 331 // Get usergroups with ACP access 332 $query = $db->query(" 333 SELECT g.title, g.cancp, a.permissions, g.gid 334 FROM ".TABLE_PREFIX."usergroups g 335 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) 336 WHERE g.cancp = 1 337 ORDER BY g.title ASC 338 "); 339 while($group = $db->fetch_array($query)) 340 { 341 if($group['permissions'] != "") 342 { 343 $perm_type = "group"; 344 } 345 else 346 { 347 $perm_type = "default"; 348 } 349 $uid = -$group['gid']; 350 351 $group['title'] = htmlspecialchars_uni($group['title']); 352 353 $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_group}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\" title=\"{$lang->edit_group}\">{$group['title']}</a></strong><br /></div>"); 354 355 if($group['permissions'] != "") 356 { 357 $popup = new PopupMenu("groupperm_{$uid}", $lang->options); 358 $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$uid}"); 359 360 // Check permissions for Revoke 361 $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$uid}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '$lang->confirm_perms_deletion3')"); 362 $table->construct_cell($popup->fetch(), array("class" => "align_center")); 363 } 364 else 365 { 366 $table->construct_cell("<a href=\"index.php?module=user-admin_permissions&action=edit&uid={$uid}\">{$lang->set_permissions}</a>", array("class" => "align_center")); 367 } 368 $table->construct_row(); 369 } 370 371 if($table->num_rows() == 0) 372 { 373 $table->construct_cell($lang->no_group_perms, array("colspan" => "3")); 374 $table->construct_row(); 375 } 376 377 $table->output($lang->group_permissions); 378 379 echo <<<LEGEND 380 <br /> 381 <fieldset> 382 <legend>{$lang->legend}</legend> 383 <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_custom_perms}" style="vertical-align: middle;" /> {$lang->using_custom_perms}<br /> 384 <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset> 385 LEGEND; 386 387 $page->output_footer(); 388 } 389 390 if(!$mybb->input['action']) 391 { 392 $plugins->run_hooks("admin_user_admin_permissions_start"); 393 394 $page->add_breadcrumb_item($lang->user_permissions); 395 $page->output_header($lang->user_permissions); 396 397 $page->output_nav_tabs($sub_tabs, 'user_permissions'); 398 399 $table = new Table; 400 $table->construct_header($lang->user); 401 $table->construct_header($lang->last_active, array("class" => "align_center", "width" => 200)); 402 $table->construct_header($lang->controls, array("class" => "align_center", "width" => 150)); 403 404 // Get usergroups with ACP access 405 $usergroups = array(); 406 $query = $db->simple_select("usergroups", "*", "cancp = 1"); 407 while($usergroup = $db->fetch_array($query)) 408 { 409 $usergroups[$usergroup['gid']] = $usergroup; 410 } 411 412 if(!empty($usergroups)) 413 { 414 // Get users whose primary or secondary usergroup has ACP access 415 $comma = $primary_group_list = $secondary_group_list = ''; 416 foreach($usergroups as $gid => $group_info) 417 { 418 $primary_group_list .= $comma.$gid; 419 switch($db->type) 420 { 421 case "pgsql": 422 case "sqlite": 423 $secondary_group_list .= " OR ','|| u.additionalgroups||',' LIKE '%,{$gid},%'"; 424 break; 425 default: 426 $secondary_group_list .= " OR CONCAT(',', u.additionalgroups,',') LIKE '%,{$gid},%'"; 427 } 428 429 $comma = ','; 430 } 431 432 $group_list = implode(',', array_keys($usergroups)); 433 $secondary_groups = ','.$group_list.','; 434 435 // Get usergroups with ACP access 436 $query = $db->query(" 437 SELECT g.title, g.cancp, a.permissions, g.gid 438 FROM ".TABLE_PREFIX."usergroups g 439 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid = -g.gid) 440 WHERE g.cancp = 1 441 ORDER BY g.title ASC 442 "); 443 while($group = $db->fetch_array($query)) 444 { 445 $group_permissions[$group['gid']] = $group['permissions']; 446 } 447 448 $query = $db->query(" 449 SELECT u.uid, u.username, u.lastactive, u.usergroup, u.additionalgroups, a.permissions 450 FROM ".TABLE_PREFIX."users u 451 LEFT JOIN ".TABLE_PREFIX."adminoptions a ON (a.uid=u.uid) 452 WHERE u.usergroup IN ({$primary_group_list}) {$secondary_group_list} 453 ORDER BY u.username ASC 454 "); 455 while($admin = $db->fetch_array($query)) 456 { 457 $perm_type = "default"; 458 459 if($admin['permissions'] != "") 460 { 461 $perm_type = "user"; 462 } 463 else 464 { 465 $groups = explode(",", $admin['additionalgroups'].",".$admin['usergroup']); 466 foreach($groups as $group) 467 { 468 if($group == "") continue; 469 if($group_permissions[$group] != "") 470 { 471 $perm_type = "group"; 472 break; 473 } 474 } 475 } 476 477 $usergroup_list = array(); 478 479 // Build a list of group memberships that have access to the Admin CP 480 // Primary usergroup? 481 if(!empty($usergroups[$admin['usergroup']]) && $usergroups[$admin['usergroup']]['cancp'] == 1) 482 { 483 $usergroup_list[] = "<i>".htmlspecialchars_uni($usergroups[$admin['usergroup']]['title'])."</i>"; 484 } 485 486 // Secondary usergroups? 487 $additional_groups = explode(',', $admin['additionalgroups']); 488 if(is_array($additional_groups)) 489 { 490 foreach($additional_groups as $gid) 491 { 492 if(!empty($usergroups[$gid]) && $usergroups[$gid]['cancp'] == 1) 493 { 494 $usergroup_list[] = htmlspecialchars_uni($usergroups[$gid]['title']); 495 } 496 } 497 } 498 $usergroup_list = implode($lang->comma, $usergroup_list); 499 500 $username = htmlspecialchars_uni($admin['username']); 501 $table->construct_cell("<div class=\"float_right\"><img src=\"styles/{$page->style}/images/icons/{$perm_type}.png\" title=\"{$lang->permissions_type_user}\" alt=\"{$perm_type}\" /></div><div><strong><a href=\"index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}\" title=\"{$lang->edit_user}\">{$username}</a></strong><br /><small>{$usergroup_list}</small></div>"); 502 503 $table->construct_cell(my_date('relative', $admin['lastactive']), array("class" => "align_center")); 504 505 $popup = new PopupMenu("adminperm_{$admin['uid']}", $lang->options); 506 if(!is_super_admin($admin['uid'])) 507 { 508 if($admin['permissions'] != "") 509 { 510 $popup->add_item($lang->edit_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); 511 $popup->add_item($lang->revoke_permissions, "index.php?module=user-admin_permissions&action=delete&uid={$admin['uid']}&my_post_key={$mybb->post_code}", "return AdminCP.deleteConfirmation(this, '{$lang->confirm_perms_deletion2}')"); 512 } 513 else 514 { 515 $popup->add_item($lang->set_permissions, "index.php?module=user-admin_permissions&action=edit&uid={$admin['uid']}"); 516 } 517 } 518 $popup->add_item($lang->view_log, "index.php?module=tools-adminlog&uid={$admin['uid']}"); 519 $table->construct_cell($popup->fetch(), array("class" => "align_center")); 520 $table->construct_row(); 521 } 522 } 523 524 if(empty($usergroups) || $table->num_rows() == 0) 525 { 526 $table->construct_cell($lang->no_user_perms, array("colspan" => "3")); 527 $table->construct_row(); 528 } 529 530 $table->output($lang->user_permissions); 531 532 echo <<<LEGEND 533 <br /> 534 <fieldset> 535 <legend>{$lang->legend}</legend> 536 <img src="styles/{$page->style}/images/icons/user.png" alt="{$lang->using_individual_perms}" style="vertical-align: middle;" /> {$lang->using_individual_perms}<br /> 537 <img src="styles/{$page->style}/images/icons/group.png" alt="{$lang->using_group_perms}" style="vertical-align: middle;" /> {$lang->using_group_perms}<br /> 538 <img src="styles/{$page->style}/images/icons/default.png" alt="{$lang->using_default_perms}" style="vertical-align: middle;" /> {$lang->using_default_perms}</fieldset> 539 LEGEND; 540 $page->output_footer(); 541 } 542
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| 2005 - 2021 © MyBB.de | Alle Rechte vorbehalten! | Sponsor: netcup | Cross-referenced by PHPXref |