From 547fdc9829051a334616ee4b80ba1da4c72c1815 Mon Sep 17 00:00:00 2001 From: Git Date: Tue, 11 Oct 2011 08:00:15 +0000 Subject: [PATCH] Empty commit --- classes/script_start.php | 5 ++++ design/privateheader.php | 7 +++-- gazelle.sql | 1 + sections/forums/forum.php | 7 ++--- sections/forums/functions.php | 4 +-- sections/forums/main.php | 4 +-- sections/forums/search.php | 19 ++++++++++--- sections/forums/take_new_thread.php | 2 +- sections/forums/take_reply.php | 4 +-- sections/forums/takeedit.php | 2 +- sections/forums/thread.php | 2 +- sections/user/takemoderate.php | 34 ++++++++++++++++++++--- sections/user/user.php | 17 ++++++++---- sections/userhistory/post_history.php | 8 +++++- sections/userhistory/subscriptions.php | 12 ++++++-- sections/userhistory/thread_subscribe.php | 6 ++-- 16 files changed, 97 insertions(+), 37 deletions(-) diff --git a/classes/script_start.php b/classes/script_start.php index 0fda71ce..254942ca 100644 --- a/classes/script_start.php +++ b/classes/script_start.php @@ -329,6 +329,7 @@ function user_heavy_info($UserID) { i.DownloadAlt, i.LastReadNews, i.RestrictedForums, + i.PermittedForums, m.FLTokens FROM users_main AS m INNER JOIN users_info AS i ON i.UserID=m.ID @@ -347,6 +348,10 @@ function user_heavy_info($UserID) { $HeavyInfo['CustomForums'] = null; } unset($HeavyInfo['RestrictedForums']); + if (!empty($HeavyInfo['PermittedForums'])) { + $HeavyInfo['CustomForums'] = array_fill_keys(explode(',', $HeavyInfo['PermittedForums']), 1); + } + unset($HeavyInfo['PermittedForums']); if(!empty($HeavyInfo['SiteOptions'])) { $HeavyInfo['SiteOptions'] = unserialize($HeavyInfo['SiteOptions']); diff --git a/design/privateheader.php b/design/privateheader.php index f3c94c93..bb2b5a4e 100644 --- a/design/privateheader.php +++ b/design/privateheader.php @@ -126,15 +126,16 @@ $NewSubscriptions = $Cache->get_value('subscriptions_user_new_'.$LoggedUser['ID']); if($NewSubscriptions === FALSE) { if($LoggedUser['CustomForums']) { - unset($LoggedUser['CustomForums']['']); - $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); + unset($LoggedUser['CustomForums']['']); + $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); + $PermittedForums = implode("','", array_keys($LoggedUser['CustomForums'], 1)); } $DB->query("SELECT COUNT(s.TopicID) FROM users_subscriptions AS s JOIN forums_last_read_topics AS l ON s.UserID = l.UserID AND s.TopicID = l.TopicID JOIN forums_topics AS t ON l.TopicID = t.ID JOIN forums AS f ON t.ForumID = f.ID - WHERE f.MinClassRead <= ".$LoggedUser['Class']." + WHERE (f.MinClassRead <= ".$LoggedUser['Class']." OR f.ID IN ('$PermittedForums')) AND l.PostID < t.LastPostID AND s.UserID = ".$LoggedUser['ID']. (!empty($RestrictedForums) ? " diff --git a/gazelle.sql b/gazelle.sql index ae0d81b1..5ccfeca6 100644 --- a/gazelle.sql +++ b/gazelle.sql @@ -1127,6 +1127,7 @@ CREATE TABLE `users_info` ( `HideCountryChanges` enum('0','1') NOT NULL DEFAULT '0', `RestrictedForums` varchar(150) NOT NULL DEFAULT '', `DisableRequests` enum('0','1') NOT NULL DEFAULT '0', + `PermittedForums` varchar(150) NOT NULL DEFAULT '', UNIQUE KEY `UserID` (`UserID`), KEY `SupportFor` (`SupportFor`), KEY `DisableInvites` (`DisableInvites`), diff --git a/sections/forums/forum.php b/sections/forums/forum.php index 826b04af..279b11f3 100644 --- a/sections/forums/forum.php +++ b/sections/forums/forum.php @@ -61,12 +61,9 @@ if(!isset($Forums[$ForumID])) { error(404); } // Make sure they're allowed to look at the page if (!check_perms('site_moderate_forums')) { - $DB->query("SELECT RestrictedForums FROM users_info WHERE UserID = ".$LoggedUser['ID']); - list($RestrictedForums) = $DB->next_record(); - $RestrictedForums = explode(',', $RestrictedForums); - if (array_search($ForumID, $RestrictedForums) !== FALSE) { error(403); } + if (isset($LoggedUser['CustomForums'][$ForumID]) && $LoggedUser['CustomForums'][$ForumID] === 0) { error(403); } } -if($Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class']) { error(403); } +if($LoggedUser['CustomForums'][$ForumID] != 1 && $Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class']) { error(403); } // Start printing show_header('Forums > '. $Forums[$ForumID]['Name']); diff --git a/sections/forums/functions.php b/sections/forums/functions.php index 6aeaa9bc..3da507e8 100644 --- a/sections/forums/functions.php +++ b/sections/forums/functions.php @@ -42,9 +42,9 @@ function get_thread_info($ThreadID, $Return = true, $SelectiveCache = false) { } } -function check_forumperm($ForumID) { +function check_forumperm($ForumID, $Perm = 'Read') { global $LoggedUser, $Forums; - if($Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class'] && (!isset($LoggedUser['CustomForums'][$ForumID]) || $LoggedUser['CustomForums'][$ForumID] == 0)) { + if($Forums[$ForumID]['MinClass'.$Perm] > $LoggedUser['Class'] && (!isset($LoggedUser['CustomForums'][$ForumID]) || $LoggedUser['CustomForums'][$ForumID] == 0)) { return false; } if(isset($LoggedUser['CustomForums'][$ForumID]) && $LoggedUser['CustomForums'][$ForumID] == 0) { diff --git a/sections/forums/main.php b/sections/forums/main.php index f8e59bf2..adbcb77c 100644 --- a/sections/forums/main.php +++ b/sections/forums/main.php @@ -39,10 +39,10 @@ $DB->query("SELECT RestrictedForums FROM users_info WHERE UserID = ".$LoggedUser['ID']); list($RestrictedForums) = $DB->next_record(); $RestrictedForums = explode(',', $RestrictedForums); - +$PermittedForums = array_keys($LoggedUser['PermittedForums']); foreach ($Forums as $Forum) { list($ForumID, $CategoryID, $ForumName, $ForumDescription, $MinRead, $MinWrite, $MinCreate, $NumTopics, $NumPosts, $LastPostID, $LastAuthorID, $LastPostAuthorName, $LastTopicID, $LastTime, $SpecificRules, $LastTopic, $Locked, $Sticky) = array_values($Forum); - if ($MinRead>$LoggedUser['Class'] || array_search($ForumID, $RestrictedForums) !== FALSE) { + if ($LoggedUser['CustomForums'][$ForumID] != 1 && ($MinRead>$LoggedUser['Class'] || array_search($ForumID, $RestrictedForums) !== FALSE)) { continue; } $Row = ($Row == 'a') ? 'b' : 'a'; diff --git a/sections/forums/search.php b/sections/forums/search.php index dafc3a26..86043998 100644 --- a/sections/forums/search.php +++ b/sections/forums/search.php @@ -146,6 +146,7 @@ if($LoggedUser['CustomForums']) { unset($LoggedUser['CustomForums']['']); $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); + $PermittedForums = implode("','", array_keys($LoggedUser['CustomForums'], 1)); } if($Type == 'body') { @@ -165,10 +166,15 @@ JOIN forums_topics AS t ON t.ID=p.TopicID JOIN forums AS f ON f.ID=t.ForumID WHERE - f.MinClassRead<='$LoggedUser[Class]' AND "; + ((f.MinClassRead<='$LoggedUser[Class]'"; if(!empty($RestrictedForums)) { - $sql.="f.ID NOT IN ('".$RestrictedForums."') AND "; + $sql.=" AND f.ID NOT IN ('".$RestrictedForums."')"; } + $sql .= ')'; + if(!empty($PermittedForums)) { + $sql.=' OR f.ID IN (\''.$PermittedForums.'\')'; + } + $sql .= ') AND '; //In tests, this is significantly faster than LOCATE $sql .= "p.Body LIKE '%"; @@ -200,10 +206,15 @@ FROM forums_topics AS t JOIN forums AS f ON f.ID=t.ForumID WHERE - f.MinClassRead<='$LoggedUser[Class]' AND "; + ((f.MinClassRead<='$LoggedUser[Class]'"; if(!empty($RestrictedForums)) { - $sql.="f.ID NOT IN ('".$RestrictedForums."') AND "; + $sql.=" AND f.ID NOT IN ('".$RestrictedForums."')"; } + $sql .= ')'; + if(!empty($PermittedForums)) { + $sql.=' OR f.ID IN (\''.$PermittedForums.'\')'; + } + $sql .= ') AND '; $sql .= "t.Title LIKE '%"; $sql .= implode("%' AND t.Title LIKE '%", $Words); $sql .= "%' "; diff --git a/sections/forums/take_new_thread.php b/sections/forums/take_new_thread.php index 2f3e2941..d74de848 100644 --- a/sections/forums/take_new_thread.php +++ b/sections/forums/take_new_thread.php @@ -48,7 +48,7 @@ if (!isset($Forums[$ForumID])) { error(404); } -if($LoggedUser['Class'] < $Forums[$ForumID]['MinClassWrite'] || $LoggedUser['Class'] < $Forums[$ForumID]['MinClassCreate']) { +if(!check_forumperm($ForumID, 'Write') || !check_forumperm($ForumID, 'Create')) { error(403); } diff --git a/sections/forums/take_reply.php b/sections/forums/take_reply.php index bf8487df..25361f8f 100644 --- a/sections/forums/take_reply.php +++ b/sections/forums/take_reply.php @@ -50,8 +50,8 @@ $ThreadInfo = get_thread_info($TopicID); $ForumID = $ThreadInfo['ForumID']; -if($LoggedUser['Class'] < $Forums[$ForumID]['MinClassRead'] || !$ForumID) { error(403); } -if($LoggedUser['Class'] < $Forums[$ForumID]['MinClassWrite'] || $LoggedUser['DisablePosting'] || $ThreadInfo['IsLocked'] == "1" && !check_perms('site_moderate_forums')) { error(403); } +if(!check_forumperm($ForumID)) { error(403); } +if(!check_forumperm($ForumID, 'Write') || $LoggedUser['DisablePosting'] || $ThreadInfo['IsLocked'] == "1" && !check_perms('site_moderate_forums')) { error(403); } if(isset($_POST['subscribe'])) { $DB->query("INSERT IGNORE INTO users_subscriptions VALUES ($LoggedUser[ID], '".db_string($TopicID)."')"); diff --git a/sections/forums/takeedit.php b/sections/forums/takeedit.php index 311b81b5..a2ddcab6 100644 --- a/sections/forums/takeedit.php +++ b/sections/forums/takeedit.php @@ -51,7 +51,7 @@ // Make sure they aren't trying to edit posts they shouldn't // We use die() here instead of error() because whatever we spit out is displayed to the user in the box where his forum post is -if($LoggedUser['Class'] < $MinClassWrite || ($IsLocked && !check_perms('site_moderate_forums'))) { +if(!check_forumperm($ForumID, 'Write') || ($IsLocked && !check_perms('site_moderate_forums'))) { error('Either the thread is locked, or you lack the permission to edit this post.',true); } if($UserID != $AuthorID && !check_perms('site_moderate_forums')) { diff --git a/sections/forums/thread.php b/sections/forums/thread.php index 44b7ee06..bdee94aa 100644 --- a/sections/forums/thread.php +++ b/sections/forums/thread.php @@ -419,7 +419,7 @@
diff --git a/sections/user/takemoderate.php b/sections/user/takemoderate.php index 3bae74bd..716c8cc1 100644 --- a/sections/user/takemoderate.php +++ b/sections/user/takemoderate.php @@ -65,6 +65,7 @@ $DisableLeech = (isset($_POST['DisableLeech'])) ? 0 : 1; $RestrictedForums = db_string(trim($_POST['RestrictedForums'])); +$PermittedForums = db_string(trim($_POST['PermittedForums'])); $EnableUser = (int)$_POST['UserStatus']; $ResetRatioWatch = (isset($_POST['ResetRatioWatch']))? 1 : 0; $ResetPasskey = (isset($_POST['ResetPasskey']))? 1 : 0; @@ -104,6 +105,8 @@ i.Artist, i.Warned, i.SupportFor, + i.RestricForums, + i.PermittedForums, DisableAvatar, DisableInvites, DisablePosting, @@ -350,13 +353,36 @@ if ($RestrictedForums != db_string($Cur['RestrictedForums']) && check_perms('users_mod')) { $UpdateSet[]="RestrictedForums='$RestrictedForums'"; $EditSummary[]="restricted forum(s): $RestrictedForums"; - if(empty($RestrictedForums)) { - $HeavyUpdates['CustomForums'] = null; - } else { - $HeavyUpdates['CustomForums'] = array_fill_keys(explode(',', $RestrictedForums), 0); +} + +if ($PermittedForums != db_string($Cur['PermittedForums']) && check_perms('users_mod')) { + $ForumSet=explode(',',$PermittedForums); + $ForumList = array(); + foreach ($ForumSet as $ForumID) { + if ($Forums[$ForumID]['MinClassCreate'] <= $LoggedUser['Class']) { + $ForumList[] = $ForumID; + } + } + $PermittedForums = implode(',',$ForumSet); + $UpdateSet[]="PermittedForums='$PermittedForums'"; + $EditSummary[]="permitted forum(s): $PermittedForums"; +} + +if(empty($RestrictedForums) && empty($PermittedForums)) { + $HeavyUpdates['CustomForums'] = null; +} else { + $HeavyUpdates['CustomForums'] = array(); + $Forums = explode(',',$RestrictedForums); + foreach ($Forums as $Forum) { + $HeavyUpdates['CustomForums'][$Forum] = 0; + } + $Forums = explode(',',$PermittedForums); + foreach ($Forums as $Forum) { + $HeavyUpdates['CustomForums'][$Forum] = 1; } } + if ($DisableAvatar!=$Cur['DisableAvatar'] && check_perms('users_disable_any')) { $UpdateSet[]="DisableAvatar='$DisableAvatar'"; $EditSummary[]="avatar status changed"; diff --git a/sections/user/user.php b/sections/user/user.php index bcc8aed7..becf8097 100644 --- a/sections/user/user.php +++ b/sections/user/user.php @@ -43,6 +43,7 @@ i.Warned, i.SupportFor, i.RestrictedForums, + i.PermittedForums, i.Inviter, inviter.Username, COUNT(posts.id) AS ForumPosts, @@ -71,7 +72,7 @@ header("Location: log.php?search=User+".$UserID); } - list($Username, $Email, $LastAccess, $IP, $Class, $Uploaded, $Downloaded, $RequiredRatio, $CustomTitle, $torrent_pass, $Enabled, $Paranoia, $Invites, $DisableLeech, $Visible, $JoinDate, $Info, $Avatar, $Country, $AdminComment, $Donor, $Artist, $Warned, $SupportFor, $RestrictedForums, $InviterID, $InviterName, $ForumPosts, $RatioWatchEnds, $RatioWatchDownload, $DisableAvatar, $DisableInvites, $DisablePosting, $DisableForums, $DisableTagging, $DisableUpload, $DisableWiki, $DisablePM, $DisableIRC, $DisableRequests, $DisableCountry, $FLTokens) = $DB->next_record(MYSQLI_NUM, array(8,11)); + list($Username, $Email, $LastAccess, $IP, $Class, $Uploaded, $Downloaded, $RequiredRatio, $CustomTitle, $torrent_pass, $Enabled, $Paranoia, $Invites, $DisableLeech, $Visible, $JoinDate, $Info, $Avatar, $Country, $AdminComment, $Donor, $Artist, $Warned, $SupportFor, $RestrictedForums, $PermittedForums, $InviterID, $InviterName, $ForumPosts, $RatioWatchEnds, $RatioWatchDownload, $DisableAvatar, $DisableInvites, $DisablePosting, $DisableForums, $DisableTagging, $DisableUpload, $DisableWiki, $DisablePM, $DisableIRC, $DisableRequests, $DisableCountry, $FLTokens) = $DB->next_record(MYSQLI_NUM, array(8,11)); } else { // Person viewing is a normal user $DB->query("SELECT m.Username, @@ -1158,10 +1159,16 @@ function check_paranoia_here($Setting) { Restricted Forums (comma-delimited): - - - - + + + + + + Extra Forums (comma-delimited): + + + +
diff --git a/sections/userhistory/post_history.php b/sections/userhistory/post_history.php index 5544dc01..74cda3fe 100644 --- a/sections/userhistory/post_history.php +++ b/sections/userhistory/post_history.php @@ -72,11 +72,17 @@ $sql .= ' LEFT JOIN forums AS f ON f.ID = t.ForumID WHERE p.AuthorID = '.$UserID.' - AND f.MinClassRead <= '.$LoggedUser['Class']; + AND ((f.MinClassRead <= '.$LoggedUser['Class']; if(!empty($RestrictedForums)) { $sql.=' AND f.ID NOT IN (\''.$RestrictedForums.'\')'; } + $sql .= ')'; + if(!empty($PermittedForums)) { + $sql.=' + OR f.ID IN (\''.$PermittedForums.'\')'; + } + $sql .= ')'; if($ShowUnread) { $sql .= ' AND ((t.IsLocked=\'0\' OR t.IsSticky=\'1\') diff --git a/sections/userhistory/subscriptions.php b/sections/userhistory/subscriptions.php index 08f22e16..45b83765 100644 --- a/sections/userhistory/subscriptions.php +++ b/sections/userhistory/subscriptions.php @@ -22,7 +22,9 @@ if($LoggedUser['CustomForums']) { unset($LoggedUser['CustomForums']['']); $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); + $PermittedForums = implode("','", array_keys($LoggedUser['CustomForums'], 1)); } + $ShowUnread = (!isset($_GET['showunread']) && !isset($HeavyInfo['SubscriptionsUnread']) || isset($HeavyInfo['SubscriptionsUnread']) && !!$HeavyInfo['SubscriptionsUnread'] || isset($_GET['showunread']) && !!$_GET['showunread']); $ShowCollapsed = (!isset($_GET['collapse']) && !isset($HeavyInfo['SubscriptionsCollapse']) || isset($HeavyInfo['SubscriptionsCollapse']) && !!$HeavyInfo['SubscriptionsCollapse'] || isset($_GET['collapse']) && !!$_GET['collapse']); $sql = 'SELECT @@ -35,11 +37,15 @@ LEFT JOIN forums_last_read_topics AS l ON p.TopicID = l.TopicID AND l.UserID = s.UserID WHERE s.UserID = '.$LoggedUser['ID'].' AND p.ID <= IFNULL(l.PostID,t.LastPostID) - AND f.MinClassRead <= '.$LoggedUser['Class']; + AND ((f.MinClassRead <= '.$LoggedUser['Class']; if(!empty($RestrictedForums)) { - $sql.=' - AND f.ID NOT IN (\''.$RestrictedForums.'\')'; + $sql.=' AND f.ID NOT IN (\''.$RestrictedForums.'\')'; } +$sql .= ')'; +if(!empty($PermittedForums)) { + $sql.=' OR f.ID IN (\''.$PermittedForums.'\')'; +} +$sql .= ')'; if($ShowUnread) { $sql .= ' AND IF(l.PostID IS NULL OR (t.IsLocked = \'1\' && t.IsSticky = \'0\'), t.LastPostID, l.PostID) < t.LastPostID'; diff --git a/sections/userhistory/thread_subscribe.php b/sections/userhistory/thread_subscribe.php index bee2d8d5..b13e65e4 100644 --- a/sections/userhistory/thread_subscribe.php +++ b/sections/userhistory/thread_subscribe.php @@ -10,9 +10,9 @@ error(0); } -$DB->query('SELECT MinClassRead FROM forums WHERE forums.ID = (SELECT ForumID FROM forums_topics WHERE ID = '.db_string($_GET['topicid']).')'); -list($MinClassRead) = $DB->next_record(); -if($MinClassRead>$LoggedUser['Class']) { +$DB->query('SELECT MinClassRead, ID FROM forums WHERE forums.ID = (SELECT ForumID FROM forums_topics WHERE ID = '.db_string($_GET['topicid']).')'); +list($MinClassRead, $ForumID) = $DB->next_record(); +if(!check_forumperm($ForumID)) { die(); }