From c58f94a36f871fc504857b6d6f6f13ab2ceff4d1 Mon Sep 17 00:00:00 2001 From: "What.CD" Date: Sun, 15 May 2011 12:06:04 +0000 Subject: [PATCH] Improved method for dealing with restricted forums Exclude restricted forums from searches Exclude restricted forums from post history Exclude restricted forums from subscriptions --- classes/script_start.php | 10 +- design/privateheader.php | 8 +- sections/forums/forum.php | 3 - sections/forums/functions.php | 11 +++ sections/forums/index.php | 1 + sections/forums/search.php | 12 ++- sections/forums/take_reply.php | 1 - sections/forums/thread.php | 9 +- sections/schedule/index.php | 7 +- sections/user/takemoderate.php | 7 +- sections/userhistory/post_history.php | 13 +++ sections/userhistory/subscriptions.php | 124 ++++++++++++------------- 12 files changed, 121 insertions(+), 85 deletions(-) diff --git a/classes/script_start.php b/classes/script_start.php index fe9c171e..fdb8033c 100644 --- a/classes/script_start.php +++ b/classes/script_start.php @@ -345,7 +345,8 @@ function user_heavy_info($UserID) { i.DisableRequests, i.SiteOptions, i.DownloadAlt, - i.LastReadNews + i.LastReadNews, + i.RestrictedForums FROM users_main AS m INNER JOIN users_info AS i ON i.UserID=m.ID WHERE m.ID='$UserID'"); @@ -355,6 +356,13 @@ function user_heavy_info($UserID) { $HeavyInfo['CustomPermissions'] = unserialize($HeavyInfo['CustomPermissions']); } + if (!empty($HeavyInfo['RestrictedForums'])) { + $HeavyInfo['CustomForums'] = array_fill_keys(explode(',', $HeavyInfo['RestrictedForums']), 0); + } else { + $HeavyInfo['CustomForums'] = null; + } + unset($HeavyInfo['RestrictedForums']); + if(!empty($HeavyInfo['SiteOptions'])) { $HeavyInfo['SiteOptions'] = unserialize($HeavyInfo['SiteOptions']); $HeavyInfo = array_merge($HeavyInfo, $HeavyInfo['SiteOptions']); diff --git a/design/privateheader.php b/design/privateheader.php index 8ee1ebd0..7848a6b8 100644 --- a/design/privateheader.php +++ b/design/privateheader.php @@ -117,6 +117,10 @@ //Subscriptions $NewSubscriptions = $Cache->get_value('subscriptions_user_new_'.$LoggedUser['ID']); if($NewSubscriptions === FALSE) { + if($LoggedUser['CustomForums']) { + unset($LoggedUser['CustomForums']['']); + $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); + } $DB->query("SELECT COUNT(s.TopicID) FROM users_subscriptions AS s JOIN forums_last_read_topics AS l ON s.UserID = l.UserID AND s.TopicID = l.TopicID @@ -124,7 +128,9 @@ JOIN forums AS f ON t.ForumID = f.ID WHERE f.MinClassRead <= ".$LoggedUser['Class']." AND l.PostID < t.LastPostID - AND s.UserID = ".$LoggedUser['ID']); + AND s.UserID = ".$LoggedUser['ID']. + (!empty($RestrictedForums) ? " + AND f.ID NOT IN ('".$RestrictedForums."')" : "")); list($NewSubscriptions) = $DB->next_record(); $Cache->cache_value('subscriptions_user_new_'.$LoggedUser['ID'], $NewSubscriptions, 0); } diff --git a/sections/forums/forum.php b/sections/forums/forum.php index 694ae9e9..826b04af 100644 --- a/sections/forums/forum.php +++ b/sections/forums/forum.php @@ -8,8 +8,6 @@ ********************************************************************************/ -include(SERVER_ROOT.'/sections/forums/functions.php'); - //---------- Things to sort out before it can start printing/generating content // Check for lame SQL injection attempts @@ -61,7 +59,6 @@ } if(!isset($Forums[$ForumID])) { error(404); } - // Make sure they're allowed to look at the page if (!check_perms('site_moderate_forums')) { $DB->query("SELECT RestrictedForums FROM users_info WHERE UserID = ".$LoggedUser['ID']); diff --git a/sections/forums/functions.php b/sections/forums/functions.php index 05c93a27..6aeaa9bc 100644 --- a/sections/forums/functions.php +++ b/sections/forums/functions.php @@ -41,3 +41,14 @@ function get_thread_info($ThreadID, $Return = true, $SelectiveCache = false) { return $ThreadInfo; } } + +function check_forumperm($ForumID) { + global $LoggedUser, $Forums; + if($Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class'] && (!isset($LoggedUser['CustomForums'][$ForumID]) || $LoggedUser['CustomForums'][$ForumID] == 0)) { + return false; + } + if(isset($LoggedUser['CustomForums'][$ForumID]) && $LoggedUser['CustomForums'][$ForumID] == 0) { + return false; + } + return true; +} diff --git a/sections/forums/index.php b/sections/forums/index.php index 6241796d..dcbedb80 100644 --- a/sections/forums/index.php +++ b/sections/forums/index.php @@ -6,6 +6,7 @@ error(403); } +include(SERVER_ROOT.'/sections/forums/functions.php'); //This variable contains all our lovely forum data if(!$Forums = $Cache->get_value('forums_list')) { $DB->query("SELECT diff --git a/sections/forums/search.php b/sections/forums/search.php index abb68297..dafc3a26 100644 --- a/sections/forums/search.php +++ b/sections/forums/search.php @@ -83,7 +83,7 @@ $Columns = 0; foreach($Forums as $Forum) { - if ($Forum['MinClassRead'] > $LoggedUser['Class']) { + if (!check_forumperm($Forum['ID'])) { continue; } @@ -143,6 +143,10 @@ // Break search string down into individual words $Words = explode(' ', db_string($Search)); +if($LoggedUser['CustomForums']) { + unset($LoggedUser['CustomForums']['']); + $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); +} if($Type == 'body') { $sql = "SELECT SQL_CALC_FOUND_ROWS @@ -162,6 +166,9 @@ JOIN forums AS f ON f.ID=t.ForumID WHERE f.MinClassRead<='$LoggedUser[Class]' AND "; + if(!empty($RestrictedForums)) { + $sql.="f.ID NOT IN ('".$RestrictedForums."') AND "; + } //In tests, this is significantly faster than LOCATE $sql .= "p.Body LIKE '%"; @@ -194,6 +201,9 @@ JOIN forums AS f ON f.ID=t.ForumID WHERE f.MinClassRead<='$LoggedUser[Class]' AND "; + if(!empty($RestrictedForums)) { + $sql.="f.ID NOT IN ('".$RestrictedForums."') AND "; + } $sql .= "t.Title LIKE '%"; $sql .= implode("%' AND t.Title LIKE '%", $Words); $sql .= "%' "; diff --git a/sections/forums/take_reply.php b/sections/forums/take_reply.php index 3a4e87b9..bf8487df 100644 --- a/sections/forums/take_reply.php +++ b/sections/forums/take_reply.php @@ -1,6 +1,5 @@ query("SELECT RestrictedForums FROM users_info WHERE UserID = ".$LoggedUser['ID']); - list($RestrictedForums) = $DB->next_record(); - $RestrictedForums = explode(',', $RestrictedForums); - if (array_search($ForumID, $RestrictedForums) !== FALSE) { error(403); } +if($Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class'] || (isset($LoggedUser['CustomForums'][$ForumID]) && $LoggedUser['CustomForums'][$ForumID] == 0)) { + error(403); } -if($Forums[$ForumID]['MinClassRead'] > $LoggedUser['Class']) { error(403); } //Post links utilize the catalogue & key params to prevent issues with custom posts per page if($ThreadInfo['Posts'] > $PerPage) { diff --git a/sections/schedule/index.php b/sections/schedule/index.php index 56f38b1a..832a44c6 100644 --- a/sections/schedule/index.php +++ b/sections/schedule/index.php @@ -440,7 +440,6 @@ function next_hour() { WHERE m.Uploaded/m.Downloaded < m.RequiredRatio AND i.RatioWatchEnds='0000-00-00 00:00:00' AND m.Enabled='1' - AND m.Downloaded > 100<<30 AND m.can_leech='1'"); $OnRatioWatch = $DB->collect('ID'); @@ -625,9 +624,9 @@ function next_hour() { JOIN torrents_group AS tg ON tg.ID = t.GroupID LEFT JOIN artists_group AS ag ON ag.ArtistID = tg.ArtistID WHERE t.last_action < '".time_minus(3600*24*28)."' - AND t.last_action != 0"); -// OR t.Time < '".time_minus(3600*24*2)."' -// AND t.last_action = 0"); + AND t.last_action != 0 + OR t.Time < '".time_minus(3600*24*2)."' + AND t.last_action = 0"); $TorrentIDs = $DB->to_array(); $LogEntries = array(); diff --git a/sections/user/takemoderate.php b/sections/user/takemoderate.php index c84aa0c6..91257c94 100644 --- a/sections/user/takemoderate.php +++ b/sections/user/takemoderate.php @@ -60,7 +60,7 @@ $DisableRequests = (isset($_POST['DisableRequests']))? 1 : 0; $DisableLeech = (isset($_POST['DisableLeech'])) ? 0 : 1; -$RestrictedForums = db_string($_POST['RestrictedForums']); +$RestrictedForums = db_string(trim($_POST['RestrictedForums'])); $EnableUser = (int)$_POST['UserStatus']; $ResetRatioWatch = (isset($_POST['ResetRatioWatch']))? 1 : 0; $ResetPasskey = (isset($_POST['ResetPasskey']))? 1 : 0; @@ -338,6 +338,11 @@ if ($RestrictedForums != db_string($Cur['RestrictedForums']) && check_perms('users_mod')) { $UpdateSet[]="RestrictedForums='$RestrictedForums'"; $EditSummary[]="restricted forum(s): $RestrictedForums"; + if(empty($RestrictedForums)) { + $HeavyUpdates['CustomForums'] = null; + } else { + $HeavyUpdates['CustomForums'] = array_fill_keys(explode(',', $RestrictedForums), 0); + } } if ($DisableAvatar!=$Cur['DisableAvatar'] && check_perms('users_disable_any')) { diff --git a/sections/userhistory/post_history.php b/sections/userhistory/post_history.php index e38d5399..5d986a46 100644 --- a/sections/userhistory/post_history.php +++ b/sections/userhistory/post_history.php @@ -52,6 +52,10 @@ show_header('Post history for '.$Username,'subscriptions,comments,bbcode'); +if($LoggedUser['CustomForums']) { + unset($LoggedUser['CustomForums']['']); + $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); +} $ViewingOwn = ($UserID == $LoggedUser['ID']); $ShowUnread = ($ViewingOwn && (!isset($_GET['showunread']) || !!$_GET['showunread'])); $ShowGrouped = ($ViewingOwn && (!isset($_GET['group']) || !!$_GET['group'])); @@ -69,6 +73,10 @@ LEFT JOIN forums AS f ON f.ID = t.ForumID WHERE p.AuthorID = '.$UserID.' AND f.MinClassRead <= '.$LoggedUser['Class']; + if(!empty($RestrictedForums)) { + $sql.=' + AND f.ID NOT IN (\''.$RestrictedForums.'\')'; + } if($ShowUnread) { $sql .= ' AND ((t.IsLocked=\'0\' OR t.IsSticky=\'1\') @@ -141,6 +149,11 @@ WHERE p.AuthorID = '.$UserID.' AND f.MinClassRead <= '.$LoggedUser['Class']; + if(!empty($RestrictedForums)) { + $sql.=' + AND f.ID NOT IN (\''.$RestrictedForums.'\')'; + } + if($ShowUnread) { $sql.=' AND ((t.IsLocked=\'0\' OR t.IsSticky=\'1\') AND (l.PostIDget_value('subscriptions_user_'.$LoggedUser['ID'])) === FALSE) { - $DB->query('SELECT TopicID FROM users_subscriptions WHERE UserID = '.$LoggedUser['ID']); - if($UserSubscriptions = $DB->collect(0)) { - $Cache->cache_value('subscriptions_user_'.$LoggedUser['ID'],$UserSubscriptions,0); - } + +if($LoggedUser['CustomForums']) { + unset($LoggedUser['CustomForums']['']); + $RestrictedForums = implode("','", array_keys($LoggedUser['CustomForums'], 0)); } $ShowUnread = (!isset($_GET['showunread']) && !isset($HeavyInfo['SubscriptionsUnread']) || isset($HeavyInfo['SubscriptionsUnread']) && !!$HeavyInfo['SubscriptionsUnread'] || isset($_GET['showunread']) && !!$_GET['showunread']); $ShowCollapsed = (!isset($_GET['collapse']) && !isset($HeavyInfo['SubscriptionsCollapse']) || isset($HeavyInfo['SubscriptionsCollapse']) && !!$HeavyInfo['SubscriptionsCollapse'] || isset($_GET['collapse']) && !!$_GET['collapse']); -if(!empty($UserSubscriptions)) { - $sql = "SELECT - SQL_CALC_FOUND_ROWS - MAX(p.ID) AS ID +$sql = 'SELECT + SQL_CALC_FOUND_ROWS + MAX(p.ID) AS ID + FROM forums_posts AS p + LEFT JOIN forums_topics AS t ON t.ID = p.TopicID + JOIN users_subscriptions AS s ON s.TopicID = t.ID + LEFT JOIN forums AS f ON f.ID = t.ForumID + LEFT JOIN forums_last_read_topics AS l ON p.TopicID = l.TopicID AND l.UserID = s.UserID + WHERE s.UserID = '.$LoggedUser['ID'].' + AND p.ID <= IFNULL(l.PostID,t.LastPostID) + AND f.MinClassRead <= '.$LoggedUser['Class']; +if(!empty($RestrictedForums)) { + $sql.=' + AND f.ID NOT IN (\''.$RestrictedForums.'\')'; +} +if($ShowUnread) { + $sql .= ' + AND IF(l.PostID IS NULL OR (t.IsLocked = \'1\' && t.IsSticky = \'0\'), t.LastPostID, l.PostID) < t.LastPostID'; +} +$sql .= ' + GROUP BY t.ID + ORDER BY t.LastPostID DESC + LIMIT '.$Limit; +$PostIDs = $DB->query($sql); +$DB->query('SELECT FOUND_ROWS()'); +list($NumResults) = $DB->next_record(); + +if($NumResults > $PerPage*($Page-1)) { + $DB->set_query_id($PostIDs); + $PostIDs = $DB->collect('ID'); + $sql = 'SELECT + f.ID AS ForumID, + f.Name AS ForumName, + p.TopicID, + t.Title, + p.Body, + t.LastPostID, + t.IsLocked, + t.IsSticky, + p.ID, + um.ID, + um.Username, + ui.Avatar, + p.EditedUserID, + p.EditedTime, + ed.Username AS EditedUsername FROM forums_posts AS p - LEFT JOIN forums_last_read_topics AS l ON l.UserID = ".$LoggedUser['ID']." AND p.TopicID = l.TopicID LEFT JOIN forums_topics AS t ON t.ID = p.TopicID LEFT JOIN forums AS f ON f.ID = t.ForumID - WHERE t.ID IN (".implode(',',$UserSubscriptions).") - AND p.ID <= IF(l.PostID IS NULL - OR l.PostID>t.LastPostID, - t.LastPostID, - l.PostID) - AND f.MinClassRead<=".$LoggedUser['Class']; - if($ShowUnread) { - $sql .= " - AND IF(l.PostID IS NULL OR (t.IsLocked = '1' && t.IsSticky = '0'), t.LastPostID, l.PostID)query($sql); - $DB->query("SELECT FOUND_ROWS()"); - list($NumResults) = $DB->next_record(); - - if($NumResults > $PerPage*($Page-1)) { - $DB->set_query_id($PostIDs); - $PostIDs = $DB->collect('ID'); - $sql = 'SELECT - f.ID AS ForumID, - f.Name AS ForumName, - p.TopicID, - t.Title, - p.Body, - t.LastPostID, - t.IsLocked, - t.IsSticky, - p.ID, - IFNULL((SELECT COUNT(ID) - FROM forums_posts - WHERE forums_posts.TopicID=p.TopicID - AND forums_posts.ID <= p.ID),1) - AS LastReadNum, - um.ID, - um.Username, - ui.Avatar, - p.EditedUserID, - p.EditedTime, - ed.Username AS EditedUsername - FROM forums_posts AS p - LEFT JOIN forums_topics AS t ON t.ID = p.TopicID - LEFT JOIN forums AS f ON f.ID = t.ForumID - LEFT JOIN users_main AS um ON um.ID = p.AuthorID - LEFT JOIN users_info AS ui ON ui.UserID = um.ID - LEFT JOIN users_main AS ed ON ed.ID = um.ID - WHERE p.ID IN ('.implode(',',$PostIDs).') - ORDER BY f.Name ASC, t.LastPostID DESC'; - $DB->query($sql); - } -} else { - $NumResults = 0; + LEFT JOIN users_main AS um ON um.ID = p.AuthorID + LEFT JOIN users_info AS ui ON ui.UserID = um.ID + LEFT JOIN users_main AS ed ON ed.ID = um.ID + WHERE p.ID IN ('.implode(',',$PostIDs).') + ORDER BY f.Name ASC, t.LastPostID DESC'; + $DB->query($sql); } ?>
@@ -131,7 +123,7 @@ ?>
next_record()){ + while(list($ForumID, $ForumName, $TopicID, $ThreadTitle, $Body, $LastPostID, $Locked, $Sticky, $PostID, $AuthorID, $AuthorName, $AuthorAvatar, $EditedUserID, $EditedTime, $EditedUsername) = $DB->next_record()){ ?> '> @@ -144,7 +136,7 @@ - + [Unsubscribe]