equal
deleted
inserted
replaced
1 <?php |
1 <?php |
2 |
2 |
3 /* |
3 /* |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
5 * Version 1.0 (Banshee) |
5 * Version 1.0.1 (Loch Ness) |
6 * Copyright (C) 2006-2007 Dan Fuhry |
6 * Copyright (C) 2006-2007 Dan Fuhry |
7 * sessions.php - everything related to security and user management |
7 * sessions.php - everything related to security and user management |
8 * |
8 * |
9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
2062 { |
2062 { |
2063 unset($this->perms[$i]); |
2063 unset($this->perms[$i]); |
2064 } |
2064 } |
2065 } |
2065 } |
2066 |
2066 |
|
2067 // PAGE group info |
|
2068 $pg_list = $paths->get_page_groups($paths->cpage['urlname_nons'], $paths->namespace); |
|
2069 $pg_info = ''; |
|
2070 foreach ( $pg_list as $g_id ) |
|
2071 { |
|
2072 $pg_info .= ' ( page_id=\'' . $g_id . '\' AND namespace=\'__PageGroup\' ) OR'; |
|
2073 } |
|
2074 |
2067 // Build a query to grab ACL info |
2075 // Build a query to grab ACL info |
2068 $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( '; |
2076 $bs = 'SELECT rules,target_type,target_id FROM '.table_prefix.'acl WHERE ( '; |
2069 $q = Array(); |
2077 $q = Array(); |
2070 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )'; |
2078 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$this->user_id.' )'; |
2071 if(count($this->groups) > 0) |
2079 if(count($this->groups) > 0) |
2075 $q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )'; |
2083 $q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )'; |
2076 } |
2084 } |
2077 } |
2085 } |
2078 // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual |
2086 // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual |
2079 // permissions to override group permissions. |
2087 // permissions to override group permissions. |
2080 $bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) |
2088 $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' ( page_id=\''.$db->escape($paths->cpage['urlname_nons']).'\' AND namespace=\''.$db->escape($paths->namespace).'\' ) ) |
2081 ORDER BY target_type ASC, page_id ASC, namespace ASC;'; |
2089 ORDER BY target_type ASC, page_id ASC, namespace ASC;'; |
2082 $q = $this->sql($bs); |
2090 $q = $this->sql($bs); |
2083 if ( $row = $db->fetchrow() ) |
2091 if ( $row = $db->fetchrow() ) |
2084 { |
2092 { |
2085 do { |
2093 do { |
2487 $this->acl_descs = $acl_descs; |
2495 $this->acl_descs = $acl_descs; |
2488 |
2496 |
2489 $this->perms = $acl_types; |
2497 $this->perms = $acl_types; |
2490 $this->perms = $session->acl_merge_complete($this->perms, $base); |
2498 $this->perms = $session->acl_merge_complete($this->perms, $base); |
2491 |
2499 |
|
2500 // PAGE group info |
|
2501 $pg_list = $paths->get_page_groups($page_id, $namespace); |
|
2502 $pg_info = ''; |
|
2503 foreach ( $pg_list as $g_id ) |
|
2504 { |
|
2505 $pg_info .= ' ( page_id=\'' . $g_id . '\' AND namespace=\'__PageGroup\' ) OR'; |
|
2506 } |
|
2507 |
2492 // Build a query to grab ACL info |
2508 // Build a query to grab ACL info |
2493 $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( '; |
2509 $bs = 'SELECT rules FROM '.table_prefix.'acl WHERE ( '; |
2494 $q = Array(); |
2510 $q = Array(); |
2495 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )'; |
2511 $q[] = '( target_type='.ACL_TYPE_USER.' AND target_id='.$session->user_id.' )'; |
2496 if(count($session->groups) > 0) |
2512 if(count($session->groups) > 0) |
2500 $q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )'; |
2516 $q[] = '( target_type='.ACL_TYPE_GROUP.' AND target_id='.intval($g_id).' )'; |
2501 } |
2517 } |
2502 } |
2518 } |
2503 // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual |
2519 // The reason we're using an ORDER BY statement here is because ACL_TYPE_GROUP is less than ACL_TYPE_USER, causing the user's individual |
2504 // permissions to override group permissions. |
2520 // permissions to override group permissions. |
2505 $bs .= implode(' OR ', $q) . ' ) AND ( page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' ) |
2521 $bs .= implode(' OR ', $q) . ' ) AND (' . $pg_info . ' page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\' ) |
2506 ORDER BY target_type ASC, page_id ASC, namespace ASC;'; |
2522 ORDER BY target_type ASC, page_id ASC, namespace ASC;'; |
2507 $q = $session->sql($bs); |
2523 $q = $session->sql($bs); |
2508 if ( $row = $db->fetchrow() ) |
2524 if ( $row = $db->fetchrow() ) |
2509 { |
2525 { |
2510 do { |
2526 do { |