includes/sessions.php
changeset 770 62fed244fa1c
parent 749 ea3045a3bcbd
child 776 f37b60d393bc
equal deleted inserted replaced
769:1946d845bb25 770:62fed244fa1c
  2347     // The actual query
  2347     // The actual query
  2348     $sql = "SELECT u.user_id, u.username, u.user_level, u.user_group, u.user_rank, u.user_title, g.group_rank,\n"
  2348     $sql = "SELECT u.user_id, u.username, u.user_level, u.user_group, u.user_rank, u.user_title, g.group_rank,\n"
  2349          . "       COALESCE(ru.rank_id,    rg.rank_id,    rl.rank_id,    rd.rank_id   ) AS rank_id,\n"
  2349          . "       COALESCE(ru.rank_id,    rg.rank_id,    rl.rank_id,    rd.rank_id   ) AS rank_id,\n"
  2350          . "       COALESCE(ru.rank_title, rg.rank_title, rl.rank_title, rd.rank_title) AS rank_title,\n"
  2350          . "       COALESCE(ru.rank_title, rg.rank_title, rl.rank_title, rd.rank_title) AS rank_title,\n"
  2351          . "       COALESCE(ru.rank_style, rg.rank_style, rl.rank_style, rd.rank_style) AS rank_style,\n"
  2351          . "       COALESCE(ru.rank_style, rg.rank_style, rl.rank_style, rd.rank_style) AS rank_style,\n"
  2352          . "       rg.rank_id AS group_rank_id,"
  2352          . "       rg.rank_id AS group_rank_id,\n"
  2353          . "       ( ru.rank_id IS NULL AND rg.rank_id IS NULL ) AS using_default,"
  2353          . "       ( ru.rank_id IS NULL AND rg.rank_id IS NULL ) AS using_default,\n"
  2354          . "       ( ru.rank_id IS NULL AND rg.rank_id IS NOT NULL ) AS using_group,"
  2354          . "       ( ru.rank_id IS NULL AND rg.rank_id IS NOT NULL ) AS using_group,\n"
       
  2355          . "       ( ru.rank_id IS NOT NULL ) AS using_user,\n"
       
  2356          . "       u.user_rank_userset,\n"
  2355          . "       $gid_col\n"
  2357          . "       $gid_col\n"
  2356          . "  FROM " . table_prefix . "users AS u\n"
  2358          . "  FROM " . table_prefix . "users AS u\n"
  2357          . "  LEFT JOIN " . table_prefix . "groups AS g\n"
  2359          . "  LEFT JOIN " . table_prefix . "groups AS g\n"
  2358          . "    ON ( g.group_id = u.user_group )\n"
  2360          . "    ON ( g.group_id = u.user_group )\n"
  2359          . "  LEFT JOIN " . table_prefix . "group_members AS m\n"
  2361          . "  LEFT JOIN " . table_prefix . "group_members AS m\n"
  2391   function get_user_rank($id)
  2393   function get_user_rank($id)
  2392   {
  2394   {
  2393     global $db, $session, $paths, $template, $plugins; // Common objects
  2395     global $db, $session, $paths, $template, $plugins; // Common objects
  2394     global $lang;
  2396     global $lang;
  2395     global $user_ranks;
  2397     global $user_ranks;
  2396     // cache info if possible
  2398     // cache info in RAM if possible
  2397     static $_cache = array();
  2399     static $_cache = array();
  2398     
  2400     
  2399     if ( is_int($id) && $id == 0 )
  2401     if ( is_int($id) && $id == 0 )
  2400       $id = 1;
  2402       $id = 1;
  2401     
  2403     
  2405       $col = ENANO_SQLFUNC_LOWERCASE . "(username) = " . ENANO_SQLFUNC_LOWERCASE . "('" . $db->escape($id) . "')";
  2407       $col = ENANO_SQLFUNC_LOWERCASE . "(username) = " . ENANO_SQLFUNC_LOWERCASE . "('" . $db->escape($id) . "')";
  2406     else
  2408     else
  2407       // invalid parameter
  2409       // invalid parameter
  2408       return false;
  2410       return false;
  2409       
  2411       
  2410     // check the cache
  2412     // check the RAM cache
  2411     if ( isset($_cache[$id]) )
  2413     if ( isset($_cache[$id]) )
  2412       return $_cache[$id];
  2414       return $_cache[$id];
  2413     
  2415     
  2414     // check the disk cache
  2416     // check the disk cache
  2415     if ( is_int($id) )
  2417     if ( is_int($id) )
  2553     $row['user_level'] = intval($row['user_level']);
  2555     $row['user_level'] = intval($row['user_level']);
  2554     $row['user_group'] = intval($row['user_group']);
  2556     $row['user_group'] = intval($row['user_group']);
  2555     
  2557     
  2556     unset($row['user_rank'], $row['group_rank'], $row['group_list'], $row['using_default'], $row['using_group'], $row['user_level'], $row['user_group'], $row['username']);
  2558     unset($row['user_rank'], $row['group_rank'], $row['group_list'], $row['using_default'], $row['using_group'], $row['user_level'], $row['user_group'], $row['username']);
  2557     return $row;
  2559     return $row;
       
  2560   }
       
  2561   
       
  2562   /**
       
  2563    * Get the list of ranks that a user is allowed to use. Returns false if they cannot change it.
       
  2564    * @param string|int User ID or username
       
  2565    * @return array Associative by rank ID
       
  2566    */
       
  2567   
       
  2568   function get_user_possible_ranks($id)
       
  2569   {
       
  2570     global $db, $session, $paths, $template, $plugins; // Common objects
       
  2571     
       
  2572     // cache info in RAM if possible
       
  2573     static $_cache = array();
       
  2574     
       
  2575     if ( is_int($id) && $id == 0 )
       
  2576       $id = 1;
       
  2577     
       
  2578     if ( is_int($id) )
       
  2579       $col = "u.user_id = $id";
       
  2580     else if ( is_string($id) )
       
  2581       $col = ENANO_SQLFUNC_LOWERCASE . "(username) = " . ENANO_SQLFUNC_LOWERCASE . "('" . $db->escape($id) . "')";
       
  2582     else
       
  2583       // invalid parameter
       
  2584       return false;
       
  2585       
       
  2586     // check the RAM cache
       
  2587     if ( isset($_cache[$id]) )
       
  2588       return $_cache[$id];
       
  2589     
       
  2590     $sql = $this->generate_rank_sql("\n  WHERE $col");
       
  2591     
       
  2592     $q = $this->sql($sql);
       
  2593     // any results?
       
  2594     if ( $db->numrows() < 1 )
       
  2595     {
       
  2596       // nuttin'.
       
  2597       $db->free_result();
       
  2598       $_cache[$id] = false;
       
  2599       return false;
       
  2600     }
       
  2601     
       
  2602     // Found something.
       
  2603     $row = $db->fetchrow();
       
  2604     $db->free_result();
       
  2605     
       
  2606     if ( $row['using_user'] && !$row['user_rank_userset'] )
       
  2607     {
       
  2608       // The user's rank was set manually by an admin.
       
  2609       $result = array(
       
  2610         array(
       
  2611           'rank_id' => $row['rank_id'],
       
  2612           'rank_title' => $row['rank_title'],
       
  2613           'rank_style' => $row['rank_style'],
       
  2614           'rank_type' => 'user'
       
  2615           )
       
  2616         );
       
  2617       $_cache[$id] = $result;
       
  2618       return $result;
       
  2619     }
       
  2620     
       
  2621     // copy the result to a more permanent array so we can reference this later
       
  2622     $current_settings = $row;
       
  2623     unset($row);
       
  2624     
       
  2625     $result = array();
       
  2626     
       
  2627     // first rank available to us will be the one set by the user's user level
       
  2628     if ( isset($this->level_rank_table[$current_settings['user_level']]) )
       
  2629     {
       
  2630       $q = $this->sql('SELECT rank_id, rank_title, rank_style FROM ' . table_prefix . "ranks WHERE rank_id = {$this->level_rank_table[$this->user_level]};");
       
  2631       if ( $db->numrows() > 0 )
       
  2632       {
       
  2633         $row = $db->fetchrow();
       
  2634         $row['rank_type'] = 'ulevel';
       
  2635         
       
  2636         $result[] = $row;
       
  2637       }
       
  2638       $db->free_result();
       
  2639     }
       
  2640     
       
  2641     // for each group the user is in, figure out if it has a rank associated with it
       
  2642     $group_list = explode(',', $current_settings['group_list']);
       
  2643     foreach ( $group_list as $group_id )
       
  2644     {
       
  2645       $group_id = intval($group_id);
       
  2646       $q = $this->sql('SELECT r.rank_id, r.rank_title, r.rank_style FROM ' . table_prefix . "groups AS g\n"
       
  2647                     . "  LEFT JOIN " . table_prefix . "ranks AS r\n"
       
  2648                     . "    ON ( g.group_rank = r.rank_id )\n"
       
  2649                     . "  WHERE g.group_id = $group_id\n"
       
  2650                     . "    AND r.rank_id IS NOT NULL;");
       
  2651       if ( $db->numrows() > 0 )
       
  2652       {
       
  2653         $row = $db->fetchrow();
       
  2654         $row['rank_type'] = 'group';
       
  2655         
       
  2656         $result[] = $row;
       
  2657       }
       
  2658       $db->free_result();
       
  2659     }
       
  2660     
       
  2661     $_cache[$id] = $result;
       
  2662     return $result;
  2558   }
  2663   }
  2559   
  2664   
  2560   #
  2665   #
  2561   # Access Control Lists
  2666   # Access Control Lists
  2562   #
  2667   #
  3569         $dh_secret_check = sha1($dh_secret);
  3674         $dh_secret_check = sha1($dh_secret);
  3570         if ( $dh_secret_check !== $dh_hash )
  3675         if ( $dh_secret_check !== $dh_hash )
  3571         {
  3676         {
  3572           return array(
  3677           return array(
  3573             'mode' => 'error',
  3678             'mode' => 'error',
  3574             'error' => 'ERR_DH_HASH_NO_MATCH'
  3679             'error' => 'ERR_DH_HASH_NO_MATCH',
  3575           );
  3680           );
  3576         }
  3681         }
  3577         
  3682         
  3578         // All good! Generate the AES key
  3683         // All good! Generate the AES key
  3579         $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));
  3684         $aes_key = substr(sha256($dh_secret), 0, ( AES_BITS / 4 ));