Subversion Repositories Applications.papyrus

Rev

Rev 831 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
831 florian 1
<?php
2
 
3
////////////////////////////////////////////////////////////////////////////////
4
//                                                                            //
5
//   Copyright (C) 2006  Phorum Development Team                              //
6
//   http://www.phorum.org                                                    //
7
//                                                                            //
8
//   This program is free software. You can redistribute it and/or modify     //
9
//   it under the terms of either the current Phorum License (viewable at     //
10
//   phorum.org) or the Phorum License that was distributed with this file    //
11
//                                                                            //
12
//   This program is distributed in the hope that it will be useful,          //
13
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
14
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
15
//                                                                            //
16
//   You should have received a copy of the Phorum License                    //
17
//   along with this program.                                                 //
18
////////////////////////////////////////////////////////////////////////////////
19
 
20
if ( !defined( "PHORUM" ) ) return;
21
 
22
/**
23
 * These functions are Phorum's interface to the user data.  If you want
24
 * to use your own user data, just replace these functions.
25
 *
26
 * The functions do use Phorum's database layer.  Of course, it is not
27
 * required.
28
 */
29
// if you write your own user layer, set this to false
30
define( "PHORUM_ORIGINAL_USER_CODE", true );
31
 
32
define( "PHORUM_SESSION_LONG_TERM" , "phorum_session_v5" );
33
define( "PHORUM_SESSION_SHORT_TERM", "phorum_session_st" );
34
define( "PHORUM_SESSION_ADMIN", "phorum_admin_session" );
35
 
36
function phorum_user_check_session( $cookie = PHORUM_SESSION_LONG_TERM )
37
{
38
    $PHORUM = $GLOBALS["PHORUM"];
39
 
40
    // If we do URI based authentication, we will only look at the
41
    // PHORUM_SESSION_LONG_TERM session (which is the session key that is
42
    // stored in the URI). Here we rewrite requests for
43
    // PHORUM_SESSION_SHORT_TERM so we will handle tighter security correctly.
44
    if ( isset($PHORUM["use_cookies"]) && ! $PHORUM["use_cookies"] &&
45
         $cookie == PHORUM_SESSION_SHORT_TERM) {
46
        $cookie = PHORUM_SESSION_LONG_TERM;
47
    }
48
 
49
    if ( ( $cookie != PHORUM_SESSION_LONG_TERM || ( isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"] ) ) && isset( $_COOKIE[$cookie] ) ) { // REAL cookies ;)
50
        $sessid = $_COOKIE[$cookie];
51
        $GLOBALS["PHORUM"]["use_cookies"]=true;
52
    } elseif ( isset( $PHORUM["args"][$cookie] ) ) { // in the p5-urls
53
        $sessid = $PHORUM["args"][$cookie];
54
        $GLOBALS["PHORUM"]["use_cookies"]=false;
55
    } elseif ( isset( $_POST[$cookie] ) ) { // from post-forms
56
        $sessid = $_POST[$cookie];
57
        $GLOBALS["PHORUM"]["use_cookies"]=false;
58
    } elseif ( isset( $_GET[$cookie] ) ) { // should rarely happen but helps in some cases
59
        $sessid = $_GET[$cookie];
60
        $GLOBALS["PHORUM"]["use_cookies"]=false;
61
    }
62
 
63
    $success = false;
64
 
65
    if ( !empty( $sessid ) && $GLOBALS["PHORUM"]["use_cookies"]) {
66
        // this part is for cookie-authentication where we have username and password
67
        list( $userid, $md5session ) = explode( ":", $sessid, 2 );
68
 
69
        if(!is_numeric($userid)) {
70
            phorum_user_clear_session( $cookie );
71
            return false;
72
        }
73
 
74
        $user=phorum_user_get($userid, true, true);
75
        if (empty($user)) {
76
            phorum_user_clear_session( $cookie );
77
            return false;
78
        }
79
 
80
        if ( ($cookie==PHORUM_SESSION_LONG_TERM && !empty($user['cookie_sessid_lt']) && $user['cookie_sessid_lt'] == $md5session) ||
81
             ($cookie==PHORUM_SESSION_SHORT_TERM && !empty($user['sessid_st']) && $user['sessid_st'] == $md5session) ||
82
             ($cookie==PHORUM_SESSION_ADMIN && !empty($user['cookie_sessid_lt']) && md5($user['cookie_sessid_lt'].$PHORUM["admin_session_salt"]) == $md5session) ) {
83
            if ( $user["active"] ) {
84
                // write access is false by default, need to check the st-cookie too
85
                $user['write_access']=false;
86
 
87
                $GLOBALS["PHORUM"]["user"] = $user;
88
                $success = true;
89
 
90
                phorum_user_create_session( $cookie );
91
            } else {
92
                phorum_user_clear_session( $cookie );
93
            }
94
        }
95
    } elseif( !empty( $sessid ) && !$GLOBALS["PHORUM"]["use_cookies"]) {
96
        // this part is for uri-authentication where we only have a session-id
97
        $uri_session_id = urldecode( $sessid );
98
        if ( $user_id = phorum_db_user_check_field('sessid_st',$uri_session_id,'=')) {
99
            $user = phorum_user_get( $user_id, true, true );
100
            if ( $user["active"] ) {
101
 
102
                // write access is enabled for uri-authentication as thats requiring login at every visit
103
                $user['write_access']=true;
104
 
105
                $GLOBALS["PHORUM"]["user"] = $user;
106
                $success = true;
107
                phorum_user_create_session( $cookie, false, $user['sessid_st'] );
108
            } else {
109
                phorum_user_clear_session( $cookie );
110
            }
111
        }
112
    }
113
 
114
    // track user activity
115
    if($success && $PHORUM["track_user_activity"] && $GLOBALS["PHORUM"]["user"]["date_last_active"] < time() - $PHORUM["track_user_activity"] ) {
116
        $tmp_user["user_id"] = $GLOBALS["PHORUM"]["user"]["user_id"];
117
        $tmp_user["date_last_active"] = time();
118
        if(isset($PHORUM['forum_id'])) {
119
            $tmp_user["last_active_forum"]= $PHORUM['forum_id'];
120
        } else {
121
            $tmp_user["last_active_forum"]= 0;
122
        }
123
        phorum_user_save_simple( $tmp_user);
124
    }
125
 
126
    return $success;
127
}
128
 
129
function phorum_user_create_session( $cookie = PHORUM_SESSION_LONG_TERM, $refresh = false, $uri_session_id = '' )
130
{
131
    $PHORUM = $GLOBALS["PHORUM"];
132
 
133
    // require that the global user exists
134
    if ( !empty( $PHORUM["user"] ) ) {
135
        $user = $PHORUM["user"];
136
 
137
        if ( (isset( $PHORUM["use_cookies"] ) && $PHORUM["use_cookies"]) || $cookie == PHORUM_SESSION_ADMIN ) {
138
 
139
            switch($cookie){
140
                case PHORUM_SESSION_SHORT_TERM:
141
 
142
                    // creating a new shortterm-session-id if none exists yet or it has timed out
143
                    if($refresh || empty($user['sessid_st']) || $user["sessid_st_timeout"]<time()) {
144
                        $sessid=md5($user['username'].microtime().$user['password']);
145
                        $timeout = time() + $PHORUM["short_session_timeout"]*60;
146
                        $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout);
147
                        phorum_user_save_simple($simple_user);
148
 
149
                    // if the cookie is half expired, reset it.
150
                    } elseif(time() - $user["sessid_st_timeout"] < $PHORUM["short_session_timeout"]*60/2){
151
                        $sessid=$user['sessid_st'];
152
                        $timeout = time() + $PHORUM["short_session_timeout"]*60;
153
                        $simple_user=array('user_id'=>$user['user_id'],'sessid_st'=>$sessid,'sessid_st_timeout'=>$timeout);
154
                        phorum_user_save_simple($simple_user);
155
                    }
156
 
157
                    // if a timeout was set, we need to set a new cookie
158
                    if($timeout){
159
                        setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] );
160
                    }
161
                    break;
162
 
163
                case PHORUM_SESSION_LONG_TERM:
164
                    // creating a new longterm-session-id if none exists yet
165
                    if($refresh || empty($user['cookie_sessid_lt'])) {
166
                        $sessid=md5($user['username'].microtime().$user['password']);
167
                        $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid);
168
                        phorum_user_save_simple($simple_user);
169
                    } else {
170
                        $sessid=$user['cookie_sessid_lt'];
171
                    }
172
 
173
                    if($PHORUM["session_timeout"]==0){
174
                        $timeout = 0;
175
                    } else {
176
                        $timeout = time() + 86400 * $PHORUM["session_timeout"];
177
                    }
178
 
179
                    setcookie( $cookie, $user['user_id'].':'.$sessid, $timeout, $PHORUM["session_path"], $PHORUM["session_domain"] );
180
 
181
                    break;
182
 
183
                case PHORUM_SESSION_ADMIN:
184
                    // creating a new longterm-session-id if none exists yet
185
                    if(empty($user['cookie_sessid_lt'])) {
186
                        $sessid=md5($user['username'].microtime().$user['password']);
187
                        $simple_user=array('user_id'=>$user['user_id'],'cookie_sessid_lt'=>$sessid);
188
                        phorum_user_save_simple($simple_user);
189
                    } else {
190
                        $sessid=$user['cookie_sessid_lt'];
191
                    }
192
 
193
                    setcookie( $cookie, $user['user_id'].':'.md5($sessid.$PHORUM["admin_session_salt"]), 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
194
 
195
                    break;
196
 
197
            }
198
 
199
        } else {
200
            $sessid = $uri_session_id;
201
            $GLOBALS["PHORUM"]["DATA"]["GET_VARS"][$cookie] = "$cookie=" . urlencode( $sessid );
202
            $GLOBALS["PHORUM"]["DATA"]["POST_VARS"] .= "<input type=\"hidden\" name=\"$cookie\" value=\"$sessid\" />";
203
        }
204
    }
205
}
206
 
207
 
208
 
209
 
210
 
211
function phorum_user_clear_session( $cookie = PHORUM_SESSION_LONG_TERM )
212
{
213
    setcookie( $cookie, "", time()-86400, $GLOBALS["PHORUM"]["session_path"], $GLOBALS["PHORUM"]["session_domain"] );
214
}
215
 
216
/**
217
 * This function retrieves a user from the database, given the user id.
218
 * If $user_id is an array of user ids, it will retrieve all of the users
219
 * in the array. If $detailed is set to true, the function gets the users
220
 * full information. Setting this to false omits permission data, pm counts,
221
 * and group membership. $detailed is true by default and may be omitted.
222
 * @param user_id - can be a single user id, or an array of user ids.
223
 * @param detailed - get detailed user information (defaults to true).
224
 * @param checknewpm - check for new private messages for the user (defaults to false).
225
 * @return array - either an array representing a single user's information,
226
 *                 or an array of users
227
 */
228
function phorum_user_get( $user_id, $detailed = true, $checkpm = false )
229
{
230
    $PHORUM = $GLOBALS["PHORUM"];
231
 
232
    if ( !is_array( $user_id ) ) {
233
        $user_ids = array( $user_id );
234
    } else {
235
        $user_ids = $user_id;
236
    }
237
 
238
    if ( count( $user_ids ) ) {
239
        $cache_users=array();
240
        $tmp_users=array();
241
        $cachecnt=0;
242
 
243
        // get users from cache if enabled
244
        if(isset($PHORUM['cache_users']) && $PHORUM['cache_users']) {
245
            foreach($user_ids as $id => $cur_user_id) {
246
                $data=phorum_cache_get('user',$cur_user_id);
247
                if($data != null) { // null if no key found
248
                    $cache_users[$cur_user_id]=$data;
249
 
250
                    unset($user_ids[$id]);
251
                    $cachecnt++;
252
                }
253
            }
254
            unset($data);
255
            // we need to get the dynamic data too!
256
            // only selecting date_last_active, forum_last_active,
257
            // posts ... any more?
258
            if($cachecnt > 0) {
259
                $dynamic_data=phorum_db_user_get_fields(array_keys($cache_users),array('date_last_active','last_active_forum','posts'));
260
                foreach($dynamic_data as $d_uid => $d_data) {
261
                        $cache_users[$d_uid]=array_merge($cache_users[$d_uid],$d_data);
262
                }
263
 
264
            }
265
        }
266
 
267
        if(count($user_ids)) {
268
            $tmp_users = phorum_db_user_get( $user_ids, $detailed );
269
 
270
            foreach( $tmp_users as $uid => $user ) {
271
 
272
                if ( !$user["admin"] ) {
273
                    if ( isset( $user["group_permissions"] ) ) {
274
                        foreach( $user["group_permissions"] as $forum_id => $perm ) {
275
                            if(!isset($user["permissions"][$forum_id]))
276
                                $user["permissions"][$forum_id]=0;
277
 
278
                            $user["permissions"][$forum_id] = $user["permissions"][$forum_id] | $perm;
279
                        }
280
                    }
281
 
282
                    if ( isset( $user["forum_permissions"] ) ) {
283
                        foreach( $user["forum_permissions"] as $forum_id => $perm ) {
284
                            $user["permissions"][$forum_id] = $perm;
285
                        }
286
                    }
287
                }
288
 
289
                // check if the user has new private messages
290
                if ( ($checkpm || (isset($PHORUM['cache_users']) && $PHORUM['cache_users'])) && $PHORUM["enable_pm"] && $PHORUM["enable_new_pm_count"] ) {
291
                    $user["new_private_messages"] = phorum_db_pm_checknew( $uid );
292
                }
293
 
294
                // store users in cache if enabled
295
                if( $detailed && isset($PHORUM['cache_users']) && $PHORUM['cache_users']) {
296
                    phorum_cache_put('user',$uid,$user);
297
                }
298
                $tmp_users[$uid] = $user;
299
            }
300
        }
301
    }
302
 
303
    // merging cached and retrieved users
304
    $ret = $tmp_users + $cache_users;
305
 
306
    if ( !is_array( $user_id ) ) {
307
        if (isset($ret[$user_id]))
308
            $ret = $ret[$user_id];
309
        else
310
            $ret = NULL;
311
    }
312
 
313
    return $ret;
314
}
315
 
316
/**
317
 * This function gets a list of all the active users.
318
 * @return array of users (same format as phorum_user_get)
319
 */
320
function phorum_user_get_list()
321
{
322
   return phorum_hook("user_list", phorum_db_user_get_list());
323
}
324
 
325
function phorum_user_save( $user )
326
{
327
    if ( empty( $user["user_id"] ) ) return false;
328
 
329
    $old_user = phorum_user_get( $user['user_id'] );
330
    $db_user = phorum_user_prepare_data( $user, $old_user );
331
 
332
    $ret = phorum_db_user_save( $db_user );
333
 
334
    // remove that user from the cache
335
    if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) {
336
        phorum_cache_remove('user',$user['user_id']);
337
    }
338
 
339
    // Is this the currently logged in user?
340
    // If so, re-get his stuff from the system.
341
    if ( isset($GLOBALS["PHORUM"]["user"]) && $GLOBALS["PHORUM"]["user"]["user_id"] == $user["user_id"] ) {
342
        $GLOBALS["PHORUM"]["user"] = phorum_user_get( $user["user_id"] );
343
    }
344
 
345
 
346
    return $ret;
347
}
348
/**
349
 * This function quickly updates real columns without any further checks
350
 * it just stores the data as fast as possible
351
 *
352
 */
353
function phorum_user_save_simple($user)
354
{
355
    if ( empty( $user["user_id"] ) ) return false;
356
 
357
    // clear the cache only if we are not just updating the activity
358
    if(isset($GLOBALS['PHORUM']['cache_users']) && $GLOBALS['PHORUM']['cache_users']) {
359
        if(!(count($user) == 3 && isset($user['date_last_active'])))
360
            phorum_cache_remove('user',$user['user_id']);
361
    }
362
 
363
    $ret = phorum_db_user_save( $user );
364
 
365
    return $ret;
366
}
367
 
368
function phorum_user_check_login( $username, $password )
369
{
370
    $ret = false;
371
    $temp_check = false;
372
 
373
    $user_id = phorum_db_user_check_pass( $username, md5( $password ) );
374
    // regular password failed, try the temp password
375
    if ( $user_id == 0 ) {
376
        $user_id = phorum_db_user_check_pass( $username, md5( $password ), true );
377
        $temp_check = true;
378
    }
379
 
380
    if ( $user_id > 0 ) {
381
        // if this was a temp password, set the normal pass to the temp password
382
        // do this before we get the user so the data is up to date.
383
        // leave the temp password alone as setting to empty is bad.
384
        if ( $temp_check ) {
385
            $tmp_user["user_id"] = $user_id;
386
            $tmp_user["password"] = $password;
387
            phorum_user_save( $tmp_user );
388
        }
389
 
390
        $ret = phorum_user_set_current_user( $user_id );
391
    }
392
 
393
    return $ret;
394
}
395
 
396
function phorum_user_verify( $user_id, $tmp_pass )
397
{
398
    $user_id = phorum_db_user_check_field( array( "user_id", "password_temp" ), array( $user_id, md5( $tmp_pass ) ), array( "=", "=" ) );
399
    return $user_id;
400
}
401
 
402
function phorum_user_set_current_user( $user_id )
403
{
404
    $ret = false;
405
 
406
    $user = phorum_user_get( $user_id );
407
    if ( $user["active"] == PHORUM_USER_ACTIVE ) {
408
        $GLOBALS["PHORUM"]["user"] = $user;
409
        $ret = true;
410
    }
411
 
412
    return $ret;
413
}
414
 
415
function phorum_user_check_username( $username )
416
{
417
    return phorum_db_user_check_field( "username", $username );
418
}
419
 
420
function phorum_user_check_email( $email )
421
{
422
    return phorum_db_user_check_field( "email", $email );
423
}
424
 
425
/**
426
* (generic) function for checking a user-field in the database
427
*/
428
function phorum_user_check_field( $field_name, $field_value)
429
{
430
    return phorum_db_user_check_field( $field_name , $field_value );
431
}
432
 
433
/**
434
* function for adding a user to the database (using the db-layer)
435
*/
436
function phorum_user_add( $user, $pwd_unchanged = false )
437
{
438
    if ( empty( $user["password_temp"] ) ) $user["password_temp"] = $user["password"];
439
    $db_user = phorum_user_prepare_data( $user, array(), $pwd_unchanged );
440
    if(empty($db_user["date_added"])) $db_user["date_added"]=time();
441
    if(empty($db_user["date_last_active"])) $db_user["date_last_active"]=time();
442
    return phorum_db_user_add( $db_user );
443
}
444
 
445
function phorum_user_prepare_data( $new_user, $old_user, $pwd_unchanged = false )
446
{
447
    $PHORUM = $GLOBALS["PHORUM"];
448
    // how the user appears to the app and how it is stored in the db are different.
449
    // This function prepares the data for storage in the database.
450
    // While this may seem like a crossing of database vs. front end, it is better that
451
    // this is here as it is not directly related to database interaction.
452
    // we need to preserve some data, therefore we use the old user
453
    unset( $old_user['password'] );
454
    unset( $old_user['password_temp'] );
455
    if ( is_array( $old_user ) ) {
456
        $user = $old_user;
457
    } else {
458
        $user = array();
459
    }
460
    foreach( $new_user as $key => $val ) {
461
        $user[$key] = $val;
462
    }
463
 
464
    foreach( $user as $key => $val ) {
465
        switch ( $key ) {
466
            // these are all the actual fields in the user
467
            // table.  We don't need to do anything to them.
468
            case "user_id":
469
            case "username":
470
            case "email":
471
            case "email_temp":
472
            case "hide_email":
473
            case "active":
474
            case "user_data":
475
            case "signature":
476
            case "threaded_list":
477
            case "posts":
478
            case "admin":
479
            case "threaded_read":
480
            case "hide_activity":
481
            case "permissions":
482
            case "forum_permissions":
483
            case "date_added":
484
            case "date_last_active":
485
            case "group_permissions":
486
            case "groups":
487
            case "show_signature":
488
            case "email_notify":
489
            case "pm_email_notify":
490
            case "tz_offset":
491
            case "is_dst":
492
            case "user_language":
493
            case "user_template":
494
            case "moderation_email":
495
                break;
496
            // the phorum built in user module stores md5 passwords.
497
            case "password":
498
            case "password_temp":
499
                if ( !$pwd_unchanged ) {
500
                    $user[$key] = md5( $val );
501
                } elseif ( $pwd_unchanged == -1 ) {
502
                    $user[$key] = $val;
503
                }
504
                break;
505
            // everything that is not one of the above fields is stored in a
506
            // serialized text field for dynamic profile variables.
507
            // If the field is not in the PROFILE_FIELDS array, we don't add it.
508
            default:
509
                $type=-1;
510
                // find out which ID that custom-field has
511
                foreach($PHORUM['PROFILE_FIELDS'] as $ctype => $cdata) {
512
                    if($cdata['name'] == $key) {
513
                        $type=$ctype;
514
                        break;
515
                    }
516
                }
517
                if($type != -1) { // store it only if we found it
518
                    if( $val!=="") {
519
                         if(!is_array($val)) {
520
                            $user_data[$type] = substr($val,0,$PHORUM['PROFILE_FIELDS'][$type]['length']);
521
                         } else {
522
                            $user_data[$type] = $val;
523
                         }
524
                    } elseif(!isset($user_data)){
525
                         $user_data=array();
526
                    }
527
                }
528
                unset( $user[$key] );
529
        }
530
        // create the serialized var
531
        if ( isset( $user_data ) ) {
532
            $user["user_data"] = $user_data;
533
        }
534
    }
535
 
536
    return $user;
537
}
538
 
539
function phorum_user_subscribe( $user_id, $forum_id, $thread, $type )
540
{
541
    $list=phorum_user_access_list( PHORUM_USER_ALLOW_READ );
542
    if(!in_array($forum_id, $list)) return;
543
    return phorum_db_user_subscribe( $user_id, $forum_id, $thread, $type );
544
}
545
 
546
function phorum_user_unsubscribe( $user_id, $thread, $forum_id=0 )
547
{
548
    if($forum_id){
549
        return phorum_db_user_unsubscribe( $user_id, $thread, $forum_id );
550
    } else {
551
        return phorum_db_user_unsubscribe( $user_id, $thread );
552
    }
553
}
554
 
555
/**
556
 * This function returns true if the current user is allowed to moderate $forum_id or the user given through user_data
557
 */
558
 
559
function phorum_user_moderate_allowed( $forum_id = 0, $user_data = 0 )
560
{
561
    $PHORUM = $GLOBALS["PHORUM"];
562
 
563
    if ( $user_data == 0 ) {
564
        $user_data = $PHORUM["user"];
565
    }
566
    // if this is an admin, stop now
567
    if ( $user_data["admin"] ) return true;
568
 
569
    // they have no special permissions, return
570
    if(!isset($user_data["permissions"])){
571
        return false;
572
    }
573
 
574
    // this sets up a check for moderation at any level
575
    if ( $forum_id==PHORUM_MODERATE_ALLOWED_ANYWHERE ){
576
        $perms = $user_data["permissions"];
577
    } else {
578
        // else we check only one forum
579
        // if no forum_id passed, check current forum
580
        if ( $forum_id==0 ){
581
            $forum_id = $PHORUM["forum_id"];
582
        }
583
        if(isset($user_data["permissions"][$forum_id])){
584
            $perms[$forum_id] = $user_data["permissions"][$forum_id];
585
        } else {
586
            return false;
587
        }
588
    }
589
 
590
    // check the users permission array
591
    foreach($perms as $forum_id => $perm) {
592
        if ( $perm & PHORUM_USER_ALLOW_MODERATE_MESSAGES ) {
593
            return true;
594
        }
595
    }
596
 
597
    return false;
598
}
599
 
600
/**
601
 * calls the db-function for listing all the moderators for a forum
602
 * This returns an array of moderators, key as their userid, value as their email address.
603
 */
604
function phorum_user_get_moderators( $forum_id , $ignore_user_perms = false, $for_email = false)
605
{
606
    $gotmods=false;
607
    if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) {
608
        $mods=phorum_cache_get('user','moderators-'.$forum_id.'-'.$ignore_user_perms);
609
        if($mods != null) {
610
            $gotmods=true;
611
        }
612
    }
613
    if(!$gotmods) {
614
        $mods=phorum_db_user_get_moderators( $forum_id , $ignore_user_perms, $for_email);
615
    }
616
    return $mods;
617
}
618
 
619
/**
620
 * phorum_user_access_allowed()
621
 *
622
 * @param  $permission Use the PHORUM_ALLOW_* constants
623
 * @return bool
624
 */
625
function phorum_user_access_allowed( $permission, $forum_id = 0 )
626
{
627
    $PHORUM = $GLOBALS["PHORUM"];
628
 
629
    if ( empty( $forum_id ) ) $forum_id = $PHORUM["forum_id"];
630
 
631
    $ret = false;
632
    // user is an admin, he gets it all
633
    if ( !empty( $PHORUM["user"]["admin"] ) ) {
634
        $ret = true;
635
    } else {
636
        // user is logged in.
637
        if ( $PHORUM["user"]["user_id"] > 0 ) {
638
            // if the user has perms for this forum, use them.
639
            if ( isset( $PHORUM["user"]["permissions"][$forum_id] ) ) {
640
                $perms = $PHORUM["user"]["permissions"][$forum_id];
641
            // else we use the forum's default perms
642
            // for registered users
643
            } elseif ( $forum_id ) {
644
                if ( $forum_id != $PHORUM["forum_id"] ) {
645
                    $forums = phorum_db_get_forums( $forum_id );
646
                    $forum = array_shift( $forums );
647
                } else {
648
                    $forum = $PHORUM;
649
                }
650
                $perms = $forum["reg_perms"];
651
            }
652
        // user is not logged in
653
        // use the forum default perms for public users
654
        } elseif ( $forum_id ) {
655
            if ( $forum_id != $PHORUM["forum_id"] ) {
656
                $forums = phorum_db_get_forums( $forum_id );
657
                $forum = array_shift( $forums );
658
            } else {
659
                $forum = $PHORUM;
660
            }
661
            if(isset($forum['pub_perms']))
662
                $perms = $forum["pub_perms"];
663
        }
664
 
665
        if ( !empty( $perms ) && ( $ret || ( $perms &$permission ) ) ) {
666
            $ret = true;
667
        } else {
668
            $ret = false;
669
        }
670
    }
671
 
672
    return $ret;
673
}
674
 
675
/**
676
 * phorum_user_access_list()
677
 *
678
 * This function will return a list of forum ids in which
679
 * the current user has $permission
680
 *
681
 * @param  $permission Use the PHORUM_ALLOW_* constants
682
 * @return bool
683
 */
684
 
685
function phorum_user_access_list( $permission )
686
{
687
    $PHORUM = $GLOBALS["PHORUM"];
688
 
689
    $forums = phorum_db_get_forums(0,-1,$PHORUM['vroot']);
690
    $forum_list = array();
691
 
692
    $field = ( $PHORUM["user"]["user_id"] > 0 ) ? "reg_perms" : "pub_perms";
693
 
694
    foreach( $forums as $forum_id => $forum ) {
695
        if ( $PHORUM["user"]["admin"] || $forum[$field] &$permission ) {
696
            $forum_list[$forum_id] = $forum_id;
697
        }
698
        // if its a folder, they have read but nothing else
699
        elseif ($forum["folder_flag"] && $permission == PHORUM_USER_ALLOW_READ){
700
            $forum_list[$forum_id] = $forum_id;
701
        }
702
    }
703
 
704
    if ( !$PHORUM["user"]["admin"] && !empty( $PHORUM["user"]["permissions"] ) ) {
705
        foreach( $PHORUM["user"]["permissions"] as $forum_id => $perms ) {
706
            if ( isset( $forum_list[$forum_id] ) ) unset( $forum_list[$forum_id] );
707
            if ( $perms & $permission ) {
708
                $forum_list[$forum_id] = $forum_id;
709
            }
710
        }
711
    }
712
 
713
    // Admins also have rights for forum_id 0 (announcements)
714
    if ($PHORUM["user"]["admin"]) {
715
        $forum_list[0] = 0;
716
    }
717
 
718
    return $forum_list;
719
}
720
 
721
/**
722
 * phorum_user_allow_moderate_group()
723
 *
724
 * Return true if the current user is allowed to moderate
725
 * a given group, or any group if no group is given.
726
 *
727
 * @param int - a group id to check (default, all)
728
 * @return bool
729
 */
730
function phorum_user_allow_moderate_group($group_id = 0)
731
{
732
    $groups = phorum_user_get_moderator_groups();
733
    if ($group_id == 0 && count($groups) > 0){
734
        return true;
735
    }
736
    elseif (isset($groups[$group_id])){
737
        return true;
738
    }
739
    else{
740
        return false;
741
    }
742
}
743
 
744
/**
745
 * phorum_user_get_moderator_groups()
746
 *
747
 * This function will return a list of the groups the current user
748
 * is allowed to moderate. For admins, this will return all the groups.
749
 *
750
 * The array is of the form array[group_id] = groupname.
751
 * @return array
752
 */
753
function phorum_user_get_moderator_groups()
754
{
755
    $PHORUM=$GLOBALS["PHORUM"];
756
    $groups = array();
757
    $fullgrouplist = phorum_db_get_groups();
758
 
759
    // if its an admin, return all groups as a moderator
760
    if ($PHORUM["user"]["admin"]){
761
        // the permission here is for a forum, we don't care about that
762
        foreach ($fullgrouplist as $groupid => $groupperm){
763
            $groups[$groupid] = $fullgrouplist[$groupid]["name"];
764
        }
765
    }
766
    else {
767
        $grouplist = phorum_user_get_groups($PHORUM["user"]["user_id"]);
768
        foreach ($grouplist as $groupid => $perm){
769
            if ($perm == PHORUM_USER_GROUP_MODERATOR){
770
                $groups[$groupid] = $fullgrouplist[$groupid]["name"];
771
            }
772
        }
773
    }
774
    return $groups;
775
}
776
 
777
/**
778
 * phorum_user_get_groups()
779
 *
780
 * This function will return a list of groups the user
781
 * is a member of, as well as the users permissions.
782
 *
783
 * The returned list has the group id as the key, and
784
 * the permission as the value. Permissions are the
785
 * PHORUM_USER_GROUP constants.
786
 * @param int - the users user_id
787
 * @return array
788
 */
789
function phorum_user_get_groups($user_id)
790
{
791
    return phorum_db_user_get_groups($user_id);
792
}
793
 
794
/**
795
 * phorum_user_save_groups()
796
 *
797
 * This function saves a users group permissions. The data
798
 * to save should be an array of the form array[group_id] = permission
799
 * @param int - the users user_id
800
 * @param array - group permissions to save
801
 * @return bool - true if successful
802
 */
803
function phorum_user_save_groups($user_id, $groups)
804
{
805
    if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) {
806
        phorum_cache_remove('user',$user_id);
807
    }
808
    return phorum_db_user_save_groups($user_id, $groups);
809
}
810
 
811
function phorum_user_addpost()
812
{
813
    return phorum_db_user_addpost();
814
}
815
 
816
function phorum_user_delete($user_id)
817
{
818
    if(isset($GLOBALS["PHORUM"]['cache_users']) && $GLOBALS["PHORUM"]['cache_users']) {
819
        phorum_cache_remove('user',$user_id);
820
    }
821
    return phorum_db_user_delete($user_id);
822
}
823
 
824
/**
825
 * phorum_user_check_custom_field()
826
 *
827
 * This function takes a custom-fields name and content
828
 * as arguments and returns an array of the user_ids found
829
 * or NULL if no users are found
830
 *
831
 * optional match-parameter
832
 * 0 - exact match
833
 * 1 - like-clause
834
 */
835
function phorum_user_check_custom_field($field_name,$field_content,$match=0) {
836
 
837
    $type=-1;
838
    foreach($GLOBALS['PHORUM']['PROFILE_FIELDS'] as $ctype => $cdata) {
839
        if($cdata['name'] == $field_name) {
840
            $type=$ctype;
841
            break;
842
        }
843
    }
844
    if($type > -1) {
845
        $retval=phorum_db_get_custom_field_users($type,$field_content,$match);
846
    } else {
847
        $retval=NULL;
848
    }
849
 
850
    return $retval;
851
}
852
 
853
 
854
?>